2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #include <gnutls_int.h>
25 #include <gnutls_datum.h>
26 #include <gnutls_global.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_rsa_export.h>
30 #include <gnutls_x509.h>
33 #include <algorithms.h>
34 #include <gnutls_num.h>
36 #include <pbkdf2-sha1.h>
38 static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn
, gnutls_x509_privkey_t pkey
);
40 #define PBES2_OID "1.2.840.113549.1.5.13"
41 #define PBKDF2_OID "1.2.840.113549.1.5.12"
42 #define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
43 #define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
44 #define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
45 #define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
46 #define DES_CBC_OID "1.3.14.3.2.7"
48 /* oid_pbeWithSHAAnd3_KeyTripleDES_CBC */
49 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
50 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
51 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
57 unsigned int iter_count
;
58 unsigned int key_size
;
63 gnutls_cipher_algorithm_t cipher
;
64 uint8_t iv
[MAX_CIPHER_BLOCK_SIZE
];
68 static int generate_key (schema_id schema
, const char *password
,
69 struct pbkdf2_params
*kdf_params
,
70 struct pbe_enc_params
*enc_params
,
71 gnutls_datum_t
* key
);
72 static int read_pbkdf2_params (ASN1_TYPE pbes2_asn
,
73 const gnutls_datum_t
* der
,
74 struct pbkdf2_params
*params
);
75 static int read_pbe_enc_params (ASN1_TYPE pbes2_asn
,
76 const gnutls_datum_t
* der
,
77 struct pbe_enc_params
*params
);
78 static int decrypt_data (schema_id
, ASN1_TYPE pkcs8_asn
, const char *root
,
80 const struct pbkdf2_params
*kdf_params
,
81 const struct pbe_enc_params
*enc_params
,
82 gnutls_datum_t
* decrypted_data
);
83 static int decode_private_key_info (const gnutls_datum_t
* der
,
84 gnutls_x509_privkey_t pkey
);
85 static int write_schema_params (schema_id schema
, ASN1_TYPE pkcs8_asn
,
87 const struct pbkdf2_params
*kdf_params
,
88 const struct pbe_enc_params
*enc_params
);
89 static int encrypt_data (const gnutls_datum_t
* plain
,
90 const struct pbe_enc_params
*enc_params
,
91 gnutls_datum_t
* key
, gnutls_datum_t
* encrypted
);
93 static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn
,
94 struct pbkdf2_params
*params
);
95 static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn
,
96 const struct pbkdf2_params
*params
);
98 #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
99 #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
101 /* Returns a negative error code if the encryption schema in
102 * the OID is not supported. The schema ID is returned.
105 check_schema (const char *oid
)
108 if (strcmp (oid
, PBES2_OID
) == 0)
109 return PBES2_GENERIC
; /* ok */
111 if (strcmp (oid
, PKCS12_PBE_3DES_SHA1_OID
) == 0)
112 return PKCS12_3DES_SHA1
;
114 if (strcmp (oid
, PKCS12_PBE_ARCFOUR_SHA1_OID
) == 0)
115 return PKCS12_ARCFOUR_SHA1
;
117 if (strcmp (oid
, PKCS12_PBE_RC2_40_SHA1_OID
) == 0)
118 return PKCS12_RC2_40_SHA1
;
120 _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid
);
122 return GNUTLS_E_UNKNOWN_CIPHER_TYPE
;
125 /* Encodes a private key to the raw format PKCS #8 needs.
126 * For RSA it is a PKCS #1 DER private key and for DSA it is
127 * an ASN.1 INTEGER of the x value.
130 _encode_privkey (gnutls_x509_privkey_t pkey
, gnutls_datum_t
* raw
)
133 uint8_t *data
= NULL
;
135 ASN1_TYPE spk
= ASN1_TYPE_EMPTY
;
137 switch (pkey
->pk_algorithm
)
142 gnutls_x509_privkey_export (pkey
, GNUTLS_X509_FMT_DER
, NULL
, &size
);
143 if (ret
!= GNUTLS_E_SHORT_MEMORY_BUFFER
)
149 data
= gnutls_malloc (size
);
153 ret
= GNUTLS_E_MEMORY_ERROR
;
159 gnutls_x509_privkey_export (pkey
, GNUTLS_X509_FMT_DER
, data
, &size
);
170 /* DSAPublicKey == INTEGER */
171 if ((ret
= asn1_create_element
172 (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk
))
176 return _gnutls_asn2err (ret
);
179 ret
= _gnutls_x509_write_int (spk
, "", pkey
->params
.params
[4], 1);
185 ret
= _gnutls_x509_der_encode (spk
, "", raw
, 0);
192 asn1_delete_structure (&spk
);
197 return GNUTLS_E_INVALID_REQUEST
;
204 asn1_delete_structure (&spk
);
210 * Encodes a PKCS #1 private key to a PKCS #8 private key
211 * info. The output will be allocated and stored into der. Also
212 * the ASN1_TYPE of private key info will be returned.
215 encode_to_private_key_info (gnutls_x509_privkey_t pkey
,
216 gnutls_datum_t
* der
, ASN1_TYPE
* pkey_info
)
221 gnutls_datum_t algo_params
= { NULL
, 0 };
222 gnutls_datum_t algo_privkey
= { NULL
, 0 };
224 oid
= _gnutls_x509_pk_to_oid(pkey
->pk_algorithm
);
228 return GNUTLS_E_UNIMPLEMENTED_FEATURE
;
232 _gnutls_x509_write_pubkey_params (pkey
->pk_algorithm
, &pkey
->params
, &algo_params
);
240 asn1_create_element (_gnutls_get_pkix (),
241 "PKIX1.pkcs-8-PrivateKeyInfo",
242 pkey_info
)) != ASN1_SUCCESS
)
245 result
= _gnutls_asn2err (result
);
249 /* Write the version.
251 result
= asn1_write_value (*pkey_info
, "version", &null
, 1);
252 if (result
!= ASN1_SUCCESS
)
255 result
= _gnutls_asn2err (result
);
259 /* write the privateKeyAlgorithm
260 * fields. (OID+NULL data)
263 asn1_write_value (*pkey_info
, "privateKeyAlgorithm.algorithm", oid
, 1);
264 if (result
!= ASN1_SUCCESS
)
267 result
= _gnutls_asn2err (result
);
272 asn1_write_value (*pkey_info
, "privateKeyAlgorithm.parameters",
273 algo_params
.data
, algo_params
.size
);
274 _gnutls_free_datum (&algo_params
);
275 if (result
!= ASN1_SUCCESS
)
278 result
= _gnutls_asn2err (result
);
283 /* Write the raw private key
285 result
= _encode_privkey (pkey
, &algo_privkey
);
293 asn1_write_value (*pkey_info
, "privateKey", algo_privkey
.data
,
295 _gnutls_free_datum (&algo_privkey
);
297 if (result
!= ASN1_SUCCESS
)
300 result
= _gnutls_asn2err (result
);
304 /* Append an empty Attributes field.
