xref: /optee_os/core/lib/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c (revision 2a65ecaf7d6f855e24ce1a117fe1931f7378f82c) 
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
2 /* SPDX-License-Identifier: Unlicense */
3 #include "tomcrypt_private.h"
4 
5 /*! \file pkcs_1_v1_5_encode.c
6  *
7  *  PKCS #1 v1.5 Padding (Andreas Lange)
8  */
9 
10 #ifdef LTC_PKCS_1
11 
12 /*! \brief PKCS #1 v1.5 encode.
13  *
14  *  \param msg              The data to encode
15  *  \param msglen           The length of the data to encode (octets)
16  *  \param block_type       Block type to use in padding (\sa ltc_pkcs_1_v1_5_blocks)
17  *  \param modulus_bitlen   The bit length of the RSA modulus
18  *  \param prng             An active PRNG state (only for LTC_PKCS_1_EME)
19  *  \param prng_idx         The index of the PRNG desired (only for LTC_PKCS_1_EME)
20  *  \param out              [out] The destination for the encoded data
21  *  \param outlen           [in/out] The max size and resulting size of the encoded data
22  *
23  *  \return CRYPT_OK if successful
24  */
pkcs_1_v1_5_encode(const unsigned char * msg,unsigned long msglen,int block_type,unsigned long modulus_bitlen,prng_state * prng,int prng_idx,unsigned char * out,unsigned long * outlen)25 int pkcs_1_v1_5_encode(const unsigned char *msg,
26                              unsigned long  msglen,
27                                        int  block_type,
28                              unsigned long  modulus_bitlen,
29                                 prng_state *prng,
30                                        int  prng_idx,
31                              unsigned char *out,
32                              unsigned long *outlen)
33 {
34   unsigned long modulus_len, ps_len, i;
35   unsigned char *ps;
36   int result;
37 
38   LTC_ARGCHK((msglen == 0) || (msg != NULL));
39   LTC_ARGCHK(out    != NULL);
40   LTC_ARGCHK(outlen != NULL);
41 
42   /* valid block_type? */
43   if ((block_type != LTC_PKCS_1_EMSA) &&
44       (block_type != LTC_PKCS_1_EME)) {
45      return CRYPT_PK_INVALID_PADDING;
46   }
47 
48   if (block_type == LTC_PKCS_1_EME) {    /* encryption padding, we need a valid PRNG */
49     if ((result = prng_is_valid(prng_idx)) != CRYPT_OK) {
50        return result;
51     }
52   }
53 
54   modulus_len = (modulus_bitlen >> 3) + (modulus_bitlen & 7 ? 1 : 0);
55 
56   /* test message size */
57   if ((msglen + 11) > modulus_len) {
58     return CRYPT_PK_INVALID_SIZE;
59   }
60 
61   if (*outlen < modulus_len) {
62     *outlen = modulus_len;
63     result = CRYPT_BUFFER_OVERFLOW;
64     goto bail;
65   }
66 
67   /* generate an octets string PS */
68   ps = &out[2];
69   ps_len = modulus_len - msglen - 3;
70 
71   if (block_type == LTC_PKCS_1_EME) {
72     /* now choose a random ps */
73     if (prng_descriptor[prng_idx]->read(ps, ps_len, prng) != ps_len) {
74       result = CRYPT_ERROR_READPRNG;
75       goto bail;
76     }
77 
78     /* transform zero bytes (if any) to non-zero random bytes */
79     for (i = 0; i < ps_len; i++) {
80       while (ps[i] == 0) {
81         if (prng_descriptor[prng_idx]->read(&ps[i], 1, prng) != 1) {
82           result = CRYPT_ERROR_READPRNG;
83           goto bail;
84         }
85       }
86     }
87   } else {
88     XMEMSET(ps, 0xFF, ps_len);
89   }
90 
91   /* create string of length modulus_len */
92   out[0]          = 0x00;
93   out[1]          = (unsigned char)block_type;  /* block_type 1 or 2 */
94   out[2 + ps_len] = 0x00;
95   if (msglen != 0) {
96     XMEMCPY(&out[2 + ps_len + 1], msg, msglen);
97   }
98   *outlen = modulus_len;
99 
100   result  = CRYPT_OK;
101 bail:
102   return result;
103 } /* pkcs_1_v1_5_encode */
104 
105 #endif /* #ifdef LTC_PKCS_1 */
106