Merge pull request #207 from libtom/feature/pkcs1ssl
PKCS #1 v1.5 padding - No ASN.1
This commit is contained in:
commit
d936273711
@ -13,7 +13,8 @@ enum ltc_pkcs_1_paddings
|
|||||||
{
|
{
|
||||||
LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */
|
LTC_PKCS_1_V1_5 = 1, /* PKCS #1 v1.5 padding (\sa ltc_pkcs_1_v1_5_blocks) */
|
||||||
LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */
|
LTC_PKCS_1_OAEP = 2, /* PKCS #1 v2.0 encryption padding */
|
||||||
LTC_PKCS_1_PSS = 3 /* PKCS #1 v2.1 signature padding */
|
LTC_PKCS_1_PSS = 3, /* PKCS #1 v2.1 signature padding */
|
||||||
|
LTC_PKCS_1_V1_5_NA1 = 4 /* PKCS #1 v1.5 padding - No ASN.1 (\sa ltc_pkcs_1_v1_5_blocks) */
|
||||||
};
|
};
|
||||||
|
|
||||||
int pkcs_1_mgf1( int hash_idx,
|
int pkcs_1_mgf1( int hash_idx,
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
@param inlen The length of the hash to sign (octets)
|
@param inlen The length of the hash to sign (octets)
|
||||||
@param out [out] The signature
|
@param out [out] The signature
|
||||||
@param outlen [in/out] The max size and resulting size of the signature
|
@param outlen [in/out] The max size and resulting size of the signature
|
||||||
@param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
|
@param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1)
|
||||||
@param prng An active PRNG state
|
@param prng An active PRNG state
|
||||||
@param prng_idx The index of the PRNG desired
|
@param prng_idx The index of the PRNG desired
|
||||||
@param hash_idx The index of the hash desired
|
@param hash_idx The index of the hash desired
|
||||||
@ -47,15 +47,21 @@ int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
|
|||||||
LTC_ARGCHK(key != NULL);
|
LTC_ARGCHK(key != NULL);
|
||||||
|
|
||||||
/* valid padding? */
|
/* valid padding? */
|
||||||
if ((padding != LTC_PKCS_1_V1_5) && (padding != LTC_PKCS_1_PSS)) {
|
if ((padding != LTC_PKCS_1_V1_5) &&
|
||||||
|
(padding != LTC_PKCS_1_PSS) &&
|
||||||
|
(padding != LTC_PKCS_1_V1_5_NA1)) {
|
||||||
return CRYPT_PK_INVALID_PADDING;
|
return CRYPT_PK_INVALID_PADDING;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (padding == LTC_PKCS_1_PSS) {
|
if (padding == LTC_PKCS_1_PSS) {
|
||||||
/* valid prng and hash ? */
|
/* valid prng ? */
|
||||||
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
|
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (padding != LTC_PKCS_1_V1_5_NA1) {
|
||||||
|
/* valid hash ? */
|
||||||
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
@ -81,46 +87,54 @@ int rsa_sign_hash_ex(const unsigned char *in, unsigned long inlen,
|
|||||||
} else {
|
} else {
|
||||||
/* PKCS #1 v1.5 pad the hash */
|
/* PKCS #1 v1.5 pad the hash */
|
||||||
unsigned char *tmpin;
|
unsigned char *tmpin;
|
||||||
ltc_asn1_list digestinfo[2], siginfo[2];
|
|
||||||
|
|
||||||
/* not all hashes have OIDs... so sad */
|
if (padding == LTC_PKCS_1_V1_5) {
|
||||||
if (hash_descriptor[hash_idx].OIDlen == 0) {
|
ltc_asn1_list digestinfo[2], siginfo[2];
|
||||||
return CRYPT_INVALID_ARG;
|
/* not all hashes have OIDs... so sad */
|
||||||
}
|
if (hash_descriptor[hash_idx].OIDlen == 0) {
|
||||||
|
return CRYPT_INVALID_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
/* construct the SEQUENCE
|
/* construct the SEQUENCE
|
||||||
SEQUENCE {
|
SEQUENCE {
|
||||||
SEQUENCE {hashoid OID
|
SEQUENCE {hashoid OID
|
||||||
blah NULL
|
blah NULL
|
||||||
}
|
}
|
||||||
hash OCTET STRING
|
hash OCTET STRING
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
|
