1*0Sstevel@tonic-gate /* crypto/rsa/rsa_pk1.c */
2*0Sstevel@tonic-gate /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3*0Sstevel@tonic-gate * All rights reserved.
4*0Sstevel@tonic-gate *
5*0Sstevel@tonic-gate * This package is an SSL implementation written
6*0Sstevel@tonic-gate * by Eric Young (eay@cryptsoft.com).
7*0Sstevel@tonic-gate * The implementation was written so as to conform with Netscapes SSL.
8*0Sstevel@tonic-gate *
9*0Sstevel@tonic-gate * This library is free for commercial and non-commercial use as long as
10*0Sstevel@tonic-gate * the following conditions are aheared to. The following conditions
11*0Sstevel@tonic-gate * apply to all code found in this distribution, be it the RC4, RSA,
12*0Sstevel@tonic-gate * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13*0Sstevel@tonic-gate * included with this distribution is covered by the same copyright terms
14*0Sstevel@tonic-gate * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15*0Sstevel@tonic-gate *
16*0Sstevel@tonic-gate * Copyright remains Eric Young's, and as such any Copyright notices in
17*0Sstevel@tonic-gate * the code are not to be removed.
18*0Sstevel@tonic-gate * If this package is used in a product, Eric Young should be given attribution
19*0Sstevel@tonic-gate * as the author of the parts of the library used.
20*0Sstevel@tonic-gate * This can be in the form of a textual message at program startup or
21*0Sstevel@tonic-gate * in documentation (online or textual) provided with the package.
22*0Sstevel@tonic-gate *
23*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
24*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions
25*0Sstevel@tonic-gate * are met:
26*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the copyright
27*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
28*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
29*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in the
30*0Sstevel@tonic-gate * documentation and/or other materials provided with the distribution.
31*0Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this software
32*0Sstevel@tonic-gate * must display the following acknowledgement:
33*0Sstevel@tonic-gate * "This product includes cryptographic software written by
34*0Sstevel@tonic-gate * Eric Young (eay@cryptsoft.com)"
35*0Sstevel@tonic-gate * The word 'cryptographic' can be left out if the rouines from the library
36*0Sstevel@tonic-gate * being used are not cryptographic related :-).
37*0Sstevel@tonic-gate * 4. If you include any Windows specific code (or a derivative thereof) from
38*0Sstevel@tonic-gate * the apps directory (application code) you must include an acknowledgement:
39*0Sstevel@tonic-gate * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40*0Sstevel@tonic-gate *
41*0Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42*0Sstevel@tonic-gate * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43*0Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44*0Sstevel@tonic-gate * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45*0Sstevel@tonic-gate * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46*0Sstevel@tonic-gate * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47*0Sstevel@tonic-gate * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48*0Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49*0Sstevel@tonic-gate * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50*0Sstevel@tonic-gate * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51*0Sstevel@tonic-gate * SUCH DAMAGE.
52*0Sstevel@tonic-gate *
53*0Sstevel@tonic-gate * The licence and distribution terms for any publically available version or
54*0Sstevel@tonic-gate * derivative of this code cannot be changed. i.e. this code cannot simply be
55*0Sstevel@tonic-gate * copied and put under another distribution licence
56*0Sstevel@tonic-gate * [including the GNU Public Licence.]
57*0Sstevel@tonic-gate */
58*0Sstevel@tonic-gate
59*0Sstevel@tonic-gate #include <stdio.h>
60*0Sstevel@tonic-gate #include "cryptlib.h"
61*0Sstevel@tonic-gate #include <openssl/bn.h>
62*0Sstevel@tonic-gate #include <openssl/rsa.h>
63*0Sstevel@tonic-gate #include <openssl/rand.h>
64*0Sstevel@tonic-gate
RSA_padding_add_PKCS1_type_1(unsigned char * to,int tlen,const unsigned char * from,int flen)65*0Sstevel@tonic-gate int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
66*0Sstevel@tonic-gate const unsigned char *from, int flen)
67*0Sstevel@tonic-gate {
68*0Sstevel@tonic-gate int j;
69*0Sstevel@tonic-gate unsigned char *p;
70*0Sstevel@tonic-gate
71*0Sstevel@tonic-gate if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
72*0Sstevel@tonic-gate {
73*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
74*0Sstevel@tonic-gate return(0);
75*0Sstevel@tonic-gate }
76*0Sstevel@tonic-gate
77*0Sstevel@tonic-gate p=(unsigned char *)to;
78*0Sstevel@tonic-gate
79*0Sstevel@tonic-gate *(p++)=0;
80*0Sstevel@tonic-gate *(p++)=1; /* Private Key BT (Block Type) */
81*0Sstevel@tonic-gate
82*0Sstevel@tonic-gate /* pad out with 0xff data */
83*0Sstevel@tonic-gate j=tlen-3-flen;
84*0Sstevel@tonic-gate memset(p,0xff,j);
85*0Sstevel@tonic-gate p+=j;
86*0Sstevel@tonic-gate *(p++)='\0';
87*0Sstevel@tonic-gate memcpy(p,from,(unsigned int)flen);
88*0Sstevel@tonic-gate return(1);
89*0Sstevel@tonic-gate }
90*0Sstevel@tonic-gate
RSA_padding_check_PKCS1_type_1(unsigned char * to,int tlen,const unsigned char * from,int flen,int num)91*0Sstevel@tonic-gate int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
92*0Sstevel@tonic-gate const unsigned char *from, int flen, int num)
93*0Sstevel@tonic-gate {
94*0Sstevel@tonic-gate int i,j;
95*0Sstevel@tonic-gate const unsigned char *p;
96*0Sstevel@tonic-gate
97*0Sstevel@tonic-gate p=from;
98*0Sstevel@tonic-gate if ((num != (flen+1)) || (*(p++) != 01))
99*0Sstevel@tonic-gate {
100*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
101*0Sstevel@tonic-gate return(-1);
102*0Sstevel@tonic-gate }
103*0Sstevel@tonic-gate
104*0Sstevel@tonic-gate /* scan over padding data */
105*0Sstevel@tonic-gate j=flen-1; /* one for type. */
106*0Sstevel@tonic-gate for (i=0; i<j; i++)
107*0Sstevel@tonic-gate {
108*0Sstevel@tonic-gate if (*p != 0xff) /* should decrypt to 0xff */
109*0Sstevel@tonic-gate {
110*0Sstevel@tonic-gate if (*p == 0)
111*0Sstevel@tonic-gate { p++; break; }
112*0Sstevel@tonic-gate else {
113*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
114*0Sstevel@tonic-gate return(-1);
115*0Sstevel@tonic-gate }
116*0Sstevel@tonic-gate }
117*0Sstevel@tonic-gate p++;
118*0Sstevel@tonic-gate }
119*0Sstevel@tonic-gate
120*0Sstevel@tonic-gate if (i == j)
121*0Sstevel@tonic-gate {
122*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
123*0Sstevel@tonic-gate return(-1);
124*0Sstevel@tonic-gate }
125*0Sstevel@tonic-gate
126*0Sstevel@tonic-gate if (i < 8)
127*0Sstevel@tonic-gate {
128*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
129*0Sstevel@tonic-gate return(-1);
130*0Sstevel@tonic-gate }
131*0Sstevel@tonic-gate i++; /* Skip over the '\0' */
132*0Sstevel@tonic-gate j-=i;
133*0Sstevel@tonic-gate if (j > tlen)
134*0Sstevel@tonic-gate {
135*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
136*0Sstevel@tonic-gate return(-1);
137*0Sstevel@tonic-gate }
138*0Sstevel@tonic-gate memcpy(to,p,(unsigned int)j);
139*0Sstevel@tonic-gate
140*0Sstevel@tonic-gate return(j);
