776
static void pss_mgf(unsigned char *in, unsigned int inlen, unsigned char *out, unsigned int outlen)
779
unsigned int i, laps;
780
unsigned char cnt[4], digest[PSS_DIGEST_LENGTH];
783
laps = (outlen + PSS_DIGEST_LENGTH - 1) / PSS_DIGEST_LENGTH;
785
for(i = 0; i < laps; i++) {
786
cnt[0] = (unsigned char) 0;
787
cnt[1] = (unsigned char) 0;
788
cnt[2] = (unsigned char) (i / 256);
789
cnt[3] = (unsigned char) i;
792
sha256_update(&ctx, in, inlen);
793
sha256_update(&ctx, cnt, sizeof(cnt));
794
sha256_final(&ctx, digest);
797
memcpy(&out[i * PSS_DIGEST_LENGTH], digest, PSS_DIGEST_LENGTH);
799
memcpy(&out[i * PSS_DIGEST_LENGTH], digest, outlen - i * PSS_DIGEST_LENGTH);
803
static int pss_versig(const unsigned char *sha256, const char *dsig)
807
unsigned char *pt, digest1[PSS_DIGEST_LENGTH], digest2[PSS_DIGEST_LENGTH], *salt;
808
unsigned int plen = PSS_NBITS / 8, hlen, slen, i;
809
unsigned char dblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];
810
unsigned char mblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];
811
unsigned char fblock[8 + 2 * PSS_DIGEST_LENGTH];
814
hlen = slen = PSS_DIGEST_LENGTH;
816
mp_read_radix(&n, PSS_NSTR, 10);
818
mp_read_radix(&e, PSS_ESTR, 10);
819
if(!(pt = cli_decodesig(dsig, plen, e, n))) {
827
if(pt[plen - 1] != 0xbc) {
828
/* cli_dbgmsg("cli_versigpss: Incorrect signature syntax (0xbc)\n"); */
833
memcpy(mblock, pt, plen - hlen - 1);
834
memcpy(digest2, &pt[plen - hlen - 1], hlen);
837
pss_mgf(digest2, hlen, dblock, plen - hlen - 1);
839
for(i = 0; i < plen - hlen - 1; i++)
840
dblock[i] ^= mblock[i];
842
dblock[0] &= (0xff >> 1);
844
salt = memchr(dblock, 0x01, sizeof(dblock));
846
/* cli_dbgmsg("cli_versigpss: Can't find salt\n"); */
851
if((unsigned int) (dblock + sizeof(dblock) - salt) != slen) {
852
/* cli_dbgmsg("cli_versigpss: Bad salt size\n"); */
856
memset(fblock, 0, 8);
857
memcpy(&fblock[8], sha256, hlen);
858
memcpy(&fblock[8 + hlen], salt, slen);
861
sha256_update(&ctx, fblock, sizeof(fblock));
862
sha256_final(&ctx, digest1);
864
if(memcmp(digest1, digest2, hlen)) {
865
/* cli_dbgmsg("cli_versigpss: Signature doesn't match.\n"); */
872
776
int cdiff_apply(int fd, unsigned short mode)
874
778
struct cdiff_ctx ctx;