update libtomcrypt - latest develop branch

author: Karel Miko <karel.miko@gmail.com> 2019-06-06 11:29:19 +0200
committer: Karel Miko <karel.miko@gmail.com> 2019-06-06 11:29:19 +0200
commit: 52e847e447808c4dc91c22c939f3a5fa7ea981a8 (patch)
tree: b0790cf05cddac6793e91ac45b8d2edd0659c133 /src/ltc/pk/asn1
parent: 62cb8d51a1888a80773a591fc09c625dc3bbcaf1 (diff)
2 files changed, 131 insertions, 7 deletions
diff --git a/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c b/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c
new file mode 100644
index 00000000..0b43c4c2
--- /dev/null
+++ b/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c
@@ -0,0 +1,118 @@
+/* LibTomCrypt, modular cryptographic library -- Tom St Denis
+ *
+ * LibTomCrypt is a library that provides various cryptographic
+ * algorithms in a highly modular and flexible manner.
+ *
+ * The library is free for all purposes without any express
+ * guarantee it works.
+ */
+#include "tomcrypt_private.h"
+
+/**
+  @file x509_decode_public_key_from_certificate.c
+  ASN.1 DER/X.509, decode a certificate
+*/
+
+#ifdef LTC_DER
+
+/* Check if it looks like a SubjectPublicKeyInfo */
+#define LOOKS_LIKE_SPKI(l) ((l) != NULL)              \
+&& ((l)->type == LTC_ASN1_SEQUENCE)                   \
+&& ((l)->child != NULL)                               \
+&& ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER)   \
+&& ((l)->next != NULL)                                \
+&& ((l)->next->type == LTC_ASN1_BIT_STRING)
+
+/**
+  Try to decode the public key from a X.509 certificate
+   @param in               The input buffer
+   @param inlen            The length of the input buffer
+   @param algorithm        One out of the enum #public_key_algorithms
+   @param param_type       The parameters' type out of the enum ltc_asn1_type
+   @param parameters       The parameters to include
+   @param parameters_len   [in/out] The number of parameters to include
+   @param callback         The callback
+   @param ctx              The context passed to the callback
+   @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found
+*/
+int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
+                                            enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                            ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                            public_key_decode_cb callback, void *ctx)
+{
+   int err;
+   unsigned char *tmpbuf;
+   unsigned long tmpbuf_len, tmp_inlen;
+   ltc_asn1_list *decoded_list = NULL, *l;
+
+   LTC_ARGCHK(in    != NULL);
+   LTC_ARGCHK(inlen != 0);
+
+   tmpbuf_len = inlen;
+   tmpbuf = XCALLOC(1, tmpbuf_len);
+   if (tmpbuf == NULL) {
+       err = CRYPT_MEM;
+       goto LBL_OUT;
+   }
+
+   tmp_inlen = inlen;
+   if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
+      l = decoded_list;
+
+      err = CRYPT_NOP;
+
+      /* Move 2 levels up in the tree
+         SEQUENCE
+             SEQUENCE
+                 ...
+       */
+      if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
+         l = l->child;
+         if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
+            l = l->child;
+
+            /* Move forward in the tree until we find this combination
+                 ...
+                 SEQUENCE
+                     SEQUENCE
+                         OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1>
+                         NULL
+                     BIT STRING
+             */
+            do {
+               /* The additional check for l->data is there to make sure
+                * we won't try to decode a list that has been 'shrunk'
+                */
+               if ((l->type == LTC_ASN1_SEQUENCE)
+                     && (l->data != NULL)
+                     && LOOKS_LIKE_SPKI(l->child)) {
+                  if (algorithm == PKA_EC) {
+                     err = ecc_import_subject_public_key_info(l->data, l->size, ctx);
+                  } else {
+                     err = x509_decode_subject_public_key_info(l->data, l->size,
+                                                               algorithm, tmpbuf, &tmpbuf_len,
+                                                               param_type, parameters, parameters_len);
+                     if (err == CRYPT_OK) {
+                        err = callback(tmpbuf, tmpbuf_len, ctx);
+                        goto LBL_OUT;
+                     }
+                  }
+               }
+               l = l->next;
+            } while(l);
+         }
+      }
+   }
+
+LBL_OUT:
+   if (decoded_list) der_free_sequence_flexi(decoded_list);
+   if (tmpbuf != NULL) XFREE(tmpbuf);
+
+   return err;
+}
+
+#endif
+
+/* ref:         $Format:%D$ */
+/* git commit:  $Format:%H$ */
+/* commit time: $Format:%ai$ */
diff --git a/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c b/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c
index bd84e7c7..2d851b56 100644
--- a/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c
+++ b/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c
@@ -34,7 +34,7 @@
    @param public_key_len        [in/out] The length of the public key buffer and the written length
    @param parameters_type       The parameters' type out of the enum ltc_asn1_type
    @param parameters            The parameters to include
-   @param parameters_len        [in/out]The number of parameters to include
+   @param parameters_len        [in/out] The number of parameters to include
    @return CRYPT_OK on success
 */
 int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen,
@@ -42,18 +42,25 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
         ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len)
 {
    int err;
-   unsigned long len, alg_id_num;
+   unsigned long len, alg_id_num, tmplen;
    const char* oid;
    unsigned char *tmpbuf;
    unsigned long  tmpoid[16];
+   unsigned long *_parameters_len;
    ltc_asn1_list alg_id[2];
    ltc_asn1_list subject_pubkey[2];
 
    LTC_ARGCHK(in    != NULL);
    LTC_ARGCHK(inlen != 0);
    LTC_ARGCHK(public_key_len != NULL);
+
    if (parameters_type != LTC_ASN1_EOL) {
-      LTC_ARGCHK(parameters_len != NULL);
+      if ((parameters == NULL) || (parameters_len == NULL)) {
+         tmplen = 0;
+         _parameters_len = &tmplen;
+      } else {
+         _parameters_len = parameters_len;
+      }
    }
 
    err = pk_get_oid(algorithm, &oid);
@@ -72,9 +79,8 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
    LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
    if (parameters_type == LTC_ASN1_EOL) {
       alg_id_num = 1;
-   }
-   else {
-      LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *parameters_len);
+   } else {
+      LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *_parameters_len);
       alg_id_num = 2;
    }
 
@@ -89,7 +95,7 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
            goto LBL_ERR;
    }
    if (parameters_type != LTC_ASN1_EOL) {
-      *parameters_len = alg_id[1].size;
+      *_parameters_len = alg_id[1].size;
    }
 
    if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) {
author	Karel Miko <karel.miko@gmail.com>	2019-06-06 11:29:19 +0200
committer	Karel Miko <karel.miko@gmail.com>	2019-06-06 11:29:19 +0200
commit	52e847e447808c4dc91c22c939f3a5fa7ea981a8 (patch)
tree	b0790cf05cddac6793e91ac45b8d2edd0659c133 /src/ltc/pk/asn1
parent	62cb8d51a1888a80773a591fc09c625dc3bbcaf1 (diff)