/** Encode a SEQUENCE type using a VA list @param out [out] Destination for data @param outlen [in/out] Length of buffer and resulting length of output @remark <...> is of the form <type, size, data> (int, unsigned long, void*) @return CRYPT_OK on success */ int der_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen, unsigned int algorithm, void* public_key, unsigned long* public_key_len, unsigned long parameters_type, ltc_asn1_list* parameters, unsigned long parameters_len) { int err, len; oid_st oid; unsigned char *tmpbuf; unsigned long tmpoid[16]; ltc_asn1_list alg_id[2]; ltc_asn1_list subject_pubkey[2]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != 0); err = pk_get_oid(algorithm, &oid); if (err != CRYPT_OK) { return err; } /* see if the OpenSSL DER format RSA public key will work */ tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); if (tmpbuf == NULL) { err = CRYPT_MEM; goto LBL_ERR; } /* this includes the internal hash ID and optional params (NULL in this case) */ LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, parameters_len); /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it then proceed to convert bit to octet */ LTC_SET_ASN1(subject_pubkey, 0, LTC_ASN1_SEQUENCE, alg_id, 2); LTC_SET_ASN1(subject_pubkey, 1, LTC_ASN1_RAW_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); err=der_decode_sequence(in, inlen, subject_pubkey, 2UL); if (err != CRYPT_OK) { goto LBL_ERR; } len = subject_pubkey[1].size/8; if (*public_key_len > len) { memcpy(public_key, subject_pubkey[1].data, len); *public_key_len = len; } else { *public_key_len = len; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } err = CRYPT_OK; LBL_ERR: XFREE(tmpbuf); return err; }
static int der_choice_test(void) { ltc_asn1_list types[7], host[1]; unsigned char bitbuf[10], octetbuf[10], ia5buf[10], printbuf[10], outbuf[256]; unsigned long integer, oidbuf[10], outlen, inlen, x, y; mp_int mpinteger; ltc_utctime utctime = { 91, 5, 6, 16, 45, 40, 1, 7, 0 }; /* setup variables */ for (x = 0; x < sizeof(bitbuf); x++) { bitbuf[x] = x & 1; } for (x = 0; x < sizeof(octetbuf); x++) { octetbuf[x] = x; } for (x = 0; x < sizeof(ia5buf); x++) { ia5buf[x] = 'a'; } for (x = 0; x < sizeof(printbuf); x++) { printbuf[x] = 'a'; } integer = 1; for (x = 0; x < sizeof(oidbuf)/sizeof(oidbuf[0]); x++) { oidbuf[x] = x + 1; } DO(mpi_to_ltc_error(mp_init(&mpinteger))); for (x = 0; x < 14; x++) { /* setup list */ LTC_SET_ASN1(types, 0, LTC_ASN1_PRINTABLE_STRING, printbuf, sizeof(printbuf)); LTC_SET_ASN1(types, 1, LTC_ASN1_BIT_STRING, bitbuf, sizeof(bitbuf)); LTC_SET_ASN1(types, 2, LTC_ASN1_OCTET_STRING, octetbuf, sizeof(octetbuf)); LTC_SET_ASN1(types, 3, LTC_ASN1_IA5_STRING, ia5buf, sizeof(ia5buf)); if (x > 7) { LTC_SET_ASN1(types, 4, LTC_ASN1_SHORT_INTEGER, &integer, 1); } else { LTC_SET_ASN1(types, 4, LTC_ASN1_INTEGER, &mpinteger, 1); } LTC_SET_ASN1(types, 5, LTC_ASN1_OBJECT_IDENTIFIER, oidbuf, sizeof(oidbuf)/sizeof(oidbuf[0])); LTC_SET_ASN1(types, 6, LTC_ASN1_UTCTIME, &utctime, 1); LTC_SET_ASN1(host, 0, LTC_ASN1_CHOICE, types, 7); /* encode */ outlen = sizeof(outbuf); DO(der_encode_sequence(&types[x>6?x-7:x], 1, outbuf, &outlen)); /* decode it */ inlen = outlen; DO(der_decode_sequence(outbuf, inlen, &host, 1)); for (y = 0; y < 7; y++) { if (types[y].used && y != (x>6?x-7:x)) { fprintf(stderr, "CHOICE, flag %lu in trial %lu was incorrectly set to one\n", y, x); return 1; } if (!types[y].used && y == (x>6?x-7:x)) { fprintf(stderr, "CHOICE, flag %lu in trial %lu was incorrectly set to zero\n", y, x); return 1; } } } mp_clear(&mpinteger); return 0; }
