Home | History | Annotate | Download | only in rsa
      1 /* crypto/rsa/rsa_pk1.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 
     59 #include <stdio.h>
     60 #include "cryptlib.h"
     61 #include <openssl/bn.h>
     62 #include <openssl/rsa.h>
     63 #include <openssl/rand.h>
     64 
     65 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
     66 	     const unsigned char *from, int flen)
     67 	{
     68 	int j;
     69 	unsigned char *p;
     70 
     71 	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
     72 		{
     73 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
     74 		return(0);
     75 		}
     76 
     77 	p=(unsigned char *)to;
     78 
     79 	*(p++)=0;
     80 	*(p++)=1; /* Private Key BT (Block Type) */
     81 
     82 	/* pad out with 0xff data */
     83 	j=tlen-3-flen;
     84 	memset(p,0xff,j);
     85 	p+=j;
     86 	*(p++)='\0';
     87 	memcpy(p,from,(unsigned int)flen);
     88 	return(1);
     89 	}
     90 
     91 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
     92 	     const unsigned char *from, int flen, int num)
     93 	{
     94 	int i,j;
     95 	const unsigned char *p;
     96 
     97 	p=from;
     98 	if ((num != (flen+1)) || (*(p++) != 01))
     99 		{
    100 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
    101 		return(-1);
    102 		}
    103 
    104 	/* scan over padding data */
    105 	j=flen-1; /* one for type. */
    106 	for (i=0; i<j; i++)
    107 		{
    108 		if (*p != 0xff) /* should decrypt to 0xff */
    109 			{
    110 			if (*p == 0)
    111 				{ p++; break; }
    112 			else	{
    113 				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
    114 				return(-1);
    115 				}
    116 			}
    117 		p++;
    118 		}
    119 
    120 	if (i == j)
    121 		{
    122 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
    123 		return(-1);
    124 		}
    125 
    126 	if (i < 8)
    127 		{
    128 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
    129 		return(-1);
    130 		}
    131 	i++; /* Skip over the '\0' */
    132 	j-=i;
    133 	if (j > tlen)
    134 		{
    135 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
    136 		return(-1);
    137 		}
    138 	memcpy(to,p,(unsigned int)j);
    139 
    140 	return(j);
    141 	}
    142 
    143 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
    144 	     const unsigned char *from, int flen)
    145 	{
    146 	int i,j;
    147 	unsigned char *p;
    148 
    149 	if (flen > (tlen-11))
    150 		{
    151 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
    152 		return(0);
    153 		}
    154 
    155 	p=(unsigned char *)to;
    156 
    157 	*(p++)=0;
    158 	*(p++)=2; /* Public Key BT (Block Type) */
    159 
    160 	/* pad out with non-zero random data */
    161 	j=tlen-3-flen;
    162 
    163 	if (RAND_bytes(p,j) <= 0)
    164 		return(0);
    165 	for (i=0; i<j; i++)
    166 		{
    167 		if (*p == '\0')
    168 			do	{
    169 				if (RAND_bytes(p,1) <= 0)
    170 					return(0);
    171 				} while (*p == '\0');
    172 		p++;
    173 		}
    174 
    175 	*(p++)='\0';
    176 
    177 	memcpy(p,from,(unsigned int)flen);
    178 	return(1);
    179 	}
    180 
    181 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
    182 	     const unsigned char *from, int flen, int num)
    183 	{
    184 	int i,j;
    185 	const unsigned char *p;
    186 
    187 	p=from;
    188 	if ((num != (flen+1)) || (*(p++) != 02))
    189 		{
    190 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
    191 		return(-1);
    192 		}
    193 #ifdef PKCS1_CHECK
    194 	return(num-11);
    195 #endif
    196 
    197 	/* scan over padding data */
    198 	j=flen-1; /* one for type. */
    199 	for (i=0; i<j; i++)
    200 		if (*(p++) == 0) break;
    201 
    202 	if (i == j)
    203 		{
    204 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
    205 		return(-1);
    206 		}
    207 
    208 	if (i < 8)
    209 		{
    210 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
    211 		return(-1);
    212 		}
    213 	i++; /* Skip over the '\0' */
    214 	j-=i;
    215 	if (j > tlen)
    216 		{
    217 		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
    218 		return(-1);
    219 		}
    220 	memcpy(to,p,(unsigned int)j);
    221 
    222 	return(j);
    223 	}
    224 
    225