#include <mLib/bits.h>
#include <mLib/dstr.h>
+#include "ct.h"
#include "gcipher.h"
#include "ghash.h"
#include "grand.h"
oaep *o = p;
size_t hsz = o->ch->hashsz;
ghash *h;
- octet *q, *mq, *qq;
+ octet *q, *mq;
octet *pp;
gcipher *c;
size_t n;
q = b;
*q++ = 0; sz--;
mq = q + hsz;
- qq = q + sz;
GR_FILL(o->r, q, hsz);
/* --- Fill in the rest of the buffer --- */
* PKCS#1 v. 2.0 (RFC2437).
*/
-static int memeq(const void *xx, const void *yy, size_t sz)
-{
- int eq = 1;
- const octet *x = xx, *y = yy;
- while (sz) { /* Always check every byte */
- if (*x++ != *y++) eq = 0;
- sz--;
- }
- return (eq);
-}
-
int oaep_decode(mp *m, octet *b, size_t sz, unsigned long nbits, void *p)
{
oaep *o = p;
ghash *h;
octet *q, *mq, *qq;
octet *pp;
- unsigned bad = 0;
+ uint32 goodp = 1;
size_t n;
size_t hsz = o->ch->hashsz;
mp_storeb(m, b, sz);
q = b;
- bad = *q;
+ goodp &= ct_inteq(*q, 0);
q++; sz--;
mq = q + hsz;
qq = q + sz;
GH_HASH(h, o->ep, o->epsz);
GH_DONE(h, q);
GH_DESTROY(h);
- bad |= !memeq(q, mq, hsz);
+ goodp &= ct_memeq(q, mq, hsz);
/* --- Now find the start of the actual message --- */
pp = mq + hsz;
while (*pp == 0 && pp < qq)
pp++;
- bad |= (pp >= qq) | (*pp != 1);
+ goodp &= ~ct_intle(qq - b, pp - b);
+ goodp &= ct_inteq(*pp, 1);
pp++;
n = qq - pp;
memmove(q, pp, n);
- return (bad ? -1 : n);
+ return (goodp ? n : -1);
}
/*----- That's all, folks -------------------------------------------------*/
#include <mLib/bits.h>
#include <mLib/dstr.h>
+#include "ct.h"
#include "grand.h"
#include "rsa.h"
* in PKCS#1 v. 2.0 (RFC2437).
*/
-static int memeq(const void *xx, const void *yy, size_t sz)
-{
- int eq = 1;
- const octet *x = xx, *y = yy;
- while (sz) { /* Always check every byte */
- if (*x++ != *y++) eq = 0;
- sz--;
- }
- return (eq);
-}
-
int pkcs1_cryptdecode(mp *m, octet *b, size_t sz,
unsigned long nbits, void *p)
{
pkcs1 *pp = p;
const octet *q, *qq;
size_t n, i;
- int bad = 0;
+ uint32 goodp = 1;
/* --- Check the size of the block looks sane --- */
/* --- Ensure that the block looks OK --- */
- bad |= (*q++ != 0x00 || *q++ != 0x02);
+ goodp &= ct_inteq(*q++, 0);
+ goodp &= ct_inteq(*q++, 2);
/* --- Check the nonzero padding --- */
i = 0;
while (*q != 0 && q < qq)
i++, q++;
- bad |= (i < 8 || qq - q < pp->epsz + 1);
+ goodp &= ct_intle(8, i);
+ goodp &= ~ct_intle(qq - q, pp->epsz + 1);
q++;
/* --- Check the encoding parameters --- */
- bad |= (pp->ep && !memeq(bad ? b : q, pp->ep, pp->epsz));
+ if (pp->ep)
+ goodp &= ct_memeq(b + ct_pick(goodp, 0, q - b), pp->ep, pp->epsz);
q += pp->epsz;
/* --- Done --- */
n = qq - q;
- memmove(b, bad ? b + 1 : q, n);
- return (bad ? -1 : n);
+ memmove(b, b + ct_pick(goodp, 1, q - b), n);
+ return (goodp ? n : -1);
}
/* --- @pkcs1_sigencode@ --- *