Hello, I have gone over PDKIM and have updated/merged the files from PolarSSL to 0.12.1. This release features this change which might have relevance for pdkim.
* Fixed segfault on handling empty rsa_context in rsa_check_pubkey() and rsa_check_privkey() (found by code coverage tests). The test in sample/ still succeeds and no compile time warnigs were introduced. On a sidenote the whole updating process is not lovely. Do you have a smart script for that, or have you considered restructuring the code to make importing a new upstream version easier? thanks, cu andreas
>From 4ad8deb16a87fbdba6bb4efcfe643c077ebd5b22 Mon Sep 17 00:00:00 2001 From: Andreas Metzler <[email protected]> Date: Sat, 5 Dec 2009 18:55:36 +0100 Subject: [PATCH 1/2] Merge updated files from polarssl 0.12.1 (Part 1). --- base64.c | 6 +- base64.h | 9 ++- bignum.c | 75 +++++++++++++++++++---- bignum.h | 204 ++++++++++++++++++++++++++++++++++++++++++++++++++----------- bn_mul.h | 202 +++++++++++++++++++++++++++++++++---------------------------- sha1.c | 10 ++- sha1.h | 9 ++- sha2.c | 6 +- sha2.h | 5 +- 9 files changed, 367 insertions(+), 159 deletions(-) diff --git a/base64.c b/base64.c index eb7652e..948c691 100644 --- a/base64.c +++ b/base64.c @@ -1,9 +1,10 @@ /* * RFC 1521 base64 encoding/decoding * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -176,3 +177,4 @@ int base64_decode( unsigned char *dst, int *dlen, return( 0 ); } + diff --git a/base64.h b/base64.h index c837cd2..df5624e 100644 --- a/base64.h +++ b/base64.h @@ -1,9 +1,10 @@ /** * \file base64.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -22,8 +23,8 @@ #ifndef POLARSSL_BASE64_H #define POLARSSL_BASE64_H -#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010 -#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012 +#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL 0x0010 +#define POLARSSL_ERR_BASE64_INVALID_CHARACTER 0x0012 #ifdef __cplusplus extern "C" { diff --git a/bignum.c b/bignum.c index d9ea937..0d252d3 100644 --- a/bignum.c +++ b/bignum.c @@ -1,9 +1,10 @@ /* * Multi-precision integer library * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,6 +28,7 @@ * http://math.libtomcrypt.com/files/tommath.pdf */ + #include "bignum.h" #include "bn_mul.h" @@ -282,7 +284,15 @@ int mpi_read_string( mpi *X, int radix, char *s ) MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); MPI_CHK( mpi_mul_int( &T, X, radix ) ); - MPI_CHK( mpi_add_int( X, &T, d ) ); + + if( X->s == 1 ) + { + MPI_CHK( mpi_add_int( X, &T, d ) ); + } + else + { + MPI_CHK( mpi_sub_int( X, &T, d ) ); + } } } @@ -370,6 +380,10 @@ int mpi_write_string( mpi *X, int radix, char *s, int *slen ) else { MPI_CHK( mpi_copy( &T, X ) ); + + if( T.s == -1 ) + T.s = 1; + MPI_CHK( mpi_write_hlp( &T, radix, &p ) ); } @@ -671,6 +685,11 @@ int mpi_add_abs( mpi *X, mpi *A, mpi *B ) if( X != A ) MPI_CHK( mpi_copy( X, A ) ); + + /* + * X should always be positive as a result of unsigned additions. + */ + X->s = 1; for( j = B->n - 1; j >= 0; j-- ) if( B->p[j] != 0 ) @@ -745,6 +764,11 @@ int mpi_sub_abs( mpi *X, mpi *A, mpi *B ) if( X != A ) MPI_CHK( mpi_copy( X, A ) ); + /* + * X should always be positive as a result of unsigned substractions. + */ + X->s = 1; + ret = 0; for( n = B->n - 1; n >= 0; n-- ) @@ -856,7 +880,7 @@ int mpi_sub_int( mpi *X, mpi *A, int b ) /* * Helper for mpi multiplication - */ + */ static void mpi_mul_hlp( int i, t_int *s, t_int *d, t_int b ) { t_int c = 0, t = 0; @@ -1158,6 +1182,9 @@ int mpi_mod_mpi( mpi *R, mpi *A, mpi *B ) { int ret; + if( mpi_cmp_int( B, 0 ) < 0 ) + return POLARSSL_ERR_MPI_NEGATIVE_VALUE; + MPI_CHK( mpi_div_mpi( NULL, R, A, B ) ); while( mpi_cmp_int( R, 0 ) < 0 ) @@ -1183,7 +1210,7 @@ int mpi_mod_int( t_int *r, mpi *A, int b ) return( POLARSSL_ERR_MPI_DIVISION_BY_ZERO ); if( b < 0 ) - b = -b; + return POLARSSL_ERR_MPI_NEGATIVE_VALUE; /* * handle trivial cases @@ -1216,6 +1243,13 @@ int mpi_mod_int( t_int *r, mpi *A, int b ) y -= z * b; } + /* + * If A is negative, then the current y represents a negative value. + * Flipping it to the positive side. + */ + if( A->s < 0 && y != 0 ) + y = b - y; + *r = y; return( 0 ); @@ -1362,7 +1396,7 @@ int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR ) for( i = 0; i < wsize - 1; i++ ) mpi_montmul( &W[j], &W[j], N, mm, &T ); - + /* * W[i] = W[i - 1] * W[1] */ @@ -1472,21 +1506,29 @@ cleanup: */ int mpi_gcd( mpi *G, mpi *A, mpi *B ) { - int ret; + int ret, lz, lzt; mpi TG, TA, TB; mpi_init( &TG, &TA, &TB, NULL ); - MPI_CHK( mpi_lset( &TG, 1 ) ); MPI_CHK( mpi_copy( &TA, A ) ); MPI_CHK( mpi_copy( &TB, B ) ); + lz = mpi_lsb( &TA ); + lzt = mpi_lsb( &TB ); + + if ( lzt < lz ) + lz = lzt; + + MPI_CHK( mpi_shift_r( &TA, lz ) ); + MPI_CHK( mpi_shift_r( &TB, lz ) ); + TA.s = TB.s = 1; while( mpi_cmp_int( &TA, 0 ) != 0 ) { - while( ( TA.