libtom
diff --git a/‎src/headers/tomcrypt_custom.h‎
Lines changed: 4 additions & 0 deletions b/‎src/headers/tomcrypt_custom.h‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/headers/tomcrypt_pk.h‎
Lines changed: 15 additions & 1 deletion b/‎src/headers/tomcrypt_pk.h‎
Lines changed: 15 additions & 1 deletion
diff --git a/‎src/headers/tomcrypt_private.h‎
Lines changed: 15 additions & 2 deletions b/‎src/headers/tomcrypt_private.h‎
Lines changed: 15 additions & 2 deletions
diff --git a/‎src/misc/crypt/crypt.c‎
Lines changed: 1 addition & 0 deletions b/‎src/misc/crypt/crypt.c‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/pk/asn1/oid/pk_get.c‎
Lines changed: 32 additions & 14 deletions b/‎src/pk/asn1/oid/pk_get.c‎
Lines changed: 32 additions & 14 deletions
diff --git a/‎src/pk/asn1/x509/x509_decode_public_key_from_certificate.c‎
Lines changed: 52 additions & 23 deletions b/‎src/pk/asn1/x509/x509_decode_public_key_from_certificate.c‎
Lines changed: 52 additions & 23 deletions
diff --git a/‎src/pk/asn1/x509/x509_decode_spki.c‎
Lines changed: 41 additions & 21 deletions b/‎src/pk/asn1/x509/x509_decode_spki.c‎
Lines changed: 41 additions & 21 deletions
diff --git a/‎src/pk/asn1/x509/x509_get_pka.c‎
Lines changed: 2 additions & 2 deletions b/‎src/pk/asn1/x509/x509_get_pka.c‎
Lines changed: 2 additions & 2 deletions
@@ -605,6 +605,10 @@
       /* Maximum recursion limit when processing nested ASN.1 types. */
       #define LTC_DER_MAX_RECURSION 30
    #endif
+   #ifndef LTC_DER_OID_DEFAULT_NODES
+      /* Default number of nodes when decoding an OID. */
+      #define LTC_DER_OID_DEFAULT_NODES 12
+   #endif
 #endif
 
 #if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_SSH)
 
@@ -40,6 +40,7 @@ enum ltc_pka_id {
    LTC_PKA_X25519,
    LTC_PKA_ED25519,
    LTC_PKA_DH,
+   LTC_PKA_RSA_PSS,
    LTC_PKA_NUM
 };
 
@@ -62,7 +63,18 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng);
 /* ---- RSA ---- */
 #ifdef LTC_MRSA
 
-/** RSA PKCS style key */
+typedef struct ltc_rsa_parameters {
+   /** PSS/OAEP or PKCS #1 v1.5 style
+    *  0 -> PKCS #1 v1.5, 1 -> PSS/OAEP */
+   int pss_oaep;
+   /** saltLength is only defined for PSS
+    * If saltLength == 0 -> OAEP, else -> PSS */
+   unsigned long saltlen;
+   /** hash and MGF hash algorithms */
+   const char *hash_alg, *mgf1_hash_alg;
+} ltc_rsa_parameters;
+
+/** RSA key */
 typedef struct Rsa_key {
     /** Type of key, PK_PRIVATE or PK_PUBLIC */
     int type;
@@ -82,6 +94,8 @@ typedef struct Rsa_key {
     void *dP;
     /** The d mod (q - 1) CRT param */
     void *dQ;
+    /** Further parameters of the RSA key */
+    ltc_rsa_parameters params;
 } rsa_key;
 
 int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key);
 
@@ -60,6 +60,9 @@ enum ltc_oid_id {
    LTC_OID_X25519,
    LTC_OID_ED25519,
    LTC_OID_DH,
+   LTC_OID_RSA_OAEP,
+   LTC_OID_RSA_MGF1,
+   LTC_OID_RSA_PSS,
    LTC_OID_NUM
 };
 
@@ -443,8 +446,14 @@ int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long
 
 /* ---- DH Routines ---- */
 #ifdef LTC_MRSA
+typedef enum ltc_rsa_op {
+   LTC_RSA_CRYPT,
+   LTC_RSA_SIGN
+} ltc_rsa_op;
 int rsa_init(rsa_key *key);
 void rsa_shrink_key(rsa_key *key);
+int rsa_key_valid_op(const rsa_key *key, ltc_rsa_op op, int padding, int hash_idx);
+int rsa_params_equal(const ltc_rsa_parameters *a, const ltc_rsa_parameters *b);
 int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e,
                       rsa_key *key); /* used by op-tee */
 int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key);
@@ -730,7 +739,11 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo
                                             enum ltc_oid_id algorithm, ltc_asn1_type param_type,
                                             ltc_asn1_list* parameters, unsigned long *parameters_len,
                                             public_key_decode_cb callback, void *ctx);
-int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki);
+int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, const ltc_asn1_list **spki);
+int x509_process_public_key_from_spki(const unsigned char *in, unsigned long inlen,
+                                      enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                      ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                      public_key_decode_cb callback, void *ctx);
 