/** Decode a CHOICE @param in The DER encoded input @param inlen [in/out] The size of the input and resulting size of read type @param list The list of items to decode @param outlen The number of items in the list @return CRYPT_OK on success */ int der_decode_choice(const unsigned char *in, unsigned long *inlen, ltc_asn1_list *list, unsigned long outlen) { unsigned long size, x, z; void *data; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); LTC_ARGCHK(list != NULL); /* get blk size */ if (*inlen < 2) { return CRYPT_INVALID_PACKET; } /* set all of the "used" flags to zero */ for (x = 0; x < outlen; x++) { list[x].used = 0; } /* now scan until we have a winner */ for (x = 0; x < outlen; x++) { size = list[x].size; data = list[x].data; switch (list[x].type) { case LTC_ASN1_BOOLEAN: if (der_decode_boolean(in, *inlen, data) == CRYPT_OK) { if (der_length_boolean(&z) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_INTEGER: if (der_decode_integer(in, *inlen, data) == CRYPT_OK) { if (der_length_integer(data, &z) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_SHORT_INTEGER: if (der_decode_short_integer(in, *inlen, data) == CRYPT_OK) { if (der_length_short_integer(size, &z) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_BIT_STRING: if (der_decode_bit_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_bit_string(size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_RAW_BIT_STRING: if (der_decode_raw_bit_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_bit_string(size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_OCTET_STRING: if (der_decode_octet_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_octet_string(size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_NULL: if (*inlen == 2 && in[x] == 0x05 && in[x+1] == 0x00) { *inlen = 2; list[x].used = 1; return CRYPT_OK; } break; case LTC_ASN1_OBJECT_IDENTIFIER: if (der_decode_object_identifier(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_object_identifier(data, size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_TELETEX_STRING: if (der_decode_teletex_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_teletex_string(data, size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_IA5_STRING: if (der_decode_ia5_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_ia5_string(data, size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_PRINTABLE_STRING: if (der_decode_printable_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_printable_string(data, size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_UTF8_STRING: if (der_decode_utf8_string(in, *inlen, data, &size) == CRYPT_OK) { if (der_length_utf8_string(data, size, &z) == CRYPT_OK) { list[x].used = 1; list[x].size = size; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_UTCTIME: z = *inlen; if (der_decode_utctime(in, &z, data) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } break; case LTC_ASN1_GENERALIZEDTIME: z = *inlen; if (der_decode_generalizedtime(in, &z, data) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } break; case LTC_ASN1_SET: case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: if (der_decode_sequence(in, *inlen, data, size) == CRYPT_OK) { if (der_length_sequence(data, size, &z) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_CUSTOM_TYPE: if (der_decode_custom_type(in, *inlen, &list[x]) == CRYPT_OK) { if (der_length_custom_type(&list[x], &z, NULL) == CRYPT_OK) { list[x].used = 1; *inlen = z; return CRYPT_OK; } } break; case LTC_ASN1_CHOICE: case LTC_ASN1_EOL: return CRYPT_INVALID_ARG; } } return CRYPT_INVALID_PACKET; }
