Add support for RSA-PSS keys

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

src/headers/tomcrypt_pk.h

@@ -40,6 +40,7 @@ enum ltc_pka_id {
    LTC_PKA_X25519,
    LTC_PKA_ED25519,
    LTC_PKA_DH,
+   LTC_PKA_RSA_PSS,
    LTC_PKA_NUM
 };
 
@@ -62,7 +63,18 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng);
 /* ---- RSA ---- */
 #ifdef LTC_MRSA
 
-/** RSA PKCS style key */
+typedef struct ltc_rsa_parameters {
+   /** PSS/OAEP or PKCS #1 v1.5 style
+    *  0 -> PKCS #1 v1.5, 1 -> PSS/OAEP */
+   int pss_oaep;
+   /** saltLength is only defined for PSS
+    * If saltLength == 0 -> OAEP, else -> PSS */
+   unsigned long saltlen;
+   /** hash and MGF hash algorithms */
+   const char *hash_alg, *mgf1_hash_alg;
+} ltc_rsa_parameters;
+
+/** RSA key */
 typedef struct Rsa_key {
     /** Type of key, PK_PRIVATE or PK_PUBLIC */
     int type;
@@ -82,6 +94,8 @@ typedef struct Rsa_key {
     void *dP;
     /** The d mod (q - 1) CRT param */
     void *dQ;
+    /** Further parameters of the RSA key */
+    ltc_rsa_parameters params;
 } rsa_key;
 
 int rsa_make_key(prng_state *prng, int wprng, int size, long e, rsa_key *key);
@@ -1029,7 +1043,11 @@ typedef struct ltc_x509_time {
 
 typedef struct ltc_x509_signature_algorithm {
    enum ltc_pka_id pka;
-   const char *hash;
+   union {
+      const char *hash;
+      ltc_rsa_parameters rsa_params;
+   } u;
+   const ltc_asn1_list *asn1;
 } ltc_x509_signature_algorithm;
 
 typedef struct ltc_x509_validity {

src/headers/tomcrypt_private.h

@@ -60,6 +60,9 @@ enum ltc_oid_id {
    LTC_OID_X25519,
    LTC_OID_ED25519,
    LTC_OID_DH,
+   LTC_OID_RSA_OAEP,
+   LTC_OID_RSA_MGF1,
+   LTC_OID_RSA_PSS,
    LTC_OID_RSA_WITH_MD5,
    LTC_OID_RSA_WITH_SHA1,
    LTC_OID_RSA_WITH_SHA224,
@@ -439,8 +442,14 @@ int pk_oid_cmp_with_ulong(const char *o1, const unsigned long *o2, unsigned long
 
 /* ---- DH Routines ---- */
 #ifdef LTC_MRSA
+typedef enum ltc_rsa_op {
+   LTC_RSA_CRYPT,
+   LTC_RSA_SIGN
+} ltc_rsa_op;
 int rsa_init(rsa_key *key);
 void rsa_shrink_key(rsa_key *key);
+int rsa_key_valid_op(const rsa_key *key, ltc_rsa_op op, int padding, int hash_idx);
+int rsa_params_equal(const ltc_rsa_parameters *a, const ltc_rsa_parameters *b);
 int rsa_make_key_bn_e(prng_state *prng, int wprng, int size, void *e,
                       rsa_key *key); /* used by op-tee */
 int rsa_import_pkcs1(const unsigned char *in, unsigned long inlen, rsa_key *key);
@@ -680,7 +689,11 @@ int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned lo
                                             enum ltc_oid_id algorithm, ltc_asn1_type param_type,
                                             ltc_asn1_list* parameters, unsigned long *parameters_len,
                                             public_key_decode_cb callback, void *ctx);
-int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki);
+int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, const ltc_asn1_list **spki);
+int x509_process_public_key_from_spki(const unsigned char *in, unsigned long inlen,
+                                      enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                      ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                      public_key_decode_cb callback, void *ctx);
 
 /* SUBJECT PUBLIC KEY INFO */
 int x509_encode_subject_public_key_info(unsigned char *out, unsigned long *outlen,

src/pk/asn1/oid/pk_get.c

@@ -20,6 +20,9 @@ static const oid_table_entry pka_oids[] = {
                                               { LTC_OID_X25519,               LTC_PKA_X25519,  NULL,         "1.3.101.110" },
                                               { LTC_OID_ED25519,              LTC_PKA_ED25519, NULL,         "1.3.101.112" },
                                               { LTC_OID_DH,                   LTC_PKA_DH,      NULL,         "1.2.840.113549.1.3.1" },
+                                              { LTC_OID_RSA_OAEP,             LTC_PKA_RSA,     NULL,         "1.2.840.113549.1.1.7" },
+                                              { LTC_OID_RSA_MGF1,             LTC_PKA_RSA,     NULL,         "1.2.840.113549.1.1.8" },
+                                              { LTC_OID_RSA_PSS,              LTC_PKA_RSA_PSS, NULL,         "1.2.840.113549.1.1.10" },
                                               { LTC_OID_RSA_WITH_MD5,         LTC_PKA_RSA,     "md5",        "1.2.840.113549.1.1.4" },
                                               { LTC_OID_RSA_WITH_SHA1,        LTC_PKA_RSA,     "sha1",       "1.2.840.113549.1.1.5" },
                                               { LTC_OID_RSA_WITH_SHA224,      LTC_PKA_RSA,     "sha224",     "1.2.840.113549.1.1.14" },
@@ -106,7 +109,7 @@ int pk_get_pka_id(enum ltc_oid_id id, enum ltc_pka_id *pka)
 int pk_get_sig_alg(enum ltc_oid_id id, ltc_x509_signature_algorithm *sig_alg)
 {
    LTC_ARGCHK(sig_alg != NULL);
-   return s_get_values(id, &sig_alg->pka, &sig_alg->hash);
+   return s_get_values(id, &sig_alg->pka, &sig_alg->u.hash);
 }
 
 /*

src/pk/asn1/x509/x509_decode_public_key_from_certificate.c

@@ -10,7 +10,7 @@
 #ifdef LTC_DER
 
 /**
-  Try to decode the public key from a X.509 certificate
+  Process the public key from the SubjectPublicKeyInfo of a X.509 certificate
    @param in               The input buffer
    @param inlen            The length of the input buffer
    @param algorithm        One out of the enum #public_key_algorithms
@@ -19,53 +19,82 @@
    @param parameters_len   [in/out] The number of parameters to include
    @param callback         The callback
    @param ctx              The context passed to the callback
-   @return CRYPT_OK on success,
-            CRYPT_NOP if no SubjectPublicKeyInfo was found,
-            another error if decoding or memory allocation failed
+   @return CRYPT_OK on success
 */
-int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
-                                            enum ltc_oid_id algorithm, ltc_asn1_type param_type,
-                                            ltc_asn1_list* parameters, unsigned long *parameters_len,
-                                            public_key_decode_cb callback, void *ctx)
+int x509_process_public_key_from_spki(const unsigned char *in, unsigned long inlen,
+                                      enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                      ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                      public_key_decode_cb callback, void *ctx)
 {
    int err;
    unsigned char *tmpbuf = NULL;
    unsigned long tmpbuf_len;
-   ltc_asn1_list *decoded_list = NULL, *spki;
-
-   LTC_ARGCHK(in       != NULL);
-   LTC_ARGCHK(inlen    != 0);
-   LTC_ARGCHK(callback != NULL);
 
-   if ((err = x509_decode_spki(in, inlen, &decoded_list, &spki)) != CRYPT_OK) {
-      return err;
-   }
+   LTC_ARGCHK(in        != NULL);
+   LTC_ARGCHK(callback  != NULL);
 
    if (algorithm == LTC_OID_EC) {
-      err = callback(spki->data, spki->size, ctx);
+      err = callback(in, inlen, ctx);
    } else {
 
       tmpbuf_len = inlen;
       tmpbuf = XCALLOC(1, tmpbuf_len);
       if (tmpbuf == NULL) {
-          err = CRYPT_MEM;
-          goto LBL_OUT;
+          return CRYPT_MEM;
       }
 
-      err = x509_decode_subject_public_key_info(spki->data, spki->size,
+      err = x509_decode_subject_public_key_info(in, inlen,
                                                 algorithm, tmpbuf, &tmpbuf_len,
                                                 param_type, parameters, parameters_len);
       if (err == CRYPT_OK) {
          err = callback(tmpbuf, tmpbuf_len, ctx);
-         goto LBL_OUT;
       }
    }
 
-LBL_OUT:
-   if (decoded_list) der_free_sequence_flexi(decoded_list);
    if (tmpbuf != NULL) XFREE(tmpbuf);
 
    return err;
 }
 
+/**
+  Try to decode the public key from a X.509 certificate
+   @param in               The input buffer
+   @param inlen            The length of the input buffer
+   @param algorithm        One out of the enum #public_key_algorithms
+   @param param_type       The parameters' type out of the enum ltc_asn1_type
+   @param parameters       The parameters to include
+   @param parameters_len   [in/out] The number of parameters to include
+   @param callback         The callback
+   @param ctx              The context passed to the callback
+   @return CRYPT_OK on success,
+            CRYPT_NOP if no SubjectPublicKeyInfo was found,
+            another error if decoding or memory allocation failed
+*/
+int x509_decode_public_key_from_certificate(const unsigned char *in, unsigned long inlen,
+                                            enum ltc_oid_id algorithm, ltc_asn1_type param_type,
+                                            ltc_asn1_list* parameters, unsigned long *parameters_len,
+                                            public_key_decode_cb callback, void *ctx)
+{
+   int err;
+   ltc_asn1_list *decoded_list;
+   const ltc_asn1_list *spki;
+
+   LTC_ARGCHK(in       != NULL);
+   LTC_ARGCHK(inlen    != 0);
+   LTC_ARGCHK(callback != NULL);
+
+   if ((err = x509_decode_spki(in, inlen, &decoded_list, &spki)) != CRYPT_OK) {
+      return err;
+   }
+
+   err = x509_process_public_key_from_spki(spki->data, spki->size,
+                                           algorithm, param_type,
+                                           parameters, parameters_len,
+                                           callback, ctx);
+
+   if (decoded_list) der_free_sequence_flexi(decoded_list);
+
+   return err;
+}
+
 #endif

