Rim/s1-mod
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Add dependencies locally

Browse Source
This commit is contained in:
Ahrimdon
2024-02-27 03:09:30 -05:00
parent 1679ef60cc
commit 70e8a8502b
5698 changed files with 2770161 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

95
deps/libtomcrypt/src/pk/rsa/rsa_decrypt_key.c vendored Normal file
View File

@ -0,0 +1,95 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_decrypt_key.c
RSA PKCS #1 Decryption, Tom St Denis and Andreas Lange
*/
#ifdef LTC_MRSA
/**
PKCS #1 decrypt then v1.5 or OAEP depad
@param in The ciphertext
@param inlen The length of the ciphertext (octets)
@param out [out] The plaintext
@param outlen [in/out] The max size and resulting size of the plaintext (octets)
@param lparam The system "lparam" value
@param lparamlen The length of the lparam value (octets)
@param mgf_hash The hash algorithm used for the MGF
@param lparam_hash The hash algorithm used when hashing the lparam (can be -1)
@param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param stat [out] Result of the decryption, 1==valid, 0==invalid
@param key The corresponding private RSA key
@return CRYPT_OK if succcessul (even if invalid)
*/
int rsa_decrypt_key_ex(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
int mgf_hash, int lparam_hash,
int padding,
int *stat, const rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL);
/* default to invalid */
*stat = 0;
/* valid padding? */
if ((padding != LTC_PKCS_1_V1_5) &&
(padding != LTC_PKCS_1_OAEP)) {
return CRYPT_PK_INVALID_PADDING;
}
if (padding == LTC_PKCS_1_OAEP) {
/* valid hash ? */
if ((err = hash_is_valid(mgf_hash)) != CRYPT_OK) {
return err;
}
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = ltc_mp.rsa_me(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
if (padding == LTC_PKCS_1_OAEP) {
/* now OAEP decode the packet */
err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, mgf_hash,
lparam_hash, out, outlen, stat);
} else {
/* now PKCS #1 v1.5 depad the packet */
err = pkcs_1_v1_5_decode(tmp, x, LTC_PKCS_1_EME, modulus_bitlen, out, outlen, stat);
}
XFREE(tmp);
return err;
}
#endif /* LTC_MRSA */

93
deps/libtomcrypt/src/pk/rsa/rsa_encrypt_key.c vendored Normal file
View File

@ -0,0 +1,93 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_encrypt_key.c
RSA PKCS #1 encryption, Tom St Denis and Andreas Lange
*/
#ifdef LTC_MRSA
/**
(PKCS #1 v2.0) OAEP pad then encrypt
@param in The plaintext
@param inlen The length of the plaintext (octets)
@param out [out] The ciphertext
@param outlen [in/out] The max size and resulting size of the ciphertext
@param lparam The system "lparam" for the encryption
@param lparamlen The length of lparam (octets)
@param prng An active PRNG
@param prng_idx The index of the desired prng
@param hash_idx The index of the desired hash
@param padding Type of padding (LTC_PKCS_1_OAEP or LTC_PKCS_1_V1_5)
@param key The RSA key to encrypt to
@return CRYPT_OK if successful
*/
int rsa_encrypt_key_ex(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx,
int mgf_hash, int lparam_hash,
int padding,
const rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
LTC_ARGCHK((inlen == 0) || (in != NULL));
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* valid padding? */
if ((padding != LTC_PKCS_1_V1_5) &&
(padding != LTC_PKCS_1_OAEP)) {
return CRYPT_PK_INVALID_PADDING;
}
/* valid prng? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if (padding == LTC_PKCS_1_OAEP) {
/* valid hash? */
if ((err = hash_is_valid(mgf_hash)) != CRYPT_OK) {
return err;
}
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen > *outlen) {
*outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
if (padding == LTC_PKCS_1_OAEP) {
/* OAEP pad the key */
x = *outlen;
if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
lparamlen, modulus_bitlen, prng, prng_idx, mgf_hash,
lparam_hash, out, &x)) != CRYPT_OK) {
return err;
}
} else {
/* PKCS #1 v1.5 pad the key */
x = *outlen;
if ((err = pkcs_1_v1_5_encode(in, inlen, LTC_PKCS_1_EME,
modulus_bitlen, prng, prng_idx,
out, &x)) != CRYPT_OK) {
return err;
}
}
/* rsa exptmod the OAEP or PKCS #1 v1.5 pad */
return ltc_mp.rsa_me(out, x, out, outlen, PK_PUBLIC, key);
}
#endif /* LTC_MRSA */

