1*2139Sjp161948 /* rsa_x931.c */
2*2139Sjp161948 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3*2139Sjp161948 * project 2005.
4*2139Sjp161948 */
5*2139Sjp161948 /* ====================================================================
6*2139Sjp161948 * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
7*2139Sjp161948 *
8*2139Sjp161948 * Redistribution and use in source and binary forms, with or without
9*2139Sjp161948 * modification, are permitted provided that the following conditions
10*2139Sjp161948 * are met:
11*2139Sjp161948 *
12*2139Sjp161948 * 1. Redistributions of source code must retain the above copyright
13*2139Sjp161948 * notice, this list of conditions and the following disclaimer.
14*2139Sjp161948 *
15*2139Sjp161948 * 2. Redistributions in binary form must reproduce the above copyright
16*2139Sjp161948 * notice, this list of conditions and the following disclaimer in
17*2139Sjp161948 * the documentation and/or other materials provided with the
18*2139Sjp161948 * distribution.
19*2139Sjp161948 *
20*2139Sjp161948 * 3. All advertising materials mentioning features or use of this
21*2139Sjp161948 * software must display the following acknowledgment:
22*2139Sjp161948 * "This product includes software developed by the OpenSSL Project
23*2139Sjp161948 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24*2139Sjp161948 *
25*2139Sjp161948 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26*2139Sjp161948 * endorse or promote products derived from this software without
27*2139Sjp161948 * prior written permission. For written permission, please contact
28*2139Sjp161948 * licensing@OpenSSL.org.
29*2139Sjp161948 *
30*2139Sjp161948 * 5. Products derived from this software may not be called "OpenSSL"
31*2139Sjp161948 * nor may "OpenSSL" appear in their names without prior written
32*2139Sjp161948 * permission of the OpenSSL Project.
33*2139Sjp161948 *
34*2139Sjp161948 * 6. Redistributions of any form whatsoever must retain the following
35*2139Sjp161948 * acknowledgment:
36*2139Sjp161948 * "This product includes software developed by the OpenSSL Project
37*2139Sjp161948 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38*2139Sjp161948 *
39*2139Sjp161948 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40*2139Sjp161948 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41*2139Sjp161948 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42*2139Sjp161948 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43*2139Sjp161948 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44*2139Sjp161948 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45*2139Sjp161948 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46*2139Sjp161948 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47*2139Sjp161948 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48*2139Sjp161948 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49*2139Sjp161948 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50*2139Sjp161948 * OF THE POSSIBILITY OF SUCH DAMAGE.
51*2139Sjp161948 * ====================================================================
52*2139Sjp161948 *
53*2139Sjp161948 * This product includes cryptographic software written by Eric Young
54*2139Sjp161948 * (eay@cryptsoft.com). This product includes software written by Tim
55*2139Sjp161948 * Hudson (tjh@cryptsoft.com).
56*2139Sjp161948 *
57*2139Sjp161948 */
58*2139Sjp161948
59*2139Sjp161948 #include <stdio.h>
60*2139Sjp161948 #include "cryptlib.h"
61*2139Sjp161948 #include <openssl/bn.h>
62*2139Sjp161948 #include <openssl/rsa.h>
63*2139Sjp161948 #include <openssl/rand.h>
64*2139Sjp161948 #include <openssl/objects.h>
65*2139Sjp161948