||||||
|
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
|
||||||
|
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
|
||||||
|
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
|
||||||
|
|
||||||
|
/* allocate memory for the encoding */
|
||||||
|
y = mp_unsigned_bin_size(key->N);
|
||||||
|
tmpin = XMALLOC(y);
|
||||||
|
if (tmpin == NULL) {
|
||||||
|
return CRYPT_MEM;
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, hash_descriptor[hash_idx].OID, hash_descriptor[hash_idx].OIDlen);
|
|
||||||
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
|
|
||||||
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
|
|
||||||
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, in, inlen);
|
|
||||||
|
|
||||||
/* allocate memory for the encoding */
|
if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
|
||||||
y = mp_unsigned_bin_size(key->N);
|
XFREE(tmpin);
|
||||||
tmpin = XMALLOC(y);
|
return err;
|
||||||
if (tmpin == NULL) {
|
}
|
||||||
return CRYPT_MEM;
|
} else {
|
||||||
}
|
/* set the pointer and data-length to the input values */
|
||||||
|
tmpin = (unsigned char *)in;
|
||||||
if ((err = der_encode_sequence(siginfo, 2, tmpin, &y)) != CRYPT_OK) {
|
y = inlen;
|
||||||
XFREE(tmpin);
|
|
||||||
return err;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
x = *outlen;
|
x = *outlen;
|
||||||
if ((err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA,
|
err = pkcs_1_v1_5_encode(tmpin, y, LTC_PKCS_1_EMSA, modulus_bitlen, NULL, 0, out, &x);
|
||||||
modulus_bitlen, NULL, 0,
|
|
||||||
out, &x)) != CRYPT_OK) {
|
if (padding == LTC_PKCS_1_V1_5) {
|
||||||
XFREE(tmpin);
|
XFREE(tmpin);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (err != CRYPT_OK) {
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
XFREE(tmpin);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* RSA encode it */
|
/* RSA encode it */
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
@param siglen The length of the signature data (octets)
|
@param siglen The length of the signature data (octets)
|
||||||
@param hash The hash of the message that was signed
|
@param hash The hash of the message that was signed
|
||||||
@param hashlen The length of the hash of the message that was signed (octets)
|
@param hashlen The length of the hash of the message that was signed (octets)
|
||||||
@param padding Type of padding (LTC_PKCS_1_PSS or LTC_PKCS_1_V1_5)
|
@param padding Type of padding (LTC_PKCS_1_PSS, LTC_PKCS_1_V1_5 or LTC_PKCS_1_V1_5_NA1)
|
||||||
@param hash_idx The index of the desired hash
|
@param hash_idx The index of the desired hash
|
||||||
@param saltlen The length of the salt used during signature
|
@param saltlen The length of the salt used during signature
|
||||||
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
|
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
|
||||||
@ -51,11 +51,12 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
|
|||||||
/* valid padding? */
|
/* valid padding? */
|
||||||
|
|
||||||
if ((padding != LTC_PKCS_1_V1_5) &&
|
if ((padding != LTC_PKCS_1_V1_5) &&
|
||||||
(padding != LTC_PKCS_1_PSS)) {
|
(padding != LTC_PKCS_1_PSS) &&
|
||||||
|
(padding != LTC_PKCS_1_V1_5_NA1)) {
|
||||||
return CRYPT_PK_INVALID_PADDING;
|
return CRYPT_PK_INVALID_PADDING;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (padding == LTC_PKCS_1_PSS) {
|
if (padding != LTC_PKCS_1_V1_5_NA1) {
|
||||||
/* valid hash ? */
|
/* valid hash ? */
|
||||||
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