91
deps/libtomcrypt/src/pk/rsa/rsa_export.c vendored Normal file
View File

@ -0,0 +1,91 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_export.c
Export RSA PKCS keys, Tom St Denis
*/
#ifdef LTC_MRSA
/**
This will export either an RSAPublicKey or RSAPrivateKey [defined in PKCS #1 v2.1]
@param out [out] Destination of the packet
@param outlen [in/out] The max size and resulting size of the packet
@param type The type of exported key (PK_PRIVATE or PK_PUBLIC)
@param key The RSA key to export
@return CRYPT_OK if successful
*/
int rsa_export(unsigned char *out, unsigned long *outlen, int type, const rsa_key *key)
{
unsigned long zero=0;
int err, std;
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
std = type & PK_STD;
type &= ~PK_STD;
if (type == PK_PRIVATE && key->type != PK_PRIVATE) {
return CRYPT_PK_TYPE_MISMATCH;
}
if (type == PK_PRIVATE) {
/* private key */
/* output is
Version, n, e, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p
*/
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_INTEGER, 1UL, key->d,
LTC_ASN1_INTEGER, 1UL, key->p,
LTC_ASN1_INTEGER, 1UL, key->q,
LTC_ASN1_INTEGER, 1UL, key->dP,
LTC_ASN1_INTEGER, 1UL, key->dQ,
LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_EOL, 0UL, NULL);
}
if (type == PK_PUBLIC) {
/* public key */
unsigned long tmplen, *ptmplen;
unsigned char* tmp = NULL;
if (std) {
tmplen = (unsigned long)(mp_count_bits(key->N) / 8) * 2 + 8;
tmp = XMALLOC(tmplen);
ptmplen = &tmplen;
if (tmp == NULL) {
return CRYPT_MEM;
}
}
else {
tmp = out;
ptmplen = outlen;
}
err = der_encode_sequence_multi(tmp, ptmplen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL);
if ((err != CRYPT_OK) || !std) {
goto finish;
}
err = x509_encode_subject_public_key_info(out, outlen,
LTC_OID_RSA, tmp, tmplen, LTC_ASN1_NULL, NULL, 0);
finish:
if (tmp != out) XFREE(tmp);
return err;
}
return CRYPT_INVALID_ARG;
}
#endif /* LTC_MRSA */

172
deps/libtomcrypt/src/pk/rsa/rsa_exptmod.c vendored Normal file
View File

@ -0,0 +1,172 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_exptmod.c
RSA PKCS exptmod, Tom St Denis
Added RSA blinding --nmav
*/
#ifdef LTC_MRSA
/**
Compute an RSA modular exponentiation
@param in The input data to send into RSA
@param inlen The length of the input (octets)
@param out [out] The destination
@param outlen [in/out] The max size and resulting size of the output
@param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
@param key The RSA key to use
@return CRYPT_OK if successful
*/
int rsa_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
const rsa_key *key)
{
void *tmp, *tmpa, *tmpb;
#ifdef LTC_RSA_BLINDING
void *rnd, *rndi /* inverse of rnd */;
#endif
unsigned long x;
int err, has_crt_parameters;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
}
/* must be a private or public operation */
if (which != PK_PRIVATE && which != PK_PUBLIC) {
return CRYPT_PK_INVALID_TYPE;
}
/* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb,
#ifdef LTC_RSA_BLINDING
&rnd, &rndi,
#endif /* LTC_RSA_BLINDING */
NULL)) != CRYPT_OK)
{ return err; }
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK)
{ goto error; }
/* sanity check on the input */
if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
goto error;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
#ifdef LTC_RSA_BLINDING
/* do blinding */
err = mp_rand(rnd, mp_get_digit_count(key->N));
if (err != CRYPT_OK) {
goto error;
}
/* rndi = 1/rnd mod N */
err = mp_invmod(rnd, key->N, rndi);
if (err != CRYPT_OK) {
goto error;
}
/* rnd = rnd^e */
err = mp_exptmod( rnd, key->e, key->N, rnd);
if (err != CRYPT_OK) {
goto error;
}
/* tmp = tmp*rnd mod N */
err = mp_mulmod( tmp, rnd, key->N, tmp);
if (err != CRYPT_OK) {
goto error;
}
#endif /* LTC_RSA_BLINDING */
has_crt_parameters = (key->p != NULL) && (mp_get_digit_count(key->p) != 0) &&
(key->q != NULL) && (mp_get_digit_count(key->q) != 0) &&
(key->dP != NULL) && (mp_get_digit_count(key->dP) != 0) &&
(key->dQ != NULL) && (mp_get_digit_count(key->dQ) != 0) &&
(key->qP != NULL) && (mp_get_digit_count(key->qP) != 0);
if (!has_crt_parameters) {
/*
* In case CRT optimization parameters are not provided,
* the private key is directly used to exptmod it
*/
if ((err = mp_exptmod(tmp, key->d, key->N, tmp)) != CRYPT_OK) { goto error; }
} else {
/* tmpa = tmp^dP mod p */
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
/* tmpb = tmp^dQ mod q */
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
/* tmp = tmpb + q * tmp */
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
}
#ifdef LTC_RSA_BLINDING
/* unblind */
err = mp_mulmod( tmp, rndi, key->N, tmp);
if (err != CRYPT_OK) {
goto error;
}
#endif
#ifdef LTC_RSA_CRT_HARDENING
if (has_crt_parameters) {
if ((err = mp_exptmod(tmp, key->e, key->N, tmpa)) != CRYPT_OK) { goto error; }
if ((err = mp_read_unsigned_bin(tmpb, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
if (mp_cmp(tmpa, tmpb) != LTC_MP_EQ) { err = CRYPT_ERROR; goto error; }
}
#endif
} else {
/* exptmod it */
if ((err = mp_exptmod(tmp, key->e, key->N, tmp)) != CRYPT_OK) { goto error; }
}
/* read it back */
x = (unsigned long)mp_unsigned_bin_size(key->N);
if (x > *outlen) {
*outlen = x;
err = CRYPT_BUFFER_OVERFLOW;
goto error;
}
/* this should never happen ... */
if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
err = CRYPT_ERROR;
goto error;
}
*outlen = x;
/* convert it */
zeromem(out, x);
if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
/* clean up and return */
err = CRYPT_OK;
error:
mp_clear_multi(
#ifdef LTC_RSA_BLINDING
rndi, rnd,
#endif /* LTC_RSA_BLINDING */
tmpb, tmpa, tmp, NULL);
return err;
}
#endif