/** Decode a SEQUENCE type using a VA list @param in Input buffer @param inlen Length of input in octets @remark <...> is of the form <type, size, data> (int, unsigned long, void*) @return CRYPT_OK on success */ int der_decode_sequence_multi(const unsigned char *in, unsigned long inlen, ...) { int err, type; unsigned long size, x; void *data; va_list args; ltc_asn1_list *list; LTC_ARGCHK(in != NULL); /* get size of output that will be required */ va_start(args, inlen); x = 0; for (;;) { type = va_arg(args, int); size = va_arg(args, unsigned long); data = va_arg(args, void*); if (type == LTC_ASN1_EOL) { break; } switch (type) { case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: case LTC_ASN1_OCTET_STRING: case LTC_ASN1_NULL: case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: case LTC_ASN1_UTCTIME: case LTC_ASN1_SET: case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: case LTC_ASN1_CHOICE: ++x; break; default: va_end(args); return CRYPT_INVALID_ARG; } } va_end(args); /* allocate structure for x elements */ if (x == 0) { return CRYPT_NOP; } list = XCALLOC(sizeof(*list), x); if (list == NULL) { return CRYPT_MEM; } /* fill in the structure */ va_start(args, inlen); x = 0; for (;;) { type = va_arg(args, int); size = va_arg(args, unsigned long); data = va_arg(args, void*); if (type == LTC_ASN1_EOL) { break; } switch (type) { case LTC_ASN1_BOOLEAN: case LTC_ASN1_INTEGER: case LTC_ASN1_SHORT_INTEGER: case LTC_ASN1_BIT_STRING: case LTC_ASN1_OCTET_STRING: case LTC_ASN1_NULL: case LTC_ASN1_OBJECT_IDENTIFIER: case LTC_ASN1_IA5_STRING: case LTC_ASN1_PRINTABLE_STRING: case LTC_ASN1_UTCTIME: case LTC_ASN1_SEQUENCE: case LTC_ASN1_SET: case LTC_ASN1_SETOF: case LTC_ASN1_CHOICE: list[x].type = type; list[x].size = size; list[x++].data = data; break; default: va_end(args); err = CRYPT_INVALID_ARG; goto LBL_ERR; } } va_end(args); err = der_decode_sequence(in, inlen, list, x); LBL_ERR: XFREE(list); return err; }
/** Decode a SEQUENCE @param in The DER encoded input @param inlen The size of the input @param list The list of items to decode @param outlen The number of items in the list @param ordered Search an unordeded or ordered list @return CRYPT_OK on success */ int der_decode_sequence_ex(const unsigned char *in, unsigned long inlen, ltc_asn1_list *list, unsigned long outlen, int ordered) { int err, type; unsigned long size, x, y, z, i, blksize; void *data; LTC_ARGCHK(in != NULL); LTC_ARGCHK(list != NULL); /* get blk size */ if (inlen < 2) { return CRYPT_INVALID_PACKET; } /* sequence type? We allow 0x30 SEQUENCE and 0x31 SET since fundamentally they're the same structure */ x = 0; if (in[x] != 0x30 && in[x] != 0x31) { return CRYPT_INVALID_PACKET; } ++x; if (in[x] < 128) { blksize = in[x++]; } else if (in[x] & 0x80) { if (in[x] < 0x81 || in[x] > 0x83) { return CRYPT_INVALID_PACKET; } y = in[x++] & 0x7F; /* would reading the len bytes overrun? */ if (x + y > inlen) { return CRYPT_INVALID_PACKET; } /* read len */ blksize = 0; while (y--) { blksize = (blksize << 8) | (unsigned long)in[x++]; } } /* would this blksize overflow? */ if (x + blksize > inlen) { return CRYPT_INVALID_PACKET; } /* mark all as unused */ for (i = 0; i < outlen; i++) { list[i].used = 0; } /* ok read data */ inlen = blksize; for (i = 0; i < outlen; i++) { z = 0; type = list[i].type; size = list[i].size; data = list[i].data; if (!ordered && list[i].used == 1) { continue; } if (type == LTC_ASN1_EOL) { break; } switch (type) { case LTC_ASN1_BOOLEAN: z = inlen; if ((err = der_decode_boolean(in + x, z, ((int *)data))) != CRYPT_OK) { goto LBL_ERR; } if ((err = der_length_boolean(&z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_INTEGER: z = inlen; if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_integer(data, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_SHORT_INTEGER: z = inlen; if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_short_integer(((unsigned long*)data)[0], &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_BIT_STRING: z = inlen; if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_OCTET_STRING: z = inlen; if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_NULL: if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) { if (!ordered) { continue; } err = CRYPT_INVALID_PACKET; goto LBL_ERR; } z = 2; break; case LTC_ASN1_OBJECT_IDENTIFIER: z = inlen; if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_IA5_STRING: z = inlen; if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_PRINTABLE_STRING: z = inlen; if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_UTF8_STRING: z = inlen; if ((err = der_decode_utf8_string(in + x, z, data, &size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } list[i].size = size; if ((err = der_length_utf8_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_UTCTIME: z = inlen; if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } break; case LTC_ASN1_SET: z = inlen; if ((err = der_decode_set(in + x, z, data, size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_SETOF: case LTC_ASN1_SEQUENCE: /* detect if we have the right type */ if ((type == LTC_ASN1_SETOF && (in[x] & 0x3F) != 0x31) || (type == LTC_ASN1_SEQUENCE && (in[x] & 0x3F) != 0x30)) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } z = inlen; if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } break; case LTC_ASN1_CHOICE: z = inlen; if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) { if (!ordered) { continue; } goto LBL_ERR; } break; default: err = CRYPT_INVALID_ARG; goto LBL_ERR; } x += z; inlen -= z; list[i].used = 1; if (!ordered) { /* restart the decoder */ i = -1; } } for (i = 0; i < outlen; i++) { if (list[i].used == 0) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } } err = CRYPT_OK; LBL_ERR: return err; }
/** Decode a SEQUENCE @param in The DER encoded input @param inlen The size of the input @param list The list of items to decode @param outlen The number of items in the list @return CRYPT_OK on success */ int der_decode_sequence(const unsigned char *in, unsigned long inlen, ltc_asn1_list *list, unsigned long outlen) { int err, type; unsigned long size, x, y, z, i, blksize; void *data; LTC_ARGCHK(in != NULL); LTC_ARGCHK(list != NULL); /* get blk size */ if (inlen < 2) { return CRYPT_INVALID_PACKET; } /* sequence type? */ x = 0; if (in[x++] != 0x30) { return CRYPT_INVALID_PACKET; } if (in[x] < 128) { blksize = in[x++]; } else if (in[x] & 0x80) { if (in[x] < 0x81 || in[x] > 0x83) { return CRYPT_INVALID_PACKET; } y = in[x++] & 0x7F; /* would reading the len bytes overrun? */ if (x + y > inlen) { return CRYPT_INVALID_PACKET; } /* read len */ blksize = 0; while (y--) { blksize = (blksize << 8) | (unsigned long)in[x++]; } } /* would this blksize overflow? */ if (x + blksize > inlen) { return CRYPT_INVALID_PACKET; } /* ok read data */ inlen = blksize; for (i = 0; i < outlen; i++) { type = list[i].type; size = list[i].size; data = list[i].data; if (type == LTC_ASN1_EOL) { break; } switch (type) { case LTC_ASN1_INTEGER: z = inlen; if ((err = der_decode_integer(in + x, z, data)) != CRYPT_OK) { goto LBL_ERR; } if ((err = der_length_integer(data, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_SHORT_INTEGER: z = inlen; if ((err = der_decode_short_integer(in + x, z, data)) != CRYPT_OK) { goto LBL_ERR; } if ((err = der_length_short_integer(size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_BIT_STRING: z = inlen; if ((err = der_decode_bit_string(in + x, z, data, &size)) != CRYPT_OK) { goto LBL_ERR; } list[i].size = size; if ((err = der_length_bit_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_OCTET_STRING: z = inlen; if ((err = der_decode_octet_string(in + x, z, data, &size)) != CRYPT_OK) { goto LBL_ERR; } list[i].size = size; if ((err = der_length_octet_string(size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_NULL: if (inlen < 2 || in[x] != 0x05 || in[x+1] != 0x00) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } x += 2; inlen -= 2; break; case LTC_ASN1_OBJECT_IDENTIFIER: z = inlen; if ((err = der_decode_object_identifier(in + x, z, data, &size)) != CRYPT_OK) { goto LBL_ERR; } list[i].size = size; if ((err = der_length_object_identifier(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_IA5_STRING: z = inlen; if ((err = der_decode_ia5_string(in + x, z, data, &size)) != CRYPT_OK) { goto LBL_ERR; } list[i].size = size; if ((err = der_length_ia5_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_PRINTABLE_STRING: z = inlen; if ((err = der_decode_printable_string(in + x, z, data, &size)) != CRYPT_OK) { goto LBL_ERR; } list[i].size = size; if ((err = der_length_printable_string(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_UTCTIME: z = inlen; if ((err = der_decode_utctime(in + x, &z, data)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_SEQUENCE: z = inlen; if ((err = der_decode_sequence(in + x, z, data, size)) != CRYPT_OK) { goto LBL_ERR; } if ((err = der_length_sequence(data, size, &z)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; case LTC_ASN1_CHOICE: z = inlen; if ((err = der_decode_choice(in + x, &z, data, size)) != CRYPT_OK) { goto LBL_ERR; } x += z; inlen -= z; break; default: err = CRYPT_INVALID_ARG; goto LBL_ERR; } } err = CRYPT_OK; LBL_ERR: return err; }
/** Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in LTC_PKCS #1 v2.1] @param in The packet to import from @param inlen It's length (octets) @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; void *zero; unsigned char *tmpbuf; unsigned long t, x, y, z, tmpoid[16]; ltc_asn1_list ssl_pubkey_hashoid[2]; ltc_asn1_list ssl_pubkey[2]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { return err; } /* see if the OpenSSL DER format RSA public key will work */ tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); if (tmpbuf == NULL) { err = CRYPT_MEM; goto LBL_ERR; } /* this includes the internal hash ID and optional params (NULL in this case) */ LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it then proceed to convert bit to octet */ LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2); LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); if (der_decode_sequence(in, inlen, ssl_pubkey, 2UL) == CRYPT_OK) { /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */ for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) { y = (y << 1) | tmpbuf[x]; if (++z == 8) { tmpbuf[t++] = (unsigned char)y; y = 0; z = 0; } } /* now it should be SEQUENCE { INTEGER, INTEGER } */ if ((err = der_decode_sequence_multi(tmpbuf, t, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } XFREE(tmpbuf); key->type = PK_PUBLIC; return CRYPT_OK; } XFREE(tmpbuf); /* not SSL public key, try to match against LTC_PKCS #1 standards */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { if ((err = mp_init(&zero)) != CRYPT_OK) { goto LBL_ERR; } /* it's a private key */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, zero, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_INTEGER, 1UL, key->d, LTC_ASN1_INTEGER, 1UL, key->p, LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, LTC_ASN1_INTEGER, 1UL, key->dQ, LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { mp_clear(zero); goto LBL_ERR; } mp_clear(zero); key->type = PK_PRIVATE; } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) { /* we don't support multi-prime RSA */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } else { /* it's a public key and we lack e */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PUBLIC; } return CRYPT_OK; LBL_ERR: mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); return err; }
