2 * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
26 #include <gnutls_int.h>
30 #include <gnutls_datum.h>
31 #include <gnutls_global.h>
32 #include <gnutls_errors.h>
33 #include <gnutls_rsa_export.h>
35 #include <gnutls_x509.h>
38 #include <gnutls_algorithms.h>
39 #include <gnutls_num.h>
41 #include <pbkdf2-sha1.h>
43 #define PBES2_OID "1.2.840.113549.1.5.13"
44 #define PBKDF2_OID "1.2.840.113549.1.5.12"
45 #define DES_EDE3_CBC_OID "1.2.840.113549.3.7"
46 #define AES_128_CBC_OID "2.16.840.1.101.3.4.1.2"
47 #define AES_192_CBC_OID "2.16.840.1.101.3.4.1.22"
48 #define AES_256_CBC_OID "2.16.840.1.101.3.4.1.42"
49 #define DES_CBC_OID "1.3.14.3.2.7"
51 /* oid_pbeWithSHAAnd3_KeyTripleDES_CBC */
52 #define PKCS12_PBE_3DES_SHA1_OID "1.2.840.113549.1.12.1.3"
53 #define PKCS12_PBE_ARCFOUR_SHA1_OID "1.2.840.113549.1.12.1.1"
54 #define PKCS12_PBE_RC2_40_SHA1_OID "1.2.840.113549.1.12.1.6"
60 unsigned int iter_count;
61 unsigned int key_size;
66 gnutls_cipher_algorithm_t cipher;
67 opaque iv[MAX_CIPHER_BLOCK_SIZE];
71 static int generate_key (schema_id schema, const char *password,
72 struct pbkdf2_params *kdf_params,
73 struct pbe_enc_params *enc_params,
74 gnutls_datum_t * key);
75 static int read_pbkdf2_params (ASN1_TYPE pbes2_asn,
76 const gnutls_datum_t * der,
77 struct pbkdf2_params *params);
78 static int read_pbe_enc_params (ASN1_TYPE pbes2_asn,
79 const gnutls_datum_t * der,
80 struct pbe_enc_params *params);
81 static int decrypt_data (schema_id, ASN1_TYPE pkcs8_asn, const char *root,
83 const struct pbkdf2_params *kdf_params,
84 const struct pbe_enc_params *enc_params,
85 gnutls_datum_t * decrypted_data);
86 static int decode_private_key_info (const gnutls_datum_t * der,
87 gnutls_x509_privkey_t pkey);
88 static int write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
90 const struct pbkdf2_params *kdf_params,
91 const struct pbe_enc_params *enc_params);
92 static int encrypt_data (const gnutls_datum_t * plain,
93 const struct pbe_enc_params *enc_params,
94 gnutls_datum_t * key, gnutls_datum_t * encrypted);
96 static int read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
97 struct pbkdf2_params *params);
98 static int write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
99 const struct pbkdf2_params *params);
101 #define PEM_PKCS8 "ENCRYPTED PRIVATE KEY"
102 #define PEM_UNENCRYPTED_PKCS8 "PRIVATE KEY"
104 /* Returns a negative error code if the encryption schema in
105 * the OID is not supported. The schema ID is returned.
108 check_schema (const char *oid)
111 if (strcmp (oid, PBES2_OID) == 0)
112 return PBES2_GENERIC; /* ok */
114 if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
115 return PKCS12_3DES_SHA1;
117 if (strcmp (oid, PKCS12_PBE_ARCFOUR_SHA1_OID) == 0)
118 return PKCS12_ARCFOUR_SHA1;
120 if (strcmp (oid, PKCS12_PBE_RC2_40_SHA1_OID) == 0)
121 return PKCS12_RC2_40_SHA1;
123 _gnutls_x509_log ("PKCS encryption schema OID '%s' is unsupported.\n", oid);
125 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
128 /* Encodes a private key to the raw format PKCS #8 needs.
129 * For RSA it is a PKCS #1 DER private key and for DSA it is
130 * an ASN.1 INTEGER of the x value.
133 _encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw)
138 ASN1_TYPE spk = ASN1_TYPE_EMPTY;
140 switch (pkey->pk_algorithm)
144 gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size);
145 if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER)
151 data = gnutls_malloc (size);
155 ret = GNUTLS_E_MEMORY_ERROR;
161 gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size);
172 /* DSAPublicKey == INTEGER */
173 if ((ret = asn1_create_element
174 (_gnutls_get_gnutls_asn (), "GNUTLS.DSAPublicKey", &spk))
178 return _gnutls_asn2err (ret);
181 ret = _gnutls_x509_write_int (spk, "", pkey->params[4], 1);
187 ret = _gnutls_x509_der_encode (spk, "", raw, 0);
194 asn1_delete_structure (&spk);
199 return GNUTLS_E_INVALID_REQUEST;
206 asn1_delete_structure (&spk);
212 * Encodes a PKCS #1 private key to a PKCS #8 private key
213 * info. The output will be allocated and stored into der. Also
214 * the ASN1_TYPE of private key info will be returned.
217 encode_to_private_key_info (gnutls_x509_privkey_t pkey,
218 gnutls_datum_t * der, ASN1_TYPE * pkey_info)
223 gnutls_datum_t algo_params = { NULL, 0 };
224 gnutls_datum_t algo_privkey = { NULL, 0 };
226 if (pkey->pk_algorithm != GNUTLS_PK_RSA
227 && pkey->pk_algorithm != GNUTLS_PK_DSA)
230 return GNUTLS_E_UNIMPLEMENTED_FEATURE;
233 if (pkey->pk_algorithm == GNUTLS_PK_RSA)
235 oid = PK_PKIX1_RSA_OID;
236 /* parameters are null
243 _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size,
253 asn1_create_element (_gnutls_get_pkix (),
254 "PKIX1.pkcs-8-PrivateKeyInfo",
255 pkey_info)) != ASN1_SUCCESS)
258 result = _gnutls_asn2err (result);
262 /* Write the version.
