key_rd.c

cryptlib是功能强大的安全工具集。允许开发人员快速在自己的软件中集成加密和认证服务。

	switch( formatType )
		{
		case KEYFORMAT_CERT:
			status = readRsaSubjectPublicKey( stream, contextInfoPtr, 
											  &actionFlags );
			break;

#ifdef USE_SSH1
		case KEYFORMAT_SSH1:
			status = readSsh1RsaPublicKey( stream, contextInfoPtr, 
										   &actionFlags );
			break;
#endif /* USE_SSH1 */

		case KEYFORMAT_SSH2:
			status = readSsh2RsaPublicKey( stream, contextInfoPtr, 
										   &actionFlags );
			break;

		case KEYFORMAT_PGP:
			status = readPgpRsaPublicKey( stream, contextInfoPtr, 
										  &actionFlags );
			break;

		default:
			assert( NOTREACHED );
			return( CRYPT_ERROR_NOTAVAIL );
		}
	if( cryptStatusError( status ) )
		return( status );
	return( krnlSendMessage( contextInfoPtr->objectHandle, 
							 IMESSAGE_SETATTRIBUTE, &actionFlags, 
							 CRYPT_IATTRIBUTE_ACTIONPERMS ) );
	}

static int readPublicKeyDlpFunction( STREAM *stream, CONTEXT_INFO *contextInfoPtr,
									 const KEYFORMAT_TYPE formatType )
	{
	int actionFlags, status;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	switch( formatType )
		{
		case KEYFORMAT_CERT:
			status = readDlpSubjectPublicKey( stream, contextInfoPtr, 
											  &actionFlags );
			break;

		case KEYFORMAT_SSH2:
			status = readSsh2DlpPublicKey( stream, contextInfoPtr, 
										   &actionFlags );
			break;

		case KEYFORMAT_SSL:
			status = readSslDlpPublicKey( stream, contextInfoPtr, 
										  &actionFlags );
			break;
		
		case KEYFORMAT_PGP:
			status = readPgpDlpPublicKey( stream, contextInfoPtr, 
										  &actionFlags );
			break;

		default:
			assert( NOTREACHED );
			return( CRYPT_ERROR_NOTAVAIL );
		}
	if( cryptStatusError( status ) )
		return( status );
	return( krnlSendMessage( contextInfoPtr->objectHandle,
							 IMESSAGE_SETATTRIBUTE, &actionFlags, 
							 CRYPT_IATTRIBUTE_ACTIONPERMS ) );
	}

/****************************************************************************
*																			*
*								Read Private Keys							*
*																			*
****************************************************************************/

/* Read private key components.  This function assumes that the public
   portion of the context has already been set up */

static int readRsaPrivateKey( STREAM *stream, CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *rsaKey = contextInfoPtr->ctxPKC;
	int status;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	/* Read the header and key components */
	readSequence( stream, NULL );
	if( peekTag( stream ) == MAKE_CTAG( 0 ) )
		/* Erroneously written in older code */
		readConstructed( stream, NULL, 0 );
	if( peekTag( stream ) == MAKE_CTAG_PRIMITIVE( 0 ) )
		{
		readBignumTag( stream, &rsaKey->rsaParam_n, 0 );
		readBignumTag( stream, &rsaKey->rsaParam_e, 1 );
		}
	if( peekTag( stream ) == MAKE_CTAG_PRIMITIVE( 2 ) )
		readBignumTag( stream, &rsaKey->rsaParam_d, 2 );
	readBignumTag( stream, &rsaKey->rsaParam_p, 3 );
	status = readBignumTag( stream, &rsaKey->rsaParam_q, 4 );
	if( peekTag( stream ) == MAKE_CTAG_PRIMITIVE( 5 ) )
		{
		readBignumTag( stream, &rsaKey->rsaParam_exponent1, 5 );
		readBignumTag( stream, &rsaKey->rsaParam_exponent2, 6 );
		status = readBignumTag( stream, &rsaKey->rsaParam_u, 7 );
		}
	return( status );
	}

static int readRsaPrivateKeyOld( STREAM *stream, CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *rsaKey = contextInfoPtr->ctxPKC;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	/* Read the header and key components */
	readOctetStringHole( stream, NULL, DEFAULT_TAG );
	readSequence( stream, NULL );
	readShortInteger( stream, NULL );
	readBignum( stream, &rsaKey->rsaParam_n );
	readBignum( stream, &rsaKey->rsaParam_e );
	readBignum( stream, &rsaKey->rsaParam_d );
	readBignum( stream, &rsaKey->rsaParam_p );
	readBignum( stream, &rsaKey->rsaParam_q );
	readBignum( stream, &rsaKey->rsaParam_exponent1 );
	readBignum( stream, &rsaKey->rsaParam_exponent2 );
	return( readBignum( stream, &rsaKey->rsaParam_u ) );
	}

static int readDlpPrivateKey( STREAM *stream, CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *dlpKey = contextInfoPtr->ctxPKC;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	/* Read the header and key components */
	if( peekTag( stream ) == BER_SEQUENCE )
		{
		/* Erroneously written in older code */
		readSequence( stream, NULL );
		return( readBignumTag( stream, &dlpKey->dlpParam_x, 0 ) );
		}
	return( readBignum( stream, &dlpKey->dlpParam_x ) );
	}

