Mercurial > dropbear
comparison libtomcrypt/src/pk/rsa/rsa_import.c @ 1471:6dba84798cd5
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 09 Feb 2018 21:44:05 +0800 |
parents | f849a5ca2efc |
children |
comparison
equal
deleted
inserted
replaced
1470:8bba51a55704 | 1471:6dba84798cd5 |
---|---|
3 * LibTomCrypt is a library that provides various cryptographic | 3 * LibTomCrypt is a library that provides various cryptographic |
4 * algorithms in a highly modular and flexible manner. | 4 * algorithms in a highly modular and flexible manner. |
5 * | 5 * |
6 * The library is free for all purposes without any express | 6 * The library is free for all purposes without any express |
7 * guarantee it works. | 7 * guarantee it works. |
8 * | |
9 * Tom St Denis, [email protected], http://libtom.org | |
10 */ | 8 */ |
11 #include "tomcrypt.h" | 9 #include "tomcrypt.h" |
12 | 10 |
13 /** | 11 /** |
14 @file rsa_import.c | 12 @file rsa_import.c |
15 Import a LTC_PKCS RSA key, Tom St Denis | 13 Import a PKCS RSA key, Tom St Denis |
16 */ | 14 */ |
17 | 15 |
18 #ifdef LTC_MRSA | 16 #ifdef LTC_MRSA |
19 | 17 |
20 /** | 18 /** |
21 Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in LTC_PKCS #1 v2.1] | 19 Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] |
22 @param in The packet to import from | 20 @param in The packet to import from |
23 @param inlen It's length (octets) | 21 @param inlen It's length (octets) |
24 @param key [out] Destination for newly imported key | 22 @param key [out] Destination for newly imported key |
25 @return CRYPT_OK if successful, upon error allocated memory is freed | 23 @return CRYPT_OK if successful, upon error allocated memory is freed |
26 */ | 24 */ |
27 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) | 25 int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) |
28 { | 26 { |
29 int err; | 27 int err; |
30 void *zero; | 28 void *zero; |
31 unsigned char *tmpbuf; | 29 unsigned char *tmpbuf=NULL; |
32 unsigned long t, x, y, z, tmpoid[16]; | 30 unsigned long tmpbuf_len; |
33 ltc_asn1_list ssl_pubkey_hashoid[2]; | |
34 ltc_asn1_list ssl_pubkey[2]; | |
35 | 31 |
36 LTC_ARGCHK(in != NULL); | 32 LTC_ARGCHK(in != NULL); |
37 LTC_ARGCHK(key != NULL); | 33 LTC_ARGCHK(key != NULL); |
38 LTC_ARGCHK(ltc_mp.name != NULL); | 34 LTC_ARGCHK(ltc_mp.name != NULL); |
39 | 35 |
40 /* init key */ | 36 /* init key */ |
41 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, | 37 if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, |
42 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { | 38 &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { |
43 return err; | 39 return err; |
44 } | 40 } |
45 | 41 |
46 /* see if the OpenSSL DER format RSA public key will work */ | 42 /* see if the OpenSSL DER format RSA public key will work */ |
47 tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); | 43 tmpbuf_len = inlen; |
44 tmpbuf = XCALLOC(1, tmpbuf_len); | |
48 if (tmpbuf == NULL) { | 45 if (tmpbuf == NULL) { |
49 err = CRYPT_MEM; | 46 err = CRYPT_MEM; |
50 goto LBL_ERR; | 47 goto LBL_ERR; |
51 } | 48 } |
52 | 49 |
53 /* this includes the internal hash ID and optional params (NULL in this case) */ | 50 err = der_decode_subject_public_key_info(in, inlen, |
54 LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); | 51 PKA_RSA, tmpbuf, &tmpbuf_len, |
55 LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); | 52 LTC_ASN1_NULL, NULL, 0); |
56 | 53 |
57 /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it | 54 if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ |
58 then proceed to convert bit to octet | |
59 */ | |
60 LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2); | |
61 LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); | |
62 | |
63 if (der_decode_sequence(in, inlen, | |
64 ssl_pubkey, 2UL) == CRYPT_OK) { | |
65 | |
66 /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */ | |
67 for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) { | |
68 y = (y << 1) | tmpbuf[x]; | |
69 if (++z == 8) { | |
70 tmpbuf[t++] = (unsigned char)y; | |
71 y = 0; | |
72 z = 0; | |
73 } | |
