update libtomcrypt - latest develop branch
Karel Miko
4 years ago
| 95 | 95 | ltc/pk/asn1/der/utctime/der_length_utctime.o ltc/pk/asn1/der/utf8/der_decode_utf8_string.o \ |
| 96 | 96 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.o ltc/pk/asn1/der/utf8/der_length_utf8_string.o \ |
| 97 | 97 | ltc/pk/asn1/oid/pk_get_oid.o ltc/pk/asn1/oid/pk_oid_cmp.o ltc/pk/asn1/oid/pk_oid_str.o \ |
| 98 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o \ | |
| 99 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o \ | |
| 100 | ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o \ | |
| 101 | ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o \ | |
| 102 | ltc/pk/dsa/dsa_decrypt_key.o ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o \ | |
| 103 | ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o ltc/pk/dsa/dsa_generate_pqg.o \ | |
| 104 | ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o ltc/pk/dsa/dsa_set_pqg_dsaparam.o \ | |
| 105 | ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o ltc/pk/dsa/dsa_verify_hash.o \ | |
| 106 | ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o ltc/pk/ecc/ecc_ansi_x963_import.o \ | |
| 107 | ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o ltc/pk/ecc/ecc_export.o \ | |
| 108 | ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o ltc/pk/ecc/ecc_free.o \ | |
| 109 | ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o ltc/pk/ecc/ecc_import.o \ | |
| 110 | ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o ltc/pk/ecc/ecc_import_x509.o \ | |
| 111 | ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o ltc/pk/ecc/ecc_set_curve.o \ | |
| 112 | ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o ltc/pk/ecc/ecc_shared_secret.o \ | |
| 113 | ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o \ | |
| 114 | ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o ltc/pk/ecc/ltc_ecc_import_point.o \ | |
| 115 | ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o ltc/pk/ecc/ltc_ecc_map.o \ | |
| 116 | ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o ltc/pk/ecc/ltc_ecc_mulmod_timing.o \ | |
| 117 | ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o ltc/pk/ecc/ltc_ecc_projective_dbl_point.o \ | |
| 118 | ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o ltc/pk/pkcs1/pkcs_1_mgf1.o \ | |
| 119 | ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o ltc/pk/pkcs1/pkcs_1_os2ip.o \ | |
| 120 | ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o ltc/pk/pkcs1/pkcs_1_v1_5_decode.o \ | |
| 121 | ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o ltc/pk/rsa/rsa_encrypt_key.o \ | |
| 122 | ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o ltc/pk/rsa/rsa_get_size.o \ | |
| 123 | ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ | |
| 98 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ | |
| 99 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o \ | |
| 100 | ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o \ | |
| 101 | ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o \ | |
| 102 | ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o ltc/pk/dsa/dsa_decrypt_key.o \ | |
| 103 | ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o \ | |
| 104 | ltc/pk/dsa/dsa_generate_pqg.o ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o \ | |
| 105 | ltc/pk/dsa/dsa_set_pqg_dsaparam.o ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o \ | |
| 106 | ltc/pk/dsa/dsa_verify_hash.o ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o \ | |
| 107 | ltc/pk/ecc/ecc_ansi_x963_import.o ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o \ | |
