From a6885fb494fd12134b6dd434de1ceddbf1815be9 Mon Sep 17 00:00:00 2001 From: Tom Kistner Date: Tue, 17 Mar 2009 21:11:56 +0000 Subject: [PATCH] more pdkim wip --- src/src/pdkim/pdkim.h | 4 +- src/src/pdkim/rsa.c | 209 ++++++++++++++++++++++-------------------- src/src/pdkim/rsa.h | 9 +- 3 files changed, 116 insertions(+), 106 deletions(-) diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h index 9dc3404ef..3f7a2dfb4 100644 --- a/src/src/pdkim/pdkim.h +++ b/src/src/pdkim/pdkim.h @@ -1,5 +1,5 @@ -/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.7 2009/03/17 16:20:13 tom Exp $ */ -/* pdkim-api.h */ +/* $Cambridge: exim/src/src/pdkim/pdkim.h,v 1.1.2.8 2009/03/17 21:11:56 tom Exp $ */ +/* pdkim.h */ /* -------------------------------------------------------------------------- */ /* Debugging. This can also be enabled/disabled at run-time. I recommend to diff --git a/src/src/pdkim/rsa.c b/src/src/pdkim/rsa.c index 06068aede..7889894c6 100644 --- a/src/src/pdkim/rsa.c +++ b/src/src/pdkim/rsa.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/pdkim/rsa.c,v 1.1.2.2 2009/03/17 12:57:37 tom Exp $ */ +/* $Cambridge: exim/src/src/pdkim/rsa.c,v 1.1.2.3 2009/03/17 21:11:56 tom Exp $ */ /* * The RSA public-key cryptosystem * @@ -34,6 +34,106 @@ #include #include + +/* + * ASN.1 DER decoding routines + */ +static int asn1_get_len( unsigned char **p, + unsigned char *end, + int *len ) +{ + if( ( end - *p ) < 1 ) + return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + if( ( **p & 0x80 ) == 0 ) + *len = *(*p)++; + else + { + switch( **p & 0x7F ) + { + case 1: + if( ( end - *p ) < 2 ) + return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + *len = (*p)[1]; + (*p) += 2; + break; + + case 2: + if( ( end - *p ) < 3 ) + return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + *len = ( (*p)[1] << 8 ) | (*p)[2]; + (*p) += 3; + break; + + default: + return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); + break; + } + } + + if( *len > (int) ( end - *p ) ) + return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + return( 0 ); +} + +static int asn1_get_tag( unsigned char **p, + unsigned char *end, + int *len, int tag ) +{ + if( ( end - *p ) < 1 ) + return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); + + if( **p != tag ) + return( POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); + + (*p)++; + + return( asn1_get_len( p, end, len ) ); +} + +static int asn1_get_int( unsigned char **p, + unsigned char *end, + int *val ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) + return( ret ); + + if( len > (int) sizeof( int ) || ( **p & 0x80 ) != 0 ) + return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); + + *val = 0; + + while( len-- > 0 ) + { + *val = ( *val << 8 ) | **p; + (*p)++; + } + + return( 0 ); +} + +static int asn1_get_mpi( unsigned char **p, + unsigned char *end, + mpi *X ) +{ + int ret, len; + + if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) + return( ret ); + + ret = mpi_read_binary( X, *p, len ); + + *p += len; + + return( ret ); +} + + /* * Initialize an RSA context */ @@ -481,6 +581,15 @@ int rsa_pkcs1_verify( rsa_context *ctx, return( POLARSSL_ERR_RSA_VERIFY_FAILED ); } + if( len == 51 && hash_id == RSA_SHA256 ) + { + if( memcmp( p, ASN1_HASH_SHA256, 19 ) == 0 && + memcmp( p + 19, hash, 32 ) == 0 ) + return( 0 ); + else + return( POLARSSL_ERR_RSA_VERIFY_FAILED ); + } + if( len == hashlen && hash_id == RSA_RAW ) { if( memcmp( p, hash, hashlen ) == 0 ) @@ -503,104 +612,6 @@ void rsa_free( rsa_context *ctx ) &ctx->E, &ctx->N, NULL ); } -/* - * ASN.1 DER decoding routines - */ -static int asn1_get_len( unsigned char **p, - unsigned char *end, - int *len ) -{ - if( ( end - *p ) < 1 ) - return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - if( ( **p & 0x80 ) == 0 ) - *len = *(*p)++; - else - { - switch( **p & 0x7F ) - { - case 1: - if( ( end - *p ) < 2 ) - return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - *len = (*p)[1]; - (*p) += 2; - break; - - case 2: - if( ( end - *p ) < 3 ) - return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - *len = ( (*p)[1] << 8 ) | (*p)[2]; - (*p) += 3; - break; - - default: - return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); - break; - } - } - - if( *len > (int) ( end - *p ) ) - return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - return( 0 ); -} - -static int asn1_get_tag( unsigned char **p, - unsigned char *end, - int *len, int tag ) -{ - if( ( end - *p ) < 1 ) - return( POLARSSL_ERR_ASN1_OUT_OF_DATA ); - - if( **p != tag ) - return( POLARSSL_ERR_ASN1_UNEXPECTED_TAG ); - - (*p)++; - - return( asn1_get_len( p, end, len ) ); -} - -static int asn1_get_int( unsigned char **p, - unsigned char *end, - int *val ) -{ - int ret, len; - - if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) - return( ret ); - - if( len > (int) sizeof( int ) || ( **p & 0x80 ) != 0 ) - return( POLARSSL_ERR_ASN1_INVALID_LENGTH ); - - *val = 0; - - while( len-- > 0 ) - { - *val = ( *val << 8 ) | **p; - (*p)++; - } - - return( 0 ); -} - -static int asn1_get_mpi( unsigned char **p, - unsigned char *end, - mpi *X ) -{ - int ret, len; - - if( ( ret = asn1_get_tag( p, end, &len, ASN1_INTEGER ) ) != 0 ) - return( ret ); - - ret = mpi_read_binary( X, *p, len ); - - *p += len; - - return( ret ); -} - /* * Parse a public RSA key diff --git a/src/src/pdkim/rsa.h b/src/src/pdkim/rsa.h index a91a5ec53..ca3b63e32 100644 --- a/src/src/pdkim/rsa.h +++ b/src/src/pdkim/rsa.h @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/pdkim/rsa.h,v 1.1.2.2 2009/03/17 12:57:37 tom Exp $ */ +/* $Cambridge: exim/src/src/pdkim/rsa.h,v 1.1.2.3 2009/03/17 21:11:56 tom Exp $ */ /** * \file rsa.h * @@ -125,10 +125,9 @@ "\x02\x1A\x05\x00\x04\x14" #define ASN1_HASH_SHA256 \ - "\x30\x21\x30\x09" \ - "\x06\x09\x60\x86\x48\x01\x65\x03\x04\x02\x02" \ - "\x05\x00\x04\x20" - + "\x30\x31\x30\x0d\x06\x09\x60\x86\x48" \ + "\x01\x65\x03\x04\x02\x01\x05\x00\x04" \ + "\x20" /** * \brief RSA context structure -- 2.30.2