search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
documented updates
[gnutls.git] / lib / x509 / privkey_pkcs8.c
blob27c8da00ccda0efa1e1c9a720de39c1becc0ff92
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #include <gnutls_int.h>
24
25 #include <gnutls_datum.h>
26 #include <gnutls_global.h>
27 #include <gnutls_errors.h>
28 #include <gnutls_rsa_export.h>
29 #include <common.h>
30 #include <gnutls_x509.h>
31 #include <x509_b64.h>
32 #include "x509_int.h"
33 #include <algorithms.h>
34 #include <gnutls_num.h>
35 #include <random.h>
36 #include <pbkdf2-sha1.h>
37
38 static int _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey);
39
40 #define PBES2_OID "1.2.840.113549.1.5.13"
41 #define PBKDF2_OID "1.2.840.113549.1.5.12"
42 #define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
43 #define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
44 #define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
45 #define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
46 #define DES_CBC_OID "1.3.14.3.2.7"
47
48 /* oid_pbeWithSHAAnd3_KeyTripleDES_CBC */
49 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
50 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
51 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
52
53 struct pbkdf2_params
54 {
55 uint8_t salt[32];
56 int salt_size;
57 unsigned int iter_count;
58 unsigned int key_size;
59 };
60
61 struct pbe_enc_params
62 {
63 gnutls_cipher_algorithm_t cipher;
64 uint8_t iv[MAX_CIPHER_BLOCK_SIZE];
65 int iv_size;
66 };
67
68 static int generate_key (schema_id schema, const char *password,
69 struct pbkdf2_params *kdf_params,
70 struct pbe_enc_params *enc_params,
71 gnutls_datum_t * key);
72 static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
73 const gnutls_datum_t * der,
74 struct pbkdf2_params *params);
75 static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
76 const gnutls_datum_t * der,
77 struct pbe_enc_params *params);
78 static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
79 const char *password,
80 const struct pbkdf2_params *kdf_params,
81 const struct pbe_enc_params *enc_params,
82 gnutls_datum_t * decrypted_data);
83 static int decode_private_key_info (const gnutls_datum_t * der,
84 gnutls_x509_privkey_t pkey);
85 static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
86 const char *where,
87 const struct pbkdf2_params *kdf_params,
88 const struct pbe_enc_params *enc_params);
89 static int encrypt_data (const gnutls_datum_t * plain,
90 const struct pbe_enc_params *enc_params,
91 gnutls_datum_t * key, gnutls_datum_t * encrypted);
92
93 static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
94 struct pbkdf2_params *params);
95 static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
96 const struct pbkdf2_params *params);
97
98 #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
99 #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
100
101 /* Returns a negative error code if the encryption schema in
102 * the OID is not supported. The schema ID is returned.
103 */
104 static int
105 check_schema (const char *oid)
106 {
107
108 if (strcmp (oid, PBES2_OID) == 0)
109 return PBES2_GENERIC; /* ok */
110
111 if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
112 return PKCS12_3DES_SHA1;
113
114 if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
115 return PKCS12_ARCFOUR_SHA1;
116
117 if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
118 return PKCS12_RC2_40_SHA1;
119
120 _gnutls_debug_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
121
122 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
123 }
124
125 /* Encodes a private key to the raw format PKCS #8 needs.
126 * For RSA it is a PKCS #1 DER private key and for DSA it is
127 * an ASN.1 INTEGER of the x value.
128 */
129 inline static int
130 _encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
131 {
132 size_t size = 0;
133 uint8_t *data = NULL;
134 int ret;
135 ASN1_TYPE spk = ASN1_TYPE_EMPTY;
136
137 switch (pkey->pk_algorithm)
138 {
139 case GNUTLS_PK_RSA:
140 case GNUTLS_PK_EC:
141 ret =
142 gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
143 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
144 {
145 gnutls_assert ();
146 goto error;
147 }
148
149 data = gnutls_malloc (size);
150 if (data == NULL)
151 {
152 gnutls_assert ();
153 ret = GNUTLS_E_MEMORY_ERROR;
154 goto error;
155 }
156
157
158 ret =
159 gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
160 if (ret < 0)
161 {
162 gnutls_assert ();
163 goto error;
164 }
165
166 raw->data = data;
167 raw->size = size;
168 break;
169 case GNUTLS_PK_DSA:
170 /* DSAPublicKey == INTEGER */
171 if ((ret = asn1_create_element
172 (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
173 != ASN1_SUCCESS)
174 {
175 gnutls_assert ();
176 return _gnutls_asn2err (ret);
177 }
178
179 ret = _gnutls_x509_write_int (spk, "", pkey->params.params[4], 1);
180 if (ret < 0)
181 {
182 gnutls_assert ();
183 goto error;
184 }
185 ret = _gnutls_x509_der_encode (spk, "", raw, 0);
186 if (ret < 0)
187 {
188 gnutls_assert ();
189 goto error;
190 }
191
192 asn1_delete_structure (&spk);
193 break;
194
195 default:
196 gnutls_assert ();
197 return GNUTLS_E_INVALID_REQUEST;
198 }
199
200 return 0;
201
202 error:
203 gnutls_free (data);
204 asn1_delete_structure (&spk);
205 return ret;
206
207 }
208
209 /*
210 * Encodes a PKCS #1 private key to a PKCS #8 private key
211 * info. The output will be allocated and stored into der. Also
212 * the ASN1_TYPE of private key info will be returned.
213 */
214 static int
215 encode_to_private_key_info (gnutls_x509_privkey_t pkey,
216 gnutls_datum_t * der, ASN1_TYPE * pkey_info)
217 {
218 int result, len;
219 uint8_t null = 0;
220 const char *oid;
221 gnutls_datum_t algo_params = { NULL, 0 };
222 gnutls_datum_t algo_privkey = { NULL, 0 };
223
224 oid = _gnutls_x509_pk_to_oid(pkey->pk_algorithm);
225 if (oid == NULL)
226 {
227 gnutls_assert ();
228 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
229 }
230
231 result =
232 _gnutls_x509_write_pubkey_params (pkey->pk_algorithm, &pkey->params, &algo_params);
233 if (result < 0)
234 {
235 gnutls_assert ();
236 return result;
237 }
238
239 if ((result =
240 asn1_create_element (_gnutls_get_pkix (),
241 "PKIX1.pkcs-8-PrivateKeyInfo",
242 pkey_info)) != ASN1_SUCCESS)
243 {
244 gnutls_assert ();
245 result = _gnutls_asn2err (result);
246 goto error;
247 }
248
249 /* Write the version.
250 */
251 result = asn1_write_value (*pkey_info, "version", &null, 1);
252 if (result != ASN1_SUCCESS)
253 {
254 gnutls_assert ();
255 result = _gnutls_asn2err (result);
256 goto error;
257 }
258
259 /* write the privateKeyAlgorithm
260 * fields. (OID+NULL data)
261 */
262 result =
263 asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
264 if (result != ASN1_SUCCESS)
265 {
266 gnutls_assert ();
267 result = _gnutls_asn2err (result);
268 goto error;
269 }
270
271 result =
272 asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
273 algo_params.data, algo_params.size);
274 _gnutls_free_datum (&algo_params);
275 if (result != ASN1_SUCCESS)
276 {
277 gnutls_assert ();
278 result = _gnutls_asn2err (result);
279 goto error;
280 }
281
282
283 /* Write the raw private key
284 */
285 result = _encode_privkey (pkey, &algo_privkey);
286 if (result < 0)
287 {
288 gnutls_assert ();
289 goto error;
290 }
291
292 result =
293 asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
294 algo_privkey.size);
295 _gnutls_free_datum (&algo_privkey);
296
297 if (result != ASN1_SUCCESS)
298 {
299 gnutls_assert ();
300 result = _gnutls_asn2err (result);
301 goto error;
302 }
303
304 /* Append an empty Attributes field.
305 */
306 result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
307 if (result != ASN1_SUCCESS)
308 {
309 gnutls_assert ();
310 result = _gnutls_asn2err (result);
311 goto error;
312 }
313
314 /* DER Encode the generated private key info.