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TA, 1 ) ); - while( ( TB.p[0] & 1 ) == 0 ) MPI_CHK( mpi_shift_r( &TB, 1 ) ); + MPI_CHK( mpi_shift_r( &TA, mpi_lsb( &TA ) ) ); + MPI_CHK( mpi_shift_r( &TB, mpi_lsb( &TB ) ) ); if( mpi_cmp_mpi( &TA, &TB ) >= 0 ) { @@ -1500,7 +1542,8 @@ int mpi_gcd( mpi *G, mpi *A, mpi *B ) } } - MPI_CHK( mpi_mul_mpi( G, &TG, &TB ) ); + MPI_CHK( mpi_shift_l( &TB, lz ) ); + MPI_CHK( mpi_copy( G, &TB ) ); cleanup: @@ -1509,6 +1552,8 @@ cleanup: return( ret ); } +#if defined(POLARSSL_GENPRIME) + /* * Modular inverse: X = A^-1 mod N (HAC 14.61 / 14.64) */ @@ -1636,7 +1681,11 @@ int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ) mpi W, R, T, A, RR; unsigned char *p; - if( mpi_cmp_int( X, 0 ) == 0 ) + if( mpi_cmp_int( X, 0 ) == 0 || + mpi_cmp_int( X, 1 ) == 0 ) + return( POLARSSL_ERR_MPI_NOT_ACCEPTABLE ); + + if( mpi_cmp_int( X, 2 ) == 0 ) return( 0 ); mpi_init( &W, &R, &T, &A, &RR, NULL ); @@ -1809,3 +1858,5 @@ cleanup: return( ret ); } + +#endif diff --git a/bignum.h b/bignum.h index 5e71876..2139c5c 100644 --- a/bignum.h +++ b/bignum.h @@ -1,9 +1,10 @@ /** * \file bignum.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,13 +25,13 @@ #include <stdio.h> -#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 -#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 -#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 -#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 -#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A -#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C -#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E +#define POLARSSL_ERR_MPI_FILE_IO_ERROR 0x0002 +#define POLARSSL_ERR_MPI_BAD_INPUT_DATA 0x0004 +#define POLARSSL_ERR_MPI_INVALID_CHARACTER 0x0006 +#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL 0x0008 +#define POLARSSL_ERR_MPI_NEGATIVE_VALUE 0x000A +#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO 0x000C +#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE 0x000E #define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup @@ -54,7 +55,9 @@ typedef unsigned long t_dbl; defined(__ia64__) || defined(__alpha__) typedef unsigned int t_dbl __attribute__((mode(TI))); #else - typedef unsigned long long t_dbl; + #if defined(POLARSSL_HAVE_LONGLONG) + typedef unsigned long long t_dbl; + #endif #endif #endif #endif @@ -88,6 +91,9 @@ void mpi_free( mpi *X, ... ); /** * \brief Enlarge to the specified number of limbs * + * \param X MPI to grow + * \param nblimbs The target number of limbs + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -96,6 +102,9 @@ int mpi_grow( mpi *X, int nblimbs ); /** * \brief Copy the contents of Y into X * + * \param X Destination MPI + * \param Y Source MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -103,12 +112,18 @@ int mpi_copy( mpi *X, mpi *Y ); /** * \brief Swap the contents of X and Y + * + * \param X First MPI value + * \param Y Second MPI value */ void mpi_swap( mpi *X, mpi *Y ); /** * \brief Set value from integer * + * \param X MPI to set + * \param z Value to use + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -116,25 +131,31 @@ int mpi_lset( mpi *X, int z ); /** * \brief Return the number of least significant bits + * + * \param X MPI to use */ int mpi_lsb( mpi *X ); /** * \brief Return the number of most significant bits + * + * \param X MPI to use */ int mpi_msb( mpi *X ); /** * \brief Return the total size in bytes + * + * \param X MPI to use */ int mpi_size( mpi *X ); /** * \brief Import from an ASCII string * - * \param X destination mpi - * \param radix input numeric base - * \param s null-terminated string buffer + * \param X Destination MPI + * \param radix Input numeric base + * \param s Null-terminated string buffer * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code */ @@ -143,10 +164,10 @@ int mpi_read_string( mpi *X, int radix, char *s ); /** * \brief Export into an ASCII string * - * \param X source mpi - * \param radix output numeric base - * \param s string buffer - * \param slen string buffer size + * \param X Source MPI + * \param radix Output numeric base + * \param s String buffer + * \param slen String buffer size * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * @@ -158,21 +179,21 @@ int mpi_write_string( mpi *X, int radix, char *s, int *slen ); /** * \brief Read X from an opened file * - * \param X destination mpi - * \param radix input numeric base - * \param fin input file handle + * \param X Destination MPI + * \param radix Input numeric base + * \param fin Input file handle * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code */ int mpi_read_file( mpi *X, int radix, FILE *fin ); /** - * \brief Write X into an opened file, or stdout + * \brief Write X into an opened file, or