diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-15 14:16:51 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2017-01-15 14:16:51 +0100 |
| commit | 3f8ecd933a610c6f3b5d02e184c7faf205ad95d3 (patch) | |
| tree | ae7a778a4a8dbbfc255b9a9f527179bfa9cc865c /networking/tls_rsa.c | |
| parent | c5540d61f6b411967fc3e30f1eb1e8af5077c2e5 (diff) | |
| download | busybox-w32-3f8ecd933a610c6f3b5d02e184c7faf205ad95d3.tar.gz busybox-w32-3f8ecd933a610c6f3b5d02e184c7faf205ad95d3.tar.bz2 busybox-w32-3f8ecd933a610c6f3b5d02e184c7faf205ad95d3.zip | |
tls: rearrange code, add/improve comments, fix whitespace, no real changes here
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'networking/tls_rsa.c')
| -rw-r--r-- | networking/tls_rsa.c | 122 |
1 files changed, 64 insertions, 58 deletions
diff --git a/networking/tls_rsa.c b/networking/tls_rsa.c index 058b09cee..3114435dd 100644 --- a/networking/tls_rsa.c +++ b/networking/tls_rsa.c | |||
| @@ -5,49 +5,55 @@ | |||
| 5 | */ | 5 | */ |
| 6 | #include "tls.h" | 6 | #include "tls.h" |
| 7 | 7 | ||
| 8 | /* The code below is taken from parts of | ||
| 9 | * matrixssl-3-7-2b-open/crypto/pubkey/pkcs.c | ||
| 10 | * matrixssl-3-7-2b-open/crypto/pubkey/rsa.c | ||
| 11 | * and (so far) almost not modified. Changes are flagged with ///bbox | ||
| 12 | */ | ||
| 13 | |||
| 8 | #define pkcs1Pad(in, inlen, out, outlen, cryptType, userPtr) \ | 14 | #define pkcs1Pad(in, inlen, out, outlen, cryptType, userPtr) \ |
| 9 | pkcs1Pad(in, inlen, out, outlen, cryptType) | 15 | pkcs1Pad(in, inlen, out, outlen, cryptType) |
| 10 | static ///bbox | 16 | static ///bbox |
| 11 | int32 pkcs1Pad(unsigned char *in, uint32 inlen, unsigned char *out, | 17 | int32 pkcs1Pad(unsigned char *in, uint32 inlen, unsigned char *out, |
| 12 | uint32 outlen, int32 cryptType, void *userPtr) | 18 | uint32 outlen, int32 cryptType, void *userPtr) |
| 13 | { | 19 | { |
| 14 | unsigned char *c; | 20 | unsigned char *c; |
| 15 | int32 randomLen; | 21 | int32 randomLen; |
| 16 | 22 | ||
| 17 | randomLen = outlen - 3 - inlen; | 23 | randomLen = outlen - 3 - inlen; |
| 18 | if (randomLen < 8) { | 24 | if (randomLen < 8) { |
| 19 | psTraceCrypto("pkcs1Pad failure\n"); | 25 | psTraceCrypto("pkcs1Pad failure\n"); |
| 20 | return PS_LIMIT_FAIL; | 26 | return PS_LIMIT_FAIL; |
| 21 | } | 27 | } |
| 22 | c = out; | 28 | c = out; |
| 23 | *c = 0x00; | 29 | *c = 0x00; |
| 24 | c++; | 30 | c++; |
| 25 | *c = (unsigned char)cryptType; | 31 | *c = (unsigned char)cryptType; |
| 26 | c++; | 32 | c++; |
| 27 | if (cryptType == PUBKEY_TYPE) { | 33 | if (cryptType == PUBKEY_TYPE) { |
| 28 | while (randomLen-- > 0) { | 34 | while (randomLen-- > 0) { |
| 29 | *c++ = 0xFF; | 35 | *c++ = 0xFF; |
| 30 | } | 36 | } |
| 31 | } else { | 37 | } else { |
| 32 | if (matrixCryptoGetPrngData(c, (uint32)randomLen, userPtr) < 0) { | 38 | if (matrixCryptoGetPrngData(c, (uint32)randomLen, userPtr) < 0) { |
| 33 | return PS_PLATFORM_FAIL; | 39 | return PS_PLATFORM_FAIL; |
| 34 | } | 40 | } |
