1 /* 2 * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "internal/cryptlib.h" 12 #include <openssl/bn.h> 13 #include <openssl/rsa.h> 14 #include <openssl/objects.h> 15 16 int RSA_padding_add_X931(unsigned char *to, int tlen, 17 const unsigned char *from, int flen) 18 { 19 int j; 20 unsigned char *p; 21 22 /* 23 * Absolute minimum amount of padding is 1 header nibble, 1 padding 24 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'. 25 */ 26 27 j = tlen - flen - 2; 28 29 if (j < 0) { 30 RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 31 return -1; 32 } 33 34 p = (unsigned char *)to; 35 36 /* If no padding start and end nibbles are in one byte */ 37 if (j == 0) { 38 *p++ = 0x6A; 39 } else { 40 *p++ = 0x6B; 41 if (j > 1) { 42 memset(p, 0xBB, j - 1); 43 p += j - 1; 44 } 45 *p++ = 0xBA; 46 } 47 memcpy(p, from, (unsigned int)flen); 48 p += flen; 49 *p = 0xCC; 50 return 1; 51 } 52 53 int RSA_padding_check_X931(unsigned char *to, int tlen, 54 const unsigned char *from, int flen, int num) 55 { 56 int i = 0, j; 57 const unsigned char *p; 58 59 p = from; 60 if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) { 61 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER); 62 return -1; 63 } 64 65 if (*p++ == 0x6B) { 66 j = flen - 3; 67 for (i = 0; i < j; i++) { 68 unsigned char c = *p++; 69 if (c == 0xBA) 70 break; 71 if (c != 0xBB) { 72 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); 73 return -1; 74 } 75 } 76 77 j -= i; 78 79 if (i == 0) { 80 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING); 81 return -1; 82 } 83 84 } else { 85 j = flen - 2; 86 } 87 88 if (p[j] != 0xCC) { 89 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); 90 return -1; 91 } 92 93 memcpy(to, p, (unsigned int)j); 94 95 return j; 96 } 97 98 /* Translate between X931 hash ids and NIDs */ 99 100 int RSA_X931_hash_id(int nid) 101 { 102 switch (nid) { 103 case NID_sha1: 104 return 0x33; 105 106 case NID_sha256: 107 return 0x34; 108 109 case NID_sha384: 110 return 0x36; 111 112 case NID_sha512: 113 return 0x35; 114 115 } 116 return -1; 117 } 118