2014-01-07 21:48:44 +00:00
|
|
|
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream ./nss/lib/ckfw/pem/rsawrapr.c
|
|
|
|
--- ./nss/lib/ckfw/pem/rsawrapr.c.syncupwithupstream 2013-12-26 14:21:08.000000000 -0800
|
|
|
|
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2014-01-07 13:26:43.350502692 -0800
|
|
|
|
@@ -1,5 +1,10 @@
|
|
|
|
+/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
+
|
|
|
|
/*
|
|
|
|
- * PKCS#1 encoding and decoding functions.
|
|
|
|
+ RSA PKCS#1 v2.1 (RFC 3447) encoding and decoding functions.
|
|
|
|
+
|
|
|
|
* This file is believed to contain no code licensed from other parties.
|
|
|
|
*
|
|
|
|
* ***** BEGIN LICENSE BLOCK *****
|
|
|
|
@@ -42,21 +47,38 @@
|
2013-02-15 23:34:49 +00:00
|
|
|
|
2014-01-07 21:48:44 +00:00
|
|
|
#include "ckpem.h"
|
|
|
|
#include "blapi.h"
|
|
|
|
+#include "secitem.h"
|
|
|
|
+/*#include "blapii.h"*/
|
|
|
|
+/*
|
|
|
|
#include "softoken.h"
|
|
|
|
#include "sechash.h"
|
|
|
|
-#include "base.h"
|
|
|
|
-
|
|
|
|
+#include "base.h"#include "lowkeyi.h"
|
|
|
|
+*/
|
2013-02-15 23:34:49 +00:00
|
|
|
#include "secerr.h"
|
|
|
|
|
|
|
|
#define RSA_BLOCK_MIN_PAD_LEN 8
|
2014-01-07 21:48:44 +00:00
|
|
|
#define RSA_BLOCK_FIRST_OCTET 0x00
|
|
|
|
-#define RSA_BLOCK_PRIVATE0_PAD_OCTET 0x00
|
2013-02-15 23:34:49 +00:00
|
|
|
#define RSA_BLOCK_PRIVATE_PAD_OCTET 0xff
|
|
|
|
#define RSA_BLOCK_AFTER_PAD_OCTET 0x00
|
|
|
|
|
|
|
|
-#define OAEP_SALT_LEN 8
|
|
|
|
-#define OAEP_PAD_LEN 8
|
|
|
|
-#define OAEP_PAD_OCTET 0x00
|
2014-01-07 21:48:44 +00:00
|
|
|
+/*
|
|
|
|
+ * RSA block types
|
|
|
|
+ *
|
|
|
|
+ * The actual values are important -- they are fixed, *not* arbitrary.
|
|
|
|
+ * The explicit value assignments are not needed (because C would give
|
|
|
|
+ * us those same values anyway) but are included as a reminder...
|
|
|
|
+ */
|
|
|
|
+typedef enum {
|
|
|
|
+ RSA_BlockUnused = 0, /* unused */
|
|
|
|
+ RSA_BlockPrivate = 1, /* pad for a private-key operation */
|
|
|
|
+ RSA_BlockPublic = 2, /* pad for a public-key operation */
|
|
|
|
+ RSA_BlockRaw = 4, /* simply justify the block appropriately */
|
|
|
|
+ RSA_BlockTotal
|
|
|
|
+} RSA_BlockType;
|
|
|
|
+
|
|
|
|
+
|
2013-02-15 23:34:49 +00:00
|
|
|
+/* Needed for RSA-PSS functions */
|
|
|
|
+static const unsigned char eightZeros[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
|
|
|
|
|
|
|
#define FLAT_BUFSIZE 512 /* bytes to hold flattened SHA1Context. */
|
|
|
|
|
2014-01-07 21:48:44 +00:00
|
|
|
@@ -78,141 +100,62 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
|
2013-02-15 23:34:49 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
-static SHA1Context *SHA1_CloneContext(SHA1Context * original)
|
|
|
|
-{
|
|
|
|
- SHA1Context *clone = NULL;
|
|
|
|
- unsigned char *pBuf;
|
|
|
|
- int sha1ContextSize = SHA1_FlattenSize(original);
|
|
|
|
- SECStatus frv;
|
|
|
|
- unsigned char buf[FLAT_BUFSIZE];
|
|
|
|
-
|
|
|
|
- PORT_Assert(sizeof buf >= sha1ContextSize);
|
|
|
|
- if (sizeof buf >= sha1ContextSize) {
|
|
|
|
- pBuf = buf;
|
|
|
|
- } else {
|
|
|
|
- pBuf = nss_ZAlloc(NULL, sha1ContextSize);
|
|
|
|
- if (!pBuf)
|
|
|
|
- goto done;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- frv = SHA1_Flatten(original, pBuf);
|
|
|
|
- if (frv == SECSuccess) {
|
|
|
|
- clone = SHA1_Resurrect(pBuf, NULL);
|
|
|
|
- memset(pBuf, 0, sha1ContextSize);
|
|
|
|
- }
|
|
|
|
- done:
|
|
|
|
- if (pBuf != buf)
|
|
|
|
- nss_ZFreeIf(pBuf);
|
|
|
|
- return clone;
|
|
|
|
+/* Constant time comparison of a single byte.
|
|
|
|
+ * Returns 1 iff a == b, otherwise returns 0.
|
|
|
|
+ * Note: For ranges of bytes, use constantTimeCompare.