| 35 | /* | 41 | /* |
| 36 | SECURITY: Read through the random data and change all 0x0 to 0x01. | 42 | SECURITY: Read through the random data and change all 0x0 to 0x01. |
| 37 | This is per spec that no random bytes should be 0 | 43 | This is per spec that no random bytes should be 0 |
| 38 | */ | 44 | */ |
| 39 | while (randomLen-- > 0) { | 45 | while (randomLen-- > 0) { |
| 40 | if (*c == 0x0) { | 46 | if (*c == 0x0) { |
| 41 | *c = 0x01; | 47 | *c = 0x01; |
| 42 | } | 48 | } |
| 43 | c++; | 49 | c++; |
| 44 | } | 50 | } |
| 45 | } | 51 | } |
| 46 | *c = 0x00; | 52 | *c = 0x00; |
| 47 | c++; | 53 | c++; |
| 48 | memcpy(c, in, inlen); | 54 | memcpy(c, in, inlen); |
| 49 | 55 | ||
| 50 | return outlen; | 56 | return outlen; |
| 51 | } | 57 | } |
| 52 | 58 | ||
| 53 | #define psRsaCrypt(pool, in, inlen, out, outlen, key, type, data) \ | 59 | #define psRsaCrypt(pool, in, inlen, out, outlen, key, type, data) \ |
| @@ -173,31 +179,31 @@ done: | |||
| 173 | } | 179 | } |
| 174 | 180 | ||
| 175 | int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key, | 181 | int32 psRsaEncryptPub(psPool_t *pool, psRsaKey_t *key, |
| 176 | unsigned char *in, uint32 inlen, | 182 | unsigned char *in, uint32 inlen, |
| 177 | unsigned char *out, uint32 outlen, void *data) | 183 | unsigned char *out, uint32 outlen, void *data) |
| 178 | { | 184 | { |
| 179 | int32 err; | 185 | int32 err; |
| 180 | uint32 size; | 186 | uint32 size; |
| 181 | 187 | ||
| 182 | size = key->size; | 188 | size = key->size; |
| 183 | if (outlen < size) { | 189 | if (outlen < size) { |
| 184 | psTraceCrypto("Error on bad outlen parameter to psRsaEncryptPub\n"); | 190 | psTraceCrypto("Error on bad outlen parameter to psRsaEncryptPub\n"); |
| 185 | return PS_ARG_FAIL; | 191 | return PS_ARG_FAIL; |
| 186 | } | 192 | } |
| 187 | 193 | ||
| 188 | if ((err = pkcs1Pad(in, inlen, out, size, PRIVKEY_TYPE, data)) | 194 | if ((err = pkcs1Pad(in, inlen, out, size, PRIVKEY_TYPE, data)) |
| 189 | < PS_SUCCESS) { | 195 | < PS_SUCCESS) { |
| 190 | psTraceCrypto("Error padding psRsaEncryptPub. Likely data too long\n"); | 196 | psTraceCrypto("Error padding psRsaEncryptPub. Likely data too long\n"); |
| 191 | return err; | 197 | return err; |
| 192 | } | 198 | } |
| 193 | if ((err = psRsaCrypt(pool, out, size, out, (uint32*)&outlen, key, | 199 | if ((err = psRsaCrypt(pool, out, size, out, (uint32*)&outlen, key, |
| 194 | PUBKEY_TYPE, data)) < PS_SUCCESS) { | 200 | PUBKEY_TYPE, data)) < PS_SUCCESS) { |
| 195 | psTraceCrypto("Error performing psRsaEncryptPub\n"); | 201 | psTraceCrypto("Error performing psRsaEncryptPub\n"); |
| 196 | return err; | 202 | return err; |
| 197 | } | 203 | } |
| 198 | if (outlen != size) { | 204 | if (outlen != size) { |
| 199 | psTraceCrypto("Encrypted size error in psRsaEncryptPub\n"); | 205 | psTraceCrypto("Encrypted size error in psRsaEncryptPub\n"); |
| 200 | return PS_FAILURE; | 206 | return PS_FAILURE; |
| 201 | } | 207 | } |
| 202 | return size; | 208 | return size; |
| 203 | } | 209 | } |