1 /* 2 * Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <stdio.h> 17 #include "internal/cryptlib.h" 18 #include <openssl/bn.h> 19 #include <openssl/rsa.h> 20 #include <openssl/objects.h> 21 22 int RSA_padding_add_X931(unsigned char *to, int tlen, 23 const unsigned char *from, int flen) 24 { 25 int j; 26 unsigned char *p; 27 28 /* 29 * Absolute minimum amount of padding is 1 header nibble, 1 padding 30 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. 31 */ 32 33 j = tlen - flen - 2; 34 35 if (j < 0) { 36 ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 37 return -1; 38 } 39 40 p = (unsigned char *)to; 41 42 /* If no padding start and end nibbles are in one byte */ 43 if (j == 0) { 44 *p++ = 0x6A; 45 } else { 46 *p++ = 0x6B; 47 if (j > 1) { 48 memset(p, 0xBB, j - 1); 49 p += j - 1; 50 } 51 *p++ = 0xBA; 52 } 53 memcpy(p, from, (unsigned int)flen); 54 p += flen; 55 *p = 0xCC; 56 return 1; 57 } 58 59 int RSA_padding_check_X931(unsigned char *to, int tlen, 60 const unsigned char *from, int flen, int num) 61 { 62 int i = 0, j; 63 const unsigned char *p; 64 65 p = from; 66 if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { 67 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_HEADER); 68 return -1; 69 } 70 71 if (*p++ == 0x6B) { 72 j = flen - 3; 73 for (i = 0; i < j; i++) { 74 unsigned char c = *p++; 75 if (c == 0xBA) 76 break; 77 if (c != 0xBB) { 78 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING); 79 return -1; 80 } 81 } 82 83 j -= i; 84 85 if (i == 0) { 86 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_PADDING); 87 return -1; 88 } 89 90 } else { 91 j = flen - 2; 92 } 93 94 if (p[j] != 0xCC) { 95 ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_TRAILER); 96 return -1; 97 } 98 99 memcpy(to, p, (unsigned int)j); 100 101 return j; 102 } 103 104 /* Translate between X931 hash ids and NIDs */ 105 106 int RSA_X931_hash_id(int nid) 107 { 108 switch (nid) { 109 case NID_sha1: 110 return 0x33; 111 112 case NID_sha256: 113 return 0x34; 114 115 case NID_sha384: 116 return 0x36; 117 118 case NID_sha512: 119 return 0x35; 120 121 } 122 return -1; 123 } 124