/*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*/
static int pk_get_rsapubkey( unsigned char **p,
const unsigned char *end,
rsa_context *rsa )
{
int ret;
size_t len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
if( *p + len != end )
return( POLARSSL_ERR_PK_INVALID_PUBKEY +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
if( *p != end )
return( POLARSSL_ERR_PK_INVALID_PUBKEY +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY );
rsa->len = mpi_size( &rsa->N );
return( 0 );
}
int cache_public_key(VCRYPT_CTX *ctx, const char *username,
VCRYPT_PACKET *packet)
{
int ret;
// add dummy entry
if (!packet) {
rsa_context *pk = public_key_list_get(ctx->public_keys, username);
if (pk) {
ret = public_key_node_update(pk, NULL, NULL );
} else {
ret = public_key_list_add(&ctx->public_keys, username, NULL, NULL );
}
return ret ? ret : -ERR_NO_PUBKEY;
}
unsigned char *p = (unsigned char*) packet->payload;
unsigned char *end = p + packet->payload_len;
size_t len = 0;
mpi N, E;
if ((ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE))
!= 0)
return -ERR_NO_PUBKEY;
if (p + len != end)
return -ERR_NO_PUBKEY;
mpi_init(&N);
mpi_init(&E);
if ((ret = asn1_get_mpi(&p, end, &N)) != 0
|| (ret = asn1_get_mpi(&p, end, &E)) != 0) {
mpi_free(&N);
mpi_free(&E);
return -ERR_NO_PUBKEY;
}
if (p != end) {
mpi_free(&N);
mpi_free(&E);
return -ERR_NO_PUBKEY;
}
rsa_context *pk = public_key_list_get(ctx->public_keys, username);
if (pk) {
ret = public_key_node_update(pk, &E, &N);
} else {
ret = public_key_list_add(&ctx->public_keys, username, &E, &N);
}
mpi_free(&N);
mpi_free(&E);
return ret;
}
/*
* SubjectPublicKeyInfo ::= SEQUENCE {
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
static int x509_get_pubkey( unsigned char **p,
unsigned char *end,
x509_buf *pk_alg_oid,
mpi *N, mpi *E )
{
int ret, len;
unsigned char *end2;
if( ( ret = x509_get_alg( p, end, pk_alg_oid ) ) != 0 )
return( ret );
/*
* only RSA public keys handled at this time
*/
if( pk_alg_oid->len != 9 ||
memcmp( pk_alg_oid->p, OID_PKCS1_RSA, 9 ) != 0 )
return( ERR_X509_CERT_UNKNOWN_PK_ALG );
if( ( ret = asn1_get_tag( p, end, &len, ASN1_BIT_STRING ) ) != 0 )
return( ERR_X509_CERT_INVALID_PUBKEY | ret );
if( ( end - *p ) < 1 )
return( ERR_X509_CERT_INVALID_PUBKEY |
ERR_ASN1_OUT_OF_DATA );
end2 = *p + len;
if( *(*p)++ != 0 )
return( ERR_X509_CERT_INVALID_PUBKEY );
/*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*/
if( ( ret = asn1_get_tag( p, end2, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ERR_X509_CERT_INVALID_PUBKEY | ret );
if( *p + len != end2 )
return( ERR_X509_CERT_INVALID_PUBKEY |
ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = asn1_get_mpi( p, end2, N ) ) != 0 ||
( ret = asn1_get_mpi( p, end2, E ) ) != 0 )
return( ERR_X509_CERT_INVALID_PUBKEY | ret );
if( *p != end )
return( ERR_X509_CERT_INVALID_PUBKEY |
ERR_ASN1_LENGTH_MISMATCH );
return( 0 );
}
int rsa_parse_public_key( rsa_context *rsa, unsigned char *buf, int buflen )
{
unsigned char *p, *end;
int ret, len;
p = buf;
end = buf+buflen;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) {
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) == 0 ) {
/* Skip over embedded rsaEncryption Object */
p+=len;
/* The RSAPublicKey ASN1 container is wrapped in a BIT STRING */
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_BIT_STRING ) ) != 0 ) {
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
/* Limit range to that BIT STRING */
end = p + len;
p++;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) {
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
}
if ( ( ( ret = asn1_get_mpi( &p, end, &(rsa->N) ) ) == 0 ) &&
( ( ret = asn1_get_mpi( &p, end, &(rsa->E) ) ) == 0 ) ) {
rsa->len = mpi_size( &rsa->N );
return 0;
}
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
/*
* Parse a private RSA key
*/
int rsa_parse_key( rsa_context *rsa, unsigned char *buf, int buflen,
unsigned char *pwd, int pwdlen )
{
int ret, len, enc;
unsigned char *s1, *s2;
unsigned char *p, *end;
s1 = (unsigned char *) strstr( (char *) buf,
"-----BEGIN RSA PRIVATE KEY-----" );
if( s1 != NULL )
{
s2 = (unsigned char *) strstr( (char *) buf,
"-----END RSA PRIVATE KEY-----" );
if( s2 == NULL || s2 <= s1 )
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
s1 += 31;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
return( 1 );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
free( buf );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
}
buflen = len;
if( enc != 0 )
{
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
}
}
memset( rsa, 0, sizeof( rsa_context ) );
p = buf;
end = buf + buflen;
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
}
if( rsa->ver != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
}
if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
}
rsa->len = mpi_size( &rsa->N );
if( p != end )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
{
if( s1 != NULL )
free( buf );
rsa_free( rsa );
return( ret );
}
if( s1 != NULL )
free( buf );
return( 0 );
}
/*
* Parse a PKCS#1 encoded private RSA key
*/
static int pk_parse_key_pkcs1_der( rsa_context *rsa,
const unsigned char *key,
size_t keylen )
{
int ret;
size_t len;
unsigned char *p, *end;
p = (unsigned char *) key;
end = p + keylen;
/*
* This function parses the RSAPrivateKey (PKCS#1)
*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
end = p + len;
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
if( rsa->ver != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_VERSION );
}
if( ( ret = asn1_get_mpi( &p, end, &rsa->N ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->E ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->D ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->P ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
{
rsa_free( rsa );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
rsa->len = mpi_size( &rsa->N );
if( p != end )
{
rsa_free( rsa );
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
}
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
{
rsa_free( rsa );
return( ret );
}
return( 0 );
}
/*
* Parse a SpecifiedECDomain (SEC 1 C.2) and (mostly) fill the group with it.
