update libtomcrypt - latest develop branch
Karel Miko
4 years ago
95 | 95 | ltc/pk/asn1/der/utctime/der_length_utctime.o ltc/pk/asn1/der/utf8/der_decode_utf8_string.o \ |
96 | 96 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.o ltc/pk/asn1/der/utf8/der_length_utf8_string.o \ |
97 | 97 | ltc/pk/asn1/oid/pk_get_oid.o ltc/pk/asn1/oid/pk_oid_cmp.o ltc/pk/asn1/oid/pk_oid_str.o \ |
98 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o \ | |
99 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o \ | |
100 | ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o \ | |
101 | ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o \ | |
102 | ltc/pk/dsa/dsa_decrypt_key.o ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o \ | |
103 | ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o ltc/pk/dsa/dsa_generate_pqg.o \ | |
104 | ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o ltc/pk/dsa/dsa_set_pqg_dsaparam.o \ | |
105 | ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o ltc/pk/dsa/dsa_verify_hash.o \ | |
106 | ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o ltc/pk/ecc/ecc_ansi_x963_import.o \ | |
107 | ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o ltc/pk/ecc/ecc_export.o \ | |
108 | ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o ltc/pk/ecc/ecc_free.o \ | |
109 | ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o ltc/pk/ecc/ecc_import.o \ | |
110 | ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o ltc/pk/ecc/ecc_import_x509.o \ | |
111 | ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o ltc/pk/ecc/ecc_set_curve.o \ | |
112 | ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o ltc/pk/ecc/ecc_shared_secret.o \ | |
113 | ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o \ | |
114 | ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o ltc/pk/ecc/ltc_ecc_import_point.o \ | |
115 | ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o ltc/pk/ecc/ltc_ecc_map.o \ | |
116 | ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o ltc/pk/ecc/ltc_ecc_mulmod_timing.o \ | |
117 | ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o ltc/pk/ecc/ltc_ecc_projective_dbl_point.o \ | |
118 | ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o ltc/pk/pkcs1/pkcs_1_mgf1.o \ | |
119 | ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o ltc/pk/pkcs1/pkcs_1_os2ip.o \ | |
120 | ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o ltc/pk/pkcs1/pkcs_1_v1_5_decode.o \ | |
121 | ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o ltc/pk/rsa/rsa_encrypt_key.o \ | |
122 | ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o ltc/pk/rsa/rsa_get_size.o \ | |
123 | ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ | |
98 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.o ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.o \ | |
99 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.o ltc/pk/asn1/x509/x509_encode_subject_public_key_info.o \ | |
100 | ltc/pk/dh/dh.o ltc/pk/dh/dh_check_pubkey.o ltc/pk/dh/dh_export.o ltc/pk/dh/dh_export_key.o \ | |