|
|
|
|
+ */
|
|
|
|
+static unsigned char constantTimeEQ8(unsigned char a, unsigned char b) {
|
2014-01-07 21:48:44 +00:00
|
|
|
+ unsigned char c = ~((a - b) | (b - a));
|
2013-02-15 23:34:49 +00:00
|
|
|
+ c >>= 7;
|
|
|
|
+ return c;
|
|
|
|
}
|
|
|
|
|
|
|
|
-/*
|
|
|
|
- * Modify data by XORing it with a special hash of salt.
|
|
|
|
+/* Constant time comparison of a range of bytes.
|
|
|
|
+ * Returns 1 iff len bytes of a are identical to len bytes of b, otherwise
|
|
|
|
+ * returns 0.
|
|
|
|
*/
|
|
|
|
-static SECStatus
|
|
|
|
-oaep_xor_with_h1(unsigned char *data, unsigned int datalen,
|
|
|
|
- unsigned char *salt, unsigned int saltlen)
|
|
|
|
-{
|
|
|
|
- SHA1Context *sha1cx;
|
|
|
|
- unsigned char *dp, *dataend;
|
|
|
|
- unsigned char end_octet;
|
|
|
|
-
|
|
|
|
- sha1cx = SHA1_NewContext();
|
|
|
|
- if (sha1cx == NULL) {
|
|
|
|
- return SECFailure;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Get a hash of salt started; we will use it several times,
|
|
|
|
- * adding in a different end octet (x00, x01, x02, ...).
|
|
|
|
- */
|
|
|
|
- SHA1_Begin(sha1cx);
|
|
|
|
- SHA1_Update(sha1cx, salt, saltlen);
|
|
|
|
- end_octet = 0;
|
|
|
|
-
|
|
|
|
- dp = data;
|
|
|
|
- dataend = data + datalen;
|
|
|
|
-
|
|
|
|
- while (dp < dataend) {
|
|
|
|
- SHA1Context *sha1cx_h1;
|
|
|
|
- unsigned int sha1len, sha1off;
|
|
|
|
- unsigned char sha1[SHA1_LENGTH];
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Create hash of (salt || end_octet)
|
|
|
|
- */
|
|
|
|
- sha1cx_h1 = SHA1_CloneContext(sha1cx);
|
|
|
|
- SHA1_Update(sha1cx_h1, &end_octet, 1);
|
|
|
|
- SHA1_End(sha1cx_h1, sha1, &sha1len, sizeof(sha1));
|
|
|
|
- SHA1_DestroyContext(sha1cx_h1, PR_TRUE);
|
|
|
|
- PORT_Assert(sha1len == SHA1_LENGTH);
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * XOR that hash with the data.
|
|
|
|
- * When we have fewer than SHA1_LENGTH octets of data
|
|
|
|
- * left to xor, use just the low-order ones of the hash.
|
|
|
|
- */
|
|
|
|
- sha1off = 0;
|
|
|
|
- if ((dataend - dp) < SHA1_LENGTH)
|
|
|
|
- sha1off = SHA1_LENGTH - (dataend - dp);
|
|
|
|
- while (sha1off < SHA1_LENGTH)
|
|
|
|
- *dp++ ^= sha1[sha1off++];
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Bump for next hash chunk.
|
|
|
|
- */
|
|
|
|
- end_octet++;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- SHA1_DestroyContext(sha1cx, PR_TRUE);
|
|
|
|
- return SECSuccess;
|
|
|
|
+static unsigned char constantTimeCompare(const unsigned char *a,
|
|
|
|
+ const unsigned char *b,
|
|
|
|
+ unsigned int len) {
|
|
|
|
+ unsigned char tmp = 0;
|
|
|
|
+ unsigned int i;
|
|
|
|
+ for (i = 0; i < len; ++i, ++a, ++b)
|
|
|
|
+ tmp |= *a ^ *b;
|
|
|
|
+ return constantTimeEQ8(0x00, tmp);
|
|
|
|
}
|
|
|
|
|
|
|
|
-/*
|
|
|
|
- * Modify salt by XORing it with a special hash of data.
|
|
|
|
+/* Constant time conditional.
|
|
|
|
+ * Returns a if c is 1, or b if c is 0. The result is undefined if c is
|
|
|
|
+ * not 0 or 1.
|
|
|
|
*/
|
|
|
|
-static SECStatus
|
|
|
|
-oaep_xor_with_h2(unsigned char *salt, unsigned int saltlen,
|
|
|
|
- unsigned char *data, unsigned int datalen)
|
|
|
|
+static unsigned int constantTimeCondition(unsigned int c,
|
|
|
|
+ unsigned int a,
|
|
|
|
+ unsigned int b)
|
|
|
|
{
|
|
|
|
- unsigned char sha1[SHA1_LENGTH];
|
|
|
|
- unsigned char *psalt, *psha1, *saltend;
|
|
|
|
- SECStatus rv;
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Create a hash of data.
|
|
|
|
- */
|
|
|
|
- rv = SHA1_HashBuf(sha1, data, datalen);
|
|
|
|
- if (rv != SECSuccess) {
|
|
|
|
- return rv;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * XOR the low-order octets of that hash with salt.