src/pk/asn1/x509/x509_decode_spki.c

@@ -26,10 +26,10 @@
    @param spki             [out] A pointer to the SubjectPublicKeyInfo
    @return CRYPT_OK on success, CRYPT_NOP if no SubjectPublicKeyInfo was found, another error if decoding failed
 */
-int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, ltc_asn1_list **spki)
+int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list **out, const ltc_asn1_list **spki)
 {
    int err;
-   unsigned long tmp_inlen;
+   unsigned long tmp_inlen, n, element_is_spki;
    ltc_asn1_list *decoded_list = NULL, *l;
 
    LTC_ARGCHK(in       != NULL);
@@ -49,29 +49,49 @@ int x509_decode_spki(const unsigned char *in, unsigned long inlen, ltc_asn1_list
       if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
          l = l->child;
          if ((l->type == LTC_ASN1_SEQUENCE) && (l->child != NULL)) {
+            /*    TBSCertificate  ::=  SEQUENCE  {
+             *         version         [0]  EXPLICIT Version DEFAULT v1,
+             *         serialNumber         CertificateSerialNumber,
+             *         signature            AlgorithmIdentifier,
+             *         issuer               Name,
+             *         validity             Validity,
+             *         subject              Name,
+             *         subjectPublicKeyInfo SubjectPublicKeyInfo,
+             *         issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
+             *                              -- If present, version MUST be v2 or v3
+             *         subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
+             *                              -- If present, version MUST be v2 or v3
+             *         extensions      [3]  EXPLICIT Extensions OPTIONAL
+             *                              -- If present, version MUST be v3
+             *         }
+             */
             l = l->child;
 
-            /* Move forward in the tree until we find this combination
-                 ...
-                 SEQUENCE
-                     SEQUENCE
-                         OBJECT IDENTIFIER <some PKA OID, e.g. 1.2.840.113549.1.1.1>
-                         NULL
-                     BIT STRING
+            /* `l` points now either to 'version' or 'serialNumber', depending on
+             * whether 'version' is included or defaults to 'v1'.
+             * 'version' is represented as a LTC_ASN1_CUSTOM_TYPE
+             * 'serialNumber' is represented as an LTC_ASN1_INTEGER
+             * Decide now whether to move 5 or 6 elements forward until
+             * `l` should point to subjectPublicKeyInfo.
              */
-            do {
-               /* The additional check for l->data is there to make sure
-                * we won't try to decode a list that has been 'shrunk'
-                */
-               if ((l->type == LTC_ASN1_SEQUENCE)
-                     && (l->data != NULL)
-                     && LOOKS_LIKE_SPKI(l->child)) {
-                  *out = decoded_list;
-                  *spki = l;
-                  return CRYPT_OK;
-               }
+            if (l->type == LTC_ASN1_CUSTOM_TYPE)
+               element_is_spki = 6;
+            else
+               element_is_spki = 5;
+            for (n = 0; n < element_is_spki && l; ++n) {
                l = l->next;
-            } while(l);
+            }
+            /* The additional check for l->data is there to make sure
+             * we won't try to decode a list that has been 'shrunk'
+             */
+            if ((l != NULL)
+                  && (l->type == LTC_ASN1_SEQUENCE)
+                  && (l->data != NULL)
+                  && LOOKS_LIKE_SPKI(l->child)) {
+               *out = decoded_list;
+               *spki = l;
+               return CRYPT_OK;
+            }
          }
       }
    }

src/pk/asn1/x509/x509_import_spki.c

@@ -14,6 +14,7 @@ typedef int (*import_fn)(const unsigned char *, unsigned long, void*);
 static const import_fn s_import_x509_fns[LTC_PKA_NUM] = {
 #ifdef LTC_MRSA
                                                 [LTC_PKA_RSA] = (import_fn)rsa_import_x509,
+                                                [LTC_PKA_RSA_PSS] = (import_fn)rsa_import_x509,
 #endif
 #ifdef LTC_MDSA
                                                 [LTC_PKA_DSA] = (import_fn)dsa_import,
@@ -30,7 +31,8 @@ static const import_fn s_import_x509_fns[LTC_PKA_NUM] = {
 int x509_import_spki(const unsigned char *asn1_cert, unsigned long asn1_len, ltc_pka_key *k, ltc_asn1_list **root)
 {
    enum ltc_pka_id pka = LTC_PKA_UNDEF;
-   ltc_asn1_list *d, *spki;
+   ltc_asn1_list *d;
+   const ltc_asn1_list *spki;
    int err;
    if ((err = x509_decode_spki(asn1_cert, asn1_len, &d, &spki)) != CRYPT_OK) {
       return err;