stdout if fout is NULL * - * \param p prefix, can be NULL - * \param X source mpi - * \param radix output numeric base - * \param fout output file handle + * \param p Prefix, can be NULL + * \param X Source MPI + * \param radix Output numeric base + * \param fout Output file handle (can be NULL) * * \return 0 if successful, or an POLARSSL_ERR_MPI_XXX error code * @@ -183,9 +204,9 @@ int mpi_write_file( char *p, mpi *X, int radix, FILE *fout ); /** * \brief Import X from unsigned binary data, big endian * - * \param X destination mpi - * \param buf input buffer - * \param buflen input buffer size + * \param X Destination MPI + * \param buf Input buffer + * \param buflen Input buffer size * * \return 0 if successful, * 1 if memory allocation failed @@ -195,21 +216,21 @@ int mpi_read_binary( mpi *X, unsigned char *buf, int buflen ); /** * \brief Export X into unsigned binary data, big endian * - * \param X source mpi - * \param buf output buffer - * \param buflen output buffer size + * \param X Source MPI + * \param buf Output buffer + * \param buflen Output buffer size * * \return 0 if successful, * POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough - * - * \note Call this function with *buflen = 0 to obtain the - * minimum required buffer size in *buflen. */ int mpi_write_binary( mpi *X, unsigned char *buf, int buflen ); /** * \brief Left-shift: X <<= count * + * \param X MPI to shift + * \param count Amount to shift + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -218,6 +239,9 @@ int mpi_shift_l( mpi *X, int count ); /** * \brief Right-shift: X >>= count * + * \param X MPI to shift + * \param count Amount to shift + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -226,6 +250,9 @@ int mpi_shift_r( mpi *X, int count ); /** * \brief Compare unsigned values * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * * \return 1 if |X| is greater than |Y|, * -1 if |X| is lesser than |Y| or * 0 if |X| is equal to |Y| @@ -235,6 +262,9 @@ int mpi_cmp_abs( mpi *X, mpi *Y ); /** * \brief Compare signed values * + * \param X Left-hand MPI + * \param Y Right-hand MPI + * * \return 1 if X is greater than Y, * -1 if X is lesser than Y or * 0 if X is equal to Y @@ -244,6 +274,9 @@ int mpi_cmp_mpi( mpi *X, mpi *Y ); /** * \brief Compare signed values * + * \param X Left-hand MPI + * \param z The integer value to compare to + * * \return 1 if X is greater than z, * -1 if X is lesser than z or * 0 if X is equal to z @@ -253,6 +286,10 @@ int mpi_cmp_int( mpi *X, int z ); /** * \brief Unsigned addition: X = |A| + |B| * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -261,6 +298,10 @@ int mpi_add_abs( mpi *X, mpi *A, mpi *B ); /** * \brief Unsigned substraction: X = |A| - |B| * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A */ @@ -269,6 +310,10 @@ int mpi_sub_abs( mpi *X, mpi *A, mpi *B ); /** * \brief Signed addition: X = A + B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -277,6 +322,10 @@ int mpi_add_mpi( mpi *X, mpi *A, mpi *B ); /** * \brief Signed substraction: X = A - B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -285,6 +334,10 @@ int mpi_sub_mpi( mpi *X, mpi *A, mpi *B ); /** * \brief Signed addition: X = A + b * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to add + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -293,6 +346,10 @@ int mpi_add_int( mpi *X, mpi *A, int b ); /** * \brief Signed substraction: X = A - b * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to subtract + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -301,6 +358,10 @@ int mpi_sub_int( mpi *X, mpi *A, int b ); /** * \brief Baseline multiplication: X = A * B * + * \param X Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -308,6 +369,12 @@ int mpi_mul_mpi( mpi *X, mpi *A, mpi *B ); /** * \brief Baseline multiplication: X = A * b + * Note: b is an unsigned integer type, thus + * Negative values of b are ignored. + * + * \param X Destination MPI + * \param A Left-hand MPI + * \param b The integer value to multiply with * * \return 0 if successful, * 1 if memory allocation failed @@ -317,6 +384,11 @@ int mpi_mul_int( mpi *X, mpi *A, t_int b ); /** * \brief Division by mpi: A = Q * B + R * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0 @@ -328,6 +400,11 @@ int mpi_div_mpi( mpi *Q, mpi *R, mpi *A, mpi *B ); /** * \brief Division by int: A = Q * b + R * + * \param Q Destination MPI for the quotient + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param b Integer to divide by + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 @@ -339,24 +416,40 @@ int mpi_div_int( mpi *Q, mpi *R, mpi *A, int b ); /** * \brief Modulo: R = A mod B * + * \param R Destination MPI for the rest value + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, - * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0 + * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0, + * POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0 */ int mpi_mod_mpi( mpi *R, mpi *A, mpi *B ); /** * \brief Modulo: r = A mod b * + * \param a Destination t_int + * \param A Left-hand MPI + * \param b Integer to divide by + * * \return 0 if successful, * 1 if memory allocation failed, - * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0 + * POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0, + * POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0 */ int mpi_mod_int( t_int *r, mpi *A, int b ); /** * \brief Sliding-window exponentiation: X = A^E mod N * + * \param X Destination MPI + * \param A Left-hand MPI + * \param E Exponent MPI + * \param N Modular MPI + * \param _RR Speed-up MPI used for recalculations + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even @@ -370,6 +463,10 @@ int mpi_exp_mod( mpi *X, mpi *A, mpi *E, mpi *N, mpi *_RR ); /** * \brief Greatest common divisor: G = gcd(A, B) * + * \param G Destination MPI + * \param A Left-hand MPI + * \param B Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed */ @@ -378,13 +475,46 @@ int mpi_gcd( mpi *G, mpi *A, mpi *B ); /** * \brief Modular inverse: X = A^-1 mod N * + * \param X Destination MPI + * \param A Left-hand MPI + * \param N Right-hand MPI + * * \return 0 if successful, * 1 if memory allocation failed, * POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil - * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N + POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N */ int mpi_inv_mod( mpi *X, mpi *A, mpi *N ); +/** + * \brief Miller-Rabin primality test + * + * \param X MPI to check + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * 1 if memory allocation failed, + * POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime + */ +int mpi_is_prime( mpi *X, int (*f_rng)(void *), void *p_rng ); + +/** + * \brief Prime number generation + * + * \param X Destination MPI + * \param nbits Required size of X in bits + * \param dh_flag If 1, then (X-1)/2 will be prime too + * \param f_rng RNG function + * \param p_rng RNG parameter + * + * \return 0 if successful (probably prime), + * 1 if memory allocation failed, + * POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3 + */ +int mpi_gen_prime( mpi *X, int nbits, int dh_flag, + int (*f_rng)(void *), void *p_rng ); + #ifdef __cplusplus } #endif diff --git a/bn_mul.h b/bn_mul.h index c9737f6..8f86ccf 100644 --- a/bn_mul.h +++ b/bn_mul.h @@ -1,9 +1,10 @@ /** * \file bn_mul.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -41,105 +42,120 @@ #if defined(__GNUC__) #if defined(__i386__) -#define MULADDC_INIT \ - asm( "movl %%ebx, %0 " : "=m" (t)); \ - asm( "movl %0, %%esi " :: "m" (s)); \ - asm( "movl %0, %%edi " :: "m" (d)); \ - asm( "movl %0, %%ecx " :: "m" (c)); \ - asm( "movl %0, %%ebx " :: "m" (b)); - -#define MULADDC_CORE \ - asm( "lodsl " ); \ - asm( "mull %ebx " ); \ - asm( "addl %ecx, %eax " ); \ - asm( "adcl $0, %edx " ); \ - asm( "addl (%edi), %eax " ); \ - asm( "adcl $0, %edx " ); \ - asm( "movl %edx, %ecx " ); \ - asm( "stosl " ); +#define MULADDC_INIT \ + asm( " \ + movl %%ebx, %0; \ + movl %5, %%esi; \ + movl %6, %%edi; \ + movl %7, %%ecx; \ + movl %8, %%ebx; \ + " + +#define MULADDC_CORE \ + " \ + lodsl; \ + mull %%ebx; \ + addl %%ecx, %%eax; \ + adcl $0, %%edx; \ + addl (%%edi), %%eax; \ + adcl $0, %%edx; \ + movl %%edx, %%ecx; \ + stosl; \ + " #if defined(POLARSSL_HAVE_SSE2) -#define MULADDC_HUIT \ - asm( "movd %ecx, %mm1 " ); \ - asm( "movd %ebx, %mm0 " ); \ - asm( "movd (%edi), %mm3 " ); \ - asm( "paddq %mm3, %mm1 " ); \ - asm( "movd (%esi), %mm2 " ); \ - asm( "pmuludq %mm0, %mm2 " ); \ - asm( "movd 4(%esi), %mm4 " ); \ - asm( "pmuludq %mm0, %mm4 " ); \ - asm( "movd 8(%esi), %mm6 " ); \ - asm( "pmuludq %mm0, %mm6 " ); \ - asm( "movd 12(%esi), %mm7 " ); \ - asm( "pmuludq %mm0, %mm7 " ); \ - asm( "paddq %mm2, %mm1 " ); \ - asm( "movd 4(%edi), %mm3 " ); \ - asm( "paddq %mm4, %mm3 " ); \ - asm( "movd 8(%edi), %mm5 " ); \ - asm( "paddq %mm6, %mm5 " ); \ - asm( "movd 12(%edi), %mm4 " ); \ - asm( "paddq %mm4, %mm7 " ); \ - asm( "movd %mm1, (%edi) " ); \ - asm( "movd 16(%esi), %mm2 " ); \ - asm( "pmuludq %mm0, %mm2 " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "movd 20(%esi), %mm4 " ); \ - asm( "pmuludq %mm0, %mm4 " ); \ - asm( "paddq %mm3, %mm1 " ); \ - asm( "movd 24(%esi), %mm6 " ); \ - asm( "pmuludq %mm0, %mm6 " ); \ - asm( "movd %mm1, 4(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "movd 28(%esi), %mm3 " ); \ - asm( "pmuludq %mm0, %mm3 " ); \ - asm( "paddq %mm5, %mm1 " ); \ - asm( "movd 16(%edi), %mm5 " ); \ - asm( "paddq %mm5, %mm2 " ); \ - asm( "movd %mm1, 8(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "paddq %mm7, %mm1 " ); \ - asm( "movd 20(%edi), %mm5 " ); \ - asm( "paddq %mm5, %mm4 " ); \ - asm( "movd %mm1, 12(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "paddq %mm2, %mm1 " ); \ - asm( "movd 24(%edi), %mm5 " ); \ - asm( "paddq %mm5, %mm6 " ); \ - asm( "movd %mm1, 16(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "paddq %mm4, %mm1 " ); \ - asm( "movd 28(%edi), %mm5 " ); \ - asm( "paddq %mm5, %mm3 " ); \ - asm( "movd %mm1, 20(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "paddq %mm6, %mm1 " ); \ - asm( "movd %mm1, 24(%edi) " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "paddq %mm3, %mm1 " ); \ - asm( "movd %mm1, 28(%edi) " ); \ - asm( "addl $32, %edi " ); \ - asm( "addl $32, %esi " ); \ - asm( "psrlq $32, %mm1 " ); \ - asm( "movd %mm1, %ecx " ); - -#define MULADDC_STOP \ - asm( "emms " ); \ - asm( "movl %0, %%ebx " :: "m" (t)); \ - asm( "movl %%ecx, %0 " : "=m" (c)); \ - asm( "movl %%edi, %0 " : "=m" (d)); \ - asm( "movl %%esi, %0 " : "=m" (s) :: \ - "eax", "ecx", "edx", "esi", "edi" ); +#define MULADDC_HUIT \ + " \ + movd %%ecx, %%mm1; \ + movd %%ebx, %%mm0; \ + movd (%%edi), %%mm3; \ + paddq %%mm3, %%mm1; \ + movd (%%esi), %%mm2; \ + pmuludq %%mm0, %%mm2; \ + movd 4(%%esi), %%mm4; \ + pmuludq %%mm0, %%mm4; \ + movd 8(%%esi), %%mm6; \ + pmuludq %%mm0, %%mm6; \ + movd 12(%%esi), %%mm7; \ + pmuludq %%mm0, %%mm7; \ + paddq %%mm2, %%mm1; \ + movd 4(%%edi), %%mm3; \ + paddq %%mm4, %%mm3; \ + movd 8(%%edi), %%mm5; \ + paddq %%mm6, %%mm5; \ + movd 12(%%edi), %%mm4; \ + paddq %%mm4, %%mm7; \ + movd %%mm1, (%%edi); \ + movd 16(%%esi), %%mm2; \ + pmuludq %%mm0, %%mm2; \ + psrlq $32, %%mm1; \ + movd 20(%%esi), %%mm4; \ + pmuludq %%mm0, %%mm4; \ + paddq %%mm3, %%mm1; \ + movd 24(%%esi), %%mm6; \ + pmuludq %%mm0, %%mm6; \ + movd %%mm1, 4(%%edi); \ + psrlq $32, %%mm1; \ + movd 28(%%esi), %%mm3; \ + pmuludq %%mm0, %%mm3; \ + paddq %%mm5, %%mm1; \ + movd 16(%%edi), %%mm5; \ + paddq %%mm5, %%mm2; \ + movd %%mm1, 8(%%edi); \ + psrlq $32, %%mm1; \ + paddq %%mm7, %%mm1; \ + movd 20(%%edi), %%mm5; \ + paddq %%mm5, %%mm4; \ + movd %%mm1, 12(%%edi); \ + psrlq $32, %%mm1; \ + paddq %%mm2, %%mm1; \ + movd 24(%%edi), %%mm5; \ + paddq %%mm5, %%mm6; \ + movd %%mm1, 16(%%edi); \ + psrlq $32, %%mm1; \ + paddq %%mm4, %%mm1; \ + movd 28(%%edi), %%mm5; \ + paddq %%mm5, %%mm3; \ + movd %%mm1, 20(%%edi); \ + psrlq $32, %%mm1; \ + paddq %%mm6, %%mm1; \ + movd %%mm1, 24(%%edi); \ + psrlq $32, %%mm1; \ + paddq %%mm3, %%mm1; \ + movd %%mm1, 28(%%edi); \ + addl $32, %%edi; \ + addl $32, %%esi; \ + psrlq $32, %%mm1; \ + movd %%mm1, %%ecx; \ + " + +#define MULADDC_STOP \ + " \ + emms; \ + movl %4, %%ebx; \ + movl %%ecx, %1; \ + movl %%edi, %2; \ + movl %%esi, %3; \ + " \ + : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ + : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ + : "eax", "ecx", "edx", "esi", "edi" \ + ); #else -#define MULADDC_STOP \ - asm( "movl %0, %%ebx " :: "m" (t)); \ - asm( "movl %%ecx, %0 " : "=m" (c)); \ - asm( "movl %%edi, %0 " : "=m" (d)); \ - asm( "movl %%esi, %0 " : "=m" (s) :: \ - "eax", "ecx", "edx", "esi", "edi" ); - +#define MULADDC_STOP \ + " \ + movl %4, %%ebx; \ + movl %%ecx, %1; \ + movl %%edi, %2; \ + movl %%esi, %3; \ + " \ + : "=m" (t), "=m" (c), "=m" (d), "=m" (s) \ + : "m" (t), "m" (s), "m" (d), "m" (c), "m" (b) \ + : "eax", "ecx", "edx", "esi", "edi" \ + ); #endif /* SSE2 */ #endif /* i386 */ diff --git a/sha1.c b/sha1.c index f4a12e3..fcda11e 100644 --- a/sha1.c +++ b/sha1.c @@ -1,9 +1,10 @@ /* * FIPS-180-1 compliant SHA-1 implementation * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -308,7 +309,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] ) /* * output = SHA-1( input buffer ) */ -void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] ) +void sha1( unsigned char *input, int ilen, unsigned char output[20] ) { sha1_context ctx; @@ -361,7 +362,7 @@ void sha1_hmac_starts( sha1_context *ctx, unsigned char *key, int keylen ) if( keylen > 64 ) { - sha1_oneshot( key, keylen, sum ); + sha1( key, keylen, sum ); keylen = 20; key = sum; } @@ -420,3 +421,4 @@ void sha1_hmac( unsigned char *key, int keylen, memset( &ctx, 0, sizeof( sha1_context ) ); } + diff --git a/sha1.h b/sha1.h index 84f1f51..8d5c394 100644 --- a/sha1.h +++ b/sha1.h @@ -1,9 +1,10 @@ /** * \file sha1.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,6 +26,7 @@ /** * \brief SHA-1 context structure */ + #ifndef HAVE_SHA1_CONTEXT #define HAVE_SHA1_CONTEXT typedef struct sha1_context sha1_context; @@ -40,6 +42,7 @@ struct sha1_context unsigned char opad[64]; /*!