2 * sigcheck.c - routines to check OpenPGP signatures
4 * Copyright 2012 Jonathan McDowell <noodles@earth.li>
6 * This program is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the Free
8 * Software Foundation; version 2 of the License.
10 * This program is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
15 * You should have received a copy of the GNU General Public License along with
16 * this program. If not, see <https://www.gnu.org/licenses/>.
22 #include "build-config.h"
23 #include "decodekey.h"
24 #include "hash-helper.h"
26 #include "keystructs.h"
34 #include <nettle/dsa.h>
35 #include <nettle/ecc.h>
36 #include <nettle/ecc-curve.h>
37 #include <nettle/ecdsa.h>
38 #include <nettle/eddsa.h>
39 #include <nettle/rsa.h>
42 #ifndef HAVE_NETTLE_GET_SECP_256R1
43 #define nettle_get_secp_256r1() &nettle_secp_256r1
45 #ifndef HAVE_NETTLE_GET_SECP_384R1
46 #define nettle_get_secp_384r1() &nettle_secp_384r1
48 #ifndef HAVE_NETTLE_GET_SECP_521R1
49 #define nettle_get_secp_521r1() &nettle_secp_521r1
54 /* Take an MPI from a buffer and import it into a GMP mpz_t */
55 #define MPI_TO_MPZ(pk, v) \
57 /* MPI length is stored in bits, convert it to bytes */ \
58 if (pk->length < (ofs + 2)) { \
59 ret = ONAK_E_INVALID_PKT; \
61 len = pk->data[ofs] << 8 | pk->data[ofs + 1]; \
64 if (pk->length < (ofs + len + 2)) { \
65 ret = ONAK_E_INVALID_PKT; \
67 mpz_import(v, len, 1, 1, 0, 0, &pk->data[ofs + 2]); \
76 * Hold the crypto material for a public key.
77 * May want to move to a header at some point.
79 struct onak_key_material {
82 struct dsa_params dsa;
84 struct rsa_public_key rsa;
90 static void onak_free_key_material(struct onak_key_material *key)
93 case OPENPGP_PKALGO_ECDSA:
94 ecc_point_clear(&key->ecc);
96 case OPENPGP_PKALGO_DSA:
97 mpz_clear(key->dsa.p);
98 mpz_clear(key->dsa.q);
99 mpz_clear(key->dsa.g);
102 case OPENPGP_PKALGO_RSA:
103 case OPENPGP_PKALGO_RSA_ENC:
104 case OPENPGP_PKALGO_RSA_SIGN:
105 mpz_clear(key->rsa.n);
106 mpz_clear(key->rsa.e);
110 /* Set the key type back to 0 to indicate we cleared it */
116 static onak_status_t onak_parse_key_material(struct openpgp_packet *pk,
117 struct onak_key_material *key)
122 onak_status_t ret = ONAK_E_OK;
124 /* Clear the key type; only set it when fully parsed */
128 * Shortest valid key is v4 Ed25519, which takes 51 bytes, so do a
129 * quick sanity check which will ensure we have enough data to check
130 * the packet header and OID info.
133 return ONAK_E_INVALID_PKT;
135 if (pk->data[0] != 4 && pk->data[0] != 5)
136 return ONAK_E_UNSUPPORTED_FEATURE;
139 * MPIs are after version byte, 4 byte creation time +
140 * type byte plus length for v5.