30
deps/libtomcrypt/src/pk/rsa/rsa_get_size.c vendored Normal file
View File

@ -0,0 +1,30 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_get_size.c
Retrieve the size of an RSA key, Steffen Jaeckel.
*/
#ifdef LTC_MRSA
/**
Retrieve the size in bytes of an RSA key.
@param key The RSA key
@return The size in bytes of the RSA key or INT_MAX on error.
*/
int rsa_get_size(const rsa_key *key)
{
int ret = INT_MAX;
LTC_ARGCHK(key != NULL);
if (key)
{
ret = mp_unsigned_bin_size(key->N);
} /* if */
return ret;
}
#endif

143
deps/libtomcrypt/src/pk/rsa/rsa_import.c vendored Normal file
View File

@ -0,0 +1,143 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_import.c
Import a PKCS RSA key, Tom St Denis
*/
#ifdef LTC_MRSA
/**
Import an RSAPublicKey or RSAPrivateKey as defined in PKCS #1 v2.1 [two-prime only]
The `key` passed into this function has to be already initialized and will
NOT be free'd on error!
@param in The packet to import from
@param inlen It's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful
*/
int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
unsigned long version = -1;
err = der_decode_sequence_multi(in, inlen, LTC_ASN1_SHORT_INTEGER, 1UL, &version,
LTC_ASN1_EOL, 0UL, NULL);
if (err == CRYPT_OVERFLOW) {
/* the version would fit into an LTC_ASN1_SHORT_INTEGER
* so we try to decode as a public key
*/
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) == CRYPT_OK) {
key->type = PK_PUBLIC;
}
goto LBL_OUT;
} else if (err != CRYPT_INPUT_TOO_LONG) {
/* couldn't decode the version, so error out */
goto LBL_OUT;
}
if (version == 0) {
/* it's a private key */
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_SHORT_INTEGER, 1UL, &version,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_INTEGER, 1UL, key->d,
LTC_ASN1_INTEGER, 1UL, key->p,
LTC_ASN1_INTEGER, 1UL, key->q,
LTC_ASN1_INTEGER, 1UL, key->dP,
LTC_ASN1_INTEGER, 1UL, key->dQ,
LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_OUT;
}
key->type = PK_PRIVATE;
} else if (version == 1) {
/* we don't support multi-prime RSA */
err = CRYPT_PK_INVALID_TYPE;
goto LBL_OUT;
}
err = CRYPT_OK;
LBL_OUT:
return err;
}
/**
Import multiple formats of RSA public and private keys.
RSAPublicKey or RSAPrivateKey as defined in PKCS #1 v2.1 [two-prime only]
SubjectPublicKeyInfo formatted public keys
@param in The packet to import from
@param inlen It's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful, upon error allocated memory is freed
*/
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
unsigned char *tmpbuf=NULL;
unsigned long tmpbuf_len, len;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
if ((err = rsa_init(key)) != CRYPT_OK) {
return err;
}
/* see if the OpenSSL DER format RSA public key will work */
tmpbuf_len = inlen;
tmpbuf = XCALLOC(1, tmpbuf_len);
if (tmpbuf == NULL) {
err = CRYPT_MEM;
goto LBL_ERR;
}
len = 0;
err = x509_decode_subject_public_key_info(in, inlen,
LTC_OID_RSA, tmpbuf, &tmpbuf_len,
LTC_ASN1_NULL, NULL, &len);
if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */
/* now it should be SEQUENCE { INTEGER, INTEGER } */
if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
key->type = PK_PUBLIC;
err = CRYPT_OK;
goto LBL_FREE;
}
/* not SSL public key, try to match against PKCS #1 standards */
if ((err = rsa_import_pkcs1(in, inlen, key)) == CRYPT_OK) {
goto LBL_FREE;
}
LBL_ERR:
rsa_free(key);
LBL_FREE:
if (tmpbuf != NULL) {
XFREE(tmpbuf);
}
return err;
}
#endif /* LTC_MRSA */

