diff options
-rw-r--r-- | src/Makefile | 52 | ||||
-rw-r--r-- | src/Makefile.nmake | 15 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_argchk.h | 13 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_cfg.h | 8 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_custom.h | 2 | ||||
-rw-r--r-- | src/ltc/headers/tomcrypt_private.h | 7 | ||||
-rw-r--r-- | src/ltc/math/ltm_desc.c | 4 | ||||
-rw-r--r-- | src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c | 118 | ||||
-rw-r--r-- | src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c | 20 | ||||
-rw-r--r-- | src/ltc/pk/ecc/ecc_import_x509.c | 31 | ||||
-rw-r--r-- | src/ltc/pk/rsa/rsa_import_x509.c | 86 |
11 files changed, 203 insertions, 153 deletions
diff --git a/src/Makefile b/src/Makefile index 5c9a0d7b..f528bd05 100644 --- a/src/Makefile +++ b/src/Makefile @@ -96,32 +96,32 @@ ltc/pk/asn1/der/utctime/der_decode_utctime.o ltc/pk/asn1/der/utctime/der_encode_ ltc/pk/asn1/der/utctime/der_length_utctime.o ltc/pk/asn1/der/utf8/der_decode_utf8_string.o \ ltc/pk/asn1/der/utf8/der_encode_utf8_string.o ltc/pk/asn1/der/utf8/der_length_utf8_string.o \ ltc/pk/asn1/oid/pk_get_oid.o ltc/pk/asn1/oid/pk_oid_cmp.o ltc/pk/asn1/oid/pk_oid_str.o \ -ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o \ -ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o \ -ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o \ -ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o \ -ltc/pk/dsa/dsa_decrypt_key.o ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o \ -ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o ltc/pk/dsa/dsa_generate_pqg.o \ -ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o ltc/pk/dsa/dsa_set_pqg_dsaparam.o \ -ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o ltc/pk/dsa/dsa_verify_hash.o \ -ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o ltc/pk/ecc/ecc_ansi_x963_import.o \ -ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o ltc/pk/ecc/ecc_export.o \ -ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o ltc/pk/ecc/ecc_free.o \ -ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o ltc/pk/ecc/ecc_import.o \ -ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o ltc/pk/ecc/ecc_import_x509.o \ -ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o ltc/pk/ecc/ecc_set_curve.o \ -ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o ltc/pk/ecc/ecc_shared_secret.o \ -ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o \ -ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o ltc/pk/ecc/ltc_ecc_import_point.o \ -ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o ltc/pk/ecc/ltc_ecc_map.o \ -ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o ltc/pk/ecc/ltc_ecc_mulmod_timing.o \ -ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o ltc/pk/ecc/ltc_ecc_projective_dbl_point.o \ -ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o ltc/pk/pkcs1/pkcs_1_mgf1.o \ -ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o ltc/pk/pkcs1/pkcs_1_os2ip.o \ -ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o ltc/pk/pkcs1/pkcs_1_v1_5_decode.o \ -ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o ltc/pk/rsa/rsa_encrypt_key.o \ -ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o ltc/pk/rsa/rsa_get_size.o \ -ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ +ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ +ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o \ +ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o \ +ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o \ +ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o ltc/pk/dsa/dsa_decrypt_key.o \ +ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o \ +ltc/pk/dsa/dsa_generate_pqg.o ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o \ +ltc/pk/dsa/dsa_set_pqg_dsaparam.o ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o \ +ltc/pk/dsa/dsa_verify_hash.o ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o \ +ltc/pk/ecc/ecc_ansi_x963_import.o ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o \ +ltc/pk/ecc/ecc_export.o ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o \ +ltc/pk/ecc/ecc_free.o ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o \ +ltc/pk/ecc/ecc_import.o ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o \ +ltc/pk/ecc/ecc_import_x509.o ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o \ +ltc/pk/ecc/ecc_set_curve.o ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o \ +ltc/pk/ecc/ecc_shared_secret.o ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o \ +ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o \ +ltc/pk/ecc/ltc_ecc_import_point.o ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o \ +ltc/pk/ecc/ltc_ecc_map.o ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o \ +ltc/pk/ecc/ltc_ecc_mulmod_timing.o ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o \ +ltc/pk/ecc/ltc_ecc_projective_dbl_point.o ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o \ +ltc/pk/pkcs1/pkcs_1_mgf1.o ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o \ +ltc/pk/pkcs1/pkcs_1_os2ip.o ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o \ +ltc/pk/pkcs1/pkcs_1_v1_5_decode.o ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o \ +ltc/pk/rsa/rsa_encrypt_key.o ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o \ +ltc/pk/rsa/rsa_get_size.o ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ ltc/pk/rsa/rsa_make_key.o ltc/pk/rsa/rsa_set.o ltc/pk/rsa/rsa_sign_hash.o ltc/pk/rsa/rsa_sign_saltlen_get.o \ ltc/pk/rsa/rsa_verify_hash.o ltc/prngs/chacha20.o ltc/prngs/fortuna.o ltc/prngs/rc4.o \ ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \ diff --git a/src/Makefile.nmake b/src/Makefile.nmake index 4fae9ab9..20d75856 100644 --- a/src/Makefile.nmake +++ b/src/Makefile.nmake @@ -102,13 +102,14 @@ ltc/pk/asn1/der/utctime/der_decode_utctime.obj ltc/pk/asn1/der/utctime/der_encod ltc/pk/asn1/der/utctime/der_length_utctime.obj ltc/pk/asn1/der/utf8/der_decode_utf8_string.obj \ ltc/pk/asn1/der/utf8/der_encode_utf8_string.obj ltc/pk/asn1/der/utf8/der_length_utf8_string.obj \ ltc/pk/asn1/oid/pk_get_oid.obj ltc/pk/asn1/oid/pk_oid_cmp.obj ltc/pk/asn1/oid/pk_oid_str.obj \ -ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ -ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj \ -ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj \ -ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj \ -ltc/pk/dsa/dsa_decrypt_key.obj ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj \ -ltc/pk/dsa/dsa_free.obj ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj \ -ltc/pk/dsa/dsa_import.obj ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ +ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ +ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj \ +ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj \ +ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj \ +ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj ltc/pk/dsa/dsa_decrypt_key.obj \ +ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj ltc/pk/dsa/dsa_free.obj \ +ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj ltc/pk/dsa/dsa_import.obj \ +ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ ltc/pk/dsa/dsa_shared_secret.obj ltc/pk/dsa/dsa_sign_hash.obj ltc/pk/dsa/dsa_verify_hash.obj \ ltc/pk/dsa/dsa_verify_key.obj ltc/pk/ecc/ecc.obj ltc/pk/ecc/ecc_ansi_x963_export.obj \ ltc/pk/ecc/ecc_ansi_x963_import.obj ltc/pk/ecc/ecc_decrypt_key.obj ltc/pk/ecc/ecc_encrypt_key.obj \ diff --git a/src/ltc/headers/tomcrypt_argchk.h b/src/ltc/headers/tomcrypt_argchk.h index be9ef0f5..3e90f1fe 100644 --- a/src/ltc/headers/tomcrypt_argchk.h +++ b/src/ltc/headers/tomcrypt_argchk.h @@ -9,18 +9,13 @@ /* Defines the LTC_ARGCHK macro used within the library */ /* ARGTYPE is defined in