Add a couple of new helper functions to BER_Decoder:

decode_and_check takes an expected value; if the decoded value does
not match, a Decoding_Error with a specified string is thrown. Useful
for checking embedded version codes.

decode_octet_string_bigint is for decoding INTEGER values that are
stored as OCTET STRINGs. Totally obnoxious and useless, but common
especially in the ECC standards.

1 files changed, 3 insertions, 11 deletions

diff --git a/src/pubkey/ecc_key/ecc_key.cpp b/src/pubkey/ecc_key/ecc_key.cpp
index a4bd9b635..fdb29b29f 100644
--- a/src/pubkey/ecc_key/ecc_key.cpp
+++ b/src/pubkey/ecc_key/ecc_key.cpp
@@ -125,7 +125,7 @@ MemoryVector<byte> EC_PrivateKey::pkcs8_private_key() const
    {
    return DER_Encoder()
       .start_cons(SEQUENCE)
-         .encode(BigInt(1))
+         .encode(static_cast<u32bit>(1))
          .encode(BigInt::encode_1363(private_key, private_key.bytes()),
                  OCTET_STRING)
       .end_cons()
@@ -138,21 +138,13 @@ EC_PrivateKey::EC_PrivateKey(const AlgorithmIdentifier& alg_id,
    domain_params = EC_Domain_Params(alg_id.parameters);
    domain_encoding = EC_DOMPAR_ENC_EXPLICIT;
 
-   u32bit version;
-   SecureVector<byte> octstr_secret;
-
    BER_Decoder(key_bits)
       .start_cons(SEQUENCE)
-         .decode(version)
-         .decode(octstr_secret, OCTET_STRING)
+         .decode_and_check<u32bit>(1, "Unknown version code for ECC key")
+         .decode_octet_string_bigint(private_key)
       .verify_end()
       .end_cons();
 
-   if(version != 1)
-      throw Decoding_Error("Wrong key format version for EC key");
-
-   private_key = BigInt::decode(octstr_secret, octstr_secret.size());
-
    public_key = domain().get_base_point() * private_key;
 
    try