| 108 | ltc/pk/ecc/ecc_export.o ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o \ | |
| 109 | ltc/pk/ecc/ecc_free.o ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o \ | |
| 110 | ltc/pk/ecc/ecc_import.o ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o \ | |
| 111 | ltc/pk/ecc/ecc_import_x509.o ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o \ | |
| 112 | ltc/pk/ecc/ecc_set_curve.o ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o \ | |
| 113 | ltc/pk/ecc/ecc_shared_secret.o ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o \ | |
| 114 | ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o \ | |
| 115 | ltc/pk/ecc/ltc_ecc_import_point.o ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o \ | |
| 116 | ltc/pk/ecc/ltc_ecc_map.o ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o \ | |
| 117 | ltc/pk/ecc/ltc_ecc_mulmod_timing.o ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o \ | |
| 118 | ltc/pk/ecc/ltc_ecc_projective_dbl_point.o ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o \ | |
| 119 | ltc/pk/pkcs1/pkcs_1_mgf1.o ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o \ | |
| 120 | ltc/pk/pkcs1/pkcs_1_os2ip.o ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o \ | |
| 121 | ltc/pk/pkcs1/pkcs_1_v1_5_decode.o ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o \ | |
| 122 | ltc/pk/rsa/rsa_encrypt_key.o ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o \ | |
| 123 | ltc/pk/rsa/rsa_get_size.o ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ | |
| 124 | 124 | ltc/pk/rsa/rsa_make_key.o ltc/pk/rsa/rsa_set.o ltc/pk/rsa/rsa_sign_hash.o ltc/pk/rsa/rsa_sign_saltlen_get.o \ |
| 125 | 125 | ltc/pk/rsa/rsa_verify_hash.o ltc/prngs/chacha20.o ltc/prngs/fortuna.o ltc/prngs/rc4.o \ |
| 126 | 126 | ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \ |
| 101 | 101 | ltc/pk/asn1/der/utctime/der_length_utctime.obj ltc/pk/asn1/der/utf8/der_decode_utf8_string.obj \ |
| 102 | 102 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.obj ltc/pk/asn1/der/utf8/der_length_utf8_string.obj \ |
| 103 | 103 | ltc/pk/asn1/oid/pk_get_oid.obj ltc/pk/asn1/oid/pk_oid_cmp.obj ltc/pk/asn1/oid/pk_oid_str.obj \ |
| 104 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ | |
| 105 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj \ | |
| 106 | ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj \ | |
| 107 | ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj \ | |
| 108 | ltc/pk/dsa/dsa_decrypt_key.obj ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj \ | |
| 109 | ltc/pk/dsa/dsa_free.obj ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj \ | |
| 110 | ltc/pk/dsa/dsa_import.obj ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
| 104 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ | |
| 105 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj \ | |
| 106 | ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj \ | |
| 107 | ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj \ | |
| 108 | ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj ltc/pk/dsa/dsa_decrypt_key.obj \ | |
| 109 | ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj ltc/pk/dsa/dsa_free.obj \ | |
| 110 | ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj ltc/pk/dsa/dsa_import.obj \ | |
| 111 | ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
| 111 | 112 | ltc/pk/dsa/dsa_shared_secret.obj ltc/pk/dsa/dsa_sign_hash.obj ltc/pk/dsa/dsa_verify_hash.obj \ |
| 112 | 113 | ltc/pk/dsa/dsa_verify_key.obj ltc/pk/ecc/ecc.obj ltc/pk/ecc/ecc_ansi_x963_export.obj \ |