315 */
316 len = 0;
317 result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
318 if (result != ASN1_MEM_ERROR)
319 {
320 gnutls_assert ();
321 result = _gnutls_asn2err (result);
322 goto error;
323 }
324
325 /* allocate data for the der
326 */
327 der->size = len;
328 der->data = gnutls_malloc (len);
329 if (der->data == NULL)
330 {
331 gnutls_assert ();
332 return GNUTLS_E_MEMORY_ERROR;
333 }
334
335 result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
336 if (result != ASN1_SUCCESS)
337 {
338 gnutls_assert ();
339 result = _gnutls_asn2err (result);
340 goto error;
341 }
342
343 return 0;
344
345 error:
346 asn1_delete_structure (pkey_info);
347 _gnutls_free_datum (&algo_params);
348 _gnutls_free_datum (&algo_privkey);
349 return result;
350
351 }
352
353 static const char *
354 cipher_to_pkcs_params (int cipher, const char **oid)
355 {
356 switch (cipher)
357 {
358 case GNUTLS_CIPHER_AES_128_CBC:
359 if (oid)
360 *oid = AES_128_CBC_OID;
361 return "PKIX1.pkcs-5-aes128-CBC-params";
362 break;
363 case GNUTLS_CIPHER_AES_192_CBC:
364 if (oid)
365 *oid = AES_192_CBC_OID;
366 return "PKIX1.pkcs-5-aes192-CBC-params";
367 break;
368 case GNUTLS_CIPHER_AES_256_CBC:
369 if (oid)
370 *oid = AES_256_CBC_OID;
371 return "PKIX1.pkcs-5-aes256-CBC-params";
372 break;
373 case GNUTLS_CIPHER_3DES_CBC:
374 if (oid)
375 *oid = DES_EDE3_CBC_OID;
376 return "PKIX1.pkcs-5-des-EDE3-CBC-params";
377 break;
378 default:
379 return NULL;
380 break;
381 }
382 }
383
384 static int
385 cipher_to_schema (int cipher)
386 {
387 switch (cipher)
388 {
389 case GNUTLS_CIPHER_AES_128_CBC:
390 return PBES2_AES_128;
391 break;
392 case GNUTLS_CIPHER_AES_192_CBC:
393 return PBES2_AES_192;
394 break;
395 case GNUTLS_CIPHER_AES_256_CBC:
396 return PBES2_AES_256;
397 break;
398 case GNUTLS_CIPHER_3DES_CBC:
399 return PBES2_3DES;
400 break;
401 default:
402 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
403 break;
404 }
405 }
406
407
408 int
409 _gnutls_pkcs_flags_to_schema (unsigned int flags)
410 {
411 int schema;
412
413 if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
414 schema = PKCS12_ARCFOUR_SHA1;
415 else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
416 schema = PKCS12_RC2_40_SHA1;
417 else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
418 schema = PBES2_3DES;
419 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
420 schema = PBES2_AES_128;
421 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
422 schema = PBES2_AES_192;
423 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
424 schema = PBES2_AES_256;
425 else
426 {
427 gnutls_assert ();
428 _gnutls_debug_log
429 ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
430 flags);
431 schema = PKCS12_3DES_SHA1;
432 }
433
434 return schema;
435 }
436
437 /* returns the OID corresponding to given schema
438 */
439 static int
440 schema_to_oid (schema_id schema, const char **str_oid)
441 {
442 int result = 0;
443
444 switch (schema)
445 {
446 case PBES2_3DES:
447 case PBES2_AES_128:
448 case PBES2_AES_192:
449 case PBES2_AES_256:
450 *str_oid = PBES2_OID;
451 break;
452 case PKCS12_3DES_SHA1:
453 *str_oid = PKCS12_PBE_3DES_SHA1_OID;
454 break;
455 case PKCS12_ARCFOUR_SHA1:
456 *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
457 break;
458 case PKCS12_RC2_40_SHA1:
459 *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
460 break;
461 default:
462 gnutls_assert ();
463 result = GNUTLS_E_INTERNAL_ERROR;
464 }
465
466 return result;
467 }
468
469 /* Converts a PKCS #8 private key info to
470 * a PKCS #8 EncryptedPrivateKeyInfo.
471 */
472 static int
473 encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
474 const char *password, ASN1_TYPE * out)
475 {
476 int result;
477 gnutls_datum_t key = { NULL, 0 };
478 gnutls_datum_t tmp = { NULL, 0 };
479 ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
480 struct pbkdf2_params kdf_params;
481 struct pbe_enc_params enc_params;
482 const char *str_oid;
483
484
485 if ((result =
486 asn1_create_element (_gnutls_get_pkix (),
487 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
488 &pkcs8_asn)) != ASN1_SUCCESS)
489 {
490 gnutls_assert ();
491 result = _gnutls_asn2err (result);
492 goto error;
493 }
494
495 /* Write the encryption schema OID
496 */
497 result = schema_to_oid (schema, &str_oid);
498 if (result < 0)
499 {
500 gnutls_assert ();
501 return result;
502 }
503
504 result =
505 asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
506
507 if (result != ASN1_SUCCESS)
508 {
509 gnutls_assert ();
510 result = _gnutls_asn2err (result);
511 goto error;
512 }
513
514 /* Generate a symmetric key.
515 */
516
517 result = generate_key (schema, password, &kdf_params, &enc_params, &key);
518 if (result < 0)
519 {
520 gnutls_assert ();
521 goto error;
522 }
523
524 result =
525 write_schema_params (schema, pkcs8_asn,
526 "encryptionAlgorithm.parameters", &kdf_params,
527 &enc_params);
528 if (result < 0)
529 {
530 gnutls_assert ();
531 goto error;
532 }
533
534 /* Parameters have been encoded. Now
535 * encrypt the Data.
536 */
537 result = encrypt_data (der_key, &enc_params, &key, &tmp);
538 if (result < 0)
539 {
540 gnutls_assert ();
541 goto error;
542 }
543
544 /* write the encrypted data.
545 */
546 result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size);
547 if (result != ASN1_SUCCESS)
548 {
549 gnutls_assert ();
550 result = _gnutls_asn2err (result);
551 goto error;
552 }
553
554 _gnutls_free_datum (&tmp);
555 _gnutls_free_datum (&key);
556
557 *out = pkcs8_asn;
558
559 return 0;
560
561 error:
562 _gnutls_free_datum (&key);
563 _gnutls_free_datum (&tmp);
564 asn1_delete_structure (&pkcs8_asn);
565 return result;
566 }
567
568
569 /**
570 * gnutls_x509_privkey_export_pkcs8:
571 * @key: Holds the key
572 * @format: the format of output params. One of PEM or DER.
573 * @password: the password that will be used to encrypt the key.
574 * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
575 * @output_data: will contain a private key PEM or DER encoded
576 * @output_data_size: holds the size of output_data (and will be
577 * replaced by the actual size of parameters)
578 *
579 * This function will export the private key to a PKCS8 structure.
580 * Both RSA and DSA keys can be exported. For DSA keys we use
581 * PKCS #11 definitions. If the flags do not specify the encryption
582 * cipher, then the default 3DES (PBES2) will be used.
583 *
584 * The @password can be either ASCII or UTF-8 in the default PBES2
585 * encryption schemas, or ASCII for the PKCS12 schemas.
586 *
587 * If the buffer provided is not long enough to hold the output, then
588 * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
589 * be returned.
590 *
591 * If the structure is PEM encoded, it will have a header
592 * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
593 * encryption is not used.
594 *
595 * Returns: In case of failure a negative error code will be
596 * returned, and 0 on success.
597 **/
598 int
599 gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
600 gnutls_x509_crt_fmt_t format,
601 const char *password,
602 unsigned int flags,
603 void *output_data,
604 size_t * output_data_size)
605 {
606 ASN1_TYPE pkcs8_asn, pkey_info;
607 int ret;
608 gnutls_datum_t tmp;
609 schema_id schema;
610
611 if (key == NULL)
612 {
613 gnutls_assert ();
614 return GNUTLS_E_INVALID_REQUEST;
615 }
616
617 /* Get the private key info
618 * tmp holds the DER encoding.
619 */
620 ret = encode_to_private_key_info (key, &tmp, &pkey_info);
621 if (ret < 0)
622 {
623 gnutls_assert ();
624 return ret;
625 }
626
627 schema = _gnutls_pkcs_flags_to_schema (flags);
628
629 if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
630 {
631 _gnutls_free_datum (&tmp);
632
633 ret =
634 _gnutls_x509_export_int (pkey_info, format,
635 PEM_UNENCRYPTED_PKCS8,
636 output_data, output_data_size);
637
638 asn1_delete_structure (&pkey_info);
639 }
640 else
641 {
642 asn1_delete_structure (&pkey_info); /* we don't need it */
643
644 ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
645 _gnutls_free_datum (&tmp);
646
647 if (ret < 0)
648 {
649 gnutls_assert ();
650 return ret;
651 }
652
653 ret =
654 _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
655 output_data, output_data_size);
656
657 asn1_delete_structure (&pkcs8_asn);
658 }
659
660 return ret;
661 }
662
663 /**
664 * gnutls_x509_privkey_export2_pkcs8:
665 * @key: Holds the key
666 * @format: the format of output params. One of PEM or DER.