tomcrypt_cfg.h */ + +/* ARGTYPE is per default defined to 0 */ #if ARGTYPE == 0 #include <signal.h> -/* this is the default LibTomCrypt macro */ -#if defined(__clang__) || defined(__GNUC_MINOR__) -#define NORETURN __attribute__ ((noreturn)) -#else -#define NORETURN -#endif - -void crypt_argchk(const char *v, const char *s, int d) NORETURN; +LTC_NORETURN void crypt_argchk(const char *v, const char *s, int d); #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) @@ -37,7 +32,7 @@ void crypt_argchk(const char *v, const char *s, int d) NORETURN; #elif ARGTYPE == 3 -#define LTC_ARGCHK(x) +#define LTC_ARGCHK(x) LTC_UNUSED_PARAM(x) #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) #elif ARGTYPE == 4 diff --git a/src/ltc/headers/tomcrypt_cfg.h b/src/ltc/headers/tomcrypt_cfg.h index 5d64ca7d..116fd1c4 100644 --- a/src/ltc/headers/tomcrypt_cfg.h +++ b/src/ltc/headers/tomcrypt_cfg.h @@ -61,6 +61,14 @@ LTC_EXPORT int LTC_CALL XSTRCMP(const char *s1, const char *s2); #define LTC_INLINE #endif +#if defined(__clang__) || defined(__GNUC_MINOR__) +#define LTC_NORETURN __attribute__ ((noreturn)) +#elif defined(_MSC_VER) +#define LTC_NORETURN __declspec(noreturn) +#else +#define LTC_NORETURN +#endif + /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ #ifndef ARGTYPE #define ARGTYPE 0 diff --git a/src/ltc/headers/tomcrypt_custom.h b/src/ltc/headers/tomcrypt_custom.h index aedf08bc..d4b72a53 100644 --- a/src/ltc/headers/tomcrypt_custom.h +++ b/src/ltc/headers/tomcrypt_custom.h @@ -554,7 +554,7 @@ #endif #endif -#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) +#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_SSH) /* Include the MPI functionality? (required by the PK algorithms) */ #define LTC_MPI diff --git a/src/ltc/headers/tomcrypt_private.h b/src/ltc/headers/tomcrypt_private.h index e536d579..0d4842e4 100644 --- a/src/ltc/headers/tomcrypt_private.h +++ b/src/ltc/headers/tomcrypt_private.h @@ -330,6 +330,13 @@ int der_teletex_value_decode(int v); int der_utf8_valid_char(const wchar_t c); +typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx); + +int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, + enum ltc_oid_id algorithm, ltc_asn1_type param_type, + ltc_asn1_list* parameters, unsigned long *parameters_len, + public_key_decode_cb callback, void *ctx); + /* SUBJECT PUBLIC KEY INFO */ int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, unsigned int algorithm, const void* public_key, unsigned long public_key_len, diff --git a/src/ltc/math/ltm_desc.c b/src/ltc/math/ltm_desc.c index 0ee7958d..56b46ef0 100644 --- a/src/ltc/math/ltm_desc.c +++ b/src/ltc/math/ltm_desc.c @@ -412,9 +412,7 @@ static int isprime(void *a, int b, int *c) int err; LTC_ARGCHK(a != NULL); LTC_ARGCHK(c != NULL); - if (b == 0) { - b = LTC_MILLER_RABIN_REPS; - } /* if */ + b = mp_prime_rabin_miller_trials(mp_count_bits(a)); err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c)); *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO; return err; diff --git a/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c b/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c new file mode 100644 index 00000000..0b43c4c2 --- /dev/null +++ b/src/ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.c @@ -0,0 +1,118 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt_private.h" + +/** + @file x509_decode_public_key_from_certificate.c + ASN.1 DER/X.509, decode a certificate +*/ + +#ifdef LTC_DER + +/* Check if it looks like a SubjectPublicKeyInfo */ +#define LOOKS_LIKE_SPKI(l) ((l) != NULL) \ +&& ((l)->type == LTC_ASN1_SEQUENCE) \ +&& ((l)->child != NULL) \ +&& ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER) \ +&& ((l)->next != NULL) \ +&& ((l)->next->type == LTC_ASN1_BIT_STRING) + +/** + Try to decode the public key from a X.509 certificate + @param in The input buffer + @param inlen The length of the input buffer + @param algorithm