| 113 | 114 | ltc/pk/ecc/ecc_ansi_x963_import.obj ltc/pk/ecc/ecc_decrypt_key.obj ltc/pk/ecc/ecc_encrypt_key.obj \ |
| 8 | 8 | |
| 9 | 9 | /* Defines the LTC_ARGCHK macro used within the library */ |
| 10 | 10 | /* ARGTYPE is defined in tomcrypt_cfg.h */ |
| 11 | ||
| 12 | /* ARGTYPE is per default defined to 0 */ | |
| 11 | 13 | #if ARGTYPE == 0 |
| 12 | 14 | |
| 13 | 15 | #include <signal.h> |
| 14 | 16 | |
| 15 | /* this is the default LibTomCrypt macro */ | |
| 16 | #if defined(__clang__) || defined(__GNUC_MINOR__) | |
| 17 | #define NORETURN __attribute__ ((noreturn)) | |
| 18 | #else | |
| 19 | #define NORETURN | |
| 20 | #endif | |
| 21 | ||
| 22 | void crypt_argchk(const char *v, const char *s, int d) NORETURN; | |
| 17 | LTC_NORETURN void crypt_argchk(const char *v, const char *s, int d); | |
| 23 | 18 | #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) |
| 24 | 19 | #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) |
| 25 | 20 | |
| 36 | 31 | |
| 37 | 32 | #elif ARGTYPE == 3 |
| 38 | 33 | |
| 39 | #define LTC_ARGCHK(x) | |
| 34 | #define LTC_ARGCHK(x) LTC_UNUSED_PARAM(x) | |
| 40 | 35 | #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) |
| 41 | 36 | |
| 42 | 37 | #elif ARGTYPE == 4 |
| 58 | 58 | #define LTC_INLINE inline |
| 59 | 59 | #else |
| 60 | 60 | #define LTC_INLINE |
| 61 | #endif | |
| 62 | ||
| 63 | #if defined(__clang__) || defined(__GNUC_MINOR__) | |
| 64 | #define LTC_NORETURN __attribute__ ((noreturn)) | |
| 65 | #elif defined(_MSC_VER) | |
| 66 | #define LTC_NORETURN __declspec(noreturn) | |
| 67 | #else | |
| 68 | #define LTC_NORETURN | |
| 61 | 69 | #endif |
| 62 | 70 | |
| 63 | 71 | /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ |
| 553 | 553 | #endif |
| 554 | 554 | #endif |
| 555 | 555 | |
| 556 | #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) | |
| 556 | #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_SSH) | |
| 557 | 557 | /* Include the MPI functionality? (required by the PK algorithms) */ |
| 558 | 558 | #define LTC_MPI |
| 559 | 559 |
| 329 | 329 | |
| 330 | 330 | int der_utf8_valid_char(const wchar_t c); |
| 331 | 331 | |
| 332 | typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx); | |
| 333 | ||
| 334 | int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, | |
| 335 | enum ltc_oid_id algorithm, ltc_asn1_type param_type, | |
| 336 | ltc_asn1_list* parameters, unsigned long *parameters_len, | |
| 337 | public_key_decode_cb callback, void *ctx); | |
| 338 | ||
| 332 | 339 | /* SUBJECT PUBLIC KEY INFO */ |
| 333 | 340 | int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, |
| 334 | 341 | unsigned int algorithm, const void* public_key, unsigned long public_key_len, |
| 411 | 411 | int err; |
| 412 | 412 | LTC_ARGCHK(a != NULL); |
| 413 | 413 | LTC_ARGCHK(c != NULL); |
| 414 | if (b == 0) { | |
| 415 | b = LTC_MILLER_RABIN_REPS; | |
| 416 | } /* if */ | |
| 414 | b = mp_prime_rabin_miller_trials(mp_count_bits(a)); | |
| 417 | 415 | err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c)); |
| 418 | 416 | *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO; |
| 419 | 417 | return err; |
| 0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
| 1 | * | |
| 2 | * LibTomCrypt is a library that provides various cryptographic | |
| 3 | * algorithms in a highly modular and flexible manner. | |
| 4 | * | |
| 5 | * The library is free for all purposes without any express | |
| 6 | * guarantee it works. | |
| 7 | */ | |
| 8 | #include "tomcrypt_private.h" | |
| 9 | ||
| 10 | /** | |
| 11 | @file x509_decode_public_key_from_certificate.c | |
| 12 | ASN.1 DER/X.509, decode a certificate | |
| 13 | */ | |