142 ofs = (pk->data[0] == 4) ? 6 : 10;
143 switch (pk->data[5]) {
144 case OPENPGP_PKALGO_ECDSA:
145 oid = onak_parse_oid(&pk->data[ofs], pk->length - ofs);
146 if (oid == ONAK_OID_INVALID)
147 return ONAK_E_INVALID_PKT;
148 if (oid == ONAK_OID_UNKNOWN)
149 return ONAK_E_UNSUPPORTED_FEATURE;
151 if (oid == ONAK_OID_NISTP256) {
152 if (pk->length - ofs != 76)
153 return ONAK_E_INVALID_PKT;
154 /* Move past the OID to the key data MPI */
155 ofs += pk->data[ofs] + 1;
156 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
158 return ONAK_E_INVALID_PKT;
159 if (pk->data[ofs + 2] != 4)
160 return ONAK_E_INVALID_PKT;
163 ecc_point_init(&key->ecc, nettle_get_secp_256r1());
165 mpz_import(x, 32, 1, 1, 0, 0, &pk->data[ofs]);
167 mpz_import(y, 32, 1, 1, 0, 0, &pk->data[ofs]);
169 ecc_point_set(&key->ecc, x, y);
170 } else if (oid == ONAK_OID_NISTP384) {
171 if (pk->length - ofs != 105)
172 return ONAK_E_INVALID_PKT;
173 /* Move past the OID to the key data MPI */
174 ofs += pk->data[ofs] + 1;
175 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
177 return ONAK_E_INVALID_PKT;
178 if (pk->data[ofs + 2] != 4)
179 return ONAK_E_INVALID_PKT;
182 ecc_point_init(&key->ecc, nettle_get_secp_384r1());
184 mpz_import(x, 48, 1, 1, 0, 0, &pk->data[ofs]);
186 mpz_import(y, 48, 1, 1, 0, 0, &pk->data[ofs]);
188 ecc_point_set(&key->ecc, x, y);
189 } else if (oid == ONAK_OID_NISTP521) {
190 if (pk->length - ofs != 141)
191 return ONAK_E_INVALID_PKT;
192 /* Move past the OID to the key data MPI */
193 ofs += pk->data[ofs] + 1;
194 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
196 return ONAK_E_INVALID_PKT;
197 if (pk->data[ofs + 2] != 4)
198 return ONAK_E_INVALID_PKT;
201 ecc_point_init(&key->ecc, nettle_get_secp_521r1());
203 mpz_import(x, 66, 1, 1, 0, 0, &pk->data[ofs]);
205 mpz_import(y, 66, 1, 1, 0, 0, &pk->data[ofs]);
207 ecc_point_set(&key->ecc, x, y);
209 return ONAK_E_UNSUPPORTED_FEATURE;
214 case OPENPGP_PKALGO_EDDSA:
215 if (pk->length - ofs != 45)
216 return ONAK_E_INVALID_PKT;
217 oid = onak_parse_oid(&pk->data[ofs], pk->length - ofs);
218 if (oid == ONAK_OID_INVALID)
219 return ONAK_E_INVALID_PKT;
220 if (oid == ONAK_OID_UNKNOWN)
221 return ONAK_E_UNSUPPORTED_FEATURE;
223 /* Move past the OID to the key data MPI */
224 ofs += pk->data[ofs] + 1;
226 if (oid == ONAK_OID_ED25519) {
227 len = pk->data[ofs] << 8 | pk->data[ofs + 1];
229 return ONAK_E_INVALID_PKT;
230 if (pk->data[ofs + 2] != 0x40)
231 return ONAK_E_INVALID_PKT;
233 memcpy(key->ed25519, &pk->data[ofs], 32);
236 return ONAK_E_UNSUPPORTED_FEATURE;
239 case OPENPGP_PKALGO_DSA:
240 mpz_init(key->dsa.p);
241 mpz_init(key->dsa.q);
242 mpz_init(key->dsa.g);
244 MPI_TO_MPZ(pk, key->dsa.p);
245 if (ret == ONAK_E_OK)
246 MPI_TO_MPZ(pk, key->dsa.q);
247 if (ret == ONAK_E_OK)
248 MPI_TO_MPZ(pk, key->dsa.g);
249 if (ret == ONAK_E_OK)
250 MPI_TO_MPZ(pk, key->y);
252 case OPENPGP_PKALGO_RSA:
253 case OPENPGP_PKALGO_RSA_ENC:
254 case OPENPGP_PKALGO_RSA_SIGN:
255 mpz_init(key->rsa.n);
256 mpz_init(key->rsa.e);
257 key->rsa.size = ((pk->data[6] << 8) + pk->data[7] + 7) >> 3;
258 MPI_TO_MPZ(pk, key->rsa.n);
259 if (ret == ONAK_E_OK)
260 MPI_TO_MPZ(pk, key->rsa.e);
263 return ONAK_E_UNSUPPORTED_FEATURE;
267 * Keep scan-build happy; we bump this in MPI_TO_MPZ and then don't use
268 * it again the last time we do so.
272 key->type = pk->data[5];
274 if (ret != ONAK_E_OK) {
275 onak_free_key_material(key);
281 onak_status_t onak_check_hash_sig(struct openpgp_packet *sigkey,
282 struct openpgp_packet *sig,
287 struct onak_key_material pubkey;
288 struct dsa_signature dsasig;
295 ret = onak_parse_key_material(sigkey, &pubkey);
296 if (ret != ONAK_E_OK) {
300 /* Sanity check the length of the signature packet */
301 if (sig->length < 8) {
302 ret = ONAK_E_INVALID_PKT;
306 if (sig->data[0] == 3) {
307 /* Must be 5 bytes hashed */
308 if (sig->data[1] != 5) {
309 ret = ONAK_E_INVALID_PARAM;
313 /* Need at least 19 bytes for the sig header */
314 if (sig->length < 19) {
315 ret = ONAK_E_INVALID_PKT;
319 /* Skip to the signature material */
321 sigkeytype = sig->data[15];
322 } else if (sig->data[0] >= 4) {
323 /* Skip the hashed data */
324 ofs = (sig->data[4] << 8) + sig->data[5] + 6;
325 if (sig->length < ofs + 2) {
326 ret = ONAK_E_INVALID_PKT;
329 /* Skip the unhashed data */
330 ofs += (sig->data[ofs] << 8) + sig->data[ofs + 1] + 2;
331 if (sig->length < ofs + 2) {
332 ret = ONAK_E_INVALID_PKT;
335 /* Skip the sig hash bytes */
337 sigkeytype = sig->data[2];
339 ret = ONAK_E_UNSUPPORTED_FEATURE;
343 /* Is the key the same type as the signature we're checking? */
344 if (pubkey.type != sigkeytype) {
345 ret = ONAK_E_INVALID_PARAM;
349 /* Parse the actual signature values */
350 switch (sigkeytype) {
351 case OPENPGP_PKALGO_ECDSA:
352 case OPENPGP_PKALGO_DSA:
355 MPI_TO_MPZ(sig, dsasig.r);
356 if (ret == ONAK_E_OK)
357 MPI_TO_MPZ(sig, dsasig.s);
359 case OPENPGP_PKALGO_EDDSA:
362 MPI_TO_MPZ(sig, dsasig.r);
363 if (ret == ONAK_E_OK)
364 MPI_TO_MPZ(sig, dsasig.s);
365 mpz_export(edsig, &count, 1, 1, 0, 0, dsasig.r);
367 memmove(&edsig[32 - count], edsig, count);
370 edsig[32 - count] = 0;
373 mpz_export(&edsig[32], &count, 1, 1, 0, 0, dsasig.s);
375 memmove(&edsig[32 - count], edsig, count);
378 edsig[32 - count] = 0;
382 case OPENPGP_PKALGO_RSA:
383 case OPENPGP_PKALGO_RSA_SIGN:
389 /* If we didn't parse the signature properly then do clean-up */
390 if (ret != ONAK_E_OK)
393 /* Squash a signing only RSA key to a standard RSA key for below */
394 if (pubkey.type == OPENPGP_PKALGO_RSA_SIGN) {
395 pubkey.type = OPENPGP_PKALGO_RSA;
398 #define KEYHASH(key, hash) ((key << 8) | hash)
400 switch KEYHASH(pubkey.type, hashtype) {
401 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_MD5):
