Package list libcryptx-perl / fa1fb14
ltc update Karel Miko 3 years ago
3 changed file(s) with 51 addition(s) and 50 deletion(s). Raw diff Collapse all Expand all
99 #include "tomcrypt_private.h"
1010
1111 #ifdef LTC_MECC
12
13 #define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
1214
1315 enum algorithm_oid {
1416 PBE_MD2_DES, /* 0 */
338340 if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
339341 /* the following "if" detects whether it is encrypted or not */
340342 if (l->type == LTC_ASN1_SEQUENCE &&
341 l->child && l->child->type == LTC_ASN1_SEQUENCE &&
342 l->child->child && l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
343 l->child->child->next && l->child->child->next->type == LTC_ASN1_SEQUENCE &&
344 l->child->next && l->child->next->type == LTC_ASN1_OCTET_STRING) {
343 LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
344 LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
345 LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
346 LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
345347 ltc_asn1_list *lalgoid = l->child->child;
346348 ltc_asn1_list *lalgparam = l->child->child->next;
347349 unsigned char *enc_data = l->child->next->data;
351353 err = CRYPT_MEM;
352354 goto LBL_DONE;
353355 }
354 if (lalgparam->child && lalgparam->child->type == LTC_ASN1_OCTET_STRING &&
355 lalgparam->child->next && lalgparam->child->next->type == LTC_ASN1_INTEGER) {
356 if (LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_OCTET_STRING) &&
357 LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_INTEGER)) {
356358 /* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC:
357359 * 0:d=0 hl=4 l= 329 cons: SEQUENCE
358360 * 4:d=1 hl=2 l= 27 cons: SEQUENCE (== *lalg)
369371 if (err != CRYPT_OK) goto LBL_DONE;
370372 }
371373 else if (PBES2 == _oid_to_id(lalgoid->data, lalgoid->size) &&
372 lalgparam->child && lalgparam->child->type == LTC_ASN1_SEQUENCE &&
373 lalgparam->child->child && lalgparam->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
374 lalgparam->child->child->next && lalgparam->child->child->next->type == LTC_ASN1_SEQUENCE &&
375 lalgparam->child->next && lalgparam->child->next->type == LTC_ASN1_SEQUENCE &&
376 lalgparam->child->next->child && lalgparam->child->next->child->type == LTC_ASN1_OBJECT_IDENTIFIER) {
374 LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_SEQUENCE) &&
375 LTC_ASN1_IS_TYPE(lalgparam->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
376 LTC_ASN1_IS_TYPE(lalgparam->child->child->next, LTC_ASN1_SEQUENCE) &&
377 LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_SEQUENCE) &&
378 LTC_ASN1_IS_TYPE(lalgparam->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
377379 /* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc:
378380 * 0:d=0 hl=4 l= 380 cons: SEQUENCE
379381 * 4:d=1 hl=2 l= 78 cons: SEQUENCE (== *lalg)
397399 int kdfid = _oid_to_id(lkdf->data, lkdf->size);
398400 int encid = _oid_to_id(lenc->data, lenc->size);
399401 if (PBKDF2 == kdfid &&
400 lkdf->next && lkdf->next->type == LTC_ASN1_SEQUENCE &&
401 lkdf->next->child && lkdf->next->child->type == LTC_ASN1_OCTET_STRING &&
402 lkdf->next->child->next && lkdf->next->child->next->type == LTC_ASN1_INTEGER) {
402 LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) &&
403 LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) &&
404 LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) {
403405 unsigned long iter = mp_get_int(lkdf->next->child->next->data);
404406 unsigned long salt_size = lkdf->next->child->size;
405407 unsigned char *salt = lkdf->next->child->data;
408410 unsigned long arg = 0;
409411 ltc_asn1_list *loptseq = lkdf->next->child->next->next;
410412 int hmacid = HMAC_WITH_SHA1; /* this is default */