667 * @password: the password that will be used to encrypt the key.
668 * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
669 * @out: will contain a private key PEM or DER encoded
670 *
671 * This function will export the private key to a PKCS8 structure.
672 * Both RSA and DSA keys can be exported. For DSA keys we use
673 * PKCS #11 definitions. If the flags do not specify the encryption
674 * cipher, then the default 3DES (PBES2) will be used.
675 *
676 * The @password can be either ASCII or UTF-8 in the default PBES2
677 * encryption schemas, or ASCII for the PKCS12 schemas.
678 *
679 * The output buffer is allocated using gnutls_malloc().
680 *
681 * If the structure is PEM encoded, it will have a header
682 * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
683 * encryption is not used.
684 *
685 * Returns: In case of failure a negative error code will be
686 * returned, and 0 on success.
687 *
688 * Since 3.1.3
689 **/
690 int
691 gnutls_x509_privkey_export2_pkcs8 (gnutls_x509_privkey_t key,
692 gnutls_x509_crt_fmt_t format,
693 const char *password,
694 unsigned int flags,
695 gnutls_datum_t *out)
696 {
697 ASN1_TYPE pkcs8_asn, pkey_info;
698 int ret;
699 gnutls_datum_t tmp;
700 schema_id schema;
701
702 if (key == NULL)
703 {
704 gnutls_assert ();
705 return GNUTLS_E_INVALID_REQUEST;
706 }
707
708 /* Get the private key info
709 * tmp holds the DER encoding.
710 */
711 ret = encode_to_private_key_info (key, &tmp, &pkey_info);
712 if (ret < 0)
713 {
714 gnutls_assert ();
715 return ret;
716 }
717
718 schema = _gnutls_pkcs_flags_to_schema (flags);
719
720 if (((flags & GNUTLS_PKCS_PLAIN) || password == NULL) && !(flags & GNUTLS_PKCS_NULL_PASSWORD))
721 {
722 _gnutls_free_datum (&tmp);
723
724 ret =
725 _gnutls_x509_export_int2 (pkey_info, format,
726 PEM_UNENCRYPTED_PKCS8, out);
727
728 asn1_delete_structure (&pkey_info);
729 }
730 else
731 {
732 asn1_delete_structure (&pkey_info); /* we don't need it */
733
734 ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
735 _gnutls_free_datum (&tmp);
736
737 if (ret < 0)
738 {
739 gnutls_assert ();
740 return ret;
741 }
742
743 ret =
744 _gnutls_x509_export_int2 (pkcs8_asn, format, PEM_PKCS8, out);
745
746 asn1_delete_structure (&pkcs8_asn);
747 }
748
749 return ret;
750 }
751
752
753 /* Read the parameters cipher, IV, salt etc using the given
754 * schema ID.
755 */
756 static int
757 read_pkcs_schema_params (schema_id * schema, const char *password,
758 const uint8_t * data, int data_size,
759 struct pbkdf2_params *kdf_params,
760 struct pbe_enc_params *enc_params)
761 {
762 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
763 int result;
764 gnutls_datum_t tmp;
765
766 switch (*schema)
767 {
768
769 case PBES2_GENERIC:
770
771 /* Now check the key derivation and the encryption
772 * functions.
773 */
774 if ((result =
775 asn1_create_element (_gnutls_get_pkix (),
776 "PKIX1.pkcs-5-PBES2-params",
777 &pbes2_asn)) != ASN1_SUCCESS)
778 {
779 gnutls_assert ();
780 result = _gnutls_asn2err (result);
781 goto error;
782 }
783
784 /* Decode the parameters.
785 */
786 result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
787 if (result != ASN1_SUCCESS)
788 {
789 gnutls_assert ();
790 result = _gnutls_asn2err (result);
791 goto error;
792 }
793
794 tmp.data = (uint8_t *) data;
795 tmp.size = data_size;
796
797 result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
798 if (result < 0)
799 {
800 gnutls_assert ();
801 result = _gnutls_asn2err (result);
802 goto error;
803 }
804
805 result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
806 if (result < 0)
807 {
808 gnutls_assert ();
809 result = _gnutls_asn2err (result);
810 goto error;
811 }
812
813 asn1_delete_structure (&pbes2_asn);
814
815 result = cipher_to_schema (enc_params->cipher);
816 if (result < 0)
817 {
818 gnutls_assert ();
819 goto error;
820 }
821
822 *schema = result;
823 return 0;
824
825 case PKCS12_3DES_SHA1:
826 case PKCS12_ARCFOUR_SHA1:
827 case PKCS12_RC2_40_SHA1:
828
829 if ((*schema) == PKCS12_3DES_SHA1)
830 {
831 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
832 enc_params->iv_size = 8;
833 }
834 else if ((*schema) == PKCS12_ARCFOUR_SHA1)
835 {
836 enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
837 enc_params->iv_size = 0;
838 }
839 else if ((*schema) == PKCS12_RC2_40_SHA1)
840 {
841 enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
842 enc_params->iv_size = 8;
843 }
844
845 if ((result =
846 asn1_create_element (_gnutls_get_pkix (),
847 "PKIX1.pkcs-12-PbeParams",
848 &pbes2_asn)) != ASN1_SUCCESS)
849 {
850 gnutls_assert ();
851 result = _gnutls_asn2err (result);
852 goto error;
853 }
854
855 /* Decode the parameters.
856 */
857 result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
858 if (result != ASN1_SUCCESS)
859 {
860 gnutls_assert ();
861 result = _gnutls_asn2err (result);
862 goto error;
863 }
864
865 result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
866 if (result < 0)
867 {
868 gnutls_assert ();
869 goto error;
870 }
871
872 if (enc_params->iv_size)
873 {
874 result =
875 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
876 kdf_params->salt_size,
877 kdf_params->iter_count, password,
878 enc_params->iv_size,
879 enc_params->iv);
880 if (result < 0)
881 {
882 gnutls_assert ();
883 goto error;
884 }
885
886 }
887
888 asn1_delete_structure (&pbes2_asn);
889
890 return 0;
891
892 default:
893 gnutls_assert ();
894 } /* switch */
895
896 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
897
898 error:
899 asn1_delete_structure (&pbes2_asn);
900 return result;
901 }
902
903 static int decrypt_pkcs8_key(const gnutls_datum_t * raw_key,
904 ASN1_TYPE pkcs8_asn, const char *password,
905 gnutls_x509_privkey_t pkey)
906 {
907 int result, len;
908 char enc_oid[64];
909 gnutls_datum_t tmp;
910 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
911 int params_start, params_end, params_len;
912 struct pbkdf2_params kdf_params;
913 struct pbe_enc_params enc_params;
914 schema_id schema;
915
916 /* Check the encryption schema OID
917 */
918 len = sizeof (enc_oid);
919 result =
920 asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
921 enc_oid, &len);
922 if (result != ASN1_SUCCESS)
923 {
924 gnutls_assert ();
925 goto error;
926 }
927
928 if ((result = check_schema (enc_oid)) < 0)
929 {
930 gnutls_assert ();
931 goto error;
932 }
933
934 schema = result;
935
936 /* Get the DER encoding of the parameters.
937 */
938 result =
939 asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
940 raw_key->size,
941 "encryptionAlgorithm.parameters",
942 &params_start, &params_end);
943 if (result != ASN1_SUCCESS)
944 {
945 gnutls_assert ();
946 result = _gnutls_asn2err (result);
947 goto error;
948 }
949 params_len = params_end - params_start + 1;
950
951 result =
952 read_pkcs_schema_params (&schema, password,
953 &raw_key->data[params_start],
954 params_len, &kdf_params, &enc_params);
955
956 if (result < 0)
957 {
958 gnutls_assert ();
959 goto error;
960 }
961
962 /* Parameters have been decoded. Now
963 * decrypt the EncryptedData.
964 */
965 result =
966 decrypt_data (schema, pkcs8_asn, "encryptedData", password,
967 &kdf_params, &enc_params, &tmp);
968 if (result < 0)
969 {
970 gnutls_assert ();
971 goto error;
972 }
973
974 result = decode_private_key_info (&tmp, pkey);
975 _gnutls_free_datum (&tmp);
976
977 if (result < 0)
978 {
979 /* We've gotten this far. In the real world it's almost certain
980 * that we're dealing with a good file, but wrong password.
981 * Sadly like 90% of random data is somehow valid DER for the
982 * a first small number of bytes, so no easy way to guarantee. */
983 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
984 result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
985 result == GNUTLS_E_ASN1_DER_ERROR ||
986 result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
987 result == GNUTLS_E_ASN1_GENERIC_ERROR ||
988 result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
989 result == GNUTLS_E_ASN1_TAG_ERROR ||
990 result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
991 result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
992 result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
993 result == GNUTLS_E_ASN1_DER_OVERFLOW)
994 {
995 result = GNUTLS_E_DECRYPTION_FAILED;
996 }
997
998 gnutls_assert ();
999 goto error;
1000 }
1001
1002 return 0;
1003
1004 error:
1005 asn1_delete_structure (&pbes2_asn);
1006 return result;
1007 }
1008
1009 /* Converts a PKCS #8 key to
1010 * an internal structure (gnutls_private_key)
1011 * (normally a PKCS #1 encoded RSA key)
1012 */
1013 static int
1014 decode_pkcs8_key (const gnutls_datum_t * raw_key,
1015 const char *password, gnutls_x509_privkey_t pkey,
1016 unsigned int decrypt)
1017 {
1018 int result;
1019 ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
1020
1021 if ((result =
1022 asn1_create_element (_gnutls_get_pkix (),
1023 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
1024 &pkcs8_asn)) != ASN1_SUCCESS)
1025 {
1026 gnutls_assert ();
1027 result = _gnutls_asn2err (result);
1028 goto error;
1029 }
1030
1031 result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
1032 if (result != ASN1_SUCCESS)
1033 {
1034 gnutls_assert ();
1035 result = _gnutls_asn2err (result);
1036 goto error;
1037 }
1038
1039 if (decrypt)
1040 result = decrypt_pkcs8_key(raw_key, pkcs8_asn, password, pkey);
1041 else
1042 result = 0;
1043
1044 error:
1045 asn1_delete_structure (&pkcs8_asn);
1046 return result;
1047
1048 }
1049
1050 /* Decodes an RSA privateKey from a PKCS8 structure.
1051 */
1052 static int
1053 _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
1054 {
1055 int ret;
1056 gnutls_datum_t tmp;
1057
1058 ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
1059 if (ret < 0)
1060 {
1061 gnutls_assert ();
1062 goto error;
1063 }
1064
1065 pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey);
1066 _gnutls_free_datum (&tmp);
1067 if (pkey->key == NULL)
1068 {
1069 gnutls_assert ();
1070 goto error;
1071 }
1072
1073 ret = 0;
1074
1075 error:
1076 return ret;
1077 }
1078
1079 /* Decodes an ECC privateKey from a PKCS8 structure.
1080 */
1081 static int
1082 _decode_pkcs8_ecc_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
1083 {
1084 int ret;
1085 gnutls_datum_t tmp;
1086
1087 ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
1088 if (ret < 0)
1089 {
1090 gnutls_assert ();
1091 goto error;
1092 }
1093
1094 pkey->key = _gnutls_privkey_decode_ecc_key (&tmp, pkey);
1095 _gnutls_free_datum (&tmp);
1096 if (pkey->key == NULL)
1097 {
1098 ret = GNUTLS_E_PARSING_ERROR;
1099 gnutls_assert ();
1100 goto error;
1101 }
1102
1103 ret = 0;
1104
1105 error:
1106 return ret;
1107 }
1108
1109 /* Decodes an DSA privateKey and params from a PKCS8 structure.
1110 */
1111 static int
1112 _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
1113 {
1114 int ret;
1115 gnutls_datum_t tmp;
1116
1117 ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
1118 if (ret < 0)
1119 {
1120 gnutls_assert ();
1121 goto error;
1122 }
1123
1124 ret = _gnutls_x509_read_der_int (tmp.data, tmp.size, &pkey->params.params[4]);
1125 _gnutls_free_datum (&tmp);
1126
1127 if (ret < 0)
1128 {
1129 gnutls_assert ();
1130 goto error;
1131 }
1132
1133 ret =
1134 _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
1135 &tmp, 0);
1136 if (ret < 0)
1137 {
1138 gnutls_assert ();
1139 goto error;
1140 }
1141
1142 ret = _gnutls_x509_read_pubkey_params (GNUTLS_PK_DSA, tmp.data, tmp.size, &pkey->params);
1143 _gnutls_free_datum (&tmp);
1144 if (ret < 0)
1145 {
1146 gnutls_assert ();
1147 goto error;
1148 }
1149
1150 /* the public key can be generated as g^x mod p */
1151 pkey->params.params[3] = _gnutls_mpi_alloc_like (pkey->params.params[0]);
1152 if (pkey->params.params[3] == NULL)
1153 {
1154 gnutls_assert ();
1155 goto error;
1156 }
1157
1158 _gnutls_mpi_powm (pkey->params.params[3], pkey->params.params[2], pkey->params.params[4],
1159 pkey->params.params[0]);
1160
1161 ret = _gnutls_asn1_encode_privkey (GNUTLS_PK_DSA, &pkey->key, &pkey->params);
1162 if (ret < 0)
1163 {
1164 gnutls_assert ();
1165 goto error;
1166 }
1167
1168 pkey->params.params_nr = DSA_PRIVATE_PARAMS;
1169
1170 ret = 0;
1171
1172 error:
1173 return ret;
1174 }
1175
1176
1177 static int
1178 decode_private_key_info (const gnutls_datum_t * der,
1179 gnutls_x509_privkey_t pkey)
1180 {
1181 int result, len;
1182 char oid[64];
1183 ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
1184
1185
1186 if ((result =
1187 asn1_create_element (_gnutls_get_pkix (),
1188 "PKIX1.pkcs-8-PrivateKeyInfo",
1189 &pkcs8_asn)) != ASN1_SUCCESS)
1190 {
1191 gnutls_assert ();
1192 result = _gnutls_asn2err (result);
1193 goto error;
1194 }
1195
1196 result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL);
1197 if (result != ASN1_SUCCESS)
1198 {
1199 gnutls_assert ();
1200 result = _gnutls_asn2err (result);
1201 goto error;
1202 }
1203
1204 /* Check the private key algorithm OID
1205 */
1206 len = sizeof (oid);
1207 result =
1208 asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len);
1209 if (result != ASN1_SUCCESS)
1210 {
1211 gnutls_assert ();
1212 result = _gnutls_asn2err (result);
1213 goto error;
1214 }
1215
1216 /* we only support RSA and DSA private keys.
1217 */
1218
1219 pkey->pk_algorithm = _gnutls_x509_oid2pk_algorithm(oid);
1220 if (pkey->pk_algorithm == GNUTLS_PK_UNKNOWN)
1221 {
1222 gnutls_assert ();
1223 _gnutls_debug_log
1224 ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
1225 result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
1226 goto error;
1227 }
1228
1229 /* Get the DER encoding of the actual private key.
1230 */
1231
1232 if (pkey->pk_algorithm == GNUTLS_PK_RSA)
1233 result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey);
1234 else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
1235 result = _decode_pkcs8_dsa_key (pkcs8_asn, pkey);
1236 else if (pkey->pk_algorithm == GNUTLS_PK_EC)
1237 result = _decode_pkcs8_ecc_key (pkcs8_asn, pkey);
1238 else return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE);
1239
1240 if (result < 0)
1241 {
1242 gnutls_assert ();
1243 return result;
1244 }
1245
1246 result = 0;
1247
1248 error:
1249 asn1_delete_structure (&pkcs8_asn);
1250
1251 return result;
1252
1253 }
1254
1255 /**
1256 * gnutls_x509_privkey_import_pkcs8:
1257 * @key: The structure to store the parsed key
1258 * @data: The DER or PEM encoded key.
1259 * @format: One of DER or PEM
1260 * @password: the password to decrypt the key (if it is encrypted).
1261 * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
1262 *
1263 * This function will convert the given DER or PEM encoded PKCS8 2.0
1264 * encrypted key to the native gnutls_x509_privkey_t format. The
1265 * output will be stored in @key. Both RSA and DSA keys can be
1266 * imported, and flags can only be used to indicate an unencrypted
1267 * key.
1268 *
1269 * The @password can be either ASCII or UTF-8 in the default PBES2
1270 * encryption schemas, or ASCII for the PKCS12 schemas.
1271 *
1272 * If the Certificate is PEM encoded it should have a header of
1273 * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
1274 * specify the flags if the key is DER encoded, since in that case
1275 * the encryption status cannot be auto-detected.
1276 *
1277 * If the %GNUTLS_PKCS_PLAIN flag is specified and the supplied data
1278 * are encrypted then %GNUTLS_E_DECRYPTION_FAILED is returned.
