diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2018-02-17 19:29:51 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2018-02-17 19:29:51 +0800 |
| commit | 7e8094d53a1c01ac671156ff2e67157b64d01a3a (patch) | |
| tree | c88345f5bdd118eb9414dff5ab5c307bb1806c57 /libtomcrypt/src/pk/rsa/rsa_import.c | |
| parent | f7a664f127d3dfde0e7c7a9ca74b1d14f9a2f983 (diff) | |
| parent | f042eb41ab0d31f8ba0c5ccc9c848ad01f08f986 (diff) | |
merge from main
--HG--
branch : fuzz
Diffstat (limited to 'libtomcrypt/src/pk/rsa/rsa_import.c')
| -rw-r--r-- | libtomcrypt/src/pk/rsa/rsa_import.c | 106 |
1 files changed, 46 insertions, 60 deletions
diff --git a/libtomcrypt/src/pk/rsa/rsa_import.c b/libtomcrypt/src/pk/rsa/rsa_import.c index 85c676b..84cd6f6 100644 --- a/libtomcrypt/src/pk/rsa/rsa_import.c +++ b/libtomcrypt/src/pk/rsa/rsa_import.c @@ -5,20 +5,18 @@ * * The library is free for all purposes without any express * guarantee it works. - * - * Tom St Denis, tomstdenis@gmail.com, http://libtom.org */ #include "tomcrypt.h" /** @file rsa_import.c - Import a LTC_PKCS RSA key, Tom St Denis -*/ + Import a PKCS RSA key, Tom St Denis +*/ #ifdef LTC_MRSA /** - Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in LTC_PKCS #1 v2.1] + Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] @param in The packet to import from @param inlen It's length (octets) @param key [out] Destination for newly imported key @@ -28,87 +26,68 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; void *zero; - unsigned char *tmpbuf; - unsigned long t, x, y, z, tmpoid[16]; - ltc_asn1_list ssl_pubkey_hashoid[2]; - ltc_asn1_list ssl_pubkey[2]; + unsigned char *tmpbuf=NULL; + unsigned long tmpbuf_len; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ - if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, + if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { return err; } /* see if the OpenSSL DER format RSA public key will work */ - tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); + tmpbuf_len = inlen; + tmpbuf = XCALLOC(1, tmpbuf_len); if (tmpbuf == NULL) { err = CRYPT_MEM; goto LBL_ERR; } - /* this includes the internal hash ID and optional params (NULL in this case) */ - LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); - LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); - - /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it - then proceed to convert bit to octet - */ - LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2); - LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); - - if (der_decode_sequence(in, inlen, - ssl_pubkey, 2UL) == CRYPT_OK) { - - /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */ - for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) { - y = (y << 1) | tmpbuf[x]; - if (++z == 8) { - tmpbuf[t++] = (unsigned char)y; - y = 0; - z = 0; - } - } + err = der_decode_subject_public_key_info(in, inlen, + PKA_RSA, tmpbuf, &tmpbuf_len, + LTC_ASN1_NULL, NULL, 0); + + if (err == CRYPT_OK) { /* SubjectPublicKeyInfo format */ /* now it should be SEQUENCE { INTEGER, INTEGER } */ - if ((err = der_decode_sequence_multi(tmpbuf, t, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, + if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - XFREE(tmpbuf); goto LBL_ERR; } - XFREE(tmpbuf); key->type = PK_PUBLIC; - return CRYPT_OK; + err = CRYPT_OK; + goto LBL_FREE; } - XFREE(tmpbuf); - /* not SSL public key, try to match against LTC_PKCS #1 standards */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + /* not SSL public key, try to match against PKCS #1 standards */ + err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_EOL, 0UL, NULL); + + if (err != CRYPT_OK && err != CRYPT_INPUT_TOO_LONG) { goto LBL_ERR; } if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { - if ((err = mp_init(&zero)) != CRYPT_OK) { + if ((err = mp_init(&zero)) != CRYPT_OK) { goto LBL_ERR; } /* it's a private key */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, zero, - LTC_ASN1_INTEGER, 1UL, key->N, + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, zero, + LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, - LTC_ASN1_INTEGER, 1UL, key->d, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->d, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, - LTC_ASN1_INTEGER, 1UL, key->dQ, - LTC_ASN1_INTEGER, 1UL, key->qP, + LTC_ASN1_INTEGER, 1UL, key->dQ, + LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { mp_clear(zero); goto LBL_ERR; @@ -121,23 +100,30 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) goto LBL_ERR; } else { /* it's a public key and we lack e */ - if ((err = der_decode_sequence_multi(in, inlen, - LTC_ASN1_INTEGER, 1UL, key->N, - LTC_ASN1_INTEGER, 1UL, key->e, + if ((err = der_decode_sequence_multi(in, inlen, + LTC_ASN1_INTEGER, 1UL, key->N, + LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PUBLIC; } - return CRYPT_OK; + err = CRYPT_OK; + goto LBL_FREE; + LBL_ERR: mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); + +LBL_FREE: + if (tmpbuf != NULL) + XFREE(tmpbuf); + return err; } #endif /* LTC_MRSA */ -/* $Source$ */ -/* $Revision$ */ -/* $Date$ */ +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ |