diff options
Diffstat (limited to 'libmincrypt/rsa_e_3.c')
| -rw-r--r-- | libmincrypt/rsa_e_3.c | 50 |
1 files changed, 46 insertions, 4 deletions
diff --git a/libmincrypt/rsa_e_3.c b/libmincrypt/rsa_e_3.c index c8c02c41e..012a35717 100644 --- a/libmincrypt/rsa_e_3.c +++ b/libmincrypt/rsa_e_3.c @@ -27,6 +27,7 @@ #include "mincrypt/rsa.h" #include "mincrypt/sha.h" +#include "mincrypt/sha256.h" /* a[] -= mod */ static void subM(const RSAPublicKey *key, uint32_t *a) { @@ -134,7 +135,7 @@ static void modpow3(const RSAPublicKey *key, ** other flavor which omits the optional parameter entirely). This code does not ** accept signatures without the optional parameter. */ -static const uint8_t padding[RSANUMBYTES - SHA_DIGEST_SIZE] = { +static const uint8_t sha_padding[RSANUMBYTES - SHA_DIGEST_SIZE] = { 0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, @@ -156,15 +157,56 @@ static const uint8_t padding[RSANUMBYTES - SHA_DIGEST_SIZE] = { 0x04,0x14 }; +static const uint8_t sha256_padding[RSANUMBYTES - SHA256_DIGEST_SIZE] = { + 0x00,0x01,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x00,0x30,0x31,0x30, + 0x0d,0x06,0x09,0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,0x05, + 0x00,0x04,0x20 +}; + + /* Verify a 2048 bit RSA e=3 PKCS1.5 signature against an expected SHA-1 hash. ** Returns 0 on failure, 1 on success. */ int RSA_e_3_verify(const RSAPublicKey *key, const uint8_t *signature, const int len, - const uint8_t *sha) { + const uint8_t *hash, + const int hash_len) { uint8_t buf[RSANUMBYTES]; int i; + int padding_size; + const uint8_t* padding; + + switch (hash_len) { + case SHA_DIGEST_SIZE: + padding = sha_padding; + padding_size = sizeof(sha_padding); + break; + case SHA256_DIGEST_SIZE: + padding = sha256_padding; + padding_size = sizeof(sha256_padding); + break; + default: + return 0; // unsupported hash + } if (key->len != RSANUMWORDS) { return 0; /* Wrong key passed in. */ @@ -185,7 +227,7 @@ int RSA_e_3_verify(const RSAPublicKey *key, modpow3(key, buf); /* Check pkcs1.5 padding bytes. */ - for (i = 0; i < (int) sizeof(padding); ++i) { + for (i = 0; i < padding_size; ++i) { if (buf[i] != padding[i]) { return 0; } @@ -193,7 +235,7 @@ int RSA_e_3_verify(const RSAPublicKey *key, /* Check sha digest matches. */ for (; i < len; ++i) { - if (buf[i] != *sha++) { + if (buf[i] != *hash++) { return 0; } } |