kris
/
boringssl
1
0
Förgrening 0
Kod Ärenden 0 Pull-förfrågningar 0 Släpp 0 Wiki Aktiviteter
Du kan inte välja fler än 25 ämnen Ämnen måste starta med en bokstav eller siffra, kan innehålla bindestreck ('-') och vara max 35 tecken långa.
4492 Incheckningar
12 Grenar
38 MiB
 
 
 
 
 
 
Träd: ef37ab5919
Grenar Taggar
${ item.name }
Skapa branchen ${ searchTerm }
från 'ef37ab5919'
${ noResults }
boringssl/crypto/rsa_extra/rsa_asn1.c

345 rader
9.4 KiB
Blame Historik 

  1. /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL

  2.  * project 2000.

  3.  */

  4. /* ====================================================================

  5.  * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.

  6.  *

  7.  * Redistribution and use in source and binary forms, with or without

  8.  * modification, are permitted provided that the following conditions

  9.  * are met:

  10.  *

  11.  * 1. Redistributions of source code must retain the above copyright

  12.  *    notice, this list of conditions and the following disclaimer.

  13.  *

  14.  * 2. Redistributions in binary form must reproduce the above copyright

  15.  *    notice, this list of conditions and the following disclaimer in

  16.  *    the documentation and/or other materials provided with the

  17.  *    distribution.

  18.  *

  19.  * 3. All advertising materials mentioning features or use of this

  20.  *    software must display the following acknowledgment:

  21.  *    "This product includes software developed by the OpenSSL Project

  22.  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

  23.  *

  24.  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

  25.  *    endorse or promote products derived from this software without

  26.  *    prior written permission. For written permission, please contact

  27.  *    licensing@OpenSSL.org.

  28.  *

  29.  * 5. Products derived from this software may not be called "OpenSSL"

  30.  *    nor may "OpenSSL" appear in their names without prior written

  31.  *    permission of the OpenSSL Project.

  32.  *

  33.  * 6. Redistributions of any form whatsoever must retain the following

  34.  *    acknowledgment:

  35.  *    "This product includes software developed by the OpenSSL Project

  36.  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

  37.  *

  38.  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

  39.  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  40.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

  41.  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

  42.  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

  43.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

  44.  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

  45.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  46.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

  47.  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

  48.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

  49.  * OF THE POSSIBILITY OF SUCH DAMAGE.

  50.  * ====================================================================

  51.  *

  52.  * This product includes cryptographic software written by Eric Young

  53.  * (eay@cryptsoft.com).  This product includes software written by Tim

  54.  * Hudson (tjh@cryptsoft.com). */

  55. 

  56. #include <openssl/rsa.h>

  57. 

  58. #include <assert.h>

  59. #include <limits.h>

  60. #include <string.h>

  61. 

  62. #include <openssl/bn.h>

  63. #include <openssl/bytestring.h>

  64. #include <openssl/err.h>

  65. #include <openssl/mem.h>

  66. 

  67. #include "../fipsmodule/rsa/internal.h"

  68. #include "../bytestring/internal.h"

  69. #include "../internal.h"

  70. 

  71. 

  72. static int parse_integer_buggy(CBS *cbs, BIGNUM **out, int buggy) {

  73.   assert(*out == NULL);

  74.   *out = BN_new();

  75.   if (*out == NULL) {

  76.     return 0;

  77.   }

  78.   if (buggy) {

  79.     return BN_parse_asn1_unsigned_buggy(cbs, *out);

  80.   }

  81.   return BN_parse_asn1_unsigned(cbs, *out);

  82. }

  83. 

  84. static int parse_integer(CBS *cbs, BIGNUM **out) {

  85.   return parse_integer_buggy(cbs, out, 0 /* not buggy */);

  86. }

  87. 

  88. static int marshal_integer(CBB *cbb, BIGNUM *bn) {

  89.   if (bn == NULL) {

  90.     /* An RSA object may be missing some components. */

  91.     OPENSSL_PUT_ERROR(RSA, RSA_R_VALUE_MISSING);

  92.     return 0;

  93.   }

  94.   return BN_marshal_asn1(cbb, bn);

  95. }

  96. 

  97. static RSA *parse_public_key(CBS *cbs, int buggy) {

  98.   RSA *ret = RSA_new();

  99.   if (ret == NULL) {

  100.     return NULL;

  101.   }

  102.   CBS child;

  103.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  104.       !parse_integer_buggy(&child, &ret->n, buggy) ||

  105.       !parse_integer(&child, &ret->e) ||

  106.       CBS_len(&child) != 0) {

  107.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  108.     RSA_free(ret);

  109.     return NULL;

  110.   }

  111. 

