Skip to content

Commit

Permalink
move RSASSA-PSS code to shared/cdiff.c
Browse files Browse the repository at this point in the history
git-svn: trunk@3305
  • Loading branch information
Tomasz Kojm committed Oct 18, 2007
1 parent 24cd6d2 commit d1c685b
Show file tree
Hide file tree
Showing 13 changed files with 183 additions and 141 deletions.
4 changes: 4 additions & 0 deletions ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
Thu Oct 18 14:54:20 EDT 2007 (tk)
---------------------------------
* libclamav: move RSASSA-PSS code to shared/cdiff.c

Wed Oct 17 11:40:05 BST 2007 (trog)
-----------------------------------
* libclamav/unrar: remove RARv3 support.
Expand Down
1 change: 1 addition & 0 deletions freshclam/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ freshclam_SOURCES = \
$(top_srcdir)/shared/misc.h \
$(top_srcdir)/shared/options.c \
$(top_srcdir)/shared/options.h \
$(top_srcdir)/shared/sha256.c \
$(top_srcdir)/shared/cdiff.c \
$(top_srcdir)/shared/cdiff.h \
freshclam.c \
Expand Down
22 changes: 19 additions & 3 deletions freshclam/Makefile.in
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,9 @@ binPROGRAMS_INSTALL = $(INSTALL_PROGRAM)
PROGRAMS = $(bin_PROGRAMS)
am_freshclam_OBJECTS = output.$(OBJEXT) cfgparser.$(OBJEXT) \
getopt.$(OBJEXT) misc.$(OBJEXT) options.$(OBJEXT) \
cdiff.$(OBJEXT) freshclam.$(OBJEXT) manager.$(OBJEXT) \
notify.$(OBJEXT) dns.$(OBJEXT) execute.$(OBJEXT) \
nonblock.$(OBJEXT) mirman.$(OBJEXT)
sha256.$(OBJEXT) cdiff.$(OBJEXT) freshclam.$(OBJEXT) \
manager.$(OBJEXT) notify.$(OBJEXT) dns.$(OBJEXT) \
execute.$(OBJEXT) nonblock.$(OBJEXT) mirman.$(OBJEXT)
freshclam_OBJECTS = $(am_freshclam_OBJECTS)
freshclam_LDADD = $(LDADD)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
Expand Down Expand Up @@ -230,6 +230,7 @@ freshclam_SOURCES = \
$(top_srcdir)/shared/misc.h \
$(top_srcdir)/shared/options.c \
$(top_srcdir)/shared/options.h \
$(top_srcdir)/shared/sha256.c \
$(top_srcdir)/shared/cdiff.c \
$(top_srcdir)/shared/cdiff.h \
freshclam.c \
Expand Down Expand Up @@ -331,6 +332,7 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/notify.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/options.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/output.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Po@am__quote@

.c.o:
@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
Expand Down Expand Up @@ -423,6 +425,20 @@ options.obj: $(top_srcdir)/shared/options.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o options.obj `if test -f '$(top_srcdir)/shared/options.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/options.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/options.c'; fi`

sha256.o: $(top_srcdir)/shared/sha256.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha256.o -MD -MP -MF "$(DEPDIR)/sha256.Tpo" -c -o sha256.o `test -f '$(top_srcdir)/shared/sha256.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/sha256.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sha256.Tpo" "$(DEPDIR)/sha256.Po"; else rm -f "$(DEPDIR)/sha256.Tpo"; exit 1; fi
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/sha256.c' object='sha256.o' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha256.o `test -f '$(top_srcdir)/shared/sha256.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/sha256.c

sha256.obj: $(top_srcdir)/shared/sha256.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha256.obj -MD -MP -MF "$(DEPDIR)/sha256.Tpo" -c -o sha256.obj `if test -f '$(top_srcdir)/shared/sha256.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/sha256.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/sha256.c'; fi`; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sha256.Tpo" "$(DEPDIR)/sha256.Po"; else rm -f "$(DEPDIR)/sha256.Tpo"; exit 1; fi
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$(top_srcdir)/shared/sha256.c' object='sha256.obj' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha256.obj `if test -f '$(top_srcdir)/shared/sha256.c'; then $(CYGPATH_W) '$(top_srcdir)/shared/sha256.c'; else $(CYGPATH_W) '$(srcdir)/$(top_srcdir)/shared/sha256.c'; fi`