101 | ltc/pk/dh/dh_free.o ltc/pk/dh/dh_generate_key.o ltc/pk/dh/dh_import.o ltc/pk/dh/dh_set.o \ | |
102 | ltc/pk/dh/dh_set_pg_dhparam.o ltc/pk/dh/dh_shared_secret.o ltc/pk/dsa/dsa_decrypt_key.o \ | |
103 | ltc/pk/dsa/dsa_encrypt_key.o ltc/pk/dsa/dsa_export.o ltc/pk/dsa/dsa_free.o ltc/pk/dsa/dsa_generate_key.o \ | |
104 | ltc/pk/dsa/dsa_generate_pqg.o ltc/pk/dsa/dsa_import.o ltc/pk/dsa/dsa_make_key.o ltc/pk/dsa/dsa_set.o \ | |
105 | ltc/pk/dsa/dsa_set_pqg_dsaparam.o ltc/pk/dsa/dsa_shared_secret.o ltc/pk/dsa/dsa_sign_hash.o \ | |
106 | ltc/pk/dsa/dsa_verify_hash.o ltc/pk/dsa/dsa_verify_key.o ltc/pk/ecc/ecc.o ltc/pk/ecc/ecc_ansi_x963_export.o \ | |
107 | ltc/pk/ecc/ecc_ansi_x963_import.o ltc/pk/ecc/ecc_decrypt_key.o ltc/pk/ecc/ecc_encrypt_key.o \ | |
108 | ltc/pk/ecc/ecc_export.o ltc/pk/ecc/ecc_export_openssl.o ltc/pk/ecc/ecc_find_curve.o \ | |
109 | ltc/pk/ecc/ecc_free.o ltc/pk/ecc/ecc_get_key.o ltc/pk/ecc/ecc_get_oid_str.o ltc/pk/ecc/ecc_get_size.o \ | |
110 | ltc/pk/ecc/ecc_import.o ltc/pk/ecc/ecc_import_openssl.o ltc/pk/ecc/ecc_import_pkcs8.o \ | |
111 | ltc/pk/ecc/ecc_import_x509.o ltc/pk/ecc/ecc_make_key.o ltc/pk/ecc/ecc_recover_key.o \ | |
112 | ltc/pk/ecc/ecc_set_curve.o ltc/pk/ecc/ecc_set_curve_internal.o ltc/pk/ecc/ecc_set_key.o \ | |
113 | ltc/pk/ecc/ecc_shared_secret.o ltc/pk/ecc/ecc_sign_hash.o ltc/pk/ecc/ecc_sizes.o \ | |
114 | ltc/pk/ecc/ecc_ssh_ecdsa_encode_name.o ltc/pk/ecc/ecc_verify_hash.o ltc/pk/ecc/ltc_ecc_export_point.o \ | |
115 | ltc/pk/ecc/ltc_ecc_import_point.o ltc/pk/ecc/ltc_ecc_is_point.o ltc/pk/ecc/ltc_ecc_is_point_at_infinity.o \ | |
116 | ltc/pk/ecc/ltc_ecc_map.o ltc/pk/ecc/ltc_ecc_mul2add.o ltc/pk/ecc/ltc_ecc_mulmod.o \ | |
117 | ltc/pk/ecc/ltc_ecc_mulmod_timing.o ltc/pk/ecc/ltc_ecc_points.o ltc/pk/ecc/ltc_ecc_projective_add_point.o \ | |
118 | ltc/pk/ecc/ltc_ecc_projective_dbl_point.o ltc/pk/ecc/ltc_ecc_verify_key.o ltc/pk/pkcs1/pkcs_1_i2osp.o \ | |
119 | ltc/pk/pkcs1/pkcs_1_mgf1.o ltc/pk/pkcs1/pkcs_1_oaep_decode.o ltc/pk/pkcs1/pkcs_1_oaep_encode.o \ | |
120 | ltc/pk/pkcs1/pkcs_1_os2ip.o ltc/pk/pkcs1/pkcs_1_pss_decode.o ltc/pk/pkcs1/pkcs_1_pss_encode.o \ | |
121 | ltc/pk/pkcs1/pkcs_1_v1_5_decode.o ltc/pk/pkcs1/pkcs_1_v1_5_encode.o ltc/pk/rsa/rsa_decrypt_key.o \ | |
122 | ltc/pk/rsa/rsa_encrypt_key.o ltc/pk/rsa/rsa_export.o ltc/pk/rsa/rsa_exptmod.o ltc/pk/rsa/rsa_free.o \ | |
123 | ltc/pk/rsa/rsa_get_size.o ltc/pk/rsa/rsa_import.o ltc/pk/rsa/rsa_import_pkcs8.o ltc/pk/rsa/rsa_import_x509.o \ | |
124 | 124 | ltc/pk/rsa/rsa_make_key.o ltc/pk/rsa/rsa_set.o ltc/pk/rsa/rsa_sign_hash.o ltc/pk/rsa/rsa_sign_saltlen_get.o \ |
125 | 125 | ltc/pk/rsa/rsa_verify_hash.o ltc/prngs/chacha20.o ltc/prngs/fortuna.o ltc/prngs/rc4.o \ |
126 | 126 | ltc/prngs/rng_get_bytes.o ltc/prngs/rng_make_prng.o ltc/prngs/sober128.o ltc/prngs/sprng.o \ |
101 | 101 | ltc/pk/asn1/der/utctime/der_length_utctime.obj ltc/pk/asn1/der/utf8/der_decode_utf8_string.obj \ |
102 | 102 | ltc/pk/asn1/der/utf8/der_encode_utf8_string.obj ltc/pk/asn1/der/utf8/der_length_utf8_string.obj \ |
103 | 103 | ltc/pk/asn1/oid/pk_get_oid.obj ltc/pk/asn1/oid/pk_oid_cmp.obj ltc/pk/asn1/oid/pk_oid_str.obj \ |