|
|
|
|
- */
|
|
|
|
- PORT_Assert(saltlen <= SHA1_LENGTH);
|
|
|
|
- saltend = salt + saltlen;
|
|
|
|
- psalt = salt;
|
|
|
|
- psha1 = sha1 + SHA1_LENGTH - saltlen;
|
|
|
|
- while (psalt < saltend) {
|
|
|
|
- *psalt++ ^= *psha1++;
|
|
|
|
- }
|
|
|
|
+ return (~(c - 1) & a) | ((c - 1) & b);
|
2014-01-07 21:48:44 +00:00
|
|
|
+}
|
|
|
|
|
|
|
|
- return SECSuccess;
|
|
|
|
+static unsigned int
|
|
|
|
+rsa_modulusLen(SECItem * modulus)
|
|
|
|
+{
|
|
|
|
+ unsigned char byteZero = modulus->data[0];
|
|
|
|
+ unsigned int modLen = modulus->len - !byteZero;
|
|
|
|
+ return modLen;
|
2013-02-15 23:34:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2014-01-07 21:48:44 +00:00
|
|
|
* Format one block of data for public/private key encryption using
|
|
|
|
* the rules defined in PKCS #1.
|
|
|
|
*/
|
|
|
|
-static unsigned char *rsa_FormatOneBlock(unsigned modulusLen,
|
|
|
|
- RSA_BlockType blockType,
|
|
|
|
- SECItem * data)
|
|
|
|
+static unsigned char *
|
|
|
|
+rsa_FormatOneBlock(unsigned modulusLen,
|
|
|
|
+ RSA_BlockType blockType,
|
|
|
|
+ SECItem * data)
|
|
|
|
{
|
2013-02-15 23:34:49 +00:00
|
|
|
unsigned char *block;
|
|
|
|
unsigned char *bp;
|
|
|
|
int padLen;
|
|
|
|
- int i;
|
|
|
|
+ int i, j;
|
|
|
|
SECStatus rv;
|
|
|
|
|
|
|
|
block = (unsigned char *) nss_ZAlloc(NULL, modulusLen);
|
2014-01-07 21:48:44 +00:00
|
|
|
@@ -223,18 +166,17 @@ static unsigned char *rsa_FormatOneBlock
|
|
|
|
|
|
|
|
/*
|
|
|
|
* All RSA blocks start with two octets:
|
|
|
|
- * 0x00 || BlockType
|
|
|
|
+ * 0x00 || BlockType
|
|
|
|
*/
|
|
|
|
*bp++ = RSA_BLOCK_FIRST_OCTET;
|
|
|
|
*bp++ = (unsigned char) blockType;
|
|
|
|
|
|
|
|
switch (blockType) {
|
|
|
|
|
|
|
|
- /*
|
|
|
|
- * Blocks intended for private-key operation.
|
|
|
|
- */
|
|
|
|
- case RSA_BlockPrivate0: /* essentially unused */
|
|
|
|
- case RSA_BlockPrivate: /* preferred method */
|
|
|
|
+ /*
|
|
|
|
+ * Blocks intended for private-key operation.
|
|
|
|
+ */
|
|
|
|
+ case RSA_BlockPrivate: /* preferred method */
|
|
|
|
/*
|
|
|
|
* 0x00 || BT || Pad || 0x00 || ActualData
|
|
|
|
* 1 1 padLen 1 data->len
|
|
|
|
@@ -246,138 +188,69 @@ static unsigned char *rsa_FormatOneBlock
|
|
|
|
nss_ZFreeIf(block);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
- nsslibc_memset(bp,
|
|
|
|
- blockType == RSA_BlockPrivate0
|
|
|
|
- ? RSA_BLOCK_PRIVATE0_PAD_OCTET
|
|
|
|
- : RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
|
|
|
|
+ nsslibc_memset(bp, RSA_BLOCK_PRIVATE_PAD_OCTET, padLen);
|
|
|
|
bp += padLen;
|
|
|
|
*bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
|
|
|
nsslibc_memcpy(bp, data->data, data->len);
|
|
|
|
break;
|
2013-02-15 23:34:49 +00:00
|
|
|
|
2014-01-07 21:48:44 +00:00
|
|
|
- /*
|
|
|
|
- * Blocks intended for public-key operation.
|
|
|
|
- */
|
|
|
|
- case RSA_BlockPublic:
|
|
|
|
-
|
2013-02-15 23:34:49 +00:00
|
|
|
- /*
|
|
|
|
- * 0x00 || BT || Pad || 0x00 || ActualData
|
|
|
|
- * 1 1 padLen 1 data->len
|
|
|
|
- * Pad is all non-zero random bytes.
|
|
|
|
- */
|
|
|
|
- padLen = modulusLen - data->len - 3;
|
|
|
|
- PORT_Assert(padLen >= RSA_BLOCK_MIN_PAD_LEN);
|
|
|
|
- if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
- for (i = 0; i < padLen; i++) {
|
|
|
|
- /* Pad with non-zero random data. */
|
|
|
|
- do {
|
|
|
|
- rv = RNG_GenerateGlobalRandomBytes(bp + i, 1);
|
|
|
|
- } while (rv == SECSuccess
|
|
|
|
- && bp[i] == RSA_BLOCK_AFTER_PAD_OCTET);
|
|
|
|
- if (rv != SECSuccess) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
- bp += padLen;
|
|
|
|
- *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
|
|
|
- nsslibc_memcpy(bp, data->data, data->len);
|
|
|
|
-
|
|
|
|
- break;
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Blocks intended for public-key operation, using
|
|
|
|
- * Optimal Asymmetric Encryption Padding (OAEP).
|
|
|
|
- */
|
|
|
|
- case RSA_BlockOAEP:
|
|
|
|
- /*
|
|
|
|
- * 0x00 || BT || Modified2(Salt) || Modified1(PaddedData)
|
|
|
|
- * 1 1 OAEP_SALT_LEN OAEP_PAD_LEN + data->len [+ N]
|
|
|
|
- *
|
|
|
|
- * where:
|
|
|
|
- * PaddedData is "Pad1 || ActualData [|| Pad2]"
|
|
|
|
- * Salt is random data.
|
|
|
|
- * Pad1 is all zeros.
|
|
|
|
- * Pad2, if present, is random data.
|
|
|
|
- * (The "modified" fields are all the same length as the original
|
|
|
|
- * unmodified values; they are just xor'd with other values.)
|
|
|
|
- *
|
|
|
|
- * Modified1 is an XOR of PaddedData with a special octet
|
|
|
|
- * string constructed of iterated hashing of Salt (see below).
|
|
|
|
- * Modified2 is an XOR of Salt with the low-order octets of
|
|
|
|
- * the hash of Modified1 (see farther below ;-).
|
|
|
|
- *
|
|
|
|
- * Whew!
|
|
|
|
- */
|
|
|
|
-
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Salt
|
|
|
|
- */
|
|
|
|
- rv = RNG_GenerateGlobalRandomBytes(bp, OAEP_SALT_LEN);
|
|
|
|
- if (rv != SECSuccess) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
- bp += OAEP_SALT_LEN;
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Pad1
|
|
|
|
- */
|
|
|
|
- nsslibc_memset(bp, OAEP_PAD_OCTET, OAEP_PAD_LEN);
|
|
|
|
- bp += OAEP_PAD_LEN;
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Data
|
|
|
|
- */
|
|
|
|
- nsslibc_memcpy(bp, data->data, data->len);
|
|
|
|
- bp += data->len;
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Pad2
|
|
|
|
- */
|
|
|
|
- if (bp < (block + modulusLen)) {
|
|
|
|
- rv = RNG_GenerateGlobalRandomBytes(bp,
|
|
|
|
- block - bp + modulusLen);
|
|
|
|
- if (rv != SECSuccess) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Now we have the following:
|
|
|
|
- * 0x00 || BT || Salt || PaddedData
|
|
|
|
- * (From this point on, "Pad1 || Data [|| Pad2]" is treated
|
|
|
|
- * as the one entity PaddedData.)
|
|
|
|
- *
|
|
|
|
- * We need to turn PaddedData into Modified1.
|
|
|
|
- */
|
|
|
|
- if (oaep_xor_with_h1(block + 2 + OAEP_SALT_LEN,
|
|
|
|
- modulusLen - 2 - OAEP_SALT_LEN,
|
|
|
|
- block + 2, OAEP_SALT_LEN) != SECSuccess) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- /*
|
|
|
|
- * Now we have:
|
|
|
|
- * 0x00 || BT || Salt || Modified1(PaddedData)
|
|
|
|
- *
|
|
|
|
- * The remaining task is to turn Salt into Modified2.
|
|
|
|
- */
|
|
|
|
- if (oaep_xor_with_h2(block + 2, OAEP_SALT_LEN,
|
|
|
|
- block + 2 + OAEP_SALT_LEN,
|
|
|
|
- modulusLen - 2 - OAEP_SALT_LEN) !=
|
|
|
|
- SECSuccess) {
|
|
|
|
- nss_ZFreeIf(block);
|
|
|
|
- return NULL;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- break;
|
2014-01-07 21:48:44 +00:00
|
|
|
+ /*
|
|
|
|
+ * Blocks intended for public-key operation.
|
|
|
|
+ */
|
|
|
|
+ case RSA_BlockPublic:
|
|
|
|
+
|
2013-02-15 23:34:49 +00:00
|
|
|
+ /*
|
|
|
|
+ * 0x00 || BT || Pad || 0x00 || ActualData
|
|
|
|
+ * 1 1 padLen 1 data->len
|
|
|
|
+ * Pad is all non-zero random bytes.
|
|
|
|
+ *
|
|
|
|
+ * Build the block left to right.
|
|
|
|
+ * Fill the entire block from Pad to the end with random bytes.
|
|
|
|
+ * Use the bytes after Pad as a supply of extra random bytes from
|
|
|
|
+ * which to find replacements for the zero bytes in Pad.
|
|
|
|
+ * If we need more than that, refill the bytes after Pad with
|
|
|
|
+ * new random bytes as necessary.