One out of the enum #public_key_algorithms + @param param_type The parameters' type out of the enum ltc_asn1_type + @param parameters The parameters to include + @param parameters_len [in/out] The number of parameters to include + @param callback The callback + @param ctx The context passed to the callback + @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found +*/ +int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, + enum ltc_oid_id algorithm, ltc_asn1_type param_type, + ltc_asn1_list* parameters, unsigned long *parameters_len, + public_key_decode_cb callback, void *ctx) +{ + int err; + unsigned char *tmpbuf; + unsigned long tmpbuf_len, tmp_inlen; + ltc_asn1_list *decoded_list = NULL, *l; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(inlen != 0); + + tmpbuf_len = inlen; + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_OUT; + } + + tmp_inlen = inlen; + if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { + l = decoded_list; + + err = CRYPT_NOP; + + /* Move 2 levels up in the tree + SEQUENCE + SEQUENCE + ... + */ + if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { + l = l->child; + if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { + l = l->child; + + /* Move forward in the tree until we find this combination + ... + SEQUENCE + SEQUENCE + OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1> + NULL + BIT STRING + */ + do { + /* The additional check for l->data is there to make sure + * we won't try to decode a list that has been 'shrunk' + */ + if ((l->type == LTC_ASN1_SEQUENCE) + && (l->data != NULL) + && LOOKS_LIKE_SPKI(l->child)) { + if (algorithm == PKA_EC) { + err = ecc_import_subject_public_key_info(l->data, l->size, ctx); + } else { + err = x509_decode_subject_public_key_info(l->data, l->size, + algorithm, tmpbuf, &tmpbuf_len, + param_type, parameters, parameters_len); + if (err == CRYPT_OK) { + err = callback(tmpbuf, tmpbuf_len, ctx); + goto LBL_OUT; + } + } + } + l = l->next; + } while(l); + } + } + } + +LBL_OUT: + if (decoded_list) der_free_sequence_flexi(decoded_list); + if (tmpbuf != NULL) XFREE(tmpbuf); + + return err; +} + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c b/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c index bd84e7c7..2d851b56 100644 --- a/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c +++ b/src/ltc/pk/asn1/x509/x509_decode_subject_public_key_info.c @@ -34,7 +34,7 @@ @param public_key_len [in/out] The length of the public key buffer and the written length @param parameters_type The parameters' type out of the enum ltc_asn1_type @param parameters The parameters to include - @param parameters_len [in/out]The number of parameters to include + @param parameters_len [in/out] The number of parameters to include @return CRYPT_OK on success */ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, @@ -42,18 +42,25 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len) { int err; - unsigned long len, alg_id_num; + unsigned long len, alg_id_num, tmplen; const char* oid; unsigned char *tmpbuf; unsigned long tmpoid[16]; + unsigned long *_parameters_len; ltc_asn1_list alg_id[2]; ltc_asn1_list subject_pubkey[2]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != 0); LTC_ARGCHK(public_key_len != NULL); + if (parameters_type != LTC_ASN1_EOL) { - LTC_ARGCHK(parameters_len != NULL); + if ((parameters == NULL) || (parameters_len == NULL)) { + tmplen = 0; + _parameters_len = &tmplen; + } else { + _parameters_len = parameters_len; + } } err = pk_get_oid(algorithm, &oid); @@ -72,9 +79,8 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); if (parameters_type == LTC_ASN1_EOL) { alg_id_num = 1; - } - else { - LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *parameters_len); + } else { + LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *_parameters_len); alg_id_num = 2; } @@ -89,7 +95,7 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i