feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Rework CheckPrivateKey

Browse Source
This commit is contained in:
Sean Parkinson
2017-06-08 09:24:39 +10:00
parent 1db52f0c04
commit 3429b5a3b5
1 changed files with 69 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

163
wolfcrypt/src/asn.c
View File

@@ -2073,132 +2073,107 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
* der : a initialized and parsed DecodedCert holding a certificate */ * der : a initialized and parsed DecodedCert holding a certificate */
int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
{ {
int ret;
if (key == NULL || der == NULL) { if (key == NULL || der == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if !defined(NO_RSA) #if !defined(NO_RSA)
{ /* test if RSA key */
if (der->keyOID == RSAk) {
RsaKey a, b; RsaKey a, b;
word32 keyIdx = 0; word32 keyIdx = 0;
int ret = 0;
/* test if RSA key */ if ((ret = wc_InitRsaKey(&a, NULL)) < 0)
if (der->keyOID == RSAk) { return ret;
if (wc_InitRsaKey(&a, NULL) == 0 && if ((ret = wc_InitRsaKey(&b, NULL)) < 0) {
wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0) {
WOLFSSL_MSG("Checking RSA key pair");
keyIdx = 0; /* reset to 0 for parsing public key */
if (wc_InitRsaKey(&b, NULL) == 0) {
if ((ret = wc_RsaPublicKeyDecode(der->publicKey, &keyIdx,
&b, der->pubKeySize)) == 0) {
/* limit for user RSA crypto because of RsaKey
* dereference. */
#if defined(HAVE_USER_RSA)
WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
wc_FreeRsaKey(&b);
wc_FreeRsaKey(&a);
return 1; /* return first RSA cert as match */
#else
/* both keys extracted successfully now check n and e
* values are the same. This is dereferencing RsaKey */
if (mp_cmp(&(a.n), &(b.n)) != MP_EQ ||
mp_cmp(&(a.e), &(b.e)) != MP_EQ) {
ret = MP_CMP_E;
}
else {
/* match found, free keys and return success */
wc_FreeRsaKey(&b);
wc_FreeRsaKey(&a);
return 1;
}
#endif
}
wc_FreeRsaKey(&b);
}
}
wc_FreeRsaKey(&a); wc_FreeRsaKey(&a);
}
/* if ret is not 0 then there was a failed comparision attempt */
if (ret != 0) {
return ret; return ret;
} }
if ((ret = wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz)) == 0) {
WOLFSSL_MSG("Checking RSA key pair");
keyIdx = 0; /* reset to 0 for parsing public key */
if ((ret = wc_RsaPublicKeyDecode(der->publicKey, &keyIdx, &b,
der->pubKeySize)) == 0) {
/* limit for user RSA crypto because of RsaKey
* dereference. */
#if defined(HAVE_USER_RSA)
WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
ret = 1; /* return first RSA cert as match */
#else
/* both keys extracted successfully now check n and e
* values are the same. This is dereferencing RsaKey */
if (mp_cmp(&(a.n), &(b.n)) != MP_EQ ||
mp_cmp(&(a.e), &(b.e)) != MP_EQ) {
ret = MP_CMP_E;
}
else
ret = 1;
#endif
}
}
wc_FreeRsaKey(&b);
wc_FreeRsaKey(&a);
} }
else
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
{ if (der->keyOID == ECDSAk) {
int ret = 0;
word32 keyIdx = 0; word32 keyIdx = 0;
ecc_key key_pair; ecc_key key_pair;
if (der->keyOID == ECDSAk) { if ((ret = wc_ecc_init(&key_pair)) < 0)
if ((ret = wc_ecc_init(&key_pair)) == 0 &&
wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0) {
WOLFSSL_MSG("Checking ECC key pair");
keyIdx = 0;
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,
&key_pair)) == 0) {
/* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */
if ((ret = wc_ecc_check_key(&key_pair)) == 0) {
/* found a match */
wc_ecc_free(&key_pair);
return 1;
}
}
}
wc_ecc_free(&key_pair);
}
/* error on attempt to match */
if (ret != 0) {
return ret; return ret;
if ((ret = wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair,
keySz)) == 0) {
WOLFSSL_MSG("Checking ECC key pair");
keyIdx = 0;
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,
&key_pair)) == 0) {
/* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */
if ((ret = wc_ecc_check_key(&key_pair)) == 0)
ret = 1;
}
} }
wc_ecc_free(&key_pair);
} }
else
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
{ if (der->keyOID == ED25519k) {
int ret = 0;
word32 keyIdx = 0; word32 keyIdx = 0;
ed25519_key key_pair; ed25519_key key_pair;
if (der->keyOID == ED25519k) { if ((ret = wc_ed25519_init(&key_pair)) < 0)
if ((ret = wc_ed25519_init(&key_pair)) == 0 &&
wc_Ed25519PrivateKeyDecode(key, &keyIdx, &key_pair, keySz)
== 0) {
WOLFSSL_MSG("Checking ED25519 key pair");
keyIdx = 0;
if ((ret = wc_ed25519_import_public(der->publicKey,
der->pubKeySize, &key_pair)) == 0) {
/* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */
if ((ret = wc_ed25519_check_key(&key_pair)) == 0) {
/* found a match */
wc_ed25519_free(&key_pair);
return 1;
}
}
}
wc_ed25519_free(&key_pair);
}
/* error on attempt to match */
if (ret != 0) {
return ret; return ret;
if ((ret = wc_Ed25519PrivateKeyDecode(key, &keyIdx, &key_pair,
keySz)) == 0) {
WOLFSSL_MSG("Checking ED25519 key pair");
keyIdx = 0;
if ((ret = wc_ed25519_import_public(der->publicKey, der->pubKeySize,
&key_pair)) == 0) {
/* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */
if ((ret = wc_ed25519_check_key(&key_pair)) == 0)
ret = 1;
}
} }
wc_ed25519_free(&key_pair);
} }
else
#endif #endif
{
ret = 0;
}
/* no match found */ return ret;
return 0;
} }
#ifndef NO_PWDBASED #ifndef NO_PWDBASED