|
|
|
|
+ */
|
|
|
|
+ padLen = modulusLen - (data->len + 3);
|
|
|
|
+ PORT_Assert (padLen >= RSA_BLOCK_MIN_PAD_LEN);
|
|
|
|
+ if (padLen < RSA_BLOCK_MIN_PAD_LEN) {
|
|
|
|
+ nss_ZFreeIf (block);
|
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+ j = modulusLen - 2;
|
|
|
|
+ rv = RNG_GenerateGlobalRandomBytes(bp, j);
|
|
|
|
+ if (rv == SECSuccess) {
|
|
|
|
+ for (i = 0; i < padLen; ) {
|
|
|
|
+ unsigned char repl;
|
|
|
|
+ /* Pad with non-zero random data. */
|
|
|
|
+ if (bp[i] != RSA_BLOCK_AFTER_PAD_OCTET) {
|
|
|
|
+ ++i;
|
|
|
|
+ continue;
|
|
|
|
+ }
|
|
|
|
+ if (j <= padLen) {
|
|
|
|
+ rv = RNG_GenerateGlobalRandomBytes(bp + padLen,
|
|
|
|
+ modulusLen - (2 + padLen));
|
|
|
|
+ if (rv != SECSuccess)
|
|
|
|
+ break;
|
|
|
|
+ j = modulusLen - 2;
|
|
|
|
+ }
|
|
|
|
+ do {
|
|
|
|
+ repl = bp[--j];
|
|
|
|
+ } while (repl == RSA_BLOCK_AFTER_PAD_OCTET && j > padLen);
|
|
|
|
+ if (repl != RSA_BLOCK_AFTER_PAD_OCTET) {
|
|
|
|
+ bp[i++] = repl;
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ }
|
|
|
|
+ if (rv != SECSuccess) {
|
|
|
|
+ /*sftk_fatalError = PR_TRUE;*/
|
|
|
|
+ nss_ZFreeIf (block);
|
|
|
|
+ return NULL;
|
|
|
|
+ }
|
|
|
|
+ bp += padLen;
|
|
|
|
+ *bp++ = RSA_BLOCK_AFTER_PAD_OCTET;
|
|
|
|
+ nsslibc_memcpy(bp, data->data, data->len);
|
|
|
|
+ break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
PORT_Assert(0);
|
2014-01-07 21:48:44 +00:00
|
|
|
@@ -389,54 +262,21 @@ static unsigned char *rsa_FormatOneBlock
|
|
|
|
}
|
2013-02-15 23:34:49 +00:00
|
|
|
|
2014-01-07 21:48:44 +00:00
|
|
|
static SECStatus
|
|
|
|
-rsa_FormatBlock(SECItem * result, unsigned modulusLen,
|
|
|
|
- RSA_BlockType blockType, SECItem * data)
|
|
|
|
+rsa_FormatBlock(SECItem * result,
|
|
|
|
+ unsigned modulusLen,
|
|
|
|
+ RSA_BlockType blockType,
|
|
|
|
+ SECItem * data)
|
|
|
|
{
|
|
|
|
- /*
|
|
|
|
- * XXX For now assume that the data length fits in a single
|
|
|
|
- * XXX encryption block; the ASSERTs below force this.
|
|
|
|
- * XXX To fix it, each case will have to loop over chunks whose
|
|
|
|
- * XXX lengths satisfy the assertions, until all data is handled.
|
|
|
|
- * XXX (Unless RSA has more to say about how to handle data
|
|
|
|
- * XXX which does not fit in a single encryption block?)
|
|
|
|
- * XXX And I do not know what the result is supposed to be,
|
|
|
|
- * XXX so the interface to this function may need to change
|
|
|
|
- * XXX to allow for returning multiple blocks, if they are
|
|
|
|
- * XXX not wanted simply concatenated one after the other.
|
|
|
|
- */
|
|
|
|
-
|
|
|
|
switch (blockType) {
|
|
|
|
- case RSA_BlockPrivate0:
|
|
|
|
- case RSA_BlockPrivate:
|
|
|
|
- case RSA_BlockPublic:
|
|
|
|
+ case RSA_BlockPrivate:
|
|
|
|
+ case RSA_BlockPublic:
|
|
|
|
/*
|
|
|
|
* 0x00 || BT || Pad || 0x00 || ActualData
|
|
|
|
*
|
|
|
|
* The "3" below is the first octet + the second octet + the 0x00
|
|
|
|
* octet that always comes just before the ActualData.
|
|
|
|
*/
|
|
|
|
- PORT_Assert(data->len <=
|
|
|
|
- (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
|
2013-02-15 23:34:49 +00:00
|
|
|
-
|
|
|
|
- result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
|
|
|
|
- if (result->data == NULL) {
|
|
|
|
- result->len = 0;
|
|
|
|
- return SECFailure;
|
|
|
|
- }
|
|
|
|
- result->len = modulusLen;
|
|
|
|
-
|
|
|
|
- break;
|
|
|
|
-
|
2014-01-07 21:48:44 +00:00
|
|
|
- case RSA_BlockOAEP:
|
|
|
|
- /*
|
|
|
|
- * 0x00 || BT || M1(Salt) || M2(Pad1||ActualData[||Pad2])
|
|
|
|
- *
|
|
|
|
- * The "2" below is the first octet + the second octet.
|
|
|
|
- * (The other fields do not contain the clear values, but are
|
|
|
|
- * the same length as the clear values.)
