let mormot.crypt.ecc use the new PKCS#8 functions

synopse · Nov 24, 2023 · 2f4ffda · 2f4ffda
1 parent e94da6a
commit 2f4ffda
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 29 deletions.
diff --git a/src/crypt/mormot.crypt.ecc.pas b/src/crypt/mormot.crypt.ecc.pas
@@ -2152,8 +2152,7 @@ function DerToEcc(der: PByteArray; derlen: PtrInt; out pub: TEccPublicKey): bool
 
 function PemDerRawToEcc(const pem: RawUtf8; out priv: TEccPrivateKey): boolean; overload;
 var
-  der, oid, oct, key: RawByteString;
-  pos, posoct, vt: integer;
+  der, key: RawByteString;
 begin
   der := PemToDer(pem); // return input if not PEM (assume was DER)
   result := DerToEcc(pointer(der), length(der), priv);
@@ -2166,28 +2165,14 @@ function PemDerRawToEcc(const pem: RawUtf8; out priv: TEccPrivateKey): boolean;
     else
     begin
       // decode prime256v1 PKCS#8 PrivateKeyInfo as generated by OpenSSL
-      pos := 1;
-      posoct := 1;
-      if (AsnNext(pos, der) = ASN1_SEQ) and
-         (AsnNextInteger(pos, der, vt) = 0) and        // version
-         (vt = ASN1_INT) and
-         (AsnNext(pos, der) = ASN1_SEQ) and            // privateKeyAlgorithm
-         (AsnNext(pos, der, @oid) = ASN1_OBJID) and
-         (oid = ASN1_OID_X962_PUBLICKEY) and           // ecPublicKey
-         (AsnNext(pos, der, @oid) = ASN1_OBJID) and
-         (oid =  CKA_OID[ckaEcc256]) and               // prime256v1
-         (AsnNextRaw(pos, der, oct) = ASN1_OCTSTR) and // privateKey
-         (AsnNext(posoct, oct) = ASN1_SEQ) and
-         (AsnNext(posoct, oct) = ASN1_INT) and
-         (AsnNextRaw(posoct, oct, key) = ASN1_OCTSTR) and
-         (length(key) = SizeOf(priv)) then
+      key := SeqToEccPrivKey(ckaEcc256, der);
+      if length(key) = SizeOf(priv) then
       begin
         priv := PEccPrivateKey(key)^;
         result := true;
       end;
     end;
   FillZero(der); // anti-forensic protection of the private key
-  FillZero(oct);
   FillZero(key);
 end;
 
@@ -5412,7 +5397,7 @@ destructor TCryptPrivateKeyEcc.Destroy;
 
 function TCryptPrivateKeyEcc.ToDer: RawByteString;
 var
-  rawecc, oct: RawByteString;
+  rawecc: RawByteString;
 begin
   if self = nil then
     result := ''
@@ -5422,16 +5407,9 @@ function TCryptPrivateKeyEcc.ToDer: RawByteString;
   begin
     // EccToDer() raw encoding is not standard as PEM -> use PKCS#8 format
     FastSetRawByteString(rawecc, @fEcc, SizeOf(fEcc));
-    oct := AsnSafeOct([Asn(1),
-                       Asn(ASN1_OCTSTR, [rawecc])]);
-    FillZero(rawecc);
     // see PemDerRawToEcc() secp256r1/prime256v1 PKCS#8 PrivateKeyInfo
-    result := AsnSeq([
-                Asn(0), // version
-                CkaToSeq(ckaEcc256),
-                oct
-              ]);
-    FillZero(oct);
+    result := EccPrivKeyToSeq(ckaEcc256, rawecc);
+    FillZero(rawecc);
   end;
 end;
 

diff --git a/src/mormot.commit.inc b/src/mormot.commit.inc
@@ -1 +1 @@
-'2.1.6308'
+'2.1.6309'