Mercurial > dropbear

comparison libtomcrypt/src/pk/rsa/rsa_import_pkcs8.c @ 1471:6dba84798cd5

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update to libtomcrypt 1.18.1, merged with Dropbear changes
author Matt Johnston <matt@ucc.asn.au>
date Fri, 09 Feb 2018 21:44:05 +0800
parents
children e9dba7abd939
comparison
equal deleted inserted replaced
1470:8bba51a55704 1471:6dba84798cd5
1 /* LibTomCrypt, modular cryptographic library -- Tom St Denis
2 *
3 * LibTomCrypt is a library that provides various cryptographic
4 * algorithms in a highly modular and flexible manner.
5 *
6 * The library is free for all purposes without any express
7 * guarantee it works.
8 */
9 #include "tomcrypt.h"
10
11 /**
12 @file rsa_import_pkcs8.c
13 Import a PKCS RSA key
14 */
15
16 #ifdef LTC_MRSA
17
18 /* Public-Key Cryptography Standards (PKCS) #8:
19 * Private-Key Information Syntax Specification Version 1.2
20 * https://tools.ietf.org/html/rfc5208
21 *
22 * PrivateKeyInfo ::= SEQUENCE {
23 * version Version,
24 * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
25 * privateKey PrivateKey,
26 * attributes [0] IMPLICIT Attributes OPTIONAL }
27 * where:
28 * - Version ::= INTEGER
29 * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
30 * - PrivateKey ::= OCTET STRING
31 * - Attributes ::= SET OF Attribute
32 *
33 * EncryptedPrivateKeyInfo ::= SEQUENCE {
34 * encryptionAlgorithm EncryptionAlgorithmIdentifier,
35 * encryptedData EncryptedData }
36 * where:
37 * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
38 * - EncryptedData ::= OCTET STRING
39 */
40
41 /**
42 Import an RSAPublicKey or RSAPrivateKey in PKCS#8 format
43 @param in The packet to import from
44 @param inlen It's length (octets)
45 @param passwd The password for decrypting privkey (NOT SUPPORTED YET)
46 @param passwdlen Password's length (octets)
47 @param key [out] Destination for newly imported key
48 @return CRYPT_OK if successful, upon error allocated memory is freed
49 */
50 int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
51 const void *passwd, unsigned long passwdlen,
52 rsa_key *key)
53 {
54 int err;
55 void *zero, *iter;
56 unsigned char *buf1 = NULL, *buf2 = NULL;
57 unsigned long buf1len, buf2len;
58 unsigned long oid[16];
59 oid_st rsaoid;
60 ltc_asn1_list alg_seq[2], top_seq[3];
61 ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2];
62 unsigned char *decrypted = NULL;
63 unsigned long decryptedlen;
64
65 LTC_ARGCHK(in != NULL);
66 LTC_ARGCHK(key != NULL);
67 LTC_ARGCHK(ltc_mp.name != NULL);
68
69 /* get RSA alg oid */
70 err = pk_get_oid(PKA_RSA, &rsaoid);
71 if (err != CRYPT_OK) { goto LBL_NOFREE; }
72
73 /* alloc buffers */
74 buf1len = inlen; /* approx. */
75 buf1 = XMALLOC(buf1len);
76 if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; }
77 buf2len = inlen; /* approx. */
78 buf2 = XMALLOC(buf2len);
79 if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; }
80
81 /* init key */
82 err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, &zero, &iter, NULL);
83 if (err != CRYPT_OK) { goto LBL_FREE2; }
84
85 /* try to decode encrypted priv key */
86 LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len);
87 LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL);
88 LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
89 LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL);
90 LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL);
91 LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len);
92 err=der_decode_sequence(in, inlen, top_seq_e, 2UL);
93 if (err == CRYPT_OK) {
94 LTC_UNUSED_PARAM(passwd);
95 LTC_UNUSED_PARAM(passwdlen);
96 /* XXX: TODO encrypted pkcs8 not implemented yet */
97 /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */
98 err = CRYPT_PK_INVALID_TYPE;
99 goto LBL_ERR;
100 }
101 else {
102 decrypted = (unsigned char *)in;
103 decryptedlen = inlen;
104 }
105
106 /* try to decode unencrypted priv key */
107 LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL);
108 LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL);
109 LTC_SET_ASN1(top_seq, 0, LTC_ASN1_INTEGER, zero, 1UL);
110 LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL);
111 LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len);
112 err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL);
113 if (err != CRYPT_OK) { goto LBL_ERR; }
114
115 /* check alg oid */
116 if ((alg_seq[0].size != rsaoid.OIDlen) ||
117 XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0]))) {
118 err = CRYPT_PK_INVALID_TYPE;
119 goto LBL_ERR;
120 }
121
122 err = der_decode_sequence_multi(buf1, top_seq[2].size,
123 LTC_ASN1_INTEGER, 1UL, zero,
124 LTC_ASN1_INTEGER, 1UL, key->N,
125 LTC_ASN1_INTEGER, 1UL, key->e,
126 LTC_ASN1_INTEGER, 1UL, key->d,
127 LTC_ASN1_INTEGER, 1UL, key->p,
128 LTC_ASN1_INTEGER, 1UL, key->q,
129 LTC_ASN1_INTEGER, 1UL, key->dP,
130 LTC_ASN1_INTEGER, 1UL, key->dQ,
131 LTC_ASN1_INTEGER, 1UL, key->qP,
132 LTC_ASN1_EOL, 0UL, NULL);
133 if (err != CRYPT_OK) { goto LBL_ERR; }
134 key->type = PK_PRIVATE;
135 err = CRYPT_OK;
136 goto LBL_FREE2;
137
138 LBL_ERR:
139 rsa_free(key);
140 LBL_FREE2:
141 mp_clear_multi(iter, zero, NULL);
142 XFREE(buf2);
143 LBL_FREE1:
144 XFREE(buf1);
145 LBL_NOFREE:
146 return err;
147 }
148
149 #endif /* LTC_MRSA */
150
151 /* ref: $Format:%D$ */
152 /* git commit: $Format:%H$ */
153 /* commit time: $Format:%ai$ */