Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed the issue with one of the wychproof test vectors for RSA OAEP #237

Merged
merged 1 commit into from
Nov 22, 2022
Merged

Fixed the issue with one of the wychproof test vectors for RSA OAEP #237

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 17 additions & 15 deletions Applet/AndroidSEProviderLib/src/com/android/javacard/seprovider/KMRsaOAEPEncoding.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,10 +125,8 @@ public short doFinal(byte[] inBuff, short inOffset, short inLength,
if (len != 256 || outBuff[0] != 0) {
CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
}
inBuff = outBuff;
inOffset = (short) (outOffset + 1);
return rsaOAEPDecode(inBuff, inOffset, (short) (len - 1), outBuff,
outOffset);
Util.arrayCopyNonAtomic(outBuff, (short) (outOffset + 1), outBuff, (short) 0, (short) (len -1));
return rsaOAEPDecode(outBuff, (short) 0, (short) (len - 1));

}

Expand Down Expand Up @@ -177,7 +175,7 @@ private void I2OS(short i, byte[] out, short offset) {
}

private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff,
short encodedMsgLen, byte[] msg, short offset) {
short encodedMsgLen) {
MessageDigest.OneShot md = null;
byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray;

Expand Down Expand Up @@ -232,22 +230,26 @@ private short rsaOAEPDecode(byte[] encodedMsg, short encodedMsgOff,
// encoding parameters is calculated and then copied from the
// starting of the block and a variable length of 0's are
// appended to the end of the hash till the 0x01 byte.
short start = 0;
short start = (short) (encodedMsgOff + encodedMsgLen);
for (short i = (short) (encodedMsgOff + 2 * hLen);
i < (short) (encodedMsgOff + encodedMsgLen); i++) {
if (i == (short) ((encodedMsgOff + encodedMsgLen) - 1)) {
// Bad Padding.
CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
}
if (encodedMsg[i] != 0) {
if ((encodedMsg[i] != 0)) {
start = i;
break;
}
}
// Copy the message
Util.arrayCopyNonAtomic(encodedMsg, (short) (start + 1), msg, offset,
(short) (encodedMsgLen - ((start - encodedMsgOff) + 1)));
return (short) (encodedMsgLen - ((start - encodedMsgOff) + 1));
if ((start >= (short)(encodedMsgOff + encodedMsgLen)) ||
(encodedMsg[start] != 0x01)) {
// Bad Padding.
CryptoException.throwIt(CryptoException.ILLEGAL_VALUE);
}
start++; // Message starting pos.
if (start < (short)(encodedMsgOff + encodedMsgLen)) {
// Copy the message
Util.arrayCopyNonAtomic(encodedMsg, start, encodedMsg, encodedMsgOff,
(short) (encodedMsgLen - (start - encodedMsgOff)));
}
return (short) (encodedMsgLen - (start - encodedMsgOff));

} finally {
if (md != null) {
Expand Down