diff options
Diffstat (limited to 'src/gcrypt/asn1.c')
-rw-r--r-- | src/gcrypt/asn1.c | 189 |
1 files changed, 50 insertions, 139 deletions
diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c index cec6364d..c9d0e525 100644 --- a/src/gcrypt/asn1.c +++ b/src/gcrypt/asn1.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:asn1 + * @Short_description: ASN1 support functions for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -202,12 +210,8 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl memset(&ti, 0, sizeof(ti)); ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti); if((ret != 0) || (ti.tag != TAG_SEQUENCE) || ti.class || !ti.cons || ti.ndef) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "TAG_SEQUENCE is expected: tag=%d", - (int)ti.tag); + xmlSecInternalError2("xmlSecGCryptAsn1ParseTag", NULL, + "TAG_SEQUENCE is expected: tag=%d", (int)ti.tag); return(-1); } @@ -217,22 +221,15 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti); if((ret != 0) || (ti.tag != TAG_INTEGER) || ti.class || ti.cons || ti.ndef) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "TAG_INTEGER is expected - index=%d, tag=%d", - (int)idx, (int)ti.tag); + xmlSecInternalError3("xmlSecGCryptAsn1ParseTag", NULL, + "TAG_INTEGER is expected - index=%d, tag=%d", + (int)idx, (int)ti.tag); return(-1); } err = gcry_mpi_scan(&(params[idx]), GCRYMPI_FMT_USG, buf, ti.length, NULL); if((err != GPG_ERR_NO_ERROR) || (params[idx] == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan", err, NULL); return(-1); } buf += ti.length; @@ -241,12 +238,9 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl /* did we parse everything? */ if(length > 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "too many params - cur=%d, expected=%d", - (int)(idx - 1), (int)params_size); + xmlSecInternalError3("xmlSecGCryptAsn1ParseTag", NULL, + "too many params - cur=%d, expected=%d", + (int)(idx - 1), (int)params_size); return(-1); } @@ -278,23 +272,15 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms, sizeof(keyparms) / sizeof(keyparms[0]) ); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseIntegerSequence", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAsn1ParseIntegerSequence", NULL); goto done; } keyparms_num = ret; /* The value of the first integer should be 0. */ if ((keyparms_num < 1) || (gcry_mpi_cmp_ui(keyparms[0], 0) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "num=%d", - (int)keyparms_num); + xmlSecInternalError2("xmlSecGCryptAsn1ParseTag", NULL, + "num=%d", (int)keyparms_num); goto done; } @@ -319,11 +305,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, break; default: /* unknown */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Unexpected number of parameters, unknown key type", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "keyparms_num=%d", (int)keyparms_num); + xmlSecInvalidIntegerDataError("keyparms_num", keyparms_num, + "the number of parameters matching key type", NULL); goto done; } } @@ -334,11 +317,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePrivateDsa: /* check we have enough params */ if(keyparms_num != 6) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Private DSA key: 6 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Private DSA key params", + keyparms_num, 6, NULL); goto done; } @@ -354,11 +334,7 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2], keyparms[3], keyparms[4], keyparms[5] ); if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private-key/dsa)", err, NULL); goto done; } @@ -367,32 +343,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2], keyparms[3], keyparms[5] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/dsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, s_priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKey(xmlSecGCryptKeyDataDsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -404,11 +368,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePublicDsa: /* check we have enough params */ if(keyparms_num != 5) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Public DSA key: 5 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Public DSA key params", + keyparms_num, 5, NULL); goto done; } @@ -418,32 +379,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[2], keyparms[3], keyparms[4], keyparms[1] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/dsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKey(xmlSecGCryptKeyDataDsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -456,15 +405,13 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePrivateRsa: /* check we have enough params */ if(keyparms_num != 9) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Private RSA key: 9 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Private RSA key params", + keyparms_num, 9, NULL); goto done; } /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* (http://gnupg.10057.n7.nabble.com/RSA-PKCS-1-signing-differs-from-OpenSSL-s-td27920.html) */ /* First check that p < q; if not swap p and q and recompute u. */ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) { gcry_mpi_swap (keyparms[4], keyparms[5]); @@ -474,16 +421,11 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, /* Build the S-expression. */ err = gcry_sexp_build (&s_priv_key, NULL, "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", - keyparms[1], keyparms[2], - keyparms[3], keyparms[4], - keyparms[5], keyparms[8] + keyparms[1], keyparms[2], keyparms[3], + keyparms[4], keyparms[5], keyparms[8] ); if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private-key/rsa)", err, NULL); goto done; } @@ -492,32 +434,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/rsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, s_priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKey(xmlSecGCryptKeyDataRsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -529,11 +459,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePublicRsa: /* check we have enough params */ if(keyparms_num != 3) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Public RSA key: 3 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Public RSA key params", + keyparms_num, 3, NULL); goto done; } @@ -543,32 +470,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/rsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKey(xmlSecGCryptKeyDataRsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -578,11 +493,7 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, #endif /* XMLSEC_NO_RSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Unsupported key type", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=%d", (int)type); + xmlSecInvalidIntegerTypeError("key_type", type, "supported key type", NULL); goto done; break; } |