116
deps/libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c vendored Normal file
View File

@ -0,0 +1,116 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_import_pkcs8.c
Import a PKCS RSA key
*/
#ifdef LTC_MRSA
/* Public-Key Cryptography Standards (PKCS) #8:
* Private-Key Information Syntax Specification Version 1.2
* https://tools.ietf.org/html/rfc5208
*
* PrivateKeyInfo ::= SEQUENCE {
* version Version,
* privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
* privateKey PrivateKey,
* attributes [0] IMPLICIT Attributes OPTIONAL }
* where:
* - Version ::= INTEGER
* - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
* - PrivateKey ::= OCTET STRING
* - Attributes ::= SET OF Attribute
*
* EncryptedPrivateKeyInfo ::= SEQUENCE {
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
* encryptedData EncryptedData }
* where:
* - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
* - EncryptedData ::= OCTET STRING
*/
/**
Import an RSAPrivateKey in PKCS#8 format
@param in The packet to import from
@param inlen It's length (octets)
@param passwd The password for decrypting privkey
@param passwdlen Password's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful, upon error allocated memory is freed
*/
int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
const void *passwd, unsigned long passwdlen,
rsa_key *key)
{
int err;
unsigned char *buf1 = NULL, *buf2 = NULL;
unsigned long buf1len, buf2len;
unsigned long oid[16], version;
const char *rsaoid;
ltc_asn1_list alg_seq[2], top_seq[3];
ltc_asn1_list *l = NULL;
unsigned char *decrypted = NULL;
unsigned long decryptedlen;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* get RSA alg oid */
err = pk_get_oid(LTC_OID_RSA, &rsaoid);
if (err != CRYPT_OK) { goto LBL_NOFREE; }
/* alloc buffers */
buf1len = inlen; /* approx. */
buf1 = XMALLOC(buf1len);
if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; }
buf2len = inlen; /* approx. */
buf2 = XMALLOC(buf2len);
if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; }
/* init key */
if ((err = rsa_init(key)) != CRYPT_OK) { goto LBL_FREE2; }
/* try to decode encrypted priv key */
if ((err = pkcs8_decode_flexi(in, inlen, passwd, passwdlen, &l)) != CRYPT_OK) {
goto LBL_ERR;
}
decrypted = l->data;
decryptedlen = l->size;
/* try to decode unencrypted priv key */
LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
LTC_SET_ASN1(top_seq, 0, LTC_ASN1_SHORT_INTEGER, &version, 1UL);
LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL);
LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len);
err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL);
if (err != CRYPT_OK) { goto LBL_ERR; }
/* check alg oid */
if ((err = pk_oid_cmp_with_asn1(rsaoid, &alg_seq[0])) != CRYPT_OK) {
goto LBL_ERR;
}
if ((err = rsa_import_pkcs1(buf1, top_seq[2].size, key)) != CRYPT_OK) {
goto LBL_ERR;
}
key->type = PK_PRIVATE;
err = CRYPT_OK;
goto LBL_FREE2;
LBL_ERR:
rsa_free(key);
LBL_FREE2:
if (l) der_free_sequence_flexi(l);
XFREE(buf2);
LBL_FREE1:
XFREE(buf1);
LBL_NOFREE:
return err;
}
#endif /* LTC_MRSA */

