Hello,
I have gone over PDKIM and have updated/merged the files from PolarSSL
to 0.12.1. This release features this change which might have relevance for
pdkim.
* Fixed segfault on handling empty rsa_context in
rsa_check_pubkey() and rsa_check_privkey() (found by
code coverage tests).
The test in sample/ still succeeds and no compile time warnigs were
introduced.
On a sidenote the whole updating process is not lovely. Do you have a smart
script for that, or have you considered restructuring the code to make
importing a new upstream version easier?
thanks, cu andreas
From 4ad8deb16a87fbdba6bb4efcfe643c077ebd5b22 Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@???>
Date: Sat, 5 Dec 2009 18:55:36 +0100
Subject: [PATCH 1/2] Merge updated files from polarssl 0.12.1 (Part 1).
---
base64.c | 6 +-
base64.h | 9 ++-
bignum.c | 75 +++++++++++++++++++----
bignum.h | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++-----------
bn_mul.h | 202 +++++++++++++++++++++++++++++++++----------------------------
sha1.c | 10 ++-
sha1.h | 9 ++-
sha2.c | 6 +-
sha2.h | 5 +-
9 files changed, 367 insertions(+), 159 deletions(-)
diff --git a/base64.c b/base64.c
index eb7652e..948c691 100644
--- a/base64.c
+++ b/base64.c
@@ -1,9 +1,10 @@
/*
* RFC 1521 base64 encoding/decoding
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -176,3 +177,4 @@ int base64_decode( unsigned char *dst, int *dlen,
return( 0 );
}
+
diff --git a/base64.h b/base64.h
index c837cd2..df5624e 100644
--- a/base64.h
+++ b/base64.h
@@ -1,9 +1,10 @@
/**
* \file base64.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -22,8 +23,8 @@
#ifndef POLARSSL_BASE64_H
#define POLARSSL_BASE64_H
-#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010
-#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012
+#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL 0x0010
+#define POLARSSL_ERR_BASE64_INVALID_CHARACTER 0x0012
#ifdef __cplusplus
extern "C" {
diff --git a/bignum.c b/bignum.c
index d9ea937..0d252d3 100644
--- a/bignum.c
+++ b/bignum.c
@@ -1,9 +1,10 @@
/*
* Multi-precision integer library
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -27,6 +28,7 @@
*
http://math.libtomcrypt.com/files/tommath.pdf
*/
+
#include "bignum.h"
#include "bn_mul.h"
@@ -282,7 +284,15 @@ int mpi_read_string( mpi *X, int radix, char *s )
MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
MPI_CHK( mpi_mul_int( &T, X, radix ) );
- MPI_CHK( mpi_add_int( X, &T, d ) );
+
+ if( X->s == 1 )
+ {
+ MPI_CHK( mpi_add_int( X, &T, d ) );
+ }
+ else
+ {
+ MPI_CHK( mpi_sub_int( X, &T, d ) );
+ }
}
}
@@ -370,6 +380,10 @@ int mpi_write_string( mpi *X, int radix, char *s, int *slen )
else
{
MPI_CHK( mpi_copy( &T, X ) );
+
+ if( T.s == -1 )
+ T.s = 1;
+
MPI_CHK( mpi_write_hlp( &T, radix, &p ) );
}
@@ -671,6 +685,11 @@ int mpi_add_abs( mpi *X, mpi *A, mpi *B )
if( X != A )
MPI_CHK( mpi_copy( X, A ) );
+
+ /*
+ * X should always be positive as a result of unsigned additions.
+ */
+ X->s = 1;
for( j = B->n - 1; j >= 0; j-- )
if( B->p[j] != 0 )
@@ -745,6 +764,11 @@ int mpi_sub_abs( mpi *X, mpi *A, mpi *B )
if( X != A )
MPI_CHK( mpi_copy( X, A ) );
+ /*
+ * X should always be positive as a result of unsigned substractions.
+ */
+ X->s = 1;
+
ret = 0;
for( n = B->n - 1; n >= 0; n-- )
@@ -856,7 +880,7 @@ int mpi_sub_int( mpi *X, mpi *A, int b )
/*
* Helper for mpi multiplication
- */
+ */
static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b )
{
t_int c = 0, t = 0;
@@ -1158,6 +1182,9 @@ int mpi_mod_mpi( mpi *R, mpi *A, mpi *B )
{
int ret;
+ if( mpi_cmp_int( B, 0 ) < 0 )
+ return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
+
MPI_CHK( mpi_div_mpi( NULL, R, A, B ) );
while( mpi_cmp_int( R, 0 ) < 0 )
@@ -1183,7 +1210,7 @@ int mpi_mod_int( t_int *r, mpi *A, int b )
return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO );
if( b < 0 )
- b = -b;
+ return POLARSSL_ERR_MPI_NEGATIVE_VALUE;
/*
* handle trivial cases
@@ -1216,6 +1243,13 @@ int mpi_mod_int( t_int *r, mpi *A, int b )
y -= z * b;
}
+ /*
+ * If A is negative, then the current y represents a negative value.
+ * Flipping it to the positive side.