411 if (loptseq && loptseq->type == LTC_ASN1_SEQUENCE &&
412 loptseq->child && loptseq->child->type == LTC_ASN1_OBJECT_IDENTIFIER) {
413 if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) &&
414 LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
413415 /* this sequence is optional */
414416 hmacid = _oid_to_id(loptseq->child->data, loptseq->child->size);
415417 }
416 if (lenc->next && lenc->next->type == LTC_ASN1_OCTET_STRING) {
418 if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) {
417419 /* DES-CBC + DES_EDE3_CBC */
418420 iv = lenc->next->data;
419421 iv_size = lenc->next->size;
420422 }
421 else if (lenc->next && lenc->next->type == LTC_ASN1_SEQUENCE &&
422 lenc->next->child && lenc->next->child->type == LTC_ASN1_INTEGER &&
423 lenc->next->child->next && lenc->next->child->next->type == LTC_ASN1_OCTET_STRING) {
423 else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE) &&
424 LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) &&
425 LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) {
424426 /* RC2-CBC is a bit special */
425427 iv = lenc->next->child->next->data;
426428 iv_size = lenc->next->child->next->size;
486488
487489 if ((err = _der_decode_pkcs8_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
488490 if (l->type == LTC_ASN1_SEQUENCE &&
489 l->child && l->child->type == LTC_ASN1_INTEGER &&
490 l->child->next && l->child->next->type == LTC_ASN1_SEQUENCE &&
491 l->child->next->child && l->child->next->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
492 l->child->next->next && l->child->next->next->type == LTC_ASN1_OCTET_STRING) {
491 LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_INTEGER) &&
492 LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_SEQUENCE) &&
493 LTC_ASN1_IS_TYPE(l->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
494 LTC_ASN1_IS_TYPE(l->child->next->next, LTC_ASN1_OCTET_STRING)) {
493495 ltc_asn1_list *lseq = l->child->next;
494496 ltc_asn1_list *lpri = l->child->next->next;
495497 ltc_asn1_list *lecoid = l->child->next->child;
500502 goto LBL_DONE;
501503 }
502504
503 if (lseq->child->next && lseq->child->next->type == LTC_ASN1_OBJECT_IDENTIFIER) {
505 if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) {
504506 /* CASE 1: curve by OID (AKA short variant):
505507 * 0:d=0 hl=2 l= 100 cons: SEQUENCE
506508 * 2:d=1 hl=2 l= 1 prim: INTEGER :00
515517 if ((err = ecc_get_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; }
516518 if ((err = ecc_set_dp(curve, key)) != CRYPT_OK) { goto LBL_DONE; }
517519 }
518 else if (lseq->child->next && lseq->child->next->type == LTC_ASN1_SEQUENCE) {
520 else if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_SEQUENCE)) {
519521 /* CASE 2: explicit curve parameters (AKA long variant):
520522 * 0:d=0 hl=3 l= 227 cons: SEQUENCE
521523 * 3:d=1 hl=2 l= 1 prim: INTEGER :00
536538 */
537539 ltc_asn1_list *lcurve = lseq->child->next;
538540
539 if (lcurve->child && lcurve->child->type == LTC_ASN1_INTEGER &&
540 lcurve->child->next && lcurve->child->next->type == LTC_ASN1_SEQUENCE &&
541 lcurve->child->next->next && lcurve->child->next->next->type == LTC_ASN1_SEQUENCE &&
542 lcurve->child->next->next->next && lcurve->child->next->next->next->type == LTC_ASN1_OCTET_STRING &&
543 lcurve->child->next->next->next->next && lcurve->child->next->next->next->next->type == LTC_ASN1_INTEGER &&
544 lcurve->child->next->next->next->next->next && lcurve->child->next->next->next->next->next->type == LTC_ASN1_INTEGER) {
541 if (LTC_ASN1_IS_TYPE(lcurve->child, LTC_ASN1_INTEGER) &&
542 LTC_ASN1_IS_TYPE(lcurve->child->next, LTC_ASN1_SEQUENCE) &&
543 LTC_ASN1_IS_TYPE(lcurve->child->next->next, LTC_ASN1_SEQUENCE) &&
544 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next, LTC_ASN1_OCTET_STRING) &&