264 result = asn1_write_value (*pkey_info, "version", &null, 1);
265 if (result != ASN1_SUCCESS)
268 result = _gnutls_asn2err (result);
272 /* write the privateKeyAlgorithm
273 * fields. (OID+NULL data)
276 asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1);
277 if (result != ASN1_SUCCESS)
280 result = _gnutls_asn2err (result);
285 asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters",
286 algo_params.data, algo_params.size);
287 _gnutls_free_datum (&algo_params);
288 if (result != ASN1_SUCCESS)
291 result = _gnutls_asn2err (result);
296 /* Write the raw private key
298 result = _encode_privkey (pkey, &algo_privkey);
306 asn1_write_value (*pkey_info, "privateKey", algo_privkey.data,
308 _gnutls_free_datum (&algo_privkey);
310 if (result != ASN1_SUCCESS)
313 result = _gnutls_asn2err (result);
317 /* Append an empty Attributes field.
319 result = asn1_write_value (*pkey_info, "attributes", NULL, 0);
320 if (result != ASN1_SUCCESS)
323 result = _gnutls_asn2err (result);
327 /* DER Encode the generated private key info.
330 result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL);
331 if (result != ASN1_MEM_ERROR)
334 result = _gnutls_asn2err (result);
338 /* allocate data for the der
341 der->data = gnutls_malloc (len);
342 if (der->data == NULL)
345 return GNUTLS_E_MEMORY_ERROR;
348 result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL);
349 if (result != ASN1_SUCCESS)
352 result = _gnutls_asn2err (result);
359 asn1_delete_structure (pkey_info);
360 _gnutls_free_datum (&algo_params);
361 _gnutls_free_datum (&algo_privkey);
367 cipher_to_pkcs_params (int cipher, const char **oid)
371 case GNUTLS_CIPHER_AES_128_CBC:
373 *oid = AES_128_CBC_OID;
374 return "PKIX1.pkcs-5-aes128-CBC-params";
376 case GNUTLS_CIPHER_AES_192_CBC:
378 *oid = AES_192_CBC_OID;
379 return "PKIX1.pkcs-5-aes192-CBC-params";
381 case GNUTLS_CIPHER_AES_256_CBC:
383 *oid = AES_256_CBC_OID;
384 return "PKIX1.pkcs-5-aes256-CBC-params";
386 case GNUTLS_CIPHER_3DES_CBC:
388 *oid = DES_EDE3_CBC_OID;
389 return "PKIX1.pkcs-5-des-EDE3-CBC-params";
398 cipher_to_schema (int cipher)
402 case GNUTLS_CIPHER_AES_128_CBC:
403 return PBES2_AES_128;
405 case GNUTLS_CIPHER_AES_192_CBC:
406 return PBES2_AES_192;
408 case GNUTLS_CIPHER_AES_256_CBC:
409 return PBES2_AES_256;
411 case GNUTLS_CIPHER_3DES_CBC:
415 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
422 _gnutls_pkcs_flags_to_schema (unsigned int flags)
426 if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
427 schema = PKCS12_ARCFOUR_SHA1;
428 else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
429 schema = PKCS12_RC2_40_SHA1;
430 else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
432 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
433 schema = PBES2_AES_128;
434 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
435 schema = PBES2_AES_192;
436 else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
437 schema = PBES2_AES_256;
442 ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
444 schema = PKCS12_3DES_SHA1;
450 /* returns the OID corresponding to given schema
453 schema_to_oid (schema_id schema, const char **str_oid)
463 *str_oid = PBES2_OID;
465 case PKCS12_3DES_SHA1:
466 *str_oid = PKCS12_PBE_3DES_SHA1_OID;
468 case PKCS12_ARCFOUR_SHA1:
469 *str_oid = PKCS12_PBE_ARCFOUR_SHA1_OID;
471 case PKCS12_RC2_40_SHA1:
472 *str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
476 result = GNUTLS_E_INTERNAL_ERROR;
482 /* Converts a PKCS #8 private key info to
483 * a PKCS #8 EncryptedPrivateKeyInfo.
486 encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
487 const char *password, ASN1_TYPE * out)
490 gnutls_datum_t key = { NULL, 0 };
491 gnutls_datum_t tmp = { NULL, 0 };
492 ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
493 struct pbkdf2_params kdf_params;
494 struct pbe_enc_params enc_params;
499 asn1_create_element (_gnutls_get_pkix (),
500 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
501 &pkcs8_asn)) != ASN1_SUCCESS)
504 result = _gnutls_asn2err (result);
508 /* Write the encryption schema OID
510 result = schema_to_oid (schema, &str_oid);
518 asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
520 if (result != ASN1_SUCCESS)
523 result = _gnutls_asn2err (result);
527 /* Generate a symmetric key.
530 result = generate_key (schema, password, &kdf_params, &enc_params, &key);
538 write_schema_params (schema, pkcs8_asn,
539 "encryptionAlgorithm.parameters", &kdf_params,
547 /* Parameters have been encoded. Now
550 result = encrypt_data (der_key, &enc_params, &key, &tmp);
557 /* write the encrypted data.
559 result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size);
560 if (result != ASN1_SUCCESS)
563 result = _gnutls_asn2err (result);
567 _gnutls_free_datum (&tmp);
568 _gnutls_free_datum (&key);
575 _gnutls_free_datum (&key);
576 _gnutls_free_datum (&tmp);
577 asn1_delete_structure (&pkcs8_asn);
583 * gnutls_x509_privkey_export_pkcs8:
584 * @key: Holds the key
585 * @format: the format of output params. One of PEM or DER.
586 * @password: the password that will be used to encrypt the key.
587 * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
588 * @output_data: will contain a private key PEM or DER encoded
589 * @output_data_size: holds the size of output_data (and will be
590 * replaced by the actual size of parameters)
592 * This function will export the private key to a PKCS8 structure.
