Extend PSS padding code to support different digests for MGF1 and message.
This commit is contained in:
Dr. Stephen Henson
parent
85522a074c
commit
e8254d406f
2 changed files with 31 additions and 2 deletions
|
|
@ -2,3 +2,11 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
|
|||
unsigned char *rm, size_t *prm_len,
|
||||
const unsigned char *sigbuf, size_t siglen,
|
||||
RSA *rsa);
|
||||
|
||||
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
||||
const unsigned char *EM, int sLen);
|
||||
|
||||
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||
const unsigned char *mHash,
|
||||
const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
|
||||
|
|
|
|||
|
|
@ -63,6 +63,7 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/rand.h>
|
||||
#include <openssl/sha.h>
|
||||
#include "rsa_locl.h"
|
||||
|
||||
static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
|
||||
|
||||
|
|
@ -73,6 +74,13 @@ static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
|
|||
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
|
||||
const EVP_MD *Hash, const unsigned char *EM, int sLen)
|
||||
{
|
||||
return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
|
||||
}
|
||||
|
||||
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
||||
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
||||
const unsigned char *EM, int sLen)
|
||||
{
|
||||
int i;
|
||||
int ret = 0;
|
||||
int hLen, maskedDBLen, MSBits, emLen;
|
||||
|
|
@ -82,6 +90,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
|
|||
unsigned char H_[EVP_MAX_MD_SIZE];
|
||||
EVP_MD_CTX_init(&ctx);
|
||||
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
hLen = EVP_MD_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
|
|
@ -129,7 +140,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
|
|||
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
|
||||
goto err;
|
||||
}
|
||||
if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
|
||||
if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
|
||||
goto err;
|
||||
for (i = 0; i < maskedDBLen; i++)
|
||||
DB[i] ^= EM[i];
|
||||
|
|
@ -178,12 +189,22 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|
|||
const unsigned char *mHash,
|
||||
const EVP_MD *Hash, int sLen)
|
||||
{
|
||||
return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
|
||||
}
|
||||
|
||||
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
||||
const unsigned char *mHash,
|
||||
const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen)
|
||||
{
|
||||
int i;
|
||||
int ret = 0;
|
||||
int hLen, maskedDBLen, MSBits, emLen;
|
||||
unsigned char *H, *salt = NULL, *p;
|
||||
EVP_MD_CTX ctx;
|
||||
|
||||
if (mgf1Hash == NULL)
|
||||
mgf1Hash = Hash;
|
||||
|
||||
hLen = EVP_MD_size(Hash);
|
||||
if (hLen < 0)
|
||||
goto err;
|
||||
|
|
@ -244,7 +265,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|
|||
EVP_MD_CTX_cleanup(&ctx);
|
||||
|
||||
/* Generate dbMask in place then perform XOR on it */
|
||||
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
|
||||
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
|
||||
goto err;
|
||||
|
||||
p = EM;
|
||||
|
|
|
|||
Loading…
Reference in a new issue