Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Dmitry Baryshkov
nettle
Commits
bf85a3db
Commit
bf85a3db
authored
Mar 26, 2014
by
Niels Möller
Browse files
Convert DER decoding functions to new DSA interface.
parent
c4752123
Changes
4
Hide whitespace changes
Inline
Side-by-side
ChangeLog
View file @
bf85a3db
2014-03-26 Niels Möller <nisse@lysator.liu.se>
* der2dsa.c (dsa_params_from_der_iterator): Converted to new DSA
interface. Allow q_size == 0, meaning any q < p is allowed.
Additional validity checks.
(dsa_public_key_from_der_iterator): Converted to new DSA
interface. Also check that the public value is in the correct
range.
(dsa_openssl_private_key_from_der_iterator): Converted
to new DSA interface. Additional validity checks.
(dsa_openssl_private_key_from_der): Converted to new DSA
interface.
* tools/pkcs1-conv.c (convert_dsa_private_key): Update to use
struct dsa_params, and adapt to the der decoding changes.
(convert_public_key): Likewise.
* examples/hogweed-benchmark.c: Update dsa benchmarking to use new
DSA interface.
...
...
der2dsa.c
View file @
bf85a3db
...
...
@@ -6,6 +6,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -38,9 +39,10 @@
&& asn1_der_get_bignum((i), (x), (l)) \
&& mpz_sgn((x)) > 0)
/* If q_bits > 0, q is required to be of exactly this size. */
int
dsa_params_from_der_iterator
(
struct
dsa_p
ublic_key
*
pub
,
unsigned
p_
max_bits
,
dsa_params_from_der_iterator
(
struct
dsa_p
arams
*
params
,
unsigned
max_bits
,
unsigned
q_bits
,
struct
asn1_der_iterator
*
i
)
{
/* Dss-Parms ::= SEQUENCE {
...
...
@@ -49,30 +51,41 @@ dsa_params_from_der_iterator(struct dsa_public_key *pub,
g INTEGER
}
*/
return
(
i
->
type
==
ASN1_INTEGER
&&
asn1_der_get_bignum
(
i
,
pub
->
p
,
p_max_bits
)
&&
mpz_sgn
(
pub
->
p
)
>
0
&&
GET
(
i
,
pub
->
q
,
DSA_SHA1_Q_BITS
)
&&
GET
(
i
,
pub
->
g
,
p_max_bits
)
&&
asn1_der_iterator_next
(
i
)
==
ASN1_ITERATOR_END
);
if
(
i
->
type
==
ASN1_INTEGER
&&
asn1_der_get_bignum
(
i
,
params
->
p
,
max_bits
)
&&
mpz_sgn
(
params
->
p
)
>
0
)
{
unsigned
p_bits
=
mpz_sizeinbase
(
params
->
p
,
2
);
return
(
GET
(
i
,
params
->
q
,
q_bits
?
q_bits
:
p_bits
)
&&
(
q_bits
==
0
||
mpz_sizeinbase
(
params
->
q
,
2
)
==
q_bits
)
&&
mpz_cmp
(
params
->
q
,
params
->
p
)
<
0
&&
GET
(
i
,
params
->
g
,
p_bits
)
&&
mpz_cmp
(
params
->
g
,
params
->
p
)
<
0
&&
asn1_der_iterator_next
(
i
)
==
ASN1_ITERATOR_END
);
}
else
return
0
;
}
int
dsa_public_key_from_der_iterator
(
struct
dsa_p
ublic_key
*
pub
,
unsigned
p_max_bits
,
dsa_public_key_from_der_iterator
(
const
struct
dsa_p
arams
*
params
,
mpz_t
pub
,
struct
asn1_der_iterator
*
i
)
{
/* DSAPublicKey ::= INTEGER
*/
return
(
i
->
type
==
ASN1_INTEGER
&&
asn1_der_get_bignum
(
i
,
pub
->
y
,
p_max_bits
)
&&
mpz_sgn
(
pub
->
y
)
>
0
);
&&
asn1_der_get_bignum
(
i
,
pub
,
mpz_sizeinbase
(
params
->
p
,
2
))
&&
mpz_sgn
(
pub
)
>
0
&&
mpz_cmp
(
pub
,
params
->
p
)
<
0
);
}
int
dsa_openssl_private_key_from_der_iterator
(
struct
dsa_public_key
*
pub
,
struct
dsa_private_key
*
priv
,
dsa_openssl_private_key_from_der_iterator
(
struct
dsa_params
*
params
,
mpz_t
pub
,
mpz_t
priv
,
unsigned
p_max_bits
,
struct
asn1_der_iterator
*
i
)
{
...
