Skip to content

Commit

Permalink
Merge 493f271 into c28a849
Browse files Browse the repository at this point in the history
  • Loading branch information
@sjaeckel
sjaeckel committed May 25, 2019
2 parents c28a849 + 493f271 commit 5ca1027
Show file tree
Hide file tree
Showing 9 changed files with 162 additions and 81 deletions.
4 changes: 4 additions & 0 deletions libtomcrypt_VS2008.vcproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2193,6 +2193,10 @@
<Filter
Name="x509"
>
<File
RelativePath="src\pk\asn1\x509\x509_decode_public_key_from_certificate.c"
>
</File>
<File
RelativePath="src\pk\asn1\x509\x509_decode_subject_public_key_info.c"
>
Expand Down
3 changes: 2 additions & 1 deletion makefile.mingw
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_
src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \
src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
Expand Down
3 changes: 2 additions & 1 deletion makefile.msvc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,8 @@ src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encod
src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \
src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \
src/pk/asn1/oid/pk_get_oid.obj src/pk/asn1/oid/pk_oid_cmp.obj src/pk/asn1/oid/pk_oid_str.obj \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.obj src/pk/asn1/x509/x509_decode_public_key_from_certificate.obj \
src/pk/asn1/x509/x509_decode_subject_public_key_info.obj \
src/pk/asn1/x509/x509_encode_subject_public_key_info.obj src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj \
src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj \
src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj \
Expand Down
3 changes: 2 additions & 1 deletion makefile.unix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,8 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_
src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \
src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
Expand Down
3 changes: 2 additions & 1 deletion makefile_include.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,8 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_
src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \
src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \
src/pk/asn1/oid/pk_get_oid.o src/pk/asn1/oid/pk_oid_cmp.o src/pk/asn1/oid/pk_oid_str.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/pkcs8/pkcs8_decode_flexi.o src/pk/asn1/x509/x509_decode_public_key_from_certificate.o \
src/pk/asn1/x509/x509_decode_subject_public_key_info.o \
src/pk/asn1/x509/x509_encode_subject_public_key_info.o src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o \
src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o \
src/pk/dh/dh_import.o src/pk/dh/dh_set.o src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o \
Expand Down
7 changes: 7 additions & 0 deletions src/headers/tomcrypt_private.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -330,6 +330,13 @@ int der_teletex_value_decode(int v);

int der_utf8_valid_char(const wchar_t c);

typedef int (*public_key_decode_cb)(const unsigned char *in, unsigned long inlen, void *ctx);

int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
enum ltc_oid_id algorithm, ltc_asn1_type param_type,
ltc_asn1_list* parameters, unsigned long *parameters_len,
public_key_decode_cb callback, void *ctx);

/* SUBJECT PUBLIC KEY INFO */
int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen,
unsigned int algorithm, const void* public_key, unsigned long public_key_len,
Expand Down
114 changes: 114 additions & 0 deletions src/pk/asn1/x509/x509_decode_public_key_from_certificate.c
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"

/**
@file x509_decode_public_key_from_certificate.c
ASN.1 DER/X.509, decode a certificate
*/

#ifdef LTC_DER

/* Check if it looks like a SubjectPublicKeyInfo */
#define LOOKS_LIKE_SPKI(l) (l)->type == LTC_ASN1_SEQUENCE \
&& (l)->child \
&& (l)->child->type == LTC_ASN1_OBJECT_IDENTIFIER \
&& (l)->next \
&& (l)->next->type == LTC_ASN1_BIT_STRING

/**
Try to decode the public key from a X.509 certificate
@param in The input buffer
@param inlen The length of the input buffer
@param algorithm One out of the enum #public_key_algorithms
@param param_type The parameters' type out of the enum ltc_asn1_type
@param parameters The parameters to include
@param parameters_len [in/out] The number of parameters to include
@param callback The callback
@param ctx The context passed to the callback
@return CRYPT_OK on success
*/
int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
enum ltc_oid_id algorithm, ltc_asn1_type param_type,
ltc_asn1_list* parameters, unsigned long *parameters_len,
public_key_decode_cb callback, void *ctx)
{
int err;
unsigned char *tmpbuf;
unsigned long tmpbuf_len, tmp_inlen;
ltc_asn1_list *decoded_list = NULL, *l;

LTC_ARGCHK(in != NULL);
LTC_ARGCHK(inlen != 0);

tmpbuf_len = inlen;
tmpbuf = XCALLOC(1, tmpbuf_len);
if (tmpbuf == NULL) {
err = CRYPT_MEM;
goto LBL_OUT;
}

tmp_inlen = inlen;
if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
l = decoded_list;

err = CRYPT_INVALID_ARG;

/* Move 2 levels up in the tree
SEQUENCE
SEQUENCE
...
*/
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;

