From ec327b3d8686af4b6bb0f1e9a3b7645f4b41ebf7 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 28 Mar 2017 23:41:12 +0200 Subject: [PATCH] move x509 processing to rsa_import_x509() --- src/headers/tomcrypt_pk.h | 1 + src/pk/rsa/rsa_import.c | 50 +-------------- src/pk/rsa/rsa_import_x509.c | 120 +++++++++++++++++++++++++++++++++++ testprof/rsa_test.c | 2 +- 4 files changed, 123 insertions(+), 50 deletions(-) create mode 100644 src/pk/rsa/rsa_import_x509.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index f1be256..be19bad 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -107,6 +107,7 @@ int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key); int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); +int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key); #endif diff --git a/src/pk/rsa/rsa_import.c b/src/pk/rsa/rsa_import.c index 34c4573..efd5afb 100644 --- a/src/pk/rsa/rsa_import.c +++ b/src/pk/rsa/rsa_import.c @@ -29,8 +29,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) int err; void *zero; unsigned char *tmpbuf=NULL; - unsigned long tmpbuf_len, tmp_inlen; - ltc_asn1_list *decoded_list = NULL, *l; + unsigned long tmpbuf_len; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); @@ -54,53 +53,6 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) PKA_RSA, tmpbuf, &tmpbuf_len, LTC_ASN1_NULL, NULL, 0); - tmp_inlen = inlen; - if (err != CRYPT_OK && - der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list) == CRYPT_OK) { - l = decoded_list; - /* Move 2 levels up in the tree - SEQUENCE - SEQUENCE - ... - */ - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - if (l->type == LTC_ASN1_SEQUENCE && l->child) { - l = l->child; - - /* Move forward in the tree until we find this combination - ... - SEQUENCE - SEQUENCE - OBJECT IDENTIFIER 1.2.840.113549.1.1.1 - NULL - BIT STRING - */ - do { - /* The additional check for l->data is there to make sure - * we won't try to decode a list that has been 'shrunk' - */ - if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && - l->child->type == LTC_ASN1_SEQUENCE && l->child->child && - l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && - l->child->next->type == LTC_ASN1_BIT_STRING) { - err = der_decode_subject_public_key_info(l->data, l->size, - PKA_RSA, tmpbuf, &tmpbuf_len, - LTC_ASN1_NULL, NULL, 0); - if (err == CRYPT_OK) { - break; - } - } - l = l->next; - } while(l); - } - } - } - - if (decoded_list) { - der_free_sequence_flexi(decoded_list); - } - if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ /* now it should be SEQUENCE { INTEGER, INTEGER } */ diff --git a/src/pk/rsa/rsa_import_x509.c b/src/pk/rsa/rsa_import_x509.c new file mode 100644 index 0000000..cf4a19f --- /dev/null +++ b/src/pk/rsa/rsa_import_x509.c @@ -0,0 +1,120 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtom.org + */ +#include "tomcrypt.h" + +/** + @file rsa_import.c + Import an RSA key from a X.509 certificate, Steffen Jaeckel +*/ + +#ifdef LTC_MRSA + +/** + Import an RSA key from a X.509 certificate + @param in The packet to import from + @param inlen It's length (octets) + @param key [out] Destination for newly imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) +{ + int err; + unsigned char *tmpbuf=NULL; + unsigned long tmpbuf_len, tmp_inlen; + ltc_asn1_list *decoded_list = NULL, *l; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { + return err; + } + + tmpbuf_len = MAX_RSA_SIZE * 8; + tmpbuf = XCALLOC(1, tmpbuf_len); + if (tmpbuf == NULL) { + err = CRYPT_MEM; + goto LBL_ERR; + } + + tmp_inlen = inlen; + if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { + l = decoded_list; + /* Move 2 levels up in the tree + SEQUENCE + SEQUENCE + ... + */ + if (l->type == LTC_ASN1_SEQUENCE && l->child) { + l = l->child; + if (l->type == LTC_ASN1_SEQUENCE && l->child) { + l = l->child; + + err = CRYPT_ERROR; + + /* Move forward in the tree until we find this combination + ... + SEQUENCE + SEQUENCE + OBJECT IDENTIFIER 1.2.840.113549.1.1.1 + NULL + BIT STRING + */ + do { + /* The additional check for l->data is there to make sure + * we won't try to decode a list that has been 'shrunk' + */ + if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && + l->child->type == LTC_ASN1_SEQUENCE && l->child->child && + l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && + l->child->next->type == LTC_ASN1_BIT_STRING) { + err = der_decode_subject_public_key_info(l->data, l->size, + PKA_RSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_NULL, NULL, 0); + if (err == CRYPT_OK) { + /* now it should be SEQUENCE { INTEGER, INTEGER } */ + if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + key->type = PK_PUBLIC; + err = CRYPT_OK; + goto LBL_FREE; + } + } + l = l->next; + } while(l); + } + } + } + + +LBL_ERR: + rsa_free(key); + +LBL_FREE: + if (decoded_list) der_free_sequence_flexi(decoded_list); + if (tmpbuf != NULL) XFREE(tmpbuf); + + return err; +} + +#endif /* LTC_MRSA */ + + +/* $Source$ */ +/* $Revision$ */ +/* $Date$ */ diff --git a/testprof/rsa_test.c b/testprof/rsa_test.c index 5795ac4..8bc372f 100644 --- a/testprof/rsa_test.c +++ b/testprof/rsa_test.c @@ -543,7 +543,7 @@ for (cnt = 0; cnt < len; ) { len3 = sizeof(tmp); DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3)); - DO(rsa_import(tmp, len3, &key)); + DO(rsa_import_x509(tmp, len3, &key)); /* free the key and return */ rsa_free(&key);