54
deps/libtomcrypt/src/pk/rsa/rsa_import_x509.c vendored Normal file
View File

@ -0,0 +1,54 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_import.c
Import an RSA key from a X.509 certificate, Steffen Jaeckel
*/
#ifdef LTC_MRSA
static int s_rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
/* now it should be SEQUENCE { INTEGER, INTEGER } */
return der_decode_sequence_multi(in, inlen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL);
}
/**
Import an RSA key from a X.509 certificate
@param in The packet to import from
@param inlen It's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful, upon error allocated memory is freed
*/
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
if ((err = rsa_init(key)) != CRYPT_OK) {
return err;
}
if ((err = x509_decode_public_key_from_certificate(in, inlen,
LTC_OID_RSA, LTC_ASN1_NULL,
NULL, NULL,
(public_key_decode_cb)s_rsa_decode, key)) != CRYPT_OK) {
rsa_free(key);
} else {
key->type = PK_PUBLIC;
}
return err;
}
#endif /* LTC_MRSA */

103
deps/libtomcrypt/src/pk/rsa/rsa_key.c vendored Normal file
View File

@ -0,0 +1,103 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_key.c
Free an RSA key, Tom St Denis
Basic operations on an RSA key, Steffen Jaeckel
*/
#ifdef LTC_MRSA
#include <stdarg.h>
static void s_mpi_shrink_multi(void **a, ...)
{
void **cur;
unsigned n;
int err;
va_list args;
void *tmp[10] = { 0 };
void **arg[10] = { 0 };
/* We re-allocate in the order that we received the varargs */
n = 0;
err = CRYPT_ERROR;
cur = a;
va_start(args, a);
while (cur != NULL) {
if (n >= sizeof(tmp)/sizeof(tmp[0])) {
goto out;
}
if (*cur != NULL) {
arg[n] = cur;
if ((err = mp_init_copy(&tmp[n], *arg[n])) != CRYPT_OK) {
goto out;
}
n++;
}
cur = va_arg(args, void**);
}
va_end(args);
/* but we clear the old values in the reverse order */
while (n != 0 && arg[--n] != NULL) {
mp_clear(*arg[n]);
*arg[n] = tmp[n];
}
out:
va_end(args);
/* clean-up after an error
* or after this was called with too many args
*/
if ((err != CRYPT_OK) ||
(n >= sizeof(tmp)/sizeof(tmp[0]))) {
for (n = 0; n < sizeof(tmp)/sizeof(tmp[0]); ++n) {
if (tmp[n] != NULL) {
mp_clear(tmp[n]);
}
}
}
}
/**
This shrinks the allocated memory of a RSA key
It will use up some more memory temporarily,
but then it will free-up the entire sequence that
was once allocated when the key was created/populated.
This only works with libtommath >= 1.2.0 in earlier versions
it has the inverse effect due to the way it worked internally.
Also works for GNU MP, tomsfastmath naturally shows no effect.
@param key The RSA key to shrink
*/
void rsa_shrink_key(rsa_key *key)
{
LTC_ARGCHKVD(key != NULL);
s_mpi_shrink_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL);
}
/**
Init an RSA key
@param key The RSA key to free
@return CRYPT_OK if successful
*/
int rsa_init(rsa_key *key)
{
LTC_ARGCHK(key != NULL);
return mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, LTC_NULL);
}
/**
Free an RSA key from memory
@param key The RSA key to free
*/
void rsa_free(rsa_key *key)
{
LTC_ARGCHKVD(key != NULL);
mp_cleanup_multi(&key->q, &key->p, &key->qP, &key->dP, &key->dQ, &key->N, &key->d, &key->e, LTC_NULL);
}
#endif