402 ret = dsa_verify(&pubkey.dsa, pubkey.y,
403 MD5_DIGEST_SIZE, hash, &dsasig) ?
404 ONAK_E_WEAK_SIGNATURE : ONAK_E_BAD_SIGNATURE;
406 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_RIPEMD160):
407 ret = dsa_verify(&pubkey.dsa, pubkey.y,
408 RIPEMD160_DIGEST_SIZE, hash, &dsasig) ?
409 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
411 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA1):
412 ret = dsa_verify(&pubkey.dsa, pubkey.y,
413 SHA1_DIGEST_SIZE, hash, &dsasig) ?
414 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
416 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA1X):
417 ret = dsa_verify(&pubkey.dsa, pubkey.y,
418 SHA1X_DIGEST_SIZE, hash, &dsasig) ?
419 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
421 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA224):
422 ret = dsa_verify(&pubkey.dsa, pubkey.y,
423 SHA224_DIGEST_SIZE, hash, &dsasig) ?
424 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
426 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA256):
427 ret = dsa_verify(&pubkey.dsa, pubkey.y,
428 SHA256_DIGEST_SIZE, hash, &dsasig) ?
429 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
431 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA384):
432 ret = dsa_verify(&pubkey.dsa, pubkey.y,
433 SHA384_DIGEST_SIZE, hash, &dsasig) ?
434 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
436 case KEYHASH(OPENPGP_PKALGO_DSA, OPENPGP_HASH_SHA512):
437 ret = dsa_verify(&pubkey.dsa, pubkey.y,
438 SHA512_DIGEST_SIZE, hash, &dsasig) ?
439 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
441 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA1):
442 ret = ecdsa_verify(&pubkey.ecc,
443 SHA1_DIGEST_SIZE, hash, &dsasig) ?
444 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
446 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA256):
447 ret = ecdsa_verify(&pubkey.ecc,
448 SHA256_DIGEST_SIZE, hash, &dsasig) ?
449 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
451 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA384):
452 ret = ecdsa_verify(&pubkey.ecc,
453 SHA384_DIGEST_SIZE, hash, &dsasig) ?
454 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
456 case KEYHASH(OPENPGP_PKALGO_ECDSA, OPENPGP_HASH_SHA512):
457 ret = ecdsa_verify(&pubkey.ecc,
458 SHA512_DIGEST_SIZE, hash, &dsasig) ?
459 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
461 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_RIPEMD160):
462 ret = ed25519_sha512_verify(pubkey.ed25519,
463 RIPEMD160_DIGEST_SIZE, hash, edsig) ?
464 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
466 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA256):
467 ret = ed25519_sha512_verify(pubkey.ed25519,
468 SHA256_DIGEST_SIZE, hash, edsig) ?
469 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
471 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA384):
472 ret = ed25519_sha512_verify(pubkey.ed25519,
473 SHA384_DIGEST_SIZE, hash, edsig) ?
474 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
476 case KEYHASH(OPENPGP_PKALGO_EDDSA, OPENPGP_HASH_SHA512):
477 ret = ed25519_sha512_verify(pubkey.ed25519,
478 SHA512_DIGEST_SIZE, hash, edsig) ?
479 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
481 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_MD5):
482 ret = rsa_md5_verify_digest(&pubkey.rsa, hash, s) ?
483 ONAK_E_WEAK_SIGNATURE : ONAK_E_BAD_SIGNATURE;
485 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_RIPEMD160):
486 ret = rsa_ripemd160_verify_digest(&pubkey.rsa, hash, s) ?
487 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
489 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA1):
490 ret = rsa_sha1_verify_digest(&pubkey.rsa, hash, s) ?
491 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
493 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA224):
494 ret = rsa_sha224_verify_digest(&pubkey.rsa, hash, s) ?