141*0Sstevel@tonic-gate }
142*0Sstevel@tonic-gate
RSA_padding_add_PKCS1_type_2(unsigned char * to,int tlen,const unsigned char * from,int flen)143*0Sstevel@tonic-gate int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
144*0Sstevel@tonic-gate const unsigned char *from, int flen)
145*0Sstevel@tonic-gate {
146*0Sstevel@tonic-gate int i,j;
147*0Sstevel@tonic-gate unsigned char *p;
148*0Sstevel@tonic-gate
149*0Sstevel@tonic-gate if (flen > (tlen-11))
150*0Sstevel@tonic-gate {
151*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
152*0Sstevel@tonic-gate return(0);
153*0Sstevel@tonic-gate }
154*0Sstevel@tonic-gate
155*0Sstevel@tonic-gate p=(unsigned char *)to;
156*0Sstevel@tonic-gate
157*0Sstevel@tonic-gate *(p++)=0;
158*0Sstevel@tonic-gate *(p++)=2; /* Public Key BT (Block Type) */
159*0Sstevel@tonic-gate
160*0Sstevel@tonic-gate /* pad out with non-zero random data */
161*0Sstevel@tonic-gate j=tlen-3-flen;
162*0Sstevel@tonic-gate
163*0Sstevel@tonic-gate if (RAND_bytes(p,j) <= 0)
164*0Sstevel@tonic-gate return(0);
165*0Sstevel@tonic-gate for (i=0; i<j; i++)
166*0Sstevel@tonic-gate {
167*0Sstevel@tonic-gate if (*p == '\0')
168*0Sstevel@tonic-gate do {
169*0Sstevel@tonic-gate if (RAND_bytes(p,1) <= 0)
170*0Sstevel@tonic-gate return(0);
171*0Sstevel@tonic-gate } while (*p == '\0');
172*0Sstevel@tonic-gate p++;
173*0Sstevel@tonic-gate }
174*0Sstevel@tonic-gate
175*0Sstevel@tonic-gate *(p++)='\0';
176*0Sstevel@tonic-gate
177*0Sstevel@tonic-gate memcpy(p,from,(unsigned int)flen);
178*0Sstevel@tonic-gate return(1);
179*0Sstevel@tonic-gate }
180*0Sstevel@tonic-gate
RSA_padding_check_PKCS1_type_2(unsigned char * to,int tlen,const unsigned char * from,int flen,int num)181*0Sstevel@tonic-gate int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
182*0Sstevel@tonic-gate const unsigned char *from, int flen, int num)
183*0Sstevel@tonic-gate {
184*0Sstevel@tonic-gate int i,j;
185*0Sstevel@tonic-gate const unsigned char *p;
186*0Sstevel@tonic-gate
187*0Sstevel@tonic-gate p=from;
188*0Sstevel@tonic-gate if ((num != (flen+1)) || (*(p++) != 02))
189*0Sstevel@tonic-gate {
190*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
191*0Sstevel@tonic-gate return(-1);
192*0Sstevel@tonic-gate }
193*0Sstevel@tonic-gate #ifdef PKCS1_CHECK
194*0Sstevel@tonic-gate return(num-11);
195*0Sstevel@tonic-gate #endif
196*0Sstevel@tonic-gate
197*0Sstevel@tonic-gate /* scan over padding data */
198*0Sstevel@tonic-gate j=flen-1; /* one for type. */
199*0Sstevel@tonic-gate for (i=0; i<j; i++)
200*0Sstevel@tonic-gate if (*(p++) == 0) break;
201*0Sstevel@tonic-gate
202*0Sstevel@tonic-gate if (i == j)
203*0Sstevel@tonic-gate {
204*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
205*0Sstevel@tonic-gate return(-1);
206*0Sstevel@tonic-gate }
207*0Sstevel@tonic-gate
208*0Sstevel@tonic-gate if (i < 8)
209*0Sstevel@tonic-gate {
210*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
211*0Sstevel@tonic-gate return(-1);
212*0Sstevel@tonic-gate }
213*0Sstevel@tonic-gate i++; /* Skip over the '\0' */
214*0Sstevel@tonic-gate j-=i;
215*0Sstevel@tonic-gate if (j > tlen)
216*0Sstevel@tonic-gate {
217*0Sstevel@tonic-gate RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
218*0Sstevel@tonic-gate return(-1);
219*0Sstevel@tonic-gate }
220*0Sstevel@tonic-gate memcpy(to,p,(unsigned int)j);
221*0Sstevel@tonic-gate
222*0Sstevel@tonic-gate return(j);
223*0Sstevel@tonic-gate }
224*0Sstevel@tonic-gate
225