165
deps/libtomcrypt/src/pk/rsa/rsa_make_key.c vendored Normal file
View File

@ -0,0 +1,165 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_make_key.c
RSA key generation, Tom St Denis
*/
#ifdef LTC_MRSA
static int s_rsa_make_key(prng_state *prng, int wprng, int size, void *e, rsa_key *key)
{
void *p, *q, *tmp1, *tmp2;
int err;
LTC_ARGCHK(ltc_mp.name != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(size > 0);
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, LTC_NULL)) != CRYPT_OK) {
return err;
}
/* make primes p and q (optimization provided by Wayne Scott) */
/* make prime "p" */
do {
if ((err = rand_prime( p, size/2, prng, wprng)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = p-1 */
if ((err = mp_gcd( tmp1, e, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(p-1, e) */
} while (mp_cmp_d( tmp2, 1) != 0); /* while e divides p-1 */
/* make prime "q" */
do {
if ((err = rand_prime( q, size/2, prng, wprng)) != CRYPT_OK) { goto cleanup; }
if ((err = mp_sub_d( q, 1, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = q-1 */
if ((err = mp_gcd( tmp1, e, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = gcd(q-1, e) */
} while (mp_cmp_d( tmp2, 1) != 0); /* while e divides q-1 */
/* tmp1 = lcm(p-1, q-1) */
if ((err = mp_sub_d( p, 1, tmp2)) != CRYPT_OK) { goto cleanup; } /* tmp2 = p-1 */
/* tmp1 = q-1 (previous do/while loop) */
if ((err = mp_lcm( tmp1, tmp2, tmp1)) != CRYPT_OK) { goto cleanup; } /* tmp1 = lcm(p-1, q-1) */
/* make key */
if ((err = rsa_init(key)) != CRYPT_OK) {
goto errkey;
}
if ((err = mp_copy( e, key->e)) != CRYPT_OK) { goto errkey; } /* key->e = e */
if ((err = mp_invmod( key->e, tmp1, key->d)) != CRYPT_OK) { goto errkey; } /* key->d = 1/e mod lcm(p-1,q-1) */
if ((err = mp_mul( p, q, key->N)) != CRYPT_OK) { goto errkey; } /* key->N = pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto errkey; } /* tmp1 = p-1 */
if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto errkey; } /* tmp2 = q-1 */
if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto errkey; } /* dP = d mod p-1 */
if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto errkey; } /* dQ = d mod q-1 */
if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto errkey; } /* qP = 1/q mod p */
if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto errkey; }
if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto errkey; }
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
goto cleanup;
errkey:
rsa_free(key);
cleanup:
mp_clear_multi(tmp2, tmp1, q, p, LTC_NULL);
return err;
}
/**
Create an RSA key based on a long public exponent type
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param size The size of the modulus (key size) desired (octets)
@param e The "e" value (public key). e==65537 is a good choice
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful, upon error all allocated ram is freed
*/
int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key)
{
void *tmp_e;
int err;
if ((e < 3) || ((e & 1) == 0)) {
return CRYPT_INVALID_ARG;
}
if ((err = mp_init(&tmp_e)) != CRYPT_OK) {
return err;
}
if ((err = mp_set_int(tmp_e, e)) == CRYPT_OK)
err = s_rsa_make_key(prng, wprng, size, tmp_e, key);
mp_clear(tmp_e);
return err;
}
/**
Create an RSA key based on a hexadecimal public exponent type
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param size The size of the modulus (key size) desired (octets)
@param e The "e" value (public key). e==65537 is a good choice
@param elen The length of e (octets)
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful, upon error all allocated ram is freed
*/
int rsa_make_key_ubin_e(prng_state *prng, int wprng, int size,
const unsigned char *e, unsigned long elen, rsa_key *key)
{
int err;
void *tmp_e;
if ((err = mp_init(&tmp_e)) != CRYPT_OK) {
return err;
}
if ((err = mp_read_unsigned_bin(tmp_e, (unsigned char *)e, elen)) == CRYPT_OK)
err = rsa_make_key_bn_e(prng, wprng, size, tmp_e, key);
mp_clear(tmp_e);
return err;
}
/**
Create an RSA key based on a bignumber public exponent type
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param size The size of the modulus (key size) desired (octets)
@param e The "e" value (public key). e==65537 is a good choice
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful, upon error all allocated ram is freed
*/
int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e, rsa_key *key)
{
int err;
int e_bits;
e_bits = mp_count_bits(e);
if ((e_bits > 1 && e_bits < 256) && (mp_get_digit(e, 0) & 1)) {
err = s_rsa_make_key(prng, wprng, size, e, key);
} else {
err = CRYPT_INVALID_ARG;
}
return err;
}
#endif

123
deps/libtomcrypt/src/pk/rsa/rsa_set.c vendored Normal file
View File

@ -0,0 +1,123 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
#ifdef LTC_MRSA
/**
Import RSA key from raw numbers
@param N RSA's N
@param Nlen RSA's N's length
@param e RSA's e
@param elen RSA's e's length
@param d RSA's d (only private key, NULL for public key)
@param dlen RSA's d's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_key(const unsigned char *N, unsigned long Nlen,
const unsigned char *e, unsigned long elen,
const unsigned char *d, unsigned long dlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(N != NULL);
LTC_ARGCHK(e != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if ((err = rsa_init(key)) != CRYPT_OK) return err;
if ((err = mp_read_unsigned_bin(key->N , (unsigned char *)N , Nlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->e , (unsigned char *)e , elen)) != CRYPT_OK) { goto LBL_ERR; }
if (d && dlen) {
if ((err = mp_read_unsigned_bin(key->d , (unsigned char *)d , dlen)) != CRYPT_OK) { goto LBL_ERR; }
key->type = PK_PRIVATE;
}
else {
key->type = PK_PUBLIC;
}
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
/**
Import factors of an RSA key from raw numbers
Only for private keys.
@param p RSA's p
@param plen RSA's p's length
@param q RSA's q
@param qlen RSA's q's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_factors(const unsigned char *p, unsigned long plen,
const unsigned char *q, unsigned long qlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(p != NULL);
LTC_ARGCHK(q != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; }
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
/**
Import CRT parameters of an RSA key from raw numbers
Only for private keys.
@param dP RSA's dP
@param dPlen RSA's dP's length
@param dQ RSA's dQ
@param dQlen RSA's dQ's length
@param qP RSA's qP
@param qPlen RSA's qP's length
@param key [out] the destination for the imported key
@return CRYPT_OK if successful
*/
int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen,
const unsigned char *dQ, unsigned long dQlen,
const unsigned char *qP, unsigned long qPlen,
rsa_key *key)
{
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(dP != NULL);
LTC_ARGCHK(dQ != NULL);
LTC_ARGCHK(qP != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH;
if ((err = mp_read_unsigned_bin(key->dP, (unsigned char *)dP, dPlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->dQ, (unsigned char *)dQ, dQlen)) != CRYPT_OK) { goto LBL_ERR; }
if ((err = mp_read_unsigned_bin(key->qP, (unsigned char *)qP, qPlen)) != CRYPT_OK) { goto LBL_ERR; }
return CRYPT_OK;
LBL_ERR:
rsa_free(key);
return err;
}
#endif /* LTC_MRSA */