  112.   if (!BN_is_odd(ret->e) ||

  113.       BN_num_bits(ret->e) < 2) {

  114.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);

  115.     RSA_free(ret);

  116.     return NULL;

  117.   }

  118. 

  119.   return ret;

  120. }

  121. 

  122. RSA *RSA_parse_public_key(CBS *cbs) {

  123.   return parse_public_key(cbs, 0 /* not buggy */);

  124. }

  125. 

  126. RSA *RSA_parse_public_key_buggy(CBS *cbs) {

  127.   /* Estonian IDs issued between September 2014 to September 2015 are

  128.    * broken. See https://crbug.com/532048 and https://crbug.com/534766.

  129.    *

  130.    * TODO(davidben): Remove this code and callers in March 2016. */

  131.   return parse_public_key(cbs, 1 /* buggy */);

  132. }

  133. 

  134. RSA *RSA_public_key_from_bytes(const uint8_t *in, size_t in_len) {

  135.   CBS cbs;

  136.   CBS_init(&cbs, in, in_len);

  137.   RSA *ret = RSA_parse_public_key(&cbs);

  138.   if (ret == NULL || CBS_len(&cbs) != 0) {

  139.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  140.     RSA_free(ret);

  141.     return NULL;

  142.   }

  143.   return ret;

  144. }

  145. 

  146. int RSA_marshal_public_key(CBB *cbb, const RSA *rsa) {

  147.   CBB child;

  148.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  149.       !marshal_integer(&child, rsa->n) ||

  150.       !marshal_integer(&child, rsa->e) ||

  151.       !CBB_flush(cbb)) {

  152.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  153.     return 0;

  154.   }

  155.   return 1;

  156. }

  157. 

  158. int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  159.                             const RSA *rsa) {

  160.   CBB cbb;

  161.   CBB_zero(&cbb);

  162.   if (!CBB_init(&cbb, 0) ||

  163.       !RSA_marshal_public_key(&cbb, rsa) ||

  164.       !CBB_finish(&cbb, out_bytes, out_len)) {

  165.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  166.     CBB_cleanup(&cbb);

  167.     return 0;

  168.   }

  169.   return 1;

  170. }

  171. 

  172. /* kVersionTwoPrime is the value of the version field for a two-prime

  173.  * RSAPrivateKey structure (RFC 3447). */

  174. static const uint64_t kVersionTwoPrime = 0;

  175. 

  176. RSA *RSA_parse_private_key(CBS *cbs) {

  177.   RSA *ret = RSA_new();

  178.   if (ret == NULL) {

  179.     return NULL;

  180.   }

  181. 

  182.   CBS child;

  183.   uint64_t version;

  184.   if (!CBS_get_asn1(cbs, &child, CBS_ASN1_SEQUENCE) ||

  185.       !CBS_get_asn1_uint64(&child, &version)) {

  186.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  187.     goto err;

  188.   }

  189. 

  190.   if (version != kVersionTwoPrime) {

  191.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_VERSION);

  192.     goto err;

  193.   }

  194. 

  195.   if (!parse_integer(&child, &ret->n) ||

  196.       !parse_integer(&child, &ret->e) ||

  197.       !parse_integer(&child, &ret->d) ||

  198.       !parse_integer(&child, &ret->p) ||

  199.       !parse_integer(&child, &ret->q) ||

  200.       !parse_integer(&child, &ret->dmp1) ||

  201.       !parse_integer(&child, &ret->dmq1) ||

  202.       !parse_integer(&child, &ret->iqmp)) {

  203.     goto err;

  204.   }

  205. 

  206.   if (CBS_len(&child) != 0) {

  207.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  208.     goto err;

  209.   }

  210. 

  211.   if (!RSA_check_key(ret)) {

  212.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_RSA_PARAMETERS);

  213.     goto err;

  214.   }

  215. 

  216.   return ret;

  217. 

  218. err:

  219.   RSA_free(ret);

  220.   return NULL;

  221. }

  222. 

  223. RSA *RSA_private_key_from_bytes(const uint8_t *in, size_t in_len) {

  224.   CBS cbs;

  225.   CBS_init(&cbs, in, in_len);

  226.   RSA *ret = RSA_parse_private_key(&cbs);

  227.   if (ret == NULL || CBS_len(&cbs) != 0) {

  228.     OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_ENCODING);

  229.     RSA_free(ret);

  230.     return NULL;

  231.   }

  232.   return ret;

  233. }

  234. 