1279 *
1280 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1281 * negative error value.
1282 **/
1283 int
1284 gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
1285 const gnutls_datum_t * data,
1286 gnutls_x509_crt_fmt_t format,
1287 const char *password, unsigned int flags)
1288 {
1289 int result = 0, need_free = 0;
1290 gnutls_datum_t _data;
1291
1292 if (key == NULL)
1293 {
1294 gnutls_assert ();
1295 return GNUTLS_E_INVALID_REQUEST;
1296 }
1297
1298 _data.data = data->data;
1299 _data.size = data->size;
1300
1301 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1302
1303 /* If the Certificate is in PEM format then decode it
1304 */
1305 if (format == GNUTLS_X509_FMT_PEM)
1306 {
1307 /* Try the first header
1308 */
1309 result =
1310 _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
1311 data->data, data->size, &_data);
1312
1313 if (result < 0)
1314 { /* Try the encrypted header
1315 */
1316 result =
1317 _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &_data);
1318
1319 if (result < 0)
1320 {
1321 gnutls_assert ();
1322 return result;
1323 }
1324 }
1325 else if (flags == 0)
1326 flags |= GNUTLS_PKCS_PLAIN;
1327
1328 need_free = 1;
1329 }
1330
1331 /* Here we don't check for password == NULL to maintain a backwards
1332 * compatibility behavior, with old versions that were encrypting using
1333 * a NULL password.
1334 */
1335 if (flags & GNUTLS_PKCS_PLAIN)
1336 {
1337 result = decode_private_key_info (&_data, key);
1338 if (result < 0)
1339 { /* check if it is encrypted */
1340 if (decode_pkcs8_key(&_data, "", key, 0) == 0)
1341 result = GNUTLS_E_DECRYPTION_FAILED;
1342 }
1343 }
1344 else
1345 { /* encrypted. */
1346 result = decode_pkcs8_key (&_data, password, key, 1);
1347 }
1348
1349 if (result < 0)
1350 {
1351 gnutls_assert ();
1352 goto cleanup;
1353 }
1354
1355 if (need_free)
1356 _gnutls_free_datum (&_data);
1357
1358 /* The key has now been decoded.
1359 */
1360
1361 return 0;
1362
1363 cleanup:
1364 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1365 if (need_free)
1366 _gnutls_free_datum (&_data);
1367 return result;
1368 }
1369
1370 /* Reads the PBKDF2 parameters.
1371 */
1372 static int
1373 read_pbkdf2_params (ASN1_TYPE pbes2_asn,
1374 const gnutls_datum_t * der, struct pbkdf2_params *params)
1375 {
1376 int params_start, params_end;
1377 int params_len, len, result;
1378 ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
1379 char oid[64];
1380
1381 memset (params, 0, sizeof (*params));
1382
1383 /* Check the key derivation algorithm
1384 */
1385 len = sizeof (oid);
1386 result =
1387 asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len);
1388 if (result != ASN1_SUCCESS)
1389 {
1390 gnutls_assert ();
1391 return _gnutls_asn2err (result);
1392 }
1393 _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid);
1394
1395 if (strcmp (oid, PBKDF2_OID) != 0)
1396 {
1397 gnutls_assert ();
1398 _gnutls_debug_log
1399 ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
1400 return _gnutls_asn2err (result);
1401 }
1402
1403 result =
1404 asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
1405 "keyDerivationFunc.parameters",
1406 &params_start, &params_end);
1407 if (result != ASN1_SUCCESS)
1408 {
1409 gnutls_assert ();
1410 return _gnutls_asn2err (result);
1411 }
1412 params_len = params_end - params_start + 1;
1413
1414 /* Now check the key derivation and the encryption
1415 * functions.
1416 */
1417 if ((result =
1418 asn1_create_element (_gnutls_get_pkix (),
1419 "PKIX1.pkcs-5-PBKDF2-params",
1420 &pbkdf2_asn)) != ASN1_SUCCESS)
1421 {
1422 gnutls_assert ();
1423 return _gnutls_asn2err (result);
1424 }
1425
1426 result =
1427 asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
1428 params_len, NULL);
1429 if (result != ASN1_SUCCESS)
1430 {
1431 gnutls_assert ();
1432 result = _gnutls_asn2err (result);
1433 goto error;
1434 }
1435
1436 /* read the salt */
1437 params->salt_size = sizeof (params->salt);
1438 result =
1439 asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
1440 &params->salt_size);
1441 if (result != ASN1_SUCCESS)
1442 {
1443 gnutls_assert ();
1444 result = _gnutls_asn2err (result);
1445 goto error;
1446 }
1447 _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size);
1448
1449 /* read the iteration count
1450 */
1451 result =
1452 _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
1453 &params->iter_count);
1454 if (result != ASN1_SUCCESS)
1455 {
1456 gnutls_assert ();
1457 goto error;
1458 }
1459 _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
1460
1461 /* read the keylength, if it is set.
1462 */
1463 result =
1464 _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", &params->key_size);
1465 if (result < 0)
1466 {
1467 params->key_size = 0;
1468 }
1469 _gnutls_hard_log ("keyLength: %d\n", params->key_size);
1470
1471 /* We don't read the PRF. We only use the default.
1472 */
1473
1474 result = 0;
1475
1476 error:
1477 asn1_delete_structure (&pbkdf2_asn);
1478 return result;
1479
1480 }
1481
1482 /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
1483 */
1484 static int
1485 read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
1486 {
1487 int result;
1488
1489 memset (params, 0, sizeof (*params));
1490
1491 /* read the salt */
1492 params->salt_size = sizeof (params->salt);
1493 result =
1494 asn1_read_value (pbes2_asn, "salt", params->salt, &params->salt_size);
1495 if (result != ASN1_SUCCESS)
1496 {
1497 gnutls_assert ();
1498 result = _gnutls_asn2err (result);
1499 goto error;
1500 }
1501 _gnutls_hard_log ("salt.size: %d\n", params->salt_size);
1502
1503 /* read the iteration count
1504 */
1505 result =
1506 _gnutls_x509_read_uint (pbes2_asn, "iterations", &params->iter_count);
1507 if (result != ASN1_SUCCESS)
1508 {
1509 gnutls_assert ();
1510 goto error;
1511 }
1512 _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
1513
1514 params->key_size = 0;
1515
1516 return 0;
1517
1518 error:
1519 return result;
1520
1521 }
1522
1523 /* Writes the PBE parameters for PKCS-12 schemas.
1524 */
1525 static int
1526 write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
1527 const struct pbkdf2_params *kdf_params)
1528 {
1529 int result;
1530
1531 /* write the salt
1532 */
1533 result =
1534 asn1_write_value (pbes2_asn, "salt",
1535 kdf_params->salt, kdf_params->salt_size);
1536 if (result != ASN1_SUCCESS)
1537 {
1538 gnutls_assert ();
1539 result = _gnutls_asn2err (result);
1540 goto error;
1541 }
1542 _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size);
1543
1544 /* write the iteration count
1545 */
1546 result =
1547 _gnutls_x509_write_uint32 (pbes2_asn, "iterations",
1548 kdf_params->iter_count);
1549 if (result < 0)
1550 {
1551 gnutls_assert ();
1552 goto error;
1553 }
1554 _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
1555
1556 return 0;
1557
1558 error:
1559 return result;
1560
1561 }
1562
1563
1564 /* Converts an OID to a gnutls cipher type.
1565 */
1566 inline static int
1567 oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
1568 {
1569
1570 *algo = 0;
1571
1572 if (strcmp (oid, DES_EDE3_CBC_OID) == 0)
1573 {
1574 *algo = GNUTLS_CIPHER_3DES_CBC;
1575 return 0;
1576 }
1577 else if (strcmp (oid, DES_CBC_OID) == 0)
1578 {
1579 *algo = GNUTLS_CIPHER_DES_CBC;
1580 return 0;
1581 }
1582 else if (strcmp (oid, AES_128_CBC_OID) == 0)
1583 {
1584 *algo = GNUTLS_CIPHER_AES_128_CBC;
1585 return 0;
1586 }
1587 else if (strcmp (oid, AES_192_CBC_OID) == 0)
1588 {
1589 *algo = GNUTLS_CIPHER_AES_192_CBC;
1590 return 0;
1591 }
1592 else if (strcmp (oid, AES_256_CBC_OID) == 0)
1593 {
1594 *algo = GNUTLS_CIPHER_AES_256_CBC;
1595 return 0;
1596 }
1597
1598 _gnutls_debug_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
1599 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
1600 }
1601
1602
1603
1604 static int
1605 read_pbe_enc_params (ASN1_TYPE pbes2_asn,
1606 const gnutls_datum_t * der,
1607 struct pbe_enc_params *params)
1608 {
1609 int params_start, params_end;
1610 int params_len, len, result;
1611 ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
1612 char oid[64];
1613 const char *eparams;
1614
1615 memset (params, 0, sizeof (*params));
1616
1617 /* Check the encryption algorithm
1618 */
1619 len = sizeof (oid);
1620 result =
1621 asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len);
1622 if (result != ASN1_SUCCESS)
1623 {
1624 gnutls_assert ();
1625 goto error;
1626 }
1627 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
1628
1629 if ((result = oid2cipher (oid, &params->cipher)) < 0)
1630 {
1631 gnutls_assert ();
1632 goto error;
1633 }
1634
1635 result =
1636 asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
1637 "encryptionScheme.parameters",
1638 &params_start, &params_end);
1639 if (result != ASN1_SUCCESS)
1640 {
1641 gnutls_assert ();
1642 return _gnutls_asn2err (result);
1643 }
1644 params_len = params_end - params_start + 1;
1645
1646 /* Now check the encryption parameters.
1647 */
1648 eparams = cipher_to_pkcs_params (params->cipher, NULL);
1649 if (eparams == NULL)
1650 {
1651 gnutls_assert ();
1652 return GNUTLS_E_INVALID_REQUEST;
1653 }
1654
1655 if ((result =
1656 asn1_create_element (_gnutls_get_pkix (),
1657 eparams, &pbe_asn)) != ASN1_SUCCESS)
1658 {
1659 gnutls_assert ();
1660 return _gnutls_asn2err (result);
1661 }
1662
1663 result =
1664 asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL);
1665 if (result != ASN1_SUCCESS)
1666 {
1667 gnutls_assert ();
1668 result = _gnutls_asn2err (result);
1669 goto error;
1670 }
1671
1672 /* read the IV */
1673 params->iv_size = sizeof (params->iv);
1674 result = asn1_read_value (pbe_asn, "", params->iv, &params->iv_size);
1675 if (result != ASN1_SUCCESS)
1676 {
1677 gnutls_assert ();
1678 result = _gnutls_asn2err (result);
1679 goto error;
1680 }
1681 _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
1682
1683 result = 0;
1684
1685 error:
1686 asn1_delete_structure (&pbe_asn);
1687 return result;
1688
1689 }
1690
1691 static int
1692 decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
1693 const char *root, const char *password,
1694 const struct pbkdf2_params *kdf_params,
1695 const struct pbe_enc_params *enc_params,
1696 gnutls_datum_t * decrypted_data)
1697 {
1698 int result;
1699 int data_size;
1700 uint8_t *data = NULL, *key = NULL;
1701 gnutls_datum_t dkey, d_iv;
1702 cipher_hd_st ch;
1703 int ch_init = 0;
1704 int key_size;
1705 unsigned int pass_len = 0;
1706
1707 if (password)
1708 pass_len = strlen(password);
1709
1710 data_size = 0;
1711 result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
1712 if (result != ASN1_MEM_ERROR)
1713 {
1714 gnutls_assert ();
1715 return _gnutls_asn2err (result);
1716 }
1717
1718 data = gnutls_malloc (data_size);
1719 if (data == NULL)
1720 {
1721 gnutls_assert ();
1722 return GNUTLS_E_MEMORY_ERROR;
1723 }
1724
1725 result = asn1_read_value (pkcs8_asn, root, data, &data_size);
1726 if (result != ASN1_SUCCESS)
1727 {
1728 gnutls_assert ();
1729 result = _gnutls_asn2err (result);
1730 goto error;
1731 }
1732
1733 if (kdf_params->key_size == 0)
1734 {
1735 key_size = gnutls_cipher_get_key_size (enc_params->cipher);
1736 }
1737 else
1738 key_size = kdf_params->key_size;
1739
1740 key = gnutls_malloc (key_size);
1741 if (key == NULL)
1742 {
1743 gnutls_assert ();
1744 result = GNUTLS_E_MEMORY_ERROR;
1745 goto error;
1746 }
1747
1748 /* generate the key
1749 */
1750 switch (schema)
1751 {
1752 case PBES2_3DES:
1753 case PBES2_AES_128:
1754 case PBES2_AES_192:
1755 case PBES2_AES_256:
1756
1757 result = _gnutls_pbkdf2_sha1 (password, pass_len,
1758 kdf_params->salt, kdf_params->salt_size,
1759 kdf_params->iter_count, key, key_size);
1760
1761 if (result < 0)
1762 {
1763 gnutls_assert ();
1764 goto error;
1765 }
1766 break;
1767 default:
1768 result =
1769 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
1770 kdf_params->salt_size,
1771 kdf_params->iter_count, password,
1772 key_size, key);
1773
1774 if (result < 0)
1775 {
1776 gnutls_assert ();
1777 goto error;
1778 }
1779 }
1780
1781 /* do the decryption.
1782 */
1783 dkey.data = key;
1784 dkey.size = key_size;
1785
1786 d_iv.data = (uint8_t *) enc_params->iv;
1787 d_iv.size = enc_params->iv_size;
1788 result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv, 0);
1789
1790 gnutls_free (key);
1791 key = NULL;
1792
1793 if (result < 0)
1794 {
1795 gnutls_assert ();
1796 goto error;
1797 }
1798
1799 ch_init = 1;
1800
1801 result = _gnutls_cipher_decrypt (&ch, data, data_size);
1802 if (result < 0)
1803 {
1804 gnutls_assert ();
1805 goto error;
1806 }
1807
1808 decrypted_data->data = data;
1809
1810 if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
1811 decrypted_data->size = data_size - data[data_size - 1];
1812 else
1813 decrypted_data->size = data_size;
1814
1815 _gnutls_cipher_deinit (&ch);
1816
1817 return 0;
1818
1819 error:
1820 gnutls_free (data);
1821 gnutls_free (key);
1822 if (ch_init != 0)
1823 _gnutls_cipher_deinit (&ch);
1824 return result;
1825 }
1826
1827
1828 /* Writes the PBKDF2 parameters.
1829 */
1830 static int
1831 write_pbkdf2_params (ASN1_TYPE pbes2_asn,
1832 const struct pbkdf2_params *kdf_params)
1833 {
1834 int result;
1835 ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
1836 uint8_t tmp[64];
1837
1838 /* Write the key derivation algorithm
1839 */
1840 result =
1841 asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
1842 PBKDF2_OID, 1);
1843 if (result != ASN1_SUCCESS)
1844 {
1845 gnutls_assert ();
1846 return _gnutls_asn2err (result);
1847 }
1848
1849 /* Now write the key derivation and the encryption
1850 * functions.
1851 */
1852 if ((result =
1853 asn1_create_element (_gnutls_get_pkix (),
1854 "PKIX1.pkcs-5-PBKDF2-params",
1855 &pbkdf2_asn)) != ASN1_SUCCESS)
1856 {
1857 gnutls_assert ();
1858 return _gnutls_asn2err (result);
1859 }
1860
1861 result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1);
1862 if (result != ASN1_SUCCESS)
1863 {
1864 gnutls_assert ();
1865 result = _gnutls_asn2err (result);
1866 goto error;
1867 }
1868
1869 /* write the salt
1870 */
1871 result =
1872 asn1_write_value (pbkdf2_asn, "salt.specified",
1873 kdf_params->salt, kdf_params->salt_size);
1874 if (result != ASN1_SUCCESS)
1875 {
1876 gnutls_assert ();
1877 result = _gnutls_asn2err (result);
1878 goto error;
1879 }
1880 _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size);
1881
1882 /* write the iteration count
1883 */
1884 _gnutls_write_uint32 (kdf_params->iter_count, tmp);
1885
1886 result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4);
1887 if (result != ASN1_SUCCESS)
1888 {
1889 gnutls_assert ();
1890 result = _gnutls_asn2err (result);
1891 goto error;
1892 }
1893 _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
1894
1895 /* write the keylength, if it is set.
1896 */
1897 result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0);
1898 if (result != ASN1_SUCCESS)
1899 {
1900 gnutls_assert ();
1901 result = _gnutls_asn2err (result);
1902 goto error;
1903 }
1904
1905 /* We write an emptry prf.
