585 lines
14 KiB
C
585 lines
14 KiB
C
|
#ifdef PK_PACKET
|
||
|
|
||
|
int rsa_encrypt(const unsigned char *in, unsigned long len,
|
||
|
unsigned char *out, unsigned long *outlen,
|
||
|
prng_state *prng, int wprng, int cipher,
|
||
|
rsa_key *key)
|
||
|
{
|
||
|
unsigned char sym_IV[MAXBLOCKSIZE], sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096];
|
||
|
symmetric_CTR ctr;
|
||
|
unsigned long x, y, blklen, rsa_size;
|
||
|
int keylen, errno;;
|
||
|
|
||
|
_ARGCHK(in != NULL);
|
||
|
_ARGCHK(out != NULL);
|
||
|
_ARGCHK(outlen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* are the parameters valid? */
|
||
|
if ((errno = prng_is_valid(wprng)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
if ((errno = cipher_is_valid(cipher)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* setup the CTR key */
|
||
|
keylen = 32; /* default to 256-bit keys */
|
||
|
if ((errno = cipher_descriptor[cipher].keysize(&keylen)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
blklen = cipher_descriptor[cipher].block_length;
|
||
|
if (prng_descriptor[wprng].read(sym_key, keylen, prng) != (unsigned long)keylen) {
|
||
|
return CRYPT_ERROR_READPRNG;
|
||
|
}
|
||
|
|
||
|
if (prng_descriptor[wprng].read(sym_IV, blklen, prng) != blklen) {
|
||
|
return CRYPT_ERROR_READPRNG;
|
||
|
}
|
||
|
|
||
|
/* setup CTR mode */
|
||
|
if ((errno = ctr_start(cipher, sym_IV, sym_key, keylen, 0, &ctr)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* rsa_pad the symmetric key */
|
||
|
y = sizeof(rsa_in);
|
||
|
if ((errno = rsa_pad(sym_key, keylen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* rsa encrypt it */
|
||
|
rsa_size = sizeof(rsa_out);
|
||
|
if ((errno = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check size */
|
||
|
if (*outlen < (PACKET_SIZE+9+rsa_size+blklen+len)) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
/* now lets make the header */
|
||
|
y = PACKET_SIZE;
|
||
|
out[y++] = cipher_descriptor[cipher].ID;
|
||
|
|
||
|
/* store the size of the RSA value */
|
||
|
STORE32L(rsa_size, (out+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* store the rsa value */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
out[y] = rsa_out[x];
|
||
|
}
|
||
|
|
||
|
/* store the IV used */
|
||
|
for (x = 0; x < blklen; x++, y++) {
|
||
|
out[y] = sym_IV[x];
|
||
|
}
|
||
|
|
||
|
/* store the length */
|
||
|
STORE32L(len, (out+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* encrypt the message */
|
||
|
if ((errno = ctr_encrypt(in, out+y, len, &ctr)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
y += len;
|
||
|
|
||
|
/* store the header */
|
||
|
packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_ENCRYPTED, y);
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(sym_key, sizeof(sym_key));
|
||
|
zeromem(sym_IV, sizeof(sym_IV));
|
||
|
zeromem(&ctr, sizeof(ctr));
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
|
||
|
*outlen = y;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
int rsa_decrypt(const unsigned char *in, unsigned long len,
|
||
|
unsigned char *out, unsigned long *outlen,
|
||
|
rsa_key *key)
|
||
|
{
|
||
|
unsigned char sym_IV[MAXBLOCKSIZE], sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096];
|
||
|
symmetric_CTR ctr;
|
||
|
unsigned long x, y, z, keylen, blklen, rsa_size;
|
||
|
int cipher, errno;
|
||
|
|
||
|
_ARGCHK(in != NULL);
|
||
|
_ARGCHK(out != NULL);
|
||
|
_ARGCHK(outlen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* right key type? */
|
||
|
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
|
||
|
return CRYPT_PK_NOT_PRIVATE;
|
||
|
}
|
||
|
|
||
|
/* check the header */
|
||
|
if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENCRYPTED)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* grab cipher name */
|
||
|
y = PACKET_SIZE;
|
||
|
cipher = find_cipher_id(in[y++]);
|
||
|
if (cipher == -1) {
|
||
|
return CRYPT_INVALID_CIPHER;
|
||
|
}
|
||
|
keylen = MIN(cipher_descriptor[cipher].max_key_length, 32);
|
||
|
blklen = cipher_descriptor[cipher].block_length;
|
||
|
|
||
|
/* grab length of the rsa key */
|
||
|
LOAD32L(rsa_size, (in+y))
|
||
|
y += 4;
|
||
|
|
||
|
/* read it in */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
rsa_in[x] = in[y];
|
||
|
}
|
||
|
|
||
|
/* decrypt it */
|
||
|
x = sizeof(rsa_out);
|
||
|
if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* depad it */
|
||
|
z = sizeof(sym_key);
|
||
|
if ((errno = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* read the IV in */
|
||
|
for (x = 0; x < blklen; x++, y++) {
|
||
|
sym_IV[x] = in[y];
|
||
|
}
|
||
|
|
||
|
/* setup CTR mode */
|
||
|
if ((errno = ctr_start(cipher, sym_IV, sym_key, keylen, 0, &ctr)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* get len */
|
||
|
LOAD32L(len, (in+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* check size */
|
||
|
if (*outlen < len) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
/* decrypt the message */
|
||
|
if ((errno = ctr_decrypt(in+y, out, len, &ctr)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(sym_key, sizeof(sym_key));
|
||
|
zeromem(sym_IV, sizeof(sym_IV));
|
||
|
zeromem(&ctr, sizeof(ctr));
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
*outlen = len;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
/* Signature Message Format
|
||
|
offset | length | Contents
|
||
|
----------------------------------------------------------------------
|
||
|
0 | 1 | hash ID
|
||
|
1 | 4 | length of rsa_pad'ed signature
|
||
|
5 | p | the rsa_pad'ed signature
|
||
|
*/
|
||
|
|
||
|
int rsa_sign(const unsigned char *in, unsigned long inlen,
|
||
|
unsigned char *out, unsigned long *outlen,
|
||
|
int hash, rsa_key *key)
|
||
|
{
|
||
|
unsigned long hashlen, rsa_size, x, y, z;
|
||
|
unsigned char rsa_in[4096], rsa_out[4096];
|
||
|
int errno;
|
||
|
|
||
|
_ARGCHK(in != NULL);
|
||
|
_ARGCHK(out != NULL);
|
||
|
_ARGCHK(outlen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* type of key? */
|
||
|
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
|
||
|
return CRYPT_PK_NOT_PRIVATE;
|
||
|
}
|
||
|
|
||
|
/* are the parameters valid? */
|
||
|
if ((errno = hash_is_valid(hash)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* hash it */
|
||
|
hashlen = hash_descriptor[hash].hashsize;
|
||
|
z = sizeof(rsa_in);
|
||
|
if ((errno = hash_memory(hash, in, inlen, rsa_in, &z)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* pad it */
|
||
|
x = sizeof(rsa_in);
|
||
|
if ((errno = rsa_signpad(rsa_in, hashlen, rsa_out, &x)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* sign it */
|
||
|
rsa_size = sizeof(rsa_in);
|
||
|
if ((errno = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check size */
|
||
|
if (*outlen < (PACKET_SIZE+4+rsa_size)) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
/* now lets output the message */
|
||
|
y = PACKET_SIZE;
|
||
|
out[y++] = hash_descriptor[hash].ID;
|
||
|
|
||
|
/* output the len */
|
||
|
STORE32L(rsa_size, (out+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* store the signature */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
out[y] = rsa_in[x];
|
||
|
}
|
||
|
|
||
|
/* store header */
|
||
|
packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED, y);
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
*outlen = y;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
int rsa_verify(const unsigned char *sig, const unsigned char *msg,
|
||
|
unsigned long inlen, int *stat,
|
||
|
rsa_key *key)
|
||
|
{
|
||
|
unsigned long hashlen, rsa_size, x, y, z, w;
|
||
|
int hash, errno;
|
||
|
unsigned char rsa_in[4096], rsa_out[4096];
|
||
|
|
||
|
_ARGCHK(sig != NULL);
|
||
|
_ARGCHK(msg != NULL);
|
||
|
_ARGCHK(stat != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* always be incorrect by default */
|
||
|
*stat = 0;
|
||
|
|
||
|
/* verify header */
|
||
|
if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* grab hash name */
|
||
|
y = PACKET_SIZE;
|
||
|
hash = find_hash_id(sig[y++]);
|
||
|
if (hash == -1) {
|
||
|
return CRYPT_INVALID_HASH;
|
||
|
}
|
||
|
hashlen = hash_descriptor[hash].hashsize;
|
||
|
|
||
|
/* get the len */
|
||
|
LOAD32L(rsa_size, (sig+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* load the signature */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
rsa_in[x] = sig[y];
|
||
|
}
|
||
|
|
||
|
/* exptmod it */
|
||
|
x = sizeof(rsa_in);
|
||
|
if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* depad it */
|
||
|
z = sizeof(rsa_in);
|
||
|
if ((errno = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check? */
|
||
|
w = sizeof(rsa_out);
|
||
|
if ((errno = hash_memory(hash, msg, inlen, rsa_out, &w)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
if ((z == hashlen) && (!memcmp(rsa_in, rsa_out, hashlen))) {
|
||
|
*stat = 1;
|
||
|
}
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
#endif
|
||
|
|
||
|
/* these are smaller routines written by Clay Culver. They do the same function as the rsa_encrypt/decrypt
|
||
|
* except that they are used to RSA encrypt/decrypt a single value and not a packet.
|
||
|
*/
|
||
|
int rsa_encrypt_key(const unsigned char *inkey, unsigned long inlen,
|
||
|
unsigned char *outkey, unsigned long *outlen,
|
||
|
prng_state *prng, int wprng, rsa_key *key)
|
||
|
{
|
||
|
unsigned char rsa_in[4096], rsa_out[4096];
|
||
|
unsigned long x, y, rsa_size;
|
||
|
int errno;
|
||
|
|
||
|
_ARGCHK(inkey != NULL);
|
||
|
_ARGCHK(outkey != NULL);
|
||
|
_ARGCHK(outlen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* are the parameters valid? */
|
||
|
if ((errno = prng_is_valid(wprng)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* rsa_pad the symmetric key */
|
||
|
y = sizeof(rsa_in);
|
||
|
if ((errno = rsa_pad(inkey, inlen, rsa_in, &y, wprng, prng)) != CRYPT_OK) {
|
||
|
return CRYPT_ERROR;
|
||
|
}
|
||
|
|
||
|
/* rsa encrypt it */
|
||
|
rsa_size = sizeof(rsa_out);
|
||
|
if ((errno = rsa_exptmod(rsa_in, y, rsa_out, &rsa_size, PK_PUBLIC, key)) != CRYPT_OK) {
|
||
|
return CRYPT_ERROR;
|
||
|
}
|
||
|
|
||
|
/* check size */
|
||
|
if (*outlen < (PACKET_SIZE+4+rsa_size)) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
/* now lets make the header */
|
||
|
y = PACKET_SIZE;
|
||
|
|
||
|
/* store the size of the RSA value */
|
||
|
STORE32L(rsa_size, (outkey+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* store the rsa value */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
outkey[y] = rsa_out[x];
|
||
|
}
|
||
|
|
||
|
/* store header */
|
||
|
packet_store_header(outkey, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY, y);
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
*outlen = y;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
int rsa_decrypt_key(const unsigned char *in, unsigned char *outkey,
|
||
|
unsigned long *keylen, rsa_key *key)
|
||
|
{
|
||
|
unsigned char sym_key[MAXBLOCKSIZE], rsa_in[4096], rsa_out[4096];
|
||
|
unsigned long x, y, z, i, rsa_size;
|
||
|
int errno;
|
||
|
|
||
|
_ARGCHK(in != NULL);
|
||
|
_ARGCHK(outkey != NULL);
|
||
|
_ARGCHK(keylen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* right key type? */
|
||
|
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
|
||
|
return CRYPT_PK_NOT_PRIVATE;
|
||
|
}
|
||
|
|
||
|
/* check the header */
|
||
|
if ((errno = packet_valid_header((unsigned char *)in, PACKET_SECT_RSA, PACKET_SUB_ENC_KEY)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* grab length of the rsa key */
|
||
|
y = PACKET_SIZE;
|
||
|
LOAD32L(rsa_size, (in+y))
|
||
|
y += 4;
|
||
|
|
||
|
/* read it in */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
rsa_in[x] = in[y];
|
||
|
}
|
||
|
|
||
|
/* decrypt it */
|
||
|
x = sizeof(rsa_out);
|
||
|
if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PRIVATE, key)) != CRYPT_OK)
|
||
|
return errno;
|
||
|
|
||
|
/* depad it */
|
||
|
z = sizeof(sym_key);
|
||
|
if ((errno = rsa_depad(rsa_out, x, sym_key, &z)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check size */
|
||
|
if (*keylen < z) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
for (i = 0; i < z; i++) {
|
||
|
outkey[i] = sym_key[i];
|
||
|
}
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(sym_key, sizeof(sym_key));
