Mercurial > dropbear

comparison libtomcrypt/src/pk/rsa/rsa_import.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents f849a5ca2efc
children
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
3 * LibTomCrypt is a library that provides various cryptographic 3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner. 4 * algorithms in a highly modular and flexible manner.
5 * 5 *
6 * The library is free for all purposes without any express 6 * The library is free for all purposes without any express
7 * guarantee it works. 7 * guarantee it works.
8 *
9 * Tom St Denis, [email protected], http://libtom.org
10 */ 8 */
11 #include "tomcrypt.h" 9 #include "tomcrypt.h"
12 10
13 /** 11 /**
14 @file rsa_import.c 12 @file rsa_import.c
15 Import a LTC_PKCS RSA key, Tom St Denis 13 Import a PKCS RSA key, Tom St Denis
16 */ 14 */
17 15
18 #ifdef LTC_MRSA 16 #ifdef LTC_MRSA
19 17
20 /** 18 /**
21 Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in LTC_PKCS #1 v2.1] 19 Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1]
22 @param in The packet to import from 20 @param in The packet to import from
23 @param inlen It's length (octets) 21 @param inlen It's length (octets)
24 @param key [out] Destination for newly imported key 22 @param key [out] Destination for newly imported key
25 @return CRYPT_OK if successful, upon error allocated memory is freed 23 @return CRYPT_OK if successful, upon error allocated memory is freed
26 */ 24 */
27 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) 25 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key)
28 { 26 {
29 int err; 27 int err;
30 void *zero; 28 void *zero;
31 unsigned char *tmpbuf; 29 unsigned char *tmpbuf=NULL;
32 unsigned long t, x, y, z, tmpoid[16]; 30 unsigned long tmpbuf_len;
33 ltc_asn1_list ssl_pubkey_hashoid[2];
34 ltc_asn1_list ssl_pubkey[2];
35 31
36 LTC_ARGCHK(in != NULL); 32 LTC_ARGCHK(in != NULL);
37 LTC_ARGCHK(key != NULL); 33 LTC_ARGCHK(key != NULL);
38 LTC_ARGCHK(ltc_mp.name != NULL); 34 LTC_ARGCHK(ltc_mp.name != NULL);
39 35
40 /* init key */ 36 /* init key */
41 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, 37 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ,
42 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { 38 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) {
43 return err; 39 return err;
44 } 40 }
45 41
46 /* see if the OpenSSL DER format RSA public key will work */ 42 /* see if the OpenSSL DER format RSA public key will work */
47 tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); 43 tmpbuf_len = inlen;
44 tmpbuf = XCALLOC(1, tmpbuf_len);
48 if (tmpbuf == NULL) { 45 if (tmpbuf == NULL) {
49 err = CRYPT_MEM; 46 err = CRYPT_MEM;
50 goto LBL_ERR; 47 goto LBL_ERR;
51 } 48 }
52 49
53 /* this includes the internal hash ID and optional params (NULL in this case) */ 50 err = der_decode_subject_public_key_info(in, inlen,
54 LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); 51 PKA_RSA, tmpbuf, &tmpbuf_len,
55 LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); 52 LTC_ASN1_NULL, NULL, 0);
56 53
57 /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it 54 if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */
58 then proceed to convert bit to octet
59 */
60 LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2);
61 LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8);
62
63 if (der_decode_sequence(in, inlen,
64 ssl_pubkey, 2UL) == CRYPT_OK) {
65
66 /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */
67 for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) {
68 y = (y << 1) | tmpbuf[x];
69 if (++z == 8) {
70 tmpbuf[t++] = (unsigned char)y;
71 y = 0;
72 z = 0;
73 }
74 }
75 55
76 /* now it should be SEQUENCE { INTEGER, INTEGER } */ 56 /* now it should be SEQUENCE { INTEGER, INTEGER } */
