wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Rework CheckPrivateKey

Browse Source
This commit is contained in:
Sean Parkinson
2017-06-08 09:24:39 +10:00
parent 1db52f0c04
commit 3429b5a3b5
1 changed files with 69 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
wolfcrypt/src/asn.c
View File

@@ -2073,33 +2073,35 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz,
* der : a initialized and parsed DecodedCert holding a certificate */ * der : a initialized and parsed DecodedCert holding a certificate */
int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
{ {
int ret;
if (key == NULL || der == NULL) { if (key == NULL || der == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
#if !defined(NO_RSA) #if !defined(NO_RSA)
{
RsaKey a, b;
word32 keyIdx = 0;
int ret = 0;
/* test if RSA key */ /* test if RSA key */
if (der->keyOID == RSAk) { if (der->keyOID == RSAk) {
if (wc_InitRsaKey(&a, NULL) == 0 && RsaKey a, b;
wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz) == 0) { word32 keyIdx = 0;
if ((ret = wc_InitRsaKey(&a, NULL)) < 0)
return ret;
if ((ret = wc_InitRsaKey(&b, NULL)) < 0) {
wc_FreeRsaKey(&a);
return ret;
}
if ((ret = wc_RsaPrivateKeyDecode(key, &keyIdx, &a, keySz)) == 0) {
WOLFSSL_MSG("Checking RSA key pair"); WOLFSSL_MSG("Checking RSA key pair");
keyIdx = 0; /* reset to 0 for parsing public key */ keyIdx = 0; /* reset to 0 for parsing public key */
if (wc_InitRsaKey(&b, NULL) == 0) { if ((ret = wc_RsaPublicKeyDecode(der->publicKey, &keyIdx, &b,
if ((ret = wc_RsaPublicKeyDecode(der->publicKey, &keyIdx, der->pubKeySize)) == 0) {
&b, der->pubKeySize)) == 0) {
/* limit for user RSA crypto because of RsaKey /* limit for user RSA crypto because of RsaKey
* dereference. */ * dereference. */
#if defined(HAVE_USER_RSA) #if defined(HAVE_USER_RSA)
WOLFSSL_MSG("Cannot verify RSA pair with user RSA"); WOLFSSL_MSG("Cannot verify RSA pair with user RSA");
wc_FreeRsaKey(&b); ret = 1; /* return first RSA cert as match */
wc_FreeRsaKey(&a);
return 1; /* return first RSA cert as match */
#else #else
/* both keys extracted successfully now check n and e /* both keys extracted successfully now check n and e
* values are the same. This is dereferencing RsaKey */ * values are the same. This is dereferencing RsaKey */
@@ -2107,36 +2109,26 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
mp_cmp(&(a.e), &(b.e)) != MP_EQ) { mp_cmp(&(a.e), &(b.e)) != MP_EQ) {
ret = MP_CMP_E; ret = MP_CMP_E;
} }
else { else
/* match found, free keys and return success */ ret = 1;
wc_FreeRsaKey(&b);
wc_FreeRsaKey(&a);
return 1;
}
#endif #endif
} }
}
wc_FreeRsaKey(&b); wc_FreeRsaKey(&b);
}
}
wc_FreeRsaKey(&a); wc_FreeRsaKey(&a);
} }
else
/* if ret is not 0 then there was a failed comparision attempt */
if (ret != 0) {
return ret;
}
}
#endif /* NO_RSA */ #endif /* NO_RSA */
#ifdef HAVE_ECC #ifdef HAVE_ECC
{ if (der->keyOID == ECDSAk) {
int ret = 0;
word32 keyIdx = 0; word32 keyIdx = 0;
ecc_key key_pair; ecc_key key_pair;
if (der->keyOID == ECDSAk) { if ((ret = wc_ecc_init(&key_pair)) < 0)
if ((ret = wc_ecc_init(&key_pair)) == 0 && return ret;
wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair, keySz) == 0) { if ((ret = wc_EccPrivateKeyDecode(key, &keyIdx, &key_pair,
keySz)) == 0) {
WOLFSSL_MSG("Checking ECC key pair"); WOLFSSL_MSG("Checking ECC key pair");
keyIdx = 0; keyIdx = 0;
if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize, if ((ret = wc_ecc_import_x963(der->publicKey, der->pubKeySize,
@@ -2144,61 +2136,44 @@ int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der)
/* public and private extracted successfuly no check if is /* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key * a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */ * checks that private * base generator equals pubkey */
if ((ret = wc_ecc_check_key(&key_pair)) == 0) { if ((ret = wc_ecc_check_key(&key_pair)) == 0)
/* found a match */ ret = 1;
wc_ecc_free(&key_pair);
return 1;
}
} }
} }
wc_ecc_free(&key_pair); wc_ecc_free(&key_pair);
} }
else
/* error on attempt to match */
if (ret != 0) {
return ret;
}
}
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifdef HAVE_ED25519 #ifdef HAVE_ED25519
{ if (der->keyOID == ED25519k) {
int ret = 0;
word32 keyIdx = 0; word32 keyIdx = 0;
ed25519_key key_pair; ed25519_key key_pair;
if (der->keyOID == ED25519k) { if ((ret = wc_ed25519_init(&key_pair)) < 0)
if ((ret = wc_ed25519_init(&key_pair)) == 0 && return ret;
wc_Ed25519PrivateKeyDecode(key, &keyIdx, &key_pair, keySz) if ((ret = wc_Ed25519PrivateKeyDecode(key, &keyIdx, &key_pair,
== 0) { keySz)) == 0) {
WOLFSSL_MSG("Checking ED25519 key pair"); WOLFSSL_MSG("Checking ED25519 key pair");
keyIdx = 0; keyIdx = 0;
if ((ret = wc_ed25519_import_public(der->publicKey, if ((ret = wc_ed25519_import_public(der->publicKey, der->pubKeySize,
der->pubKeySize, &key_pair)) == 0) { &key_pair)) == 0) {
/* public and private extracted successfuly no check if is /* public and private extracted successfuly no check if is
* a pair and also do sanity checks on key. wc_ecc_check_key * a pair and also do sanity checks on key. wc_ecc_check_key
* checks that private * base generator equals pubkey */ * checks that private * base generator equals pubkey */
if ((ret = wc_ed25519_check_key(&key_pair)) == 0) { if ((ret = wc_ed25519_check_key(&key_pair)) == 0)
/* found a match */ ret = 1;
wc_ed25519_free(&key_pair);
return 1;
}
} }
} }
wc_ed25519_free(&key_pair); wc_ed25519_free(&key_pair);
} }
else
/* error on attempt to match */
if (ret != 0) {
return ret;
}
}
#endif #endif
{
ret = 0;
}
/* no match found */ return ret;
return 0;
} }
#ifndef NO_PWDBASED #ifndef NO_PWDBASED