Using Decode Raw RSA Private Key

1. Add a check for wc_RsaPrivateKeyDecodeRaw() to configure. 2. If wc_RsaPrivateKeyDecodeRaw() is available, use it to load the private key from GetOpenSshKeyRsa(). If unavailable, process the key the original way.
ejohnstown · Jun 2, 2024 · ed2ca0b · ed2ca0b
1 parent 0e72885
commit ed2ca0b
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 4 deletions.
diff --git a/configure.ac b/configure.ac
@@ -127,7 +127,7 @@ AC_ARG_WITH(wolfssl,
 )
 
 AC_CHECK_LIB([wolfssl],[wolfCrypt_Init],,[AC_MSG_ERROR([libwolfssl is required for ${PACKAGE}. It can be obtained from https://www.wolfssl.com/download.html/ .])])
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng])
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday inet_ntoa memset socket wc_ecc_set_rng wc_RsaPrivateKeyDecodeRaw])
 AC_CHECK_DECLS([[pread],[pwrite]],,[unistd.h])
 
 # DEBUG

diff --git a/src/internal.c b/src/internal.c
@@ -45,7 +45,6 @@
 #include <wolfssl/wolfcrypt/rsa.h>
 #include <wolfssl/wolfcrypt/ecc.h>
 #include <wolfssl/wolfcrypt/hmac.h>
-#include <wolfssl/wolfcrypt/integer.h>
 #include <wolfssl/wolfcrypt/signature.h>
 
 #ifdef WOLFSSH_HAVE_LIBOQS
@@ -1353,6 +1352,46 @@ int IdentifyAsn1Key(const byte* in, word32 inSz, int isPrivate, void* heap)
 
 
 #ifndef WOLFSSH_NO_RSA
+
+#ifdef HAVE_WC_RSAPRIVATEKEYDECODERAW
+
+/*
+ * Utility for GetOpenSshKey() to read in RSA keys.
+ */
+static int GetOpenSshKeyRsa(RsaKey* key,
+        const byte* buf, word32 len, word32* idx)
+{
+    const byte *n, *e, *d, *u, *p, *q;
+    word32 nSz, eSz, dSz, uSz, pSz, qSz;
+    int ret;
+
+    ret = wc_InitRsaKey(key, NULL);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&nSz, &n, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&eSz, &e, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&dSz, &d, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&uSz, &u, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&pSz, &p, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = GetMpint(&qSz, &q, buf, len, idx);
+    if (ret == WS_SUCCESS)
+        ret = wc_RsaPrivateKeyDecodeRaw(n, nSz, e, eSz, d, dSz,
+                u, uSz, p, pSz, q, qSz, NULL, 0, NULL, 0, key);
+
+    if (ret != WS_SUCCESS)
+        ret = WS_RSA_E;
+
+    return ret;
+}
+
+#else /* HAVE_WC_RSAPRIVATEKEYDECODERAW */
+
+#include <wolfssl/wolfcrypt/integer.h>
+
 /*
  * Utility function to read an Mpint from the stream directly into a mp_int.
  */
@@ -1374,7 +1413,6 @@ static INLINE int GetMpintToMp(mp_int* mp,
 /*
  * For the given RSA key, calculate p^-1 and q^-1. wolfCrypt's RSA
  * code expects them, but the OpenSSH format key doesn't store them.
- * TODO: Add a RSA read function to wolfCrypt to handle this condition.
  */
 static INLINE int CalcRsaInverses(RsaKey* key)
 {
@@ -1427,7 +1465,11 @@ static int GetOpenSshKeyRsa(RsaKey* key,
 
     return ret;
 }
-#endif
+
+#endif /* HAVE_WC_RSAPRIVATEKEYDECODERAW */
+
+#endif /* WOLFSSH_NO_RSA */
+
 
 #ifndef WOLFSSH_NO_ECDSA
 /*