add support for regular PEM files

This adds support to decode plain and encrypted PEM files.

Either in OpenSSL specific format or PKCS#8

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

src/headers/tomcrypt_custom.h

@@ -114,6 +114,8 @@
 
    #define LTC_NO_MISC
    #define LTC_BASE64
+   #define LTC_BASE16
+   #define LTC_PEM
 #endif /* LTC_EASY */
 
 /* The minimal set of functionality to run the tests */
@@ -565,6 +567,12 @@
 #endif
 
 #if defined(LTC_PEM)
+   /* Size of the line-buffer */
+   #ifndef LTC_PEM_DECODE_BUFSZ
+      #define LTC_PEM_DECODE_BUFSZ 72
+   #elif LTC_PEM_DECODE_BUFSZ < 72
+      #error "LTC_PEM_DECODE_BUFSZ shall not be < 72 bytes"
+   #endif
    /* Size of the decoded data buffer */
    #ifndef LTC_PEM_READ_BUFSIZE
       #ifdef LTC_FILE_READ_BUFSIZE

src/headers/tomcrypt_misc.h

@@ -160,10 +160,12 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
 #endif  /* LTC_PADDING */
 
 #ifdef LTC_PEM
+int pem_decode_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx);
+int pem_decode(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx);
 
 #ifdef LTC_SSH
 int pem_decode_openssh_filehandle(FILE *f, ltc_pka_key *k, password_ctx *pw_ctx);
-int pem_decode_openssh(void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx);
+int pem_decode_openssh(const void *buf, unsigned long len, ltc_pka_key *k, password_ctx *pw_ctx);
 #endif
 
 #endif /* LTC_PEM */

src/headers/tomcrypt_private.h

@@ -225,6 +225,13 @@ struct password {
    void *pw;
    unsigned long l;
 };
+struct dek_info {
+   const char *alg;
+   unsigned long keylen;
+   /* should use `MAXBLOCKSIZE` here, but all supported
+    * blockciphers require max 16 bytes IV */
+   char iv[16 * 2 + 1];
+};
 
 struct str {
    char *p;
@@ -233,18 +240,29 @@ struct str {
 
 #define SET_STR(n, s) n.p = s, n.len = XSTRLEN(s)
 #define SET_CSTR(n, s) n.p = (char*)s, n.len = XSTRLEN(s)
+#define COPY_STR(n, s, l) do { XMEMCPY(n.p, s, l); n.len = l; } while(0)
+#define FREE_STR(n) do { n.p = NULL; n.len = 0; } while(0)
 
 enum more_headers {
    no,
    yes,
    maybe
 };
 
+struct pem_header_id {
+   struct str start, end;
+   enum more_headers has_more_headers;
+   int encrypted;
+   enum ltc_pka_id pka;
+   int pkcs8;
+   int (*decrypt)(void *, unsigned long *, void *);
+};
+
 struct pem_headers {
-   const struct {
-      struct str start, end;
-      enum more_headers has_more_headers;
-   };
+   const struct pem_header_id *id;
+   int encrypted;
+   struct dek_info info;
+   struct password *pw;
 };
 
 struct bufp {
@@ -254,14 +272,16 @@ struct bufp {
    char *p, *r, *end;
 };
 
-#define SET_BUFP(n, d, l) n.p = d, n.r = d, n.end = (char*)d + l + 1
+#define SET_BUFP(n, d, l) n.p = (char*)d, n.r = (char*)d, n.end = (char*)d + l + 1
 
 struct get_char {
    int (*get)(struct get_char*);
    union {
       FILE *f;
       struct bufp buf;
    };
+   struct str unget_buf;
+   char unget_buf_[LTC_PEM_DECODE_BUFSZ];
 };
 
 /* others */
@@ -294,6 +314,7 @@ void rsa_shrink_key(rsa_key *key);
 int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e,
                       rsa_key *key); /* used by op-tee */
 int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key);
+int rsa_import_pkcs8_asn1(ltc_asn1_list *alg_id, ltc_asn1_list *priv_key, rsa_key *key);
 #endif /* LTC_MRSA */
 
 /* ---- DH Routines ---- */

src/misc/crypt/crypt.c

@@ -463,6 +463,7 @@ const char *crypt_build_settings =
 #endif
 #if defined(LTC_PEM)
     " PEM "
+    " " NAME_VALUE(LTC_PEM_DECODE_BUFSZ) " "
     " " NAME_VALUE(LTC_PEM_READ_BUFSIZE) " "
 #endif
 #if defined(LTC_SSH)