1160814Ssimon/* rsa_x931.c */ 2280304Sjkim/* 3280304Sjkim * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4280304Sjkim * 2005. 5160814Ssimon */ 6160814Ssimon/* ==================================================================== 7160814Ssimon * Copyright (c) 2005 The OpenSSL Project. All rights reserved. 8160814Ssimon * 9160814Ssimon * Redistribution and use in source and binary forms, with or without 10160814Ssimon * modification, are permitted provided that the following conditions 11160814Ssimon * are met: 12160814Ssimon * 13160814Ssimon * 1. Redistributions of source code must retain the above copyright 14280304Sjkim * notice, this list of conditions and the following disclaimer. 15160814Ssimon * 16160814Ssimon * 2. Redistributions in binary form must reproduce the above copyright 17160814Ssimon * notice, this list of conditions and the following disclaimer in 18160814Ssimon * the documentation and/or other materials provided with the 19160814Ssimon * distribution. 20160814Ssimon * 21160814Ssimon * 3. All advertising materials mentioning features or use of this 22160814Ssimon * software must display the following acknowledgment: 23160814Ssimon * "This product includes software developed by the OpenSSL Project 24160814Ssimon * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25160814Ssimon * 26160814Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27160814Ssimon * endorse or promote products derived from this software without 28160814Ssimon * prior written permission. For written permission, please contact 29160814Ssimon * licensing@OpenSSL.org. 30160814Ssimon * 31160814Ssimon * 5. Products derived from this software may not be called "OpenSSL" 32160814Ssimon * nor may "OpenSSL" appear in their names without prior written 33160814Ssimon * permission of the OpenSSL Project. 34160814Ssimon * 35160814Ssimon * 6. Redistributions of any form whatsoever must retain the following 36160814Ssimon * acknowledgment: 37160814Ssimon * "This product includes software developed by the OpenSSL Project 38160814Ssimon * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39160814Ssimon * 40160814Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41160814Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42160814Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43160814Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44160814Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45160814Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46160814Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47160814Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48160814Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49160814Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50160814Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51160814Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 52160814Ssimon * ==================================================================== 53160814Ssimon * 54160814Ssimon * This product includes cryptographic software written by Eric Young 55160814Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 56160814Ssimon * Hudson (tjh@cryptsoft.com). 57160814Ssimon * 58160814Ssimon */ 59160814Ssimon 60160814Ssimon#include <stdio.h> 61160814Ssimon#include "cryptlib.h" 62160814Ssimon#include <openssl/bn.h> 63160814Ssimon#include <openssl/rsa.h> 64160814Ssimon#include <openssl/rand.h> 65160814Ssimon#include <openssl/objects.h> 66160814Ssimon 67160814Ssimonint RSA_padding_add_X931(unsigned char *to, int tlen, 68280304Sjkim const unsigned char *from, int flen) 69280304Sjkim{ 70280304Sjkim int j; 71280304Sjkim unsigned char *p; 72160814Ssimon 73280304Sjkim /* 74280304Sjkim * Absolute minimum amount of padding is 1 header nibble, 1 padding 75280304Sjkim * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. 76280304Sjkim */ 77160814Ssimon 78280304Sjkim j = tlen - flen - 2; 79160814Ssimon 80280304Sjkim if (j < 0) { 81280304Sjkim RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 82280304Sjkim return -1; 83280304Sjkim } 84160814Ssimon 85280304Sjkim p = (unsigned char *)to; 86160814Ssimon 87280304Sjkim /* If no padding start and end nibbles are in one byte */ 88280304Sjkim if (j == 0) 89280304Sjkim *p++ = 0x6A; 90280304Sjkim else { 91280304Sjkim *p++ = 0x6B; 92280304Sjkim if (j > 1) { 93280304Sjkim memset(p, 0xBB, j - 1); 94280304Sjkim p += j - 1; 95280304Sjkim } 96280304Sjkim *p++ = 0xBA; 97280304Sjkim } 98280304Sjkim memcpy(p, from, (unsigned int)flen); 99280304Sjkim p += flen; 100280304Sjkim *p = 0xCC; 101280304Sjkim return (1); 102280304Sjkim} 103280304Sjkim 104160814Ssimonint RSA_padding_check_X931(unsigned char *to, int tlen, 105280304Sjkim const unsigned char *from, int flen, int num) 106280304Sjkim{ 107280304Sjkim int i = 0, j; 108280304Sjkim const unsigned char *p; 109160814Ssimon 110280304Sjkim p = from; 111280304Sjkim if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { 112280304Sjkim RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER); 113280304Sjkim return -1; 114280304Sjkim } 115160814Ssimon 116280304Sjkim if (*p++ == 0x6B) { 117280304Sjkim j = flen - 3; 118280304Sjkim for (i = 0; i < j; i++) { 119280304Sjkim unsigned char c = *p++; 120280304Sjkim if (c == 0xBA) 121280304Sjkim break; 122280304Sjkim if (c != 0xBB) { 123280304Sjkim RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); 124280304Sjkim return -1; 125280304Sjkim } 126280304Sjkim } 127160814Ssimon 128280304Sjkim j -= i; 129160814Ssimon 130280304Sjkim if (i == 0) { 131280304Sjkim RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); 132280304Sjkim return -1; 133280304Sjkim } 134160814Ssimon 135280304Sjkim } else 136280304Sjkim j = flen - 2; 137160814Ssimon 138280304Sjkim if (p[j] != 0xCC) { 139280304Sjkim RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); 140280304Sjkim return -1; 141280304Sjkim } 142160814Ssimon 143280304Sjkim memcpy(to, p, (unsigned int)j); 144160814Ssimon 145280304Sjkim return (j); 146280304Sjkim} 147160814Ssimon 148160814Ssimon/* Translate between X931 hash ids and NIDs */ 149160814Ssimon 150160814Ssimonint RSA_X931_hash_id(int nid) 151280304Sjkim{ 152280304Sjkim switch (nid) { 153280304Sjkim case NID_sha1: 154280304Sjkim return 0x33; 155160814Ssimon 156280304Sjkim case NID_sha256: 157280304Sjkim return 0x34; 158160814Ssimon 159280304Sjkim case NID_sha384: 160280304Sjkim return 0x36; 161160814Ssimon 162280304Sjkim case NID_sha512: 163280304Sjkim return 0x35; 164160814Ssimon 165280304Sjkim } 166280304Sjkim return -1; 167280304Sjkim} 168