/* * RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER -- e * } */ static int pk_get_rsapubkey( unsigned char **p, const unsigned char *end, rsa_context *rsa ) { int ret; size_t len; if( ( ret = asn1_get_tag( p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret ); if( *p + len != end ) return( POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 || ( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret ); if( *p != end ) return( POLARSSL_ERR_PK_INVALID_PUBKEY + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); if( ( ret = rsa_check_pubkey( rsa ) ) != 0 ) return( POLARSSL_ERR_PK_INVALID_PUBKEY ); rsa->len = mpi_size( &rsa->N ); return( 0 ); }
int cache_public_key(VCRYPT_CTX *ctx, const char *username, VCRYPT_PACKET *packet) { int ret; // add dummy entry if (!packet) { rsa_context *pk = public_key_list_get(ctx->public_keys, username); if (pk) { ret = public_key_node_update(pk, NULL, NULL ); } else { ret = public_key_list_add(&ctx->public_keys, username, NULL, NULL ); } return ret ? ret : -ERR_NO_PUBKEY; } unsigned char *p = (unsigned char*) packet->payload; unsigned char *end = p + packet->payload_len; size_t len = 0; mpi N, E; if ((ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE)) != 0) return -ERR_NO_PUBKEY; if (p + len != end) return -ERR_NO_PUBKEY; mpi_init(&N); mpi_init(&E); if ((ret = asn1_get_mpi(&p, end, &N)) != 0 || (ret = asn1_get_mpi(&p, end, &E)) != 0) { mpi_free(&N); mpi_free(&E); return -ERR_NO_PUBKEY; } if (p != end) { mpi_free(&N); mpi_free(&E); return -ERR_NO_PUBKEY; } rsa_context *pk = public_key_list_get(ctx->public_keys, username); if (pk) { ret = public_key_node_update(pk, &E, &N); } else { ret = public_key_list_add(&ctx->public_keys, username, &E, &N); } mpi_free(&N); mpi_free(&E); return ret; }
/* * SubjectPublicKeyInfo ::= SEQUENCE { * algorithm AlgorithmIdentifier, * subjectPublicKey BIT STRING } */ static int x509_get_pubkey( unsigned char **p, unsigned char *end, x509_buf *pk_alg_oid, mpi *N, mpi *E ) { int ret, len; unsigned char *end2; if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 ) return( ret ); /* * only RSA public keys handled at this time */ if( pk_alg_oid->len != 9 || memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 ) return( ERR_X509_CERT_UNKNOWN_PK_ALG ); if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 ) return( ERR_X509_CERT_INVALID_PUBKEY | ret ); if( ( end - *p ) < 1 ) return( ERR_X509_CERT_INVALID_PUBKEY | ERR_ASN1_OUT_OF_DATA ); end2 = *p + len; if( *(*p)++ != 0 ) return( ERR_X509_CERT_INVALID_PUBKEY ); /* * RSAPublicKey ::= SEQUENCE { * modulus INTEGER, -- n * publicExponent INTEGER -- e * } */ if( ( ret = asn1_get_tag( p, end2, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( ERR_X509_CERT_INVALID_PUBKEY | ret ); if( *p + len != end2 ) return( ERR_X509_CERT_INVALID_PUBKEY | ERR_ASN1_LENGTH_MISMATCH ); if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 || ( ret = asn1_get_mpi( p, end2, E ) ) != 0 ) return( ERR_X509_CERT_INVALID_PUBKEY | ret ); if( *p != end ) return( ERR_X509_CERT_INVALID_PUBKEY | ERR_ASN1_LENGTH_MISMATCH ); return( 0 ); }
int rsa_parse_public_key( rsa_context *rsa, unsigned char *buf, int buflen ) { unsigned char *p, *end; int ret, len; p = buf; end = buf+buflen; if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) == 0 ) { /* Skip over embedded rsaEncryption Object */ p+=len; /* The RSAPublicKey ASN1 container is wrapped in a BIT STRING */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_BIT_STRING ) ) != 0 ) { return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } /* Limit range to that BIT STRING */ end = p + len; p++; if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } } if ( ( ( ret = asn1_get_mpi( &p, end, &(rsa->N) ) ) == 0 ) && ( ( ret = asn1_get_mpi( &p, end, &(rsa->E) ) ) == 0 ) ) { rsa->len = mpi_size( &rsa->N ); return 0; } return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); }
/* * Parse a private RSA key */ int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen, unsigned char *pwd, int pwdlen ) { int ret, len, enc; unsigned char *s1, *s2; unsigned char *p, *end; s1 = (unsigned char *) strstr( (char *) buf, "-----BEGIN RSA PRIVATE KEY-----" ); if( s1 != NULL ) { s2 = (unsigned char *) strstr( (char *) buf, "-----END RSA PRIVATE KEY-----" ); if( s2 == NULL || s2 <= s1 ) return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); s1 += 31; if( *s1 == '\r' ) s1++; if( *s1 == '\n' ) s1++; else return( POLARSSL_ERR_X509_KEY_INVALID_PEM ); enc = 0; if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 ) { return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); } len = 0; ret = base64_decode( NULL, &len, s1, s2 - s1 ); if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); if( ( buf = (unsigned char *) malloc( len ) ) == NULL ) return( 1 ); if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 ) { free( buf ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM ); } buflen = len; if( enc != 0 ) { return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE ); } } memset( rsa, 0, sizeof( rsa_context ) ); p = buf; end = buf + buflen; /* * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } end = p + len; if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); } if( rsa->ver != 0 ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION ); } if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); } rsa->len = mpi_size( &rsa->N ); if( p != end ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); } if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) { if( s1 != NULL ) free( buf ); rsa_free( rsa ); return( ret ); } if( s1 != NULL ) free( buf ); return( 0 ); }