593 * Both RSA and DSA keys can be exported. For DSA keys we use
594 * PKCS #11 definitions. If the flags do not specify the encryption
595 * cipher, then the default 3DES (PBES2) will be used.
597 * The @password can be either ASCII or UTF-8 in the default PBES2
598 * encryption schemas, or ASCII for the PKCS12 schemas.
600 * If the buffer provided is not long enough to hold the output, then
601 * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will
604 * If the structure is PEM encoded, it will have a header
605 * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if
606 * encryption is not used.
608 * Return value: In case of failure a negative value will be
609 * returned, and 0 on success.
612 gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
613 gnutls_x509_crt_fmt_t format,
614 const char *password,
617 size_t * output_data_size)
619 ASN1_TYPE pkcs8_asn, pkey_info;
627 return GNUTLS_E_INVALID_REQUEST;
630 /* Get the private key info
631 * tmp holds the DER encoding.
633 ret = encode_to_private_key_info (key, &tmp, &pkey_info);
640 schema = _gnutls_pkcs_flags_to_schema (flags);
642 if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
644 _gnutls_free_datum (&tmp);
647 _gnutls_x509_export_int (pkey_info, format,
648 PEM_UNENCRYPTED_PKCS8,
649 output_data, output_data_size);
651 asn1_delete_structure (&pkey_info);
655 asn1_delete_structure (&pkey_info); /* we don't need it */
657 ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn);
658 _gnutls_free_datum (&tmp);
667 _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8,
668 output_data, output_data_size);
670 asn1_delete_structure (&pkcs8_asn);
677 /* Read the parameters cipher, IV, salt etc using the given
681 read_pkcs_schema_params (schema_id * schema, const char *password,
682 const opaque * data, int data_size,
683 struct pbkdf2_params *kdf_params,
684 struct pbe_enc_params *enc_params)
686 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
695 /* Now check the key derivation and the encryption
699 asn1_create_element (_gnutls_get_pkix (),
700 "PKIX1.pkcs-5-PBES2-params",
701 &pbes2_asn)) != ASN1_SUCCESS)
704 result = _gnutls_asn2err (result);
708 /* Decode the parameters.
710 result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
711 if (result != ASN1_SUCCESS)
714 result = _gnutls_asn2err (result);
718 tmp.data = (opaque *) data;
719 tmp.size = data_size;
721 result = read_pbkdf2_params (pbes2_asn, &tmp, kdf_params);
725 result = _gnutls_asn2err (result);
729 result = read_pbe_enc_params (pbes2_asn, &tmp, enc_params);
733 result = _gnutls_asn2err (result);
737 asn1_delete_structure (&pbes2_asn);
739 result = cipher_to_schema (enc_params->cipher);
749 case PKCS12_3DES_SHA1:
750 case PKCS12_ARCFOUR_SHA1:
751 case PKCS12_RC2_40_SHA1:
753 if ((*schema) == PKCS12_3DES_SHA1)
755 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
756 enc_params->iv_size = 8;
758 else if ((*schema) == PKCS12_ARCFOUR_SHA1)
760 enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
761 enc_params->iv_size = 0;
763 else if ((*schema) == PKCS12_RC2_40_SHA1)
765 enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
766 enc_params->iv_size = 8;
770 asn1_create_element (_gnutls_get_pkix (),
771 "PKIX1.pkcs-12-PbeParams",
772 &pbes2_asn)) != ASN1_SUCCESS)
775 result = _gnutls_asn2err (result);
779 /* Decode the parameters.
781 result = asn1_der_decoding (&pbes2_asn, data, data_size, NULL);
782 if (result != ASN1_SUCCESS)
785 result = _gnutls_asn2err (result);
789 result = read_pkcs12_kdf_params (pbes2_asn, kdf_params);
796 if (enc_params->iv_size)
799 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
800 kdf_params->salt_size,
801 kdf_params->iter_count, password,
812 asn1_delete_structure (&pbes2_asn);
820 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
823 asn1_delete_structure (&pbes2_asn);
828 /* Converts a PKCS #8 key to
829 * an internal structure (gnutls_private_key)
830 * (normally a PKCS #1 encoded RSA key)
833 decode_pkcs8_key (const gnutls_datum_t * raw_key,
834 const char *password, gnutls_x509_privkey_t pkey)
839 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs8_asn = ASN1_TYPE_EMPTY;
840 int params_start, params_end, params_len;
841 struct pbkdf2_params kdf_params;
842 struct pbe_enc_params enc_params;
846 asn1_create_element (_gnutls_get_pkix (),
847 "PKIX1.pkcs-8-EncryptedPrivateKeyInfo",
848 &pkcs8_asn)) != ASN1_SUCCESS)
851 result = _gnutls_asn2err (result);
855 result = asn1_der_decoding (&pkcs8_asn, raw_key->data, raw_key->size, NULL);
856 if (result != ASN1_SUCCESS)
859 result = _gnutls_asn2err (result);
863 /* Check the encryption schema OID
865 len = sizeof (enc_oid);
867 asn1_read_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
869 if (result != ASN1_SUCCESS)
875 if ((result = check_schema (enc_oid)) < 0)
883 /* Get the DER encoding of the parameters.
886 asn1_der_decoding_startEnd (pkcs8_asn, raw_key->data,
888 "encryptionAlgorithm.parameters",
889 ¶ms_start, ¶ms_end);
890 if (result != ASN1_SUCCESS)
893 result = _gnutls_asn2err (result);
896 params_len = params_end - params_start + 1;
899 read_pkcs_schema_params (&schema, password,
900 &raw_key->data[params_start],
901 params_len, &kdf_params, &enc_params);
909 /* Parameters have been decoded. Now
910 * decrypt the EncryptedData.