306 result
= asn1_write_value (*pkey_info
, "attributes", NULL
, 0);
307 if (result
!= ASN1_SUCCESS
)
310 result
= _gnutls_asn2err (result
);
314 /* DER Encode the generated private key info.
317 result
= asn1_der_coding (*pkey_info
, "", NULL
, &len
, NULL
);
318 if (result
!= ASN1_MEM_ERROR
)
321 result
= _gnutls_asn2err (result
);
325 /* allocate data for the der
328 der
->data
= gnutls_malloc (len
);
329 if (der
->data
== NULL
)
332 return GNUTLS_E_MEMORY_ERROR
;
335 result
= asn1_der_coding (*pkey_info
, "", der
->data
, &len
, NULL
);
336 if (result
!= ASN1_SUCCESS
)
339 result
= _gnutls_asn2err (result
);
346 asn1_delete_structure (pkey_info
);
347 _gnutls_free_datum (&algo_params
);
348 _gnutls_free_datum (&algo_privkey
);
354 cipher_to_pkcs_params (int cipher
, const char **oid
)
358 case GNUTLS_CIPHER_AES_128_CBC
:
360 *oid
= AES_128_CBC_OID
;
361 return "PKIX1.pkcs-5-aes128-CBC-params";
363 case GNUTLS_CIPHER_AES_192_CBC
:
365 *oid
= AES_192_CBC_OID
;
366 return "PKIX1.pkcs-5-aes192-CBC-params";
368 case GNUTLS_CIPHER_AES_256_CBC
:
370 *oid
= AES_256_CBC_OID
;
371 return "PKIX1.pkcs-5-aes256-CBC-params";
373 case GNUTLS_CIPHER_3DES_CBC
:
375 *oid
= DES_EDE3_CBC_OID
;
376 return "PKIX1.pkcs-5-des-EDE3-CBC-params";
385 cipher_to_schema (int cipher
)
389 case GNUTLS_CIPHER_AES_128_CBC
:
390 return PBES2_AES_128
;
392 case GNUTLS_CIPHER_AES_192_CBC
:
393 return PBES2_AES_192
;
395 case GNUTLS_CIPHER_AES_256_CBC
:
396 return PBES2_AES_256
;
398 case GNUTLS_CIPHER_3DES_CBC
:
402 return GNUTLS_E_UNKNOWN_CIPHER_TYPE
;
409 _gnutls_pkcs_flags_to_schema (unsigned int flags
)
413 if (flags
& GNUTLS_PKCS_USE_PKCS12_ARCFOUR
)
414 schema
= PKCS12_ARCFOUR_SHA1
;
415 else if (flags
& GNUTLS_PKCS_USE_PKCS12_RC2_40
)
416 schema
= PKCS12_RC2_40_SHA1
;
417 else if (flags
& GNUTLS_PKCS_USE_PBES2_3DES
)
419 else if (flags
& GNUTLS_PKCS_USE_PBES2_AES_128
)
420 schema
= PBES2_AES_128
;
421 else if (flags
& GNUTLS_PKCS_USE_PBES2_AES_192
)
422 schema
= PBES2_AES_192
;
423 else if (flags
& GNUTLS_PKCS_USE_PBES2_AES_256
)
424 schema
= PBES2_AES_256
;
429 ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
431 schema
= PKCS12_3DES_SHA1
;
437 /* returns the OID corresponding to given schema
440 schema_to_oid (schema_id schema
, const char **str_oid
)
450 *str_oid
= PBES2_OID
;
452 case PKCS12_3DES_SHA1
:
453 *str_oid
= PKCS12_PBE_3DES_SHA1_OID
;
455 case PKCS12_ARCFOUR_SHA1
:
456 *str_oid
= PKCS12_PBE_ARCFOUR_SHA1_OID
;
458 case PKCS12_RC2_40_SHA1
:
459 *str_oid
= PKCS12_PBE_RC2_40_SHA1_OID
;
463 result
= GNUTLS_E_INTERNAL_ERROR
;
469 /* Converts a PKCS #8 private key info to
470 * a PKCS #8 EncryptedPrivateKeyInfo.
473 encode_to_pkcs8_key (schema_id schema
, const gnutls_datum_t
* der_key
,
474 const char *password
, ASN1_TYPE
* out
)
477 gnutls_datum_t key
= { NULL
, 0 };
478 gnutls_datum_t tmp
= { NULL
, 0 };
479 ASN1_TYPE pkcs8_asn
= ASN1_TYPE_EMPTY
;
480 struct pbkdf2_params kdf_params
;
481 struct pbe_enc_params enc_params
;
486 asn1_create_element (_gnutls_get_pkix (),
487 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
488 &pkcs8_asn
)) != ASN1_SUCCESS
)
491 result
= _gnutls_asn2err (result
);
495 /* Write the encryption schema OID
497 result
= schema_to_oid (schema
, &str_oid
);
505 asn1_write_value (pkcs8_asn
, "encryptionAlgorithm.algorithm", str_oid
, 1);
507 if (result
!= ASN1_SUCCESS
)
510 result
= _gnutls_asn2err (result
);
514 /* Generate a symmetric key.
517 result
= generate_key (schema
, password
, &kdf_params
, &enc_params
, &key
);
525 write_schema_params (schema
, pkcs8_asn
,
526 "encryptionAlgorithm.parameters", &kdf_params
,
534 /* Parameters have been encoded. Now
537 result
= encrypt_data (der_key
, &enc_params
, &key
, &tmp
);
544 /* write the encrypted data.
546 result
= asn1_write_value (pkcs8_asn
, "encryptedData", tmp
.data
, tmp
.size
);
547 if (result
!= ASN1_SUCCESS
)
550 result
= _gnutls_asn2err (result
);
554 _gnutls_free_datum (&tmp
);
555 _gnutls_free_datum (&key
);
562 _gnutls_free_datum (&key
);
563 _gnutls_free_datum (&tmp
);
564 asn1_delete_structure (&pkcs8_asn
);
570 * gnutls_x509_privkey_export_pkcs8:
571 * @key: Holds the key
572 * @format: the format of output params. One of PEM or DER.
573 * @password: the password that will be used to encrypt the key.
574 * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
575 * @output_data: will contain a private key PEM or DER encoded
576 * @output_data_size: holds the size of output_data (and will be
577 * replaced by the actual size of parameters)
579 * This function will export the private key to a PKCS8 structure.
580 * Both RSA and DSA keys can be exported. For DSA keys we use
581 * PKCS #11 definitions. If the flags do not specify the encryption
582 * cipher, then the default 3DES (PBES2) will be used.
584 * The @password can be either ASCII or UTF-8 in the default PBES2
585 * encryption schemas, or ASCII for the PKCS12 schemas.