* WARNING: the resulting group should only be used with
* pk_group_id_from_specified(), since its base point may not be set correctly
* if it was encoded compressed.
*
* SpecifiedECDomain ::= SEQUENCE {
* version SpecifiedECDomainVersion(ecdpVer1 | ecdpVer2 | ecdpVer3, ...),
* fieldID FieldID {{FieldTypes}},
* curve Curve,
* base ECPoint,
* order INTEGER,
* cofactor INTEGER OPTIONAL,
* hash HashAlgorithm OPTIONAL,
* ...
* }
*
* We only support prime-field as field type, and ignore hash and cofactor.
*/
static int pk_group_from_specified( const asn1_buf *params, ecp_group *grp )
{
int ret;
unsigned char *p = params->p;
const unsigned char * const end = params->p + params->len;
const unsigned char *end_field, *end_curve;
size_t len;
int ver;
/* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
if( ( ret = asn1_get_int( &p, end, &ver ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ver < 1 || ver > 3 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
/*
* FieldID { FIELD-ID:IOSet } ::= SEQUENCE { -- Finite field
* fieldType FIELD-ID.&id({IOSet}),
* parameters FIELD-ID.&Type({IOSet}{@fieldType})
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ret );
end_field = p + len;
/*
* FIELD-ID ::= TYPE-IDENTIFIER
* FieldTypes FIELD-ID ::= {
* { Prime-p IDENTIFIED BY prime-field } |
* { Characteristic-two IDENTIFIED BY characteristic-two-field }
* }
* prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
*/
if( ( ret = asn1_get_tag( &p, end_field, &len, ASN1_OID ) ) != 0 )
return( ret );
if( len != OID_SIZE( OID_ANSI_X9_62_PRIME_FIELD ) ||
memcmp( p, OID_ANSI_X9_62_PRIME_FIELD, len ) != 0 )
{
return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE );
}
p += len;
/* Prime-p ::= INTEGER -- Field of size p. */
if( ( ret = asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
grp->pbits = mpi_msb( &grp->P );
if( p != end_field )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
/*
* Curve ::= SEQUENCE {
* a FieldElement,
* b FieldElement,
* seed BIT STRING OPTIONAL
* -- Shall be present if used in SpecifiedECDomain
* -- with version equal to ecdpVer2 or ecdpVer3
* }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( ret );
end_curve = p + len;
/*
* FieldElement ::= OCTET STRING
* containing an integer in the case of a prime field
*/
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
( ret = mpi_read_binary( &grp->A, p, len ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_OCTET_STRING ) ) != 0 ||
( ret = mpi_read_binary( &grp->B, p, len ) ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
}
p += len;
/* Ignore seed BIT STRING OPTIONAL */
if( ( ret = asn1_get_tag( &p, end_curve, &len, ASN1_BIT_STRING ) ) == 0 )
p += len;
if( p != end_curve )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
/*
* ECPoint ::= OCTET STRING
*/
if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
if( ( ret = ecp_point_read_binary( grp, &grp->G,
( const unsigned char *) p, len ) ) != 0 )
{
/*
* If we can't read the point because it's compressed, cheat by
* reading only the X coordinate and the parity bit of Y.
*/
if( ret != POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE ||
( p[0] != 0x02 && p[0] != 0x03 ) ||
len != mpi_size( &grp->P ) + 1 ||
mpi_read_binary( &grp->G.X, p + 1, len - 1 ) != 0 ||
mpi_lset( &grp->G.Y, p[0] - 2 ) != 0 ||
mpi_lset( &grp->G.Z, 1 ) != 0 )
{
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT );
}
}
p += len;
/*
* order INTEGER
*/
if( ( ret = asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret );
grp->nbits = mpi_msb( &grp->N );
/*
* Allow optional elements by purposefully not enforcing p == end here.
*/
return( 0 );
}
