2004-05-31 02:36:47 +00:00
|
|
|
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
|
|
|
|
*
|
|
|
|
|
* LibTomCrypt is a library that provides various cryptographic
|
|
|
|
|
* algorithms in a highly modular and flexible manner.
|
|
|
|
|
*
|
|
|
|
|
* The library is free for all purposes without any express
|
|
|
|
|
* guarantee it works.
|
|
|
|
|
*
|
2005-04-17 11:37:13 +00:00
|
|
|
* Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.org
|
2004-05-31 02:36:47 +00:00
|
|
|
*/
|
2004-12-30 23:55:53 +00:00
|
|
|
#include "tomcrypt.h"
|
2004-05-31 02:36:47 +00:00
|
|
|
|
2004-12-30 23:55:53 +00:00
|
|
|
/**
|
|
|
|
|
@file rsa_verify_hash.c
|
|
|
|
|
RSA PKCS v2 PSS signature verification, Tom St Denis
|
|
|
|
|
*/
|
2004-05-31 02:36:47 +00:00
|
|
|
|
|
|
|
|
#ifdef MRSA
|
|
|
|
|
|
2004-12-30 23:55:53 +00:00
|
|
|
/**
|
|
|
|
|
(PKCS #1, v2.0) de-sign then PSS depad
|
|
|
|
|
@param sig The signature data
|
|
|
|
|
@param siglen The length of the signature data (octets)
|
|
|
|
|
@param hash The hash of the message that was signed
|
|
|
|
|
@param hashlen The length of the hash of the message that was signed (octets)
|
|
|
|
|
@param hash_idx The index of the desired hash
|
|
|
|
|
@param saltlen The length of the salt used during signature
|
|
|
|
|
@param stat [out] The result of the signature comparison, 1==valid, 0==invalid
|
|
|
|
|
@param key The public RSA key corresponding to the key that performed the signature
|
|
|
|
|
@return CRYPT_OK on success (even if the signature is invalid)
|
|
|
|
|
*/
|
2004-05-31 02:36:47 +00:00
|
|
|
int rsa_verify_hash(const unsigned char *sig, unsigned long siglen,
|
2004-12-30 23:55:53 +00:00
|
|
|
const unsigned char *hash, unsigned long hashlen,
|
2004-05-31 02:36:47 +00:00
|
|
|
int hash_idx, unsigned long saltlen,
|
|
|
|
|
int *stat, rsa_key *key)
|
|
|
|
|
{
|
|
|
|
|
unsigned long modulus_bitlen, modulus_bytelen, x;
|
|
|
|
|
int err;
|
|
|
|
|
unsigned char *tmpbuf;
|
|
|
|
|
|
2004-12-30 23:55:53 +00:00
|
|
|
LTC_ARGCHK(hash != NULL);
|
|
|
|
|
LTC_ARGCHK(sig != NULL);
|
|
|
|
|
LTC_ARGCHK(stat != NULL);
|
|
|
|
|
LTC_ARGCHK(key != NULL);
|
2004-08-06 16:42:41 +00:00
|
|
|
|
|
|
|
|
/* default to invalid */
|
|
|
|
|
*stat = 0;
|
2004-05-31 02:36:47 +00:00
|
|
|
|
|
|
|
|
/* valid hash ? */
|
|
|
|
|
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* get modulus len in bits */
|
2005-08-01 16:36:47 +00:00
|
|
|
modulus_bitlen = mp_count_bits( (key->N));
|
2004-05-31 02:36:47 +00:00
|
|
|
|
|
|
|
|
/* outlen must be at least the size of the modulus */
|
2005-08-01 16:36:47 +00:00
|
|
|
modulus_bytelen = mp_unsigned_bin_size( (key->N));
|
2004-05-31 02:36:47 +00:00
|
|
|
if (modulus_bytelen != siglen) {
|
|
|
|
|
return CRYPT_INVALID_PACKET;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* allocate temp buffer for decoded sig */
|
2004-06-20 02:41:49 +00:00
|
|
|
tmpbuf = XMALLOC(siglen);
|
2004-05-31 02:36:47 +00:00
|
|
|
if (tmpbuf == NULL) {
|
|
|
|
|
return CRYPT_MEM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* RSA decode it */
|
|
|
|
|
x = siglen;
|
2004-12-30 23:55:53 +00:00
|
|
|
if ((err = rsa_exptmod(sig, siglen, tmpbuf, &x, PK_PUBLIC, key)) != CRYPT_OK) {
|
2004-05-31 02:36:47 +00:00
|
|
|
XFREE(tmpbuf);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* PSS decode it */
|
2004-12-30 23:55:53 +00:00
|
|
|
err = pkcs_1_pss_decode(hash, hashlen, tmpbuf, x, saltlen, hash_idx, modulus_bitlen, stat);
|
2004-05-31 02:36:47 +00:00
|
|
|
XFREE(tmpbuf);
|
|
|
|
|
return err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#endif /* MRSA */
|
2005-06-09 00:08:13 +00:00
|
|
|
|
|
|
|
|
/* $Source$ */
|
|
|
|
|
/* $Revision$ */
|
|
|
|
|
/* $Date$ */
|
