|
|
@@ -15,6 +15,15 @@
|
|
|
|
|
|
#ifdef LTC_MRSA
|
|
|
|
|
|
+static int _rsa_decode(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
|
|
+{
|
|
|
+ /* now it should be SEQUENCE { INTEGER, INTEGER } */
|
|
|
+ return der_decode_sequence_multi(in, inlen,
|
|
|
+ LTC_ASN1_INTEGER, 1UL, key->N,
|
|
|
+ LTC_ASN1_INTEGER, 1UL, key->e,
|
|
|
+ LTC_ASN1_EOL, 0UL, NULL);
|
|
|
+}
|
|
|
+
|
|
|
/**
|
|
|
Import an RSA key from a X.509 certificate
|
|
|
@param in The packet to import from
|
|
|
@@ -25,9 +34,6 @@
|
|
|
int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
|
|
{
|
|
|
int err;
|
|
|
- unsigned char *tmpbuf;
|
|
|
- unsigned long tmpbuf_len, tmp_inlen, len;
|
|
|
- ltc_asn1_list *decoded_list = NULL, *l;
|
|
|
|
|
|
LTC_ARGCHK(in != NULL);
|
|
|
LTC_ARGCHK(key != NULL);
|
|
|
@@ -39,75 +45,15 @@ int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key)
|
|
|
return err;
|
|
|
}
|
|
|
|
|
|
- tmpbuf_len = inlen;
|
|
|
- tmpbuf = XCALLOC(1, tmpbuf_len);
|
|
|
- if (tmpbuf == NULL) {
|
|
|
- err = CRYPT_MEM;
|
|
|
- goto LBL_ERR;
|
|
|
- }
|
|
|
-
|
|
|
- tmp_inlen = inlen;
|
|
|
- if ((err = der_decode_sequence_flexi(in, &tmp_inlen, &decoded_list)) == CRYPT_OK) {
|
|
|
- l = decoded_list;
|
|
|
- /* Move 2 levels up in the tree
|
|
|
- SEQUENCE
|
|
|
- SEQUENCE
|
|
|
- ...
|
|
|
- */
|
|
|
- if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
|
|
- l = l->child;
|
|
|
- if (l->type == LTC_ASN1_SEQUENCE && l->child) {
|
|
|
- l = l->child;
|
|
|
-
|
|
|
- err = CRYPT_ERROR;
|
|
|
-
|
|
|
- /* Move forward in the tree until we find this combination
|
|
|
- ...
|
|
|
- SEQUENCE
|
|
|
- SEQUENCE
|
|
|
- OBJECT IDENTIFIER 1.2.840.113549.1.1.1
|
|
|
- NULL
|
|
|
- BIT STRING
|
|
|
- */
|
|
|
- do {
|
|
|
- /* The additional check for l->data is there to make sure
|
|
|
- * we won't try to decode a list that has been 'shrunk'
|
|
|
- */
|
|
|
- if (l->type == LTC_ASN1_SEQUENCE && l->data && l->child &&
|
|
|
- l->child->type == LTC_ASN1_SEQUENCE && l->child->child &&
|
|
|
- l->child->child->type == LTC_ASN1_OBJECT_IDENTIFIER && l->child->next &&
|
|
|
- l->child->next->type == LTC_ASN1_BIT_STRING) {
|
|
|
- len = 0;
|
|
|
- err = x509_decode_subject_public_key_info(l->data, l->size,
|
|
|
- PKA_RSA, tmpbuf, &tmpbuf_len,
|
|
|
- LTC_ASN1_NULL, NULL, &len);
|
|
|
- if (err == CRYPT_OK) {
|
|
|
- /* now it should be SEQUENCE { INTEGER, INTEGER } */
|
|
|
- if ((err = der_decode_sequence_multi(tmpbuf, tmpbuf_len,
|
|
|
- LTC_ASN1_INTEGER, 1UL, key->N,
|
|
|
- LTC_ASN1_INTEGER, 1UL, key->e,
|
|
|
- LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
|
|
|
- goto LBL_ERR;
|
|
|
- }
|
|
|
- key->type = PK_PUBLIC;
|
|
|
- err = CRYPT_OK;
|
|
|
- goto LBL_FREE;
|
|
|
- }
|
|
|
- }
|
|
|
- l = l->next;
|
|
|
- } while(l);
|
|
|
- }
|
|
|
- }
|
|
|
+ if ((err = x509_decode_public_key_from_certificate(in, inlen,
|
|
|
+ PKA_RSA, LTC_ASN1_NULL,
|
|
|
+ NULL, NULL,
|
|
|
+ (public_key_decode_cb)_rsa_decode, key)) != CRYPT_OK) {
|
|
|
+ rsa_free(key);
|
|
|
+ } else {
|
|
|
+ key->type = PK_PUBLIC;
|
|
|
}
|
|
|
|
|
|
-
|
|
|
-LBL_ERR:
|
|
|
- rsa_free(key);
|
|
|
-
|
|
|
-LBL_FREE:
|
|
|
- if (decoded_list) der_free_sequence_flexi(decoded_list);
|
|
|
- if (tmpbuf != NULL) XFREE(tmpbuf);
|
|
|
-
|
|
|
return err;
|
|
|
}
|
|
|
|
Steffen Jaeckel