re-factor PKCS#8 API a bit

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

src/headers/tomcrypt_misc.h

@@ -160,10 +160,6 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
 #endif  /* LTC_PADDING */
 
 #ifdef LTC_PEM
-typedef struct {
-   int (*callback)(void **, unsigned long *, void *);
-   void *userdata;
-} password_ctx;
 
 #ifdef LTC_SSH
 int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx);

src/headers/tomcrypt_pk.h

@@ -1,6 +1,11 @@
 /* LibTomCrypt, modular cryptographic library -- Tom St Denis */
 /* SPDX-License-Identifier: Unlicense */
 
+typedef struct {
+   int (*callback)(void **, unsigned long *, void *);
+   void *userdata;
+} password_ctx;
+
 /* ---- NUMBER THEORY ---- */
 
 enum public_key_type {
@@ -106,7 +111,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key);
 
 int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key);
 int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen,
-                     const void *passwd, unsigned long passwdlen, rsa_key *key);
+                     const password_ctx  *pw_ctx, rsa_key *key);
 
 int rsa_set_key(const unsigned char *N,  unsigned long Nlen,
                 const unsigned char *e,  unsigned long elen,
@@ -278,7 +283,7 @@ int ecc_ansi_x963_import_ex(const unsigned char *in, unsigned long inlen, ecc_ke
 
 int ecc_export_openssl(unsigned char *out, unsigned long *outlen, int type, const ecc_key *key);
 int ecc_import_openssl(const unsigned char *in, unsigned long inlen, ecc_key *key);
-int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *pwd, unsigned long pwdlen, ecc_key *key);
+int ecc_import_pkcs8(const unsigned char *in, unsigned long inlen, const password_ctx *pw_ctx, ecc_key *key);
 int ecc_import_x509(const unsigned char *in, unsigned long inlen, ecc_key *key);
 
 int  ecc_shared_secret(const ecc_key *private_key, const ecc_key *public_key,
@@ -351,9 +356,9 @@ int ed25519_export(       unsigned char *out, unsigned long *outlen,
 int ed25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key);
 int ed25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key);
 int ed25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key);
-int ed25519_import_pkcs8(const unsigned char *in, unsigned long inlen,
-                                  const void *pwd, unsigned long pwdlen,
-                              curve25519_key *key);
+int ed25519_import_pkcs8(const unsigned char  *in, unsigned long inlen,
+                         const password_ctx   *pw_ctx,
+                               curve25519_key *key);
 
 int ed25519_sign(const unsigned char  *msg, unsigned long msglen,
                        unsigned char  *sig, unsigned long *siglen,
@@ -373,9 +378,9 @@ int x25519_export(       unsigned char *out, unsigned long *outlen,
 int x25519_import(const unsigned char *in, unsigned long inlen, curve25519_key *key);
 int x25519_import_raw(const unsigned char *in, unsigned long inlen, int which, curve25519_key *key);
 int x25519_import_x509(const unsigned char *in, unsigned long inlen, curve25519_key *key);
-int x25519_import_pkcs8(const unsigned char *in, unsigned long inlen,
-                                 const void *pwd, unsigned long pwdlen,
-                             curve25519_key *key);
+int x25519_import_pkcs8(const unsigned char  *in, unsigned long inlen,
+                        const password_ctx   *pw_ctx,
+                              curve25519_key *key);
 
 int x25519_shared_secret(const curve25519_key *private_key,
                          const curve25519_key *public_key,

src/headers/tomcrypt_private.h

@@ -55,7 +55,7 @@ typedef struct {
 typedef struct
 {
    pbes_properties type;
-   const void *pwd;
+   void *pwd;
    unsigned long pwdlen;
    ltc_asn1_list *enc_data;
    ltc_asn1_list *salt;
@@ -309,6 +309,7 @@ int ecc_set_curve_from_mpis(void *a, void *b, void *prime, void *order, void *gx
 int ecc_copy_curve(const ecc_key *srckey, ecc_key *key);
 int ecc_set_curve_by_size(int size, ecc_key *key);
 int ecc_import_subject_public_key_info(const unsigned char *in, unsigned long inlen, ecc_key *key);
+int ecc_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, ecc_key *key);
 
 #ifdef LTC_SSH
 int ecc_ssh_ecdsa_encode_name(char *buffer, unsigned long *buflen, const ecc_key *key);
@@ -398,11 +399,18 @@ int tweetnacl_crypto_sk_to_pk(unsigned char *pk, const unsigned char *sk);
 int tweetnacl_crypto_scalarmult(unsigned char *q, const unsigned char *n, const unsigned char *p);
 int tweetnacl_crypto_scalarmult_base(unsigned char *q,const unsigned char *n);
 