913 decrypt_data (schema, pkcs8_asn, "encryptedData", password,
914 &kdf_params, &enc_params, &tmp);
921 asn1_delete_structure (&pkcs8_asn);
923 result = decode_private_key_info (&tmp, pkey);
924 _gnutls_free_datum (&tmp);
928 /* We've gotten this far. In the real world it's almost certain
929 * that we're dealing with a good file, but wrong password.
930 * Sadly like 90% of random data is somehow valid DER for the
931 * a first small number of bytes, so no easy way to guarantee. */
932 if (result == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND ||
933 result == GNUTLS_E_ASN1_IDENTIFIER_NOT_FOUND ||
934 result == GNUTLS_E_ASN1_DER_ERROR ||
935 result == GNUTLS_E_ASN1_VALUE_NOT_FOUND ||
936 result == GNUTLS_E_ASN1_GENERIC_ERROR ||
937 result == GNUTLS_E_ASN1_VALUE_NOT_VALID ||
938 result == GNUTLS_E_ASN1_TAG_ERROR ||
939 result == GNUTLS_E_ASN1_TAG_IMPLICIT ||
940 result == GNUTLS_E_ASN1_TYPE_ANY_ERROR ||
941 result == GNUTLS_E_ASN1_SYNTAX_ERROR ||
942 result == GNUTLS_E_ASN1_DER_OVERFLOW)
944 result = GNUTLS_E_DECRYPTION_FAILED;
954 asn1_delete_structure (&pbes2_asn);
955 asn1_delete_structure (&pkcs8_asn);
959 /* Decodes an RSA privateKey from a PKCS8 structure.
962 _decode_pkcs8_rsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
967 ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
974 pkey->key = _gnutls_privkey_decode_pkcs1_rsa_key (&tmp, pkey);
975 _gnutls_free_datum (&tmp);
976 if (pkey->key == NULL)
985 gnutls_x509_privkey_deinit (pkey);
989 /* Decodes an DSA privateKey and params from a PKCS8 structure.
992 _decode_pkcs8_dsa_key (ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey)
997 ret = _gnutls_x509_read_value (pkcs8_asn, "privateKey", &tmp, 0);
1004 ret = _gnutls_x509_read_der_int (tmp.data, tmp.size, &pkey->params[4]);
1005 _gnutls_free_datum (&tmp);
1014 _gnutls_x509_read_value (pkcs8_asn, "privateKeyAlgorithm.parameters",
1022 ret = _gnutls_x509_read_dsa_params (tmp.data, tmp.size, pkey->params);
1023 _gnutls_free_datum (&tmp);
1030 /* the public key can be generated as g^x mod p */
1031 pkey->params[3] = _gnutls_mpi_alloc_like (pkey->params[0]);
1032 if (pkey->params[3] == NULL)
1038 _gnutls_mpi_powm (pkey->params[3], pkey->params[2], pkey->params[4],
1041 ret = _gnutls_asn1_encode_dsa (&pkey->key, pkey->params);
1048 pkey->params_size = DSA_PRIVATE_PARAMS;
1053 gnutls_x509_privkey_deinit (pkey);
1059 decode_private_key_info (const gnutls_datum_t * der,
1060 gnutls_x509_privkey_t pkey)
1064 ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
1068 asn1_create_element (_gnutls_get_pkix (),
1069 "PKIX1.pkcs-8-PrivateKeyInfo",
1070 &pkcs8_asn)) != ASN1_SUCCESS)
1073 result = _gnutls_asn2err (result);
1077 result = asn1_der_decoding (&pkcs8_asn, der->data, der->size, NULL);
1078 if (result != ASN1_SUCCESS)
1081 result = _gnutls_asn2err (result);
1085 /* Check the private key algorithm OID
1089 asn1_read_value (pkcs8_asn, "privateKeyAlgorithm.algorithm", oid, &len);
1090 if (result != ASN1_SUCCESS)
1093 result = _gnutls_asn2err (result);
1097 /* we only support RSA and DSA private keys.
1099 if (strcmp (oid, PK_PKIX1_RSA_OID) == 0)
1100 pkey->pk_algorithm = GNUTLS_PK_RSA;
1101 else if (strcmp (oid, PK_DSA_OID) == 0)
1102 pkey->pk_algorithm = GNUTLS_PK_DSA;
1107 ("PKCS #8 private key OID '%s' is unsupported.\n", oid);
1108 result = GNUTLS_E_UNKNOWN_PK_ALGORITHM;
1112 /* Get the DER encoding of the actual private key.
1115 if (pkey->pk_algorithm == GNUTLS_PK_RSA)
1116 result = _decode_pkcs8_rsa_key (pkcs8_asn, pkey);
1117 else if (pkey->pk_algorithm == GNUTLS_PK_DSA)
1118 result = _decode_pkcs8_dsa_key (pkcs8_asn, pkey);
1129 asn1_delete_structure (&pkcs8_asn);
1136 * gnutls_x509_privkey_import_pkcs8:
1137 * @key: The structure to store the parsed key
1138 * @data: The DER or PEM encoded key.
1139 * @format: One of DER or PEM
1140 * @password: the password to decrypt the key (if it is encrypted).
1141 * @flags: 0 if encrypted or GNUTLS_PKCS_PLAIN if not encrypted.
1143 * This function will convert the given DER or PEM encoded PKCS8 2.0
1144 * encrypted key to the native gnutls_x509_privkey_t format. The
1145 * output will be stored in @key. Both RSA and DSA keys can be
1146 * imported, and flags can only be used to indicate an unencrypted
1149 * The @password can be either ASCII or UTF-8 in the default PBES2
1150 * encryption schemas, or ASCII for the PKCS12 schemas.
1152 * If the Certificate is PEM encoded it should have a header of
1153 * "ENCRYPTED PRIVATE KEY", or "PRIVATE KEY". You only need to
1154 * specify the flags if the key is DER encoded, since in that case
1155 * the encryption status cannot be auto-detected.
1157 * Returns: On success, %GNUTLS_E_SUCCESS is returned, otherwise a
1158 * negative error value.
