/*
* Returns: Number of bytes scanned. This may differ from the value returned via
- * bn_bytes because the latter does not include the ASN.1 prefix and a leading
- * zero is not considered as an additional byte for bn_bytes.
+ * bitsp because the latter does not include the ASN.1 prefix and a leading
+ * zero is not considered as an additional byte for the number of bits.
*/
static int read_bignum(unsigned char *start, unsigned char *end, gcry_mpi_t *bn,
- int *bn_bytes)
+ unsigned *bitsp)
{
int i, bn_size;
gcry_error_t gret;
cp++;
bn_size--;
}
- if (bn_bytes)
- *bn_bytes = bn_size;
+ if (bitsp)
+ *bitsp = bn_size * 8;
cp += bn_size;
// unsigned char *buf;
// gcry_mpi_aprint(GCRYMPI_FMT_HEX, &buf, NULL, *bn);
return cp - start;
}
+struct rsa_params {
+ gcry_mpi_t n, e, d, p, q, u;
+};
+
+static int read_pem_rsa_params(unsigned char *start, unsigned char *end,
+ struct rsa_params *p)
+{
+ unsigned char *cp = start;
+ unsigned bits;
+ int ret;
+
+ ret = read_bignum(cp, end, &p->n, &bits);
+ if (ret < 0)
+ return ret;
+ cp += ret;
+ ret = read_bignum(cp, end, &p->e, NULL);
+ if (ret < 0)
+ goto release_n;
+ cp += ret;
+ ret = read_bignum(cp, end, &p->d, NULL);
+ if (ret < 0)
+ goto release_e;
+ cp += ret;
+ ret = read_bignum(cp, end, &p->p, NULL);
+ if (ret < 0)
+ goto release_d;
+ cp += ret;
+ ret = read_bignum(cp, end, &p->q, NULL);
+ if (ret < 0)
+ goto release_p;
+ cp += ret;
+ ret = read_bignum(cp, end, &p->u, NULL);
+ if (ret < 0)
+ goto release_q;
+ return bits;
+release_q:
+ gcry_mpi_release(p->q);
+release_p:
+ gcry_mpi_release(p->p);
+release_d:
+ gcry_mpi_release(p->d);
+release_e:
+ gcry_mpi_release(p->e);
+release_n:
+ gcry_mpi_release(p->n);
+ return ret;
+}
+
static int find_privkey_bignum_offset(const unsigned char *data, int len)
{
const unsigned char *p = data, *end = data + len;
static int get_private_key(const char *key_file, struct asymmetric_key **result)
{
- gcry_mpi_t n = NULL, e = NULL, d = NULL, p = NULL, q = NULL,
- u = NULL;
- unsigned char *blob, *cp, *end;
- int ret, n_size;
+ struct rsa_params params;
+ unsigned char *blob, *end;
+ int ret;
+ unsigned bits;
gcry_error_t gret;
size_t erroff, blob_size;
gcry_sexp_t sexp;
if (ret < 0)
goto free_blob;
PARA_INFO_LOG("reading RSA params at offset %d\n", ret);
- cp = blob + ret;
-
- ret = read_bignum(cp, end, &n, &n_size);
+ ret = read_pem_rsa_params(blob + ret, end, ¶ms);
if (ret < 0)
goto free_blob;
- cp += ret;
-
- ret = read_bignum(cp, end, &e, NULL);
- if (ret < 0)
- goto release_n;
- cp += ret;
-
- ret = read_bignum(cp, end, &d, NULL);
- if (ret < 0)
- goto release_e;
- cp += ret;
-
- ret = read_bignum(cp, end, &p, NULL);
- if (ret < 0)
- goto release_d;
- cp += ret;
-
- ret = read_bignum(cp, end, &q, NULL);
- if (ret < 0)
- goto release_p;
- cp += ret;
- ret = read_bignum(cp, end, &u, NULL);
- if (ret < 0)
- goto release_q;
+ bits = ret;
/*
* OpenSSL uses slightly different parameters than gcrypt. To use these
* parameters we need to swap the values of p and q and recompute u.
*/
- if (gcry_mpi_cmp(p, q) > 0) {
- gcry_mpi_swap(p, q);
- gcry_mpi_invm(u, p, q);
+ if (gcry_mpi_cmp(params.p, params.q) > 0) {
+ gcry_mpi_swap(params.p, params.q);
+ gcry_mpi_invm(params.u, params.p, params.q);
}
- gret = gcry_sexp_build(&sexp, &erroff, RSA_PRIVKEY_SEXP,
- n, e, d, p, q, u);
+ gret = gcry_sexp_build(&sexp, &erroff, RSA_PRIVKEY_SEXP, params.n,
+ params.e, params.d, params.p, params.q, params.u);
if (gret) {
PARA_ERROR_LOG("offset %zu: %s\n", erroff,
gcry_strerror(gcry_err_code(gret)));
ret = -E_SEXP_BUILD;
- goto release_u;
+ goto free_params;
}
key = para_malloc(sizeof(*key));
key->sexp = sexp;
*result = key;
- ret = n_size * 8;
+ ret = bits;
PARA_INFO_LOG("succesfully read %d bit private key\n", ret);
-release_u:
- gcry_mpi_release(u);
-release_q:
- gcry_mpi_release(q);
-release_p:
- gcry_mpi_release(p);
-release_d:
- gcry_mpi_release(d);
-release_e:
- gcry_mpi_release(e);
-release_n:
- gcry_mpi_release(n);
+free_params:
+ gcry_mpi_release(params.n);
+ gcry_mpi_release(params.e);
+ gcry_mpi_release(params.d);
+ gcry_mpi_release(params.u);
+ gcry_mpi_release(params.p);
+ gcry_mpi_release(params.q);
+
free_blob:
free(blob);
return ret;
projects / paraslash.git / blobdiff