 /* SUBJECT PUBLIC KEY INFO */
 int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen,
@@ -741,7 +754,7 @@ int x509_decode_subject_public_key_info(const unsigned char *in, unsigned long i
         enum ltc_oid_id algorithm, void *public_key, unsigned long *public_key_len,
         ltc_asn1_type parameters_type, ltc_asn1_list* parameters, unsigned long *parameters_len);
 
-int x509_get_pka(ltc_asn1_list *pub, enum ltc_pka_id *pka);
+int x509_get_pka(const ltc_asn1_list *pub, enum ltc_pka_id *pka);
 int x509_import_spki(const unsigned char *asn1_cert, unsigned long asn1_len, ltc_pka_key *k, ltc_asn1_list **root);
 
 int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2);
 
@@ -458,6 +458,7 @@ const char *crypt_build_settings =
 #if defined(LTC_DER)
     " DER "
     " " NAME_VALUE(LTC_DER_MAX_RECURSION) " "
+    " " NAME_VALUE(LTC_DER_OID_DEFAULT_NODES) " "
 #endif
 #if defined(LTC_PKCS_1)
     " PKCS#1 "
 
@@ -7,18 +7,22 @@
 typedef struct {
    enum ltc_oid_id id;
    enum ltc_pka_id pka;
-   const char* oid;
+   const char *hash;
+   const char *oid;
 } oid_table_entry;
 
 static const oid_table_entry pka_oids[] = {
-                                              { LTC_OID_UNDEF,     LTC_PKA_UNDEF,      NULL },
-                                              { LTC_OID_RSA,       LTC_PKA_RSA,        "1.2.840.113549.1.1.1" },
-                                              { LTC_OID_DSA,       LTC_PKA_DSA,        "1.2.840.10040.4.1" },
-                                              { LTC_OID_EC,        LTC_PKA_EC,         "1.2.840.10045.2.1" },
-                                              { LTC_OID_EC_PRIMEF, LTC_PKA_EC,         "1.2.840.10045.1.1" },
-                                              { LTC_OID_X25519,    LTC_PKA_X25519,     "1.3.101.110" },
-                                              { LTC_OID_ED25519,   LTC_PKA_ED25519,    "1.3.101.112" },
-                                              { LTC_OID_DH,        LTC_PKA_DH,         "1.2.840.113549.1.3.1" },
+                                              { LTC_OID_UNDEF,                LTC_PKA_UNDEF,   NULL,         NULL },
+                                              { LTC_OID_RSA,                  LTC_PKA_RSA,     NULL,         "1.2.840.113549.1.1.1" },
+                                              { LTC_OID_DSA,                  LTC_PKA_DSA,     NULL,         "1.2.840.10040.4.1" },
+                                              { LTC_OID_EC,                   LTC_PKA_EC,      NULL,         "1.2.840.10045.2.1" },
+                                              { LTC_OID_EC_PRIMEF,            LTC_PKA_EC,      NULL,         "1.2.840.10045.1.1" },
+                                              { LTC_OID_X25519,               LTC_PKA_X25519,  NULL,         "1.3.101.110" },
+                                              { LTC_OID_ED25519,              LTC_PKA_ED25519, NULL,         "1.3.101.112" },
+                                              { LTC_OID_DH,                   LTC_PKA_DH,      NULL,         "1.2.840.113549.1.3.1" },
+                                              { LTC_OID_RSA_OAEP,             LTC_PKA_RSA,     NULL,         "1.2.840.113549.1.1.7" },
+                                              { LTC_OID_RSA_MGF1,             LTC_PKA_RSA,     NULL,         "1.2.840.113549.1.1.8" },
+                                              { LTC_OID_RSA_PSS,              LTC_PKA_RSA_PSS, NULL,         "1.2.840.113549.1.1.10" },
 };
 
 static LTC_INLINE const oid_table_entry* s_get_entry(enum ltc_oid_id id)
@@ -43,21 +47,35 @@ int pk_get_oid(enum ltc_oid_id id, const char **st)
    return CRYPT_INVALID_ARG;
 }
 