136
deps/libtomcrypt/src/pk/rsa/rsa_sign_hash.c vendored Normal file
View File

@ -0,0 +1,136 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_sign_hash.c
RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange
*/
#ifdef LTC_MRSA
/**
PKCS #1 pad then sign
@param in The hash to sign
@param inlen The length of the hash to sign (octets)
@param out [out] The signature
@param outlen [in/out] The max size and resulting size of the signature
@param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1)
@param prng An active PRNG state
@param prng_idx The index of the PRNG desired
@param hash_idx The index of the hash desired
@param saltlen The length of the salt desired (octets)
@param key The private RSA key to use
@return CRYPT_OK if successful
*/
int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
int padding,
prng_state *prng, int prng_idx,
int hash_idx, unsigned long saltlen,
const rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x, y;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* valid padding? */
if ((padding != LTC_PKCS_1_V1_5) &&
(padding != LTC_PKCS_1_PSS) &&
(padding != LTC_PKCS_1_V1_5_NA1)) {
return CRYPT_PK_INVALID_PADDING;
}
if (padding == LTC_PKCS_1_PSS) {
/* valid prng ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
}
if (padding != LTC_PKCS_1_V1_5_NA1) {
/* valid hash ? */
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits((key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size((key->N));
if (modulus_bytelen > *outlen) {
*outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
if (padding == LTC_PKCS_1_PSS) {
/* PSS pad the key */
x = *outlen;
if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
return err;
}
} else {
/* PKCS #1 v1.5 pad the hash */
unsigned char *tmpin;
if (padding == LTC_PKCS_1_V1_5) {
ltc_asn1_list digestinfo[2], siginfo[2];
/* not all hashes have OIDs... so sad */
if (hash_descriptor[hash_idx].OIDlen == 0) {
return CRYPT_INVALID_ARG;
}
/* construct the SEQUENCE
SEQUENCE {
SEQUENCE {hashoid OID
blah NULL
}
hash OCTET STRING
}
*/
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
/* allocate memory for the encoding */
y = mp_unsigned_bin_size(key->N);
tmpin = XMALLOC(y);
if (tmpin == NULL) {
return CRYPT_MEM;
}
if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
XFREE(tmpin);
return err;
}
} else {
/* set the pointer and data-length to the input values */
tmpin = (unsigned char *)in;
y = inlen;
}
x = *outlen;
err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA, modulus_bitlen, NULL, 0, out, &x);
if (padding == LTC_PKCS_1_V1_5) {
XFREE(tmpin);
}
if (err != CRYPT_OK) {
return err;
}
}
/* RSA encode it */
return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key);
}
#endif /* LTC_MRSA */

37
deps/libtomcrypt/src/pk/rsa/rsa_sign_saltlen_get.c vendored Normal file
View File

@ -0,0 +1,37 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_sign_saltlen_get.c
Retrieve the maximum size of the salt, Steffen Jaeckel.
*/
#ifdef LTC_MRSA
/**
Retrieve the maximum possible size of the salt when creating a PKCS#1 PSS signature.
@param padding Type of padding (LTC_PKCS_1_PSS only)
@param hash_idx The index of the desired hash
@param key The RSA key
@return The maximum salt length in bytes or INT_MAX on error.
*/
int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, const rsa_key *key)
{
int ret = INT_MAX;
LTC_ARGCHK(key != NULL);
if ((hash_is_valid(hash_idx) == CRYPT_OK) &&
(padding == LTC_PKCS_1_PSS))
{
ret = rsa_get_size(key);
if (ret < INT_MAX)
{
ret -= (hash_descriptor[hash_idx].hashsize + 2);
} /* if */
} /* if */
return ret;
}
#endif