1906 */
1907 result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0);
1908 if (result != ASN1_SUCCESS)
1909 {
1910 gnutls_assert ();
1911 result = _gnutls_asn2err (result);
1912 goto error;
1913 }
1914
1915 /* now encode them an put the DER output
1916 * in the keyDerivationFunc.parameters
1917 */
1918 result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
1919 pbes2_asn,
1920 "keyDerivationFunc.parameters",
1921 0);
1922 if (result < 0)
1923 {
1924 gnutls_assert ();
1925 goto error;
1926 }
1927
1928 return 0;
1929
1930 error:
1931 asn1_delete_structure (&pbkdf2_asn);
1932 return result;
1933
1934 }
1935
1936
1937 static int
1938 write_pbe_enc_params (ASN1_TYPE pbes2_asn,
1939 const struct pbe_enc_params *params)
1940 {
1941 int result;
1942 ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
1943 const char *oid, *eparams;
1944
1945 /* Write the encryption algorithm
1946 */
1947 eparams = cipher_to_pkcs_params (params->cipher, &oid);
1948 if (eparams == NULL)
1949 {
1950 gnutls_assert ();
1951 return GNUTLS_E_INVALID_REQUEST;
1952 }
1953
1954 result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
1955 if (result != ASN1_SUCCESS)
1956 {
1957 gnutls_assert ();
1958 goto error;
1959 }
1960 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
1961
1962 /* Now check the encryption parameters.
1963 */
1964 if ((result =
1965 asn1_create_element (_gnutls_get_pkix (),
1966 eparams, &pbe_asn)) != ASN1_SUCCESS)
1967 {
1968 gnutls_assert ();
1969 return _gnutls_asn2err (result);
1970 }
1971
1972 /* read the salt */
1973 result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size);
1974 if (result != ASN1_SUCCESS)
1975 {
1976 gnutls_assert ();
1977 result = _gnutls_asn2err (result);
1978 goto error;
1979 }
1980 _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
1981
1982 /* now encode them an put the DER output
1983 * in the encryptionScheme.parameters
1984 */
1985 result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
1986 pbes2_asn,
1987 "encryptionScheme.parameters",
1988 0);
1989 if (result < 0)
1990 {
1991 gnutls_assert ();
1992 goto error;
1993 }
1994
1995 return 0;
1996
1997 error:
1998 asn1_delete_structure (&pbe_asn);
1999 return result;
2000
2001 }
2002
2003 /* Generates a key and also stores the key parameters.
2004 */
2005 static int
2006 generate_key (schema_id schema,
2007 const char *password,
2008 struct pbkdf2_params *kdf_params,
2009 struct pbe_enc_params *enc_params, gnutls_datum_t * key)
2010 {
2011 unsigned char rnd[2];
2012 unsigned int pass_len = 0;
2013 int ret;
2014
2015 if (password)
2016 pass_len = strlen(password);
2017
2018 ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
2019 if (ret < 0)
2020 {
2021 gnutls_assert ();
2022 return ret;
2023 }
2024
2025 /* generate salt */
2026 kdf_params->salt_size =
2027 MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
2028
2029 switch (schema)
2030 {
2031 case PBES2_3DES:
2032 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
2033 break;
2034 case PBES2_AES_128:
2035 enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
2036 break;
2037 case PBES2_AES_192:
2038 enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
2039 break;
2040 case PBES2_AES_256:
2041 enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
2042 break;
2043 /* non PBES2 algorithms */
2044 case PKCS12_ARCFOUR_SHA1:
2045 enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
2046 kdf_params->salt_size = 8;
2047 break;
2048 case PKCS12_3DES_SHA1:
2049 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
2050 kdf_params->salt_size = 8;
2051 break;
2052 case PKCS12_RC2_40_SHA1:
2053 enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
2054 kdf_params->salt_size = 8;
2055 break;
2056 default:
2057 gnutls_assert ();
2058 return GNUTLS_E_INVALID_REQUEST;
2059 }
2060
2061 ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
2062 kdf_params->salt_size);
2063 if (ret < 0)
2064 {
2065 gnutls_assert ();
2066 return GNUTLS_E_RANDOM_FAILED;
2067 }
2068
2069 kdf_params->iter_count = 256 + rnd[0];
2070 key->size = kdf_params->key_size =
2071 gnutls_cipher_get_key_size (enc_params->cipher);
2072
2073 enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher);
2074 key->data = gnutls_malloc (key->size);
2075 if (key->data == NULL)
2076 {
2077 gnutls_assert ();
2078 return GNUTLS_E_MEMORY_ERROR;
2079 }
2080
2081 /* now generate the key.
2082 */
2083
2084 switch (schema)
2085 {
2086 case PBES2_3DES:
2087 case PBES2_AES_128:
2088 case PBES2_AES_192:
2089 case PBES2_AES_256:
2090
2091 ret = _gnutls_pbkdf2_sha1 (password, pass_len,
2092 kdf_params->salt, kdf_params->salt_size,
2093 kdf_params->iter_count,
2094 key->data, kdf_params->key_size);
2095 if (ret < 0)
2096 {
2097 gnutls_assert ();
2098 return ret;
2099 }
2100
2101 if (enc_params->iv_size)
2102 {
2103 ret = _gnutls_rnd (GNUTLS_RND_NONCE,
2104 enc_params->iv, enc_params->iv_size);
2105 if (ret < 0)
2106 {
2107 gnutls_assert ();
2108 return ret;
2109 }
2110 }
2111 break;
2112
2113 default:
2114 ret =
2115 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
2116 kdf_params->salt_size,
2117 kdf_params->iter_count, password,
2118 kdf_params->key_size, key->data);
2119 if (ret < 0)
2120 {
2121 gnutls_assert ();
2122 return ret;
2123 }
2124
2125 /* Now generate the IV
2126 */
2127 if (enc_params->iv_size)
2128 {
2129 ret =
2130 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
2131 kdf_params->salt_size,
2132 kdf_params->iter_count, password,
2133 enc_params->iv_size,
2134 enc_params->iv);
2135 if (ret < 0)
2136 {
2137 gnutls_assert ();
2138 return ret;
2139 }
2140 }
2141 }
2142
2143
2144 return 0;
2145 }
2146
2147
2148 /* Encodes the parameters to be written in the encryptionAlgorithm.parameters
2149 * part.
2150 */
2151 static int
2152 write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
2153 const char *where,
2154 const struct pbkdf2_params *kdf_params,
2155 const struct pbe_enc_params *enc_params)
2156 {
2157 int result;
2158 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
2159
2160 switch (schema)
2161 {
2162 case PBES2_3DES:
2163 case PBES2_AES_128:
2164 case PBES2_AES_192:
2165 case PBES2_AES_256:
2166 if ((result =
2167 asn1_create_element (_gnutls_get_pkix (),
2168 "PKIX1.pkcs-5-PBES2-params",
2169 &pbes2_asn)) != ASN1_SUCCESS)
2170 {
2171 gnutls_assert ();
2172 return _gnutls_asn2err (result);
2173 }
2174
2175 result = write_pbkdf2_params (pbes2_asn, kdf_params);
2176 if (result < 0)
2177 {
2178 gnutls_assert ();
2179 goto error;
2180 }
2181
2182 result = write_pbe_enc_params (pbes2_asn, enc_params);
2183 if (result < 0)
2184 {
2185 gnutls_assert ();
2186 goto error;
2187 }
2188
2189 result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
2190 pkcs8_asn, where, 0);
2191 if (result < 0)
2192 {
2193 gnutls_assert ();
2194 goto error;
2195 }
2196
2197 asn1_delete_structure (&pbes2_asn);
2198 break;
2199
2200 default:
2201
2202 if ((result =
2203 asn1_create_element (_gnutls_get_pkix (),
2204 "PKIX1.pkcs-12-PbeParams",
2205 &pbes2_asn)) != ASN1_SUCCESS)
2206 {
2207 gnutls_assert ();
2208 result = _gnutls_asn2err (result);
2209 goto error;
2210 }
2211
2212 result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
2213 if (result < 0)
2214 {
2215 gnutls_assert ();
2216 goto error;
2217 }
2218
2219 result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
2220 pkcs8_asn, where, 0);
2221 if (result < 0)
2222 {
2223 gnutls_assert ();
2224 goto error;
2225 }
2226
2227 asn1_delete_structure (&pbes2_asn);
2228
2229 }
2230
2231 return 0;
2232
2233 error:
2234 asn1_delete_structure (&pbes2_asn);
2235 return result;
2236
2237 }
2238
2239 static int
2240 encrypt_data (const gnutls_datum_t * plain,
2241 const struct pbe_enc_params *enc_params,
2242 gnutls_datum_t * key, gnutls_datum_t * encrypted)
2243 {
2244 int result;
2245 int data_size;
2246 uint8_t *data = NULL;
2247 gnutls_datum_t d_iv;
2248 cipher_hd_st ch;
2249 int ch_init = 0;
2250 uint8_t pad, pad_size;
2251
2252 pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
2253
2254 if (pad_size == 1) /* stream */
2255 pad_size = 0;
2256
2257 data = gnutls_malloc (plain->size + pad_size);
2258 if (data == NULL)
2259 {
2260 gnutls_assert ();
2261 return GNUTLS_E_MEMORY_ERROR;
2262 }
2263
2264 memcpy (data, plain->data, plain->size);
2265
2266 if (pad_size > 0)
2267 {
2268 pad = pad_size - (plain->size % pad_size);
2269 if (pad == 0)
2270 pad = pad_size;
2271 memset (&data[plain->size], pad, pad);
2272 }
2273 else
2274 pad = 0;
2275
2276 data_size = plain->size + pad;
2277
2278 d_iv.data = (uint8_t *) enc_params->iv;
2279 d_iv.size = enc_params->iv_size;
2280 result = _gnutls_cipher_init (&ch, enc_params->cipher, key, &d_iv, 1);
2281
2282 if (result < 0)
2283 {
2284 gnutls_assert ();
2285 goto error;
2286 }
2287
2288 ch_init = 1;
2289
2290 result = _gnutls_cipher_encrypt (&ch, data, data_size);
2291 if (result < 0)
2292 {
2293 gnutls_assert ();
2294 goto error;
2295 }
2296
2297 encrypted->data = data;
2298 encrypted->size = data_size;
2299
2300 _gnutls_cipher_deinit (&ch);
2301
2302 return 0;
2303
2304 error:
2305 gnutls_free (data);
2306 if (ch_init != 0)
2307 _gnutls_cipher_deinit (&ch);
2308 return result;
2309 }
2310
2311 /* Decrypts a PKCS #7 encryptedData. The output is allocated
2312 * and stored in dec.
2313 */
2314 int
2315 _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
2316 const char *password, gnutls_datum_t * dec)
2317 {
2318 int result, len;
2319 char enc_oid[64];
2320 gnutls_datum_t tmp;
2321 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
2322 int params_start, params_end, params_len;
2323 struct pbkdf2_params kdf_params;
2324 struct pbe_enc_params enc_params;
2325 schema_id schema;
2326
2327 if ((result =
2328 asn1_create_element (_gnutls_get_pkix (),
2329 "PKIX1.pkcs-7-EncryptedData",
2330 &pkcs7_asn)) != ASN1_SUCCESS)
2331 {
2332 gnutls_assert ();
2333 result = _gnutls_asn2err (result);
2334 goto error;
2335 }
2336
2337 result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL);
2338 if (result != ASN1_SUCCESS)
2339 {
2340 gnutls_assert ();
2341 result = _gnutls_asn2err (result);
2342 goto error;
2343 }
2344
2345 /* Check the encryption schema OID
2346 */
2347 len = sizeof (enc_oid);
2348 result =
2349 asn1_read_value (pkcs7_asn,
2350 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2351 enc_oid, &len);
2352 if (result != ASN1_SUCCESS)
2353 {
2354 gnutls_assert ();
2355 result = _gnutls_asn2err (result);
2356 goto error;
2357 }
2358
2359 if ((result = check_schema (enc_oid)) < 0)
2360 {
2361 gnutls_assert ();
2362 goto error;
2363 }
2364 schema = result;
2365
2366 /* Get the DER encoding of the parameters.
2367 */
2368 result =
2369 asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
2370 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2371 &params_start, &params_end);
2372 if (result != ASN1_SUCCESS)
2373 {
2374 gnutls_assert ();
2375 result = _gnutls_asn2err (result);
2376 goto error;
2377 }
2378 params_len = params_end - params_start + 1;
2379
2380 result =
2381 read_pkcs_schema_params (&schema, password,
2382 &data->data[params_start],
2383 params_len, &kdf_params, &enc_params);
2384 if (result < ASN1_SUCCESS)
2385 {
2386 gnutls_assert ();
2387 result = _gnutls_asn2err (result);
2388 goto error;
2389 }
2390
2391 /* Parameters have been decoded. Now
2392 * decrypt the EncryptedData.
2393 */
2394
2395 result =
2396 decrypt_data (schema, pkcs7_asn,
2397 "encryptedContentInfo.encryptedContent", password,
2398 &kdf_params, &enc_params, &tmp);
2399 if (result < 0)
2400 {
2401 gnutls_assert ();
2402 goto error;
2403 }
2404
2405 asn1_delete_structure (&pkcs7_asn);
2406
2407 *dec = tmp;
2408
2409 return 0;
2410
2411 error:
2412 asn1_delete_structure (&pbes2_asn);
2413 asn1_delete_structure (&pkcs7_asn);
2414 return result;
2415 }
2416
2417 /* Encrypts to a PKCS #7 encryptedData. The output is allocated
2418 * and stored in enc.
2419 */
2420 int
2421 _gnutls_pkcs7_encrypt_data (schema_id schema,
2422 const gnutls_datum_t * data,
2423 const char *password, gnutls_datum_t * enc)
2424 {
2425 int result;
2426 gnutls_datum_t key = { NULL, 0 };
2427 gnutls_datum_t tmp = { NULL, 0 };
2428 ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
2429 struct pbkdf2_params kdf_params;
2430 struct pbe_enc_params enc_params;
2431 const char *str_oid;
2432
2433 if ((result =
2434 asn1_create_element (_gnutls_get_pkix (),
2435 "PKIX1.pkcs-7-EncryptedData",
2436 &pkcs7_asn)) != ASN1_SUCCESS)
2437 {
2438 gnutls_assert ();
2439 result = _gnutls_asn2err (result);
2440 goto error;
2441 }
2442
2443 /* Write the encryption schema OID
2444 */
2445 result = schema_to_oid (schema, &str_oid);
2446 if (result < 0)
2447 {
2448 gnutls_assert ();
2449 return result;
2450 }
2451
2452 result =
2453 asn1_write_value (pkcs7_asn,
2454 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2455 str_oid, 1);
2456
2457 if (result != ASN1_SUCCESS)
2458 {
2459 gnutls_assert ();
2460 result = _gnutls_asn2err (result);
2461 goto error;
2462 }
2463
2464 /* Generate a symmetric key.
2465 */
2466
2467 result = generate_key (schema, password, &kdf_params, &enc_params, &key);
2468 if (result < 0)
2469 {
2470 gnutls_assert ();
2471 goto error;
2472 }
2473
2474 result = write_schema_params (schema, pkcs7_asn,
2475 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2476 &kdf_params, &enc_params);
2477 if (result < 0)
2478 {
2479 gnutls_assert ();
2480 goto error;
2481 }
2482
2483 /* Parameters have been encoded. Now
2484 * encrypt the Data.
2485 */
2486 result = encrypt_data (data, &enc_params, &key, &tmp);
2487 if (result < 0)
2488 {
2489 gnutls_assert ();
2490 goto error;
2491 }
2492
2493 /* write the encrypted data.
2494 */
2495 result =
2496 asn1_write_value (pkcs7_asn,
2497 "encryptedContentInfo.encryptedContent", tmp.data,
2498 tmp.size);
2499 if (result != ASN1_SUCCESS)
2500 {
2501 gnutls_assert ();
2502 result = _gnutls_asn2err (result);
2503 goto error;
2504 }
2505
2506 _gnutls_free_datum (&tmp);
2507 _gnutls_free_datum (&key);
2508
2509 /* Now write the rest of the pkcs-7 stuff.
2510 */
2511
2512 result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
2513 if (result < 0)
2514 {
2515 gnutls_assert ();
2516 goto error;
2517 }
2518
2519 result =
2520 asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
2521 DATA_OID, 1);
2522 if (result != ASN1_SUCCESS)
2523 {
2524 gnutls_assert ();
2525 result = _gnutls_asn2err (result);
2526 goto error;
2527 }
2528
2529 result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
2530 if (result != ASN1_SUCCESS)
2531 {
2532 gnutls_assert ();
2533 result = _gnutls_asn2err (result);
2534 goto error;
2535 }
2536
2537 /* Now encode and copy the DER stuff.
2538 */
2539 result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
2540
2541 asn1_delete_structure (&pkcs7_asn);
2542
2543 if (result < 0)
2544 {
2545 gnutls_assert ();
2546 goto error;
2547 }
2548
2549
2550 error:
2551 _gnutls_free_datum (&key);
2552 _gnutls_free_datum (&tmp);
2553 asn1_delete_structure (&pkcs7_asn);
2554 return result;
2555 }
2556
Implementation of the SSL/TLS protocol