104 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj \ | |
105 | ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj \ | |
106 | ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj \ | |
107 | ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj \ | |
108 | ltc/pk/dsa/dsa_decrypt_key.obj ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj \ | |
109 | ltc/pk/dsa/dsa_free.obj ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj \ | |
110 | ltc/pk/dsa/dsa_import.obj ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
104 | ltc/pk/asn1/pkcs8/pkcs8_decode_flexi.obj ltc/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \ | |
105 | ltc/pk/asn1/x509/x509_decode_subject_public_key_info.obj ltc/pk/asn1/x509/x509_encode_subject_public_key_info.obj \ | |
106 | ltc/pk/dh/dh.obj ltc/pk/dh/dh_check_pubkey.obj ltc/pk/dh/dh_export.obj ltc/pk/dh/dh_export_key.obj \ | |
107 | ltc/pk/dh/dh_free.obj ltc/pk/dh/dh_generate_key.obj ltc/pk/dh/dh_import.obj ltc/pk/dh/dh_set.obj \ | |
108 | ltc/pk/dh/dh_set_pg_dhparam.obj ltc/pk/dh/dh_shared_secret.obj ltc/pk/dsa/dsa_decrypt_key.obj \ | |
109 | ltc/pk/dsa/dsa_encrypt_key.obj ltc/pk/dsa/dsa_export.obj ltc/pk/dsa/dsa_free.obj \ | |
110 | ltc/pk/dsa/dsa_generate_key.obj ltc/pk/dsa/dsa_generate_pqg.obj ltc/pk/dsa/dsa_import.obj \ | |
111 | ltc/pk/dsa/dsa_make_key.obj ltc/pk/dsa/dsa_set.obj ltc/pk/dsa/dsa_set_pqg_dsaparam.obj \ | |
111 | 112 | ltc/pk/dsa/dsa_shared_secret.obj ltc/pk/dsa/dsa_sign_hash.obj ltc/pk/dsa/dsa_verify_hash.obj \ |
112 | 113 | ltc/pk/dsa/dsa_verify_key.obj ltc/pk/ecc/ecc.obj ltc/pk/ecc/ecc_ansi_x963_export.obj \ |
113 | 114 | ltc/pk/ecc/ecc_ansi_x963_import.obj ltc/pk/ecc/ecc_decrypt_key.obj ltc/pk/ecc/ecc_encrypt_key.obj \ |
8 | 8 | |
9 | 9 | /* Defines the LTC_ARGCHK macro used within the library */ |
10 | 10 | /* ARGTYPE is defined in tomcrypt_cfg.h */ |
11 | ||
12 | /* ARGTYPE is per default defined to 0 */ | |
11 | 13 | #if ARGTYPE == 0 |
12 | 14 | |
13 | 15 | #include <signal.h> |
14 | 16 | |
15 | /* this is the default LibTomCrypt macro */ | |
16 | #if defined(__clang__) || defined(__GNUC_MINOR__) | |
17 | #define NORETURN __attribute__ ((noreturn)) | |
18 | #else | |
19 | #define NORETURN | |
20 | #endif | |
21 | ||
22 | void crypt_argchk(const char *v, const char *s, int d) NORETURN; | |
17 | LTC_NORETURN void crypt_argchk(const char *v, const char *s, int d); | |
23 | 18 | #define LTC_ARGCHK(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) |
24 | 19 | #define LTC_ARGCHKVD(x) do { if (!(x)) { crypt_argchk(#x, __FILE__, __LINE__); } }while(0) |
25 | 20 | |
36 | 31 | |
37 | 32 | #elif ARGTYPE == 3 |
38 | 33 | |
39 | #define LTC_ARGCHK(x) | |
34 | #define LTC_ARGCHK(x) LTC_UNUSED_PARAM(x) | |
40 | 35 | #define LTC_ARGCHKVD(x) LTC_ARGCHK(x) |
41 | 36 | |
42 | 37 | #elif ARGTYPE == 4 |
58 | 58 | #define LTC_INLINE inline |
59 | 59 | #else |
60 | 60 | #define LTC_INLINE |
61 | #endif | |
62 | ||
63 | #if defined(__clang__) || defined(__GNUC_MINOR__) | |
64 | #define LTC_NORETURN __attribute__ ((noreturn)) | |
65 | #elif defined(_MSC_VER) | |