|
|
|
|
- */
|
|
|
|
- PORT_Assert(data->len <= (modulusLen - (2 + OAEP_SALT_LEN
|
|
|
|
- + OAEP_PAD_LEN)));
|
|
|
|
+ PORT_Assert(data->len <= (modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN)));
|
|
|
|
|
|
|
|
result->data = rsa_FormatOneBlock(modulusLen, blockType, data);
|
|
|
|
if (result->data == NULL) {
|
|
|
|
@@ -447,7 +287,7 @@ rsa_FormatBlock(SECItem * result, unsign
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
- case RSA_BlockRaw:
|
|
|
|
+ case RSA_BlockRaw:
|
2013-02-15 23:34:49 +00:00
|
|
|
/*
|
|
|
|
* Pad || ActualData
|
2014-01-07 21:48:44 +00:00
|
|
|
* Pad is zeros. The application is responsible for recovering
|
|
|
|
@@ -476,36 +316,34 @@ rsa_FormatBlock(SECItem * result, unsign
|
|
|
|
SECStatus
|
|
|
|
pem_RSA_Sign(pemLOWKEYPrivateKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
unsigned int maxOutputLen,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv = SECSuccess;
|
|
|
|
- unsigned int modulus_len = pem_PrivateModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PrivateModulusLen(key);
|
|
|
|
SECItem formatted;
|
|
|
|
SECItem unformatted;
|
|
|
|
|
|
|
|
- if (maxOutputLen < modulus_len)
|
|
|
|
+ if (maxOutputLen < modulusLen)
|
|
|
|
return SECFailure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
return SECFailure;
|
|
|
|
|
|
|
|
- unformatted.len = input_len;
|
|
|
|
+ unformatted.len = inputLen;
|
|
|
|
unformatted.data = input;
|
|
|
|
formatted.data = NULL;
|
|
|
|
- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPrivate,
|
|
|
|
+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPrivate,
|
|
|
|
&unformatted);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output,
|
|
|
|
formatted.data);
|
|
|
|
- *output_len = modulus_len;
|
|
|
|
+ *outputLen = modulusLen;
|
|
|
|
|
|
|
|
- goto done;
|
|
|
|
-
|
|
|
|
- done:
|
|
|
|
+done:
|
|
|
|
if (formatted.data != NULL)
|
|
|
|
nss_ZFreeIf(formatted.data);
|
|
|
|
return rv;
|
|
|
|
@@ -515,17 +353,17 @@ pem_RSA_Sign(pemLOWKEYPrivateKey * key,
|
|
|
|
/* XXX Doesn't set error code */
|
|
|
|
SECStatus
|
|
|
|
RSA_CheckSign(NSSLOWKEYPublicKey * key,
|
|
|
|
- unsigned char *sign,
|
|
|
|
- unsigned int sign_len,
|
|
|
|
+ unsigned char *sig,
|
|
|
|
+ unsigned int sigLen,
|
|
|
|
unsigned char *hash, unsigned int hash_len)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
unsigned int i;
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
|
|
|
- modulus_len = pem_PublicModulusLen(key);
|
|
|
|
- if (sign_len != modulus_len)
|
|
|
|
+ modulusLen = pem_PublicModulusLen(key);
|
|
|
|
+ if (sigLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
/*
|
|
|
|
* 0x00 || BT || Pad || 0x00 || ActualData
|
|
|
|
@@ -533,17 +371,17 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key,
|
|
|
|
* The "3" below is the first octet + the second octet + the 0x00
|
|
|
|
* octet that always comes just before the ActualData.
|
|
|
|
*/
|
|
|
|
- if (hash_len > modulus_len - (3 + RSA_BLOCK_MIN_PAD_LEN))
|
|
|
|
+ if (hash_len > modulusLen - (3 + RSA_BLOCK_MIN_PAD_LEN))
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1);
|
|
|
|
+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1);
|
|
|
|
if (!buffer)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
|
|
|
|
+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
@@ -552,7 +390,7 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key,
|
|
|
|
*/
|
|
|
|
if (buffer[0] != 0 || buffer[1] != 1)
|
|
|
|
goto loser;
|
|
|
|
- for (i = 2; i < modulus_len - hash_len - 1; i++) {
|
|
|
|
+ for (i = 2; i < modulusLen - hash_len - 1; i++) {
|
|
|
|
if (buffer[i] != 0xff)
|
|
|
|
goto loser;
|
|
|
|
}
|
|
|
|
@@ -562,7 +400,7 @@ RSA_CheckSign(NSSLOWKEYPublicKey * key,
|
|
|
|
/*
|
|
|
|
* make sure we get the same results
|
|
|
|
*/
|
|
|
|
- if (memcmp(buffer + modulus_len - hash_len, hash, hash_len) != 0)
|
|
|
|
+ if (memcmp(buffer + modulusLen - hash_len, hash, hash_len) != 0)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
nss_ZFreeIf(buffer);
|
|
|
|
@@ -579,25 +417,25 @@ SECStatus
|
|
|
|
RSA_CheckSignRecover(NSSLOWKEYPublicKey * key,
|
|
|
|
unsigned char *data,
|
|
|
|
unsigned int *data_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *sign, unsigned int sign_len)
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *sig, unsigned int sigLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
unsigned int i;
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
|
|
|
- if (sign_len != modulus_len)
|
|
|
|
+ if (sigLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1);
|
|
|
|
+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1);
|
|
|
|
if (!buffer)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
|
|
|
|
