DSA private keys are being exported to a compatible with OpenSSL and GnuTLS format.

2011-03-21 08:26:27 +01:00 · 2011-03-21 08:26:27 +01:00 · ed6897d90f
commit ed6897d90f
parent 2895c9d7fe
2 changed files with 22 additions and 18 deletions
--- a/src/pk/dsa/dsa_export.c
+++ b/src/pk/dsa/dsa_export.c
@ -28,6 +28,7 @@
 int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key)
 {
   unsigned char flags[1];
+   unsigned long zero=0;

   LTC_ARGCHK(out    != NULL);
   LTC_ARGCHK(outlen != NULL);
@ -44,12 +45,17 @@ int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key

   flags[0] = (type != PK_PUBLIC) ? 1 : 0;

+   /* This encoding is different from the one in original
+    * libtomcrypt. It uses a compatible encoding with gnutls
+    * and openssl
+    */
+
   if (type == PK_PRIVATE) {
      return der_encode_sequence_multi(out, outlen,
-                                 LTC_ASN1_BIT_STRING,   1UL, flags,
-                                 LTC_ASN1_INTEGER,      1UL, key->g,
+                                 LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
                                 LTC_ASN1_INTEGER,      1UL, key->p,
                                 LTC_ASN1_INTEGER,      1UL, key->q,
+                                 LTC_ASN1_INTEGER,      1UL, key->g,
                                 LTC_ASN1_INTEGER,      1UL, key->y,
                                 LTC_ASN1_INTEGER,      1UL, key->x,
                                 LTC_ASN1_EOL,          0UL, NULL);
--- a/src/pk/dsa/dsa_import.c
+++ b/src/pk/dsa/dsa_import.c
@ -28,6 +28,7 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
 {
   unsigned char flags[1];
   int           err;
+   unsigned long zero = 0;

   LTC_ARGCHK(in  != NULL);
   LTC_ARGCHK(key != NULL);
@ -42,22 +43,19 @@ int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key)
   if ((err = der_decode_sequence_multi(in, inlen,
                                  LTC_ASN1_BIT_STRING, 1UL, flags,
                                  LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
-      goto error;
-   }
-
-   if (flags[0] == 1) {
-      if ((err = der_decode_sequence_multi(in, inlen,
-                                 LTC_ASN1_BIT_STRING,   1UL, flags,
-                                 LTC_ASN1_INTEGER,      1UL, key->g,
-                                 LTC_ASN1_INTEGER,      1UL, key->p,
-                                 LTC_ASN1_INTEGER,      1UL, key->q,
-                                 LTC_ASN1_INTEGER,      1UL, key->y,
-                                 LTC_ASN1_INTEGER,      1UL, key->x,
-                                 LTC_ASN1_EOL,          0UL, NULL)) != CRYPT_OK) {
-         goto error;
-      }
-      key->type = PK_PRIVATE;
-   } else {
+       /* private key */
+       if ((err = der_decode_sequence_multi(in, inlen,
+                          LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
+                          LTC_ASN1_INTEGER,      1UL, key->p,
+                          LTC_ASN1_INTEGER,      1UL, key->q,
+                          LTC_ASN1_INTEGER,      1UL, key->g,
+                          LTC_ASN1_INTEGER,      1UL, key->y,
+                          LTC_ASN1_INTEGER,      1UL, key->x,
+                          LTC_ASN1_EOL,          0UL, NULL)) != CRYPT_OK) {
+          goto error;
+       }
+       key->type = PK_PRIVATE;
+   } else { /* public */
      if ((err = der_decode_sequence_multi(in, inlen,
                                 LTC_ASN1_BIT_STRING,   1UL, flags,
                                 LTC_ASN1_INTEGER,      1UL, key->g,