1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
24 */
25
26 /*
27 * This file contains padding helper routines common to
28 * the PKCS11 soft token code and the kernel crypto code.
29 */
30
31 #include <sys/types.h>
32 #include "padding.h"
33
34 #ifdef _KERNEL
35 #include <sys/param.h>
36 #else
37 #include <strings.h>
38 #include <cryptoutil.h>
39 #endif
40
41 /*
42 * This is padding as decribed in Section 10.3 of RSA PKCS#7.
43 *
44 * The RSA PKCS Padding is in the following format:
45 * +-----------------------------+----+-------------+
46 * | DATA |0x0k|0x0k|...|0x0k|
47 * +-----------------------------+----+----+---+----+
48 * where 0x0k is if data_len mod multiple = multiple - k
49 * and multiple < 256 and 1 <= k <= multiple
50 *
51 * If databuf is non NULL, padbuf must be large enough
52 * to contain both databuf and the padding. databuf and
53 * padbuf may be the same buffer.
54 * databuf:
55 * +-----------------------------+
56 * | DATA |
57 * +-----------------------------+
58 * datalen
59 * padbuf:
60 * +-----------------------------+----+-------------+
61 * | DATA |0x0k|0x0k|...|0x0k|
62 * +-----------------------------+----+----+---+----+
63 * datalen padbuflen
64 *
65 * If databuf is NULL, padbuf only needs to be large
66 * enough for the padding, and datalen must still be
67 * provided to compute the padding value:
68 * padbuf:
69 * +----+-------------+
70 * |0x0k|0x0k|...|0x0k|
71 * +----+----+---+----+
72 * datalen padbuflen
73 */
74 int
pkcs7_encode(uint8_t * databuf,size_t datalen,uint8_t * padbuf,size_t padbuflen,uint8_t multiple)75 pkcs7_encode(uint8_t *databuf, size_t datalen, uint8_t *padbuf,
76 size_t padbuflen, uint8_t multiple)
77 {
78 size_t padlen;
79
80 padlen = multiple - (datalen % multiple);
81 if (databuf == NULL)
82 datalen = 0;
83
84 if (padlen > padbuflen - datalen) {
85 return (CKR_DATA_LEN_RANGE);
86 }
87
88 bcopy(databuf, padbuf, datalen);
89 (void) memset(padbuf + datalen, padlen & 0xff, padlen);
90
91 return (0);
92 }
93
94 /*
95 * 'padbuf' points to the recovered message. Strip off the padding and
96 * validate it as much as possible. 'plen' is changed to hold the actual
97 * data length. 'padbuf' is unchanged.
98 */
99 int
pkcs7_decode(uint8_t * padbuf,size_t * plen)100 pkcs7_decode(uint8_t *padbuf, size_t *plen)
101 {
102 int i;
103 size_t padlen;
104
105 /* Recover the padding value, even if padbuf has trailing nulls */
106 while (*plen > 0 && (padlen = padbuf[*plen - 1]) == 0)
107 (*plen)--;
108
109 /* Must have non-zero padding */
110 if (padlen == 0)
111 return (CKR_ENCRYPTED_DATA_INVALID);
112
113 /* Count back from all padding bytes; lint tag is for *plen-1-i >= 0 */
114 /* LINTED E_SUSPICIOUS_COMPARISON */
115 for (i = 0; i < padlen && (*plen - 1 - i) >= 0; i++) {
116 if (padbuf[*plen - 1 - i] != (padlen & 0xff))
117 return (CKR_ENCRYPTED_DATA_INVALID);
118 }
119 *plen -= i;
120 return (0);
121 }
122