-typedef int (*sk_to_pk)(unsigned char *pk ,const unsigned char *sk);
+int ed25519_import_pkcs8_asn1(ltc_asn1_list  *alg_id, ltc_asn1_list *priv_key,
+                              curve25519_key *key);
+int x25519_import_pkcs8_asn1(ltc_asn1_list  *alg_id, ltc_asn1_list *priv_key,
+                             curve25519_key *key);
+
+int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key,
+                              enum ltc_oid_id id,
+                              curve25519_key *key);
 int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen,
-                       const void *pwd, unsigned long pwdlen,
-                       enum ltc_oid_id id, sk_to_pk fp,
-                       curve25519_key *key);
+                         const password_ctx  *pw_ctx,
+                         enum ltc_oid_id id,
+                         curve25519_key *key);
 int ec25519_export(       unsigned char *out, unsigned long *outlen,
                                     int  which,
                    const curve25519_key *key);
@@ -481,12 +489,35 @@ int pk_oid_cmp_with_asn1(const char *o1, const ltc_asn1_list *o2);
 
 #ifdef LTC_PKCS_8
 
+/* Public-Key Cryptography Standards (PKCS) #8:
+ * Private-Key Information Syntax Specification Version 1.2
+ * https://tools.ietf.org/html/rfc5208
+ *
+ * PrivateKeyInfo ::= SEQUENCE {
+ *      version                   Version,
+ *      privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
+ *      privateKey                PrivateKey,
+ *      attributes           [0]  IMPLICIT Attributes OPTIONAL }
+ * where:
+ * - Version ::= INTEGER
+ * - PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier
+ * - PrivateKey ::= OCTET STRING
+ * - Attributes ::= SET OF Attribute
+ *
+ * EncryptedPrivateKeyInfo ::= SEQUENCE {
+ *        encryptionAlgorithm  EncryptionAlgorithmIdentifier,
+ *        encryptedData        EncryptedData }
+ * where:
+ * - EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier
+ * - EncryptedData ::= OCTET STRING
+ */
+
 int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
-                                    const void  *pwd, unsigned long pwdlen,
-                                 ltc_asn1_list **decoded_list);
+                       const password_ctx   *pw_ctx,
+                             ltc_asn1_list **decoded_list);
 
 int pkcs8_get_children(const ltc_asn1_list *decoded_list, enum ltc_oid_id *pka,
-                        ltc_asn1_list **seq, ltc_asn1_list **priv_key);
+                        ltc_asn1_list **alg_id, ltc_asn1_list **priv_key);
 
 #endif  /* LTC_PKCS_8 */
 

src/pk/asn1/pkcs8/pkcs8_decode_flexi.c

@@ -15,18 +15,21 @@
    @return CRYPT_OK on success
 */
 int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
-                                const void  *pwd, unsigned long pwdlen,
+                       const password_ctx   *pw_ctx,
                              ltc_asn1_list **decoded_list)
 {
    unsigned long len = inlen;
    unsigned long dec_size;
    unsigned char *dec_data = NULL;
    ltc_asn1_list *l = NULL;
    int err;
+   pbes_arg pbes;
 
    LTC_ARGCHK(in           != NULL);
    LTC_ARGCHK(decoded_list != NULL);
 
+   XMEMSET(&pbes, 0, sizeof(pbes));
+
    *decoded_list = NULL;
    if ((err = der_decode_sequence_flexi(in, &len, &l)) == CRYPT_OK) {
       /* the following "if" detects whether it is encrypted or not */
@@ -44,9 +47,9 @@ int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
           LTC_ASN1_IS_TYPE(l->child->child->next, LTC_ASN1_SEQUENCE) &&
           LTC_ASN1_IS_TYPE(l->child->next, LTC_ASN1_OCTET_STRING)) {
          ltc_asn1_list *lalgoid = l->child->child;
-         pbes_arg pbes;
 
-         XMEMSET(&pbes, 0, sizeof(pbes));
+         LTC_ARGCHK(pw_ctx           != NULL);
+         LTC_ARGCHK(pw_ctx->callback != NULL);
 
          if (pbes1_extract(lalgoid, &pbes) == CRYPT_OK) {
             /* Successfully extracted PBES1 parameters */
@@ -58,9 +61,12 @@ int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
             goto LBL_DONE;
          }
 
+         if (pw_ctx->callback(&pbes.pwd, &pbes.pwdlen, pw_ctx->userdata)) {
+            err = CRYPT_ERROR;
+            goto LBL_DONE;
+         }
+
          pbes.enc_data = l->child->next;
-         pbes.pwd = pwd;
-         pbes.pwdlen = pwdlen;
 
          dec_size = pbes.enc_data->size;
          if ((dec_data = XMALLOC(dec_size)) == NULL) {
@@ -87,6 +93,10 @@ int pkcs8_decode_flexi(const unsigned char  *in,  unsigned long inlen,
 