+ */
+ if( A->s < 0 && y != 0 )
+ y = b - y;
+
*r = y;
return( 0 );
@@ -1362,7 +1396,7 @@ int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR )
for( i = 0; i < wsize - 1; i++ )
mpi_montmul( &W[j], &W[j], N, mm, &T );
-
+
/*
* W[i] = W[i - 1] * W[1]
*/
@@ -1472,21 +1506,29 @@ cleanup:
*/
int mpi_gcd( mpi *G, mpi *A, mpi *B )
{
- int ret;
+ int ret, lz, lzt;
mpi TG, TA, TB;
mpi_init( &TG, &TA, &TB, NULL );
- MPI_CHK( mpi_lset( &TG, 1 ) );
MPI_CHK( mpi_copy( &TA, A ) );
MPI_CHK( mpi_copy( &TB, B ) );
+ lz = mpi_lsb( &TA );
+ lzt = mpi_lsb( &TB );
+
+ if ( lzt < lz )
+ lz = lzt;
+
+ MPI_CHK( mpi_shift_r( &TA, lz ) );
+ MPI_CHK( mpi_shift_r( &TB, lz ) );
+
TA.s = TB.s = 1;
while( mpi_cmp_int( &TA, 0 ) != 0 )
{
- while( ( TA.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TA, 1 ) );
- while( ( TB.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TB, 1 ) );
+ MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) );
+ MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) );
if( mpi_cmp_mpi( &TA, &TB ) >= 0 )
{
@@ -1500,7 +1542,8 @@ int mpi_gcd( mpi *G, mpi *A, mpi *B )
}
}
- MPI_CHK( mpi_mul_mpi( G, &TG, &TB ) );
+ MPI_CHK( mpi_shift_l( &TB, lz ) );
+ MPI_CHK( mpi_copy( G, &TB ) );
cleanup:
@@ -1509,6 +1552,8 @@ cleanup:
return( ret );
}
+#if defined(POLARSSL_GENPRIME)
+
/*
* Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64)
*/
@@ -1636,7 +1681,11 @@ int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng )
mpi W, R, T, A, RR;
unsigned char *p;
- if( mpi_cmp_int( X, 0 ) == 0 )
+ if( mpi_cmp_int( X, 0 ) == 0 ||
+ mpi_cmp_int( X, 1 ) == 0 )
+ return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE );
+
+ if( mpi_cmp_int( X, 2 ) == 0 )
return( 0 );
mpi_init( &W, &R, &T, &A, &RR, NULL );
@@ -1809,3 +1858,5 @@ cleanup:
return( ret );
}
+
+#endif
diff --git a/bignum.h b/bignum.h
index 5e71876..2139c5c 100644
--- a/bignum.h
+++ b/bignum.h
@@ -1,9 +1,10 @@
/**
* \file bignum.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,13 +25,13 @@
#include <stdio.h>
-#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002
-#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004
-#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006
-#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008
-#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A
-#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C
-#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E
+#define POLARSSL_ERR_MPI_FILE_IO_ERROR 0x0002
+#define POLARSSL_ERR_MPI_BAD_INPUT_DATA 0x0004
+#define POLARSSL_ERR_MPI_INVALID_CHARACTER 0x0006
+#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL 0x0008
+#define POLARSSL_ERR_MPI_NEGATIVE_VALUE 0x000A
+#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO 0x000C
+#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE 0x000E
#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
@@ -54,7 +55,9 @@ typedef unsigned long t_dbl;
defined(__ia64__) || defined(__alpha__)
typedef unsigned int t_dbl __attribute__((mode(TI)));
#else
- typedef unsigned long long t_dbl;
+ #if defined(POLARSSL_HAVE_LONGLONG)
+ typedef unsigned long long t_dbl;
+ #endif
#endif
#endif
#endif
@@ -88,6 +91,9 @@ void mpi_free( mpi *X, ... );
/**
* \brief Enlarge to the specified number of limbs
*
+ * \param X MPI to grow
+ * \param nblimbs The target number of limbs
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -96,6 +102,9 @@ int mpi_grow( mpi *X, int nblimbs );
/**
* \brief Copy the contents of Y into X
*
+ * \param X Destination MPI
+ * \param Y Source MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -103,12 +112,18 @@ int mpi_copy( mpi *X, mpi *Y );
/**
* \brief Swap the contents of X and Y
+ *
+ * \param X First MPI value
+ * \param Y Second MPI value
*/
void mpi_swap( mpi *X, mpi *Y );
/**
* \brief Set value from integer
*
+ * \param X MPI to set
+ * \param z Value to use
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -116,25 +131,31 @@ int mpi_lset( mpi *X, int z );
/**
* \brief Return the number of least significant bits
+ *
+ * \param X MPI to use
*/
int mpi_lsb( mpi *X );
/**
* \brief Return the number of most significant bits
+ *
+ * \param X MPI to use
*/
int mpi_msb( mpi *X );
/**
* \brief Return the total size in bytes
+ *
+ * \param X MPI to use
*/
int mpi_size( mpi *X );
/**
* \brief Import from an ASCII string
*
- * \param X destination mpi
- * \param radix input numeric base
- * \param s null-terminated string buffer
+ * \param X Destination MPI
+ * \param radix Input numeric base
+ * \param s Null-terminated string buffer
*
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*/
@@ -143,10 +164,10 @@ int mpi_read_string( mpi *X, int radix, char *s );
/**
* \brief Export into an ASCII string
*
- * \param X source mpi
- * \param radix output numeric base
- * \param s string buffer
- * \param slen string buffer size
+ * \param X Source MPI
+ * \param radix Output numeric base
+ * \param s String buffer
+ * \param slen String buffer size
*
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*
@@ -158,21 +179,21 @@ int mpi_write_string( mpi *X, int radix, char *s, int *slen );
/**
* \brief Read X from an opened file
*
- * \param X destination mpi
- * \param radix input numeric base
- * \param fin input file handle
+ * \param X Destination MPI
+ * \param radix Input numeric base
+ * \param fin Input file handle
*
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*/
int mpi_read_file( mpi *X, int radix, FILE *fin );
/**
- * \brief Write X into an opened file, or stdout
+ * \brief Write X into an opened file, or stdout if fout is NULL
*
- * \param p prefix, can be NULL
- * \param X source mpi
- * \param radix output numeric base
- * \param fout output file handle
+ * \param p Prefix, can be NULL
+ * \param X Source MPI
+ * \param radix Output numeric base
+ * \param fout Output file handle (can be NULL)
*
* \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code
*
@@ -183,9 +204,9 @@ int mpi_write_file( char *p, mpi *X, int radix, FILE *fout );
/**
* \brief Import X from unsigned binary data, big endian
*
- * \param X destination mpi
- * \param buf input buffer
- * \param buflen input buffer size
+ * \param X Destination MPI
+ * \param buf Input buffer
+ * \param buflen Input buffer size
*
* \return 0 if successful,
* 1 if memory allocation failed
@@ -195,21 +216,21 @@ int mpi_read_binary( mpi *X, unsigned char *buf, int buflen );
/**
* \brief Export X into unsigned binary data, big endian
*
- * \param X source mpi
- * \param buf output buffer
- * \param buflen output buffer size
+ * \param X Source MPI
+ * \param buf Output buffer
+ * \param buflen Output buffer size
*
* \return 0 if successful,
* POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
- *
- * \note Call this function with *buflen = 0 to obtain the
- * minimum required buffer size in *buflen.
