From ed2ca0bf52dce57bd3f6aff7cba8d0feaf7ba889 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Sat, 1 Jun 2024 16:41:07 -0700 Subject: [PATCH] Using Decode Raw RSA Private Key 1. Add a check for wc_RsaPrivateKeyDecodeRaw() to configure. 2. If wc_RsaPrivateKeyDecodeRaw() is available, use it to load the private key from GetOpenSshKeyRsa(). If unavailable, process the key the original way. --- configure.ac | 2 +- src/internal.c | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 46 insertions(+), 4 deletions(-) diff --git a/configure.ac b/configure.ac index cf95d02fb..c5072b412 100644 --- a/configure.ac +++ b/configure.ac @@ -127,7 +127,7 @@ AC_ARG_WITH(wolfssl, ) AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])]) -AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng]) +AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng wc_RsaPrivateKeyDecodeRaw]) AC_CHECK_DECLS([[pread],[pwrite]],,[unistd.h]) # DEBUG diff --git a/src/internal.c b/src/internal.c index ca57e6579..bbfb981c1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -45,7 +45,6 @@ #include #include #include -#include #include #ifdef WOLFSSH_HAVE_LIBOQS @@ -1353,6 +1352,46 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap) #ifndef WOLFSSH_NO_RSA + +#ifdef HAVE_WC_RSAPRIVATEKEYDECODERAW + +/* + * Utility for GetOpenSshKey() to read in RSA keys. + */ +static int GetOpenSshKeyRsa(RsaKey* key, + const byte* buf, word32 len, word32* idx) +{ + const byte *n, *e, *d, *u, *p, *q; + word32 nSz, eSz, dSz, uSz, pSz, qSz; + int ret; + + ret = wc_InitRsaKey(key, NULL); + if (ret == WS_SUCCESS) + ret = GetMpint(&nSz, &n, buf, len, idx); + if (ret == WS_SUCCESS) + ret = GetMpint(&eSz, &e, buf, len, idx); + if (ret == WS_SUCCESS) + ret = GetMpint(&dSz, &d, buf, len, idx); + if (ret == WS_SUCCESS) + ret = GetMpint(&uSz, &u, buf, len, idx); + if (ret == WS_SUCCESS) + ret = GetMpint(&pSz, &p, buf, len, idx); + if (ret == WS_SUCCESS) + ret = GetMpint(&qSz, &q, buf, len, idx); + if (ret == WS_SUCCESS) + ret = wc_RsaPrivateKeyDecodeRaw(n, nSz, e, eSz, d, dSz, + u, uSz, p, pSz, q, qSz, NULL, 0, NULL, 0, key); + + if (ret != WS_SUCCESS) + ret = WS_RSA_E; + + return ret; +} + +#else /* HAVE_WC_RSAPRIVATEKEYDECODERAW */ + +#include + /* * Utility function to read an Mpint from the stream directly into a mp_int. */ @@ -1374,7 +1413,6 @@ static INLINE int GetMpintToMp(mp_int* mp, /* * For the given RSA key, calculate p^-1 and q^-1. wolfCrypt's RSA * code expects them, but the OpenSSH format key doesn't store them. - * TODO: Add a RSA read function to wolfCrypt to handle this condition. */ static INLINE int CalcRsaInverses(RsaKey* key) { @@ -1427,7 +1465,11 @@ static int GetOpenSshKeyRsa(RsaKey* key, return ret; } -#endif + +#endif /* HAVE_WC_RSAPRIVATEKEYDECODERAW */ + +#endif /* WOLFSSH_NO_RSA */ + #ifndef WOLFSSH_NO_ECDSA /*