Commit fa1fb141299ac5466009569962fa300f2d064ae2 - libcryptx-perl

ltc update Karel Miko 5 years ago

3 changed file(s) with 51 addition(s) and 50 deletion(s). Raw diff Collapse all Expand all

+40

-38

src/ltc/pk/ecc/ecc_import_pkcs8.c less more

9	9	#include "tomcrypt_private.h"
10	10
11	11	#ifdef LTC_MECC
	12
	13	#define LTC_ASN1_IS_TYPE(e, t) (((e) != NULL) && ((e)->type == (t)))
12	14
13	15	enum algorithm_oid {
14	16	PBE_MD2_DES, /* 0 */

338	340	if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
339	341	/* the following "if" detects whether it is encrypted or not */
340	342	if (l->type == LTC_ASN1_SEQUENCE &&
341		l->child && l->child->type == LTC_ASN1_SEQUENCE &&
342		l->child->child && l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
343		l->child->child->next && l->child->child->next->type == LTC_ASN1_SEQUENCE &&
344		l->child->next && l->child->next->type == LTC_ASN1_OCTET_STRING) {
	343	LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_SEQUENCE) &&
	344	LTC_ASN1_IS_TYPE(l->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
	345	LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
	346	LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
345	347	ltc_asn1_list *lalgoid = l->child->child;
346	348	ltc_asn1_list *lalgparam = l->child->child->next;
347	349	unsigned char *enc_data = l->child->next->data;

351	353	err = CRYPT_MEM;
352	354	goto LBL_DONE;
353	355	}
354		if (lalgparam->child && lalgparam->child->type == LTC_ASN1_OCTET_STRING &&
355		lalgparam->child->next && lalgparam->child->next->type == LTC_ASN1_INTEGER) {
	356	if (LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_OCTET_STRING) &&
	357	LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_INTEGER)) {
356	358	/* PBES1: encrypted pkcs8 - pbeWithMD5AndDES-CBC:
357	359	* 0:d=0 hl=4 l= 329 cons: SEQUENCE
358	360	* 4:d=1 hl=2 l= 27 cons: SEQUENCE (== *lalg)

369	371	if (err != CRYPT_OK) goto LBL_DONE;
370	372	}
371	373	else if (PBES2 == _oid_to_id(lalgoid->data, lalgoid->size) &&
372		lalgparam->child && lalgparam->child->type == LTC_ASN1_SEQUENCE &&
373		lalgparam->child->child && lalgparam->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
374		lalgparam->child->child->next && lalgparam->child->child->next->type == LTC_ASN1_SEQUENCE &&
375		lalgparam->child->next && lalgparam->child->next->type == LTC_ASN1_SEQUENCE &&
376		lalgparam->child->next->child && lalgparam->child->next->child->type == LTC_ASN1_OBJECT_IDENTIFIER) {
	374	LTC_ASN1_IS_TYPE(lalgparam->child, LTC_ASN1_SEQUENCE) &&
	375	LTC_ASN1_IS_TYPE(lalgparam->child->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
	376	LTC_ASN1_IS_TYPE(lalgparam->child->child->next, LTC_ASN1_SEQUENCE) &&
	377	LTC_ASN1_IS_TYPE(lalgparam->child->next, LTC_ASN1_SEQUENCE) &&
	378	LTC_ASN1_IS_TYPE(lalgparam->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
377	379	/* PBES2: encrypted pkcs8 - PBES2+PBKDF2+des-ede3-cbc:
378	380	* 0:d=0 hl=4 l= 380 cons: SEQUENCE
379	381	* 4:d=1 hl=2 l= 78 cons: SEQUENCE (== *lalg)

397	399	int kdfid = _oid_to_id(lkdf->data, lkdf->size);
398	400	int encid = _oid_to_id(lenc->data, lenc->size);
399	401	if (PBKDF2 == kdfid &&
400		lkdf->next && lkdf->next->type == LTC_ASN1_SEQUENCE &&
401		lkdf->next->child && lkdf->next->child->type == LTC_ASN1_OCTET_STRING &&
402		lkdf->next->child->next && lkdf->next->child->next->type == LTC_ASN1_INTEGER) {
	402	LTC_ASN1_IS_TYPE(lkdf->next, LTC_ASN1_SEQUENCE) &&
	403	LTC_ASN1_IS_TYPE(lkdf->next->child, LTC_ASN1_OCTET_STRING) &&
	404	LTC_ASN1_IS_TYPE(lkdf->next->child->next, LTC_ASN1_INTEGER)) {
403	405	unsigned long iter = mp_get_int(lkdf->next->child->next->data);
404	406	unsigned long salt_size = lkdf->next->child->size;
405	407	unsigned char *salt = lkdf->next->child->data;

408	410	unsigned long arg = 0;
409	411	ltc_asn1_list *loptseq = lkdf->next->child->next->next;
410	412	int hmacid = HMAC_WITH_SHA1; /* this is default */
411		if (loptseq && loptseq->type == LTC_ASN1_SEQUENCE &&
412		loptseq->child && loptseq->child->type == LTC_ASN1_OBJECT_IDENTIFIER) {
	413	if (LTC_ASN1_IS_TYPE(loptseq, LTC_ASN1_SEQUENCE) &&
	414	LTC_ASN1_IS_TYPE(loptseq->child, LTC_ASN1_OBJECT_IDENTIFIER)) {
413	415	/* this sequence is optional */
414	416	hmacid = _oid_to_id(loptseq->child->data, loptseq->child->size);
415	417	}
416		if (lenc->next && lenc->next->type == LTC_ASN1_OCTET_STRING) {
	418	if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_OCTET_STRING)) {
417	419	/* DES-CBC + DES_EDE3_CBC */
418	420	iv = lenc->next->data;
419	421	iv_size = lenc->next->size;
420	422	}
421		else if (lenc->next && lenc->next->type == LTC_ASN1_SEQUENCE &&
422		lenc->next->child && lenc->next->child->type == LTC_ASN1_INTEGER &&
423		lenc->next->child->next && lenc->next->child->next->type == LTC_ASN1_OCTET_STRING) {
	423	else if (LTC_ASN1_IS_TYPE(lenc->next, LTC_ASN1_SEQUENCE) &&
	424	LTC_ASN1_IS_TYPE(lenc->next->child, LTC_ASN1_INTEGER) &&
	425	LTC_ASN1_IS_TYPE(lenc->next->child->next, LTC_ASN1_OCTET_STRING)) {
424	426	/* RC2-CBC is a bit special */
425	427	iv = lenc->next->child->next->data;
426	428	iv_size = lenc->next->child->next->size;

486	488
487	489	if ((err = _der_decode_pkcs8_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
488	490	if (l->type == LTC_ASN1_SEQUENCE &&
489		l->child && l->child->type == LTC_ASN1_INTEGER &&
490		l->child->next && l->child->next->type == LTC_ASN1_SEQUENCE &&
491		l->child->next->child && l->child->next->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
492		l->child->next->next && l->child->next->next->type == LTC_ASN1_OCTET_STRING) {
	491	LTC_ASN1_IS_TYPE(l->child, LTC_ASN1_INTEGER) &&
	492	LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_SEQUENCE) &&
	493	LTC_ASN1_IS_TYPE(l->child->next->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
	494	LTC_ASN1_IS_TYPE(l->child->next->next, LTC_ASN1_OCTET_STRING)) {
493	495	ltc_asn1_list *lseq = l->child->next;
494	496	ltc_asn1_list *lpri = l->child->next->next;
495	497	ltc_asn1_list *lecoid = l->child->next->child;

500	502	goto LBL_DONE;
501	503	}
502	504
503		if (lseq->child->next && lseq->child->next->type == LTC_ASN1_OBJECT_IDENTIFIER) {
	505	if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_OBJECT_IDENTIFIER)) {
504	506	/* CASE 1: curve by OID (AKA short variant):
505	507	* 0:d=0 hl=2 l= 100 cons: SEQUENCE
506	508	* 2:d=1 hl=2 l= 1 prim: INTEGER :00

515	517	if ((err = ecc_get_curve(OID, &curve)) != CRYPT_OK) { goto LBL_DONE; }
516	518	if ((err = ecc_set_dp(curve, key)) != CRYPT_OK) { goto LBL_DONE; }
517	519	}
518		else if (lseq->child->next && lseq->child->next->type == LTC_ASN1_SEQUENCE) {
	520	else if (LTC_ASN1_IS_TYPE(lseq->child->next, LTC_ASN1_SEQUENCE)) {
519	521	/* CASE 2: explicit curve parameters (AKA long variant):
520	522	* 0:d=0 hl=3 l= 227 cons: SEQUENCE
521	523	* 3:d=1 hl=2 l= 1 prim: INTEGER :00

536	538	*/
537	539	ltc_asn1_list *lcurve = lseq->child->next;
538	540
539		if (lcurve->child && lcurve->child->type == LTC_ASN1_INTEGER &&
540		lcurve->child->next && lcurve->child->next->type == LTC_ASN1_SEQUENCE &&
541		lcurve->child->next->next && lcurve->child->next->next->type == LTC_ASN1_SEQUENCE &&
542		lcurve->child->next->next->next && lcurve->child->next->next->next->type == LTC_ASN1_OCTET_STRING &&
543		lcurve->child->next->next->next->next && lcurve->child->next->next->next->next->type == LTC_ASN1_INTEGER &&
544		lcurve->child->next->next->next->next->next && lcurve->child->next->next->next->next->next->type == LTC_ASN1_INTEGER) {
	541	if (LTC_ASN1_IS_TYPE(lcurve->child, LTC_ASN1_INTEGER) &&
	542	LTC_ASN1_IS_TYPE(lcurve->child->next, LTC_ASN1_SEQUENCE) &&
	543	LTC_ASN1_IS_TYPE(lcurve->child->next->next, LTC_ASN1_SEQUENCE) &&
	544	LTC_ASN1_IS_TYPE(lcurve->child->next->next->next, LTC_ASN1_OCTET_STRING) &&
	545	LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next, LTC_ASN1_INTEGER) &&
	546	LTC_ASN1_IS_TYPE(lcurve->child->next->next->next->next->next, LTC_ASN1_INTEGER)) {
545	547
546	548	ltc_asn1_list *lfield = lcurve->child->next;
547	549	ltc_asn1_list *lpoint = lcurve->child->next->next;

549	551	ltc_asn1_list *lorder = lcurve->child->next->next->next->next;
550	552	cofactor = mp_get_int(lcurve->child->next->next->next->next->next->data);
551	553
552		if (lfield->child && lfield->child->type == LTC_ASN1_OBJECT_IDENTIFIER &&
553		lfield->child->next && lfield->child->next->type == LTC_ASN1_INTEGER &&
554		lpoint->child && lpoint->child->type == LTC_ASN1_OCTET_STRING &&
555		lpoint->child->next && lpoint->child->next->type == LTC_ASN1_OCTET_STRING) {
	554	if (LTC_ASN1_IS_TYPE(lfield->child, LTC_ASN1_OBJECT_IDENTIFIER) &&
	555	LTC_ASN1_IS_TYPE(lfield->child->next, LTC_ASN1_INTEGER) &&
	556	LTC_ASN1_IS_TYPE(lpoint->child, LTC_ASN1_OCTET_STRING) &&
	557	LTC_ASN1_IS_TYPE(lpoint->child->next, LTC_ASN1_OCTET_STRING)) {
556	558
557	559	ltc_asn1_list *lprime = lfield->child->next;
558	560	if ((err = mp_read_unsigned_bin(a, lpoint->child->data, lpoint->child->size)) != CRYPT_OK) {

