move x509 processing to rsa_import_x509()

This commit is contained in:
Steffen Jaeckel 2017-03-28 23:41:12 +02:00
parent 019a9e9850
commit ec327b3d86
4 changed files with 123 additions and 50 deletions

View File

@ -107,6 +107,7 @@ int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key);
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key); int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key); int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key);
#endif #endif

View File

@ -29,8 +29,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
int err; int err;
void *zero; void *zero;
unsigned char *tmpbuf=NULL; unsigned char *tmpbuf=NULL;
unsigned long tmpbuf_len, tmp_inlen; unsigned long tmpbuf_len;
ltc_asn1_list *decoded_list = NULL, *l;
LTC_ARGCHK(in != NULL); LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL); LTC_ARGCHK(key != NULL);
@ -54,53 +53,6 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
PKA_RSA, tmpbuf, &tmpbuf_len, PKA_RSA, tmpbuf, &tmpbuf_len,
LTC_ASN1_NULL, NULL, 0); LTC_ASN1_NULL, NULL, 0);
tmp_inlen = inlen;
if (err != CRYPT_OK &&
der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list) == CRYPT_OK) {
l = decoded_list;
/* Move 2 levels up in the tree
SEQUENCE
SEQUENCE
...
*/
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
/* Move forward in the tree until we find this combination
...
SEQUENCE
SEQUENCE
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
NULL
BIT STRING
*/
do {
/* The additional check for l->data is there to make sure
* we won't try to decode a list that has been 'shrunk'
*/
if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
l->child->next->type == LTC_ASN1_BIT_STRING) {
err = der_decode_subject_public_key_info(l->data, l->size,
PKA_RSA, tmpbuf, &tmpbuf_len,
LTC_ASN1_NULL, NULL, 0);
if (err == CRYPT_OK) {
break;
}
}
l = l->next;
} while(l);
}
}
}
if (decoded_list) {
der_free_sequence_flexi(decoded_list);
}
if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */
/* now it should be SEQUENCE { INTEGER, INTEGER } */ /* now it should be SEQUENCE { INTEGER, INTEGER } */

View File

@ -0,0 +1,120 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
*/
#include "tomcrypt.h"
/**
@file rsa_import.c
Import an RSA key from a X.509 certificate, Steffen Jaeckel
*/
#ifdef LTC_MRSA
/**
Import an RSA key from a X.509 certificate
@param in The packet to import from
@param inlen It's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful, upon error allocated memory is freed
*/
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
unsigned char *tmpbuf=NULL;
unsigned long tmpbuf_len, tmp_inlen;
ltc_asn1_list *decoded_list = NULL, *l;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
&key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
return err;
}
tmpbuf_len = MAX_RSA_SIZE * 8;
tmpbuf = XCALLOC(1, tmpbuf_len);
if (tmpbuf == NULL) {
err = CRYPT_MEM;
goto LBL_ERR;
}
tmp_inlen = inlen;
if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
l = decoded_list;
/* Move 2 levels up in the tree
SEQUENCE
SEQUENCE
...
*/
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
err = CRYPT_ERROR;
/* Move forward in the tree until we find this combination
...
SEQUENCE
SEQUENCE
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
NULL
BIT STRING
*/
do {
/* The additional check for l->data is there to make sure
* we won't try to decode a list that has been 'shrunk'
*/
if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
l->child->next->type == LTC_ASN1_BIT_STRING) {
err = der_decode_subject_public_key_info(l->data, l->size,
PKA_RSA, tmpbuf, &tmpbuf_len,
LTC_ASN1_NULL, NULL, 0);
if (err == CRYPT_OK) {
/* now it should be SEQUENCE { INTEGER, INTEGER } */
if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
key->type = PK_PUBLIC;
err = CRYPT_OK;
goto LBL_FREE;
}
}
l = l->next;
} while(l);
}
}
}
LBL_ERR:
rsa_free(key);
LBL_FREE:
if (decoded_list) der_free_sequence_flexi(decoded_list);
if (tmpbuf != NULL) XFREE(tmpbuf);
return err;
}
#endif /* LTC_MRSA */
/* $Source$ */
/* $Revision$ */
/* $Date$ */

View File

@ -543,7 +543,7 @@ for (cnt = 0; cnt < len; ) {
len3 = sizeof(tmp); len3 = sizeof(tmp);
DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3)); DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
DO(rsa_import(tmp, len3, &key)); DO(rsa_import_x509(tmp, len3, &key));
/* free the key and return */ /* free the key and return */
rsa_free(&key); rsa_free(&key);