< HMAC: outer padding */ }; + #ifdef __cplusplus extern "C" { #endif @@ -75,7 +78,7 @@ void sha1_finish( sha1_context *ctx, unsigned char output[20] ); * \param ilen length of the input data * \param output SHA-1 checksum result */ -void sha1_oneshot( unsigned char *input, int ilen, unsigned char output[20] ); +void sha1( unsigned char *input, int ilen, unsigned char output[20] ); /** * \brief Output = SHA-1( file contents ) diff --git a/sha2.c b/sha2.c index e030f27..ed6d7ad 100644 --- a/sha2.c +++ b/sha2.c @@ -1,9 +1,10 @@ /* * FIPS-180-2 compliant SHA-256 implementation * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -427,3 +428,4 @@ void sha2_hmac( unsigned char *key, int keylen, memset( &ctx, 0, sizeof( sha2_context ) ); } + diff --git a/sha2.h b/sha2.h index 88ba1f5..8996093 100644 --- a/sha2.h +++ b/sha2.h @@ -1,9 +1,10 @@ /** * \file sha2.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by -- 1.6.3.3
>From 2914cf65b6ee06ac503b2e5b424b9aac96b7fbad Mon Sep 17 00:00:00 2001 From: Andreas Metzler <[email protected]> Date: Sat, 5 Dec 2009 18:57:19 +0100 Subject: [PATCH 2/2] Merge updated files from polarssl 0.12.1 (Part 2). --- pdkim.c | 4 +- rsa.c | 115 ++++++++++++++++++++++++++++++++++++++++----------------- rsa.h | 126 ++++++++++++++++++++++++++++++++++++++++++++++----------------- 3 files changed, 174 insertions(+), 71 deletions(-) diff --git a/pdkim.c b/pdkim.c index 53d1c5a..b661e99 100644 --- a/pdkim.c +++ b/pdkim.c @@ -1494,7 +1494,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu if (rsa_pkcs1_sign( &rsa, RSA_PRIVATE, ((sig->algo == PDKIM_ALGO_RSA_SHA1)? - RSA_SHA1:RSA_SHA256), + SIG_RSA_SHA1:SIG_RSA_SHA256), 0, (unsigned char *)headerhash, (unsigned char *)sig->sigdata ) != 0) { @@ -1588,7 +1588,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu if (rsa_pkcs1_verify(&rsa, RSA_PUBLIC, ((sig->algo == PDKIM_ALGO_RSA_SHA1)? - RSA_SHA1:RSA_SHA256), + SIG_RSA_SHA1:SIG_RSA_SHA256), 0, (unsigned char *)headerhash, (unsigned char *)sig->sigdata) != 0) { diff --git a/rsa.c b/rsa.c index 2abec04..9fe6918 100644 --- a/rsa.c +++ b/rsa.c @@ -1,9 +1,10 @@ /* * The RSA public-key cryptosystem * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -34,6 +35,7 @@ #include <stdio.h> +/* *************** begin copy from x509parse.c ********************/ /* * ASN.1 DER decoding routines */ @@ -131,6 +133,8 @@ static int asn1_get_mpi( unsigned char **p, return( ret ); } +/* *************** end copy from x509parse.c ********************/ + /* @@ -157,7 +161,10 @@ void rsa_init( rsa_context *ctx, */ int rsa_check_pubkey( rsa_context *ctx ) { - if( ( ctx->N.p[0] & 1 ) == 0 || + if( !ctx->N.p || !ctx->E.p ) + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + + if( ( ctx->N.p[0] & 1 ) == 0 || ( ctx->E.p[0] & 1 ) == 0 ) return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); @@ -183,6 +190,9 @@ int rsa_check_privkey( rsa_context *ctx ) if( ( ret = rsa_check_pubkey( ctx ) ) != 0 ) return( ret ); + if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) + return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED ); + mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL ); MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); @@ -353,11 +363,11 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, int mode, int *olen, unsigned char *input, unsigned char *output, - int output_max_len) + int output_max_len) { int ret, ilen; unsigned char *p; - unsigned char buf[512]; + unsigned char buf[1024]; ilen = ctx->len; @@ -395,7 +405,7 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, } if (ilen - (int)(p - buf) > output_max_len) - return( POLARSSL_ERR_RSA_OUTPUT_TO_LARGE ); + return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE ); *olen = ilen - (int)(p - buf); memcpy( output, p, *olen ); @@ -424,24 +434,37 @@ int rsa_pkcs1_sign( rsa_context *ctx, switch( hash_id ) { - case RSA_RAW: + case SIG_RSA_RAW: nb_pad = olen - 3 - hashlen; break; - case RSA_MD2: - case RSA_MD4: - case RSA_MD5: - nb_pad = olen - 3 - 16 - 18; + case SIG_RSA_MD2: + case SIG_RSA_MD4: + case SIG_RSA_MD5: + nb_pad = olen - 3 - 34; + break; + + case SIG_RSA_SHA1: + nb_pad = olen - 3 - 35; + break; + + case SIG_RSA_SHA224: + nb_pad = olen - 3 - 47; + break; + + case SIG_RSA_SHA256: + nb_pad = olen - 3 - 51; break; - case RSA_SHA1: - nb_pad = olen - 3 - 20 - 15; + case SIG_RSA_SHA384: + nb_pad = olen - 3 - 67; break; - case RSA_SHA256: - nb_pad = olen - 3 - 32 - 19; + case SIG_RSA_SHA512: + nb_pad = olen - 3 - 83; break; + default: return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); } @@ -463,34 +486,49 @@ int rsa_pkcs1_sign( rsa_context *ctx, switch( hash_id ) { - case RSA_RAW: + case SIG_RSA_RAW: memcpy( p, hash, hashlen ); break; - case RSA_MD2: + case SIG_RSA_MD2: memcpy( p, ASN1_HASH_MDX, 18 ); memcpy( p + 18, hash, 16 ); p[13] = 2; break; - case RSA_MD4: + case SIG_RSA_MD4: memcpy( p, ASN1_HASH_MDX, 18 ); memcpy( p + 18, hash, 16 ); p[13] = 4; break; - case RSA_MD5: + case SIG_RSA_MD5: memcpy( p, ASN1_HASH_MDX, 18 ); memcpy( p + 18, hash, 16 ); p[13] = 5; break; - case RSA_SHA1: + case SIG_RSA_SHA1: memcpy( p, ASN1_HASH_SHA1, 15 ); memcpy( p + 15, hash, 20 ); break; - case RSA_SHA256: - memcpy( p, ASN1_HASH_SHA256, 19 ); + case SIG_RSA_SHA224: + memcpy( p, ASN1_HASH_SHA2X, 19 ); + memcpy( p + 19, hash, 28 ); + p[1] += 28; p[14] = 4; p[18] += 28; break; + + case SIG_RSA_SHA256: + memcpy( p, ASN1_HASH_SHA2X, 19 ); memcpy( p + 19, hash, 32 ); - break; + p[1] += 32; p[14] = 1; p[18] += 32; break; + + case SIG_RSA_SHA384: + memcpy( p, ASN1_HASH_SHA2X, 19 ); + memcpy( p + 19, hash, 48 ); + p[1] += 48; p[14] = 2; p[18] += 48; break; + + case SIG_RSA_SHA512: + memcpy( p, ASN1_HASH_SHA2X, 19 ); + memcpy( p + 19, hash, 64 ); + p[1] += 64; p[14] = 3; p[18] += 64; break; default: return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); @@ -513,7 +551,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, { int ret, len, siglen; unsigned char *p, c; - unsigned char buf[512]; + unsigned char buf[1024]; siglen = ctx->len; @@ -560,18 +598,18 @@ int rsa_pkcs1_verify( rsa_context *ctx, if( memcmp( p, ASN1_HASH_MDX, 18 ) != 0 ) return( POLARSSL_ERR_RSA_VERIFY_FAILED ); - if( ( c == 2 && hash_id == RSA_MD2 ) || - ( c == 4 && hash_id == RSA_MD4 ) || - ( c == 5 && hash_id == RSA_MD5 ) ) + if( ( c == 2 && hash_id == SIG_RSA_MD2 ) || + ( c == 4 && hash_id == SIG_RSA_MD4 ) || + ( c == 5 && hash_id == SIG_RSA_MD5 ) ) { - if( memcmp( p + 18, hash, 16 ) == 0 ) + if( memcmp( p + 18, hash, 16 ) == 0 ) return( 0 ); else return( POLARSSL_ERR_RSA_VERIFY_FAILED ); } } - if( len == 35 && hash_id == RSA_SHA1 ) + if( len == 35 && hash_id == SIG_RSA_SHA1 ) { if( memcmp( p, ASN1_HASH_SHA1, 15 ) == 0 && memcmp( p + 15, hash, 20 ) == 0 ) @@ -579,17 +617,24 @@ int rsa_pkcs1_verify( rsa_context *ctx, else return( POLARSSL_ERR_RSA_VERIFY_FAILED ); } - - if( len == 51 && hash_id == RSA_SHA256 ) + if( ( len == 19 + 28 && p[14] == 4 && hash_id == SIG_RSA_SHA224 ) || + ( len == 19 + 32 && p[14] == 1 && hash_id == SIG_RSA_SHA256 ) || + ( len == 19 + 48 && p[14] == 2 && hash_id == SIG_RSA_SHA384 ) || + ( len == 19 + 64 && p[14] == 3 && hash_id == SIG_RSA_SHA512 ) ) { - if( memcmp( p, ASN1_HASH_SHA256, 19 ) == 0 && - memcmp( p + 19, hash, 32 ) == 0 ) + c = p[1] - 17; + p[1] = 17; + p[14] = 0; + + if( p[18] == c && + memcmp( p, ASN1_HASH_SHA2X, 18 ) == 0 && + memcmp( p + 19, hash, c ) == 0 ) return( 0 ); else return( POLARSSL_ERR_RSA_VERIFY_FAILED ); } - if( len == hashlen && hash_id == RSA_RAW ) + if( len == hashlen && hash_id == SIG_RSA_RAW ) { if( memcmp( p, hash, hashlen ) == 0 ) return( 0 ); @@ -611,7 +656,6 @@ void rsa_free( rsa_context *ctx ) &ctx->E, &ctx->N, NULL ); } - /* * Parse a public RSA key @@ -818,3 +862,4 @@ int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen, return( 0 ); } + diff --git a/rsa.h b/rsa.h index f3ba0cd..75626c7 100644 --- a/rsa.h +++ b/rsa.h @@ -1,9 +1,10 @@ /** * \file rsa.h * - * Based on XySSL: Copyright (C) 2006-2008 Christophe Devine + * Copyright (C) 2006-2009, Paul Bakker <polarssl_maintainer at polarssl.org> + * All rights reserved. * - * Copyright (C) 2009 Paul Bakker <polarssl_maintainer at polarssl dot org> + * Joined copyright on original XySSL code with: Christophe Devine * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -24,6 +25,9 @@ #include "bignum.h" +/* + * RSA Error codes + */ #define POLARSSL_ERR_RSA_BAD_INPUT_DATA -0x0400 #define POLARSSL_ERR_RSA_INVALID_PADDING -0x0410 #define POLARSSL_ERR_RSA_KEY_GEN_FAILED -0x0420 @@ -31,14 +35,24 @@ #define POLARSSL_ERR_RSA_PUBLIC_FAILED -0x0440 #define POLARSSL_ERR_RSA_PRIVATE_FAILED -0x0450 #define POLARSSL_ERR_RSA_VERIFY_FAILED -0x0460 -#define POLARSSL_ERR_RSA_OUTPUT_TO_LARGE -0x0470 +#define POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE -0x0470 -#define POLARSSL_ERR_ASN1_OUT_OF_DATA -0x0014 -#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 -#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 -#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A -#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C +/* *************** begin copy from x509.h ************************/ +/* + * ASN1 Error codes + * + * These error codes will be OR'ed to X509 error codes for + * higher error granularity. + */ +#define POLARSSL_ERR_ASN1_OUT_OF_DATA 0x0014 +#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG 0x0016 +#define POLARSSL_ERR_ASN1_INVALID_LENGTH 0x0018 +#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH 0x001A +#define POLARSSL_ERR_ASN1_INVALID_DATA 0x001C +/* + * X509 Error codes + */ #define POLARSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 #define POLARSSL_ERR_X509_CERT_INVALID_PEM -0x0040 #define POLARSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 @@ -87,15 +101,20 @@ #define ASN1_CONSTRUCTED 0x20 #define ASN1_CONTEXT_SPECIFIC 0x80 +/* *************** end copy from x509.h ************************/ + /* * PKCS#1 constants */ -#define RSA_RAW 0 -#define RSA_MD2 2 -#define RSA_MD4 3 -#define RSA_MD5 4 -#define RSA_SHA1 5 -#define RSA_SHA256 6 +#define SIG_RSA_RAW 0 +#define SIG_RSA_MD2 2 +#define SIG_RSA_MD4 3 +#define SIG_RSA_MD5 4 +#define SIG_RSA_SHA1 5 +#define SIG_RSA_SHA224 14 +#define SIG_RSA_SHA256 11 +#define SIG_RSA_SHA384 12 +#define SIG_RSA_SHA512 13 #define RSA_PUBLIC 0 #define RSA_PRIVATE 1 @@ -106,6 +125,29 @@ #define RSA_SIGN 1 #define RSA_CRYPT 2 +#define ASN1_STR_CONSTRUCTED_SEQUENCE "\x30" +#define ASN1_STR_NULL "\x05" +#define ASN1_STR_OID "\x06" +#define ASN1_STR_OCTET_STRING "\x04" + +#define OID_DIGEST_ALG_MDX "\x2A\x86\x48\x86\xF7\x0D\x02\x00" +#define OID_HASH_ALG_SHA1 "\x2b\x0e\x03\x02\x1a" +#define OID_HASH_ALG_SHA2X "\x60\x86\x48\x01\x65\x03\x04\x02\x00" + +#define OID_ISO_MEMBER_BODIES "\x2a" +#define OID_ISO_IDENTIFIED_ORG "\x2b" + +/* + * ISO Member bodies OID parts + */ +#define OID_COUNTRY_US "\x86\x48" +#define OID_RSA_DATA_SECURITY "\x86\xf7\x0d" + +/* + * ISO Identified organization OID parts + */ +#define OID_OIW_SECSIG_SHA1 "\x0e\x03\x02\x1a" + /* * DigestInfo ::= SEQUENCE { * digestAlgorithm DigestAlgorithmIdentifier, @@ -115,18 +157,31 @@ * * Digest ::= OCTET STRING */ -#define ASN1_HASH_MDX \ - "\x30\x20\x30\x0C\x06\x08\x2A\x86\x48" \ - "\x86\xF7\x0D\x02\x00\x05\x00\x04\x10" - -#define ASN1_HASH_SHA1 \ - "\x30\x21\x30\x09\x06\x05\x2B\x0E\x03" \ - "\x02\x1A\x05\x00\x04\x14" - -#define ASN1_HASH_SHA256 \ - "\x30\x31\x30\x0d\x06\x09\x60\x86\x48" \ - "\x01\x65\x03\x04\x02\x01\x05\x00\x04" \ - "\x20" +#define ASN1_HASH_MDX \ +( \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x20" \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x0C" \ + ASN1_STR_OID "\x08" \ + OID_DIGEST_ALG_MDX \ + ASN1_STR_NULL "\x00" \ + ASN1_STR_OCTET_STRING "\x10" \ +) + +#define ASN1_HASH_SHA1 \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x21" \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x09" \ + ASN1_STR_OID "\x05" \ + OID_HASH_ALG_SHA1 \ + ASN1_STR_NULL "\x00" \ + ASN1_STR_OCTET_STRING "\x14" + +#define ASN1_HASH_SHA2X \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x11" \ + ASN1_STR_CONSTRUCTED_SEQUENCE "\x0d" \ + ASN1_STR_OID "\x09" \ + OID_HASH_ALG_SHA2X \ + ASN1_STR_NULL "\x00" \ + ASN1_STR_OCTET_STRING "\x00" /** * \brief RSA context structure @@ -224,7 +279,8 @@ int rsa_check_privkey( rsa_context *ctx ); * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * * \note This function does NOT take care of message - * padding. Also, be sure to set input[0] = 0. + * padding. Also, be sure to set input[0] = 0 or assure that + * input is smaller than N. * * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). @@ -254,7 +310,7 @@ int rsa_private( rsa_context *ctx, * * \param ctx RSA context * \param mode RSA_PUBLIC or RSA_PRIVATE - * \param ilen contains the the plaintext length + * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * @@ -276,7 +332,7 @@ int rsa_pkcs1_encrypt( rsa_context *ctx, * \param input buffer holding the encrypted data * \param output buffer that will hold the plaintext * \param olen will contain the plaintext length - * \param output_max_len maximum length of the output buffer + * \param output_max_len maximum length of the output buffer * * \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code * @@ -288,15 +344,15 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, int mode, int *olen, unsigned char *input, unsigned char *output, - int output_max_len); + int output_max_len ); /** * \brief Do a private RSA to sign a message digest * * \param ctx RSA context * \param mode RSA_PUBLIC or RSA_PRIVATE - * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} - * \param hashlen message digest length (for RSA_RAW only) + * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} + * \param hashlen message digest length (for SIG_RSA_RAW only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * @@ -318,8 +374,8 @@ int rsa_pkcs1_sign( rsa_context *ctx, * * \param ctx points to an RSA public key * \param mode RSA_PUBLIC or RSA_PRIVATE - * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} - * \param hashlen message digest length (for RSA_RAW only) + * \param hash_id SIG_RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} + * \param hashlen message digest length (for SIG_RSA_RAW only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * @@ -338,6 +394,8 @@ int rsa_pkcs1_verify( rsa_context *ctx, /** * \brief Free the components of an RSA key + * + * \param ctx RSA Context to free */ void rsa_free( rsa_context *ctx ); -- 1.6.3.3
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