/* Read PGP private key components.  This function assumes that the public
   portion of the context has already been set up */

static int readPgpRsaPrivateKey( STREAM *stream, CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *rsaKey = contextInfoPtr->ctxPKC;
	int status;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	/* Read the PGP private key information */
	status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_d, 
									   MIN_PKCSIZE_BITS, 
									   bytesToBits( PGP_MAX_MPISIZE ) );
	if( cryptStatusOK( status ) )
		status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_p, 
										   MIN_PKCSIZE_BITS / 2, 
										   bytesToBits( PGP_MAX_MPISIZE ) );
	if( cryptStatusOK( status ) )
		status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_q, 
										   MIN_PKCSIZE_BITS / 2, 
										   bytesToBits( PGP_MAX_MPISIZE ) );
	if( cryptStatusOK( status ) )
		status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_u, 
										   MIN_PKCSIZE_BITS / 2, 
										   bytesToBits( PGP_MAX_MPISIZE ) );
	return( status );
	}

static int readPgpDlpPrivateKey( STREAM *stream, CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *dlpKey = contextInfoPtr->ctxPKC;

	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	/* Read the PGP private key information */
	return( readBignumInteger16Ubits( stream, &dlpKey->dlpParam_x, 155, 
									  bytesToBits( PGP_MAX_MPISIZE ) ) );
	}

/* Umbrella private-key read functions */

static int readPrivateKeyRsaFunction( STREAM *stream, 
									  CONTEXT_INFO *contextInfoPtr,
									  const KEYFORMAT_TYPE formatType )
	{
	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	switch( formatType )
		{
		case KEYFORMAT_PRIVATE:
			return( readRsaPrivateKey( stream, contextInfoPtr ) );

		case KEYFORMAT_PRIVATE_OLD:
			return( readRsaPrivateKeyOld( stream, contextInfoPtr ) );

		case KEYFORMAT_PGP:
			return( readPgpRsaPrivateKey( stream, contextInfoPtr ) );
		}

	assert( NOTREACHED );
	return( CRYPT_ERROR );	/* Get rid of compiler warning */
	}

static int readPrivateKeyDlpFunction( STREAM *stream, 
									  CONTEXT_INFO *contextInfoPtr,
									  const KEYFORMAT_TYPE formatType )
	{
	assert( isWritePtr( stream, sizeof( STREAM ) ) );
	assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );

	switch( formatType )
		{
		case KEYFORMAT_PRIVATE:
			return( readDlpPrivateKey( stream, contextInfoPtr ) );

		case KEYFORMAT_PGP:
			return( readPgpDlpPrivateKey( stream, contextInfoPtr ) );
		}

	assert( NOTREACHED );
	return( CRYPT_ERROR );	/* Get rid of compiler warning */
	}

/****************************************************************************
*																			*
*								Read DL Values								*
*																			*
****************************************************************************/

/* Unlike the simpler RSA PKC, DL-based PKCs produce a pair of values that
   need to be encoded as structured data.  The following two functions 
   perform this en/decoding.  SSH assumes that DLP values are two fixed-size
   blocks of 20 bytes, so we can't use the normal read/write routines to 
   handle these values */

int decodeDLValues( const BYTE *buffer, const int bufSize, BIGNUM **value1,
					BIGNUM **value2, const CRYPT_FORMAT_TYPE formatType )
	{
	STREAM stream;
	int status;

	sMemConnect( &stream, buffer, bufSize );

	/* Read the DL components from the buffer */
	switch( formatType )
		{
		case CRYPT_FORMAT_CRYPTLIB:
			readSequence( &stream, NULL );
			status = readBignum( &stream, *value1 );
			if( cryptStatusOK( status ) )
				status = readBignum( &stream, *value2 );
			break;

		case CRYPT_FORMAT_PGP:
			status = readBignumInteger16Ubits( &stream, *value1, 160 - 24,
											   bytesToBits( PGP_MAX_MPISIZE ) );
			if( cryptStatusOK( status ) )
				status = readBignumInteger16Ubits( &stream, *value2, 160 - 24,
												   bytesToBits( PGP_MAX_MPISIZE ) );
			break;
	
		case CRYPT_IFORMAT_SSH:
			status = CRYPT_OK;
			if( BN_bin2bn( buffer, 20, *value1 ) == NULL || \
				BN_bin2bn( buffer + 20, 20, *value2 ) == NULL )
				status = CRYPT_ERROR_MEMORY;
			break;

		default:
			assert( NOTREACHED );
			return( CRYPT_ERROR_NOTAVAIL );
		}

	/* Clean up */
	sMemDisconnect( &stream );
	return( status );
	}

/****************************************************************************
*																			*
*							Context Access Routines							*
*																			*
****************************************************************************/

void initKeyRead( CONTEXT_INFO *contextInfoPtr )
	{
	PKC_INFO *pkcInfo = contextInfoPtr->ctxPKC;

	/* Set the access method pointers */
	if( isDlpAlgo( contextInfoPtr->capabilityInfo->cryptAlgo ) )
		{
		pkcInfo->readPublicKeyFunction = readPublicKeyDlpFunction;
		pkcInfo->readPrivateKeyFunction = readPrivateKeyDlpFunction;
		}
	else
		{
		pkcInfo->readPublicKeyFunction = readPublicKeyRsaFunction;
		pkcInfo->readPrivateKeyFunction = readPrivateKeyRsaFunction;
		}
	}