rsasignimpl.c

IBE是一种非对称密码技术

  VoltSurrenderCtx *surrCtx = (VoltSurrenderCtx *)0;
  VOLT_DECLARE_ERROR_TYPE (errorType)
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  *verifyResult = 0;

  do
  {
    /* If there's a surrender ctx, call the Surrender function.
     */
    VOLT_GET_OBJECT_SURR_CTX (surrCtx, obj);
    VOLT_CALL_SURRENDER (surrCtx, VT_SURRENDER_FNCT_RSA_VERIFY, 3, 1)

    /* Make sure the key is an RSA public key. Also, this implementation
     * needs the key as data.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_INVALID_KEY_OBJ;
    if ((key->keyType & VOLT_KEY_TYPE_MASK_ASYM_ALG) != VOLT_KEY_ALG_RSA)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    if ((key->keyType & VOLT_KEY_TYPE_PUBLIC) == 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    if (key->mpCtx == (VoltMpIntCtx *)0)
      break;

    mpCtx = key->mpCtx;

    /* See if the key data is already in the form we want it. If so,
     * reset keyDataFlag to 1.
     */
    keyDataFlag = 0;
    if ((key->keyType & VOLT_KEY_TYPE_MASK_DATA) == VOLT_KEY_TYPE_DATA)
    {
      getKeyData = (VoltRsaPublicKey *)(key->keyData);
      if (getKeyData->type == VOLT_KEY_TYPE_PUBLIC)
        keyDataFlag = 1;
    }

    /* If we were not able to get the key data in the form we wanted
     * it, see if we can create it.
     */
    if (keyDataFlag == 0)
    {
      /* Can we get the key data out of the object?
       */
      VOLT_SET_ERROR_TYPE (errorType, 0)
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtGetKeyParam (
        (VtKeyObject)key, VtKeyParamRSAPublicVerify, (Pointer *)&getKeyInfo);
      if (status == VT_ERROR_GET_INFO_UNAVAILABLE)
        status = VT_ERROR_INVALID_KEY_OBJ;
      if (status != 0)
        break;

      VtDestroyKeyObject (&(rsaCtx->tempKey));
      rsaCtx->priKeyData = (VoltRsaPrivateKey *)0;
      rsaCtx->pubKeyData = (VoltRsaPublicKey *)0;

      /* Create a key object we know will possess the key data the way
       * we want it.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtCreateKeyObject (
        obj->voltObject.libraryCtx, VtKeyImplMpCtx, (Pointer)(key->mpCtx),
        &(rsaCtx->tempKey));
      if (status != 0)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtSetKeyParam (
        rsaCtx->tempKey, VtKeyParamRSAPublicVerify, (Pointer)getKeyInfo);
      if (status != 0)
        break;

      key = (VoltKeyObject *)(rsaCtx->tempKey);
      getKeyData = (VoltRsaPublicKey *)(key->keyData);
    }

    /* How big will the signature be? It depends on the key size.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->GetBitLength (getKeyData->modulus, &modLen);
    if (status != 0)
      break;

    modLen = (modLen + 7) / 8;

    /* The signature must be the same length as the modulus.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_INVALID_INPUT_LENGTH;
    if (sigLen != modLen)
      break;

    /* Perform the ModExp that is RSA.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &base);
    if (status != 0)
      break;
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->OctetStringToMpInt (0, signature, sigLen, base);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->CreateMpInt ((Pointer)mpCtx, &result);
    if (status != 0)
      break;

    VOLT_CALL_SURRENDER (surrCtx, VT_SURRENDER_FNCT_RSA_VERIFY, 3, 2)

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->ModExp (
      base, getKeyData->pubExpo, getKeyData->modulus, result);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->GetBitLength (result, &resultLen);
    if (status != 0)
      break;

    resultLen = (resultLen + 7) / 8;

    /* If the resultLen is > modLen, something went wrong, the
     * signature does not verify. We already have the verifyResult set
     * to 0 (does not verify).
     */
    if (resultLen > modLen)
      break;