| 14 | ||
| 15 | #ifdef LTC_DER | |
| 16 | ||
| 17 | /* Check if it looks like a SubjectPublicKeyInfo */ | |
| 18 | #define LOOKS_LIKE_SPKI(l) ((l) != NULL) \ | |
| 19 | && ((l)->type == LTC_ASN1_SEQUENCE) \ | |
| 20 | && ((l)->child != NULL) \ | |
| 21 | && ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER) \ | |
| 22 | && ((l)->next != NULL) \ | |
| 23 | && ((l)->next->type == LTC_ASN1_BIT_STRING) | |
| 24 | ||
| 25 | /** | |
| 26 | Try to decode the public key from a X.509 certificate | |
| 27 | @param in The input buffer | |
| 28 | @param inlen The length of the input buffer | |
| 29 | @param algorithm One out of the enum #public_key_algorithms | |
| 30 | @param param_type The parameters' type out of the enum ltc_asn1_type | |
| 31 | @param parameters The parameters to include | |
| 32 | @param parameters_len [in/out] The number of parameters to include | |
| 33 | @param callback The callback | |
| 34 | @param ctx The context passed to the callback | |
| 35 | @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found | |
| 36 | */ | |
| 37 | int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, | |
| 38 | enum ltc_oid_id algorithm, ltc_asn1_type param_type, | |
| 39 | ltc_asn1_list* parameters, unsigned long *parameters_len, | |
| 40 | public_key_decode_cb callback, void *ctx) | |
| 41 | { | |
| 42 | int err; | |
| 43 | unsigned char *tmpbuf; | |
| 44 | unsigned long tmpbuf_len, tmp_inlen; | |
| 45 | ltc_asn1_list *decoded_list = NULL, *l; | |
| 46 | ||
| 47 | LTC_ARGCHK(in != NULL); | |
| 48 | LTC_ARGCHK(inlen != 0); | |
| 49 | ||
| 50 | tmpbuf_len = inlen; | |
| 51 | tmpbuf = XCALLOC(1, tmpbuf_len); | |
| 52 | if (tmpbuf == NULL) { | |
| 53 | err = CRYPT_MEM; | |
| 54 | goto LBL_OUT; | |
| 55 | } | |
| 56 | ||
| 57 | tmp_inlen = inlen; | |
| 58 | if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { | |
| 59 | l = decoded_list; | |
| 60 | ||
| 61 | err = CRYPT_NOP; | |
| 62 | ||
| 63 | /* Move 2 levels up in the tree | |
| 64 | SEQUENCE | |
| 65 | SEQUENCE | |
| 66 | ... | |
| 67 | */ | |
| 68 | if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { | |
| 69 | l = l->child; | |
| 70 | if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { | |
| 71 | l = l->child; | |
| 72 | ||
| 73 | /* Move forward in the tree until we find this combination | |
| 74 | ... | |
| 75 | SEQUENCE | |
| 76 | SEQUENCE | |
| 77 | OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1> | |
| 78 | NULL | |
| 79 | BIT STRING | |
| 80 | */ | |
| 81 | do { | |
| 82 | /* The additional check for l->data is there to make sure | |
| 83 | * we won't try to decode a list that has been 'shrunk' | |
| 84 | */ | |
| 85 | if ((l->type == LTC_ASN1_SEQUENCE) | |
| 86 | && (l->data != NULL) | |
| 87 | && LOOKS_LIKE_SPKI(l->child)) { | |
| 88 | if (algorithm == PKA_EC) { | |
| 89 | err = ecc_import_subject_public_key_info(l->data, l->size, ctx); | |
| 90 | } else { | |
| 91 | err = x509_decode_subject_public_key_info(l->data, l->size, | |
| 92 | algorithm, tmpbuf, &tmpbuf_len, | |
| 93 | param_type, parameters, parameters_len); | |
| 94 | if (err == CRYPT_OK) { | |
| 95 | err = callback(tmpbuf, tmpbuf_len, ctx); | |
| 96 | goto LBL_OUT; | |
| 97 | } | |
| 98 | } | |
| 99 | } | |
| 100 | l = l->next; | |
| 101 | } while(l); | |
| 102 | } | |
| 103 | } | |
| 104 | } | |
| 105 | ||
| 106 | LBL_OUT: | |
| 107 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
| 108 | if (tmpbuf != NULL) XFREE(tmpbuf); | |
| 109 | ||
| 110 | return err; | |
| 111 | } | |
| 112 | ||
| 113 | #endif | |
| 114 | ||
| 115 | /* ref: $Format:%D$ */ | |
| 116 | /* git commit: $Format:%H$ */ | |