66 | #define LTC_NORETURN __declspec(noreturn) | |
67 | #else | |
68 | #define LTC_NORETURN | |
61 | 69 | #endif |
62 | 70 | |
63 | 71 | /* type of argument checking, 0=default, 1=fatal and 2=error+continue, 3=nothing */ |
553 | 553 | #endif |
554 | 554 | #endif |
555 | 555 | |
556 | #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) | |
556 | #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_SSH) | |
557 | 557 | /* Include the MPI functionality? (required by the PK algorithms) */ |
558 | 558 | #define LTC_MPI |
559 | 559 |
329 | 329 | |
330 | 330 | int der_utf8_valid_char(const wchar_t c); |
331 | 331 | |
332 | typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx); | |
333 | ||
334 | int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, | |
335 | enum ltc_oid_id algorithm, ltc_asn1_type param_type, | |
336 | ltc_asn1_list* parameters, unsigned long *parameters_len, | |
337 | public_key_decode_cb callback, void *ctx); | |
338 | ||
332 | 339 | /* SUBJECT PUBLIC KEY INFO */ |
333 | 340 | int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen, |
334 | 341 | unsigned int algorithm, const void* public_key, unsigned long public_key_len, |
411 | 411 | int err; |
412 | 412 | LTC_ARGCHK(a != NULL); |
413 | 413 | LTC_ARGCHK(c != NULL); |
414 | if (b == 0) { | |
415 | b = LTC_MILLER_RABIN_REPS; | |
416 | } /* if */ | |
414 | b = mp_prime_rabin_miller_trials(mp_count_bits(a)); | |
417 | 415 | err = mpi_to_ltc_error(mp_prime_is_prime(a, b, c)); |
418 | 416 | *c = (*c == MP_YES) ? LTC_MP_YES : LTC_MP_NO; |
419 | 417 | return err; |
0 | /* LibTomCrypt, modular cryptographic library -- Tom St Denis | |
1 | * | |
2 | * LibTomCrypt is a library that provides various cryptographic | |
3 | * algorithms in a highly modular and flexible manner. | |
4 | * | |
5 | * The library is free for all purposes without any express | |
6 | * guarantee it works. | |
7 | */ | |
8 | #include "tomcrypt_private.h" | |
9 | ||
10 | /** | |
11 | @file x509_decode_public_key_from_certificate.c | |
12 | ASN.1 DER/X.509, decode a certificate | |
13 | */ | |
14 | ||
15 | #ifdef LTC_DER | |
16 | ||
17 | /* Check if it looks like a SubjectPublicKeyInfo */ | |
18 | #define LOOKS_LIKE_SPKI(l) ((l) != NULL) \ | |
19 | && ((l)->type == LTC_ASN1_SEQUENCE) \ | |
20 | && ((l)->child != NULL) \ | |
21 | && ((l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER) \ | |
22 | && ((l)->next != NULL) \ | |
23 | && ((l)->next->type == LTC_ASN1_BIT_STRING) | |
24 | ||
25 | /** | |
26 | Try to decode the public key from a X.509 certificate | |
27 | @param in The input buffer | |
28 | @param inlen The length of the input buffer | |
29 | @param algorithm One out of the enum #public_key_algorithms | |
30 | @param param_type The parameters' type out of the enum ltc_asn1_type | |
31 | @param parameters The parameters to include | |
32 | @param parameters_len [in/out] The number of parameters to include | |
33 | @param callback The callback | |
34 | @param ctx The context passed to the callback | |
35 | @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found | |
