2
0

rsa_pk1.c 6.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224
  1. /* crypto/rsa/rsa_pk1.c */
  2. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  3. * All rights reserved.
  4. *
  5. * This package is an SSL implementation written
  6. * by Eric Young (eay@cryptsoft.com).
  7. * The implementation was written so as to conform with Netscapes SSL.
  8. *
  9. * This library is free for commercial and non-commercial use as long as
  10. * the following conditions are aheared to. The following conditions
  11. * apply to all code found in this distribution, be it the RC4, RSA,
  12. * lhash, DES, etc., code; not just the SSL code. The SSL documentation
  13. * included with this distribution is covered by the same copyright terms
  14. * except that the holder is Tim Hudson (tjh@cryptsoft.com).
  15. *
  16. * Copyright remains Eric Young's, and as such any Copyright notices in
  17. * the code are not to be removed.
  18. * If this package is used in a product, Eric Young should be given attribution
  19. * as the author of the parts of the library used.
  20. * This can be in the form of a textual message at program startup or
  21. * in documentation (online or textual) provided with the package.
  22. *
  23. * Redistribution and use in source and binary forms, with or without
  24. * modification, are permitted provided that the following conditions
  25. * are met:
  26. * 1. Redistributions of source code must retain the copyright
  27. * notice, this list of conditions and the following disclaimer.
  28. * 2. Redistributions in binary form must reproduce the above copyright
  29. * notice, this list of conditions and the following disclaimer in the
  30. * documentation and/or other materials provided with the distribution.
  31. * 3. All advertising materials mentioning features or use of this software
  32. * must display the following acknowledgement:
  33. * "This product includes cryptographic software written by
  34. * Eric Young (eay@cryptsoft.com)"
  35. * The word 'cryptographic' can be left out if the rouines from the library
  36. * being used are not cryptographic related :-).
  37. * 4. If you include any Windows specific code (or a derivative thereof) from
  38. * the apps directory (application code) you must include an acknowledgement:
  39. * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
  40. *
  41. * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  42. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  43. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  44. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  45. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  46. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  47. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  49. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  50. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  51. * SUCH DAMAGE.
  52. *
  53. * The licence and distribution terms for any publically available version or
  54. * derivative of this code cannot be changed. i.e. this code cannot simply be
  55. * copied and put under another distribution licence
  56. * [including the GNU Public Licence.]
  57. */
  58. #include <stdio.h>
  59. #include "cryptlib.h"
  60. #include <openssl/bn.h>
  61. #include <openssl/rsa.h>
  62. #include <openssl/rand.h>
  63. int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
  64. const unsigned char *from, int flen)
  65. {
  66. int j;
  67. unsigned char *p;
  68. if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
  69. {
  70. RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
  71. return(0);
  72. }
  73. p=(unsigned char *)to;
  74. *(p++)=0;
  75. *(p++)=1; /* Private Key BT (Block Type) */
  76. /* pad out with 0xff data */
  77. j=tlen-3-flen;
  78. memset(p,0xff,j);
  79. p+=j;
  80. *(p++)='\0';
  81. memcpy(p,from,(unsigned int)flen);
  82. return(1);
  83. }
  84. int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
  85. const unsigned char *from, int flen, int num)
  86. {
  87. int i,j;
  88. const unsigned char *p;
  89. p=from;
  90. if ((num != (flen+1)) || (*(p++) != 01))
  91. {
  92. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
  93. return(-1);
  94. }
  95. /* scan over padding data */
  96. j=flen-1; /* one for type. */
  97. for (i=0; i<j; i++)
  98. {
  99. if (*p != 0xff) /* should decrypt to 0xff */
  100. {
  101. if (*p == 0)
  102. { p++; break; }
  103. else {
  104. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
  105. return(-1);
  106. }
  107. }
  108. p++;
  109. }
  110. if (i == j)
  111. {
  112. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
  113. return(-1);
  114. }
  115. if (i < 8)
  116. {
  117. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
  118. return(-1);
  119. }
  120. i++; /* Skip over the '\0' */
  121. j-=i;
  122. if (j > tlen)
  123. {
  124. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
  125. return(-1);
  126. }
  127. memcpy(to,p,(unsigned int)j);
  128. return(j);
  129. }
  130. int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
  131. const unsigned char *from, int flen)
  132. {
  133. int i,j;
  134. unsigned char *p;
  135. if (flen > (tlen-11))
  136. {
  137. RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
  138. return(0);
  139. }
  140. p=(unsigned char *)to;
  141. *(p++)=0;
  142. *(p++)=2; /* Public Key BT (Block Type) */
  143. /* pad out with non-zero random data */
  144. j=tlen-3-flen;
  145. if (RAND_bytes(p,j) <= 0)
  146. return(0);
  147. for (i=0; i<j; i++)
  148. {
  149. if (*p == '\0')
  150. do {
  151. if (RAND_bytes(p,1) <= 0)
  152. return(0);
  153. } while (*p == '\0');
  154. p++;
  155. }
  156. *(p++)='\0';
  157. memcpy(p,from,(unsigned int)flen);
  158. return(1);
  159. }
  160. int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
  161. const unsigned char *from, int flen, int num)
  162. {
  163. int i,j;
  164. const unsigned char *p;
  165. p=from;
  166. if ((num != (flen+1)) || (*(p++) != 02))
  167. {
  168. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
  169. return(-1);
  170. }
  171. #ifdef PKCS1_CHECK
  172. return(num-11);
  173. #endif
  174. /* scan over padding data */
  175. j=flen-1; /* one for type. */
  176. for (i=0; i<j; i++)
  177. if (*(p++) == 0) break;
  178. if (i == j)
  179. {
  180. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
  181. return(-1);
  182. }
  183. if (i < 8)
  184. {
  185. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
  186. return(-1);
  187. }
  188. i++; /* Skip over the '\0' */
  189. j-=i;
  190. if (j > tlen)
  191. {
  192. RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
  193. return(-1);
  194. }
  195. memcpy(to,p,(unsigned int)j);
  196. return(j);
  197. }