579	581	len = lpri->size;
580	582	if ((err = der_decode_sequence_flexi(lpri->data, &len, &p)) == CRYPT_OK) {
581	583	if (p->type == LTC_ASN1_SEQUENCE &&
582		p->child && p->child->type == LTC_ASN1_INTEGER &&
583		p->child->next && p->child->next->type == LTC_ASN1_OCTET_STRING) {
	584	LTC_ASN1_IS_TYPE(p->child, LTC_ASN1_INTEGER) &&
	585	LTC_ASN1_IS_TYPE(p->child->next, LTC_ASN1_OCTET_STRING)) {
584	586	ltc_asn1_list *lk = p->child->next;
585	587	if (mp_cmp_d(p->child->data, 1) != LTC_MP_EQ) {
586	588	err = CRYPT_INVALID_PACKET;

+10

-7

src/ltc/pk/ecc/ecc_sign_hash.c less more

20	20	prng_state prng, int wprng, const ecc_key key, int sigformat)
21	21	{
22	22	ecc_key pubkey;
23		void r, s, e, p;
	23	void r, s, e, p, *b;
24	24	int err, max_iterations = LTC_PK_MAX_RETRIES;
25	25	unsigned long pbits, pbytes, i, shift_right;
26	26	unsigned char ch, buf[MAXBLOCKSIZE];

36	36	}
37	37
38	38	/* init the bignums */
39		if ((err = mp_init_multi(&r, &s, &e, NULL)) != CRYPT_OK) {
	39	if ((err = mp_init_multi(&r, &s, &e, &b, NULL)) != CRYPT_OK) {
40	40	return err;
41	41	}
42	42

71	71	if (mp_iszero(r) == LTC_MP_YES) {
72	72	ecc_free(&pubkey);
73	73	} else {
	74	if ((err = rand_bn_upto(b, p, prng, wprng)) != CRYPT_OK) { goto error; } /* b = blinding value */
74	75	/* find s = (e + xr)/k */
75		if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/k */
	76	if ((err = mp_mulmod(pubkey.k, b, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = kb */
	77	if ((err = mp_invmod(pubkey.k, p, pubkey.k)) != CRYPT_OK) { goto error; } /* k = 1/kb */
76	78	if ((err = mp_mulmod(key->k, r, p, s)) != CRYPT_OK) { goto error; } /* s = xr */
77		if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
78		if ((err = mp_mod(s, p, s)) != CRYPT_OK) { goto error; } /* s = e + xr */
79		if ((err = mp_mulmod(s, pubkey.k, p, s)) != CRYPT_OK) { goto error; } /* s = (e + xr)/k */
	79	if ((err = mp_mulmod(pubkey.k, s, p, s)) != CRYPT_OK) { goto error; } /* s = xr/kb */
	80	if ((err = mp_mulmod(pubkey.k, e, p, e)) != CRYPT_OK) { goto error; } /* e = e/kb */
	81	if ((err = mp_add(e, s, s)) != CRYPT_OK) { goto error; } /* s = e/kb + xr/kb */
	82	if ((err = mp_mulmod(s, b, p, s)) != CRYPT_OK) { goto error; } /* s = b(e/kb + xr/kb) = (e + xr)/k */
80	83	ecc_free(&pubkey);
81	84	if (mp_iszero(s) == LTC_MP_NO) {
82	85	break;

110	113	error:
111	114	ecc_free(&pubkey);
112	115	errnokey:
113		mp_clear_multi(r, s, e, NULL);
	116	mp_clear_multi(r, s, e, b, NULL);
114	117	return err;
115	118	}
116	119

-5

src/ltc/stream/sosemanuk/sosemanuk.c less more

317	317	#undef WUP0
318	318	#undef WUP1
319	319
320		/*
321		* Initialize with a zero-value iv to ensure state is correct in the
322		* event user fails to call setiv().
323		*/
324		return sosemanuk_setiv(ss, NULL, 0);
	320	return CRYPT_OK;
325	321	}
326	322
327	323