*/
int mpi_write_binary( mpi *X, unsigned char *buf, int buflen );
/**
* \brief Left-shift: X <<= count
*
+ * \param X MPI to shift
+ * \param count Amount to shift
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -218,6 +239,9 @@ int mpi_shift_l( mpi *X, int count );
/**
* \brief Right-shift: X >>= count
*
+ * \param X MPI to shift
+ * \param count Amount to shift
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -226,6 +250,9 @@ int mpi_shift_r( mpi *X, int count );
/**
* \brief Compare unsigned values
*
+ * \param X Left-hand MPI
+ * \param Y Right-hand MPI
+ *
* \return 1 if |X| is greater than |Y|,
* -1 if |X| is lesser than |Y| or
* 0 if |X| is equal to |Y|
@@ -235,6 +262,9 @@ int mpi_cmp_abs( mpi *X, mpi *Y );
/**
* \brief Compare signed values
*
+ * \param X Left-hand MPI
+ * \param Y Right-hand MPI
+ *
* \return 1 if X is greater than Y,
* -1 if X is lesser than Y or
* 0 if X is equal to Y
@@ -244,6 +274,9 @@ int mpi_cmp_mpi( mpi *X, mpi *Y );
/**
* \brief Compare signed values
*
+ * \param X Left-hand MPI
+ * \param z The integer value to compare to
+ *
* \return 1 if X is greater than z,
* -1 if X is lesser than z or
* 0 if X is equal to z
@@ -253,6 +286,10 @@ int mpi_cmp_int( mpi *X, int z );
/**
* \brief Unsigned addition: X = |A| + |B|
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -261,6 +298,10 @@ int mpi_add_abs( mpi *X, mpi *A, mpi *B );
/**
* \brief Unsigned substraction: X = |A| - |B|
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
*/
@@ -269,6 +310,10 @@ int mpi_sub_abs( mpi *X, mpi *A, mpi *B );
/**
* \brief Signed addition: X = A + B
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -277,6 +322,10 @@ int mpi_add_mpi( mpi *X, mpi *A, mpi *B );
/**
* \brief Signed substraction: X = A - B
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -285,6 +334,10 @@ int mpi_sub_mpi( mpi *X, mpi *A, mpi *B );
/**
* \brief Signed addition: X = A + b
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param b The integer value to add
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -293,6 +346,10 @@ int mpi_add_int( mpi *X, mpi *A, int b );
/**
* \brief Signed substraction: X = A - b
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param b The integer value to subtract
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -301,6 +358,10 @@ int mpi_sub_int( mpi *X, mpi *A, int b );
/**
* \brief Baseline multiplication: X = A * B
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -308,6 +369,12 @@ int mpi_mul_mpi( mpi *X, mpi *A, mpi *B );
/**
* \brief Baseline multiplication: X = A * b
+ * Note: b is an unsigned integer type, thus
+ * Negative values of b are ignored.
