2004-12-30 23:55:53 +00:00
|
|
|
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
|
|
|
|
*
|
|
|
|
|
* LibTomCrypt is a library that provides various cryptographic
|
|
|
|
|
* algorithms in a highly modular and flexible manner.
|
|
|
|
|
*
|
|
|
|
|
* The library is free for all purposes without any express
|
|
|
|
|
* guarantee it works.
|
|
|
|
|
*
|
2007-07-20 17:48:02 +00:00
|
|
|
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
2004-12-30 23:55:53 +00:00
|
|
|
*/
|
|
|
|
|
#include "tomcrypt.h"
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@file rsa_sign_hash.c
|
2014-01-03 15:16:59 +01:00
|
|
|
RSA PKCS #1 v1.5 and v2 PSS sign hash, Tom St Denis and Andreas Lange
|
2006-11-17 14:21:24 +00:00
|
|
|
*/
|
2004-12-30 23:55:53 +00:00
|
|
|
|
2007-07-20 17:48:02 +00:00
|
|
|
#ifdef LTC_MRSA
|
2004-12-30 23:55:53 +00:00
|
|
|
|
|
|
|
|
/**
|
2014-01-03 15:16:59 +01:00
|
|
|
PKCS #1 pad then sign
|
2004-12-30 23:55:53 +00:00
|
|
|
@param in The hash to sign
|
|
|
|
|
@param inlen The length of the hash to sign (octets)
|
|
|
|
|
@param out [out] The signature
|
2006-11-17 14:21:24 +00:00
|
|
|
@param outlen [in/out] The max size and resulting size of the signature
|
2009-10-01 14:00:58 +02:00
|
|
|
@param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
|
2004-12-30 23:55:53 +00:00
|
|
|
@param prng An active PRNG state
|
|
|
|
|
@param prng_idx The index of the PRNG desired
|
|
|
|
|
@param hash_idx The index of the hash desired
|
|
|
|
|
@param saltlen The length of the salt desired (octets)
|
|
|
|
|
@param key The private RSA key to use
|
|
|
|
|
@return CRYPT_OK if successful
|
|
|
|
|
*/
|
2006-11-17 14:21:24 +00:00
|
|
|
int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
|
|
|
|
|
unsigned char *out, unsigned long *outlen,
|
|
|
|
|
int padding,
|
|
|
|
|
prng_state *prng, int prng_idx,
|
|
|
|
|
int hash_idx, unsigned long saltlen,
|
|
|
|
|
rsa_key *key)
|
2004-12-30 23:55:53 +00:00
|
|
|
{
|
2006-11-17 14:21:24 +00:00
|
|
|
unsigned long modulus_bitlen, modulus_bytelen, x, y;
|
2004-12-30 23:55:53 +00:00
|
|
|
int err;
|
2006-11-17 14:21:24 +00:00
|
|
|
|
|
|
|
|
LTC_ARGCHK(in != NULL);
|
|
|
|
|
LTC_ARGCHK(out != NULL);
|
|
|
|
|
LTC_ARGCHK(outlen != NULL);
|
|
|
|
|
LTC_ARGCHK(key != NULL);
|
|
|
|
|
|
|
|
|
|
/* valid padding? */
|
2009-10-01 14:00:58 +02:00
|
|
|
if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) {
|
2006-11-17 14:21:24 +00:00
|
|
|
return CRYPT_PK_INVALID_PADDING;
|
|
|
|
|
}
|
|
|
|
|
|
2009-10-01 14:00:58 +02:00
|
|
|
if (padding == LTC_PKCS_1_PSS) {
|
2006-11-17 14:21:24 +00:00
|
|
|
/* valid prng and hash ? */
|
|
|
|
|
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* get modulus len in bits */
|
|
|
|
|
modulus_bitlen = mp_count_bits((key->N));
|
2004-12-30 23:55:53 +00:00
|
|
|
|
|
|
|
|
/* outlen must be at least the size of the modulus */
|
2006-11-17 14:21:24 +00:00
|
|
|
modulus_bytelen = mp_unsigned_bin_size((key->N));
|
2004-12-30 23:55:53 +00:00
|
|
|
if (modulus_bytelen > *outlen) {
|
2006-06-18 01:37:50 +00:00
|
|
|
*outlen = modulus_bytelen;
|
2004-12-30 23:55:53 +00:00
|
|
|
return CRYPT_BUFFER_OVERFLOW;
|
|
|
|
|
}
|
2006-11-17 14:21:24 +00:00
|
|
|
|
2009-10-01 14:00:58 +02:00
|
|
|
if (padding == LTC_PKCS_1_PSS) {
|
2006-11-17 14:21:24 +00:00
|
|
|
/* PSS pad the key */
|
|
|
|
|
x = *outlen;
|
|
|
|
|
if ((err = pkcs_1_pss_encode(in, inlen, saltlen, prng, prng_idx,
|
|
|
|
|
hash_idx, modulus_bitlen, out, &x)) != CRYPT_OK) {
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2014-01-03 15:16:59 +01:00
|
|
|
/* PKCS #1 v1.5 pad the hash */
|
2006-11-17 14:21:24 +00:00
|
|
|
unsigned char *tmpin;
|
|
|
|
|
ltc_asn1_list digestinfo[2], siginfo[2];
|
|
|
|
|
|
|
|
|
|
/* not all hashes have OIDs... so sad */
|
|
|
|
|
if (hash_descriptor[hash_idx].OIDlen == 0) {
|
|
|
|
|
return CRYPT_INVALID_ARG;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* construct the SEQUENCE
|
|
|
|
|
SEQUENCE {
|
|
|
|
|
SEQUENCE {hashoid OID
|
|
|
|
|
blah NULL
|
|
|
|
|
}
|
|
|
|
|
hash OCTET STRING
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
|
|
|
|
|
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
|
|
|
|
|
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
|
|
|
|
|
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
|
|
|
|
|
|
|
|
|
|
/* allocate memory for the encoding */
|
|
|
|
|
y = mp_unsigned_bin_size(key->N);
|
|
|
|
|
tmpin = XMALLOC(y);
|
|
|
|
|
if (tmpin == NULL) {
|
|
|
|
|
return CRYPT_MEM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
|
|
|
|
|
XFREE(tmpin);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
x = *outlen;
|
2009-10-01 14:00:58 +02:00
|
|
|
if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA,
|
2006-11-17 14:21:24 +00:00
|
|
|
modulus_bitlen, NULL, 0,
|
|
|
|
|
out, &x)) != CRYPT_OK) {
|
|
|
|
|
XFREE(tmpin);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
XFREE(tmpin);
|
2004-12-30 23:55:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RSA encode it */
|
2005-11-24 11:57:58 +00:00
|
|
|
return ltc_mp.rsa_me(out, x, out, outlen, PK_PRIVATE, key);
|
2004-12-30 23:55:53 +00:00
|
|
|
}
|
|
|
|
|
|
2007-07-20 17:48:02 +00:00
|
|
|
#endif /* LTC_MRSA */
|
2005-06-09 00:08:13 +00:00
|
|
|
|
|
|
|
|
/* $Source$ */
|
|
|
|
|
/* $Revision$ */
|
|
|
|
|
/* $Date$ */
|
