rsa_x931.c revision 160814
1160814Ssimon/* rsa_x931.c */ 2160814Ssimon/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 3160814Ssimon * project 2005. 4160814Ssimon */ 5160814Ssimon/* ==================================================================== 6160814Ssimon * Copyright (c) 2005 The OpenSSL Project. All rights reserved. 7160814Ssimon * 8160814Ssimon * Redistribution and use in source and binary forms, with or without 9160814Ssimon * modification, are permitted provided that the following conditions 10160814Ssimon * are met: 11160814Ssimon * 12160814Ssimon * 1. Redistributions of source code must retain the above copyright 13160814Ssimon * notice, this list of conditions and the following disclaimer. 14160814Ssimon * 15160814Ssimon * 2. Redistributions in binary form must reproduce the above copyright 16160814Ssimon * notice, this list of conditions and the following disclaimer in 17160814Ssimon * the documentation and/or other materials provided with the 18160814Ssimon * distribution. 19160814Ssimon * 20160814Ssimon * 3. All advertising materials mentioning features or use of this 21160814Ssimon * software must display the following acknowledgment: 22160814Ssimon * "This product includes software developed by the OpenSSL Project 23160814Ssimon * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24160814Ssimon * 25160814Ssimon * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26160814Ssimon * endorse or promote products derived from this software without 27160814Ssimon * prior written permission. For written permission, please contact 28160814Ssimon * licensing@OpenSSL.org. 29160814Ssimon * 30160814Ssimon * 5. Products derived from this software may not be called "OpenSSL" 31160814Ssimon * nor may "OpenSSL" appear in their names without prior written 32160814Ssimon * permission of the OpenSSL Project. 33160814Ssimon * 34160814Ssimon * 6. Redistributions of any form whatsoever must retain the following 35160814Ssimon * acknowledgment: 36160814Ssimon * "This product includes software developed by the OpenSSL Project 37160814Ssimon * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38160814Ssimon * 39160814Ssimon * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40160814Ssimon * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41160814Ssimon * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42160814Ssimon * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43160814Ssimon * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44160814Ssimon * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45160814Ssimon * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46160814Ssimon * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47160814Ssimon * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48160814Ssimon * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49160814Ssimon * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50160814Ssimon * OF THE POSSIBILITY OF SUCH DAMAGE. 51160814Ssimon * ==================================================================== 52160814Ssimon * 53160814Ssimon * This product includes cryptographic software written by Eric Young 54160814Ssimon * (eay@cryptsoft.com). This product includes software written by Tim 55160814Ssimon * Hudson (tjh@cryptsoft.com). 56160814Ssimon * 57160814Ssimon */ 58160814Ssimon 59160814Ssimon#include <stdio.h> 60160814Ssimon#include "cryptlib.h" 61160814Ssimon#include <openssl/bn.h> 62160814Ssimon#include <openssl/rsa.h> 63160814Ssimon#include <openssl/rand.h> 64160814Ssimon#include <openssl/objects.h> 65160814Ssimon 66160814Ssimonint RSA_padding_add_X931(unsigned char *to, int tlen, 67160814Ssimon const unsigned char *from, int flen) 68160814Ssimon { 69160814Ssimon int j; 70160814Ssimon unsigned char *p; 71160814Ssimon 72160814Ssimon /* Absolute minimum amount of padding is 1 header nibble, 1 padding 73160814Ssimon * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. 74160814Ssimon */ 75160814Ssimon 76160814Ssimon j = tlen - flen - 2; 77160814Ssimon 78160814Ssimon if (j < 0) 79160814Ssimon { 80160814Ssimon RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 81160814Ssimon return -1; 82160814Ssimon } 83160814Ssimon 84160814Ssimon p=(unsigned char *)to; 85160814Ssimon 86160814Ssimon /* If no padding start and end nibbles are in one byte */ 87160814Ssimon if (j == 0) 88160814Ssimon *p++ = 0x6A; 89160814Ssimon else 90160814Ssimon { 91160814Ssimon *p++ = 0x6B; 92160814Ssimon if (j > 1) 93160814Ssimon { 94160814Ssimon memset(p, 0xBB, j - 1); 95160814Ssimon p += j - 1; 96160814Ssimon } 97160814Ssimon *p++ = 0xBA; 98160814Ssimon } 99160814Ssimon memcpy(p,from,(unsigned int)flen); 100160814Ssimon p += flen; 101160814Ssimon *p = 0xCC; 102160814Ssimon return(1); 103160814Ssimon } 104160814Ssimon 105160814Ssimonint RSA_padding_check_X931(unsigned char *to, int tlen, 106160814Ssimon const unsigned char *from, int flen, int num) 107160814Ssimon { 108160814Ssimon int i = 0,j; 109160814Ssimon const unsigned char *p; 110160814Ssimon 111160814Ssimon p=from; 112160814Ssimon if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) 113160814Ssimon { 114160814Ssimon RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER); 115160814Ssimon return -1; 116160814Ssimon } 117160814Ssimon 118160814Ssimon if (*p++ == 0x6B) 119160814Ssimon { 120160814Ssimon j=flen-3; 121160814Ssimon for (i = 0; i < j; i++) 122160814Ssimon { 123160814Ssimon unsigned char c = *p++; 124160814Ssimon if (c == 0xBA) 125160814Ssimon break; 126160814Ssimon if (c != 0xBB) 127160814Ssimon { 128160814Ssimon RSAerr(RSA_F_RSA_PADDING_CHECK_X931, 129160814Ssimon RSA_R_INVALID_PADDING); 130160814Ssimon return -1; 131160814Ssimon } 132160814Ssimon } 133160814Ssimon 134160814Ssimon j -= i; 135160814Ssimon 136160814Ssimon if (i == 0) 137160814Ssimon { 138160814Ssimon RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); 139160814Ssimon return -1; 140160814Ssimon } 141160814Ssimon 142160814Ssimon } 143160814Ssimon else j = flen - 2; 144160814Ssimon 145160814Ssimon if (p[j] != 0xCC) 146160814Ssimon { 147160814Ssimon RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); 148160814Ssimon return -1; 149160814Ssimon } 150160814Ssimon 151160814Ssimon memcpy(to,p,(unsigned int)j); 152160814Ssimon 153160814Ssimon return(j); 154160814Ssimon } 155160814Ssimon 156160814Ssimon/* Translate between X931 hash ids and NIDs */ 157160814Ssimon 158160814Ssimonint RSA_X931_hash_id(int nid) 159160814Ssimon { 160160814Ssimon switch (nid) 161160814Ssimon { 162160814Ssimon case NID_sha1: 163160814Ssimon return 0x33; 164160814Ssimon 165160814Ssimon case NID_sha256: 166160814Ssimon return 0x34; 167160814Ssimon 168160814Ssimon case NID_sha384: 169160814Ssimon return 0x36; 170160814Ssimon 171160814Ssimon case NID_sha512: 172160814Ssimon return 0x35; 173160814Ssimon 174160814Ssimon } 175160814Ssimon return -1; 176160814Ssimon } 177160814Ssimon 178