/** Decrypt an DSA encrypted key @param in The ciphertext @param inlen The length of the ciphertext (octets) @param out [out] The plaintext @param outlen [in/out] The max size and resulting size of the plaintext @param key The corresponding private DSA key @return CRYPT_OK if successful */ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, dsa_key *key) { unsigned char *skey, *expt; void *g_pub; unsigned long x, y, hashOID[32]; int hash, err; ltc_asn1_list decode[3]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); /* right key type? */ if (key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } /* decode to find out hash */ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { return err; } hash = find_hash_oid(hashOID, decode[0].size); if (hash_is_valid(hash) != CRYPT_OK) { return CRYPT_INVALID_PACKET; } /* we now have the hash! */ if ((err = mp_init(&g_pub)) != CRYPT_OK) { return err; } /* allocate memory */ expt = XMALLOC(mp_unsigned_bin_size(key->p) + 1); skey = XMALLOC(MAXBLOCKSIZE); if (expt == NULL || skey == NULL) { if (expt != NULL) { XFREE(expt); } if (skey != NULL) { XFREE(skey); } mp_clear(g_pub); return CRYPT_MEM; } LTC_SET_ASN1(decode, 1, LTC_ASN1_INTEGER, g_pub, 1UL); LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); /* read the structure in now */ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { goto LBL_ERR; } /* make shared key */ x = mp_unsigned_bin_size(key->p) + 1; if ((err = dsa_shared_secret(key->x, g_pub, key, expt, &x)) != CRYPT_OK) { goto LBL_ERR; } y = MIN(mp_unsigned_bin_size(key->p) + 1, MAXBLOCKSIZE); if ((err = hash_memory(hash, expt, x, expt, &y)) != CRYPT_OK) { goto LBL_ERR; } /* ensure the hash of the shared secret is at least as big as the encrypt itself */ if (decode[2].size > y) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } /* avoid buffer overflow */ if (*outlen < decode[2].size) { *outlen = decode[2].size; err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } /* Decrypt the key */ for (x = 0; x < decode[2].size; x++) { out[x] = expt[x] ^ skey[x]; } *outlen = x; err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(expt, mp_unsigned_bin_size(key->p) + 1); zeromem(skey, MAXBLOCKSIZE); #endif XFREE(expt); XFREE(skey); mp_clear(g_pub); return err; }
/** Import an RSAPublicKey or RSAPrivateKey in PKCS#8 format @param in The packet to import from @param inlen It's length (octets) @param passwd The password for decrypting privkey (NOT SUPPORTED YET) @param passwdlen Password's length (octets) @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *passwd, unsigned long passwdlen, rsa_key *key) { int err; void *zero, *iter; unsigned char *buf1 = NULL, *buf2 = NULL; unsigned long buf1len, buf2len; unsigned long oid[16]; oid_st rsaoid; ltc_asn1_list alg_seq[2], top_seq[3]; ltc_asn1_list alg_seq_e[2], key_seq_e[2], top_seq_e[2]; unsigned char *decrypted = NULL; unsigned long decryptedlen; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* get RSA alg oid */ err = pk_get_oid(PKA_RSA, &rsaoid); if (err != CRYPT_OK) { goto LBL_NOFREE; } /* alloc buffers */ buf1len = inlen; /* approx. */ buf1 = XMALLOC(buf1len); if (buf1 == NULL) { err = CRYPT_MEM; goto LBL_NOFREE; } buf2len = inlen; /* approx. */ buf2 = XMALLOC(buf2len); if (buf2 == NULL) { err = CRYPT_MEM; goto LBL_FREE1; } /* init key */ err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, &zero, &iter, NULL); if (err != CRYPT_OK) { goto LBL_FREE2; } /* try to decode encrypted priv key */ LTC_SET_ASN1(key_seq_e, 0, LTC_ASN1_OCTET_STRING, buf1, buf1len); LTC_SET_ASN1(key_seq_e, 1, LTC_ASN1_INTEGER, iter, 1UL); LTC_SET_ASN1(alg_seq_e, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); LTC_SET_ASN1(alg_seq_e, 1, LTC_ASN1_SEQUENCE, key_seq_e, 2UL); LTC_SET_ASN1(top_seq_e, 0, LTC_ASN1_SEQUENCE, alg_seq_e, 2UL); LTC_SET_ASN1(top_seq_e, 1, LTC_ASN1_OCTET_STRING, buf2, buf2len); err=der_decode_sequence(in, inlen, top_seq_e, 2UL); if (err == CRYPT_OK) { LTC_UNUSED_PARAM(passwd); LTC_UNUSED_PARAM(passwdlen); /* XXX: TODO encrypted pkcs8 not implemented yet */ /* fprintf(stderr, "decrypt: iter=%ld salt.len=%ld encdata.len=%ld\n", mp_get_int(iter), key_seq_e[0].size, top_seq_e[1].size); */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } else { decrypted = (unsigned char *)in; decryptedlen = inlen; } /* try to decode unencrypted priv key */ LTC_SET_ASN1(alg_seq, 0, LTC_ASN1_OBJECT_IDENTIFIER, oid, 