...

Source file src/github.com/cloudflare/circl/tss/rsa/internal/pkcs1v15.go

Documentation: github.com/cloudflare/circl/tss/rsa/internal 

     1  // https://cs.opensource.google/go/go/+/refs/tags/go1.18.3:src/crypto/rsa/pkcs1v15.go
     2  
     3  // Copyright (c) 2009 The Go Authors. All rights reserved.
     4  //
     5  // Redistribution and use in source and binary forms, with or without
     6  // modification, are permitted provided that the following conditions are
     7  // met:
     8  //
     9  //    * Redistributions of source code must retain the above copyright
    10  // notice, this list of conditions and the following disclaimer.
    11  //    * Redistributions in binary form must reproduce the above
    12  // copyright notice, this list of conditions and the following disclaimer
    13  // in the documentation and/or other materials provided with the
    14  // distribution.
    15  //    * Neither the name of Google Inc. nor the names of its
    16  // contributors may be used to endorse or promote products derived from
    17  // this software without specific prior written permission.
    18  //
    19  // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    20  // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    21  // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    22  // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    23  // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    24  // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    25  // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    26  // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    27  // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    28  // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    29  // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    30  
    31  // Copyright 2009 The Go Authors. All rights reserved.
    32  // Use of this source code is governed by a BSD-style
    33  // license that can be found in the LICENSE file.
    34  
    35  package internal
    36  
    37  import (
    38  	"crypto"
    39  	"crypto/rsa"
    40  	"errors"
    41  	"fmt"
    42  )
    43  
    44  var hashPrefixes = map[crypto.Hash][]byte{
    45  	crypto.MD5: {
    46  		0x30, 0x20, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, 0x05,
    47  		0x00, 0x04, 0x10,
    48  	},
    49  	crypto.SHA1: {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14},
    50  	crypto.SHA224: {
    51  		0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
    52  		0x05, 0x00, 0x04, 0x1c,
    53  	},
    54  	crypto.SHA256: {
    55  		0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
    56  		0x05, 0x00, 0x04, 0x20,
    57  	},
    58  	crypto.SHA384: {
    59  		0x30, 0x41, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
    60  		0x05, 0x00, 0x04, 0x30,
    61  	},
    62  	crypto.SHA512: {
    63  		0x30, 0x51, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
    64  		0x05, 0x00, 0x04, 0x40,
    65  	},
    66  	crypto.MD5SHA1:   {}, // A special TLS case which doesn't use an ASN1 prefix.
    67  	crypto.RIPEMD160: {0x30, 0x20, 0x30, 0x08, 0x06, 0x06, 0x28, 0xcf, 0x06, 0x03, 0x00, 0x31, 0x04, 0x14},
    68  }
    69  
    70  func PadPKCS1v15(pub *rsa.PublicKey, hash crypto.Hash, hashed []byte) ([]byte, error) {
    71  	hashLen, prefix, err := pkcs1v15HashInfo(hash, len(hashed))
    72  	if err != nil {
    73  		return nil, err
    74  	}
    75  
    76  	tLen := len(prefix) + hashLen
    77  	k := pub.Size()
    78  	if k < tLen+11 {
    79  		return nil, fmt.Errorf("message too long")
    80  	}
    81  
    82  	// EM = 0x00 || 0x01 || PS || 0x00 || T
    83  	em := make([]byte, k)
    84  	em[1] = 1
    85  	for i := 2; i < k-tLen-1; i++ {
    86  		em[i] = 0xff
    87  	}
    88  	copy(em[k-tLen:k-hashLen], prefix)
    89  	copy(em[k-hashLen:k], hashed)
    90  
    91  	return em, nil
    92  }
    93  
    94  func pkcs1v15HashInfo(hash crypto.Hash, inLen int) (hashLen int, prefix []byte, err error) {
    95  	// Special case: crypto.Hash(0) is used to indicate that the data is
    96  	// signed directly.
    97  	if hash == 0 {
    98  		return inLen, nil, nil
    99  	}
   100  
   101  	hashLen = hash.Size()
   102  	if inLen != hashLen {
   103  		return 0, nil, errors.New("threshold_internal: crypto/rsa: input must be hashed message")
   104  	}
   105  	prefix, ok := hashPrefixes[hash]
   106  	if !ok {
   107  		return 0, nil, errors.New("threshold_internal: crypto/rsa: unsupported hash function")
   108  	}
   109  	return
   110  }
   111  

View as plain text