1161 gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
1162 const gnutls_datum_t * data,
1163 gnutls_x509_crt_fmt_t format,
1164 const char *password, unsigned int flags)
1166 int result = 0, need_free = 0;
1167 gnutls_datum_t _data;
1172 return GNUTLS_E_INVALID_REQUEST;
1175 _data.data = data->data;
1176 _data.size = data->size;
1178 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1180 /* If the Certificate is in PEM format then decode it
1182 if (format == GNUTLS_X509_FMT_PEM)
1186 /* Try the first header
1189 _gnutls_fbase64_decode (PEM_UNENCRYPTED_PKCS8,
1190 data->data, data->size, &out);
1193 { /* Try the encrypted header
1196 _gnutls_fbase64_decode (PEM_PKCS8, data->data, data->size, &out);
1201 result = GNUTLS_E_INTERNAL_ERROR;
1206 else if (flags == 0)
1207 flags |= GNUTLS_PKCS_PLAIN;
1210 _data.size = result;
1215 if (flags & GNUTLS_PKCS_PLAIN)
1217 result = decode_private_key_info (&_data, key);
1221 result = decode_pkcs8_key (&_data, password, key);
1231 _gnutls_free_datum (&_data);
1233 /* The key has now been decoded.
1239 key->pk_algorithm = GNUTLS_PK_UNKNOWN;
1241 _gnutls_free_datum (&_data);
1245 /* Reads the PBKDF2 parameters.
1248 read_pbkdf2_params (ASN1_TYPE pbes2_asn,
1249 const gnutls_datum_t * der, struct pbkdf2_params *params)
1251 int params_start, params_end;
1252 int params_len, len, result;
1253 ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
1256 memset (params, 0, sizeof (*params));
1258 /* Check the key derivation algorithm
1262 asn1_read_value (pbes2_asn, "keyDerivationFunc.algorithm", oid, &len);
1263 if (result != ASN1_SUCCESS)
1266 return _gnutls_asn2err (result);
1268 _gnutls_hard_log ("keyDerivationFunc.algorithm: %s\n", oid);
1270 if (strcmp (oid, PBKDF2_OID) != 0)
1274 ("PKCS #8 key derivation OID '%s' is unsupported.\n", oid);
1275 return _gnutls_asn2err (result);
1279 asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
1280 "keyDerivationFunc.parameters",
1281 ¶ms_start, ¶ms_end);
1282 if (result != ASN1_SUCCESS)
1285 return _gnutls_asn2err (result);
1287 params_len = params_end - params_start + 1;
1289 /* Now check the key derivation and the encryption
1293 asn1_create_element (_gnutls_get_pkix (),
1294 "PKIX1.pkcs-5-PBKDF2-params",
1295 &pbkdf2_asn)) != ASN1_SUCCESS)
1298 return _gnutls_asn2err (result);
1302 asn1_der_decoding (&pbkdf2_asn, &der->data[params_start],
1304 if (result != ASN1_SUCCESS)
1307 result = _gnutls_asn2err (result);
1312 params->salt_size = sizeof (params->salt);
1314 asn1_read_value (pbkdf2_asn, "salt.specified", params->salt,
1315 ¶ms->salt_size);
1316 if (result != ASN1_SUCCESS)
1319 result = _gnutls_asn2err (result);
1322 _gnutls_hard_log ("salt.specified.size: %d\n", params->salt_size);
1324 /* read the iteration count
1327 _gnutls_x509_read_uint (pbkdf2_asn, "iterationCount",
1328 ¶ms->iter_count);
1329 if (result != ASN1_SUCCESS)
1334 _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
1336 /* read the keylength, if it is set.
1339 _gnutls_x509_read_uint (pbkdf2_asn, "keyLength", ¶ms->key_size);
1342 params->key_size = 0;
1344 _gnutls_hard_log ("keyLength: %d\n", params->key_size);
1346 /* We don't read the PRF. We only use the default.
1352 asn1_delete_structure (&pbkdf2_asn);
1357 /* Reads the PBE parameters from PKCS-12 schemas (*&#%*&#% RSA).
1360 read_pkcs12_kdf_params (ASN1_TYPE pbes2_asn, struct pbkdf2_params *params)
1364 memset (params, 0, sizeof (*params));
1367 params->salt_size = sizeof (params->salt);
1369 asn1_read_value (pbes2_asn, "salt", params->salt, ¶ms->salt_size);
1370 if (result != ASN1_SUCCESS)
1373 result = _gnutls_asn2err (result);
1376 _gnutls_hard_log ("salt.size: %d\n", params->salt_size);
1378 /* read the iteration count
1381 _gnutls_x509_read_uint (pbes2_asn, "iterations", ¶ms->iter_count);
1382 if (result != ASN1_SUCCESS)
1387 _gnutls_hard_log ("iterationCount: %d\n", params->iter_count);
1389 params->key_size = 0;
1398 /* Writes the PBE parameters for PKCS-12 schemas.
1401 write_pkcs12_kdf_params (ASN1_TYPE pbes2_asn,
1402 const struct pbkdf2_params *kdf_params)
1409 asn1_write_value (pbes2_asn, "salt",
1410 kdf_params->salt, kdf_params->salt_size);
1411 if (result != ASN1_SUCCESS)
1414 result = _gnutls_asn2err (result);
1417 _gnutls_hard_log ("salt.size: %d\n", kdf_params->salt_size);
1419 /* write the iteration count
1422 _gnutls_x509_write_uint32 (pbes2_asn, "iterations",
1423 kdf_params->iter_count);
1429 _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
1439 /* Converts an OID to a gnutls cipher type.
1442 oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
1447 if (strcmp (oid, DES_EDE3_CBC_OID) == 0)
1449 *algo = GNUTLS_CIPHER_3DES_CBC;
1452 else if (strcmp (oid, DES_CBC_OID) == 0)
1454 *algo = GNUTLS_CIPHER_DES_CBC;
1457 else if (strcmp (oid, AES_128_CBC_OID) == 0)
1459 *algo = GNUTLS_CIPHER_AES_128_CBC;
1462 else if (strcmp (oid, AES_192_CBC_OID) == 0)
1464 *algo = GNUTLS_CIPHER_AES_192_CBC;
1467 else if (strcmp (oid, AES_256_CBC_OID) == 0)
1469 *algo = GNUTLS_CIPHER_AES_256_CBC;
1473 _gnutls_x509_log ("PKCS #8 encryption OID '%s' is unsupported.\n", oid);
1474 return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
1480 read_pbe_enc_params (ASN1_TYPE pbes2_asn,
1481 const gnutls_datum_t * der,
1482 struct pbe_enc_params *params)
1484 int params_start, params_end;
1485 int params_len, len, result;
1486 ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
1488 const char *eparams;
1490 memset (params, 0, sizeof (*params));
1492 /* Check the encryption algorithm
1496 asn1_read_value (pbes2_asn, "encryptionScheme.algorithm", oid, &len);
1497 if (result != ASN1_SUCCESS)
1502 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
1504 if ((result = oid2cipher (oid, ¶ms->cipher)) < 0)
1511 asn1_der_decoding_startEnd (pbes2_asn, der->data, der->size,
1512 "encryptionScheme.parameters",
1513 ¶ms_start, ¶ms_end);
1514 if (result != ASN1_SUCCESS)
1517 return _gnutls_asn2err (result);
1519 params_len = params_end - params_start + 1;
1521 /* Now check the encryption parameters.
1523 eparams = cipher_to_pkcs_params (params->cipher, NULL);
1524 if (eparams == NULL)
1527 return GNUTLS_E_INVALID_REQUEST;
1531 asn1_create_element (_gnutls_get_pkix (),
1532 eparams, &pbe_asn)) != ASN1_SUCCESS)
1535 return _gnutls_asn2err (result);
1539 asn1_der_decoding (&pbe_asn, &der->data[params_start], params_len, NULL);
1540 if (result != ASN1_SUCCESS)
1543 result = _gnutls_asn2err (result);
1548 params->iv_size = sizeof (params->iv);
1549 result = asn1_read_value (pbe_asn, "", params->iv, ¶ms->iv_size);
1550 if (result != ASN1_SUCCESS)
1553 result = _gnutls_asn2err (result);
1556 _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
1561 asn1_delete_structure (&pbe_asn);
1567 decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
1568 const char *root, const char *password,
1569 const struct pbkdf2_params *kdf_params,
1570 const struct pbe_enc_params *enc_params,
1571 gnutls_datum_t * decrypted_data)
1575 opaque *data = NULL, *key = NULL;
1576 gnutls_datum_t dkey, d_iv;
1582 result = asn1_read_value (pkcs8_asn, root, NULL, &data_size);
1583 if (result != ASN1_MEM_ERROR)
1586 return _gnutls_asn2err (result);
1589 data = gnutls_malloc (data_size);
1593 return GNUTLS_E_MEMORY_ERROR;
1596 result = asn1_read_value (pkcs8_asn, root, data, &data_size);
1597 if (result != ASN1_SUCCESS)
1600 result = _gnutls_asn2err (result);
1604 if (kdf_params->key_size == 0)
1606 key_size = gnutls_cipher_get_key_size (enc_params->cipher);
1609 key_size = kdf_params->key_size;
1611 key = gnutls_malloc (key_size);
1615 result = GNUTLS_E_MEMORY_ERROR;
1628 result = _gnutls_pbkdf2_sha1 (password, strlen (password),
1629 kdf_params->salt, kdf_params->salt_size,
1630 kdf_params->iter_count, key, key_size);
1640 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
1641 kdf_params->salt_size,
1642 kdf_params->iter_count, password,
1652 /* do the decryption.
1655 dkey.size = key_size;
1657 d_iv.data = (opaque *) enc_params->iv;
1658 d_iv.size = enc_params->iv_size;
1659 result = _gnutls_cipher_init (&ch, enc_params->cipher, &dkey, &d_iv);
1672 result = _gnutls_cipher_decrypt (&ch, data, data_size);
1679 decrypted_data->data = data;
1681 if (gnutls_cipher_get_block_size (enc_params->cipher) != 1)
1682 decrypted_data->size = data_size - data[data_size - 1];
1684 decrypted_data->size = data_size;
1686 _gnutls_cipher_deinit (&ch);
1694 _gnutls_cipher_deinit (&ch);
1699 /* Writes the PBKDF2 parameters.
1702 write_pbkdf2_params (ASN1_TYPE pbes2_asn,
1703 const struct pbkdf2_params *kdf_params)
1706 ASN1_TYPE pbkdf2_asn = ASN1_TYPE_EMPTY;
1709 /* Write the key derivation algorithm
1712 asn1_write_value (pbes2_asn, "keyDerivationFunc.algorithm",
1714 if (result != ASN1_SUCCESS)
1717 return _gnutls_asn2err (result);
1720 /* Now write the key derivation and the encryption
1724 asn1_create_element (_gnutls_get_pkix (),
1725 "PKIX1.pkcs-5-PBKDF2-params",
1726 &pbkdf2_asn)) != ASN1_SUCCESS)
1729 return _gnutls_asn2err (result);
1732 result = asn1_write_value (pbkdf2_asn, "salt", "specified", 1);
1733 if (result != ASN1_SUCCESS)
1736 result = _gnutls_asn2err (result);
1743 asn1_write_value (pbkdf2_asn, "salt.specified",
1744 kdf_params->salt, kdf_params->salt_size);
1745 if (result != ASN1_SUCCESS)
1748 result = _gnutls_asn2err (result);
1751 _gnutls_hard_log ("salt.specified.size: %d\n", kdf_params->salt_size);
1753 /* write the iteration count
1755 _gnutls_write_uint32 (kdf_params->iter_count, tmp);
1757 result = asn1_write_value (pbkdf2_asn, "iterationCount", tmp, 4);
1758 if (result != ASN1_SUCCESS)
1761 result = _gnutls_asn2err (result);
1764 _gnutls_hard_log ("iterationCount: %d\n", kdf_params->iter_count);
1766 /* write the keylength, if it is set.