587 * If the buffer provided is not long enough to hold the output, then
588 * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
591 * If the structure is PEM encoded, it will have a header
592 * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
593 * encryption is not used.
595 * Returns: In case of failure a negative error code will be
596 * returned, and 0 on success.
599 gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key
,
600 gnutls_x509_crt_fmt_t format
,
601 const char *password
,
604 size_t * output_data_size
)
606 ASN1_TYPE pkcs8_asn
, pkey_info
;
614 return GNUTLS_E_INVALID_REQUEST
;
617 /* Get the private key info
618 * tmp holds the DER encoding.
620 ret
= encode_to_private_key_info (key
, &tmp
, &pkey_info
);
627 schema
= _gnutls_pkcs_flags_to_schema (flags
);
629 if ((flags
& GNUTLS_PKCS_PLAIN
) || password
== NULL
)
631 _gnutls_free_datum (&tmp
);
634 _gnutls_x509_export_int (pkey_info
, format
,
635 PEM_UNENCRYPTED_PKCS8
,
636 output_data
, output_data_size
);
638 asn1_delete_structure (&pkey_info
);
642 asn1_delete_structure (&pkey_info
); /* we don't need it */
644 ret
= encode_to_pkcs8_key (schema
, &tmp
, password
, &pkcs8_asn
);
645 _gnutls_free_datum (&tmp
);
654 _gnutls_x509_export_int (pkcs8_asn
, format
, PEM_PKCS8
,
655 output_data
, output_data_size
);
657 asn1_delete_structure (&pkcs8_asn
);
664 /* Read the parameters cipher, IV, salt etc using the given
668 read_pkcs_schema_params (schema_id
* schema
, const char *password
,
669 const uint8_t * data
, int data_size
,
670 struct pbkdf2_params
*kdf_params
,
671 struct pbe_enc_params
*enc_params
)
673 ASN1_TYPE pbes2_asn
= ASN1_TYPE_EMPTY
;
682 /* Now check the key derivation and the encryption
686 asn1_create_element (_gnutls_get_pkix (),
687 "PKIX1.pkcs-5-PBES2-params",
688 &pbes2_asn
)) != ASN1_SUCCESS
)
691 result
= _gnutls_asn2err (result
);
695 /* Decode the parameters.
697 result
= asn1_der_decoding (&pbes2_asn
, data
, data_size
, NULL
);
698 if (result
!= ASN1_SUCCESS
)
701 result
= _gnutls_asn2err (result
);
705 tmp
.data
= (uint8_t *) data
;
706 tmp
.size
= data_size
;
708 result
= read_pbkdf2_params (pbes2_asn
, &tmp
, kdf_params
);
712 result
= _gnutls_asn2err (result
);
716 result
= read_pbe_enc_params (pbes2_asn
, &tmp
, enc_params
);
720 result
= _gnutls_asn2err (result
);
724 asn1_delete_structure (&pbes2_asn
);
726 result
= cipher_to_schema (enc_params
->cipher
);
736 case PKCS12_3DES_SHA1
:
737 case PKCS12_ARCFOUR_SHA1
:
738 case PKCS12_RC2_40_SHA1
:
740 if ((*schema
) == PKCS12_3DES_SHA1
)
742 enc_params
->cipher
= GNUTLS_CIPHER_3DES_CBC
;
743 enc_params
->iv_size
= 8;
745 else if ((*schema
) == PKCS12_ARCFOUR_SHA1
)
747 enc_params
->cipher
= GNUTLS_CIPHER_ARCFOUR_128
;
748 enc_params
->iv_size
= 0;
750 else if ((*schema
) == PKCS12_RC2_40_SHA1
)
752 enc_params
->cipher
= GNUTLS_CIPHER_RC2_40_CBC
;
753 enc_params
->iv_size
= 8;
757 asn1_create_element (_gnutls_get_pkix (),
758 "PKIX1.pkcs-12-PbeParams",
759 &pbes2_asn
)) != ASN1_SUCCESS
)
762 result
= _gnutls_asn2err (result
);
766 /* Decode the parameters.
768 result
= asn1_der_decoding (&pbes2_asn
, data
, data_size
, NULL
);
769 if (result
!= ASN1_SUCCESS
)
772 result
= _gnutls_asn2err (result
);
776 result
= read_pkcs12_kdf_params (pbes2_asn
, kdf_params
);
783 if (enc_params
->iv_size
)
786 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params
->salt
,
787 kdf_params
->salt_size
,
788 kdf_params
->iter_count
, password
,
799 asn1_delete_structure (&pbes2_asn
);
807 return GNUTLS_E_UNKNOWN_CIPHER_TYPE
;
810 asn1_delete_structure (&pbes2_asn
);
815 /* Converts a PKCS #8 key to
816 * an internal structure (gnutls_private_key)
817 * (normally a PKCS #1 encoded RSA key)
820 decode_pkcs8_key (const gnutls_datum_t
* raw_key
,
821 const char *password
, gnutls_x509_privkey_t pkey
)
826 ASN1_TYPE pbes2_asn
= ASN1_TYPE_EMPTY
, pkcs8_asn
= ASN1_TYPE_EMPTY
;
827 int params_start
, params_end
, params_len
;
828 struct pbkdf2_params kdf_params
;
829 struct pbe_enc_params enc_params
;
833 asn1_create_element (_gnutls_get_pkix (),
834 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
835 &pkcs8_asn
)) != ASN1_SUCCESS
)
838 result
= _gnutls_asn2err (result
);
842 result
= asn1_der_decoding (&pkcs8_asn
, raw_key
->data
, raw_key
->size
, NULL
);
843 if (result
!= ASN1_SUCCESS
)
846 result
= _gnutls_asn2err (result
);
850 /* Check the encryption schema OID
852 len
= sizeof (enc_oid
);
854 asn1_read_value (pkcs8_asn
, "encryptionAlgorithm.algorithm",
856 if (result
!= ASN1_SUCCESS
)
862 if ((result
= check_schema (enc_oid
)) < 0)
870 /* Get the DER encoding of the parameters.
873 asn1_der_decoding_startEnd (pkcs8_asn
, raw_key
->data
,
875 "encryptionAlgorithm.parameters",
876 ¶ms_start
, ¶ms_end
);
877 if (result
!= ASN1_SUCCESS
)
880 result
= _gnutls_asn2err (result
);
883 params_len
= params_end
- params_start
+ 1;
886 read_pkcs_schema_params (&schema
, password
,
887 &raw_key
->data
[params_start
],
888 params_len
, &kdf_params
, &enc_params
);
896 /* Parameters have been decoded. Now
897 * decrypt the EncryptedData.