...
@@ -87,23 +100,31 @@ dsa_openssl_private_key_from_der_iterator(struct dsa_public_key *pub,
*/
uint32_t
version
;
return
(
i
->
type
==
ASN1_SEQUENCE
if
(
i
->
type
==
ASN1_SEQUENCE
&&
asn1_der_decode_constructed_last
(
i
)
==
ASN1_ITERATOR_PRIMITIVE
&&
i
->
type
==
ASN1_INTEGER
&&
asn1_der_get_uint32
(
i
,
&
version
)
&&
version
==
0
&&
GET
(
i
,
pub
->
p
,
p_max_bits
)
&&
GET
(
i
,
pub
->
q
,
DSA_SHA1_Q_BITS
)
&&
GET
(
i
,
pub
->
g
,
p_max_bits
)
&&
GET
(
i
,
pub
->
y
,
p_max_bits
)
&&
GET
(
i
,
priv
->
x
,
DSA_SHA1_Q_BITS
)
&&
asn1_der_iterator_next
(
i
)
==
ASN1_ITERATOR_END
);
&&
GET
(
i
,
params
->
p
,
p_max_bits
))
{
unsigned
p_bits
=
mpz_sizeinbase
(
params
->
p
,
2
);
return
(
GET
(
i
,
params
->
q
,
DSA_SHA1_Q_BITS
)
&&
GET
(
i
,
params
->
g
,
p_bits
)
&&
mpz_cmp
(
params
->
g
,
params
->
p
)
<
0
&&
GET
(
i
,
pub
,
p_bits
)
&&
mpz_cmp
(
pub
,
params
->
p
)
<
0
&&
GET
(
i
,
priv
,
DSA_SHA1_Q_BITS
)
&&
asn1_der_iterator_next
(
i
)
==
ASN1_ITERATOR_END
);
}
else
return
0
;
}
int
dsa_openssl_private_key_from_der
(
struct
dsa_public_key
*
pub
,
struct
dsa_private_key
*
priv
,
dsa_openssl_private_key_from_der
(
struct
dsa_params
*
params
,
mpz_t
pub
,
mpz_t
priv
,
unsigned
p_max_bits
,
size_t
length
,
const
uint8_t
*
data
)
{
...
...
@@ -113,5 +134,6 @@ dsa_openssl_private_key_from_der(struct dsa_public_key *pub,
res
=
asn1_der_iterator_first
(
&
i
,
length
,
data
);
return
(
res
==
ASN1_ITERATOR_CONSTRUCTED
&&
dsa_openssl_private_key_from_der_iterator
(
pub
,
priv
,
p_max_bits
,
&
i
));
&&
dsa_openssl_private_key_from_der_iterator
(
params
,
pub
,
priv
,
p_max_bits
,
&
i
));
}
dsa.h
View file @
bf85a3db
...
...
@@ -293,23 +293,26 @@ dsa_sha256_keypair_from_sexp(struct dsa_params *params,
struct
asn1_der_iterator
;
int
dsa_params_from_der_iterator
(
struct
dsa_public_key
*
pub
,
unsigned
p_max_bits
,
struct
asn1_der_iterator
*
i
);
dsa_params_from_der_iterator
(
struct
dsa_params
*
params
,
unsigned
max_bits
,
unsigned
q_bits
,
struct
asn1_der_iterator
*
i
);
int
dsa_public_key_from_der_iterator
(
struct
dsa_p
ublic_key
*
pub
,
unsigned
p_max_bits
,
dsa_public_key_from_der_iterator
(
const
struct
dsa_p
arams
*
params
,
mpz_t
pub
,
struct
asn1_der_iterator
*
i
);
int
dsa_openssl_private_key_from_der_iterator
(
struct
dsa_public_key
*
pub
,
struct
dsa_private_key
*
priv
,
dsa_openssl_private_key_from_der_iterator
(
struct
dsa_params
*
params
,
mpz_t
pub
,
mpz_t
priv
,
unsigned
p_max_bits
,
struct
asn1_der_iterator
*
i
);
int
dsa_openssl_private_key_from_der
(
struct
dsa_public_key
*
pub
,
struct
dsa_private_key
*
priv
,
dsa_openssl_private_key_from_der
(
struct
dsa_params
*
params
,
mpz_t
pub
,
mpz_t
priv
,
unsigned
p_max_bits
,
size_t
length
,
const
uint8_t
*
data
);
...