||||||
return err;
|
return err;
|
||||||
@ -103,15 +104,8 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
|
|||||||
} else {
|
} else {
|
||||||
/* PKCS #1 v1.5 decode it */
|
/* PKCS #1 v1.5 decode it */
|
||||||
unsigned char *out;
|
unsigned char *out;
|
||||||
unsigned long outlen, loid[16], reallen;
|
unsigned long outlen;
|
||||||
int decoded;
|
int decoded;
|
||||||
ltc_asn1_list digestinfo[2], siginfo[2];
|
|
||||||
|
|
||||||
/* not all hashes have OIDs... so sad */
|
|
||||||
if (hash_descriptor[hash_idx].OIDlen == 0) {
|
|
||||||
err = CRYPT_INVALID_ARG;
|
|
||||||
goto bail_2;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* allocate temp buffer for decoded hash */
|
/* allocate temp buffer for decoded hash */
|
||||||
outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
|
outlen = ((modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0)) - 3;
|
||||||
@ -126,37 +120,54 @@ int rsa_verify_hash_ex(const unsigned char *sig, unsigned long siglen,
|
|||||||
goto bail_2;
|
goto bail_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
|
if (padding == LTC_PKCS_1_V1_5) {
|
||||||
/* construct the SEQUENCE
|
unsigned long loid[16], reallen;
|
||||||
SEQUENCE {
|
ltc_asn1_list digestinfo[2], siginfo[2];
|
||||||
SEQUENCE {hashoid OID
|
|
||||||
blah NULL
|
/* not all hashes have OIDs... so sad */
|
||||||
}
|
if (hash_descriptor[hash_idx].OIDlen == 0) {
|
||||||
hash OCTET STRING
|
err = CRYPT_INVALID_ARG;
|
||||||
|
goto bail_2;
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
|
|
||||||
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
|
|
||||||
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
|
|
||||||
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
|
|
||||||
|
|
||||||
if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) {
|
/* now we must decode out[0...outlen-1] using ASN.1, test the OID and then test the hash */
|
||||||
XFREE(out);
|
/* construct the SEQUENCE
|
||||||
goto bail_2;
|
SEQUENCE {
|
||||||
}
|
SEQUENCE {hashoid OID
|
||||||
|
blah NULL
|
||||||
|
}
|
||||||
|
hash OCTET STRING
|
||||||
|
}
|
||||||
|
*/
|
||||||
|
LTC_SET_ASN1(digestinfo, 0, LTC_ASN1_OBJECT_IDENTIFIER, loid, sizeof(loid)/sizeof(loid[0]));
|
||||||
|
LTC_SET_ASN1(digestinfo, 1, LTC_ASN1_NULL, NULL, 0);
|
||||||
|
LTC_SET_ASN1(siginfo, 0, LTC_ASN1_SEQUENCE, digestinfo, 2);
|
||||||
|
LTC_SET_ASN1(siginfo, 1, LTC_ASN1_OCTET_STRING, tmpbuf, siglen);
|
||||||
|
|
||||||
if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
|
if ((err = der_decode_sequence(out, outlen, siginfo, 2)) != CRYPT_OK) {
|
||||||
XFREE(out);
|
XFREE(out);
|
||||||
goto bail_2;
|
goto bail_2;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* test OID */
|
if ((err = der_length_sequence(siginfo, 2, &reallen)) != CRYPT_OK) {
|
||||||
if ((reallen == outlen) &&
|
XFREE(out);
|
||||||
(digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
|
goto bail_2;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* test OID */
|
||||||
|
if ((reallen == outlen) &&
|
||||||
|
(digestinfo[0].size == hash_descriptor[hash_idx].OIDlen) &&
|
||||||
(XMEM_NEQ(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
|
(XMEM_NEQ(digestinfo[0].data, hash_descriptor[hash_idx].OID, sizeof(unsigned long) * hash_descriptor[hash_idx].OIDlen) == 0) &&
|
||||||
(siginfo[1].size == hashlen) &&
|
(siginfo[1].size == hashlen) &&
|
||||||
(XMEM_NEQ(siginfo[1].data, hash, hashlen) == 0)) {
|
(XMEM_NEQ(siginfo[1].data, hash, hashlen) == 0)) {
|
||||||
*stat = 1;
|
*stat = 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* only check if the hash is equal */
|
||||||
|
if ((hashlen == outlen) &&
|
||||||
|
(XMEMCMP(out, hash, hashlen) == 0)) {
|
||||||
|
*stat = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef LTC_CLEAN_STACK
|
#ifdef LTC_CLEAN_STACK
|
||||||
|
@ -109,17 +109,48 @@ static const unsigned char openssl_public_rsa_stripped[] = {
|
|||||||
0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
|
0x60, 0x3f, 0x8b, 0x54, 0x3a, 0xc3, 0x4d, 0x31, 0xe7, 0x94, 0xa4, 0x44, 0xfd, 0x02, 0x03, 0x01,
|
||||||
0x00, 0x01, };
|
0x00, 0x01, };
|
||||||
|
|
||||||
|
|
||||||
|
/* generated with the private key above as:
|
||||||
|
echo -n 'test' | openssl rsautl -sign -inkey rsa_private.pem -pkcs -hexdump
|
||||||
|
*/
|
||||||
|
static const unsigned char openssl_rsautl_pkcs[] = {
|
||||||
|
0x24, 0xef, 0x54, 0xea, 0x1a, 0x12, 0x0c, 0xf4, 0x04, 0x0c, 0x48, 0xc8, 0xe8, 0x17, 0xd2, 0x6f,
|
||||||
|
0xc3, 0x41, 0xb3, 0x97, 0x5c, 0xbc, 0xa3, 0x2d, 0x21, 0x00, 0x10, 0x0e, 0xbb, 0xf7, 0x30, 0x21,
|
||||||
|
0x7e, 0x12, 0xd2, 0xdf, 0x26, 0x28, 0xd8, 0x0f, 0x6d, 0x4d, 0xc8, 0x4d, 0xa8, 0x78, 0xe7, 0x03,
|
||||||
|
0xee, 0xbc, 0x68, 0xba, 0x98, 0xea, 0xe9, 0xb6, 0x06, 0x8d, 0x85, 0x5b, 0xdb, 0xa6, 0x49, 0x86,
|
||||||
|
0x6f, 0xc7, 0x3d, 0xe0, 0x53, 0x83, 0xe0, 0xea, 0xb1, 0x08, 0x6a, 0x7b, 0xbd, 0xeb, 0xb5, 0x4a,
|
||||||
|
0xdd, 0xbc, 0x64, 0x97, 0x8c, 0x17, 0x20, 0xa3, 0x5c, 0xd4, 0xb8, 0x87, 0x43, 0xc5, 0x13, 0xad,
|
||||||
|
0x41, 0x6e, 0x45, 0x41, 0x32, 0xd4, 0x09, 0x12, 0x7f, 0xdc, 0x59, 0x1f, 0x28, 0x3f, 0x1e, 0xbc,
|
||||||
|
0xef, 0x57, 0x23, 0x4b, 0x3a, 0xa3, 0x24, 0x91, 0x4d, 0xfb, 0xb2, 0xd4, 0xe7, 0x5e, 0x41, 0x7e,
|
||||||
|
};
|
||||||
|
|
||||||
extern const unsigned char _der_tests_cacert_root_cert[];
|
extern const unsigned char _der_tests_cacert_root_cert[];
|
||||||
extern const unsigned long _der_tests_cacert_root_cert_size;
|
extern const unsigned long _der_tests_cacert_root_cert_size;
|
||||||
|
|
||||||
static int rsa_compat_test(void)
|
static int rsa_compat_test(void)
|
||||||
{
|
{
|
||||||
rsa_key key;
|
rsa_key key, pubkey;
|
||||||
|
int stat;
|
||||||
unsigned char buf[1024];
|
unsigned char buf[1024];
|
||||||
unsigned long len;
|
unsigned long len;
|
||||||
|
|
||||||
/* try reading the key */
|
/* try reading the key */
|
||||||
DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key));
|
DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key));
|
||||||
|
DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &pubkey));
|
||||||
|
|
||||||
|
/* sign-verify a message with PKCS #1 v1.5 no ASN.1 */
|
||||||
|
len = sizeof(buf);
|
||||||
|
DO(rsa_sign_hash_ex((unsigned char*)"test", 4, buf, &len, LTC_PKCS_1_V1_5_NA1, NULL, 0, 0, 0, &key));
|
||||||
|
if (len != sizeof(openssl_rsautl_pkcs) || memcmp(buf, openssl_rsautl_pkcs, len)) {
|
||||||
|
fprintf(stderr, "RSA rsa_sign_hash_ex + LTC_PKCS_1_V1_5_NA1 failed\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
stat = 0;
|
||||||
|
DO(rsa_verify_hash_ex(openssl_rsautl_pkcs, sizeof(openssl_rsautl_pkcs), (unsigned char*)"test", 4, LTC_PKCS_1_V1_5_NA1, 0, 0, &stat, &pubkey));
|
||||||
|
if (stat != 1) {
|
||||||
|
fprintf(stderr, "RSA rsa_verify_hash_ex + LTC_PKCS_1_V1_5_NA1 failed\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
/* now try to export private/public and compare */
|
/* now try to export private/public and compare */
|
||||||
len = sizeof(buf);
|
len = sizeof(buf);
|
||||||
|
Loading…
Reference in New Issue
Block a user