77 if ((err = der_decode_sequence_multi(tmpbuf, t, 57 if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
78 LTC_ASN1_INTEGER, 1UL, key->N, 58 LTC_ASN1_INTEGER, 1UL, key->N,
79 LTC_ASN1_INTEGER, 1UL, key->e, 59 LTC_ASN1_INTEGER, 1UL, key->e,
80 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { 60 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
81 XFREE(tmpbuf);
82 goto LBL_ERR; 61 goto LBL_ERR;
83 } 62 }
84 XFREE(tmpbuf);
85 key->type = PK_PUBLIC; 63 key->type = PK_PUBLIC;
86 return CRYPT_OK; 64 err = CRYPT_OK;
65 goto LBL_FREE;
87 } 66 }
88 XFREE(tmpbuf);
89 67
90 /* not SSL public key, try to match against LTC_PKCS #1 standards */ 68 /* not SSL public key, try to match against PKCS #1 standards */
91 if ((err = der_decode_sequence_multi(in, inlen, 69 err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N,
92 LTC_ASN1_INTEGER, 1UL, key->N, 70 LTC_ASN1_EOL, 0UL, NULL);
93 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { 71
72 if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) {
94 goto LBL_ERR; 73 goto LBL_ERR;
95 } 74 }
96 75
97 if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { 76 if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
98 if ((err = mp_init(&zero)) != CRYPT_OK) { 77 if ((err = mp_init(&zero)) != CRYPT_OK) {
99 goto LBL_ERR; 78 goto LBL_ERR;
100 } 79 }
101 /* it's a private key */ 80 /* it's a private key */
102 if ((err = der_decode_sequence_multi(in, inlen, 81 if ((err = der_decode_sequence_multi(in, inlen,
103 LTC_ASN1_INTEGER, 1UL, zero, 82 LTC_ASN1_INTEGER, 1UL, zero,
104 LTC_ASN1_INTEGER, 1UL, key->N, 83 LTC_ASN1_INTEGER, 1UL, key->N,
105 LTC_ASN1_INTEGER, 1UL, key->e, 84 LTC_ASN1_INTEGER, 1UL, key->e,
106 LTC_ASN1_INTEGER, 1UL, key->d, 85 LTC_ASN1_INTEGER, 1UL, key->d,
107 LTC_ASN1_INTEGER, 1UL, key->p, 86 LTC_ASN1_INTEGER, 1UL, key->p,
108 LTC_ASN1_INTEGER, 1UL, key->q, 87 LTC_ASN1_INTEGER, 1UL, key->q,
109 LTC_ASN1_INTEGER, 1UL, key->dP, 88 LTC_ASN1_INTEGER, 1UL, key->dP,
110 LTC_ASN1_INTEGER, 1UL, key->dQ, 89 LTC_ASN1_INTEGER, 1UL, key->dQ,
111 LTC_ASN1_INTEGER, 1UL, key->qP, 90 LTC_ASN1_INTEGER, 1UL, key->qP,
112 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { 91 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
113 mp_clear(zero); 92 mp_clear(zero);
114 goto LBL_ERR; 93 goto LBL_ERR;
115 } 94 }
116 mp_clear(zero); 95 mp_clear(zero);
119 /* we don't support multi-prime RSA */ 98 /* we don't support multi-prime RSA */
120 err = CRYPT_PK_INVALID_TYPE; 99 err = CRYPT_PK_INVALID_TYPE;
121 goto LBL_ERR; 100 goto LBL_ERR;
122 } else { 101 } else {
123 /* it's a public key and we lack e */ 102 /* it's a public key and we lack e */
124 if ((err = der_decode_sequence_multi(in, inlen, 103 if ((err = der_decode_sequence_multi(in, inlen,
125 LTC_ASN1_INTEGER, 1UL, key->N, 104 LTC_ASN1_INTEGER, 1UL, key->N,
126 LTC_ASN1_INTEGER, 1UL, key->e, 105 LTC_ASN1_INTEGER, 1UL, key->e,
127 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { 106 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
128 goto LBL_ERR; 107 goto LBL_ERR;
129 } 108 }
130 key->type = PK_PUBLIC; 109 key->type = PK_PUBLIC;
131 } 110 }
132 return CRYPT_OK; 111 err = CRYPT_OK;
112 goto LBL_FREE;
113
133 LBL_ERR: 114 LBL_ERR:
134 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); 115 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL);
116
117 LBL_FREE:
118 if (tmpbuf != NULL)
119 XFREE(tmpbuf);
120
135 return err; 121 return err;
136 } 122 }
137 123
138 #endif /* LTC_MRSA */ 124 #endif /* LTC_MRSA */
139 125
140 126
141 /* $Source$ */ 127 /* ref: $Format:%D$ */
142 /* $Revision$ */ 128 /* git commit: $Format:%H$ */
143 /* $Date$ */ 129 /* commit time: $Format:%ai$ */