cdiff.o: $(top_srcdir)/shared/cdiff.c
@am__fastdepCC_TRUE@ if $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT cdiff.o -MD -MP -MF "$(DEPDIR)/cdiff.Tpo" -c -o cdiff.o `test -f '$(top_srcdir)/shared/cdiff.c' || echo '$(srcdir)/'`$(top_srcdir)/shared/cdiff.c; \
@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/cdiff.Tpo" "$(DEPDIR)/cdiff.Po"; else rm -f "$(DEPDIR)/cdiff.Tpo"; exit 1; fi
Expand Down
2 changes: 0 additions & 2 deletions libclamav/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -164,8 +164,6 @@ libclamav_la_SOURCES = \
iana_tld.h \
regex_list.c \
regex_list.h \
sha256.c \
sha256.h \
mspack.c \
mspack.h \
cab.c \
Expand Down
17 changes: 9 additions & 8 deletions libclamav/Makefile.in
Original file line number Diff line number Diff line change
Expand Up @@ -89,8 +89,7 @@ am_libclamav_la_OBJECTS = matcher-ac.lo matcher-bm.lo matcher.lo \
LZMADecode.lo bzlib.lo infblock.lo nulsft.lo pdf.lo spin.lo \
yc.lo elf.lo sis.lo uuencode.lo pst.lo phishcheck.lo \
phish_domaincheck_db.lo phish_whitelist.lo regex_list.lo \
sha256.lo mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo \
lockdb.lo
mspack.lo cab.lo entconv.lo hashtab.lo dconf.lo lockdb.lo
libclamav_la_OBJECTS = $(am_libclamav_la_OBJECTS)
DEFAULT_INCLUDES = -I. -I$(srcdir) -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
Expand Down Expand Up @@ -149,6 +148,7 @@ F77 = @F77@
FFLAGS = @FFLAGS@
FRESHCLAM_LIBS = @FRESHCLAM_LIBS@
GETENT = @GETENT@
GREP = @GREP@
HAVE_MILTER_FALSE = @HAVE_MILTER_FALSE@
HAVE_MILTER_TRUE = @HAVE_MILTER_TRUE@
INSTALL_DATA = @INSTALL_DATA@
Expand Down Expand Up @@ -183,12 +183,9 @@ STRIP = @STRIP@
THREAD_LIBS = @THREAD_LIBS@
TH_SAFE = @TH_SAFE@
VERSION = @VERSION@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
ac_ct_RANLIB = @ac_ct_RANLIB@
ac_ct_STRIP = @ac_ct_STRIP@
am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
Expand All @@ -205,23 +202,30 @@ build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sendmailprog = @sendmailprog@
sharedstatedir = @sharedstatedir@
Expand Down Expand Up @@ -373,8 +377,6 @@ libclamav_la_SOURCES = \
iana_tld.h \
regex_list.c \
regex_list.h \
sha256.c \
sha256.h \
mspack.c \
mspack.h \
cab.c \
Expand Down Expand Up @@ -510,7 +512,6 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/regfree.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rtf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/scanners.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sha256.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sis.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snprintf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/special.Plo@am__quote@
Expand Down
133 changes: 12 additions & 121 deletions libclamav/dsig.c
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
/*
* Copyright (C) 2003 - 2006 Tomasz Kojm <[email protected]>
* RSASSA-PSS code (C) Sensory Networks, Inc.
* Written by Tomasz Kojm
*
* Number encoding rutines are based on yyyRSA by Erik Thiele
*
Expand Down Expand Up @@ -36,23 +34,14 @@
#include "others.h"
#include "dsig.h"
#include "str.h"
#include "sha256.h"

#define CLI_NSTR "118640995551645342603070001658453189751527774412027743746599405743243142607464144767361060640655844749760788890022283424922762488917565551002467771109669598189410434699034532232228621591089508178591428456220796841621637175567590476666928698770143328137383952820383197532047771780196576957695822641224262693037"

#define CLI_ESTR "100001027"

#define CLI_NSTRPSS "14783905874077467090262228516557917570254599638376203532031989214105552847269687489771975792123442185817287694951949800908791527542017115600501303394778618535864845235700041590056318230102449612217458549016089313306591388590790796515819654102320725712300822356348724011232654837503241736177907784198700834440681124727060540035754699658105895050096576226753008596881698828185652424901921668758326578462003247906470982092298106789657211905488986281078346361469524484829559560886227198091995498440676639639830463593211386055065360288422394053998134458623712540683294034953818412458362198117811990006021989844180721010947"

#define CLI_ESTRPSS "100002053"

#define PSS_NBITS 2048
#define PSS_DIGEST_LENGTH 32


static char cli_ndecode(char value)
static unsigned char cli_ndecode(unsigned char value)
{
int i;
unsigned int i;
char ncodec[] = {
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l',
'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
Expand All @@ -73,17 +62,17 @@ static char cli_ndecode(char value)
return -1;
}

static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_t n)
unsigned char *cli_decodesig(const char *sig, unsigned int plen, mpz_t e, mpz_t n)
{
int i, siglen = strlen(sig), dec;
unsigned char *decoded;
unsigned int i, slen = strlen(sig), dec;
unsigned char *plain;
mpz_t r, p, c;


mpz_init(r);
mpz_init(c);

for(i = 0; i < siglen; i++) {
for(i = 0; i < slen; i++) {
if((dec = cli_ndecode(sig[i])) < 0) {
mpz_clear(r);
mpz_clear(c);
Expand All @@ -95,9 +84,9 @@ static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_
mpz_add(c, c, r);
}