1768 result = asn1_write_value (pbkdf2_asn, "keyLength", NULL, 0);
1769 if (result != ASN1_SUCCESS)
1772 result = _gnutls_asn2err (result);
1776 /* We write an emptry prf.
1778 result = asn1_write_value (pbkdf2_asn, "prf", NULL, 0);
1779 if (result != ASN1_SUCCESS)
1782 result = _gnutls_asn2err (result);
1786 /* now encode them an put the DER output
1787 * in the keyDerivationFunc.parameters
1789 result = _gnutls_x509_der_encode_and_copy (pbkdf2_asn, "",
1791 "keyDerivationFunc.parameters",
1802 asn1_delete_structure (&pbkdf2_asn);
1809 write_pbe_enc_params (ASN1_TYPE pbes2_asn,
1810 const struct pbe_enc_params *params)
1813 ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
1814 const char *oid, *eparams;
1816 /* Write the encryption algorithm
1818 eparams = cipher_to_pkcs_params (params->cipher, &oid);
1819 if (eparams == NULL)
1822 return GNUTLS_E_INVALID_REQUEST;
1825 result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
1826 if (result != ASN1_SUCCESS)
1831 _gnutls_hard_log ("encryptionScheme.algorithm: %s\n", oid);
1833 /* Now check the encryption parameters.
1836 asn1_create_element (_gnutls_get_pkix (),
1837 eparams, &pbe_asn)) != ASN1_SUCCESS)
1840 return _gnutls_asn2err (result);
1844 result = asn1_write_value (pbe_asn, "", params->iv, params->iv_size);
1845 if (result != ASN1_SUCCESS)
1848 result = _gnutls_asn2err (result);
1851 _gnutls_hard_log ("IV.size: %d\n", params->iv_size);
1853 /* now encode them an put the DER output
1854 * in the encryptionScheme.parameters
1856 result = _gnutls_x509_der_encode_and_copy (pbe_asn, "",
1858 "encryptionScheme.parameters",
1869 asn1_delete_structure (&pbe_asn);
1874 /* Generates a key and also stores the key parameters.
1877 generate_key (schema_id schema,
1878 const char *password,
1879 struct pbkdf2_params *kdf_params,
1880 struct pbe_enc_params *enc_params, gnutls_datum_t * key)
1885 ret = _gnutls_rnd (GNUTLS_RND_RANDOM, rnd, 2);
1893 kdf_params->salt_size =
1894 MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
1899 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
1902 enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
1905 enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
1908 enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
1910 /* non PBES2 algorithms */
1911 case PKCS12_ARCFOUR_SHA1:
1912 enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
1913 kdf_params->salt_size = 8;
1915 case PKCS12_3DES_SHA1:
1916 enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
1917 kdf_params->salt_size = 8;
1919 case PKCS12_RC2_40_SHA1:
1920 enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
1921 kdf_params->salt_size = 8;
1925 return GNUTLS_E_INVALID_REQUEST;
1928 ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
1929 kdf_params->salt_size);
1933 return GNUTLS_E_RANDOM_FAILED;
1936 kdf_params->iter_count = 256 + rnd[0];
1937 key->size = kdf_params->key_size =
1938 gnutls_cipher_get_key_size (enc_params->cipher);
1940 enc_params->iv_size = _gnutls_cipher_get_iv_size (enc_params->cipher);
1941 key->data = gnutls_secure_malloc (key->size);
1942 if (key->data == NULL)
1945 return GNUTLS_E_MEMORY_ERROR;
1948 /* now generate the key.
1958 ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
1959 kdf_params->salt, kdf_params->salt_size,
1960 kdf_params->iter_count,
1961 key->data, kdf_params->key_size);
1968 if (enc_params->iv_size)
1970 ret = _gnutls_rnd (GNUTLS_RND_NONCE,
1971 enc_params->iv, enc_params->iv_size);
1982 _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
1983 kdf_params->salt_size,
1984 kdf_params->iter_count, password,
1985 kdf_params->key_size, key->data);
1992 /* Now generate the IV
1994 if (enc_params->iv_size)
1997 _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
1998 kdf_params->salt_size,
1999 kdf_params->iter_count, password,
2000 enc_params->iv_size,
2015 /* Encodes the parameters to be written in the encryptionAlgorithm.parameters
2019 write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
2021 const struct pbkdf2_params *kdf_params,
2022 const struct pbe_enc_params *enc_params)
2025 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
2034 asn1_create_element (_gnutls_get_pkix (),
2035 "PKIX1.pkcs-5-PBES2-params",
2036 &pbes2_asn)) != ASN1_SUCCESS)
2039 return _gnutls_asn2err (result);
2042 result = write_pbkdf2_params (pbes2_asn, kdf_params);
2049 result = write_pbe_enc_params (pbes2_asn, enc_params);
2056 result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
2057 pkcs8_asn, where, 0);
2064 asn1_delete_structure (&pbes2_asn);
2070 asn1_create_element (_gnutls_get_pkix (),
2071 "PKIX1.pkcs-12-PbeParams",
2072 &pbes2_asn)) != ASN1_SUCCESS)
2075 result = _gnutls_asn2err (result);
2079 result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
2086 result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
2087 pkcs8_asn, where, 0);
2094 asn1_delete_structure (&pbes2_asn);
2101 asn1_delete_structure (&pbes2_asn);
2107 encrypt_data (const gnutls_datum_t * plain,
2108 const struct pbe_enc_params *enc_params,
2109 gnutls_datum_t * key, gnutls_datum_t * encrypted)
2113 opaque *data = NULL;
2114 gnutls_datum_t d_iv;
2117 opaque pad, pad_size;
2119 pad_size = gnutls_cipher_get_block_size (enc_params->cipher);
2121 if (pad_size == 1) /* stream */
2124 data = gnutls_malloc (plain->size + pad_size);
2128 return GNUTLS_E_MEMORY_ERROR;
2131 memcpy (data, plain->data, plain->size);
2135 pad = pad_size - (plain->size % pad_size);
2138 memset (&data[plain->size], pad, pad);
2143 data_size = plain->size + pad;
2145 d_iv.data = (opaque *) enc_params->iv;
2146 d_iv.size = enc_params->iv_size;
2147 result = _gnutls_cipher_init (&ch, enc_params->cipher, key, &d_iv);
2157 result = _gnutls_cipher_encrypt (&ch, data, data_size);
2164 encrypted->data = data;
2165 encrypted->size = data_size;
2167 _gnutls_cipher_deinit (&ch);
2174 _gnutls_cipher_deinit (&ch);
2178 /* Decrypts a PKCS #7 encryptedData. The output is allocated
2179 * and stored in dec.
