📄 key_rd.c
字号:
is a pure public key rather than merely the public portions of a
private key the actions will be restricted at that point to encrypt
and signature-check only */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_ENCRYPT, ACTION_PERM_ALL ) | \
MK_ACTION_PERM( MESSAGE_CTX_DECRYPT, ACTION_PERM_ALL ) | \
MK_ACTION_PERM( MESSAGE_CTX_SIGN, ACTION_PERM_ALL ) | \
MK_ACTION_PERM( MESSAGE_CTX_SIGCHECK, ACTION_PERM_ALL );
/* Read the BITSTRING encapsulation and the public key fields */
readBitStringHole( stream, NULL, MIN_PKCSIZE, DEFAULT_TAG );
readSequence( stream, NULL );
status = readBignumChecked( stream, &rsaKey->rsaParam_n,
RSAPARAM_MIN_N, RSAPARAM_MAX_N, NULL );
if( cryptStatusOK( status ) )
status = readBignum( stream, &rsaKey->rsaParam_e,
RSAPARAM_MIN_E, RSAPARAM_MAX_E,
&rsaKey->rsaParam_n );
return( status );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readDlpSubjectPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
PKC_INFO *dlpKey = contextInfoPtr->ctxPKC;
CRYPT_ALGO_TYPE cryptAlgo;
int extraLength, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
( contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DH || \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DSA || \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_ELGAMAL ) );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Read the SubjectPublicKeyInfo header field and parameter data if
there's any present */
readGenericHole( stream, NULL, 8 + DLPPARAM_MIN_P + DLPPARAM_MIN_G + \
DLPPARAM_MIN_Q, DEFAULT_TAG );
status = readAlgoIDparams( stream, &cryptAlgo, &extraLength );
if( cryptStatusError( status ) )
return( status );
if( extraLength > 0 )
{
if( contextInfoPtr->capabilityInfo->cryptAlgo != cryptAlgo )
return( CRYPT_ERROR_BADDATA );
/* Read the header and key parameters */
readSequence( stream, NULL );
status = readBignumChecked( stream, &dlpKey->dlpParam_p,
DLPPARAM_MIN_P, DLPPARAM_MAX_P, NULL );
if( cryptStatusError( status ) )
return( status );
if( hasReversedParams( cryptAlgo ) )
{
status = readBignum( stream, &dlpKey->dlpParam_g,
DLPPARAM_MIN_G, DLPPARAM_MAX_G,
&dlpKey->dlpParam_p );
if( cryptStatusOK( status ) )
status = readBignum( stream, &dlpKey->dlpParam_q,
DLPPARAM_MIN_Q, DLPPARAM_MAX_Q,
&dlpKey->dlpParam_p );
}
else
{
status = readBignum( stream, &dlpKey->dlpParam_q,
DLPPARAM_MIN_Q, DLPPARAM_MAX_Q,
&dlpKey->dlpParam_p );
if( cryptStatusOK( status ) )
status = readBignum( stream, &dlpKey->dlpParam_g,
DLPPARAM_MIN_G, DLPPARAM_MAX_G,
&dlpKey->dlpParam_p );
}
if( cryptStatusError( status ) )
return( status );
}
/* Set the maximum permitted actions. Because of the special-case data
formatting requirements for DLP algorithms we make the usage
internal-only. If the key is a pure public key rather than merely
the public portions of a private key the actions will be restricted
by higher-level code to signature-check only */
if( cryptAlgo == CRYPT_ALGO_DSA )
{
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_SIGN, \
ACTION_PERM_NONE_EXTERNAL ) | \
MK_ACTION_PERM( MESSAGE_CTX_SIGCHECK, \
ACTION_PERM_NONE_EXTERNAL );
}
else
{
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_ENCRYPT, \
ACTION_PERM_NONE_EXTERNAL ) | \
MK_ACTION_PERM( MESSAGE_CTX_DECRYPT, \
ACTION_PERM_NONE_EXTERNAL );
}
/* Read the BITSTRING encapsulation and the public key fields */
readBitStringHole( stream, NULL, MIN_PKCSIZE, DEFAULT_TAG );
return( readBignumChecked( stream, &dlpKey->dlpParam_y,
DLPPARAM_MIN_Y, DLPPARAM_MAX_Y,
&dlpKey->dlpParam_p ) );
}
#ifdef USE_ECC
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readEccSubjectPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_ECDSA );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Set the maximum permitted actions. Because of the special-case data