-/*
-   Returns the PKA ID requested.
-   @return CRYPT_OK if valid
-*/
-int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka)
+static LTC_INLINE int s_get_values(enum ltc_oid_id id, enum ltc_pka_id *pka, const char **hash)
 {
    const oid_table_entry* e = s_get_entry(id);
    LTC_ARGCHK(pka != NULL);
    if (e != NULL) {
       *pka = e->pka;
+      if (hash) {
+         *hash = e->hash;
+      } else if (e->hash) {
+         /* If we don't want the hash result, but the entry has a hash, we're most likely
+          * confused and we prefer to stop processing then, instead of continuing with a
+          * maybe wrong assumption.
+          */
+         return CRYPT_INVALID_ARG;
+      }
       return CRYPT_OK;
    }
    return CRYPT_INVALID_ARG;
 }
 
+/*
+   Returns the PKA ID requested.
+   @return CRYPT_OK if valid
+*/
+int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka)
+{
+   return s_get_values(id, pka, NULL);
+}
+
 /*
    Returns the OID ID requested.
    @return CRYPT_OK if valid
 
@@ -10,7 +10,7 @@
 #ifdef LTC_DER
 
 /**
-  Try to decode the public key from a X.509 certificate
+  Process the public key from the SubjectPublicKeyInfo of a X.509 certificate
    @param in               The input buffer
    @param inlen            The length of the input buffer
    @param algorithm        One out of the enum #public_key_algorithms
@@ -19,53 +19,82 @@
    @param parameters_len   [in/out] The number of parameters to include
    @param callback         The callback
    @param ctx              The context passed to the callback
-   @return CRYPT_OK on success,
-            CRYPT_NOP if no SubjectPublicKeyInfo was found,
-            another error if decoding or memory allocation failed
+   @return CRYPT_OK on success
 */
-int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
-                                            enum ltc_oid_id algorithm, ltc_asn1_type param_type,
-                                            ltc_asn1_list* parameters, unsigned long *parameters_len,
-                                            public_key_decode_cb callback, void *ctx)
+int x509_process_public_key_from_spki(const unsigned char *in, unsigned long inlen,
+                                      enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                      ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                      public_key_decode_cb callback, void *ctx)
 {
    int err;
    unsigned char *tmpbuf = NULL;
    unsigned long tmpbuf_len;
-   ltc_asn1_list *decoded_list = NULL, *spki;
-
-   LTC_ARGCHK(in       != NULL);
-   LTC_ARGCHK(inlen    != 0);
-   LTC_ARGCHK(callback != NULL);
 
-   if ((err = x509_decode_spki(in, inlen, &decoded_list, &spki)) != CRYPT_OK) {
-      return err;
-   }
+   LTC_ARGCHK(in        != NULL);
+   LTC_ARGCHK(callback  != NULL);
 
    if (algorithm == LTC_OID_EC) {
-      err = callback(spki->data, spki->size, ctx);
+      err = callback(in, inlen, ctx);
    } else {
 
       tmpbuf_len = inlen;
       tmpbuf = XCALLOC(1, tmpbuf_len);
       if (tmpbuf == NULL) {
-          err = CRYPT_MEM;
-          goto LBL_OUT;
+          return CRYPT_MEM;
       }
 
-      err = x509_decode_subject_public_key_info(spki->data, spki->size,
+      err = x509_decode_subject_public_key_info(in, inlen,
                                                 algorithm, tmpbuf, &tmpbuf_len,
                                                 param_type, parameters, parameters_len);
       if (err == CRYPT_OK) {
          err = callback(tmpbuf, tmpbuf_len, ctx);
-         goto LBL_OUT;
       }
    }
 
-LBL_OUT:
-   if (decoded_list) der_free_sequence_flexi(decoded_list);
    if (tmpbuf != NULL) XFREE(tmpbuf);
 
    return err;
 }
 
+/**
+  Try to decode the public key from a X.509 certificate
+   @param in               The input buffer
+   @param inlen            The length of the input buffer
+   @param algorithm        One out of the enum #public_key_algorithms
+   @param param_type       The parameters' type out of the enum ltc_asn1_type
+   @param parameters       The parameters to include
+   @param parameters_len   [in/out] The number of parameters to include
+   @param callback         The callback
+   @param ctx              The context passed to the callback
+   @return CRYPT_OK on success,
+            CRYPT_NOP if no SubjectPublicKeyInfo was found,
+            another error if decoding or memory allocation failed
+*/
+int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
+                                            enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                            ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                            public_key_decode_cb callback, void *ctx)
+{
+   int err;
+   ltc_asn1_list *decoded_list;
+   const ltc_asn1_list *spki;
+
+   LTC_ARGCHK(in       != NULL);
+   LTC_ARGCHK(inlen    != 0);
+   LTC_ARGCHK(callback != NULL);
+
+   if ((err = x509_decode_spki(in, inlen, &decoded_list, &spki)) != CRYPT_OK) {
+      return err;
+   }
+
+   err = x509_process_public_key_from_spki(spki->data, spki->size,
+                                           algorithm, param_type,
+                                           parameters, parameters_len,
+                                           callback, ctx);
+
+   if (decoded_list) der_free_sequence_flexi(decoded_list);
+
+   return err;
+}
+
 #endif
@@ -26,10 +26,10 @@
    @param spki             [out] A pointer to the SubjectPublicKeyInfo
    @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found, another error if decoding failed
 */
-int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki)
+int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, const ltc_asn1_list **spki)
 {
    int err;
-   unsigned long tmp_inlen;
+   unsigned long tmp_inlen, n, element_is_spki;
    ltc_asn1_list *decoded_list = NULL, *l;
 
    LTC_ARGCHK(in       != NULL);
@@ -49,29 +49,49 @@ int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list
       if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
          l = l->child;
          if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
+            /*    TBSCertificate  ::=  SEQUENCE  {
+             *         version         [0]  EXPLICIT Version DEFAULT v1,
+             *         serialNumber         CertificateSerialNumber,
+             *         signature            AlgorithmIdentifier,
+             *         issuer               Name,
+             *         validity             Validity,
+             *         subject              Name,
+             *         subjectPublicKeyInfo SubjectPublicKeyInfo,
+             *         issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+             *                              -- If present, version MUST be v2 or v3
+             *         subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+             *                              -- If present, version MUST be v2 or v3
+             *         extensions      [3]  EXPLICIT Extensions OPTIONAL
+             *                              -- If present, version MUST be v3
+             *         }
+             */
             l = l->child;
 
-            /* Move forward in the tree until we find this combination
-                 ...
-                 SEQUENCE
-                     SEQUENCE
-                         OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1>
-                         NULL
-                     BIT STRING
+            /* `l` points now either to 'version' or 'serialNumber', depending on
+             * whether 'version' is included or defaults to 'v1'.
+             * 'version' is represented as a LTC_ASN1_CUSTOM_TYPE
+             * 'serialNumber' is represented as an LTC_ASN1_INTEGER
+             * Decide now whether to move 5 or 6 elements forward until
+             * `l` should point to subjectPublicKeyInfo.
              */
-            do {
-               /* The additional check for l->data is there to make sure
-                * we won't try to decode a list that has been 'shrunk'
-                */
-               if ((l->type == LTC_ASN1_SEQUENCE)
-                     && (l->data != NULL)
-                     && LOOKS_LIKE_SPKI(l->child)) {
-                  *out = decoded_list;
-                  *spki = l;
-                  return CRYPT_OK;
-               }
+            if (l->type == LTC_ASN1_CUSTOM_TYPE)
+               element_is_spki = 6;
+            else
+               element_is_spki = 5;
+            for (n = 0; n < element_is_spki && l; ++n) {
                l = l->next;
-            } while(l);
+            }
+            /* The additional check for l->data is there to make sure
+             * we won't try to decode a list that has been 'shrunk'
+             */
+            if ((l != NULL)
+                  && (l->type == LTC_ASN1_SEQUENCE)
+                  && (l->data != NULL)
+                  && LOOKS_LIKE_SPKI(l->child)) {
+               *out = decoded_list;
+               *spki = l;
+               return CRYPT_OK;
+            }
          }
       }
    }
 
@@ -9,15 +9,15 @@
 
 #ifdef LTC_DER
 
-int x509_get_pka(ltc_asn1_list *pub, enum ltc_pka_id *pka)
+int x509_get_pka(const ltc_asn1_list *pub, enum ltc_pka_id *pka)
 {
    der_flexi_check flexi_should[4];
    ltc_asn1_list *seqid, *id = NULL;
    enum ltc_oid_id oid_id;
    int err;
    unsigned long n = 0;
    LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_SEQUENCE, &seqid);
-   LTC_SET_DER_FLEXI_CHECK(flexi_should, n++, LTC_ASN1_BIT_STRING, NULL);
+   LTC_SET_DER_FLEXI_CHECK_OPT(flexi_should, n++, LTC_ASN1_BIT_STRING, NULL);
    LTC_SET_DER_FLEXI_CHECK(flexi_should, n, LTC_ASN1_EOL, NULL);
    if ((err = der_flexi_sequence_cmp(pub, flexi_should)) != CRYPT_OK) {
       return err;