decoded = (unsigned char *) cli_calloc(plainlen + 1, sizeof(unsigned char));
if(!decoded) {
cli_errmsg("cli_decodesig: Can't allocate memory\n");
plain = (unsigned char *) cli_calloc(plen + 1, sizeof(unsigned char));
if(!plain) {
cli_errmsg("cli_decodesig: Can't allocate memory for 'plain'\n");
mpz_clear(r);
mpz_clear(c);
return NULL;
Expand All @@ -107,113 +96,15 @@ static unsigned char *cli_decodesig(const char *sig, int plainlen, mpz_t e, mpz_
mpz_powm(p, c, e, n); /* plain = cipher^e mod n */
mpz_clear(c);

for(i = plainlen - 1; i >= 0; i--) { /* reverse */
for(i = plen - 1; i >= 0; i--) { /* reverse */
mpz_tdiv_qr_ui(p, r, p, 256);
decoded[i] = mpz_get_ui(r);
plain[i] = mpz_get_ui(r);
}

mpz_clear(p);
mpz_clear(r);

return decoded;
}
static void cli_mgf(unsigned char *in, unsigned int inlen, unsigned char *out, unsigned int outlen)
{
SHA256_CTX ctx;
unsigned int i, laps;
unsigned char cnt[4], digest[PSS_DIGEST_LENGTH];


laps = (outlen + PSS_DIGEST_LENGTH - 1) / PSS_DIGEST_LENGTH;

for(i = 0; i < laps; i++) {
cnt[0] = (unsigned char) 0;
cnt[1] = (unsigned char) 0;
cnt[2] = (unsigned char) (i / 256);
cnt[3] = (unsigned char) i;

sha256_init(&ctx);
sha256_update(&ctx, in, inlen);
sha256_update(&ctx, cnt, sizeof(cnt));
sha256_final(&ctx);
sha256_digest(&ctx, digest);

if(i != laps - 1)
memcpy(&out[i * PSS_DIGEST_LENGTH], digest, PSS_DIGEST_LENGTH);
else
memcpy(&out[i * PSS_DIGEST_LENGTH], digest, outlen - i * PSS_DIGEST_LENGTH);
}
}

int cli_versigpss(const unsigned char *sha256, const char *dsig)
{
mpz_t n, e;
SHA256_CTX ctx;
unsigned char *pt, digest1[PSS_DIGEST_LENGTH], digest2[PSS_DIGEST_LENGTH], *salt;
unsigned int plen = PSS_NBITS / 8, hlen, slen, i;
unsigned char dblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];
unsigned char mblock[PSS_NBITS / 8 - PSS_DIGEST_LENGTH - 1];
unsigned char fblock[8 + 2 * PSS_DIGEST_LENGTH];


hlen = slen = PSS_DIGEST_LENGTH;
mpz_init_set_str(n, CLI_NSTRPSS, 10);
mpz_init_set_str(e, CLI_ESTRPSS, 10);

if(!(pt = cli_decodesig(dsig, plen, e, n))) {
mpz_clear(n);
mpz_clear(e);
return CL_EDSIG;
}

mpz_clear(n);
mpz_clear(e);

if(pt[plen - 1] != 0xbc) {
cli_dbgmsg("cli_versigpss: Incorrect signature syntax (0xbc)\n");
free(pt);
return CL_EDSIG;
}

memcpy(mblock, pt, plen - hlen - 1);
memcpy(digest2, &pt[plen - hlen - 1], hlen);
free(pt);

cli_mgf(digest2, hlen, dblock, plen - hlen - 1);

for(i = 0; i < plen - hlen - 1; i++)
dblock[i] ^= mblock[i];

dblock[0] &= (0xff >> 1);

salt = memchr(dblock, 0x01, sizeof(dblock));
if(!salt) {
cli_dbgmsg("cli_versigpss: Can't find salt\n");
return CL_EDSIG;
}
salt++;

if((unsigned int) (dblock + sizeof(dblock) - salt) != slen) {
cli_dbgmsg("cli_versigpss: Bad salt size\n");
return CL_EDSIG;
}

memset(fblock, 0, 8);
memcpy(&fblock[8], sha256, hlen);
memcpy(&fblock[8 + hlen], salt, slen);

sha256_init(&ctx);
sha256_update(&ctx, fblock, sizeof(fblock));
sha256_final(&ctx);
sha256_digest(&ctx, digest1);

if(memcmp(digest1, digest2, hlen)) {
cli_dbgmsg("cli_versigpss: Signature doesn't match.\n");
return CL_EDSIG;
}

cli_dbgmsg("cli_versigpss: Digital signature is correct.\n");
return CL_SUCCESS;
return plain;
}

int cli_versig(const char *md5, const char *dsig)
Expand Down
10 changes: 9 additions & 1 deletion libclamav/dsig.h
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,15 @@
#ifndef __DSIG_H
#define __DSIG_H

#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif

#ifdef HAVE_GMP
#include <gmp.h>

int cli_versig(const char *md5, const char *dsig);
int cli_versigpss(const unsigned char *sha256, const char *dsig);
unsigned char *cli_decodesig(const char *sig, unsigned int plen, mpz_t e, mpz_t n);

#endif /* HAVE_GMP */
#endif
Loading

0 comments on commit d1c685b

Please sign in to comment.