move x509 processing to rsa_import_x509()
This commit is contained in:
parent
019a9e9850
commit
ec327b3d86
@ -107,6 +107,7 @@ int rsa_sign_saltlen_get_max_ex(int padding, int hash_idx, rsa_key *key);
|
|||||||
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
|
int rsa_export(unsigned char *out, unsigned long *outlen, int type, rsa_key *key);
|
||||||
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
|
int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
|
||||||
|
|
||||||
|
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
|
||||||
int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key);
|
int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -29,8 +29,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
|||||||
int err;
|
int err;
|
||||||
void *zero;
|
void *zero;
|
||||||
unsigned char *tmpbuf=NULL;
|
unsigned char *tmpbuf=NULL;
|
||||||
unsigned long tmpbuf_len, tmp_inlen;
|
unsigned long tmpbuf_len;
|
||||||
ltc_asn1_list *decoded_list = NULL, *l;
|
|
||||||
|
|
||||||
LTC_ARGCHK(in != NULL);
|
LTC_ARGCHK(in != NULL);
|
||||||
LTC_ARGCHK(key != NULL);
|
LTC_ARGCHK(key != NULL);
|
||||||
@ -54,53 +53,6 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
|||||||
PKA_RSA, tmpbuf, &tmpbuf_len,
|
PKA_RSA, tmpbuf, &tmpbuf_len,
|
||||||
LTC_ASN1_NULL, NULL, 0);
|
LTC_ASN1_NULL, NULL, 0);
|
||||||
|
|
||||||
tmp_inlen = inlen;
|
|
||||||
if (err != CRYPT_OK &&
|
|
||||||
der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list) == CRYPT_OK) {
|
|
||||||
l = decoded_list;
|
|
||||||
/* Move 2 levels up in the tree
|
|
||||||
SEQUENCE
|
|
||||||
SEQUENCE
|
|
||||||
...
|
|
||||||
*/
|
|
||||||
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
|
||||||
l = l->child;
|
|
||||||
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
|
||||||
l = l->child;
|
|
||||||
|
|
||||||
/* Move forward in the tree until we find this combination
|
|
||||||
...
|
|
||||||
SEQUENCE
|
|
||||||
SEQUENCE
|
|
||||||
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
|
|
||||||
NULL
|
|
||||||
BIT STRING
|
|
||||||
*/
|
|
||||||
do {
|
|
||||||
/* The additional check for l->data is there to make sure
|
|
||||||
* we won't try to decode a list that has been 'shrunk'
|
|
||||||
*/
|
|
||||||
if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
|
|
||||||
l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
|
|
||||||
l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
|
|
||||||
l->child->next->type == LTC_ASN1_BIT_STRING) {
|
|
||||||
err = der_decode_subject_public_key_info(l->data, l->size,
|
|
||||||
PKA_RSA, tmpbuf, &tmpbuf_len,
|
|
||||||
LTC_ASN1_NULL, NULL, 0);
|
|
||||||
if (err == CRYPT_OK) {
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
l = l->next;
|
|
||||||
} while(l);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (decoded_list) {
|
|
||||||
der_free_sequence_flexi(decoded_list);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */
|
if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */
|
||||||
|
|
||||||
/* now it should be SEQUENCE { INTEGER, INTEGER } */
|
/* now it should be SEQUENCE { INTEGER, INTEGER } */
|
||||||
|
120
src/pk/rsa/rsa_import_x509.c
Normal file
120
src/pk/rsa/rsa_import_x509.c
Normal file
@ -0,0 +1,120 @@
|
|||||||
|
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
|
||||||
|
*
|
||||||
|
* LibTomCrypt is a library that provides various cryptographic
|
||||||
|
* algorithms in a highly modular and flexible manner.
|
||||||
|
*
|
||||||
|
* The library is free for all purposes without any express
|
||||||
|
* guarantee it works.
|
||||||
|
*
|
||||||
|
* Tom St Denis, tomstdenis@gmail.com, http://libtom.org
|
||||||
|
*/
|
||||||
|
#include "tomcrypt.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
@file rsa_import.c
|
||||||
|
Import an RSA key from a X.509 certificate, Steffen Jaeckel
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef LTC_MRSA
|
||||||
|
|
||||||
|
/**
|
||||||
|
Import an RSA key from a X.509 certificate
|
||||||
|
@param in The packet to import from
|
||||||
|
@param inlen It's length (octets)
|
||||||
|
@param key [out] Destination for newly imported key
|
||||||
|
@return CRYPT_OK if successful, upon error allocated memory is freed
|
||||||
|
*/
|
||||||
|
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
||||||
|
{
|
||||||
|
int err;
|
||||||
|
unsigned char *tmpbuf=NULL;
|
||||||
|
unsigned long tmpbuf_len, tmp_inlen;
|
||||||
|
ltc_asn1_list *decoded_list = NULL, *l;
|
||||||
|
|
||||||
|
LTC_ARGCHK(in != NULL);
|
||||||
|
LTC_ARGCHK(key != NULL);
|
||||||
|
LTC_ARGCHK(ltc_mp.name != NULL);
|
||||||
|
|
||||||
|
/* init key */
|
||||||
|
if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
|
||||||
|
&key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
tmpbuf_len = MAX_RSA_SIZE * 8;
|
||||||
|
tmpbuf = XCALLOC(1, tmpbuf_len);
|
||||||
|
if (tmpbuf == NULL) {
|
||||||
|
err = CRYPT_MEM;
|
||||||
|
goto LBL_ERR;
|
||||||
|
}
|
||||||
|
|
||||||
|
tmp_inlen = inlen;
|
||||||
|
if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
|
||||||
|
l = decoded_list;
|
||||||
|
/* Move 2 levels up in the tree
|
||||||
|
SEQUENCE
|
||||||
|
SEQUENCE
|
||||||
|
...
|
||||||
|
*/
|
||||||
|
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
||||||
|
l = l->child;
|
||||||
|
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
||||||
|
l = l->child;
|
||||||
|
|
||||||
|
err = CRYPT_ERROR;
|
||||||
|
|
||||||
|
/* Move forward in the tree until we find this combination
|
||||||
|
...
|
||||||
|
SEQUENCE
|
||||||
|
SEQUENCE
|
||||||
|
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
|
||||||
|
NULL
|
||||||
|
BIT STRING
|
||||||
|
*/
|
||||||
|
do {
|
||||||
|
/* The additional check for l->data is there to make sure
|
||||||
|
* we won't try to decode a list that has been 'shrunk'
|
||||||
|
*/
|
||||||
|
if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
|
||||||
|
l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
|
||||||
|
l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
|
||||||
|
l->child->next->type == LTC_ASN1_BIT_STRING) {
|
||||||
|
err = der_decode_subject_public_key_info(l->data, l->size,
|
||||||
|
PKA_RSA, tmpbuf, &tmpbuf_len,
|
||||||
|
LTC_ASN1_NULL, NULL, 0);
|
||||||
|
if (err == CRYPT_OK) {
|
||||||
|
/* now it should be SEQUENCE { INTEGER, INTEGER } */
|
||||||
|
if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
|
||||||
|
LTC_ASN1_INTEGER, 1UL, key->N,
|
||||||
|
LTC_ASN1_INTEGER, 1UL, key->e,
|
||||||
|
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
||||||
|
goto LBL_ERR;
|
||||||
|
}
|
||||||
|
key->type = PK_PUBLIC;
|
||||||
|
err = CRYPT_OK;
|
||||||
|
goto LBL_FREE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
l = l->next;
|
||||||
|
} while(l);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
LBL_ERR:
|
||||||
|
rsa_free(key);
|
||||||
|
|
||||||
|
LBL_FREE:
|
||||||
|
if (decoded_list) der_free_sequence_flexi(decoded_list);
|
||||||
|
if (tmpbuf != NULL) XFREE(tmpbuf);
|
||||||
|
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
#endif /* LTC_MRSA */
|
||||||
|
|
||||||
|
|
||||||
|
/* $Source$ */
|
||||||
|
/* $Revision$ */
|
||||||
|
/* $Date$ */
|
@ -543,7 +543,7 @@ for (cnt = 0; cnt < len; ) {
|
|||||||
len3 = sizeof(tmp);
|
len3 = sizeof(tmp);
|
||||||
DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
|
DO(base64_decode(_der_tests_cacert_root_cert, _der_tests_cacert_root_cert_size, tmp, &len3));
|
||||||
|
|
||||||
DO(rsa_import(tmp, len3, &key));
|
DO(rsa_import_x509(tmp, len3, &key));
|
||||||
|
|
||||||
/* free the key and return */
|
/* free the key and return */
|
||||||
rsa_free(&key);
|
rsa_free(&key);
|
||||||
|
Loading…
Reference in New Issue
Block a user