piwalker/dolphin
1
0
Fork 0
mirror of https://github.com/dolphin-emu/dolphin.git synced 2025-07-22 05:40:01 -06:00
Code Issues Packages Projects Releases Wiki Activity

Update external polarssl to 1.3.8

Browse Source 
There were some fixes back on March 13th, 2014 for fixing compiling on MIPS64.
Also some fixes on June 25th, 2014 for SPARC64 fixes.

Probably more things, but those are what I care about.
This commit is contained in:
Ryan Houdek
2014-09-08 01:58:33 -05:00
parent 6ea82790ba
commit a48e284317
130 changed files with 12346 additions and 4632 deletions
Download Patch File Download Diff File Expand all files Collapse all files

201
Externals/polarssl/library/rsa.c vendored
View File

@ -1,7 +1,7 @@
/*
* The RSA public-key cryptosystem
*
* Copyright (C) 2006-2011, Brainspark B.V.
* Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@ -29,7 +29,11 @@
* http://www.cacr.math.uwaterloo.ca/hac/about/chap8.pdf
*/
#if !defined(POLARSSL_CONFIG_FILE)
#include "polarssl/config.h"
#else
#include POLARSSL_CONFIG_FILE
#endif
#if defined(POLARSSL_RSA_C)
@ -43,6 +47,12 @@
#include <stdlib.h>
#include <stdio.h>
#if defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#define polarssl_printf printf
#endif
/*
* Initialize an RSA context
*/
@ -52,14 +62,22 @@ void rsa_init( rsa_context *ctx,
{
memset( ctx, 0, sizeof( rsa_context ) );
ctx->padding = padding;
ctx->hash_id = hash_id;
rsa_set_padding( ctx, padding, hash_id );
#if defined(POLARSSL_THREADING_C)
polarssl_mutex_init( &ctx->mutex );
#endif
}
/*
* Set padding for an existing RSA context
*/
void rsa_set_padding( rsa_context *ctx, int padding, int hash_id )
{
ctx->padding = padding;
ctx->hash_id = hash_id;
}
#if defined(POLARSSL_GENPRIME)
/*
@ -86,7 +104,7 @@ int rsa_gen_key( rsa_context *ctx,
do
{
MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
MPI_CHK( mpi_gen_prime( &ctx->P, ( nbits + 1 ) >> 1, 0,
f_rng, p_rng ) );
MPI_CHK( mpi_gen_prime( &ctx->Q, ( nbits + 1 ) >> 1, 0,
@ -135,7 +153,7 @@ cleanup:
return( 0 );
}
#endif
#endif /* POLARSSL_GENPRIME */
/*
* Check a public RSA key
@ -154,7 +172,7 @@ int rsa_check_pubkey( const rsa_context *ctx )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->E ) < 2 ||
mpi_msb( &ctx->E ) > 64 )
mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
return( 0 );
@ -311,7 +329,7 @@ cleanup:
return( ret );
}
#endif
#endif /* !POLARSSL_RSA_NO_CRT */
/*
* Do an RSA private key operation
@ -343,7 +361,7 @@ int rsa_private( rsa_context *ctx,
Vi = &ctx->Vi;
Vf = &ctx->Vf;
#endif
#endif
#endif /* !POLARSSL_RSA_NO_CRT */
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
@ -401,7 +419,7 @@ int rsa_private( rsa_context *ctx,
MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
}
#endif
#endif /* POLARSSL_RSA_NO_CRT */
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
@ -465,7 +483,7 @@ static void mgf_mask( unsigned char *dst, size_t dlen, unsigned char *src,
dlen -= use_len;
}
}
#endif
#endif /* POLARSSL_PKCS1_V21 */
#if defined(POLARSSL_PKCS1_V21)
/*
@ -487,7 +505,10 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
const md_info_t *md_info;
md_context_t md_ctx;
if( ctx->padding != RSA_PKCS_V21 || f_rng == NULL )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
if( f_rng == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_info = md_info_from_type( ctx->hash_id );
@ -497,7 +518,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
olen = ctx->len;
hlen = md_get_size( md_info );
if( olen < ilen + 2 * hlen + 2 || f_rng == NULL )
if( olen < ilen + 2 * hlen + 2 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
memset( output, 0, olen );
@ -519,6 +540,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
*p++ = 1;
memcpy( p, input, ilen );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// maskedDB: Apply dbMask to DB
@ -531,7 +553,7 @@ int rsa_rsaes_oaep_encrypt( rsa_context *ctx,
mgf_mask( output + 1, hlen, output + hlen + 1, olen - hlen - 1,
&md_ctx );
md_free_ctx( &md_ctx );
md_free( &md_ctx );
return( ( mode == RSA_PUBLIC )
? rsa_public( ctx, output, output )
@ -554,7 +576,10 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
int ret;
unsigned char *p = output;
if( ctx->padding != RSA_PKCS_V15 || f_rng == NULL )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
if( f_rng == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@ -579,8 +604,8 @@ int rsa_rsaes_pkcs1_v15_encrypt( rsa_context *ctx,
// Check if RNG failed to generate data
//
if( rng_dl == 0 || ret != 0)
return POLARSSL_ERR_RSA_RNG_FAILED + ret;
if( rng_dl == 0 || ret != 0 )
return( POLARSSL_ERR_RSA_RNG_FAILED + ret );
p++;
}
@ -657,7 +682,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
/*
* Parameters sanity checks
*/
if( ctx->padding != RSA_PKCS_V21 )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
ilen = ctx->len;
@ -684,6 +709,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
*/
hlen = md_get_size( md_info );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
/* Generate lHash */
@ -697,7 +723,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx );
md_free_ctx( &md_ctx );
md_free( &md_ctx );
/*
* Check contents, in "constant-time"
@ -735,7 +761,7 @@ int rsa_rsaes_oaep_decrypt( rsa_context *ctx,
if( bad != 0 )
return( POLARSSL_ERR_RSA_INVALID_PADDING );
if (ilen - (p - buf) > output_max_len)
if( ilen - ( p - buf ) > output_max_len )
return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
*olen = ilen - (p - buf);
@ -762,7 +788,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
unsigned char *p, bad, pad_done = 0;
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
if( ctx->padding != RSA_PKCS_V15 )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
ilen = ctx->len;
@ -809,7 +835,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
* (minus one, for the 00 byte) */
for( i = 0; i < ilen - 3; i++ )
{
pad_done |= ( p[i] == 0xFF );
pad_done |= ( p[i] != 0xFF );
pad_count += ( pad_done == 0 );
}
@ -820,7 +846,7 @@ int rsa_rsaes_pkcs1_v15_decrypt( rsa_context *ctx,
if( bad )
return( POLARSSL_ERR_RSA_INVALID_PADDING );
if (ilen - (p - buf) > output_max_len)
if( ilen - ( p - buf ) > output_max_len )
return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
*olen = ilen - (p - buf);
@ -883,7 +909,10 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
const md_info_t *md_info;
md_context_t md_ctx;
if( ctx->padding != RSA_PKCS_V21 || f_rng == NULL )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
if( f_rng == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@ -924,6 +953,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
memcpy( p, salt, slen );
p += slen;
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
// Generate H = Hash( M' )
@ -943,7 +973,7 @@ int rsa_rsassa_pss_sign( rsa_context *ctx,
//
mgf_mask( sig + offset, olen - hlen - 1 - offset, p, hlen, &md_ctx );
md_free_ctx( &md_ctx );
md_free( &md_ctx );
msb = mpi_msb( &ctx->N ) - 1;
sig[0] &= 0xFF >> ( olen * 8 - msb );
@ -977,7 +1007,7 @@ int rsa_rsassa_pkcs1_v15_sign( rsa_context *ctx,
unsigned char *p = sig;
const char *oid;
if( ctx->padding != RSA_PKCS_V15 )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
olen = ctx->len;
@ -1079,14 +1109,16 @@ int rsa_pkcs1_sign( rsa_context *ctx,
/*
* Implementation of the PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int rsa_rsassa_pss_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig )
int rsa_rsassa_pss_verify_ext( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
md_type_t mgf1_hash_id,
int expected_salt_len,
const unsigned char *sig )
{
int ret;
size_t siglen;
@ -1099,7 +1131,7 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
const md_info_t *md_info;
md_context_t md_ctx;
if( ctx->padding != RSA_PKCS_V21 )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
siglen = ctx->len;
@ -1130,12 +1162,12 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
hashlen = md_get_size( md_info );
}
md_info = md_info_from_type( ctx->hash_id );
md_info = md_info_from_type( mgf1_hash_id );
if( md_info == NULL )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
hlen = md_get_size( md_info );
slen = siglen - hlen - 1;
slen = siglen - hlen - 1; /* Currently length of salt + padding */
memset( zeros, 0, 8 );
@ -1153,6 +1185,7 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
if( buf[0] >> ( 8 - siglen * 8 + msb ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
md_init( &md_ctx );
md_init_ctx( &md_ctx, md_info );
mgf_mask( p, siglen - hlen - 1, p + siglen - hlen - 1, hlen, &md_ctx );
@ -1165,12 +1198,20 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
if( p == buf + siglen ||
*p++ != 0x01 )
{