900 decrypt_data (schema
, pkcs8_asn
, "encryptedData", password
,
901 &kdf_params
, &enc_params
, &tmp
);
908 asn1_delete_structure (&pkcs8_asn
);
910 result
= decode_private_key_info (&tmp
, pkey
);
911 _gnutls_free_datum (&tmp
);
915 /* We've gotten this far. In the real world it's almost certain
916 * that we're dealing with a good file, but wrong password.
917 * Sadly like 90% of random data is somehow valid DER for the
918 * a first small number of bytes, so no easy way to guarantee. */
919 if (result
== GNUTLS_E_ASN1_ELEMENT_NOT_FOUND
||
920 result
== GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND
||
921 result
== GNUTLS_E_ASN1_DER_ERROR
||
922 result
== GNUTLS_E_ASN1_VALUE_NOT_FOUND
||
923 result
== GNUTLS_E_ASN1_GENERIC_ERROR
||
924 result
== GNUTLS_E_ASN1_VALUE_NOT_VALID
||
925 result
== GNUTLS_E_ASN1_TAG_ERROR
||
926 result
== GNUTLS_E_ASN1_TAG_IMPLICIT
||
927 result
== GNUTLS_E_ASN1_TYPE_ANY_ERROR
||
928 result
== GNUTLS_E_ASN1_SYNTAX_ERROR
||
929 result
== GNUTLS_E_ASN1_DER_OVERFLOW
)
931 result
= GNUTLS_E_DECRYPTION_FAILED
;
941 asn1_delete_structure (&pbes2_asn
);
942 asn1_delete_structure (&pkcs8_asn
);
946 /* Decodes an RSA privateKey from a PKCS8 structure.
949 _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn
, gnutls_x509_privkey_t pkey
)
954 ret
= _gnutls_x509_read_value (pkcs8_asn
, "privateKey", &tmp
, 0);
961 pkey
->key
= _gnutls_privkey_decode_pkcs1_rsa_key (&tmp
, pkey
);
962 _gnutls_free_datum (&tmp
);
963 if (pkey
->key
== NULL
)
975 /* Decodes an ECC privateKey from a PKCS8 structure.
978 _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn
, gnutls_x509_privkey_t pkey
)
983 ret
= _gnutls_x509_read_value (pkcs8_asn
, "privateKey", &tmp
, 0);
990 pkey
->key
= _gnutls_privkey_decode_ecc_key (&tmp
, pkey
);
991 _gnutls_free_datum (&tmp
);
992 if (pkey
->key
== NULL
)
994 ret
= GNUTLS_E_PARSING_ERROR
;
1005 /* Decodes an DSA privateKey and params from a PKCS8 structure.
1008 _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn
, gnutls_x509_privkey_t pkey
)
1013 ret
= _gnutls_x509_read_value (pkcs8_asn
, "privateKey", &tmp
, 0);
1020 ret
= _gnutls_x509_read_der_int (tmp
.data
, tmp
.size
, &pkey
->params
.params
[4]);
1021 _gnutls_free_datum (&tmp
);
1030 _gnutls_x509_read_value (pkcs8_asn
, "privateKeyAlgorithm.parameters",
1038 ret
= _gnutls_x509_read_pubkey_params (GNUTLS_PK_DSA
, tmp
.data
, tmp
.size
, &pkey
->params
);
1039 _gnutls_free_datum (&tmp
);
1046 /* the public key can be generated as g^x mod p */
1047 pkey
->params
.params
[3] = _gnutls_mpi_alloc_like (pkey
->params
.params
[0]);
1048 if (pkey
->params
.params
[3] == NULL
)
1054 _gnutls_mpi_powm (pkey
->params
.params
[3], pkey
->params
.params
[2], pkey
->params
.params
[4],
1055 pkey
->params
.params
[0]);
1057 ret
= _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA
, &pkey
->key
, &pkey
->params
);
1064 pkey
->params
.params_nr
= DSA_PRIVATE_PARAMS
;
1074 decode_private_key_info (const gnutls_datum_t
* der
,
1075 gnutls_x509_privkey_t pkey
)
1079 ASN1_TYPE pkcs8_asn
= ASN1_TYPE_EMPTY
;
1083 asn1_create_element (_gnutls_get_pkix (),
1084 "PKIX1.pkcs-8-PrivateKeyInfo",
1085 &pkcs8_asn
)) != ASN1_SUCCESS
)
1088 result
= _gnutls_asn2err (result
);
1092 result
= asn1_der_decoding (&pkcs8_asn
, der
->data
, der
->size
, NULL
);
1093 if (result
!= ASN1_SUCCESS
)
1096 result
= _gnutls_asn2err (result
);
1100 /* Check the private key algorithm OID
1104 asn1_read_value (pkcs8_asn
, "privateKeyAlgorithm.algorithm", oid
, &len
);
1105 if (result
!= ASN1_SUCCESS
)
1108 result
= _gnutls_asn2err (result
);
1112 /* we only support RSA and DSA private keys.
1115 pkey
->pk_algorithm
= _gnutls_x509_oid2pk_algorithm(oid
);
1116 if (pkey
->pk_algorithm
== GNUTLS_PK_UNKNOWN
)
1120 ("PKCS #8 private key OID '%s' is unsupported.\n", oid
);
1121 result
= GNUTLS_E_UNKNOWN_PK_ALGORITHM
;
1125 /* Get the DER encoding of the actual private key.
1128 if (pkey
->pk_algorithm
== GNUTLS_PK_RSA
)
1129 result
= _decode_pkcs8_rsa_key (pkcs8_asn
, pkey
);
1130 else if (pkey
->pk_algorithm
== GNUTLS_PK_DSA
)
1131 result
= _decode_pkcs8_dsa_key (pkcs8_asn
, pkey
);
1132 else if (pkey
->pk_algorithm
== GNUTLS_PK_EC
)
1133 result
= _decode_pkcs8_ecc_key (pkcs8_asn
, pkey
);
1134 else return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE
);
1145 asn1_delete_structure (&pkcs8_asn
);
1152 * gnutls_x509_privkey_import_pkcs8:
1153 * @key: The structure to store the parsed key
1154 * @data: The DER or PEM encoded key.
1155 * @format: One of DER or PEM
1156 * @password: the password to decrypt the key (if it is encrypted).
1157 * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
1159 * This function will convert the given DER or PEM encoded PKCS8 2.0
1160 * encrypted key to the native gnutls_x509_privkey_t format. The
1161 * output will be stored in @key. Both RSA and DSA keys can be
1162 * imported, and flags can only be used to indicate an unencrypted
1165 * The @password can be either ASCII or UTF-8 in the default PBES2
1166 * encryption schemas, or ASCII for the PKCS12 schemas.
1168 * If the Certificate is PEM encoded it should have a header of
1169 * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
1170 * specify the flags if the key is DER encoded, since in that case
1171 * the encryption status cannot be auto-detected.
1173 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1174 * negative error value.
