1
0
mirror of https://github.com/golang/go synced 2024-11-25 13:07:57 -07:00

crypto/rsa: left-pad PKCS#1 v1.5 outputs.

OpenSSL requires that RSA signatures be exactly the same byte-length
as the modulus. Currently it'll reject ~1/256 of our signatures: those
that end up a byte shorter.

Fixes #3796.

R=golang-dev, edsrzf, r
CC=golang-dev
https://golang.org/cl/6352093
This commit is contained in:
Adam Langley 2012-07-11 12:47:12 -04:00
parent 82cbcb0dd5
commit 93ea79ee7e

View File

@ -25,10 +25,10 @@ func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) (out []byte, er
return return
} }
// EM = 0x02 || PS || 0x00 || M // EM = 0x00 || 0x02 || PS || 0x00 || M
em := make([]byte, k-1) em := make([]byte, k)
em[0] = 2 em[1] = 2
ps, mm := em[1:len(em)-len(msg)-1], em[len(em)-len(msg):] ps, mm := em[2:len(em)-len(msg)-1], em[len(em)-len(msg):]
err = nonZeroRandomBytes(ps, rand) err = nonZeroRandomBytes(ps, rand)
if err != nil { if err != nil {
return return
@ -38,7 +38,9 @@ func EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) (out []byte, er
m := new(big.Int).SetBytes(em) m := new(big.Int).SetBytes(em)
c := encrypt(new(big.Int), pub, m) c := encrypt(new(big.Int), pub, m)
out = c.Bytes()
copyWithLeftPad(em, c.Bytes())
out = em
return return
} }
@ -185,9 +187,12 @@ func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []b
m := new(big.Int).SetBytes(em) m := new(big.Int).SetBytes(em)
c, err := decrypt(rand, priv, m) c, err := decrypt(rand, priv, m)
if err == nil { if err != nil {
s = c.Bytes() return
} }
copyWithLeftPad(em, c.Bytes())
s = em
return return
} }
@ -241,3 +246,13 @@ func pkcs1v15HashInfo(hash crypto.Hash, inLen int) (hashLen int, prefix []byte,
} }
return return
} }
// copyWithLeftPad copies src to the end of dest, padding with zero bytes as
// needed.
func copyWithLeftPad(dest, src []byte) {
numPaddingBytes := len(dest) - len(src)
for i := 0; i < numPaddingBytes; i++ {
dest[i] = 0
}
copy(dest[numPaddingBytes:], src)
}