...
tools/pkcs1-conv.c
View file @
bf85a3db
...
...
@@ -5,6 +5,7 @@
/* nettle, low-level cryptographics library
*
* Copyright (C) 2005, 2009 Niels Möller, Magnus Holmgren
* Copyright (C) 2014 Niels Möller
*
* The nettle library is free software; you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
...
...
@@ -311,29 +312,30 @@ convert_rsa_private_key(struct nettle_buffer *buffer, size_t length, const uint8
static
int
convert_dsa_private_key
(
struct
nettle_buffer
*
buffer
,
size_t
length
,
const
uint8_t
*
data
)
{
struct
dsa_public_key
pub
;
struct
dsa_private_key
priv
;
struct
dsa_params
params
;
mpz_t
pub
;
mpz_t
priv
;
int
res
;
dsa_public_key_init
(
&
pub
);
dsa_private_key_init
(
&
priv
);
if
(
dsa_openssl_private_key_from_der
(
&
pub
,
&
priv
,
0
,
dsa_params_init
(
&
params
);
mpz_init
(
pub
);
mpz_init
(
priv
);
if
(
dsa_openssl_private_key_from_der
(
&
params
,
pub
,
priv
,
0
,
length
,
data
))
{
/* Reuses the buffer */
nettle_buffer_reset
(
buffer
);
res
=
dsa_keypair_to_sexp
(
buffer
,
NULL
,
(
const
struct
dsa_params
*
)
&
pub
,
pub
.
y
,
priv
.
x
);
res
=
dsa_keypair_to_sexp
(
buffer
,
NULL
,
&
params
,
pub
,
priv
);
}
else
{
werror
(
"Invalid OpenSSL private key.
\n
"
);
res
=
0
;
}
dsa_public_key_clear
(
&
pub
);
dsa_private_key_clear
(
&
priv
);
dsa_params_clear
(
&
params
);
mpz_clear
(
pub
);
mpz_clear
(
priv
);
return
res
;
}
...
...
@@ -407,19 +409,21 @@ convert_public_key(struct nettle_buffer *buffer, size_t length, const uint8_t *d
if
(
asn1_der_iterator_next
(
&
j
)
==
ASN1_ITERATOR_CONSTRUCTED
&&
asn1_der_decode_constructed_last
(
&
j
)
==
ASN1_ITERATOR_PRIMITIVE
)
{
struct
dsa_public_key
pub
;
struct
dsa_params
params
;
mpz_t
pub
;
dsa_public_key_init
(
&
pub
);
dsa_params_init
(
&
params
);
mpz_init
(
pub
);
if
(
dsa_params_from_der_iterator
(
&
p
ub
,
0
,
&
i
)
&&
dsa_public_key_from_der_iterator
(
&
p
ub
,
0
,
&
j
))
if
(
dsa_params_from_der_iterator
(
&
p
arams
,
0
,
0
,
&
i
)
&&
dsa_public_key_from_der_iterator
(
&
p
arams
,
pub
,
&
j
))
{
nettle_buffer_reset
(
buffer
);
res
=
dsa_keypair_to_sexp
(
buffer
,
NULL
,
(
const
struct
dsa_params
*
)
&
pub
,
pub
.
y
,
NULL
)
>
0
;
&
params
,
pub
,
NULL
)
>
0
;
}
dsa_public_key_clear
(
&
pub
);
dsa_params_clear
(
&
params
);
mpz_clear
(
pub
);
}
if
(
!
res
)
werror
(
"SubjectPublicKeyInfo: Invalid DSA key.
\n
"
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment