1 /* 2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org> 3 * 4 * Permission is hereby granted, free of charge, to any person obtaining 5 * a copy of this software and associated documentation files (the 6 * "Software"), to deal in the Software without restriction, including 7 * without limitation the rights to use, copy, modify, merge, publish, 8 * distribute, sublicense, and/or sell copies of the Software, and to 9 * permit persons to whom the Software is furnished to do so, subject to 10 * the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #include "inner.h" 26 27 /* see bearssl_rsa.h */ 28 uint32_t 29 br_rsa_ssl_decrypt(br_rsa_private core, const br_rsa_private_key *sk, 30 unsigned char *data, size_t len) 31 { 32 uint32_t x; 33 size_t u; 34 35 /* 36 * A first check on length. Since this test works only on the 37 * buffer length, it needs not (and cannot) be constant-time. 38 */ 39 if (len < 59 || len != (sk->n_bitlen + 7) >> 3) { 40 return 0; 41 } 42 x = core(data, sk); 43 44 x &= EQ(data[0], 0x00); 45 x &= EQ(data[1], 0x02); 46 for (u = 2; u < (len - 49); u ++) { 47 x &= NEQ(data[u], 0); 48 } 49 x &= EQ(data[len - 49], 0x00); 50 memmove(data, data + len - 48, 48); 51 return x; 52 } 53