+ *
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param b The integer value to multiply with
*
* \return 0 if successful,
* 1 if memory allocation failed
@@ -317,6 +384,11 @@ int mpi_mul_int( mpi *X, mpi *A, t_int b );
/**
* \brief Division by mpi: A = Q * B + R
*
+ * \param Q Destination MPI for the quotient
+ * \param R Destination MPI for the rest value
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
@@ -328,6 +400,11 @@ int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B );
/**
* \brief Division by int: A = Q * b + R
*
+ * \param Q Destination MPI for the quotient
+ * \param R Destination MPI for the rest value
+ * \param A Left-hand MPI
+ * \param b Integer to divide by
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
@@ -339,24 +416,40 @@ int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b );
/**
* \brief Modulo: R = A mod B
*
+ * \param R Destination MPI for the rest value
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
- * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
*/
int mpi_mod_mpi( mpi *R, mpi *A, mpi *B );
/**
* \brief Modulo: r = A mod b
*
+ * \param a Destination t_int
+ * \param A Left-hand MPI
+ * \param b Integer to divide by
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
- * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ * POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
*/
int mpi_mod_int( t_int *r, mpi *A, int b );
/**
* \brief Sliding-window exponentiation: X = A^E mod N
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param E Exponent MPI
+ * \param N Modular MPI
+ * \param _RR Speed-up MPI used for recalculations
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
@@ -370,6 +463,10 @@ int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR );
/**
* \brief Greatest common divisor: G = gcd(A, B)
*
+ * \param G Destination MPI
+ * \param A Left-hand MPI
+ * \param B Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed
*/
@@ -378,13 +475,46 @@ int mpi_gcd( mpi *G, mpi *A, mpi *B );
/**
* \brief Modular inverse: X = A^-1 mod N
*
+ * \param X Destination MPI
+ * \param A Left-hand MPI
+ * \param N Right-hand MPI
+ *
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
- * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
*/
int mpi_inv_mod( mpi *X, mpi *A, mpi *N );
+/**
+ * \brief Miller-Rabin primality test
+ *
+ * \param X MPI to check
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful (probably prime),
+ * 1 if memory allocation failed,
+ * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ */
+int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng );
+
+/**
+ * \brief Prime number generation
+ *
+ * \param X Destination MPI
+ * \param nbits Required size of X in bits
+ * \param dh_flag If 1, then (X-1)/2 will be prime too
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful (probably prime),
+ * 1 if memory allocation failed,
+ * POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ */
+int mpi_gen_prime( mpi *X, int nbits, int dh_flag,
+ int (*f_rng)(void *), void *p_rng );
+
#ifdef __cplusplus
}
#endif
diff --git a/bn_mul.h b/bn_mul.h
index c9737f6..8f86ccf 100644
--- a/bn_mul.h
+++ b/bn_mul.h
@@ -1,9 +1,10 @@
/**
* \file bn_mul.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -41,105 +42,120 @@
#if defined(__GNUC__)
#if defined(__i386__)
-#define MULADDC_INIT \
- asm( "movl %%ebx, %0 " : "=m" (t)); \
- asm( "movl %0, %%esi " :: "m" (s)); \
- asm( "movl %0, %%edi " :: "m" (d)); \
- asm( "movl %0, %%ecx " :: "m" (c)); \
- asm( "movl %0, %%ebx " :: "m" (b));
-
-#define MULADDC_CORE \
- asm( "lodsl " ); \
- asm( "mull %ebx " ); \
- asm( "addl %ecx, %eax " ); \
- asm( "adcl $0, %edx " ); \
- asm( "addl (%edi), %eax " ); \
- asm( "adcl $0, %edx " ); \
- asm( "movl %edx, %ecx " ); \
- asm( "stosl " );
+#define MULADDC_INIT \
+ asm( " \
+ movl %%ebx, %0; \
+ movl %5, %%esi; \
+ movl %6, %%edi; \
+ movl %7, %%ecx; \
+ movl %8, %%ebx; \
+ "
+
+#define MULADDC_CORE \
+ " \
+ lodsl; \
+ mull %%ebx; \
+ addl %%ecx, %%eax; \
+ adcl $0, %%edx; \
+ addl (%%edi), %%eax; \
+ adcl $0, %%edx; \
+ movl %%edx, %%ecx; \
+ stosl; \
+ "
#if defined(POLARSSL_HAVE_SSE2)
-#define MULADDC_HUIT \
- asm( "movd %ecx, %mm1 " ); \
- asm( "movd %ebx, %mm0 " ); \
- asm( "movd (%edi), %mm3 " ); \
- asm( "paddq %mm3, %mm1 " ); \
- asm( "movd (%esi), %mm2 " ); \
- asm( "pmuludq %mm0, %mm2 " ); \
- asm( "movd 4(%esi), %mm4 " ); \
- asm( "pmuludq %mm0, %mm4 " ); \
- asm( "movd 8(%esi), %mm6 " ); \
- asm( "pmuludq %mm0, %mm6 " ); \
- asm( "movd 12(%esi), %mm7 " ); \
- asm( "pmuludq %mm0, %mm7 " ); \
- asm( "paddq %mm2, %mm1 " ); \
- asm( "movd 4(%edi), %mm3 " ); \
- asm( "paddq %mm4, %mm3 " ); \
- asm( "movd 8(%edi), %mm5 " ); \
- asm( "paddq %mm6, %mm5 " ); \
- asm( "movd 12(%edi), %mm4 " ); \
- asm( "paddq %mm4, %mm7 " ); \
- asm( "movd %mm1, (%edi) " ); \
- asm( "movd 16(%esi), %mm2 " ); \
- asm( "pmuludq %mm0, %mm2 " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "movd 20(%esi), %mm4 " ); \
- asm( "pmuludq %mm0, %mm4 " ); \
- asm( "paddq %mm3, %mm1 " ); \
- asm( "movd 24(%esi), %mm6 " ); \
- asm( "pmuludq %mm0, %mm6 " ); \
- asm( "movd %mm1, 4(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "movd 28(%esi), %mm3 " ); \
- asm( "pmuludq %mm0, %mm3 " ); \
- asm( "paddq %mm5, %mm1 " ); \
- asm( "movd 16(%edi), %mm5 " ); \
- asm( "paddq %mm5, %mm2 " ); \
- asm( "movd %mm1, 8(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "paddq %mm7, %mm1 " ); \
- asm( "movd 20(%edi), %mm5 " ); \
- asm( "paddq %mm5, %mm4 " ); \
- asm( "movd %mm1, 12(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "paddq %mm2, %mm1 " ); \
- asm( "movd 24(%edi), %mm5 " ); \
- asm( "paddq %mm5, %mm6 " ); \
- asm( "movd %mm1, 16(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "paddq %mm4, %mm1 " ); \
- asm( "movd 28(%edi), %mm5 " ); \
- asm( "paddq %mm5, %mm3 " ); \
- asm( "movd %mm1, 20(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "paddq %mm6, %mm1 " ); \
- asm( "movd %mm1, 24(%edi) " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "paddq %mm3, %mm1 " ); \
- asm( "movd %mm1, 28(%edi) " ); \
- asm( "addl $32, %edi " ); \
- asm( "addl $32, %esi " ); \
- asm( "psrlq $32, %mm1 " ); \
- asm( "movd %mm1, %ecx " );
-
-#define MULADDC_STOP \
- asm( "emms " ); \
- asm( "movl %0, %%ebx " :: "m" (t)); \
- asm( "movl %%ecx, %0 " : "=m" (c)); \
- asm( "movl %%edi, %0 " : "=m" (d)); \
- asm( "movl %%esi, %0 " : "=m" (s) :: \
- "eax", "ecx", "edx", "esi", "edi" );
+#define MULADDC_HUIT \
+ " \
+ movd %%ecx, %%mm1; \
+ movd %%ebx, %%mm0; \
+ movd (%%edi), %%mm3; \
+ paddq %%mm3, %%mm1; \
+ movd (%%esi), %%mm2; \
+ pmuludq %%mm0, %%mm2; \
+ movd 4(%%esi), %%mm4; \
+ pmuludq %%mm0, %%mm4; \
+ movd 8(%%esi), %%mm6; \
+ pmuludq %%mm0, %%mm6; \
+ movd 12(%%esi), %%mm7; \
+ pmuludq %%mm0, %%mm7; \
+ paddq %%mm2, %%mm1; \
+ movd 4(%%edi), %%mm3; \
+ paddq %%mm4, %%mm3; \
+ movd 8(%%edi), %%mm5; \
+ paddq %%mm6, %%mm5; \
+ movd 12(%%edi), %%mm4; \
+ paddq %%mm4, %%mm7; \
+ movd %%mm1, (%%edi); \
+ movd 16(%%esi), %%mm2; \
+ pmuludq %%mm0, %%mm2; \
+ psrlq $32, %%mm1; \
+ movd 20(%%esi), %%mm4; \
+ pmuludq %%mm0, %%mm4; \
+ paddq %%mm3, %%mm1; \
+ movd 24(%%esi), %%mm6; \
+ pmuludq %%mm0, %%mm6; \
+ movd %%mm1, 4(%%edi); \
+ psrlq $32, %%mm1; \
+ movd 28(%%esi), %%mm3; \
+ pmuludq %%mm0, %%mm3; \
+ paddq %%mm5, %%mm1; \
+ movd 16(%%edi), %%mm5; \
+ paddq %%mm5, %%mm2; \
+ movd %%mm1, 8(%%edi); \
+ psrlq $32, %%mm1; \
+ paddq %%mm7, %%mm1; \
+ movd 20(%%edi), %%mm5; \
+ paddq %%mm5, %%mm4; \
+ movd %%mm1, 12(%%edi); \
+ psrlq $32, %%mm1; \
+ paddq %%mm2, %%mm1; \
+ movd 24(%%edi), %%mm5; \
+ paddq %%mm5, %%mm6; \
+ movd %%mm1, 16(%%edi); \
+ psrlq $32, %%mm1; \
+ paddq %%mm4, %%mm1; \
+ movd 28(%%edi), %%mm5; \
+ paddq %%mm5, %%mm3; \
+ movd %%mm1, 20(%%edi); \
+ psrlq $32, %%mm1; \
+ paddq %%mm6, %%mm1; \
+ movd %%mm1, 24(%%edi); \
+ psrlq $32, %%mm1; \
+ paddq %%mm3, %%mm1; \
+ movd %%mm1, 28(%%edi); \
+ addl $32, %%edi; \
+ addl $32, %%esi; \
+ psrlq $32, %%mm1; \
+ movd %%mm1, %%ecx; \
+ "
+
+#define MULADDC_STOP \
+ " \
+ emms; \
+ movl %4, %%ebx; \
+ movl %%ecx, %1; \
+ movl %%edi, %2; \
+ movl %%esi, %3; \
+ " \
+ : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "eax", "ecx", "edx", "esi", "edi" \
+ );
#else
-#define MULADDC_STOP \
- asm( "movl %0, %%ebx " :: "m" (t)); \
- asm( "movl %%ecx, %0 " : "=m" (c)); \
- asm( "movl %%edi, %0 " : "=m" (d)); \
- asm( "movl %%esi, %0 " : "=m" (s) :: \
- "eax", "ecx", "edx", "esi", "edi" );
-
+#define MULADDC_STOP \
+ " \
+ movl %4, %%ebx; \
+ movl %%ecx, %1; \
+ movl %%edi, %2; \
+ movl %%esi, %3; \
+ " \
+ : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \
+ : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \
+ : "eax", "ecx", "edx", "esi", "edi" \
+ );
#endif /* SSE2 */
#endif /* i386 */
diff --git a/sha1.c b/sha1.c
index f4a12e3..fcda11e 100644
--- a/sha1.c
+++ b/sha1.c
@@ -1,9 +1,10 @@
/*
* FIPS-180-1 compliant SHA-1 implementation
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -308,7 +309,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] )
/*
* output = SHA-1( input buffer )
*/
-void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] )
+void sha1( unsigned char *input, int ilen, unsigned char output[20] )
{
sha1_context ctx;
@@ -361,7 +362,7 @@ void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen )
if( keylen > 64 )
{
- sha1_oneshot( key, keylen, sum );
+ sha1( key, keylen, sum );
keylen = 20;
key = sum;
}
@@ -420,3 +421,4 @@ void sha1_hmac( unsigned char *key, int keylen,
