--- pgp/src/mpiio.c 2018/04/24 16:39:25 1.1.1.3 +++ pgp/src/mpiio.c 2018/04/24 16:40:15 1.1.1.4 @@ -32,7 +32,7 @@ #ifndef EMBEDDED /* not EMBEDDED - not compiling for embedded target */ #include /* for printf, etc. */ #else /* EMBEDDED - compiling for embedded target */ -#define NULL (void *)0 +#define NULL (VOID *)0 #endif #include "mpilib.h" @@ -498,251 +498,5 @@ void dump_unit_array(string s, unitptr r #endif /* ifdef DEBUG */ - -/* ASN encoding for RSA/MD5 for PKCS compatibility */ -static unsigned char asn_array[] = { /* PKCS 01 block type 01 data */ - 0x30,0x20,0x30,0x0c,0x06,0x08,0x2a,0x86,0x48,0x86,0xf7,0x0d, - 0x02,0x05,0x05,0x00,0x04,0x10 }; -/* Count from end for zero */ -#define ASN_ZERO_END 3 - -/* -** short preblock(outreg, inbuf, bytecount, modulus, randompad) -** -** A plaintext message must be converted into an integer less than -** the modulus n. We do this by making it 1 byte shorter than the -** normalized modulus n. Short blocks are left justified and padded. -** -** The padding used depends on whether randompad is NULL. First a -** 0 byte is added beyond the data; then either 0xff's or values -** from randompad are added. Last is a byte which tells whether -** we are preblocking a message digest or a conventional key; we -** assume that random padding is only used for conventional keys. -** -*/ - -#ifdef PKCS_COMPAT -/* Version for compatibility with PKCS */ - -short preblock(unitptr outreg, byteptr inbuf, short bytecount, - unitptr modulus, byteptr randompad) -/* Converts plaintext block into form suitable for RSA encryption. - inbuf contains the pointer to the data to be blocked. To the - extent that it can be said to have a byte order, it should be - prepared MSB first. - Converts to an MPI in INTERNAL byte order. - Returns # of bytes remaining to process. Note that the same buffer - address may be used for both outreg and inbuf. - randompad is a pointer to a buffer of random pad bytes to use for - padding material, or NULL iff we want to use constant padding. -*/ -{ byte out[MAX_BYTE_PRECISION]; - short byte_precision,leading_zeros,remaining,blocksize,padding; - boolean mic_flag = (randompad==0); - int i,j; - - /* Our strategy is to fill the buffer in MSB-first order, then - * to call convert_order which will make it proper for an MPI. - */ - byte_precision = units2bytes(global_precision); - leading_zeros = byte_precision - countbytes(modulus) + 1; - blocksize = byte_precision - leading_zeros; - /* note that blocksize includes data plus pad bytes, if any */ - - padding = blocksize - 2 - (mic_flag?sizeof(asn_array):0) - bytecount; - - /* Remaining is # of bytes we can't do. If it's negative it's the - * number more we could have done. - */ - remaining = 1 - padding; /* Padding must be >= 1 */ - - if (remaining>0) /* Just do a part of it */ - { bytecount -= remaining; - padding = 1; - } - - /* Start filling array, MSB first */ - i = 0; - - while (leading_zeros--) - out[i++] = 0; - - /* Now we've gotten to the "mpi" part of the number */ - - /* Now the type byte */ - out[i++] = mic_flag ? MD_ENCRYPTED_BYTE : CK_ENCRYPTED_BYTE; - - /* Now padding: use either 0xff or values from randompad */ - while (padding--) - out[i++] = mic_flag ? 0xff : *randompad++; - - /* A zero to separate things */ - out [i++] = 0; - - /* Now ASN stuff if MIC (signature) */ - if (mic_flag) - for (j=0; j=0) - bytecount = blocksize; - i = 0; - -/* Assume MSB external byte ordering */ - while (leading_zeros--) /* assumes MSB first */ - out[i++] = 0; - - while (bytecount--) /* copy user data */ - out[i++] = *inbuf++; - - out [i++] = 0; /* Always start with a 0 for padding */ - -/* Assume MSB external byte ordering */ - /* Pad with either 0xff or values from randompad */ - while (i < byte_precision - 1) - out[i++] = randompad ? *randompad++ : 0xff; - - /* End with type byte, which we deduce from randompad */ - out[i++] = randompad ? CK_ENCRYPTED_BYTE : MD_ENCRYPTED_BYTE; - - /* End of padding logic */ - - mp_move(outreg,(unitptr)out); - mp_burn((unitptr)out); /* burn the evidence on the stack */ - mp_convert_order((byte *)outreg); /* convert outreg to INTERNAL byte order */ - return(remaining); /* less than 0 if there was padding */ -} /* preblock */ -#endif /* PKCS_COMPAT */ - - -short postunblock(byteptr outbuf, unitptr inreg, unitptr modulus) -/* Converts a just-decrypted RSA block back into unblocked plaintext form. - Converts to EXTERNAL byte order. - See the notes on preblocking in the preblock routine above. - Note that outbuf must be at least as large as inreg. - The same buffer address may be used for both outbuf and inreg. - Returns positive bytecount of plaintext, or negative error status. - -1 is bad packet; -2 is unrecognized digest algorithm. -*/ -{ short i,j,byte_precision,leading_zeros,bytecount; - short blocksize; - boolean constpad; - - byte_precision = units2bytes(global_precision); - leading_zeros = byte_precision - countbytes(modulus) + 1; - blocksize = byte_precision - leading_zeros; - /* note that blocksize includes data plus pad bytes, if any */ - - mp_move((unitptr)outbuf,inreg); - mp_convert_order(outbuf); /* convert to EXTERNAL byte order */ - - /* Determine if it is the PKCS format or the older format. - * PKCS keys must be >= 48 bytes (384 bits). DEK keys have a 2 - * as the MSB. Pre-PKCS keys and PKCS MICs have 1 there. PKCS - * MICs have a 0 at a certain point in the ASN string, a point - * where non-PKCS strings have non-zero padding. That's how we - * tell. - */ - if (byte_precision < 48 || - (outbuf[leading_zeros] == 1 && - (outbuf[byte_precision-1]==1 || outbuf[byte_precision-1]==2) && - outbuf[byte_precision-16-ASN_ZERO_END] != 0)) - { /* Pre-2.3 format */ - /* Check high byte, make sure it's legal, figure out padding type */ -/* Assume MSB external byte ordering */ - i = byte_precision - 1; - if (outbuf[i] == MD_ENCRYPTED_BYTE) - constpad = 1; - else if (outbuf[i] == CK_ENCRYPTED_BYTE) - constpad = 0; - else - return(-2); - - /* Scan down for the 0 byte that ends padding */ - while (--i > 0 && outbuf[i]) - if (constpad && outbuf[i] != 0xff) - return(-1); - -/* Assume MSB external byte ordering */ - bytecount = i - leading_zeros; - if (leading_zeros) - for (i = 0; i < bytecount; ++i) - outbuf[i] = outbuf[i+leading_zeros]; - - /* Zero out high part of buffer to make it look nice */ - while (i < byte_precision) - outbuf[i++] = 0; - } - else - { /* PKCS compatible format */ - /* Determine which type it is */ - i = leading_zeros; - if (outbuf[i] == MD_ENCRYPTED_BYTE) - constpad = 1; - else if (outbuf[i] == CK_ENCRYPTED_BYTE) - constpad = 0; - else - return(-1); - - /* Scan for the 0 byte that ends padding */ - while (++i