545 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next, LTC_ASN1_INTEGER) &&
546 LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next->next, LTC_ASN1_INTEGER)) {
545547
546548 ltc_asn1_list *lfield = lcurve->child->next;
547549 ltc_asn1_list *lpoint = lcurve->child->next->next;
549551 ltc_asn1_list *lorder = lcurve->child->next->next->next->next;
550552 cofactor = mp_get_int(lcurve->child->next->next->next->next->next->data);
551553
552 if (lfield->child && lfield->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
553 lfield->child->next && lfield->child->next->type == LTC_ASN1_INTEGER &&
554 lpoint->child && lpoint->child->type == LTC_ASN1_OCTET_STRING &&
555 lpoint->child->next && lpoint->child->next->type == LTC_ASN1_OCTET_STRING) {
554 if (LTC_ASN1_IS_TYPE(lfield->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
555 LTC_ASN1_IS_TYPE(lfield->child->next, LTC_ASN1_INTEGER) &&
556 LTC_ASN1_IS_TYPE(lpoint->child, LTC_ASN1_OCTET_STRING) &&
557 LTC_ASN1_IS_TYPE(lpoint->child->next, LTC_ASN1_OCTET_STRING)) {
556558
557559 ltc_asn1_list *lprime = lfield->child->next;
558560 if ((err = mp_read_unsigned_bin(a, lpoint->child->data, lpoint->child->size)) != CRYPT_OK) {
579581 len = lpri->size;
580582 if ((err = der_decode_sequence_flexi(lpri->data, &len, &p)) == CRYPT_OK) {
581583 if (p->type == LTC_ASN1_SEQUENCE &&
582 p->child && p->child->type == LTC_ASN1_INTEGER &&
583 p->child->next && p->child->next->type == LTC_ASN1_OCTET_STRING) {
584 LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) &&
585 LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) {
584586 ltc_asn1_list *lk = p->child->next;
585587 if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) {
586588 err = CRYPT_INVALID_PACKET;
2020 prng_state *prng, int wprng, const ecc_key *key, int sigformat)
2121 {
2222 ecc_key pubkey;
23 void *r, *s, *e, *p;
23 void *r, *s, *e, *p, *b;
2424 int err, max_iterations = LTC_PK_MAX_RETRIES;
2525 unsigned long pbits, pbytes, i, shift_right;
2626 unsigned char ch, buf[MAXBLOCKSIZE];
3636 }
3737
3838 /* init the bignums */
39 if ((err = mp_init_multi(&r, &s, &e, NULL)) != CRYPT_OK) {
39 if ((err = mp_init_multi(&r, &s, &e, &b, NULL)) != CRYPT_OK) {
4040 return err;
4141 }
4242
7171 if (mp_iszero(r) == LTC_MP_YES) {
7272 ecc_free(&pubkey);
7373 } else {
74 if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK) { goto error; } /* b = blinding value */
7475 /* find s = (e + xr)/k */
75 if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */
76 if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = kb */
77 if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/kb */
7678 if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */
77 if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
78 if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
79 if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */
79 if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK) { goto error; } /* s = xr/kb */
80 if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK) { goto error; } /* e = e/kb */
81 if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e/kb + xr/kb */
82 if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK) { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */
8083 ecc_free(&pubkey);
8184 if (mp_iszero(s) == LTC_MP_NO) {
8285 break;
110113 error:
111114 ecc_free(&pubkey);
112115 errnokey:
113 mp_clear_multi(r, s, e, NULL);
116 mp_clear_multi(r, s, e, b, NULL);
114117 return err;
115118 }
116119
317317 #undef WUP0
318318 #undef WUP1
319319
320 /*
321 * Initialize with a zero-value iv to ensure state is correct in the
322 * event user fails to call setiv().
323 */
324 return sosemanuk_setiv(ss, NULL, 0);
320 return CRYPT_OK;
325321 }
326322
327323