16UL); LTC_SET_ASN1(alg_seq, 1, LTC_ASN1_NULL, NULL, 0UL); LTC_SET_ASN1(top_seq, 0, LTC_ASN1_INTEGER, zero, 1UL); LTC_SET_ASN1(top_seq, 1, LTC_ASN1_SEQUENCE, alg_seq, 2UL); LTC_SET_ASN1(top_seq, 2, LTC_ASN1_OCTET_STRING, buf1, buf1len); err=der_decode_sequence(decrypted, decryptedlen, top_seq, 3UL); if (err != CRYPT_OK) { goto LBL_ERR; } /* check alg oid */ if ((alg_seq[0].size != rsaoid.OIDlen) || XMEMCMP(rsaoid.OID, alg_seq[0].data, rsaoid.OIDlen * sizeof(rsaoid.OID[0])) != 0) { err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } err = der_decode_sequence_multi(buf1, top_seq[2].size, LTC_ASN1_INTEGER, 1UL, zero, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_INTEGER, 1UL, key->d, LTC_ASN1_INTEGER, 1UL, key->p, LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, LTC_ASN1_INTEGER, 1UL, key->dQ, LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL); if (err != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PRIVATE; err = CRYPT_OK; goto LBL_FREE2; LBL_ERR: rsa_free(key); LBL_FREE2: mp_clear_multi(iter, zero, NULL); XFREE(buf2); LBL_FREE1: XFREE(buf1); LBL_NOFREE: return err; }
/** Decrypt an ECC encrypted key @param in The ciphertext @param inlen The length of the ciphertext (octets) @param out [out] The plaintext @param outlen [in/out] The max size and resulting size of the plaintext @param key The corresponding private ECC key @return CRYPT_OK if successful */ int ecc_decrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, ecc_key *key) { unsigned char *ecc_shared, *skey, *pub_expt; unsigned long x, y, hashOID[32]; int hash, err; ecc_key pubkey; ltc_asn1_list decode[3]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); /* right key type? */ if (key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } /* decode to find out hash */ LTC_SET_ASN1(decode, 0, LTC_ASN1_OBJECT_IDENTIFIER, hashOID, sizeof(hashOID)/sizeof(hashOID[0])); if ((err = der_decode_sequence(in, inlen, decode, 1)) != CRYPT_OK) { return err; } for (hash = 0; hash_descriptor[hash].name != NULL && (hash_descriptor[hash].OIDlen != decode[0].size || memcmp(hash_descriptor[hash].OID, hashOID, sizeof(unsigned long)*decode[0].size)); hash++); if (hash_descriptor[hash].name == NULL) { return CRYPT_INVALID_PACKET; } /* we now have the hash! */ /* allocate memory */ pub_expt = XMALLOC(ECC_BUF_SIZE); ecc_shared = XMALLOC(ECC_BUF_SIZE); skey = XMALLOC(MAXBLOCKSIZE); if (pub_expt == NULL || ecc_shared == NULL || skey == NULL) { if (pub_expt != NULL) { XFREE(pub_expt); } if (ecc_shared != NULL) { XFREE(ecc_shared); } if (skey != NULL) { XFREE(skey); } return CRYPT_MEM; } LTC_SET_ASN1(decode, 1, LTC_ASN1_OCTET_STRING, pub_expt, ECC_BUF_SIZE); LTC_SET_ASN1(decode, 2, LTC_ASN1_OCTET_STRING, skey, MAXBLOCKSIZE); /* read the structure in now */ if ((err = der_decode_sequence(in, inlen, decode, 3)) != CRYPT_OK) { goto LBL_ERR; } /* import ECC key from packet */ if ((err = ecc_import(decode[1].data, decode[1].size, &pubkey)) != CRYPT_OK) { goto LBL_ERR; } /* make shared key */ x = ECC_BUF_SIZE; if ((err = ecc_shared_secret(key, &pubkey, ecc_shared, &x)) != CRYPT_OK) { ecc_free(&pubkey); goto LBL_ERR; } ecc_free(&pubkey); y = MAXBLOCKSIZE; if ((err = hash_memory(hash, ecc_shared, x, ecc_shared, &y)) != CRYPT_OK) { goto LBL_ERR; } /* ensure the hash of the shared secret is at least as big as the encrypt itself */ if (decode[2].size > y) { err = CRYPT_INVALID_PACKET; goto LBL_ERR; } /* avoid buffer overflow */ if (*outlen < decode[2].size) { err = CRYPT_BUFFER_OVERFLOW; goto LBL_ERR; } /* Decrypt the key */ for (x = 0; x < decode[2].size; x++) { out[x] = skey[x] ^ ecc_shared[x]; } *outlen = x; err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(pub_expt, ECC_BUF_SIZE); zeromem(ecc_shared, ECC_BUF_SIZE); zeromem(skey, MAXBLOCKSIZE); #endif XFREE(pub_expt); XFREE(ecc_shared); XFREE(skey); return err; }