/* Move forward in the tree until we find this combination
...
SEQUENCE
SEQUENCE
OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1>
NULL
BIT STRING
*/
do {
/* The additional check for l->data is there to make sure
* we won't try to decode a list that has been 'shrunk'
*/
if (l->type == LTC_ASN1_SEQUENCE
&& l->data
&& l->child
&& LOOKS_LIKE_SPKI(l->child)) {
err = x509_decode_subject_public_key_info(l->data, l->size,
algorithm, tmpbuf, &tmpbuf_len,
param_type, parameters, parameters_len);
if (err == CRYPT_OK) {
err = callback(tmpbuf, tmpbuf_len, ctx);
goto LBL_OUT;
}
}
l = l->next;
} while(l);
}
}
}

LBL_OUT:
if (decoded_list) der_free_sequence_flexi(decoded_list);
if (tmpbuf != NULL) XFREE(tmpbuf);

return err;
}

#endif

/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */
20 changes: 13 additions & 7 deletions src/pk/asn1/x509/x509_decode_subject_public_key_info.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,26 +34,33 @@
@param public_key_len [in/out] The length of the public key buffer and the written length
@param parameters_type The parameters' type out of the enum ltc_asn1_type
@param parameters The parameters to include
@param parameters_len [in/out]The number of parameters to include
@param parameters_len [in/out] The number of parameters to include
@return CRYPT_OK on success
*/
int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long inlen,
unsigned int algorithm, void* public_key, unsigned long* public_key_len,
ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len)
{
int err;
unsigned long len, alg_id_num;
unsigned long len, alg_id_num, tmplen;
const char* oid;
unsigned char *tmpbuf;
unsigned long tmpoid[16];
unsigned long *_parameters_len;
ltc_asn1_list alg_id[2];
ltc_asn1_list subject_pubkey[2];

LTC_ARGCHK(in != NULL);
LTC_ARGCHK(inlen != 0);
LTC_ARGCHK(public_key_len != NULL);

if (parameters_type != LTC_ASN1_EOL) {
LTC_ARGCHK(parameters_len != NULL);
if ((parameters == NULL) || (parameters_len == NULL)) {
tmplen = 0;
_parameters_len = &tmplen;
} else {
_parameters_len = parameters_len;
}
}

err = pk_get_oid(algorithm, &oid);
Expand All @@ -72,9 +79,8 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0]));
if (parameters_type == LTC_ASN1_EOL) {
alg_id_num = 1;
}
else {
LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *parameters_len);
} else {
LTC_SET_ASN1(alg_id, 1, parameters_type, parameters, *_parameters_len);
alg_id_num = 2;
}

Expand All @@ -89,7 +95,7 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
goto LBL_ERR;
}
if (parameters_type != LTC_ASN1_EOL) {
*parameters_len = alg_id[1].size;
*_parameters_len = alg_id[1].size;
}

if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) {
Expand Down
86 changes: 16 additions & 70 deletions src/pk/rsa/rsa_import_x509.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,15 @@

#ifdef LTC_MRSA

static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
/* now it should be SEQUENCE { INTEGER, INTEGER } */
return der_decode_sequence_multi(in, inlen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL);
}

/**
Import an RSA key from a X.509 certificate
@param in The packet to import from
Expand All @@ -25,9 +34,6 @@
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
{
int err;
unsigned char *tmpbuf;
unsigned long tmpbuf_len, tmp_inlen, len;
ltc_asn1_list *decoded_list = NULL, *l;

LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
Expand All @@ -39,75 +45,15 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
return err;
}

tmpbuf_len = inlen;
tmpbuf = XCALLOC(1, tmpbuf_len);
if (tmpbuf == NULL) {
err = CRYPT_MEM;
goto LBL_ERR;
}

tmp_inlen = inlen;
if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
l = decoded_list;
/* Move 2 levels up in the tree
SEQUENCE
SEQUENCE
...
*/
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;
if (l->type == LTC_ASN1_SEQUENCE && l->child) {
l = l->child;

err = CRYPT_ERROR;

/* Move forward in the tree until we find this combination
...
SEQUENCE
SEQUENCE
OBJECT IDENTIFIER 1.2.840.113549.1.1.1
NULL
BIT STRING
*/
do {
/* The additional check for l->data is there to make sure
* we won't try to decode a list that has been 'shrunk'
*/
if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
l->child->next->type == LTC_ASN1_BIT_STRING) {
len = 0;
err = x509_decode_subject_public_key_info(l->data, l->size,
PKA_RSA, tmpbuf, &tmpbuf_len,
LTC_ASN1_NULL, NULL, &len);
if (err == CRYPT_OK) {
/* now it should be SEQUENCE { INTEGER, INTEGER } */
if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->e,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
key->type = PK_PUBLIC;
err = CRYPT_OK;
goto LBL_FREE;
}
}
l = l->next;
} while(l);
}
}
if ((err = x509_decode_public_key_from_certificate(in, inlen,
PKA_RSA, LTC_ASN1_NULL,
NULL, NULL,
(public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) {
rsa_free(key);
} else {
key->type = PK_PUBLIC;
}


LBL_ERR:
rsa_free(key);

LBL_FREE:
if (decoded_list) der_free_sequence_flexi(decoded_list);
if (tmpbuf != NULL) XFREE(tmpbuf);

return err;
}

Expand Down

0 comments on commit 5ca1027

Please sign in to comment.