74 } | |
75 | 55 |
76 /* now it should be SEQUENCE { INTEGER, INTEGER } */ | 56 /* now it should be SEQUENCE { INTEGER, INTEGER } */ |
77 if ((err = der_decode_sequence_multi(tmpbuf, t, | 57 if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, |
78 LTC_ASN1_INTEGER, 1UL, key->N, | 58 LTC_ASN1_INTEGER, 1UL, key->N, |
79 LTC_ASN1_INTEGER, 1UL, key->e, | 59 LTC_ASN1_INTEGER, 1UL, key->e, |
80 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | 60 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { |
81 XFREE(tmpbuf); | |
82 goto LBL_ERR; | 61 goto LBL_ERR; |
83 } | 62 } |
84 XFREE(tmpbuf); | |
85 key->type = PK_PUBLIC; | 63 key->type = PK_PUBLIC; |
86 return CRYPT_OK; | 64 err = CRYPT_OK; |
65 goto LBL_FREE; | |
87 } | 66 } |
88 XFREE(tmpbuf); | |
89 | 67 |
90 /* not SSL public key, try to match against LTC_PKCS #1 standards */ | 68 /* not SSL public key, try to match against PKCS #1 standards */ |
91 if ((err = der_decode_sequence_multi(in, inlen, | 69 err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, |
92 LTC_ASN1_INTEGER, 1UL, key->N, | 70 LTC_ASN1_EOL, 0UL, NULL); |
93 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | 71 |
72 if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { | |
94 goto LBL_ERR; | 73 goto LBL_ERR; |
95 } | 74 } |
96 | 75 |
97 if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { | 76 if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { |
98 if ((err = mp_init(&zero)) != CRYPT_OK) { | 77 if ((err = mp_init(&zero)) != CRYPT_OK) { |
99 goto LBL_ERR; | 78 goto LBL_ERR; |
100 } | 79 } |
101 /* it's a private key */ | 80 /* it's a private key */ |
102 if ((err = der_decode_sequence_multi(in, inlen, | 81 if ((err = der_decode_sequence_multi(in, inlen, |
103 LTC_ASN1_INTEGER, 1UL, zero, | 82 LTC_ASN1_INTEGER, 1UL, zero, |
104 LTC_ASN1_INTEGER, 1UL, key->N, | 83 LTC_ASN1_INTEGER, 1UL, key->N, |
105 LTC_ASN1_INTEGER, 1UL, key->e, | 84 LTC_ASN1_INTEGER, 1UL, key->e, |
106 LTC_ASN1_INTEGER, 1UL, key->d, | 85 LTC_ASN1_INTEGER, 1UL, key->d, |
107 LTC_ASN1_INTEGER, 1UL, key->p, | 86 LTC_ASN1_INTEGER, 1UL, key->p, |
108 LTC_ASN1_INTEGER, 1UL, key->q, | 87 LTC_ASN1_INTEGER, 1UL, key->q, |
109 LTC_ASN1_INTEGER, 1UL, key->dP, | 88 LTC_ASN1_INTEGER, 1UL, key->dP, |
110 LTC_ASN1_INTEGER, 1UL, key->dQ, | 89 LTC_ASN1_INTEGER, 1UL, key->dQ, |
111 LTC_ASN1_INTEGER, 1UL, key->qP, | 90 LTC_ASN1_INTEGER, 1UL, key->qP, |
112 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | 91 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { |
113 mp_clear(zero); | 92 mp_clear(zero); |
114 goto LBL_ERR; | 93 goto LBL_ERR; |
115 } | 94 } |
116 mp_clear(zero); | 95 mp_clear(zero); |
119 /* we don't support multi-prime RSA */ | 98 /* we don't support multi-prime RSA */ |
120 err = CRYPT_PK_INVALID_TYPE; | 99 err = CRYPT_PK_INVALID_TYPE; |
121 goto LBL_ERR; | 100 goto LBL_ERR; |
122 } else { | 101 } else { |
123 /* it's a public key and we lack e */ | 102 /* it's a public key and we lack e */ |
124 if ((err = der_decode_sequence_multi(in, inlen, | 103 if ((err = der_decode_sequence_multi(in, inlen, |
125 LTC_ASN1_INTEGER, 1UL, key->N, | 104 LTC_ASN1_INTEGER, 1UL, key->N, |
126 LTC_ASN1_INTEGER, 1UL, key->e, | 105 LTC_ASN1_INTEGER, 1UL, key->e, |
127 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | 106 LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { |
128 goto LBL_ERR; | 107 goto LBL_ERR; |
129 } | 108 } |
130 key->type = PK_PUBLIC; | 109 key->type = PK_PUBLIC; |
131 } | 110 } |
132 return CRYPT_OK; | 111 err = CRYPT_OK; |
112 goto LBL_FREE; | |
113 | |
133 LBL_ERR: | 114 LBL_ERR: |
134 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); | 115 mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); |
116 | |
117 LBL_FREE: | |
118 if (tmpbuf != NULL) | |
119 XFREE(tmpbuf); | |
120 | |
135 return err; | 121 return err; |
136 } | 122 } |
137 | 123 |
138 #endif /* LTC_MRSA */ | 124 #endif /* LTC_MRSA */ |
139 | 125 |
140 | 126 |
141 /* $Source$ */ | 127 /* ref: $Format:%D$ */ |
142 /* $Revision$ */ | 128 /* git commit: $Format:%H$ */ |
143 /* $Date$ */ | 129 /* commit time: $Format:%ai$ */ |