1177 gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key
,
1178 const gnutls_datum_t
* data
,
1179 gnutls_x509_crt_fmt_t format
,
1180 const char *password
, unsigned int flags
)
1182 int result
= 0, need_free
= 0;
1183 gnutls_datum_t _data
;
1188 return GNUTLS_E_INVALID_REQUEST
;
1191 _data
.data
= data
->data
;
1192 _data
.size
= data
->size
;
1194 key
->pk_algorithm
= GNUTLS_PK_UNKNOWN
;
1196 /* If the Certificate is in PEM format then decode it
1198 if (format
== GNUTLS_X509_FMT_PEM
)
1202 /* Try the first header
1205 _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8
,
1206 data
->data
, data
->size
, &out
);
1209 { /* Try the encrypted header
1212 _gnutls_fbase64_decode (PEM_PKCS8
, data
->data
, data
->size
, &out
);
1217 result
= GNUTLS_E_INTERNAL_ERROR
;
1222 else if (flags
== 0)
1223 flags
|= GNUTLS_PKCS_PLAIN
;
1226 _data
.size
= result
;
1231 if (password
== NULL
|| (flags
& GNUTLS_PKCS_PLAIN
))
1233 result
= decode_private_key_info (&_data
, key
);
1237 result
= decode_pkcs8_key (&_data
, password
, key
);
1247 _gnutls_free_datum (&_data
);
1249 /* The key has now been decoded.
1255 key
->pk_algorithm
= GNUTLS_PK_UNKNOWN
;
1257 _gnutls_free_datum (&_data
);
1261 /* Reads the PBKDF2 parameters.
1264 read_pbkdf2_params (ASN1_TYPE pbes2_asn
,
1265 const gnutls_datum_t
* der
, struct pbkdf2_params
*params
)
1267 int params_start
, params_end
;
1268 int params_len
, len
, result
;
1269 ASN1_TYPE pbkdf2_asn
= ASN1_TYPE_EMPTY
;
1272 memset (params
, 0, sizeof (*params
));
1274 /* Check the key derivation algorithm
1278 asn1_read_value (pbes2_asn
, "keyDerivationFunc.algorithm", oid
, &len
);
1279 if (result
!= ASN1_SUCCESS
)
1282 return _gnutls_asn2err (result
);
1284 _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid
);
1286 if (strcmp (oid
, PBKDF2_OID
) != 0)
1290 ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid
);
1291 return _gnutls_asn2err (result
);
1295 asn1_der_decoding_startEnd (pbes2_asn
, der
->data
, der
->size
,
1296 "keyDerivationFunc.parameters",
1297 ¶ms_start
, ¶ms_end
);
1298 if (result
!= ASN1_SUCCESS
)
1301 return _gnutls_asn2err (result
);
1303 params_len
= params_end
- params_start
+ 1;
1305 /* Now check the key derivation and the encryption
1309 asn1_create_element (_gnutls_get_pkix (),
1310 "PKIX1.pkcs-5-PBKDF2-params",
1311 &pbkdf2_asn
)) != ASN1_SUCCESS
)
1314 return _gnutls_asn2err (result
);
1318 asn1_der_decoding (&pbkdf2_asn
, &der
->data
[params_start
],
1320 if (result
!= ASN1_SUCCESS
)
1323 result
= _gnutls_asn2err (result
);
1328 params
->salt_size
= sizeof (params
->salt
);
1330 asn1_read_value (pbkdf2_asn
, "salt.specified", params
->salt
,
1331 ¶ms
->salt_size
);
1332 if (result
!= ASN1_SUCCESS
)
1335 result
= _gnutls_asn2err (result
);
1338 _gnutls_hard_log ("salt.specified.size: %d\n", params
->salt_size
);
1340 /* read the iteration count
1343 _gnutls_x509_read_uint (pbkdf2_asn
, "iterationCount",
1344 ¶ms
->iter_count
);
1345 if (result
!= ASN1_SUCCESS
)
1350 _gnutls_hard_log ("iterationCount: %d\n", params
->iter_count
);
1352 /* read the keylength, if it is set.
1355 _gnutls_x509_read_uint (pbkdf2_asn
, "keyLength", ¶ms
->key_size
);
1358 params
->key_size
= 0;
1360 _gnutls_hard_log ("keyLength: %d\n", params
->key_size
);
1362 /* We don't read the PRF. We only use the default.
1368 asn1_delete_structure (&pbkdf2_asn
);
1373 /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
1376 read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn
, struct pbkdf2_params
*params
)
1380 memset (params
, 0, sizeof (*params
));
1383 params
->salt_size
= sizeof (params
->salt
);
1385 asn1_read_value (pbes2_asn
, "salt", params
->salt
, ¶ms
->salt_size
);
1386 if (result
!= ASN1_SUCCESS
)
1389 result
= _gnutls_asn2err (result
);
1392 _gnutls_hard_log ("salt.size: %d\n", params
->salt_size
);
1394 /* read the iteration count
1397 _gnutls_x509_read_uint (pbes2_asn
, "iterations", ¶ms
->iter_count
);
1398 if (result
!= ASN1_SUCCESS
)
1403 _gnutls_hard_log ("iterationCount: %d\n", params
->iter_count
);
1405 params
->key_size
= 0;
1414 /* Writes the PBE parameters for PKCS-12 schemas.
1417 write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn
,
1418 const struct pbkdf2_params
*kdf_params
)
1425 asn1_write_value (pbes2_asn
, "salt",
1426 kdf_params
->salt
, kdf_params
->salt_size
);
1427 if (result
!= ASN1_SUCCESS
)
1430 result
= _gnutls_asn2err (result
);
1433 _gnutls_hard_log ("salt.size: %d\n", kdf_params
->salt_size
);
1435 /* write the iteration count
1438 _gnutls_x509_write_uint32 (pbes2_asn
, "iterations",
1439 kdf_params
->iter_count
);
1445 _gnutls_hard_log ("iterationCount: %d\n", kdf_params
->iter_count
);
1455 /* Converts an OID to a gnutls cipher type.
