diff options
author | Werner Koch <wk@gnupg.org> | 2011-06-09 14:53:10 +0200 |
---|---|---|
committer | Werner Koch <wk@gnupg.org> | 2011-06-09 14:53:10 +0200 |
commit | 86100439dd37a59f99537dc8e824dd1256dc9c72 (patch) | |
tree | 55a31336711cfb8b8272d0e76b4c5b616078e8c6 /cipher/pubkey.c | |
parent | 870b764bb551b726d4a88877533041a4680423db (diff) | |
download | libgcrypt-86100439dd37a59f99537dc8e824dd1256dc9c72.tar.gz |
Use octet_string_from_mpi in oaep_decode.
This is to remove duplicated code. I had to move
octet_string_from_mpi more to the top of the file.
Diffstat (limited to 'cipher/pubkey.c')
-rw-r--r-- | cipher/pubkey.c | 144 |
1 files changed, 62 insertions, 82 deletions
diff --git a/cipher/pubkey.c b/cipher/pubkey.c index 830f5150..a8da7343 100644 --- a/cipher/pubkey.c +++ b/cipher/pubkey.c @@ -784,6 +784,64 @@ pubkey_verify (int algorithm, gcry_mpi_t hash, gcry_mpi_t *data, } +/* Turn VALUE into an octet string and store it in an allocated buffer + at R_FRAME or - if R_RAME is NULL - copy it into the caller + provided buffer SPACE; either SPACE or R_FRAME may be used. If + SPACE if not NULL, the caller must provide a buffer of at least + NBYTES. If the resulting octet string is shorter than NBYTES pad + it to the left with zeroes. If VALUE does not fit into NBYTES + return an error code. */ +static gpg_err_code_t +octet_string_from_mpi (unsigned char **r_frame, void *space, + gcry_mpi_t value, size_t nbytes) +{ + gpg_err_code_t rc; + size_t nframe, noff, n; + unsigned char *frame; + + if (!r_frame == !space) + return GPG_ERR_INV_ARG; /* Only one may be used. */ + + if (r_frame) + *r_frame = NULL; + + rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, + NULL, 0, &nframe, value)); + if (rc) + return rc; + if (nframe > nbytes) + return GPG_ERR_TOO_LARGE; /* Value too long to fit into NBYTES. */ + + noff = (nframe < nbytes)? nbytes - nframe : 0; + n = nframe + noff; + if (space) + frame = space; + else + { + frame = mpi_is_secure (value)? gcry_malloc_secure (n) : gcry_malloc (n); + if (!frame) + { + rc = gpg_err_code_from_syserror (); + return rc; + } + } + if (noff) + memset (frame, 0, noff); + nframe += noff; + rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, + frame+noff, nframe-noff, NULL, value)); + if (rc) + { + gcry_free (frame); + return rc; + } + + if (r_frame) + *r_frame = frame; + return 0; +} + + /* Encode {VALUE,VALUELEN} for an NBITS keys using the pkcs#1 block type 2 padding. On sucess the result is stored as a new MPI at R_RESULT. On error the value at R_RESULT is undefined. @@ -1268,7 +1326,7 @@ oaep_decode (unsigned char **r_result, size_t *r_resultlen, size_t db_len; /* Length of DB and masked_db. */ size_t nkey = (nbits+7)/8; /* Length of the key in bytes. */ int failed = 0; /* Error indicator. */ - size_t noff, n; + size_t n; *r_result = NULL; @@ -1297,33 +1355,13 @@ oaep_decode (unsigned char **r_result, size_t *r_resultlen, bytes. This all is needed to cope with our leading zeroes suppressing MPI implementation. The code implictly implements Step 1b (bail out if NFRAME != N). */ - rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, - NULL, 0, &nframe, value)); - if (rc || nframe > nkey) - { - gcry_free (lhash); - return GPG_ERR_ENCODING_PROBLEM; - } - noff = (nframe < nkey)? nkey - nframe : 0; - n = nframe + noff; - frame = mpi_is_secure (value)? gcry_malloc_secure (n) : gcry_malloc (n); - if (!frame) - { - rc = gpg_error_from_syserror (); - gcry_free (lhash); - return rc; - } - if (noff) - memset (frame, 0, noff); - nframe += noff; - rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, - frame+noff, nframe-noff, NULL, value)); + rc = octet_string_from_mpi (&frame, NULL, value, nkey); if (rc) { - gcry_free (frame); gcry_free (lhash); - return rc; + return GPG_ERR_ENCODING_PROBLEM; } + nframe = nkey; /* Step 1c: Check that the key is long enough. */ if ( nframe < 2 * hlen + 2 ) @@ -1571,64 +1609,6 @@ pss_encode (gcry_mpi_t *r_result, unsigned int nbits, int algo, } -/* Turn VALUE into an octet string and store it in an allocated buffer - at R_FRAME or - if R_RAME is NULL - copy it into the caller - provided buffer SPACE; either SPACE or R_FRAME may be used. If - SPACE if not NULL, the caller must provide a buffer of at least - NBYTES. If the resulting octet string is shorter than NBYTES pad - it to the left with zeroes. If VALUE does not fit into NBYTES - return an error code. */ -static gpg_err_code_t -octet_string_from_mpi (unsigned char **r_frame, void *space, - gcry_mpi_t value, size_t nbytes) -{ - gpg_err_code_t rc; - size_t nframe, noff, n; - unsigned char *frame; - - if (!r_frame == !space) - return GPG_ERR_INV_ARG; /* Only one may be used. */ - - if (r_frame) - *r_frame = NULL; - - rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, - NULL, 0, &nframe, value)); - if (rc) - return rc; - if (nframe > nbytes) - return GPG_ERR_TOO_LARGE; /* Value too long to fit into NBYTES. */ - - noff = (nframe < nbytes)? nbytes - nframe : 0; - n = nframe + noff; - if (space) - frame = space; - else - { - frame = mpi_is_secure (value)? gcry_malloc_secure (n) : gcry_malloc (n); - if (!frame) - { - rc = gpg_err_code_from_syserror (); - return rc; - } - } - if (noff) - memset (frame, 0, noff); - nframe += noff; - rc = gcry_err_code (gcry_mpi_print (GCRYMPI_FMT_USG, - frame+noff, nframe-noff, NULL, value)); - if (rc) - { - gcry_free (frame); - return rc; - } - - if (r_frame) - *r_frame = frame; - return 0; -} - - /* Verify a signature assuming PSS padding. VALUE is the hash of the message (mHash) encoded as an MPI; its length must match the digest length of ALGO. ENCODED is the output of the RSA public key |