    /* Allocate a buffer to hold the result as a byte array.
     */
    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_MEMORY;
    buffer = (unsigned char *)Z2Malloc (modLen, VOLT_MEMORY_SENSITIVE);
    if (buffer == (unsigned char *)0)
      break;

    /* Get the result as a buffer the same size as the modulus, which
     * may involve prepending some 00 bytes.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      result, &sign, buffer + (modLen - resultLen), resultLen, &resultLen);
    if (status != 0)
      break;

    Z2Memset (buffer, 0, modLen - resultLen);

    /* If we need to Unpad, call the Unpad function in the signCtx.
     */
    if (signCtx->Unpad != (VUnpad)0)
    {
      /* If the error is INVALID_PAD, just say that the signature did
       * not verify (return 0).
       * If it was some other error, return the error.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = signCtx->Unpad (
        obj, signCtx->padCtx, buffer, modLen, &resultLen);
      if (status != 0)
      {
        /* If the error is something other than INVALID_PAD, return
         * that error.
         */
        if (status != VT_ERROR_INVALID_PAD)
          break;

        /* The error is INVALID_PAD. This implementation says the
         * signature does not verify. The call was successful, so set
         * status to 0, but the sig does not verify (verifyResult was
         * initially set to "no").
         */
        status = 0;
        break;
      }
    }

    VOLT_CALL_SURRENDER (surrCtx, VT_SURRENDER_FNCT_RSA_VERIFY, 3, 3)

    /* At this point we need to compare the dataToVerify with the
     * unpadded buffer.
     */
    if (status != VT_ERROR_INVALID_PAD)
    {
      if (resultLen != dataToVerifyLen)
        break;
      if (Z2Memcmp (buffer, dataToVerify, resultLen) != 0)
        break;
    }

    /* If we reach this point in the code, the signature verifies and
     * status is set to 0. Change the verifyResult to verify and we're
     * done.
     */
    *verifyResult = 1;

  } while (0);

  if (buffer != (unsigned char *)0)
    Z2Free (buffer);

  if (base != (VoltMpInt *)0)
    mpCtx->DestroyMpInt (&base);
  if (result != (VoltMpInt *)0)
    mpCtx->DestroyMpInt (&result);

  VOLT_LOG_ERROR_INFO_COMPARE (
    status, 0, obj, status, 0, errorType,
    (char *)0, "RSAVerifyData", fnctLine, (char *)0)

  return (status);
}

int VoltGetDigestLenFromAlg (
   VoltLibCtx *libCtx,
   unsigned int digestAlg,
   unsigned int *digestLen,
   unsigned int *x931Byte
   )
{
  int status;
  unsigned int temp;
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  if (x931Byte == (unsigned int *)0)
    x931Byte = &temp;

  switch (digestAlg)
  {
    case VT_DIGEST_ALG_MD5:
      *digestLen = 16;
      *x931Byte = VOLT_X931_DIGEST_BYTE_MD5;
      return (0);

    case VT_DIGEST_ALG_SHA1:
      *digestLen = 20;
      *x931Byte = VOLT_X931_DIGEST_BYTE_SHA1;
      return (0);

    case VT_DIGEST_ALG_SHA224:
      *digestLen = 28;
      *x931Byte = VOLT_X931_DIGEST_BYTE_SHA224;
      return (0);

    case VT_DIGEST_ALG_SHA256:
      *digestLen = 32;
      *x931Byte = VOLT_X931_DIGEST_BYTE_SHA256;
      return (0);

    case VT_DIGEST_ALG_SHA384:
      *digestLen = 48;
      *x931Byte = VOLT_X931_DIGEST_BYTE_SHA384;
      return (0);

    case VT_DIGEST_ALG_SHA512:
      *digestLen = 64;
      *x931Byte = VOLT_X931_DIGEST_BYTE_SHA512;
      return (0);

    default:
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VT_ERROR_INVALID_INPUT;
  }

  VOLT_LOG_ERROR_INFO (
    libCtx, 0, status, 0, VT_ERROR_TYPE_PRIMARY,
    (char *)0, "VoltGetDigestLenFromAlg", fnctLine, (char *)0)

  return (status);
}