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
*keylen = z;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
int rsa_sign_hash(const unsigned char *in, unsigned long inlen,
|
||
|
unsigned char *out, unsigned long *outlen,
|
||
|
rsa_key *key)
|
||
|
{
|
||
|
unsigned long rsa_size, x, y;
|
||
|
unsigned char rsa_in[4096], rsa_out[4096];
|
||
|
int errno;
|
||
|
|
||
|
_ARGCHK(in != NULL);
|
||
|
_ARGCHK(out != NULL);
|
||
|
_ARGCHK(outlen != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* type of key? */
|
||
|
if (key->type != PK_PRIVATE && key->type != PK_PRIVATE_OPTIMIZED) {
|
||
|
return CRYPT_PK_NOT_PRIVATE;
|
||
|
}
|
||
|
|
||
|
/* pad it */
|
||
|
x = sizeof(rsa_out);
|
||
|
if ((errno = rsa_signpad(in, inlen, rsa_out, &x)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* sign it */
|
||
|
rsa_size = sizeof(rsa_in);
|
||
|
if ((errno = rsa_exptmod(rsa_out, x, rsa_in, &rsa_size, PK_PRIVATE, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check size */
|
||
|
if (*outlen < (PACKET_SIZE+4+rsa_size)) {
|
||
|
return CRYPT_BUFFER_OVERFLOW;
|
||
|
}
|
||
|
|
||
|
/* now lets output the message */
|
||
|
y = PACKET_SIZE;
|
||
|
|
||
|
/* output the len */
|
||
|
STORE32L(rsa_size, (out+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* store the signature */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
out[y] = rsa_in[x];
|
||
|
}
|
||
|
|
||
|
/* store header */
|
||
|
packet_store_header(out, PACKET_SECT_RSA, PACKET_SUB_SIGNED, y);
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
/* clean up */
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
*outlen = y;
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|
||
|
int rsa_verify_hash(const unsigned char *sig, const unsigned char *md,
|
||
|
int *stat, rsa_key *key)
|
||
|
{
|
||
|
unsigned long rsa_size, x, y, z;
|
||
|
unsigned char rsa_in[4096], rsa_out[4096];
|
||
|
int errno;
|
||
|
|
||
|
_ARGCHK(sig != NULL);
|
||
|
_ARGCHK(md != NULL);
|
||
|
_ARGCHK(stat != NULL);
|
||
|
_ARGCHK(key != NULL);
|
||
|
|
||
|
/* always be incorrect by default */
|
||
|
*stat = 0;
|
||
|
|
||
|
/* verify header */
|
||
|
if ((errno = packet_valid_header((unsigned char *)sig, PACKET_SECT_RSA, PACKET_SUB_SIGNED)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* get the len */
|
||
|
y = PACKET_SIZE;
|
||
|
LOAD32L(rsa_size, (sig+y));
|
||
|
y += 4;
|
||
|
|
||
|
/* load the signature */
|
||
|
for (x = 0; x < rsa_size; x++, y++) {
|
||
|
rsa_in[x] = sig[y];
|
||
|
}
|
||
|
|
||
|
/* exptmod it */
|
||
|
x = sizeof(rsa_in);
|
||
|
if ((errno = rsa_exptmod(rsa_in, rsa_size, rsa_out, &x, PK_PUBLIC, key)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* depad it */
|
||
|
z = sizeof(rsa_in);
|
||
|
if ((errno = rsa_signdepad(rsa_out, x, rsa_in, &z)) != CRYPT_OK) {
|
||
|
return errno;
|
||
|
}
|
||
|
|
||
|
/* check? */
|
||
|
if (!memcmp(rsa_in, md, z)) {
|
||
|
*stat = 1;
|
||
|
}
|
||
|
|
||
|
#ifdef CLEAN_STACK
|
||
|
zeromem(rsa_in, sizeof(rsa_in));
|
||
|
zeromem(rsa_out, sizeof(rsa_out));
|
||
|
#endif
|
||
|
return CRYPT_OK;
|
||
|
}
|
||
|
|