1458 oid2cipher (const char *oid
, gnutls_cipher_algorithm_t
* algo
)
1463 if (strcmp (oid
, DES_EDE3_CBC_OID
) == 0)
1465 *algo
= GNUTLS_CIPHER_3DES_CBC
;
1468 else if (strcmp (oid
, DES_CBC_OID
) == 0)
1470 *algo
= GNUTLS_CIPHER_DES_CBC
;
1473 else if (strcmp (oid
, AES_128_CBC_OID
) == 0)
1475 *algo
= GNUTLS_CIPHER_AES_128_CBC
;
1478 else if (strcmp (oid
, AES_192_CBC_OID
) == 0)
1480 *algo
= GNUTLS_CIPHER_AES_192_CBC
;
1483 else if (strcmp (oid
, AES_256_CBC_OID
) == 0)
1485 *algo
= GNUTLS_CIPHER_AES_256_CBC
;
1489 _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid
);
1490 return GNUTLS_E_UNKNOWN_CIPHER_TYPE
;
1496 read_pbe_enc_params (ASN1_TYPE pbes2_asn
,
1497 const gnutls_datum_t
* der
,
1498 struct pbe_enc_params
*params
)
1500 int params_start
, params_end
;
1501 int params_len
, len
, result
;
1502 ASN1_TYPE pbe_asn
= ASN1_TYPE_EMPTY
;
1504 const char *eparams
;
1506 memset (params
, 0, sizeof (*params
));
1508 /* Check the encryption algorithm
1512 asn1_read_value (pbes2_asn
, "encryptionScheme.algorithm", oid
, &len
);
1513 if (result
!= ASN1_SUCCESS
)
1518 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid
);
1520 if ((result
= oid2cipher (oid
, ¶ms
->cipher
)) < 0)
1527 asn1_der_decoding_startEnd (pbes2_asn
, der
->data
, der
->size
,
1528 "encryptionScheme.parameters",
1529 ¶ms_start
, ¶ms_end
);
1530 if (result
!= ASN1_SUCCESS
)
1533 return _gnutls_asn2err (result
);
1535 params_len
= params_end
- params_start
+ 1;
1537 /* Now check the encryption parameters.
1539 eparams
= cipher_to_pkcs_params (params
->cipher
, NULL
);
1540 if (eparams
== NULL
)
1543 return GNUTLS_E_INVALID_REQUEST
;
1547 asn1_create_element (_gnutls_get_pkix (),
1548 eparams
, &pbe_asn
)) != ASN1_SUCCESS
)
1551 return _gnutls_asn2err (result
);
1555 asn1_der_decoding (&pbe_asn
, &der
->data
[params_start
], params_len
, NULL
);
1556 if (result
!= ASN1_SUCCESS
)
1559 result
= _gnutls_asn2err (result
);
1564 params
->iv_size
= sizeof (params
->iv
);
1565 result
= asn1_read_value (pbe_asn
, "", params
->iv
, ¶ms
->iv_size
);
1566 if (result
!= ASN1_SUCCESS
)
1569 result
= _gnutls_asn2err (result
);
1572 _gnutls_hard_log ("IV.size: %d\n", params
->iv_size
);
1577 asn1_delete_structure (&pbe_asn
);
1583 decrypt_data (schema_id schema
, ASN1_TYPE pkcs8_asn
,
1584 const char *root
, const char *password
,
1585 const struct pbkdf2_params
*kdf_params
,
1586 const struct pbe_enc_params
*enc_params
,
1587 gnutls_datum_t
* decrypted_data
)
1591 uint8_t *data
= NULL
, *key
= NULL
;
1592 gnutls_datum_t dkey
, d_iv
;
1598 result
= asn1_read_value (pkcs8_asn
, root
, NULL
, &data_size
);
1599 if (result
!= ASN1_MEM_ERROR
)
1602 return _gnutls_asn2err (result
);
1605 data
= gnutls_malloc (data_size
);
1609 return GNUTLS_E_MEMORY_ERROR
;
1612 result
= asn1_read_value (pkcs8_asn
, root
, data
, &data_size
);
1613 if (result
!= ASN1_SUCCESS
)
1616 result
= _gnutls_asn2err (result
);
1620 if (kdf_params
->key_size
== 0)
1622 key_size
= gnutls_cipher_get_key_size (enc_params
->cipher
);
1625 key_size
= kdf_params
->key_size
;
1627 key
= gnutls_malloc (key_size
);
1631 result
= GNUTLS_E_MEMORY_ERROR
;
1644 result
= _gnutls_pbkdf2_sha1 (password
, strlen (password
),
1645 kdf_params
->salt
, kdf_params
->salt_size
,
1646 kdf_params
->iter_count
, key
, key_size
);
1656 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params
->salt
,
1657 kdf_params
->salt_size
,
1658 kdf_params
->iter_count
, password
,
1668 /* do the decryption.
1671 dkey
.size
= key_size
;
1673 d_iv
.data
= (uint8_t *) enc_params
->iv
;
1674 d_iv
.size
= enc_params
->iv_size
;
1675 result
= _gnutls_cipher_init (&ch
, enc_params
->cipher
, &dkey
, &d_iv
, 0);
1688 result
= _gnutls_cipher_decrypt (&ch
, data
, data_size
);
1695 decrypted_data
->data
= data
;
1697 if (gnutls_cipher_get_block_size (enc_params
->cipher
) != 1)
1698 decrypted_data
->size
= data_size
- data
[data_size
- 1];
1700 decrypted_data
->size
= data_size
;
1702 _gnutls_cipher_deinit (&ch
);
1710 _gnutls_cipher_deinit (&ch
);
1715 /* Writes the PBKDF2 parameters.
1718 write_pbkdf2_params (ASN1_TYPE pbes2_asn
,
1719 const struct pbkdf2_params
*kdf_params
)
1722 ASN1_TYPE pbkdf2_asn
= ASN1_TYPE_EMPTY
;
1725 /* Write the key derivation algorithm
1728 asn1_write_value (pbes2_asn
, "keyDerivationFunc.algorithm",
1730 if (result
!= ASN1_SUCCESS
)
1733 return _gnutls_asn2err (result
);
1736 /* Now write the key derivation and the encryption
1740 asn1_create_element (_gnutls_get_pkix (),
1741 "PKIX1.pkcs-5-PBKDF2-params",
1742 &pbkdf2_asn
)) != ASN1_SUCCESS
)
1745 return _gnutls_asn2err (result
);
1748 result
= asn1_write_value (pbkdf2_asn
, "salt", "specified", 1);
1749 if (result
!= ASN1_SUCCESS
)
1752 result
= _gnutls_asn2err (result
);
1759 asn1_write_value (pbkdf2_asn
, "salt.specified",
1760 kdf_params
->salt
, kdf_params
->salt_size
);
1761 if (result
!= ASN1_SUCCESS
)
1764 result
= _gnutls_asn2err (result
);
1767 _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params
->salt_size
);
1769 /* write the iteration count
1771 _gnutls_write_uint32 (kdf_params
->iter_count
, tmp
);
1773 result
= asn1_write_value (pbkdf2_asn
, "iterationCount", tmp
, 4);
1774 if (result
!= ASN1_SUCCESS
)
1777 result
= _gnutls_asn2err (result
);
1780 _gnutls_hard_log ("iterationCount: %d\n", kdf_params
->iter_count
);
1782 /* write the keylength, if it is set.
1784 result
= asn1_write_value (pbkdf2_asn
, "keyLength", NULL
, 0);
1785 if (result
!= ASN1_SUCCESS
)
1788 result
= _gnutls_asn2err (result
);
1792 /* We write an emptry prf.
1794 result
= asn1_write_value (pbkdf2_asn
, "prf", NULL
, 0);
1795 if (result
!= ASN1_SUCCESS
)
1798 result
= _gnutls_asn2err (result
);
1802 /* now encode them an put the DER output
1803 * in the keyDerivationFunc.parameters
1805 result
= _gnutls_x509_der_encode_and_copy (pbkdf2_asn
, "",
1807 "keyDerivationFunc.parameters",
1818 asn1_delete_structure (&pbkdf2_asn
);
1825 write_pbe_enc_params (ASN1_TYPE pbes2_asn
,
1826 const struct pbe_enc_params
*params
)
1829 ASN1_TYPE pbe_asn
= ASN1_TYPE_EMPTY
;
1830 const char *oid
, *eparams
;
1832 /* Write the encryption algorithm
1834 eparams
= cipher_to_pkcs_params (params
->cipher
, &oid
);
1835 if (eparams
== NULL
)
1838 return GNUTLS_E_INVALID_REQUEST
;
1841 result
= asn1_write_value (pbes2_asn
, "encryptionScheme.algorithm", oid
, 1);
1842 if (result
!= ASN1_SUCCESS
)
1847 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid
);
1849 /* Now check the encryption parameters.
1852 asn1_create_element (_gnutls_get_pkix (),
1853 eparams
, &pbe_asn
)) != ASN1_SUCCESS
)
1856 return _gnutls_asn2err (result
);
1860 result
= asn1_write_value (pbe_asn
, "", params
->iv
, params
->iv_size
);
1861 if (result
!= ASN1_SUCCESS
)
1864 result
= _gnutls_asn2err (result
);
1867 _gnutls_hard_log ("IV.size: %d\n", params
->iv_size
);
1869 /* now encode them an put the DER output
1870 * in the encryptionScheme.parameters
1872 result
= _gnutls_x509_der_encode_and_copy (pbe_asn
, "",
1874 "encryptionScheme.parameters",
1885 asn1_delete_structure (&pbe_asn
);
1890 /* Generates a key and also stores the key parameters.
1893 generate_key (schema_id schema
,
1894 const char *password
,
1895 struct pbkdf2_params
*kdf_params
,
1896 struct pbe_enc_params
*enc_params
, gnutls_datum_t
* key
)
1898 unsigned char rnd
[2];
1901 ret
= _gnutls_rnd (GNUTLS_RND_RANDOM
, rnd
, 2);
1909 kdf_params
->salt_size
=
1910 MIN (sizeof (kdf_params
->salt
), (unsigned) (10 + (rnd
[1] % 10)));
1915 enc_params
->cipher
= GNUTLS_CIPHER_3DES_CBC
;
1918 enc_params
->cipher
= GNUTLS_CIPHER_AES_128_CBC
;
1921 enc_params
->cipher
= GNUTLS_CIPHER_AES_192_CBC
;
1924 enc_params
->cipher
= GNUTLS_CIPHER_AES_256_CBC
;
1926 /* non PBES2 algorithms */
1927 case PKCS12_ARCFOUR_SHA1
:
1928 enc_params
->cipher
= GNUTLS_CIPHER_ARCFOUR_128
;
1929 kdf_params
->salt_size
= 8;
1931 case PKCS12_3DES_SHA1
:
1932 enc_params
->cipher
= GNUTLS_CIPHER_3DES_CBC
;
1933 kdf_params
->salt_size
= 8;
1935 case PKCS12_RC2_40_SHA1
:
1936 enc_params
->cipher
= GNUTLS_CIPHER_RC2_40_CBC
;
1937 kdf_params
->salt_size
= 8;
1941 return GNUTLS_E_INVALID_REQUEST
;
1944 ret
= _gnutls_rnd (GNUTLS_RND_RANDOM
, kdf_params
->salt
,
1945 kdf_params
->salt_size
);
1949 return GNUTLS_E_RANDOM_FAILED
;
1952 kdf_params
->iter_count
= 256 + rnd
[0];
1953 key
->size
= kdf_params
->key_size
=
1954 gnutls_cipher_get_key_size (enc_params
->cipher
);
1956 enc_params
->iv_size
= _gnutls_cipher_get_iv_size (enc_params
->cipher
);
1957 key
->data
= gnutls_malloc (key
->size
);
1958 if (key
->data
== NULL
)
1961 return GNUTLS_E_MEMORY_ERROR
;
1964 /* now generate the key.
1974 ret
= _gnutls_pbkdf2_sha1 (password
, strlen (password
),
1975 kdf_params
->salt
, kdf_params
->salt_size
,
1976 kdf_params
->iter_count
,
1977 key
->data
, kdf_params
->key_size
);
1984 if (enc_params
->iv_size
)
1986 ret
= _gnutls_rnd (GNUTLS_RND_NONCE
,
1987 enc_params
->iv
, enc_params
->iv_size
);
1998 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params
->salt
,
1999 kdf_params
->salt_size
,
2000 kdf_params
->iter_count
, password
,
2001 kdf_params
->key_size
, key
->data
);
2008 /* Now generate the IV
2010 if (enc_params
->iv_size
)
2013 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params
->salt
,
2014 kdf_params
->salt_size
,
2015 kdf_params
->iter_count
, password
,
2016 enc_params
->iv_size
,
2031 /* Encodes the parameters to be written in the encryptionAlgorithm.parameters
2035 write_schema_params (schema_id schema
, ASN1_TYPE pkcs8_asn
,
2037 const struct pbkdf2_params
*kdf_params
,
2038 const struct pbe_enc_params
*enc_params
)
2041 ASN1_TYPE pbes2_asn
= ASN1_TYPE_EMPTY
;
2050 asn1_create_element (_gnutls_get_pkix (),
2051 "PKIX1.pkcs-5-PBES2-params",
2052 &pbes2_asn
)) != ASN1_SUCCESS
)
2055 return _gnutls_asn2err (result
);
2058 result
= write_pbkdf2_params (pbes2_asn
, kdf_params
);
2065 result
= write_pbe_enc_params (pbes2_asn
, enc_params
);
2072 result
= _gnutls_x509_der_encode_and_copy (pbes2_asn
, "",
2073 pkcs8_asn
, where
, 0);
2080 asn1_delete_structure (&pbes2_asn
);
2086 asn1_create_element (_gnutls_get_pkix (),
2087 "PKIX1.pkcs-12-PbeParams",
2088 &pbes2_asn
)) != ASN1_SUCCESS
)
2091 result
= _gnutls_asn2err (result
);
2095 result
= write_pkcs12_kdf_params (pbes2_asn
, kdf_params
);
2102 result
= _gnutls_x509_der_encode_and_copy (pbes2_asn
, "",
2103 pkcs8_asn
, where
, 0);
2110 asn1_delete_structure (&pbes2_asn
);
2117 asn1_delete_structure (&pbes2_asn
);
2123 encrypt_data (const gnutls_datum_t
* plain
,
2124 const struct pbe_enc_params
*enc_params
,
2125 gnutls_datum_t
* key
, gnutls_datum_t
* encrypted
)
2129 uint8_t *data
= NULL
;
2130 gnutls_datum_t d_iv
;
2133 uint8_t pad
, pad_size
;
2135 pad_size
= gnutls_cipher_get_block_size (enc_params
->cipher
);
2137 if (pad_size
== 1) /* stream */
2140 data
= gnutls_malloc (plain
->size
+ pad_size
);
2144 return GNUTLS_E_MEMORY_ERROR
;
2147 memcpy (data
, plain
->data
, plain
->size
);
2151 pad
= pad_size
- (plain
->size
% pad_size
);
2154 memset (&data
[plain
->size
], pad
, pad
);
2159 data_size
= plain
->size
+ pad
;
2161 d_iv
.data
= (uint8_t *) enc_params
->iv
;
2162 d_iv
.size
= enc_params
->iv_size
;
2163 result
= _gnutls_cipher_init (&ch
, enc_params
->cipher
, key
, &d_iv
, 1);
2173 result
= _gnutls_cipher_encrypt (&ch
, data
, data_size
);
2180 encrypted
->data
= data
;
2181 encrypted
->size
= data_size
;
2183 _gnutls_cipher_deinit (&ch
);
2190 _gnutls_cipher_deinit (&ch
);
2194 /* Decrypts a PKCS #7 encryptedData. The output is allocated
2195 * and stored in dec.