| 117 | /* commit time: $Format:%ai$ */ |
| 33 | 33 | @param public_key_len [in/out] The length of the public key buffer and the written length |
| 34 | 34 | @param parameters_type The parameters' type out of the enum ltc_asn1_type |
| 35 | 35 | @param parameters The parameters to include |
| 36 | @param parameters_len [in/out]The number of parameters to include | |
| 36 | @param parameters_len [in/out] The number of parameters to include | |
| 37 | 37 | @return CRYPT_OK on success |
| 38 | 38 | */ |
| 39 | 39 | int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, |
| 41 | 41 | ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len) |
| 42 | 42 | { |
| 43 | 43 | int err; |
| 44 | unsigned long len, alg_id_num; | |
| 44 | unsigned long len, alg_id_num, tmplen; | |
| 45 | 45 | const char* oid; |
| 46 | 46 | unsigned char *tmpbuf; |
| 47 | 47 | unsigned long tmpoid[16]; |
| 48 | unsigned long *_parameters_len; | |
| 48 | 49 | ltc_asn1_list alg_id[2]; |
| 49 | 50 | ltc_asn1_list subject_pubkey[2]; |
| 50 | 51 | |
| 51 | 52 | LTC_ARGCHK(in != NULL); |
| 52 | 53 | LTC_ARGCHK(inlen != 0); |
| 53 | 54 | LTC_ARGCHK(public_key_len != NULL); |
| 55 | ||
| 54 | 56 | if (parameters_type != LTC_ASN1_EOL) { |
| 55 | LTC_ARGCHK(parameters_len != NULL); | |
| 57 | if ((parameters == NULL) || (parameters_len == NULL)) { | |
| 58 | tmplen = 0; | |
| 59 | _parameters_len = &tmplen; | |
| 60 | } else { | |
| 61 | _parameters_len = parameters_len; | |
| 62 | } | |
| 56 | 63 | } |
| 57 | 64 | |
| 58 | 65 | err = pk_get_oid(algorithm, &oid); |
| 71 | 78 | LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); |
| 72 | 79 | if (parameters_type == LTC_ASN1_EOL) { |
| 73 | 80 | alg_id_num = 1; |
| 74 | } | |
| 75 | else { | |
| 76 | LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *parameters_len); | |
| 81 | } else { | |
| 82 | LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *_parameters_len); | |
| 77 | 83 | alg_id_num = 2; |
| 78 | 84 | } |
| 79 | 85 | |
| 88 | 94 | goto LBL_ERR; |
| 89 | 95 | } |
| 90 | 96 | if (parameters_type != LTC_ASN1_EOL) { |
| 91 | *parameters_len = alg_id[1].size; | |
| 97 | *_parameters_len = alg_id[1].size; | |
| 92 | 98 | } |
| 93 | 99 | |
| 94 | 100 | if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { |
| 111 | 111 | */ |
| 112 | 112 | int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key) |
| 113 | 113 | { |
| 114 | int err; | |
| 115 | unsigned long len; | |
| 116 | ltc_asn1_list *decoded_list = NULL, *l; | |
| 117 | ||
| 118 | LTC_ARGCHK(in != NULL); | |
| 119 | LTC_ARGCHK(key != NULL); | |
| 120 | ||
| 121 | len = inlen; | |
| 122 | if ((err = der_decode_sequence_flexi(in, &len, &decoded_list)) == CRYPT_OK) { | |
| 123 | err = CRYPT_ERROR; | |
| 124 | l = decoded_list; | |
| 125 | if (l->type == LTC_ASN1_SEQUENCE && | |
| 126 | l->child && l->child->type == LTC_ASN1_SEQUENCE) { | |
| 127 | l = l->child->child; | |
| 128 | while (l) { | |
| 129 | if (l->type == LTC_ASN1_SEQUENCE && l->data && | |
| 130 | l->child && l->child->type == LTC_ASN1_SEQUENCE && | |
| 131 | l->child->child && l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && | |
| 132 | l->child->next && l->child->next->type == LTC_ASN1_BIT_STRING) { | |
| 133 | err = ecc_import_subject_public_key_info(l->data, l->size, key); | |
| 134 | goto LBL_DONE; | |
| 135 | } | |
| 136 | l = l->next; | |
| 137 | } | |
| 138 | } | |
| 139 | } | |
| 140 | ||
| 141 | LBL_DONE: | |
| 142 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
| 143 | return err; | |
| 114 | return x509_decode_public_key_from_certificate(in, inlen, PKA_EC, LTC_ASN1_EOL, NULL, NULL, NULL, key); | |