memset( &ctx, 0, sizeof( sha1_context ) );
}
+
diff --git a/sha1.h b/sha1.h
index 84f1f51..8d5c394 100644
--- a/sha1.h
+++ b/sha1.h
@@ -1,9 +1,10 @@
/**
* \file sha1.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -25,6 +26,7 @@
/**
* \brief SHA-1 context structure
*/
+
#ifndef HAVE_SHA1_CONTEXT
#define HAVE_SHA1_CONTEXT
typedef struct sha1_context sha1_context;
@@ -40,6 +42,7 @@ struct sha1_context
unsigned char opad[64]; /*!< HMAC: outer padding */
};
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -75,7 +78,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] );
* \param ilen length of the input data
* \param output SHA-1 checksum result
*/
-void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] );
+void sha1( unsigned char *input, int ilen, unsigned char output[20] );
/**
* \brief Output = SHA-1( file contents )
diff --git a/sha2.c b/sha2.c
index e030f27..ed6d7ad 100644
--- a/sha2.c
+++ b/sha2.c
@@ -1,9 +1,10 @@
/*
* FIPS-180-2 compliant SHA-256 implementation
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -427,3 +428,4 @@ void sha2_hmac( unsigned char *key, int keylen,
memset( &ctx, 0, sizeof( sha2_context ) );
}
+
diff --git a/sha2.h b/sha2.h
index 88ba1f5..8996093 100644
--- a/sha2.h
+++ b/sha2.h
@@ -1,9 +1,10 @@
/**
* \file sha2.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
--
1.6.3.3
From 2914cf65b6ee06ac503b2e5b424b9aac96b7fbad Mon Sep 17 00:00:00 2001
From: Andreas Metzler <ametzler@???>
Date: Sat, 5 Dec 2009 18:57:19 +0100
Subject: [PATCH 2/2] Merge updated files from polarssl 0.12.1 (Part 2).
---
pdkim.c | 4 +-
rsa.c | 115 ++++++++++++++++++++++++++++++++++++++++-----------------
rsa.h | 126 ++++++++++++++++++++++++++++++++++++++++++++++-----------------
3 files changed, 174 insertions(+), 71 deletions(-)
diff --git a/pdkim.c b/pdkim.c
index 53d1c5a..b661e99 100644
--- a/pdkim.c
+++ b/pdkim.c
@@ -1494,7 +1494,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE,
((sig->algo == PDKIM_ALGO_RSA_SHA1)?
- RSA_SHA1:RSA_SHA256),
+ SIG_RSA_SHA1:SIG_RSA_SHA256),
0,
(unsigned char *)headerhash,
(unsigned char *)sig->sigdata ) != 0) {
@@ -1588,7 +1588,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
if (rsa_pkcs1_verify(&rsa,
RSA_PUBLIC,
((sig->algo == PDKIM_ALGO_RSA_SHA1)?
- RSA_SHA1:RSA_SHA256),
+ SIG_RSA_SHA1:SIG_RSA_SHA256),
0,
(unsigned char *)headerhash,
(unsigned char *)sig->sigdata) != 0) {
diff --git a/rsa.c b/rsa.c
index 2abec04..9fe6918 100644
--- a/rsa.c
+++ b/rsa.c
@@ -1,9 +1,10 @@
/*
* The RSA public-key cryptosystem
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -34,6 +35,7 @@
#include <stdio.h>
+/* *************** begin copy from x509parse.c ********************/
/*
* ASN.1 DER decoding routines
*/
@@ -131,6 +133,8 @@ static int asn1_get_mpi( unsigned char **p,
return( ret );
}
+/* *************** end copy from x509parse.c ********************/
+
/*
@@ -157,7 +161,10 @@ void rsa_init( rsa_context *ctx,
*/
int rsa_check_pubkey( rsa_context *ctx )
{
- if( ( ctx->N.p[0] & 1 ) == 0 ||
+ if( !ctx->N.p || !ctx->E.p )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
+ if( ( ctx->N.p[0] & 1 ) == 0 ||
( ctx->E.p[0] & 1 ) == 0 )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
@@ -183,6 +190,9 @@ int rsa_check_privkey( rsa_context *ctx )
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
+ if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
+ return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
+
mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
@@ -353,11 +363,11 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen,
unsigned char *input,
unsigned char *output,
- int output_max_len)
+ int output_max_len)
{
int ret, ilen;
unsigned char *p;
- unsigned char buf[512];
+ unsigned char buf[1024];
ilen = ctx->len;
@@ -395,7 +405,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
}
if (ilen - (int)(p - buf) > output_max_len)
- return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE );
+ return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
*olen = ilen - (int)(p - buf);
memcpy( output, p, *olen );
@@ -424,24 +434,37 @@ int rsa_pkcs1_sign( rsa_context *ctx,
switch( hash_id )
{
- case RSA_RAW:
+ case SIG_RSA_RAW:
nb_pad = olen - 3 - hashlen;
break;
- case RSA_MD2:
- case RSA_MD4:
- case RSA_MD5:
- nb_pad = olen - 3 - 16 - 18;
+ case SIG_RSA_MD2:
+ case SIG_RSA_MD4:
+ case SIG_RSA_MD5:
+ nb_pad = olen - 3 - 34;
+ break;
+
+ case SIG_RSA_SHA1:
+ nb_pad = olen - 3 - 35;
+ break;
+
+ case SIG_RSA_SHA224:
+ nb_pad = olen - 3 - 47;
+ break;
+
+ case SIG_RSA_SHA256:
+ nb_pad = olen - 3 - 51;
break;
- case RSA_SHA1:
- nb_pad = olen - 3 - 20 - 15;
+ case SIG_RSA_SHA384:
+ nb_pad = olen - 3 - 67;
break;
- case RSA_SHA256:
- nb_pad = olen - 3 - 32 - 19;