/* * Parse a PKCS#1 encoded private RSA key */ static int pk_parse_key_pkcs1_der( rsa_context *rsa, const unsigned char *key, size_t keylen ) { int ret; size_t len; unsigned char *p, *end; p = (unsigned char *) key; end = p + keylen; /* * This function parses the RSAPrivateKey (PKCS#1) * * RSAPrivateKey ::= SEQUENCE { * version Version, * modulus INTEGER, -- n * publicExponent INTEGER, -- e * privateExponent INTEGER, -- d * prime1 INTEGER, -- p * prime2 INTEGER, -- q * exponent1 INTEGER, -- d mod (p-1) * exponent2 INTEGER, -- d mod (q-1) * coefficient INTEGER, -- (inverse of q) mod p * otherPrimeInfos OtherPrimeInfos OPTIONAL * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } end = p + len; if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } if( rsa->ver != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_VERSION ); } if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) { rsa_free( rsa ); return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } rsa->len = mpi_size( &rsa->N ); if( p != end ) { rsa_free( rsa ); return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); } if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) { rsa_free( rsa ); return( ret ); } return( 0 ); }
/* * Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it. * WARNING: the resulting group should only be used with * pk_group_id_from_specified(), since its base point may not be set correctly * if it was encoded compressed. * * SpecifiedECDomain ::= SEQUENCE { * version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...), * fieldID FieldID {{FieldTypes}}, * curve Curve, * base ECPoint, * order INTEGER, * cofactor INTEGER OPTIONAL, * hash HashAlgorithm OPTIONAL, * ... * } * * We only support prime-field as field type, and ignore hash and cofactor. */ static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp ) { int ret; unsigned char *p = params->p; const unsigned char * const end = params->p + params->len; const unsigned char *end_field, *end_curve; size_t len; int ver; /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); if( ver < 1 || ver > 3 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); /* * FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field * fieldType FIELD-ID.&id({IOSet}), * parameters FIELD-ID.&Type({IOSet}{@fieldType}) * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( ret ); end_field = p + len; /* * FIELD-ID ::= TYPE-IDENTIFIER * FieldTypes FIELD-ID ::= { * { Prime-p IDENTIFIED BY prime-field } | * { Characteristic-two IDENTIFIED BY characteristic-two-field } * } * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } */ if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 ) return( ret ); if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) || memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 ) { return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); } p += len; /* Prime-p ::= INTEGER -- Field of size p. */ if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); grp->pbits = mpi_msb( &grp->P ); if( p != end_field ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); /* * Curve ::= SEQUENCE { * a FieldElement, * b FieldElement, * seed BIT STRING OPTIONAL * -- Shall be present if used in SpecifiedECDomain * -- with version equal to ecdpVer2 or ecdpVer3 * } */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) return( ret ); end_curve = p + len; /* * FieldElement ::= OCTET STRING * containing an integer in the case of a prime field */ if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 || ( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } p += len; if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 || ( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } p += len; /* Ignore seed BIT STRING OPTIONAL */ if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 ) p += len; if( p != end_curve ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); /* * ECPoint ::= OCTET STRING */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); if( ( ret = ecp_point_read_binary( grp, &grp->G, ( const unsigned char *) p, len ) ) != 0 ) { /* * If we can't read the point because it's compressed, cheat by * reading only the X coordinate and the parity bit of Y. */ if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE || ( p[0] != 0x02 && p[0] != 0x03 ) || len != mpi_size( &grp->P ) + 1 || mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 || mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 || mpi_lset( &grp->G.Z, 1 ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT ); } } p += len; /* * order INTEGER */ if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); grp->nbits = mpi_msb( &grp->N ); /* * Allow optional elements by purposefully not enforcing p == end here. */ return( 0 ); }