md_free_ctx( &md_ctx );
md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
/* Actual salt len */
slen -= p - buf;
if( expected_salt_len != RSA_SALT_LEN_ANY &&
slen != (size_t) expected_salt_len )
{
md_free( &md_ctx );
return( POLARSSL_ERR_RSA_INVALID_PADDING );
}
// Generate H = Hash( M' )
//
md_starts( &md_ctx );
@ -1179,13 +1220,36 @@ int rsa_rsassa_pss_verify( rsa_context *ctx,
md_update( &md_ctx, p, slen );
md_finish( &md_ctx, result );
md_free_ctx( &md_ctx );
md_free( &md_ctx );
if( memcmp( p + slen, result, hlen ) == 0 )
return( 0 );
else
return( POLARSSL_ERR_RSA_VERIFY_FAILED );
}
/*
* Simplified PKCS#1 v2.1 RSASSA-PSS-VERIFY function
*/
int rsa_rsassa_pss_verify( rsa_context *ctx,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng,
int mode,
md_type_t md_alg,
unsigned int hashlen,
const unsigned char *hash,
const unsigned char *sig )
{
md_type_t mgf1_hash_id = ( ctx->hash_id != POLARSSL_MD_NONE )
? (md_type_t) ctx->hash_id
: md_alg;
return( rsa_rsassa_pss_verify_ext( ctx, f_rng, p_rng, mode,
md_alg, hashlen, hash,
mgf1_hash_id, RSA_SALT_LEN_ANY,
sig ) );
}
#endif /* POLARSSL_PKCS1_V21 */
#if defined(POLARSSL_PKCS1_V15)
@ -1209,7 +1273,7 @@ int rsa_rsassa_pkcs1_v15_verify( rsa_context *ctx,
const md_info_t *md_info;
asn1_buf oid;
if( ctx->padding != RSA_PKCS_V15 )
if( mode == RSA_PRIVATE && ctx->padding != RSA_PKCS_V15 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
siglen = ctx->len;
@ -1367,7 +1431,7 @@ int rsa_copy( rsa_context *dst, const rsa_context *src )
#endif
dst->padding = src->padding;
dst->hash_id = src->padding;
dst->hash_id = src->hash_id;
cleanup:
if( ret != 0 )
@ -1455,6 +1519,7 @@ void rsa_free( rsa_context *ctx )
#if defined(POLARSSL_PKCS1_V15)
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
#if !defined(__OpenBSD__)
size_t i;
if( rng_state != NULL )
@ -1462,16 +1527,23 @@ static int myrand( void *rng_state, unsigned char *output, size_t len )
for( i = 0; i < len; ++i )
output[i] = rand();
#else
if( rng_state != NULL )
rng_state = NULL;
arc4random_buf( output, len );
#endif /* !OpenBSD */
return( 0 );
}
#endif
#endif /* POLARSSL_PKCS1_V15 */
/*
* Checkup routine
*/
int rsa_self_test( int verbose )
{
int ret = 0;
#if defined(POLARSSL_PKCS1_V15)
size_t len;
rsa_context rsa;
@ -1485,29 +1557,29 @@ int rsa_self_test( int verbose )
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
mpi_read_string( &rsa.E , 16, RSA_E );
mpi_read_string( &rsa.D , 16, RSA_D );
mpi_read_string( &rsa.P , 16, RSA_P );
mpi_read_string( &rsa.Q , 16, RSA_Q );
mpi_read_string( &rsa.DP, 16, RSA_DP );
mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mpi_read_string( &rsa.QP, 16, RSA_QP );
MPI_CHK( mpi_read_string( &rsa.N , 16, RSA_N ) );
MPI_CHK( mpi_read_string( &rsa.E , 16, RSA_E ) );
MPI_CHK( mpi_read_string( &rsa.D , 16, RSA_D ) );
MPI_CHK( mpi_read_string( &rsa.P , 16, RSA_P ) );
MPI_CHK( mpi_read_string( &rsa.Q , 16, RSA_Q ) );
MPI_CHK( mpi_read_string( &rsa.DP, 16, RSA_DP ) );
MPI_CHK( mpi_read_string( &rsa.DQ, 16, RSA_DQ ) );
MPI_CHK( mpi_read_string( &rsa.QP, 16, RSA_QP ) );
if( verbose != 0 )
printf( " RSA key validation: " );
polarssl_printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 encryption : " );
polarssl_printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
@ -1515,20 +1587,20 @@ int rsa_self_test( int verbose )
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 decryption : " );
polarssl_printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, myrand, NULL, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
@ -1536,14 +1608,14 @@ int rsa_self_test( int verbose )
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
#if defined(POLARSSL_SHA1_C)
if( verbose != 0 )
printf( "passed\n PKCS#1 data sign : " );
polarssl_printf( "passed\n PKCS#1 data sign : " );
sha1( rsa_plaintext, PT_LEN, sha1sum );
@ -1551,34 +1623,35 @@ int rsa_self_test( int verbose )
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 sig. verify: " );
polarssl_printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n\n" );
polarssl_printf( "passed\n\n" );
#endif /* POLARSSL_SHA1_C */
cleanup:
rsa_free( &rsa );
#else /* POLARSSL_PKCS1_V15 */
((void) verbose);
#endif /* POLARSSL_PKCS1_V15 */
return( 0 );
return( ret );
}
#endif
#endif /* POLARSSL_SELF_TEST */
#endif
#endif /* POLARSSL_RSA_C */