2182 _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
2183 const char *password, gnutls_datum_t * dec)
2188 ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY, pkcs7_asn = ASN1_TYPE_EMPTY;
2189 int params_start, params_end, params_len;
2190 struct pbkdf2_params kdf_params;
2191 struct pbe_enc_params enc_params;
2195 asn1_create_element (_gnutls_get_pkix (),
2196 "PKIX1.pkcs-7-EncryptedData",
2197 &pkcs7_asn)) != ASN1_SUCCESS)
2200 result = _gnutls_asn2err (result);
2204 result = asn1_der_decoding (&pkcs7_asn, data->data, data->size, NULL);
2205 if (result != ASN1_SUCCESS)
2208 result = _gnutls_asn2err (result);
2212 /* Check the encryption schema OID
2214 len = sizeof (enc_oid);
2216 asn1_read_value (pkcs7_asn,
2217 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2219 if (result != ASN1_SUCCESS)
2222 result = _gnutls_asn2err (result);
2226 if ((result = check_schema (enc_oid)) < 0)
2233 /* Get the DER encoding of the parameters.
2236 asn1_der_decoding_startEnd (pkcs7_asn, data->data, data->size,
2237 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2238 ¶ms_start, ¶ms_end);
2239 if (result != ASN1_SUCCESS)
2242 result = _gnutls_asn2err (result);
2245 params_len = params_end - params_start + 1;
2248 read_pkcs_schema_params (&schema, password,
2249 &data->data[params_start],
2250 params_len, &kdf_params, &enc_params);
2251 if (result < ASN1_SUCCESS)
2254 result = _gnutls_asn2err (result);
2258 /* Parameters have been decoded. Now
2259 * decrypt the EncryptedData.
2263 decrypt_data (schema, pkcs7_asn,
2264 "encryptedContentInfo.encryptedContent", password,
2265 &kdf_params, &enc_params, &tmp);
2272 asn1_delete_structure (&pkcs7_asn);
2279 asn1_delete_structure (&pbes2_asn);
2280 asn1_delete_structure (&pkcs7_asn);
2284 /* Encrypts to a PKCS #7 encryptedData. The output is allocated
2285 * and stored in enc.
2288 _gnutls_pkcs7_encrypt_data (schema_id schema,
2289 const gnutls_datum_t * data,
2290 const char *password, gnutls_datum_t * enc)
2293 gnutls_datum_t key = { NULL, 0 };
2294 gnutls_datum_t tmp = { NULL, 0 };
2295 ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
2296 struct pbkdf2_params kdf_params;
2297 struct pbe_enc_params enc_params;
2298 const char *str_oid;
2301 asn1_create_element (_gnutls_get_pkix (),
2302 "PKIX1.pkcs-7-EncryptedData",
2303 &pkcs7_asn)) != ASN1_SUCCESS)
2306 result = _gnutls_asn2err (result);
2310 /* Write the encryption schema OID
2312 result = schema_to_oid (schema, &str_oid);
2320 asn1_write_value (pkcs7_asn,
2321 "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
2324 if (result != ASN1_SUCCESS)
2327 result = _gnutls_asn2err (result);
2331 /* Generate a symmetric key.
2334 result = generate_key (schema, password, &kdf_params, &enc_params, &key);
2341 result = write_schema_params (schema, pkcs7_asn,
2342 "encryptedContentInfo.contentEncryptionAlgorithm.parameters",
2343 &kdf_params, &enc_params);
2350 /* Parameters have been encoded. Now
2353 result = encrypt_data (data, &enc_params, &key, &tmp);
2360 /* write the encrypted data.
2363 asn1_write_value (pkcs7_asn,
2364 "encryptedContentInfo.encryptedContent", tmp.data,
2366 if (result != ASN1_SUCCESS)
2369 result = _gnutls_asn2err (result);
2373 _gnutls_free_datum (&tmp);
2374 _gnutls_free_datum (&key);
2376 /* Now write the rest of the pkcs-7 stuff.
2379 result = _gnutls_x509_write_uint32 (pkcs7_asn, "version", 0);
2387 asn1_write_value (pkcs7_asn, "encryptedContentInfo.contentType",
2389 if (result != ASN1_SUCCESS)
2392 result = _gnutls_asn2err (result);
2396 result = asn1_write_value (pkcs7_asn, "unprotectedAttrs", NULL, 0);
2397 if (result != ASN1_SUCCESS)
2400 result = _gnutls_asn2err (result);
2404 /* Now encode and copy the DER stuff.
2406 result = _gnutls_x509_der_encode (pkcs7_asn, "", enc, 0);
2408 asn1_delete_structure (&pkcs7_asn);
2418 _gnutls_free_datum (&key);
2419 _gnutls_free_datum (&tmp);
2420 asn1_delete_structure (&pkcs7_asn);