36 | */ | |
37 | int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen, | |
38 | enum ltc_oid_id algorithm, ltc_asn1_type param_type, | |
39 | ltc_asn1_list* parameters, unsigned long *parameters_len, | |
40 | public_key_decode_cb callback, void *ctx) | |
41 | { | |
42 | int err; | |
43 | unsigned char *tmpbuf; | |
44 | unsigned long tmpbuf_len, tmp_inlen; | |
45 | ltc_asn1_list *decoded_list = NULL, *l; | |
46 | ||
47 | LTC_ARGCHK(in != NULL); | |
48 | LTC_ARGCHK(inlen != 0); | |
49 | ||
50 | tmpbuf_len = inlen; | |
51 | tmpbuf = XCALLOC(1, tmpbuf_len); | |
52 | if (tmpbuf == NULL) { | |
53 | err = CRYPT_MEM; | |
54 | goto LBL_OUT; | |
55 | } | |
56 | ||
57 | tmp_inlen = inlen; | |
58 | if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { | |
59 | l = decoded_list; | |
60 | ||
61 | err = CRYPT_NOP; | |
62 | ||
63 | /* Move 2 levels up in the tree | |
64 | SEQUENCE | |
65 | SEQUENCE | |
66 | ... | |
67 | */ | |
68 | if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { | |
69 | l = l->child; | |
70 | if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) { | |
71 | l = l->child; | |
72 | ||
73 | /* Move forward in the tree until we find this combination | |
74 | ... | |
75 | SEQUENCE | |
76 | SEQUENCE | |
77 | OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1> | |
78 | NULL | |
79 | BIT STRING | |
80 | */ | |
81 | do { | |
82 | /* The additional check for l->data is there to make sure | |
83 | * we won't try to decode a list that has been 'shrunk' | |
84 | */ | |
85 | if ((l->type == LTC_ASN1_SEQUENCE) | |
86 | && (l->data != NULL) | |
87 | && LOOKS_LIKE_SPKI(l->child)) { | |
88 | if (algorithm == PKA_EC) { | |
89 | err = ecc_import_subject_public_key_info(l->data, l->size, ctx); | |
90 | } else { | |
91 | err = x509_decode_subject_public_key_info(l->data, l->size, | |
92 | algorithm, tmpbuf, &tmpbuf_len, | |
93 | param_type, parameters, parameters_len); | |
94 | if (err == CRYPT_OK) { | |
95 | err = callback(tmpbuf, tmpbuf_len, ctx); | |
96 | goto LBL_OUT; | |
97 | } | |
98 | } | |
99 | } | |
100 | l = l->next; | |
101 | } while(l); | |
102 | } | |
103 | } | |
104 | } | |
105 | ||
106 | LBL_OUT: | |
107 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
108 | if (tmpbuf != NULL) XFREE(tmpbuf); | |
109 | ||
110 | return err; | |
111 | } | |
112 | ||
113 | #endif | |
114 | ||
115 | /* ref: $Format:%D$ */ | |
116 | /* git commit: $Format:%H$ */ | |
117 | /* commit time: $Format:%ai$ */ |
33 | 33 | @param public_key_len [in/out] The length of the public key buffer and the written length |
34 | 34 | @param parameters_type The parameters' type out of the enum ltc_asn1_type |
35 | 35 | @param parameters The parameters to include |
36 | @param parameters_len [in/out]The number of parameters to include | |
36 | @param parameters_len [in/out] The number of parameters to include | |
37 | 37 | @return CRYPT_OK on success |
38 | 38 | */ |
39 | 39 | int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, |
41 | 41 | ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len) |
42 | 42 | { |
43 | 43 | int err; |