495 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
497 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA256):
498 ret = rsa_sha256_verify_digest(&pubkey.rsa, hash, s) ?
499 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
501 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA384):
502 ret = rsa_sha384_verify_digest(&pubkey.rsa, hash, s) ?
503 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
505 case KEYHASH(OPENPGP_PKALGO_RSA, OPENPGP_HASH_SHA512):
506 ret = rsa_sha512_verify_digest(&pubkey.rsa, hash, s) ?
507 ONAK_E_OK : ONAK_E_BAD_SIGNATURE;
510 ret = ONAK_E_UNSUPPORTED_FEATURE;
514 switch (sigkeytype) {
515 case OPENPGP_PKALGO_ECDSA:
516 case OPENPGP_PKALGO_EDDSA:
517 case OPENPGP_PKALGO_DSA:
521 case OPENPGP_PKALGO_RSA:
522 case OPENPGP_PKALGO_RSA_SIGN:
528 onak_free_key_material(&pubkey);
533 #endif /* HAVE_CRYPTO */
535 onak_status_t calculate_packet_sighash(struct openpgp_publickey *key,
536 struct openpgp_packet *packet,
537 struct openpgp_packet *sig,
542 size_t siglen, unhashedlen;
543 struct onak_hash_data hashdata;
544 uint8_t keyheader[5];
545 uint8_t packetheader[5];
552 memset(&hashdata, 0, sizeof(hashdata));
554 switch (sig->data[0]) {
558 keyheader[1] = key->publickey->length >> 8;
559 keyheader[2] = key->publickey->length & 0xFF;
560 hashdata.data[0] = keyheader;
562 hashdata.data[1] = key->publickey->data;
563 hashdata.len[1] = key->publickey->length;
566 *hashtype = sig->data[16];
568 if (packet != NULL) {
569 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
570 packetheader[0] = 0x99;
571 packetheader[1] = packet->length >> 8;
572 packetheader[2] = packet->length & 0xFF;
573 hashdata.data[hashdata.chunks] = packetheader;
574 hashdata.len[hashdata.chunks] = 3;
578 // TODO: Things other than UIDS/subkeys?
579 hashdata.data[hashdata.chunks] = packet->data;
580 hashdata.len[hashdata.chunks] = packet->length;
584 hashdata.data[hashdata.chunks] = &sig->data[2];
585 hashdata.len[hashdata.chunks] = 5;
587 *sighash = &sig->data[17];
591 keyheader[1] = key->publickey->length >> 8;
592 keyheader[2] = key->publickey->length & 0xFF;
593 hashdata.data[0] = keyheader;
595 hashdata.data[1] = key->publickey->data;
596 hashdata.len[1] = key->publickey->length;
599 /* Check to see if this is an X509 based signature */
600 if (sig->data[2] == 0 || sig->data[2] == 100) {
604 res = parse_subpackets(&sig->data[4],
605 sig->length - 4, &len,
607 if (res != ONAK_E_OK) {
611 /* No unhashed data */
612 sig->data[4 + len] == 0 &&
613 sig->data[5 + len] == 0 &&
614 /* Dummy 0 checksum */
615 sig->data[6 + len] == 0 &&
616 sig->data[7 + len] == 0 &&
618 sig->data[8 + len] == 0 &&
619 sig->data[9 + len] == 1 &&
620 sig->data[10 + len] == 1) {
621 return ONAK_E_UNSUPPORTED_FEATURE;
625 *hashtype = sig->data[3];
627 if (packet != NULL) {
628 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
629 packetheader[0] = 0x99;
630 packetheader[1] = packet->length >> 8;
631 packetheader[2] = packet->length & 0xFF;