| 144 | 115 | } |
| 145 | 116 | |
| 146 | 117 | #endif /* LTC_MECC */ |
| 14 | 14 | |
| 15 | 15 | #ifdef LTC_MRSA |
| 16 | 16 | |
| 17 | static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) | |
| 18 | { | |
| 19 | /* now it should be SEQUENCE { INTEGER, INTEGER } */ | |
| 20 | return der_decode_sequence_multi(in, inlen, | |
| 21 | LTC_ASN1_INTEGER, 1UL, key->N, | |
| 22 | LTC_ASN1_INTEGER, 1UL, key->e, | |
| 23 | LTC_ASN1_EOL, 0UL, NULL); | |
| 24 | } | |
| 25 | ||
| 17 | 26 | /** |
| 18 | 27 | Import an RSA key from a X.509 certificate |
| 19 | 28 | @param in The packet to import from |
| 24 | 33 | int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) |
| 25 | 34 | { |
| 26 | 35 | int err; |
| 27 | unsigned char *tmpbuf; | |
| 28 | unsigned long tmpbuf_len, tmp_inlen, len; | |
| 29 | ltc_asn1_list *decoded_list = NULL, *l; | |
| 30 | 36 | |
| 31 | 37 | LTC_ARGCHK(in != NULL); |
| 32 | 38 | LTC_ARGCHK(key != NULL); |
| 38 | 44 | return err; |
| 39 | 45 | } |
| 40 | 46 | |
| 41 | tmpbuf_len = inlen; | |
| 42 | tmpbuf = XCALLOC(1, tmpbuf_len); | |
| 43 | if (tmpbuf == NULL) { | |
| 44 | err = CRYPT_MEM; | |
| 45 | goto LBL_ERR; | |
| 47 | if ((err = x509_decode_public_key_from_certificate(in, inlen, | |
| 48 | PKA_RSA, LTC_ASN1_NULL, | |
| 49 | NULL, NULL, | |
| 50 | (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) { | |
| 51 | rsa_free(key); | |
| 52 | } else { | |
| 53 | key->type = PK_PUBLIC; | |
| 46 | 54 | } |
| 47 | ||
| 48 | tmp_inlen = inlen; | |
| 49 | if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { | |
| 50 | l = decoded_list; | |
| 51 | /* Move 2 levels up in the tree | |
| 52 | SEQUENCE | |
| 53 | SEQUENCE | |
| 54 | ... | |
| 55 | */ | |
| 56 | if (l->type == LTC_ASN1_SEQUENCE && l->child) { | |
| 57 | l = l->child; | |
| 58 | if (l->type == LTC_ASN1_SEQUENCE && l->child) { | |
| 59 | l = l->child; | |
| 60 | ||
| 61 | err = CRYPT_ERROR; | |
| 62 | ||
| 63 | /* Move forward in the tree until we find this combination | |
| 64 | ... | |
| 65 | SEQUENCE | |
| 66 | SEQUENCE | |
| 67 | OBJECT IDENTIFIER 1.2.840.113549.1.1.1 | |
| 68 | NULL | |
| 69 | BIT STRING | |
| 70 | */ | |
| 71 | do { | |
| 72 | /* The additional check for l->data is there to make sure | |
| 73 | * we won't try to decode a list that has been 'shrunk' | |
| 74 | */ | |
| 75 | if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && | |
| 76 | l->child->type == LTC_ASN1_SEQUENCE && l->child->child && | |
| 77 | l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && | |
| 78 | l->child->next->type == LTC_ASN1_BIT_STRING) { | |
| 79 | len = 0; | |
| 80 | err = x509_decode_subject_public_key_info(l->data, l->size, | |
| 81 | PKA_RSA, tmpbuf, &tmpbuf_len, | |
| 82 | LTC_ASN1_NULL, NULL, &len); | |
| 83 | if (err == CRYPT_OK) { | |
| 84 | /* now it should be SEQUENCE { INTEGER, INTEGER } */ | |
| 85 | if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, | |
| 86 | LTC_ASN1_INTEGER, 1UL, key->N, | |
| 87 | LTC_ASN1_INTEGER, 1UL, key->e, | |
| 88 | LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | |
| 89 | goto LBL_ERR; | |
| 90 | } | |
| 91 | key->type = PK_PUBLIC; | |
| 92 | err = CRYPT_OK; | |
| 93 | goto LBL_FREE; | |
| 94 | } | |
| 95 | } | |
| 96 | l = l->next; | |
| 97 | } while(l); | |
| 98 | } | |
| 99 | } | |
| 100 | } | |
| 101 | ||
| 102 | ||
| 103 | LBL_ERR: | |
| 104 | rsa_free(key); | |
| 105 | ||
| 106 | LBL_FREE: | |
| 107 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
| 108 | if (tmpbuf != NULL) XFREE(tmpbuf); | |
| 109 | 55 | |
| 110 | 56 | return err; |
| 111 | 57 | } |