44 | unsigned long len, alg_id_num; | |
44 | unsigned long len, alg_id_num, tmplen; | |
45 | 45 | const char* oid; |
46 | 46 | unsigned char *tmpbuf; |
47 | 47 | unsigned long tmpoid[16]; |
48 | unsigned long *_parameters_len; | |
48 | 49 | ltc_asn1_list alg_id[2]; |
49 | 50 | ltc_asn1_list subject_pubkey[2]; |
50 | 51 | |
51 | 52 | LTC_ARGCHK(in != NULL); |
52 | 53 | LTC_ARGCHK(inlen != 0); |
53 | 54 | LTC_ARGCHK(public_key_len != NULL); |
55 | ||
54 | 56 | if (parameters_type != LTC_ASN1_EOL) { |
55 | LTC_ARGCHK(parameters_len != NULL); | |
57 | if ((parameters == NULL) || (parameters_len == NULL)) { | |
58 | tmplen = 0; | |
59 | _parameters_len = &tmplen; | |
60 | } else { | |
61 | _parameters_len = parameters_len; | |
62 | } | |
56 | 63 | } |
57 | 64 | |
58 | 65 | err = pk_get_oid(algorithm, &oid); |
71 | 78 | LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); |
72 | 79 | if (parameters_type == LTC_ASN1_EOL) { |
73 | 80 | alg_id_num = 1; |
74 | } | |
75 | else { | |
76 | LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *parameters_len); | |
81 | } else { | |
82 | LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *_parameters_len); | |
77 | 83 | alg_id_num = 2; |
78 | 84 | } |
79 | 85 | |
88 | 94 | goto LBL_ERR; |
89 | 95 | } |
90 | 96 | if (parameters_type != LTC_ASN1_EOL) { |
91 | *parameters_len = alg_id[1].size; | |
97 | *_parameters_len = alg_id[1].size; | |
92 | 98 | } |
93 | 99 | |
94 | 100 | if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) { |
111 | 111 | */ |
112 | 112 | int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key) |
113 | 113 | { |
114 | int err; | |
115 | unsigned long len; | |
116 | ltc_asn1_list *decoded_list = NULL, *l; | |
117 | ||
118 | LTC_ARGCHK(in != NULL); | |
119 | LTC_ARGCHK(key != NULL); | |
120 | ||
121 | len = inlen; | |
122 | if ((err = der_decode_sequence_flexi(in, &len, &decoded_list)) == CRYPT_OK) { | |
123 | err = CRYPT_ERROR; | |
124 | l = decoded_list; | |
125 | if (l->type == LTC_ASN1_SEQUENCE && | |
126 | l->child && l->child->type == LTC_ASN1_SEQUENCE) { | |
127 | l = l->child->child; | |
128 | while (l) { | |
129 | if (l->type == LTC_ASN1_SEQUENCE && l->data && | |
130 | l->child && l->child->type == LTC_ASN1_SEQUENCE && | |
131 | l->child->child && l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && | |
132 | l->child->next && l->child->next->type == LTC_ASN1_BIT_STRING) { | |
133 | err = ecc_import_subject_public_key_info(l->data, l->size, key); | |
134 | goto LBL_DONE; | |
135 | } | |
136 | l = l->next; | |
137 | } | |
138 | } | |
139 | } | |
140 | ||
141 | LBL_DONE: | |
142 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
143 | return err; | |
114 | return x509_decode_public_key_from_certificate(in, inlen, PKA_EC, LTC_ASN1_EOL, NULL, NULL, NULL, key); | |
144 | 115 | } |
145 | 116 | |
146 | 117 | #endif /* LTC_MECC */ |
14 | 14 | |
15 | 15 | #ifdef LTC_MRSA |
16 | 16 | |
17 | static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key) | |
18 | { | |
19 | /* now it should be SEQUENCE { INTEGER, INTEGER } */ | |
20 | return der_decode_sequence_multi(in, inlen, | |
