generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Extend PSS padding code to support different digests for MGF1 and message.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2010-03-11 13:40:42 +00:00
parent 85522a074c
commit e8254d406f
2 changed files with 31 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rsa/rsa_locl.h
View File

@ -2,3 +2,11 @@ extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
unsigned char *rm, size_t *prm_len, unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen, const unsigned char *sigbuf, size_t siglen,
RSA *rsa); RSA *rsa);
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
const unsigned char *EM, int sLen);
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);

25
crypto/rsa/rsa_pss.c
View File

@ -63,6 +63,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include "rsa_locl.h"
static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0}; static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
@ -73,6 +74,13 @@ static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash, int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const unsigned char *EM, int sLen) const EVP_MD *Hash, const unsigned char *EM, int sLen)
{ {
return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
}
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
const unsigned char *EM, int sLen)
{
int i; int i;
int ret = 0; int ret = 0;
int hLen, maskedDBLen, MSBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
@ -82,6 +90,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
unsigned char H_[EVP_MAX_MD_SIZE]; unsigned char H_[EVP_MAX_MD_SIZE];
EVP_MD_CTX_init(&ctx); EVP_MD_CTX_init(&ctx);
if (mgf1Hash == NULL)
mgf1Hash = Hash;
hLen = EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
@ -129,7 +140,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
goto err; goto err;
} }
if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0) if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
goto err; goto err;
for (i = 0; i < maskedDBLen; i++) for (i = 0; i < maskedDBLen; i++)
DB[i] ^= EM[i]; DB[i] ^= EM[i];
@ -178,12 +189,22 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
const unsigned char *mHash, const unsigned char *mHash,
const EVP_MD *Hash, int sLen) const EVP_MD *Hash, int sLen)
{ {
return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
}
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
const unsigned char *mHash,
const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen)
{
int i; int i;
int ret = 0; int ret = 0;
int hLen, maskedDBLen, MSBits, emLen; int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p; unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx; EVP_MD_CTX ctx;
if (mgf1Hash == NULL)
mgf1Hash = Hash;
hLen = EVP_MD_size(Hash); hLen = EVP_MD_size(Hash);
if (hLen < 0) if (hLen < 0)
goto err; goto err;
@ -244,7 +265,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
EVP_MD_CTX_cleanup(&ctx); EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */ /* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash)) if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
goto err; goto err;
p = EM; p = EM;