 LBL_DONE:
    if (l) der_free_sequence_flexi(l);
+   if (pbes.pwd) {
+      zeromem(pbes.pwd, pbes.pwdlen);
+      XFREE(pbes.pwd);
+   }
    if (dec_data) {
       zeromem(dec_data, dec_size);
       XFREE(dec_data);

src/pk/ec25519/ec25519_import_pkcs8.c

@@ -9,78 +9,77 @@
 
 #ifdef LTC_CURVE25519
 
+typedef int (*sk_to_pk)(unsigned char *pk , const unsigned char *sk);
+
+int ec25519_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key,
+                              enum ltc_oid_id id,
+                              curve25519_key *key)
+{
+   int err;
+   unsigned long key_len;
+   sk_to_pk fp;
+
+   LTC_ARGCHK(key         != NULL);
+   LTC_ARGCHK(ltc_mp.name != NULL);
+
+   LTC_UNUSED_PARAM(alg_id);
+
+   switch (id) {
+      case LTC_OID_ED25519:
+         fp = tweetnacl_crypto_sk_to_pk;
+         break;
+      case LTC_OID_X25519:
+         fp = tweetnacl_crypto_scalarmult_base;
+         break;
+      default:
+         return CRYPT_PK_INVALID_TYPE;
+   }
+
+   key_len = sizeof(key->priv);
+   if ((err = der_decode_octet_string(priv_key->data, priv_key->size, key->priv, &key_len)) == CRYPT_OK) {
+      fp(key->pub, key->priv);
+      key->type = PK_PRIVATE;
+      key->algo = id;
+   }
+   return err;
+}
+
 /**
   Generic import of a Curve/Ed25519 private key in PKCS#8 format
-  @param in        The DER-encoded PKCS#8-formatted private key
-  @param inlen     The length of the input data
-  @param passwd    The password to decrypt the private key
-  @param passwdlen Password's length (octets)
-  @param key       [out] Where to import the key to
+  @param in        The packet to import from
+  @param inlen     It's length (octets)
+  @param pw_ctx    The password context when decrypting the private key
+  @param id        The type of the private key
+  @param key       [out] Destination for newly imported key
   @return CRYPT_OK if successful, on error all allocated memory is freed automatically
 */
 int ec25519_import_pkcs8(const unsigned char *in, unsigned long inlen,
-                       const void *pwd, unsigned long pwdlen,
-                       enum ltc_oid_id id, sk_to_pk fp,
-                       curve25519_key *key)
+                         const password_ctx   *pw_ctx,
+                         enum ltc_oid_id id,
+                         curve25519_key *key)
 {
-   int err;
+   int           err;
    ltc_asn1_list *l = NULL;
-   const char *oid;
-   ltc_asn1_list alg_id[1];
-   unsigned char private_key[34];
-   unsigned long version, key_len;
-   unsigned long tmpoid[16];
-
-   LTC_ARGCHK(in  != NULL);
-   LTC_ARGCHK(key != NULL);
-   LTC_ARGCHK(fp != NULL);
-
-   if ((err = pkcs8_decode_flexi(in, inlen, pwd, pwdlen, &l)) == CRYPT_OK) {
+   ltc_asn1_list *alg_id, *priv_key;
+   enum ltc_oid_id pka;
 
-      LTC_SET_ASN1(alg_id, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid) / sizeof(tmpoid[0]));
+   LTC_ARGCHK(in != NULL);
 
-      key_len = sizeof(private_key);
-      if ((err = der_decode_sequence_multi(l->data, l->size,
-                                           LTC_ASN1_SHORT_INTEGER,      1uL, &version,
-                                           LTC_ASN1_SEQUENCE,           1uL, alg_id,
-                                           LTC_ASN1_OCTET_STRING,   key_len, private_key,
-                                           LTC_ASN1_EOL,                0uL, NULL))
-          != CRYPT_OK) {
-         /* If there are attributes added after the private_key it is tagged with version 1 and
-          * we get an 'input too long' error but the rest is already decoded and can be
-          * handled the same as for version 0
-          */
-         if ((err == CRYPT_INPUT_TOO_LONG) && (version == 1)) {
-            version = 0;
-         } else {
-            goto out;
-         }
-      }
+   err = pkcs8_decode_flexi(in, inlen, pw_ctx, &l);
+   if (err != CRYPT_OK) return err;
 
-      if ((err = pk_get_oid(id, &oid)) != CRYPT_OK) {
-         goto out;
-      }
-      if ((err = pk_oid_cmp_with_asn1(oid, &alg_id[0])) != CRYPT_OK) {
-         goto out;
-      }
-
-      if (version == 0) {
-         key_len = sizeof(key->priv);
-         if ((err = der_decode_octet_string(private_key, sizeof(private_key), key->priv, &key_len)) == CRYPT_OK) {
-            fp(key->pub, key->priv);
-            key->type = PK_PRIVATE;
-            key->algo = id;
-         }
-      } else {
-         err = CRYPT_PK_INVALID_TYPE;
-      }
+   if ((err = pkcs8_get_children(l, &pka, &alg_id, &priv_key)) != CRYPT_OK) {
+      goto LBL_DER_FREE;
    }
-out:
-   if (l) der_free_sequence_flexi(l);
-#ifdef LTC_CLEAN_STACK
-   zeromem(private_key, sizeof(private_key));
-#endif
+   if (pka != id) {
+      err = CRYPT_INVALID_PACKET;
+      goto LBL_DER_FREE;
+   }
+
+   err = ec25519_import_pkcs8_asn1(alg_id, priv_key, id, key);
 
+LBL_DER_FREE:
+   der_free_sequence_flexi(l);
    return err;
 }