formatting requirements for DLP algorithms we make the usage
internal-only. If the key is a pure public key rather than merely
the public portions of a private key the actions will be restricted
by higher-level code to signature-check only */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_SIGN, \
ACTION_PERM_NONE_EXTERNAL ) | \
MK_ACTION_PERM( MESSAGE_CTX_SIGCHECK, \
ACTION_PERM_NONE_EXTERNAL );
return( CRYPT_ERROR_NOTAVAIL );
}
#endif /* USE_ECC */
#ifdef USE_SSH1
/* Read SSHv1 public keys:
uint32 keysize_bits
mpint exponent
mpint modulus */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readSsh1RsaPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
PKC_INFO *rsaKey = contextInfoPtr->ctxPKC;
int length, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_RSA );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Make sure that the nominal keysize value is valid */
status = length = readUint32( stream );
if( cryptStatusError( status ) )
return( status );
if( length < bytesToBits( RSAPARAM_MIN_E + RSAPARAM_MIN_N ) || \
length > bytesToBits( RSAPARAM_MAX_E + RSAPARAM_MAX_N ) )
return( CRYPT_ERROR_BADDATA );
/* Set the maximum permitted actions. SSH keys are only used internally
so we restrict the usage to internal-only */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_ENCRYPT, \
ACTION_PERM_NONE_EXTERNAL );
/* Read the SSH public key information */
status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_e,
bytesToBits( RSAPARAM_MIN_E ),
bytesToBits( RSAPARAM_MAX_E ),
NULL );
if( cryptStatusOK( status ) )
status = readBignumInteger16Ubits( stream, &rsaKey->rsaParam_n,
bytesToBits( RSAPARAM_MIN_N ),
bytesToBits( RSAPARAM_MAX_N ),
NULL );
return( status );
}
#endif /* USE_SSH1 */
#ifdef USE_SSH
/* Read SSHv2 public keys:
string certificate
string "ssh-rsa" "ssh-dss"
mpint e p
mpint n q
mpint g
mpint y */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readSshRsaPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
PKC_INFO *rsaKey = contextInfoPtr->ctxPKC;
char buffer[ 16 + 8 ];
int length, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_RSA );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Read the wrapper and make sure that it's OK */
readUint32( stream );
status = readString32( stream, buffer, 7, &length );
if( cryptStatusError( status ) )
return( status );
if( length != 7 || memcmp( buffer, "ssh-rsa", 7 ) )
return( CRYPT_ERROR_BADDATA );
/* Set the maximum permitted actions. SSH keys are only used internally
so we restrict the usage to internal-only */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_SIGCHECK, \
ACTION_PERM_NONE_EXTERNAL );
/* Read the SSH public key information */
status = readBignumInteger32( stream, &rsaKey->rsaParam_e,
RSAPARAM_MIN_E, RSAPARAM_MAX_E,
NULL );
if( cryptStatusOK( status ) )
status = readBignumInteger32Checked( stream, &rsaKey->rsaParam_n,
RSAPARAM_MIN_N, RSAPARAM_MAX_N );
return( status );
}
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readSshDlpPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
PKC_INFO *dsaKey = contextInfoPtr->ctxPKC;
const BOOLEAN isDH = \
( contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DH );
char buffer[ 16 + 8 ];
int length, status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
( contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DH || \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DSA ) );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Read the wrapper and make sure that it's OK. SSHv2 uses PKCS #3
rather than X9.42-style DH keys so we have to treat this algorithm
type specially */
