Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1171)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/third_party/nss/rsawrapr.c

Issue 1882433002: Removing NSS files and USE_OPENSSL flag (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase. Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « crypto/third_party/nss/pk11akey.cc ('k') | crypto/third_party/nss/secsign.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * PKCS#1 encoding and decoding functions.
3 * This file is believed to contain no code licensed from other parties.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8
9 #include "seccomon.h"
10 #include "secerr.h"
11 #include "sechash.h"
12
13 /* Needed for RSA-PSS functions */
14 static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
15
16 /*
17 * Mask generation function MGF1 as defined in PKCS #1 v2.1 / RFC 3447.
18 */
19 static SECStatus
20 MGF1(HASH_HashType hashAlg, unsigned char *mask, unsigned int maskLen,
21 const unsigned char *mgfSeed, unsigned int mgfSeedLen)
22 {
23 unsigned int digestLen;
24 PRUint32 counter, rounds;
25 unsigned char *tempHash, *temp;
26 const SECHashObject *hash;
27 void *hashContext;
28 unsigned char C[4];
29
30 hash = HASH_GetHashObject(hashAlg);
31 if (hash == NULL)
32 return SECFailure;
33
34 hashContext = (*hash->create)();
35 rounds = (maskLen + hash->length - 1) / hash->length;
36 for (counter = 0; counter < rounds; counter++) {
37 C[0] = (unsigned char)((counter >> 24) & 0xff);
38 C[1] = (unsigned char)((counter >> 16) & 0xff);
39 C[2] = (unsigned char)((counter >> 8) & 0xff);
40 C[3] = (unsigned char)(counter & 0xff);
41
42 /* This could be optimized when the clone functions in
43 * rawhash.c are implemented. */
44 (*hash->begin)(hashContext);
45 (*hash->update)(hashContext, mgfSeed, mgfSeedLen);
46 (*hash->update)(hashContext, C, sizeof C);
47
48 tempHash = mask + counter * hash->length;
49 if (counter != (rounds-1)) {
50 (*hash->end)(hashContext, tempHash, &digestLen, hash->length);
51 } else { /* we're in the last round and need to cut the hash */
52 temp = (unsigned char *)PORT_Alloc(hash->length);
53 (*hash->end)(hashContext, temp, &digestLen, hash->length);
54 PORT_Memcpy(tempHash, temp, maskLen - counter * hash->length);
55 PORT_Free(temp);
56 }
57 }
58 (*hash->destroy)(hashContext, PR_TRUE);
59
60 return SECSuccess;
61 }
62
63 /*
64 * Verify a RSA-PSS signature.
65 * Described in RFC 3447, section 9.1.2.
66 * We use mHash instead of M as input.
67 * emBits from the RFC is just modBits - 1, see section 8.1.2.
68 * We only support MGF1 as the MGF.
69 *
70 * NOTE: this code assumes modBits is a multiple of 8.
71 */
72 SECStatus
73 emsa_pss_verify(const unsigned char *mHash,
74 const unsigned char *em, unsigned int emLen,
75 HASH_HashType hashAlg, HASH_HashType maskHashAlg,
76 unsigned int sLen)
77 {
78 const SECHashObject *hash;
79 void *hash_context;
80 unsigned char *db;
81 unsigned char *H_; /* H' from the RFC */
82 unsigned int i, dbMaskLen;
83 SECStatus rv;
84
85 hash = HASH_GetHashObject(hashAlg);
86 dbMaskLen = emLen - hash->length - 1;
87
88 /* Step 3 + 4 + 6 */
89 if ((emLen < (hash->length + sLen + 2)) ||
90 (em[emLen - 1] != 0xbc) ||
91 ((em[0] & 0x80) != 0)) {
92 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
93 return SECFailure;
94 }
95
96 /* Step 7 */
97 db = (unsigned char *)PORT_Alloc(dbMaskLen);
98 if (db == NULL) {
99 PORT_SetError(SEC_ERROR_NO_MEMORY);
100 return SECFailure;
101 }
102 /* &em[dbMaskLen] points to H, used as mgfSeed */
103 MGF1(maskHashAlg, db, dbMaskLen, &em[dbMaskLen], hash->length);
104
105 /* Step 8 */
106 for (i = 0; i < dbMaskLen; i++) {
107 db[i] ^= em[i];
108 }
109
110 /* Step 9 */
111 db[0] &= 0x7f;
112
113 /* Step 10 */
114 for (i = 0; i < (dbMaskLen - sLen - 1); i++) {
115 if (db[i] != 0) {
116 PORT_Free(db);
117 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
118 return SECFailure;
119 }
120 }
121 if (db[dbMaskLen - sLen - 1] != 0x01) {
122 PORT_Free(db);
123 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
124 return SECFailure;
125 }
126
127 /* Step 12 + 13 */
128 H_ = (unsigned char *)PORT_Alloc(hash->length);
129 if (H_ == NULL) {
130 PORT_Free(db);
131 PORT_SetError(SEC_ERROR_NO_MEMORY);
132 return SECFailure;
133 }
134 hash_context = (*hash->create)();
135 if (hash_context == NULL) {
136 PORT_Free(db);
137 PORT_Free(H_);
138 PORT_SetError(SEC_ERROR_NO_MEMORY);
139 return SECFailure;
140 }
141 (*hash->begin)(hash_context);
142 (*hash->update)(hash_context, eightZeros, 8);
143 (*hash->update)(hash_context, mHash, hash->length);
144 (*hash->update)(hash_context, &db[dbMaskLen - sLen], sLen);
145 (*hash->end)(hash_context, H_, &i, hash->length);
146 (*hash->destroy)(hash_context, PR_TRUE);
147
148 PORT_Free(db);
149
150 /* Step 14 */
151 if (PORT_Memcmp(H_, &em[dbMaskLen], hash->length) != 0) {
152 PORT_SetError(SEC_ERROR_BAD_SIGNATURE);
153 rv = SECFailure;
154 } else {
155 rv = SECSuccess;
156 }
157
158 PORT_Free(H_);
159 return rv;
160 }
OLDNEW
« no previous file with comments | « crypto/third_party/nss/pk11akey.cc ('k') | crypto/third_party/nss/secsign.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698