+ case SIG_RSA_SHA512:
+ nb_pad = olen - 3 - 83;
break;
+
default:
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
@@ -463,34 +486,49 @@ int rsa_pkcs1_sign( rsa_context *ctx,
switch( hash_id )
{
- case RSA_RAW:
+ case SIG_RSA_RAW:
memcpy( p, hash, hashlen );
break;
- case RSA_MD2:
+ case SIG_RSA_MD2:
memcpy( p, ASN1_HASH_MDX, 18 );
memcpy( p + 18, hash, 16 );
p[13] = 2; break;
- case RSA_MD4:
+ case SIG_RSA_MD4:
memcpy( p, ASN1_HASH_MDX, 18 );
memcpy( p + 18, hash, 16 );
p[13] = 4; break;
- case RSA_MD5:
+ case SIG_RSA_MD5:
memcpy( p, ASN1_HASH_MDX, 18 );
memcpy( p + 18, hash, 16 );
p[13] = 5; break;
- case RSA_SHA1:
+ case SIG_RSA_SHA1:
memcpy( p, ASN1_HASH_SHA1, 15 );
memcpy( p + 15, hash, 20 );
break;
- case RSA_SHA256:
- memcpy( p, ASN1_HASH_SHA256, 19 );
+ case SIG_RSA_SHA224:
+ memcpy( p, ASN1_HASH_SHA2X, 19 );
+ memcpy( p + 19, hash, 28 );
+ p[1] += 28; p[14] = 4; p[18] += 28; break;
+
+ case SIG_RSA_SHA256:
+ memcpy( p, ASN1_HASH_SHA2X, 19 );
memcpy( p + 19, hash, 32 );
- break;
+ p[1] += 32; p[14] = 1; p[18] += 32; break;
+
+ case SIG_RSA_SHA384:
+ memcpy( p, ASN1_HASH_SHA2X, 19 );
+ memcpy( p + 19, hash, 48 );
+ p[1] += 48; p[14] = 2; p[18] += 48; break;
+
+ case SIG_RSA_SHA512:
+ memcpy( p, ASN1_HASH_SHA2X, 19 );
+ memcpy( p + 19, hash, 64 );
+ p[1] += 64; p[14] = 3; p[18] += 64; break;
default:
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -513,7 +551,7 @@ int rsa_pkcs1_verify( rsa_context *ctx,
{
int ret, len, siglen;
unsigned char *p, c;
- unsigned char buf[512];
+ unsigned char buf[1024];
siglen = ctx->len;
@@ -560,18 +598,18 @@ int rsa_pkcs1_verify( rsa_context *ctx,
if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 )
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
- if( ( c == 2 && hash_id == RSA_MD2 ) ||
- ( c == 4 && hash_id == RSA_MD4 ) ||
- ( c == 5 && hash_id == RSA_MD5 ) )
+ if( ( c == 2 && hash_id == SIG_RSA_MD2 ) ||
+ ( c == 4 && hash_id == SIG_RSA_MD4 ) ||
+ ( c == 5 && hash_id == SIG_RSA_MD5 ) )
{
- if( memcmp( p + 18, hash, 16 ) == 0 )
+ if( memcmp( p + 18, hash, 16 ) == 0 )
return( 0 );
else
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
}
}
- if( len == 35 && hash_id == RSA_SHA1 )
+ if( len == 35 && hash_id == SIG_RSA_SHA1 )
{
if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 &&
memcmp( p + 15, hash, 20 ) == 0 )
@@ -579,17 +617,24 @@ int rsa_pkcs1_verify( rsa_context *ctx,
else
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
}
-
- if( len == 51 && hash_id == RSA_SHA256 )
+ if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) ||
+ ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) ||
+ ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) ||
+ ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) )
{
- if( memcmp( p, ASN1_HASH_SHA256, 19 ) == 0 &&
- memcmp( p + 19, hash, 32 ) == 0 )
+ c = p[1] - 17;
+ p[1] = 17;
+ p[14] = 0;
+
+ if( p[18] == c &&
+ memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 &&
+ memcmp( p + 19, hash, c ) == 0 )
return( 0 );
else
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
}
- if( len == hashlen && hash_id == RSA_RAW )
+ if( len == hashlen && hash_id == SIG_RSA_RAW )
{
if( memcmp( p, hash, hashlen ) == 0 )
return( 0 );
@@ -611,7 +656,6 @@ void rsa_free( rsa_context *ctx )
&ctx->E, &ctx->N, NULL );
}
-
/*
* Parse a public RSA key
@@ -818,3 +862,4 @@ int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen,
return( 0 );
}
+
diff --git a/rsa.h b/rsa.h
index f3ba0cd..75626c7 100644
--- a/rsa.h
+++ b/rsa.h
@@ -1,9 +1,10 @@
/**
* \file rsa.h
*
- * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine
+ * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org>
+ * All rights reserved.
*
- * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org>
+ * Joined copyright on original XySSL code with: Christophe Devine
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,6 +25,9 @@
#include "bignum.h"
+/*
+ * RSA Error codes
+ */
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400
#define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410
#define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420
@@ -31,14 +35,24 @@
#define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440
#define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450
#define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460
-#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470
+#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x0470
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A
-#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C
+/* *************** begin copy from x509.h ************************/
+/*
+ * ASN1 Error codes
+ *
+ * These error codes will be OR'ed to X509 error codes for
+ * higher error granularity.