2198 _gnutls_pkcs7_decrypt_data (const gnutls_datum_t
* data
,
2199 const char *password
, gnutls_datum_t
* dec
)
2204 ASN1_TYPE pbes2_asn
= ASN1_TYPE_EMPTY
, pkcs7_asn
= ASN1_TYPE_EMPTY
;
2205 int params_start
, params_end
, params_len
;
2206 struct pbkdf2_params kdf_params
;
2207 struct pbe_enc_params enc_params
;
2211 asn1_create_element (_gnutls_get_pkix (),
2212 "PKIX1.pkcs-7-EncryptedData",
2213 &pkcs7_asn
)) != ASN1_SUCCESS
)
2216 result
= _gnutls_asn2err (result
);
2220 result
= asn1_der_decoding (&pkcs7_asn
, data
->data
, data
->size
, NULL
);
2221 if (result
!= ASN1_SUCCESS
)
2224 result
= _gnutls_asn2err (result
);
2228 /* Check the encryption schema OID
2230 len
= sizeof (enc_oid
);
2232 asn1_read_value (pkcs7_asn
,
2233 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2235 if (result
!= ASN1_SUCCESS
)
2238 result
= _gnutls_asn2err (result
);
2242 if ((result
= check_schema (enc_oid
)) < 0)
2249 /* Get the DER encoding of the parameters.
2252 asn1_der_decoding_startEnd (pkcs7_asn
, data
->data
, data
->size
,
2253 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2254 ¶ms_start
, ¶ms_end
);
2255 if (result
!= ASN1_SUCCESS
)
2258 result
= _gnutls_asn2err (result
);
2261 params_len
= params_end
- params_start
+ 1;
2264 read_pkcs_schema_params (&schema
, password
,
2265 &data
->data
[params_start
],
2266 params_len
, &kdf_params
, &enc_params
);
2267 if (result
< ASN1_SUCCESS
)
2270 result
= _gnutls_asn2err (result
);
2274 /* Parameters have been decoded. Now
2275 * decrypt the EncryptedData.
2279 decrypt_data (schema
, pkcs7_asn
,
2280 "encryptedContentInfo.encryptedContent", password
,
2281 &kdf_params
, &enc_params
, &tmp
);
2288 asn1_delete_structure (&pkcs7_asn
);
2295 asn1_delete_structure (&pbes2_asn
);
2296 asn1_delete_structure (&pkcs7_asn
);
2300 /* Encrypts to a PKCS #7 encryptedData. The output is allocated
2301 * and stored in enc.
2304 _gnutls_pkcs7_encrypt_data (schema_id schema
,
2305 const gnutls_datum_t
* data
,
2306 const char *password
, gnutls_datum_t
* enc
)
2309 gnutls_datum_t key
= { NULL
, 0 };
2310 gnutls_datum_t tmp
= { NULL
, 0 };
2311 ASN1_TYPE pkcs7_asn
= ASN1_TYPE_EMPTY
;
2312 struct pbkdf2_params kdf_params
;
2313 struct pbe_enc_params enc_params
;
2314 const char *str_oid
;
2317 asn1_create_element (_gnutls_get_pkix (),
2318 "PKIX1.pkcs-7-EncryptedData",
2319 &pkcs7_asn
)) != ASN1_SUCCESS
)
2322 result
= _gnutls_asn2err (result
);
2326 /* Write the encryption schema OID
2328 result
= schema_to_oid (schema
, &str_oid
);
2336 asn1_write_value (pkcs7_asn
,
2337 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2340 if (result
!= ASN1_SUCCESS
)
2343 result
= _gnutls_asn2err (result
);
2347 /* Generate a symmetric key.
2350 result
= generate_key (schema
, password
, &kdf_params
, &enc_params
, &key
);
2357 result
= write_schema_params (schema
, pkcs7_asn
,
2358 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2359 &kdf_params
, &enc_params
);
2366 /* Parameters have been encoded. Now
2369 result
= encrypt_data (data
, &enc_params
, &key
, &tmp
);
2376 /* write the encrypted data.
2379 asn1_write_value (pkcs7_asn
,
2380 "encryptedContentInfo.encryptedContent", tmp
.data
,
2382 if (result
!= ASN1_SUCCESS
)
2385 result
= _gnutls_asn2err (result
);
2389 _gnutls_free_datum (&tmp
);
2390 _gnutls_free_datum (&key
);
2392 /* Now write the rest of the pkcs-7 stuff.
2395 result
= _gnutls_x509_write_uint32 (pkcs7_asn
, "version", 0);
2403 asn1_write_value (pkcs7_asn
, "encryptedContentInfo.contentType",
2405 if (result
!= ASN1_SUCCESS
)
2408 result
= _gnutls_asn2err (result
);
2412 result
= asn1_write_value (pkcs7_asn
, "unprotectedAttrs", NULL
, 0);
2413 if (result
!= ASN1_SUCCESS
)
2416 result
= _gnutls_asn2err (result
);
2420 /* Now encode and copy the DER stuff.
2422 result
= _gnutls_x509_der_encode (pkcs7_asn
, "", enc
, 0);
2424 asn1_delete_structure (&pkcs7_asn
);
2434 _gnutls_free_datum (&key
);
2435 _gnutls_free_datum (&tmp
);
2436 asn1_delete_structure (&pkcs7_asn
);