xref: /openbsd-src/lib/libcrypto/rsa/rsa_x931.c (revision 80e8a5b596041d842918cdaa1b0ede109c892f4f) 
1*80e8a5b5Stb /* $OpenBSD: rsa_x931.c,v 1.12 2023/05/05 12:19:37 tb Exp $ */
2*80e8a5b5Stb /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3*80e8a5b5Stb  * project 2005.
4*80e8a5b5Stb  */
5*80e8a5b5Stb /* ====================================================================
6*80e8a5b5Stb  * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
7*80e8a5b5Stb  *
8*80e8a5b5Stb  * Redistribution and use in source and binary forms, with or without
9*80e8a5b5Stb  * modification, are permitted provided that the following conditions
10*80e8a5b5Stb  * are met:
11*80e8a5b5Stb  *
12*80e8a5b5Stb  * 1. Redistributions of source code must retain the above copyright
13*80e8a5b5Stb  *    notice, this list of conditions and the following disclaimer.
14*80e8a5b5Stb  *
15*80e8a5b5Stb  * 2. Redistributions in binary form must reproduce the above copyright
16*80e8a5b5Stb  *    notice, this list of conditions and the following disclaimer in
17*80e8a5b5Stb  *    the documentation and/or other materials provided with the
18*80e8a5b5Stb  *    distribution.
19*80e8a5b5Stb  *
20*80e8a5b5Stb  * 3. All advertising materials mentioning features or use of this
21*80e8a5b5Stb  *    software must display the following acknowledgment:
22*80e8a5b5Stb  *    "This product includes software developed by the OpenSSL Project
23*80e8a5b5Stb  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24*80e8a5b5Stb  *
25*80e8a5b5Stb  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26*80e8a5b5Stb  *    endorse or promote products derived from this software without
27*80e8a5b5Stb  *    prior written permission. For written permission, please contact
28*80e8a5b5Stb  *    licensing@OpenSSL.org.
29*80e8a5b5Stb  *
30*80e8a5b5Stb  * 5. Products derived from this software may not be called "OpenSSL"
31*80e8a5b5Stb  *    nor may "OpenSSL" appear in their names without prior written
32*80e8a5b5Stb  *    permission of the OpenSSL Project.
33*80e8a5b5Stb  *
34*80e8a5b5Stb  * 6. Redistributions of any form whatsoever must retain the following
35*80e8a5b5Stb  *    acknowledgment:
36*80e8a5b5Stb  *    "This product includes software developed by the OpenSSL Project
37*80e8a5b5Stb  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38*80e8a5b5Stb  *
39*80e8a5b5Stb  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40*80e8a5b5Stb  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41*80e8a5b5Stb  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42*80e8a5b5Stb  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43*80e8a5b5Stb  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44*80e8a5b5Stb  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45*80e8a5b5Stb  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46*80e8a5b5Stb  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47*80e8a5b5Stb  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48*80e8a5b5Stb  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49*80e8a5b5Stb  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50*80e8a5b5Stb  * OF THE POSSIBILITY OF SUCH DAMAGE.
51*80e8a5b5Stb  * ====================================================================
52*80e8a5b5Stb  *
53*80e8a5b5Stb  * This product includes cryptographic software written by Eric Young
54*80e8a5b5Stb  * (eay@cryptsoft.com).  This product includes software written by Tim
55*80e8a5b5Stb  * Hudson (tjh@cryptsoft.com).
56*80e8a5b5Stb  *
57*80e8a5b5Stb  */
58*80e8a5b5Stb 
59*80e8a5b5Stb #include <stdio.h>
60*80e8a5b5Stb #include <string.h>
61*80e8a5b5Stb 
62*80e8a5b5Stb #include <openssl/bn.h>
63*80e8a5b5Stb #include <openssl/err.h>
64*80e8a5b5Stb #include <openssl/objects.h>
65*80e8a5b5Stb #include <openssl/rsa.h>
66*80e8a5b5Stb 
67*80e8a5b5Stb int
RSA_padding_add_X931(unsigned char * to,int tlen,const unsigned char * from,int flen)68*80e8a5b5Stb RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
69*80e8a5b5Stb     int flen)
70*80e8a5b5Stb {
71*80e8a5b5Stb 	int j;
72*80e8a5b5Stb 	unsigned char *p;
73*80e8a5b5Stb 
74*80e8a5b5Stb 	/*
75*80e8a5b5Stb 	 * Absolute minimum amount of padding is 1 header nibble, 1 padding
76*80e8a5b5Stb 	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
77*80e8a5b5Stb 	 */
78*80e8a5b5Stb 	j = tlen - flen - 2;
79*80e8a5b5Stb 
80*80e8a5b5Stb 	if (j < 0) {
81*80e8a5b5Stb 		RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
82*80e8a5b5Stb 		return -1;
83*80e8a5b5Stb 	}
84*80e8a5b5Stb 
85*80e8a5b5Stb 	p = (unsigned char *)to;
86*80e8a5b5Stb 
87*80e8a5b5Stb 	/* If no padding start and end nibbles are in one byte */
88*80e8a5b5Stb 	if (j == 0)
89*80e8a5b5Stb 		*p++ = 0x6A;
90*80e8a5b5Stb 	else {
91*80e8a5b5Stb 		*p++ = 0x6B;
92*80e8a5b5Stb 		if (j > 1) {
93*80e8a5b5Stb 			memset(p, 0xBB, j - 1);
94*80e8a5b5Stb 			p += j - 1;
95*80e8a5b5Stb 		}
96*80e8a5b5Stb 		*p++ = 0xBA;
97*80e8a5b5Stb 	}
98*80e8a5b5Stb 	memcpy(p, from, flen);
99*80e8a5b5Stb 	p += flen;
100*80e8a5b5Stb 	*p = 0xCC;
101*80e8a5b5Stb 	return 1;
102*80e8a5b5Stb }
103*80e8a5b5Stb 
104*80e8a5b5Stb int
RSA_padding_check_X931(unsigned char * to,int tlen,const unsigned char * from,int flen,int num)105*80e8a5b5Stb RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
106*80e8a5b5Stb     int flen, int num)
107*80e8a5b5Stb {
108*80e8a5b5Stb 	int i = 0, j;
109*80e8a5b5Stb 	const unsigned char *p = from;
110*80e8a5b5Stb 
111*80e8a5b5Stb 	if (num != flen || (*p != 0x6A && *p != 0x6B)) {
112*80e8a5b5Stb 		RSAerror(RSA_R_INVALID_HEADER);
113*80e8a5b5Stb 		return -1;
114*80e8a5b5Stb 	}
115*80e8a5b5Stb 
116*80e8a5b5Stb 	if (*p++ == 0x6B) {
117*80e8a5b5Stb 		j = flen - 3;
118*80e8a5b5Stb 		for (i = 0; i < j; i++) {
119*80e8a5b5Stb 			unsigned char c = *p++;
120*80e8a5b5Stb 			if (c == 0xBA)
121*80e8a5b5Stb 				break;
122*80e8a5b5Stb 			if (c != 0xBB) {
123*80e8a5b5Stb 				RSAerror(RSA_R_INVALID_PADDING);
124*80e8a5b5Stb 				return -1;
125*80e8a5b5Stb 			}
126*80e8a5b5Stb 		}
127*80e8a5b5Stb 
128*80e8a5b5Stb 		if (i == 0) {
129*80e8a5b5Stb 			RSAerror(RSA_R_INVALID_PADDING);
130*80e8a5b5Stb 			return -1;
131*80e8a5b5Stb 		}
132*80e8a5b5Stb 
133*80e8a5b5Stb 		j -= i;
134*80e8a5b5Stb 	} else
135*80e8a5b5Stb 		j = flen - 2;
136*80e8a5b5Stb 
137*80e8a5b5Stb 	if (j < 0 || p[j] != 0xCC) {
138*80e8a5b5Stb 		RSAerror(RSA_R_INVALID_TRAILER);
139*80e8a5b5Stb 		return -1;
140*80e8a5b5Stb 	}
141*80e8a5b5Stb 
142*80e8a5b5Stb 	memcpy(to, p, j);
143*80e8a5b5Stb 
144*80e8a5b5Stb 	return j;
145*80e8a5b5Stb }
146*80e8a5b5Stb 
147*80e8a5b5Stb /* Translate between X931 hash ids and NIDs */
148*80e8a5b5Stb 
149*80e8a5b5Stb int
RSA_X931_hash_id(int nid)150*80e8a5b5Stb RSA_X931_hash_id(int nid)
151*80e8a5b5Stb {
152*80e8a5b5Stb 	switch (nid) {
153*80e8a5b5Stb 	case NID_sha1:
154*80e8a5b5Stb 		return 0x33;
155*80e8a5b5Stb 	case NID_sha256:
156*80e8a5b5Stb 		return 0x34;
157*80e8a5b5Stb 	case NID_sha384:
158*80e8a5b5Stb 		return 0x36;
159*80e8a5b5Stb 	case NID_sha512:
160*80e8a5b5Stb 		return 0x35;
161*80e8a5b5Stb 	}
162*80e8a5b5Stb 
163*80e8a5b5Stb 	return -1;
164*80e8a5b5Stb }
165