+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto loser;
|
|
|
|
*data_len = 0;
|
|
|
|
@@ -607,9 +445,9 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey
|
|
|
|
*/
|
|
|
|
if (buffer[0] != 0 || buffer[1] != 1)
|
|
|
|
goto loser;
|
|
|
|
- for (i = 2; i < modulus_len; i++) {
|
|
|
|
+ for (i = 2; i < modulusLen; i++) {
|
|
|
|
if (buffer[i] == 0) {
|
|
|
|
- *data_len = modulus_len - i - 1;
|
|
|
|
+ *data_len = modulusLen - i - 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (buffer[i] != 0xff)
|
|
|
|
@@ -617,13 +455,13 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey
|
|
|
|
}
|
|
|
|
if (*data_len == 0)
|
|
|
|
goto loser;
|
|
|
|
- if (*data_len > max_output_len)
|
|
|
|
+ if (*data_len > maxOutputLen)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* make sure we get the same results
|
|
|
|
*/
|
|
|
|
- nsslibc_memcpy(data, buffer + modulus_len - *data_len, *data_len);
|
|
|
|
+ nsslibc_memcpy(data, buffer + modulusLen - *data_len, *data_len);
|
|
|
|
|
|
|
|
nss_ZFreeIf(buffer);
|
|
|
|
return SECSuccess;
|
|
|
|
@@ -638,26 +476,26 @@ RSA_CheckSignRecover(NSSLOWKEYPublicKey
|
|
|
|
SECStatus
|
|
|
|
RSA_EncryptBlock(NSSLOWKEYPublicKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
SECItem formatted;
|
|
|
|
SECItem unformatted;
|
|
|
|
|
|
|
|
formatted.data = NULL;
|
|
|
|
- if (max_output_len < modulus_len)
|
|
|
|
+ if (maxOutputLen < modulusLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- unformatted.len = input_len;
|
|
|
|
+ unformatted.len = inputLen;
|
|
|
|
unformatted.data = input;
|
|
|
|
formatted.data = NULL;
|
|
|
|
- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockPublic,
|
|
|
|
+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockPublic,
|
|
|
|
&unformatted);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto failure;
|
|
|
|
@@ -667,7 +505,7 @@ RSA_EncryptBlock(NSSLOWKEYPublicKey * ke
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
nss_ZFreeIf(formatted.data);
|
|
|
|
- *output_len = modulus_len;
|
|
|
|
+ *outputLen = modulusLen;
|
|
|
|
return SECSuccess;
|
|
|
|
|
|
|
|
failure:
|
|
|
|
@@ -681,22 +519,22 @@ RSA_EncryptBlock(NSSLOWKEYPublicKey * ke
|
|
|
|
SECStatus
|
|
|
|
pem_RSA_DecryptBlock(pemLOWKEYPrivateKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PrivateModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PrivateModulusLen(key);
|
|
|
|
unsigned int i;
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
- if (input_len != modulus_len)
|
|
|
|
+ if (inputLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1);
|
|
|
|
+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1);
|
|
|
|
if (!buffer)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
@@ -707,19 +545,19 @@ pem_RSA_DecryptBlock(pemLOWKEYPrivateKey
|
|
|
|
|
|
|
|
if (buffer[0] != 0 || buffer[1] != 2)
|
|
|
|
goto loser;
|
|
|
|
- *output_len = 0;
|
|
|
|
- for (i = 2; i < modulus_len; i++) {
|
|
|
|
+ *outputLen = 0;
|
|
|
|
+ for (i = 2; i < modulusLen; i++) {
|
|
|
|
if (buffer[i] == 0) {
|
|
|
|
- *output_len = modulus_len - i - 1;
|
|
|
|
+ *outputLen = modulusLen - i - 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
- if (*output_len == 0)
|
|
|
|
+ if (*outputLen == 0)
|
|
|
|
goto loser;
|
|
|
|
- if (*output_len > max_output_len)
|
|
|
|
+ if (*outputLen > maxOutputLen)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
- nsslibc_memcpy(output, buffer + modulus_len - *output_len, *output_len);
|
|
|
|
+ nsslibc_memcpy(output, buffer + modulusLen - *outputLen, *outputLen);
|
|
|
|
|
|
|
|
nss_ZFreeIf(buffer);
|
|
|
|
return SECSuccess;
|
|
|
|
@@ -739,32 +577,32 @@ pem_RSA_DecryptBlock(pemLOWKEYPrivateKey
|
|
|
|
SECStatus
|
|
|
|
pem_RSA_SignRaw(pemLOWKEYPrivateKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
unsigned int maxOutputLen,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv = SECSuccess;
|
|
|
|
- unsigned int modulus_len = pem_PrivateModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PrivateModulusLen(key);
|
|
|
|
SECItem formatted;
|
|
|
|
SECItem unformatted;
|
|
|
|
|
|
|
|
- if (maxOutputLen < modulus_len)
|
|
|
|
+ if (maxOutputLen < modulusLen)
|
|
|
|
return SECFailure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
return SECFailure;
|
|
|
|
|
|
|
|
- unformatted.len = input_len;
|
|
|
|
+ unformatted.len = inputLen;
|
|
|
|
unformatted.data = input;
|
|
|
|
formatted.data = NULL;
|
|
|
|
- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw,
|
|
|
|
+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw,
|
|
|
|
&unformatted);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
rv = RSA_PrivateKeyOpDoubleChecked(&key->u.rsa, output,
|
|
|
|
formatted.data);
|
|
|
|
- *output_len = modulus_len;
|
|
|
|
+ *outputLen = modulusLen;
|
|
|
|
|
|
|
|
done:
|
|
|
|
if (formatted.data != NULL)
|
|
|
|
@@ -775,27 +613,27 @@ pem_RSA_SignRaw(pemLOWKEYPrivateKey * ke
|
|
|
|
/* XXX Doesn't set error code */
|
|
|
|
SECStatus
|
|
|
|
RSA_CheckSignRaw(NSSLOWKEYPublicKey * key,
|
|
|
|
- unsigned char *sign,
|
|
|
|
- unsigned int sign_len,
|
|
|
|
+ unsigned char *sig,
|
|
|
|
+ unsigned int sigLen,
|
|
|
|
unsigned char *hash, unsigned int hash_len)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
unsigned char *buffer;
|
|
|
|
|
|
|
|
- if (sign_len != modulus_len)
|
|
|
|
+ if (sigLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
- if (hash_len > modulus_len)
|
|
|
|
+ if (hash_len > modulusLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- buffer = (unsigned char *) nss_ZAlloc(NULL, modulus_len + 1);
|
|
|
|
+ buffer = (unsigned char *) nss_ZAlloc(NULL, modulusLen + 1);
|
|
|
|
if (!buffer)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sign);
|
|
|
|
+ rv = RSA_PublicKeyOp(&key->u.rsa, buffer, sig);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
@@ -803,7 +641,7 @@ RSA_CheckSignRaw(NSSLOWKEYPublicKey * ke
|
|
|
|
* make sure we get the same results
|
|
|
|
*/
|
|
|
|
/* NOTE: should we verify the leading zeros? */
|
|
|
|
- if (memcmp(buffer + (modulus_len - hash_len), hash, hash_len) !=
|
|
|
|
+ if (memcmp(buffer + (modulusLen - hash_len), hash, hash_len) !=
|
|
|
|
0)
|
|
|
|
goto loser;
|
|
|
|
|
|
|
|
@@ -821,25 +659,25 @@ SECStatus
|
|
|
|
RSA_CheckSignRecoverRaw(NSSLOWKEYPublicKey * key,
|
|
|
|
unsigned char *data,
|
|
|
|
unsigned int *data_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *sign, unsigned int sign_len)
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *sig, unsigned int sigLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
|
|
|
|
- if (sign_len != modulus_len)
|
|
|
|
+ if (sigLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
- if (max_output_len < modulus_len)
|
|
|
|
+ if (maxOutputLen < modulusLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- rv = RSA_PublicKeyOp(&key->u.rsa, data, sign);
|
|
|
|
+ rv = RSA_PublicKeyOp(&key->u.rsa, data, sig);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- *data_len = modulus_len;
|
|
|
|
+ *data_len = modulusLen;
|
|
|
|
return SECSuccess;
|
|
|
|
|
|
|
|
failure:
|
|
|
|
@@ -851,26 +689,26 @@ RSA_CheckSignRecoverRaw(NSSLOWKEYPublicK
|
|
|
|
SECStatus
|
|
|
|
RSA_EncryptRaw(NSSLOWKEYPublicKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PublicModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PublicModulusLen(key);
|
|
|
|
SECItem formatted;
|
|
|
|
SECItem unformatted;
|
|
|
|
|
|
|
|
formatted.data = NULL;
|
|
|
|
- if (max_output_len < modulus_len)
|
|
|
|
+ if (maxOutputLen < modulusLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
- unformatted.len = input_len;
|
|
|
|
+ unformatted.len = inputLen;
|
|
|
|
unformatted.data = input;
|
|
|
|
formatted.data = NULL;
|
|
|
|
- rv = rsa_FormatBlock(&formatted, modulus_len, RSA_BlockRaw,
|
|
|
|
+ rv = rsa_FormatBlock(&formatted, modulusLen, RSA_BlockRaw,
|
|
|
|
&unformatted);
|
|
|
|
if (rv != SECSuccess)
|
|
|
|
goto failure;
|
|
|
|
@@ -880,7 +718,7 @@ RSA_EncryptRaw(NSSLOWKEYPublicKey * key,
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
nss_ZFreeIf(formatted.data);
|
|
|
|
- *output_len = modulus_len;
|
|
|
|
+ *outputLen = modulusLen;
|
|
|
|
return SECSuccess;
|
|
|
|
|
|
|
|
failure:
|
|
|
|
@@ -893,21 +731,21 @@ RSA_EncryptRaw(NSSLOWKEYPublicKey * key,
|
|
|
|
SECStatus
|
|
|
|
pem_RSA_DecryptRaw(pemLOWKEYPrivateKey * key,
|
|
|
|
unsigned char *output,
|
|
|
|
- unsigned int *output_len,
|
|
|
|
- unsigned int max_output_len,
|
|
|
|
- unsigned char *input, unsigned int input_len)
|
|
|
|
+ unsigned int *outputLen,
|
|
|
|
+ unsigned int maxOutputLen,
|
|
|
|
+ unsigned char *input, unsigned int inputLen)
|
|
|
|
{
|
|
|
|
SECStatus rv;
|
|
|
|
- unsigned int modulus_len = pem_PrivateModulusLen(key);
|
|
|
|
+ unsigned int modulusLen = pem_PrivateModulusLen(key);
|
|
|
|
|
|
|
|
- if (modulus_len <= 0)
|
|
|
|
+ if (modulusLen <= 0)
|
|
|
|
goto failure;
|
|
|
|
- if (modulus_len > max_output_len)
|
|
|
|
+ if (modulusLen > maxOutputLen)
|
|
|
|
goto failure;
|
|
|
|
PORT_Assert(key->keyType == pemLOWKEYRSAKey);
|
|
|
|
if (key->keyType != pemLOWKEYRSAKey)
|
|
|
|
goto failure;
|
|
|
|
- if (input_len != modulus_len)
|
|
|
|
+ if (inputLen != modulusLen)
|
|
|
|
goto failure;
|
|
|
|
|
|
|
|
rv = RSA_PrivateKeyOp(&key->u.rsa, output, input);
|
|
|
|
@@ -915,7 +753,7 @@ pem_RSA_DecryptRaw(pemLOWKEYPrivateKey *
|
|
|
|
goto failure;
|
|
|
|
}
|
|
|
|
|
|
|
|
- *output_len = modulus_len;
|
|
|
|
+ *outputLen = modulusLen;
|
|
|
|
return SECSuccess;
|
|
|
|
|
|
|
|
failure:
|