  235. int RSA_marshal_private_key(CBB *cbb, const RSA *rsa) {

  236.   CBB child;

  237.   if (!CBB_add_asn1(cbb, &child, CBS_ASN1_SEQUENCE) ||

  238.       !CBB_add_asn1_uint64(&child, kVersionTwoPrime) ||

  239.       !marshal_integer(&child, rsa->n) ||

  240.       !marshal_integer(&child, rsa->e) ||

  241.       !marshal_integer(&child, rsa->d) ||

  242.       !marshal_integer(&child, rsa->p) ||

  243.       !marshal_integer(&child, rsa->q) ||

  244.       !marshal_integer(&child, rsa->dmp1) ||

  245.       !marshal_integer(&child, rsa->dmq1) ||

  246.       !marshal_integer(&child, rsa->iqmp) ||

  247.       !CBB_flush(cbb)) {

  248.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  249.     return 0;

  250.   }

  251.   return 1;

  252. }

  253. 

  254. int RSA_private_key_to_bytes(uint8_t **out_bytes, size_t *out_len,

  255.                              const RSA *rsa) {

  256.   CBB cbb;

  257.   CBB_zero(&cbb);

  258.   if (!CBB_init(&cbb, 0) ||

  259.       !RSA_marshal_private_key(&cbb, rsa) ||

  260.       !CBB_finish(&cbb, out_bytes, out_len)) {

  261.     OPENSSL_PUT_ERROR(RSA, RSA_R_ENCODE_ERROR);

  262.     CBB_cleanup(&cbb);

  263.     return 0;

  264.   }

  265.   return 1;

  266. }

  267. 

  268. RSA *d2i_RSAPublicKey(RSA **out, const uint8_t **inp, long len) {

  269.   if (len < 0) {

  270.     return NULL;

  271.   }

  272.   CBS cbs;

  273.   CBS_init(&cbs, *inp, (size_t)len);

  274.   RSA *ret = RSA_parse_public_key(&cbs);

  275.   if (ret == NULL) {

  276.     return NULL;

  277.   }

  278.   if (out != NULL) {

  279.     RSA_free(*out);

  280.     *out = ret;

  281.   }

  282.   *inp = CBS_data(&cbs);

  283.   return ret;

  284. }

  285. 

  286. int i2d_RSAPublicKey(const RSA *in, uint8_t **outp) {

  287.   CBB cbb;

  288.   if (!CBB_init(&cbb, 0) ||

  289.       !RSA_marshal_public_key(&cbb, in)) {

  290.     CBB_cleanup(&cbb);

  291.     return -1;

  292.   }

  293.   return CBB_finish_i2d(&cbb, outp);

  294. }

  295. 

  296. RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len) {

  297.   if (len < 0) {

  298.     return NULL;

  299.   }

  300.   CBS cbs;

  301.   CBS_init(&cbs, *inp, (size_t)len);

  302.   RSA *ret = RSA_parse_private_key(&cbs);

  303.   if (ret == NULL) {

  304.     return NULL;

  305.   }

  306.   if (out != NULL) {

  307.     RSA_free(*out);

  308.     *out = ret;

  309.   }

  310.   *inp = CBS_data(&cbs);

  311.   return ret;

  312. }

  313. 

  314. int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp) {

  315.   CBB cbb;

  316.   if (!CBB_init(&cbb, 0) ||

  317.       !RSA_marshal_private_key(&cbb, in)) {

  318.     CBB_cleanup(&cbb);

  319.     return -1;

  320.   }

  321.   return CBB_finish_i2d(&cbb, outp);

  322. }

  323. 

  324. RSA *RSAPublicKey_dup(const RSA *rsa) {

  325.   uint8_t *der;

  326.   size_t der_len;

  327.   if (!RSA_public_key_to_bytes(&der, &der_len, rsa)) {

  328.     return NULL;

  329.   }

  330.   RSA *ret = RSA_public_key_from_bytes(der, der_len);

  331.   OPENSSL_free(der);

  332.   return ret;

  333. }

  334. 

  335. RSA *RSAPrivateKey_dup(const RSA *rsa) {

  336.   uint8_t *der;

  337.   size_t der_len;

  338.   if (!RSA_private_key_to_bytes(&der, &der_len, rsa)) {

  339.     return NULL;

  340.   }

  341.   RSA *ret = RSA_private_key_from_bytes(der, der_len);

  342.   OPENSSL_free(der);

  343.   return ret;

  344. }