+ */
+#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014
+#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016
+#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018
+#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A
+#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C
+/*
+ * X509 Error codes
+ */
#define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
#define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040
#define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
@@ -87,15 +101,20 @@
#define ASN1_CONSTRUCTED 0x20
#define ASN1_CONTEXT_SPECIFIC 0x80
+/* *************** end copy from x509.h ************************/
+
/*
* PKCS#1 constants
*/
-#define RSA_RAW 0
-#define RSA_MD2 2
-#define RSA_MD4 3
-#define RSA_MD5 4
-#define RSA_SHA1 5
-#define RSA_SHA256 6
+#define SIG_RSA_RAW 0
+#define SIG_RSA_MD2 2
+#define SIG_RSA_MD4 3
+#define SIG_RSA_MD5 4
+#define SIG_RSA_SHA1 5
+#define SIG_RSA_SHA224 14
+#define SIG_RSA_SHA256 11
+#define SIG_RSA_SHA384 12
+#define SIG_RSA_SHA512 13
#define RSA_PUBLIC 0
#define RSA_PRIVATE 1
@@ -106,6 +125,29 @@
#define RSA_SIGN 1
#define RSA_CRYPT 2
+#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30"
+#define ASN1_STR_NULL "\x05"
+#define ASN1_STR_OID "\x06"
+#define ASN1_STR_OCTET_STRING "\x04"
+
+#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00"
+#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a"
+#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00"
+
+#define OID_ISO_MEMBER_BODIES "\x2a"
+#define OID_ISO_IDENTIFIED_ORG "\x2b"
+
+/*
+ * ISO Member bodies OID parts
+ */
+#define OID_COUNTRY_US "\x86\x48"
+#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d"
+
+/*
+ * ISO Identified organization OID parts
+ */
+#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a"
+
/*
* DigestInfo ::= SEQUENCE {
* digestAlgorithm DigestAlgorithmIdentifier,
@@ -115,18 +157,31 @@
*
* Digest ::= OCTET STRING
*/
-#define ASN1_HASH_MDX \
- "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48" \
- "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10"
-
-#define ASN1_HASH_SHA1 \
- "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03" \
- "\x02\x1A\x05\x00\x04\x14"
-
-#define ASN1_HASH_SHA256 \
- "\x30\x31\x30\x0d\x06\x09\x60\x86\x48" \
- "\x01\x65\x03\x04\x02\x01\x05\x00\x04" \
- "\x20"
+#define ASN1_HASH_MDX \
+( \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \
+ ASN1_STR_OID "\x08" \
+ OID_DIGEST_ALG_MDX \
+ ASN1_STR_NULL "\x00" \
+ ASN1_STR_OCTET_STRING "\x10" \
+)
+
+#define ASN1_HASH_SHA1 \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \
+ ASN1_STR_OID "\x05" \
+ OID_HASH_ALG_SHA1 \
+ ASN1_STR_NULL "\x00" \
+ ASN1_STR_OCTET_STRING "\x14"
+
+#define ASN1_HASH_SHA2X \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \
+ ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \
+ ASN1_STR_OID "\x09" \
+ OID_HASH_ALG_SHA2X \
+ ASN1_STR_NULL "\x00" \
+ ASN1_STR_OCTET_STRING "\x00"
/**
* \brief RSA context structure
@@ -224,7 +279,8 @@ int rsa_check_privkey( rsa_context *ctx );
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*
* \note This function does NOT take care of message
- * padding. Also, be sure to set input[0] = 0.
+ * padding. Also, be sure to set input[0] = 0 or assure that
+ * input is smaller than N.
*
* \note The input and output buffers must be large
* enough (eg. 128 bytes if RSA-1024 is used).
@@ -254,7 +310,7 @@ int rsa_private( rsa_context *ctx,
*
* \param ctx RSA context
* \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param ilen contains the the plaintext length
+ * \param ilen contains the plaintext length
* \param input buffer holding the data to be encrypted
* \param output buffer that will hold the ciphertext
*
@@ -276,7 +332,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx,
* \param input buffer holding the encrypted data
* \param output buffer that will hold the plaintext
* \param olen will contain the plaintext length
- * \param output_max_len maximum length of the output buffer
+ * \param output_max_len maximum length of the output buffer
*
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
*
@@ -288,15 +344,15 @@ int rsa_pkcs1_decrypt( rsa_context *ctx,
int mode, int *olen,
unsigned char *input,
unsigned char *output,
- int output_max_len);
+ int output_max_len );
/**
* \brief Do a private RSA to sign a message digest
*
* \param ctx RSA context
* \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
- * \param hashlen message digest length (for RSA_RAW only)
+ * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512}
+ * \param hashlen message digest length (for SIG_RSA_RAW only)
* \param hash buffer holding the message digest
* \param sig buffer that will hold the ciphertext
*
@@ -318,8 +374,8 @@ int rsa_pkcs1_sign( rsa_context *ctx,
*
* \param ctx points to an RSA public key
* \param mode RSA_PUBLIC or RSA_PRIVATE
- * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
- * \param hashlen message digest length (for RSA_RAW only)
+ * \param hash_id SIG_RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256}
+ * \param hashlen message digest length (for SIG_RSA_RAW only)
* \param hash buffer holding the message digest
* \param sig buffer holding the ciphertext
*
@@ -338,6 +394,8 @@ int rsa_pkcs1_verify( rsa_context *ctx,
/**
* \brief Free the components of an RSA key
+ *
+ * \param ctx RSA Context to free
*/
void rsa_free( rsa_context *ctx );
--
1.6.3.3