183
deps/libtomcrypt/src/pk/rsa/rsa_verify_hash.c vendored Normal file
View File

@ -0,0 +1,183 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis */
/* SPDX-License-Identifier: Unlicense */
#include "tomcrypt_private.h"
/**
@file rsa_verify_hash.c
RSA PKCS #1 v1.5 or v2 PSS signature verification, Tom St Denis and Andreas Lange
*/
#ifdef LTC_MRSA
/**
PKCS #1 de-sign then v1.5 or PSS depad
@param sig The signature data
@param siglen The length of the signature data (octets)
@param hash The hash of the message that was signed
@param hashlen The length of the hash of the message that was signed (octets)
@param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1)
@param hash_idx The index of the desired hash
@param saltlen The length of the salt used during signature
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
@param key The public RSA key corresponding to the key that performed the signature
@return CRYPT_OK on success (even if the signature is invalid)
*/
int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
const unsigned char *hash, unsigned long hashlen,
int padding,
int hash_idx, unsigned long saltlen,
int *stat, const rsa_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmpbuf;
LTC_ARGCHK(hash != NULL);
LTC_ARGCHK(sig != NULL);
LTC_ARGCHK(stat != NULL);
LTC_ARGCHK(key != NULL);
/* default to invalid */
*stat = 0;
/* valid padding? */
if ((padding != LTC_PKCS_1_V1_5) &&
(padding != LTC_PKCS_1_PSS) &&
(padding != LTC_PKCS_1_V1_5_NA1)) {
return CRYPT_PK_INVALID_PADDING;
}
if (padding != LTC_PKCS_1_V1_5_NA1) {
/* valid hash ? */
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits( (key->N));
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != siglen) {
return CRYPT_INVALID_PACKET;
}
/* allocate temp buffer for decoded sig */
tmpbuf = XMALLOC(siglen);
if (tmpbuf == NULL) {
return CRYPT_MEM;
}
/* RSA decode it */
x = siglen;
if ((err = ltc_mp.rsa_me(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
XFREE(tmpbuf);
return err;
}
/* make sure the output is the right size */
if (x != siglen) {
XFREE(tmpbuf);
return CRYPT_INVALID_PACKET;
}
if (padding == LTC_PKCS_1_PSS) {
/* PSS decode and verify it */
if(modulus_bitlen%8 == 1){
err = pkcs_1_pss_decode(hash, hashlen, tmpbuf+1, x-1, saltlen, hash_idx, modulus_bitlen, stat);
}
else{
err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
}
} else {
/* PKCS #1 v1.5 decode it */
unsigned char *out;
unsigned long outlen;
int decoded;
/* allocate temp buffer for decoded hash */
outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
out = XMALLOC(outlen);
if (out == NULL) {
err = CRYPT_MEM;
goto bail_2;
}
if ((err = pkcs_1_v1_5_decode(tmpbuf, x, LTC_PKCS_1_EMSA, modulus_bitlen, out, &outlen, &decoded)) != CRYPT_OK) {
XFREE(out);
goto bail_2;
}
if (padding == LTC_PKCS_1_V1_5) {
unsigned long loid[16], reallen;
ltc_asn1_list digestinfo[2], siginfo[2];
/* not all hashes have OIDs... so sad */
if (hash_descriptor[hash_idx].OIDlen == 0) {
err = CRYPT_INVALID_ARG;
goto bail_2;
}
/* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
/* construct the SEQUENCE
SEQUENCE {
SEQUENCE {hashoid OID
blah NULL
}
hash OCTET STRING
}
*/
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
if (der_decode_sequence_strict(out, outlen, siginfo, 2) != CRYPT_OK) {
/* fallback to Legacy:missing NULL */
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 1);
if ((err = der_decode_sequence_strict(out, outlen, siginfo, 2)) != CRYPT_OK) {
XFREE(out);
goto bail_2;
}
}
if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
XFREE(out);
goto bail_2;
}
/* test OID */
if ((reallen == outlen) &&
(digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
(XMEMCMP(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
(siginfo[1].size == hashlen) &&
(XMEMCMP(siginfo[1].data, hash, hashlen) == 0)) {
*stat = 1;
}
} else {
/* only check if the hash is equal */
if ((hashlen == outlen) &&
(XMEMCMP(out, hash, hashlen) == 0)) {
*stat = 1;
}
}
#ifdef LTC_CLEAN_STACK
zeromem(out, outlen);
#endif
XFREE(out);
}
bail_2:
#ifdef LTC_CLEAN_STACK
zeromem(tmpbuf, siglen);
#endif
XFREE(tmpbuf);
return err;
}
#endif /* LTC_MRSA */