readUint32( stream );
if( isDH )
{
status = readString32( stream, buffer, 6, &length );
if( cryptStatusError( status ) )
return( status );
if( length != 6 || memcmp( buffer, "ssh-dh", 6 ) )
return( CRYPT_ERROR_BADDATA );
/* Set the maximum permitted actions. SSH keys are only used
internally so we restrict the usage to internal-only. Since DH
keys can be both public and private keys we allow both usage
types even though technically it's a public key */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_ENCRYPT, \
ACTION_PERM_NONE_EXTERNAL ) | \
MK_ACTION_PERM( MESSAGE_CTX_DECRYPT, \
ACTION_PERM_NONE_EXTERNAL );
/* Read the SSH public key information */
status = readBignumInteger32Checked( stream, &dsaKey->dlpParam_p,
DLPPARAM_MIN_P, DLPPARAM_MAX_P );
if( cryptStatusOK( status ) )
status = readBignumInteger32( stream, &dsaKey->dlpParam_g,
DLPPARAM_MIN_G, DLPPARAM_MAX_G,
&dsaKey->dlpParam_p );
return( status );
}
/* It's a standard DLP key, read the wrapper and make sure that it's
OK */
status = readString32( stream, buffer, 7, &length );
if( cryptStatusError( status ) )
return( status );
if( length != 7 || memcmp( buffer, "ssh-dss", 7 ) )
return( CRYPT_ERROR_BADDATA );
/* Set the maximum permitted actions. SSH keys are only used internally
so we restrict the usage to internal-only */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_SIGCHECK, \
ACTION_PERM_NONE_EXTERNAL );
/* Read the SSH public key information */
status = readBignumInteger32Checked( stream, &dsaKey->dlpParam_p,
DLPPARAM_MIN_P, DLPPARAM_MAX_P );
if( cryptStatusOK( status ) )
status = readBignumInteger32( stream, &dsaKey->dlpParam_q,
DLPPARAM_MIN_Q, DLPPARAM_MAX_Q,
&dsaKey->dlpParam_p );
if( cryptStatusOK( status ) )
status = readBignumInteger32( stream, &dsaKey->dlpParam_g,
DLPPARAM_MIN_G, DLPPARAM_MAX_G,
&dsaKey->dlpParam_p );
if( cryptStatusOK( status ) && !isDH )
status = readBignumInteger32( stream, &dsaKey->dlpParam_y,
DLPPARAM_MIN_Y, DLPPARAM_MAX_Y,
&dsaKey->dlpParam_p );
return( status );
}
#endif /* USE_SSH */
#ifdef USE_SSL
/* Read SSL public keys:
uint16 dh_pLen
byte[] dh_p
uint16 dh_gLen
byte[] dh_g
[ uint16 dh_YsLen ]
[ byte[] dh_Ys ]
The DH y value is nominally attached to the DH p and g values but isn't
processed at this level since this is a pure PKCS #3 DH key and not a
generic DLP key */
CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
static int readSslDlpPublicKey( INOUT STREAM *stream,
INOUT CONTEXT_INFO *contextInfoPtr,
OUT_FLAGS_Z( ACTION_PERM ) int *actionFlags )
{
PKC_INFO *dhKey = contextInfoPtr->ctxPKC;
int status;
assert( isWritePtr( stream, sizeof( STREAM ) ) );
assert( isWritePtr( contextInfoPtr, sizeof( CONTEXT_INFO ) ) );
assert( isWritePtr( actionFlags, sizeof( int ) ) );
REQUIRES( contextInfoPtr->type == CONTEXT_PKC && \
contextInfoPtr->capabilityInfo->cryptAlgo == CRYPT_ALGO_DH );
/* Clear return value */
*actionFlags = ACTION_PERM_NONE;
/* Set the maximum permitted actions. SSL keys are only used
internally so we restrict the usage to internal-only. Since DH
keys can be both public and private keys we allow both usage
types even though technically it's a public key */
*actionFlags = MK_ACTION_PERM( MESSAGE_CTX_ENCRYPT, \
ACTION_PERM_NONE_EXTERNAL ) | \
MK_ACTION_PERM( MESSAGE_CTX_DECRYPT, \
ACTION_PERM_NONE_EXTERNAL );
/* Read the SSL public key information */
status = readBignumInteger16UChecked( stream, &dhKey->dlpParam_p,
DLPPARAM_MIN_P, DLPPARAM_MAX_P );
if( cryptStatusOK( status ) )
status = readBignumInteger16U( stream, &dhKey->dlpParam_g,
DLPPARAM_MIN_G, DLPPARAM_MAX_G,
&dhKey->dlpParam_p );
return( status );
}
#endif /* USE_SSL */
#ifdef USE_PGP
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -