1 // SPDX-License-Identifier: BSD-2-Clause
2 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
3 *
4 * LibTomCrypt is a library that provides various cryptographic
5 * algorithms in a highly modular and flexible manner.
6 *
7 * The library is free for all purposes without any express
8 * guarantee it works.
9 */
10 #include "tomcrypt_private.h"
11
12 /*! \file pkcs_1_v1_5_encode.c
13 *
14 * PKCS #1 v1.5 Padding (Andreas Lange)
15 */
16
17 #ifdef LTC_PKCS_1
18
19 /*! \brief PKCS #1 v1.5 encode.
20 *
21 * \param msg The data to encode
22 * \param msglen The length of the data to encode (octets)
23 * \param block_type Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
24 * \param modulus_bitlen The bit length of the RSA modulus
25 * \param prng An active PRNG state (only for LTC_PKCS_1_EME)
26 * \param prng_idx The index of the PRNG desired (only for LTC_PKCS_1_EME)
27 * \param out [out] The destination for the encoded data
28 * \param outlen [in/out] The max size and resulting size of the encoded data
29 *
30 * \return CRYPT_OK if successful
31 */
pkcs_1_v1_5_encode(const unsigned char * msg,unsigned long msglen,int block_type,unsigned long modulus_bitlen,prng_state * prng,int prng_idx,unsigned char * out,unsigned long * outlen)32 int pkcs_1_v1_5_encode(const unsigned char *msg,
33 unsigned long msglen,
34 int block_type,
35 unsigned long modulus_bitlen,
36 prng_state *prng,
37 int prng_idx,
38 unsigned char *out,
39 unsigned long *outlen)
40 {
41 unsigned long modulus_len, ps_len, i;
42 unsigned char *ps;
43 int result;
44
45 /* valid block_type? */
46 if ((block_type != LTC_PKCS_1_EMSA) &&
47 (block_type != LTC_PKCS_1_EME)) {
48 return CRYPT_PK_INVALID_PADDING;
49 }
50
51 if (block_type == LTC_PKCS_1_EME) { /* encryption padding, we need a valid PRNG */
52 if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) {
53 return result;
54 }
55 }
56
57 modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
58
59 /* test message size */
60 if ((msglen + 11) > modulus_len) {
61 return CRYPT_PK_INVALID_SIZE;
62 }
63
64 if (*outlen < modulus_len) {
65 *outlen = modulus_len;
66 result = CRYPT_BUFFER_OVERFLOW;
67 goto bail;
68 }
69
70 /* generate an octets string PS */
71 ps = &out[2];
72 ps_len = modulus_len - msglen - 3;
73
74 if (block_type == LTC_PKCS_1_EME) {
75 /* now choose a random ps */
76 if (prng_descriptor[prng_idx]->read(ps, ps_len, prng) != ps_len) {
77 result = CRYPT_ERROR_READPRNG;
78 goto bail;
79 }
80
81 /* transform zero bytes (if any) to non-zero random bytes */
82 for (i = 0; i < ps_len; i++) {
83 while (ps[i] == 0) {
84 if (prng_descriptor[prng_idx]->read(&ps[i], 1, prng) != 1) {
85 result = CRYPT_ERROR_READPRNG;
86 goto bail;
87 }
88 }
89 }
90 } else {
91 XMEMSET(ps, 0xFF, ps_len);
92 }
93
94 /* create string of length modulus_len */
95 out[0] = 0x00;
96 out[1] = (unsigned char)block_type; /* block_type 1 or 2 */
97 out[2 + ps_len] = 0x00;
98 XMEMCPY(&out[2 + ps_len + 1], msg, msglen);
99 *outlen = modulus_len;
100
101 result = CRYPT_OK;
102 bail:
103 return result;
104 } /* pkcs_1_v1_5_encode */
105
106 #endif /* #ifdef LTC_PKCS_1 */
107
108 /* ref: $Format:%D$ */
109 /* git commit: $Format:%H$ */
110 /* commit time: $Format:%ai$ */
111