RSA_padding_add_X931(unsigned char * to,int tlen,const unsigned char * from,int flen)66*2139Sjp161948 int RSA_padding_add_X931(unsigned char *to, int tlen,
67*2139Sjp161948 const unsigned char *from, int flen)
68*2139Sjp161948 {
69*2139Sjp161948 int j;
70*2139Sjp161948 unsigned char *p;
71*2139Sjp161948
72*2139Sjp161948 /* Absolute minimum amount of padding is 1 header nibble, 1 padding
73*2139Sjp161948 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
74*2139Sjp161948 */
75*2139Sjp161948
76*2139Sjp161948 j = tlen - flen - 2;
77*2139Sjp161948
78*2139Sjp161948 if (j < 0)
79*2139Sjp161948 {
80*2139Sjp161948 RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
81*2139Sjp161948 return -1;
82*2139Sjp161948 }
83*2139Sjp161948
84*2139Sjp161948 p=(unsigned char *)to;
85*2139Sjp161948
86*2139Sjp161948 /* If no padding start and end nibbles are in one byte */
87*2139Sjp161948 if (j == 0)
88*2139Sjp161948 *p++ = 0x6A;
89*2139Sjp161948 else
90*2139Sjp161948 {
91*2139Sjp161948 *p++ = 0x6B;
92*2139Sjp161948 if (j > 1)
93*2139Sjp161948 {
94*2139Sjp161948 memset(p, 0xBB, j - 1);
95*2139Sjp161948 p += j - 1;
96*2139Sjp161948 }
97*2139Sjp161948 *p++ = 0xBA;
98*2139Sjp161948 }
99*2139Sjp161948 memcpy(p,from,(unsigned int)flen);
100*2139Sjp161948 p += flen;
101*2139Sjp161948 *p = 0xCC;
102*2139Sjp161948 return(1);
103*2139Sjp161948 }
104*2139Sjp161948
RSA_padding_check_X931(unsigned char * to,int tlen,const unsigned char * from,int flen,int num)105*2139Sjp161948 int RSA_padding_check_X931(unsigned char *to, int tlen,
106*2139Sjp161948 const unsigned char *from, int flen, int num)
107*2139Sjp161948 {
108*2139Sjp161948 int i = 0,j;
109*2139Sjp161948 const unsigned char *p;
110*2139Sjp161948
111*2139Sjp161948 p=from;
112*2139Sjp161948 if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
113*2139Sjp161948 {
114*2139Sjp161948 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
115*2139Sjp161948 return -1;
116*2139Sjp161948 }
117*2139Sjp161948
118*2139Sjp161948 if (*p++ == 0x6B)
119*2139Sjp161948 {
120*2139Sjp161948 j=flen-3;
121*2139Sjp161948 for (i = 0; i < j; i++)
122*2139Sjp161948 {
123*2139Sjp161948 unsigned char c = *p++;
124*2139Sjp161948 if (c == 0xBA)
125*2139Sjp161948 break;
126*2139Sjp161948 if (c != 0xBB)
127*2139Sjp161948 {
128*2139Sjp161948 RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
129*2139Sjp161948 RSA_R_INVALID_PADDING);
130*2139Sjp161948 return -1;
131*2139Sjp161948 }
132*2139Sjp161948 }
133*2139Sjp161948
134*2139Sjp161948 j -= i;
135*2139Sjp161948
136*2139Sjp161948 if (i == 0)
137*2139Sjp161948 {
138*2139Sjp161948 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
139*2139Sjp161948 return -1;
140*2139Sjp161948 }
141*2139Sjp161948
142*2139Sjp161948 }
143*2139Sjp161948 else j = flen - 2;
144*2139Sjp161948
145*2139Sjp161948 if (p[j] != 0xCC)
146*2139Sjp161948 {
147*2139Sjp161948 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
148*2139Sjp161948 return -1;
149*2139Sjp161948 }
150*2139Sjp161948
151*2139Sjp161948 memcpy(to,p,(unsigned int)j);
152*2139Sjp161948
153*2139Sjp161948 return(j);
154*2139Sjp161948 }
155*2139Sjp161948
156*2139Sjp161948 /* Translate between X931 hash ids and NIDs */
157*2139Sjp161948
RSA_X931_hash_id(int nid)158*2139Sjp161948 int RSA_X931_hash_id(int nid)
159*2139Sjp161948 {
160*2139Sjp161948 switch (nid)
161*2139Sjp161948 {
162*2139Sjp161948 case NID_sha1:
163*2139Sjp161948 return 0x33;
164*2139Sjp161948
165*2139Sjp161948 case NID_sha256:
166*2139Sjp161948 return 0x34;
167*2139Sjp161948
168*2139Sjp161948 case NID_sha384:
169*2139Sjp161948 return 0x36;
170*2139Sjp161948
171*2139Sjp161948 case NID_sha512:
172*2139Sjp161948 return 0x35;
173*2139Sjp161948
174*2139Sjp161948 }
175*2139Sjp161948 return -1;
176*2139Sjp161948 }
177*2139Sjp161948
178