goto LBL_ERR; } if (parameters_type != LTC_ASN1_EOL) { - *parameters_len = alg_id[1].size; + *_parameters_len = alg_id[1].size; } if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { diff --git a/src/ltc/pk/ecc/ecc_import_x509.c b/src/ltc/pk/ecc/ecc_import_x509.c index 99a27507..61ee8621 100644 --- a/src/ltc/pk/ecc/ecc_import_x509.c +++ b/src/ltc/pk/ecc/ecc_import_x509.c @@ -112,36 +112,7 @@ success: */ int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key) { - int err; - unsigned long len; - ltc_asn1_list *decoded_list = NULL, *l; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(key != NULL); - - len = inlen; - if ((err = der_decode_sequence_flexi(in, &len, &decoded_list)) == CRYPT_OK) { - err = CRYPT_ERROR; - l = decoded_list; - if (l->type == LTC_ASN1_SEQUENCE && - l->child && l->child->type == LTC_ASN1_SEQUENCE) { - l = l->child->child; - while (l) { - if (l->type == LTC_ASN1_SEQUENCE && l->data && - l->child && l->child->type == LTC_ASN1_SEQUENCE && - l->child->child && l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && - l->child->next && l->child->next->type == LTC_ASN1_BIT_STRING) { - err = ecc_import_subject_public_key_info(l->data, l->size, key); - goto LBL_DONE; - } - l = l->next; - } - } - } - -LBL_DONE: - if (decoded_list) der_free_sequence_flexi(decoded_list); - return err; + return x509_decode_public_key_from_certificate(in, inlen, PKA_EC, LTC_ASN1_EOL, NULL, NULL, NULL, key); } #endif /* LTC_MECC */ diff --git a/src/ltc/pk/rsa/rsa_import_x509.c b/src/ltc/pk/rsa/rsa_import_x509.c index c615b772..5220ae38 100644 --- a/src/ltc/pk/rsa/rsa_import_x509.c +++ b/src/ltc/pk/rsa/rsa_import_x509.c @@ -15,6 +15,15 @@ #ifdef LTC_MRSA +static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) +{ + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + return der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_EOL, 0UL, NULL); +} + /** Import an RSA key from a X.509 certificate @param in The packet to import from @@ -25,9 +34,6 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; - unsigned char *tmpbuf; - unsigned long tmpbuf_len, tmp_inlen, len; - ltc_asn1_list *decoded_list = NULL, *l; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); @@ -39,75 +45,15 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) return err; } - tmpbuf_len = inlen; - tmpbuf = XCALLOC(1, tmpbuf_len); - if (tmpbuf == NULL) { - err = CRYPT_MEM; - goto LBL_ERR; - } - - tmp_inlen = inlen; - if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { - l = decoded_list; - /* Move 2 levels up in the tree - SEQUENCE - SEQUENCE - ... - */ - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - - err = CRYPT_ERROR; - - /* Move forward in the tree until we find this combination - ... - SEQUENCE - SEQUENCE - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 - NULL - BIT STRING - */ - do { - /* The additional check for l->data is there to make sure - * we won't try to decode a list that has been 'shrunk' - */ - if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && - l->child->type == LTC_ASN1_SEQUENCE && l->child->child && - l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && - l->child->next->type == LTC_ASN1_BIT_STRING) { - len = 0; - err = x509_decode_subject_public_key_info(l->data, l->size, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, &len); - if (err == CRYPT_OK) { - /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - key->type = PK_PUBLIC; - err = CRYPT_OK; - goto LBL_FREE; - } - } - l = l->next; - } while(l); - } - } + if ((err = x509_decode_public_key_from_certificate(in, inlen, + PKA_RSA, LTC_ASN1_NULL, + NULL, NULL, + (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) { + rsa_free(key); + } else { + key->type = PK_PUBLIC; } - -LBL_ERR: - rsa_free(key); - -LBL_FREE: - if (decoded_list) der_free_sequence_flexi(decoded_list); - if (tmpbuf != NULL) XFREE(tmpbuf); - return err; } |