21 | LTC_ASN1_INTEGER, 1UL, key->N, | |
22 | LTC_ASN1_INTEGER, 1UL, key->e, | |
23 | LTC_ASN1_EOL, 0UL, NULL); | |
24 | } | |
25 | ||
17 | 26 | /** |
18 | 27 | Import an RSA key from a X.509 certificate |
19 | 28 | @param in The packet to import from |
24 | 33 | int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key) |
25 | 34 | { |
26 | 35 | int err; |
27 | unsigned char *tmpbuf; | |
28 | unsigned long tmpbuf_len, tmp_inlen, len; | |
29 | ltc_asn1_list *decoded_list = NULL, *l; | |
30 | 36 | |
31 | 37 | LTC_ARGCHK(in != NULL); |
32 | 38 | LTC_ARGCHK(key != NULL); |
38 | 44 | return err; |
39 | 45 | } |
40 | 46 | |
41 | tmpbuf_len = inlen; | |
42 | tmpbuf = XCALLOC(1, tmpbuf_len); | |
43 | if (tmpbuf == NULL) { | |
44 | err = CRYPT_MEM; | |
45 | goto LBL_ERR; | |
47 | if ((err = x509_decode_public_key_from_certificate(in, inlen, | |
48 | PKA_RSA, LTC_ASN1_NULL, | |
49 | NULL, NULL, | |
50 | (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) { | |
51 | rsa_free(key); | |
52 | } else { | |
53 | key->type = PK_PUBLIC; | |
46 | 54 | } |
47 | ||
48 | tmp_inlen = inlen; | |
49 | if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) { | |
50 | l = decoded_list; | |
51 | /* Move 2 levels up in the tree | |
52 | SEQUENCE | |
53 | SEQUENCE | |
54 | ... | |
55 | */ | |
56 | if (l->type == LTC_ASN1_SEQUENCE && l->child) { | |
57 | l = l->child; | |
58 | if (l->type == LTC_ASN1_SEQUENCE && l->child) { | |
59 | l = l->child; | |
60 | ||
61 | err = CRYPT_ERROR; | |
62 | ||
63 | /* Move forward in the tree until we find this combination | |
64 | ... | |
65 | SEQUENCE | |
66 | SEQUENCE | |
67 | OBJECT IDENTIFIER 1.2.840.113549.1.1.1 | |
68 | NULL | |
69 | BIT STRING | |
70 | */ | |
71 | do { | |
72 | /* The additional check for l->data is there to make sure | |
73 | * we won't try to decode a list that has been 'shrunk' | |
74 | */ | |
75 | if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child && | |
76 | l->child->type == LTC_ASN1_SEQUENCE && l->child->child && | |
77 | l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next && | |
78 | l->child->next->type == LTC_ASN1_BIT_STRING) { | |
79 | len = 0; | |
80 | err = x509_decode_subject_public_key_info(l->data, l->size, | |
81 | PKA_RSA, tmpbuf, &tmpbuf_len, | |
82 | LTC_ASN1_NULL, NULL, &len); | |
83 | if (err == CRYPT_OK) { | |
84 | /* now it should be SEQUENCE { INTEGER, INTEGER } */ | |
85 | if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, | |
86 | LTC_ASN1_INTEGER, 1UL, key->N, | |
87 | LTC_ASN1_INTEGER, 1UL, key->e, | |
88 | LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { | |
89 | goto LBL_ERR; | |
90 | } | |
91 | key->type = PK_PUBLIC; | |
92 | err = CRYPT_OK; | |
93 | goto LBL_FREE; | |
94 | } | |
95 | } | |
96 | l = l->next; | |
97 | } while(l); | |
98 | } | |
99 | } | |
100 | } | |
101 | ||
102 | ||
103 | LBL_ERR: | |
104 | rsa_free(key); | |
105 | ||
106 | LBL_FREE: | |
107 | if (decoded_list) der_free_sequence_flexi(decoded_list); | |
108 | if (tmpbuf != NULL) XFREE(tmpbuf); | |
109 | 55 | |
110 | 56 | return err; |
111 | 57 | } |