632 hashdata.data[hashdata.chunks] = packetheader;
633 hashdata.len[hashdata.chunks] = 3;
635 } else if (packet->tag == OPENPGP_PACKET_UID ||
636 packet->tag == OPENPGP_PACKET_UAT) {
637 packetheader[0] = (packet->tag ==
638 OPENPGP_PACKET_UID) ? 0xB4 : 0xD1;
639 packetheader[1] = packet->length >> 24;
640 packetheader[2] = (packet->length >> 16) & 0xFF;
641 packetheader[3] = (packet->length >> 8) & 0xFF;
642 packetheader[4] = packet->length & 0xFF;
643 hashdata.data[hashdata.chunks] = packetheader;
644 hashdata.len[hashdata.chunks] = 5;
647 hashdata.data[hashdata.chunks] = packet->data;
648 hashdata.len[hashdata.chunks] = packet->length;
652 hashdata.data[hashdata.chunks] = sig->data;
653 hashdata.len[hashdata.chunks] = siglen = (sig->data[4] << 8) +
655 if (siglen > sig->length) {
656 /* Signature data exceed packet length, bogus */
657 return ONAK_E_INVALID_PKT;
663 trailer[2] = siglen >> 24;
664 trailer[3] = (siglen >> 16) & 0xFF;
665 trailer[4] = (siglen >> 8) & 0xFF;
666 trailer[5] = siglen & 0xFF;
667 hashdata.data[hashdata.chunks] = trailer;
668 hashdata.len[hashdata.chunks] = 6;
671 unhashedlen = (sig->data[siglen] << 8) +
672 sig->data[siglen + 1];
673 *sighash = &sig->data[siglen + unhashedlen + 2];
679 keyheader[3] = key->publickey->length >> 8;
680 keyheader[4] = key->publickey->length & 0xFF;
681 hashdata.data[0] = keyheader;
683 hashdata.data[1] = key->publickey->data;
684 hashdata.len[1] = key->publickey->length;
687 *hashtype = sig->data[3];
689 if (packet != NULL) {
690 if (packet->tag == OPENPGP_PACKET_PUBLICSUBKEY) {
691 packetheader[0] = 0x9A;
694 packetheader[3] = packet->length >> 8;
695 packetheader[4] = packet->length & 0xFF;
696 hashdata.data[hashdata.chunks] = packetheader;
697 hashdata.len[hashdata.chunks] = 5;
699 } else if (packet->tag == OPENPGP_PACKET_UID ||
700 packet->tag == OPENPGP_PACKET_UAT) {
701 packetheader[0] = (packet->tag ==
702 OPENPGP_PACKET_UID) ? 0xB4 : 0xD1;
703 packetheader[1] = packet->length >> 24;
704 packetheader[2] = (packet->length >> 16) & 0xFF;
705 packetheader[3] = (packet->length >> 8) & 0xFF;
706 packetheader[4] = packet->length & 0xFF;
707 hashdata.data[hashdata.chunks] = packetheader;
708 hashdata.len[hashdata.chunks] = 5;
711 hashdata.data[hashdata.chunks] = packet->data;
712 hashdata.len[hashdata.chunks] = packet->length;
716 hashdata.data[hashdata.chunks] = sig->data;
717 hashdata.len[hashdata.chunks] = siglen = (sig->data[4] << 8) +
719 if (siglen > sig->length) {
720 /* Signature data exceed packet length, bogus */
721 return ONAK_E_INVALID_PKT;
731 trailer[6] = siglen >> 24;
732 trailer[7] = (siglen >> 16) & 0xFF;
733 trailer[8] = (siglen >> 8) & 0xFF;
734 trailer[9] = siglen & 0xFF;
735 hashdata.data[hashdata.chunks] = trailer;
736 hashdata.len[hashdata.chunks] = 10;
739 unhashedlen = (sig->data[siglen] << 8) +
740 sig->data[siglen + 1];
741 *sighash = &sig->data[siglen + unhashedlen + 2];
744 return ONAK_E_UNSUPPORTED_FEATURE;
747 hashdata.hashtype = *hashtype;
749 res = onak_hash(&hashdata, hash);