summaryrefslogtreecommitdiff
path: root/lib/x509/privkey_pkcs8.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/x509/privkey_pkcs8.c')
-rw-r--r--lib/x509/privkey_pkcs8.c525
1 files changed, 263 insertions, 262 deletions
diff --git a/lib/x509/privkey_pkcs8.c b/lib/x509/privkey_pkcs8.c
index fa14858b7d..24dce8b683 100644
--- a/lib/x509/privkey_pkcs8.c
+++ b/lib/x509/privkey_pkcs8.c
@@ -108,7 +108,7 @@ check_schema (const char *oid)
{
if (strcmp (oid, PBES2_OID) == 0)
- return PBES2_GENERIC; /* ok */
+ return PBES2_GENERIC; /* ok */
if (strcmp (oid, PKCS12_PBE_3DES_SHA1_OID) == 0)
return PKCS12_3DES_SHA1;
@@ -362,86 +362,96 @@ error:
}
-static const char* cipher_to_pkcs_params(int cipher, const char** oid)
+static const char *
+cipher_to_pkcs_params (int cipher, const char **oid)
{
- switch(cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- if (oid) *oid = AES_128_CBC_OID;
- return "PKIX1.pkcs-5-aes128-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- if (oid) *oid = AES_192_CBC_OID;
- return "PKIX1.pkcs-5-aes192-CBC-params";
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- if (oid) *oid = AES_256_CBC_OID;
- return "PKIX1.pkcs-5-aes256-CBC-params";
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- if (oid) *oid = DES_EDE3_CBC_OID;
- return "PKIX1.pkcs-5-des-EDE3-CBC-params";
- break;
- default:
- return NULL;
- break;
+ switch (cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ if (oid)
+ *oid = AES_128_CBC_OID;
+ return "PKIX1.pkcs-5-aes128-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ if (oid)
+ *oid = AES_192_CBC_OID;
+ return "PKIX1.pkcs-5-aes192-CBC-params";
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ if (oid)
+ *oid = AES_256_CBC_OID;
+ return "PKIX1.pkcs-5-aes256-CBC-params";
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ if (oid)
+ *oid = DES_EDE3_CBC_OID;
+ return "PKIX1.pkcs-5-des-EDE3-CBC-params";
+ break;
+ default:
+ return NULL;
+ break;
}
}
-static int cipher_to_schema(int cipher)
+static int
+cipher_to_schema (int cipher)
{
- switch(cipher)
- {
- case GNUTLS_CIPHER_AES_128_CBC:
- return PBES2_AES_128;
- break;
- case GNUTLS_CIPHER_AES_192_CBC:
- return PBES2_AES_192;
- break;
- case GNUTLS_CIPHER_AES_256_CBC:
- return PBES2_AES_256;
- break;
- case GNUTLS_CIPHER_3DES_CBC:
- return PBES2_3DES;
- break;
- default:
- return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
- break;
+ switch (cipher)
+ {
+ case GNUTLS_CIPHER_AES_128_CBC:
+ return PBES2_AES_128;
+ break;
+ case GNUTLS_CIPHER_AES_192_CBC:
+ return PBES2_AES_192;
+ break;
+ case GNUTLS_CIPHER_AES_256_CBC:
+ return PBES2_AES_256;
+ break;
+ case GNUTLS_CIPHER_3DES_CBC:
+ return PBES2_3DES;
+ break;
+ default:
+ return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
+ break;
}
}
-int _gnutls_pkcs_flags_to_schema(unsigned int flags)
+int
+_gnutls_pkcs_flags_to_schema (unsigned int flags)
{
-int schema;
-
- if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
- schema = PKCS12_ARCFOUR_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
- schema = PKCS12_RC2_40_SHA1;
- else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
- schema = PBES2_3DES;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
- schema = PBES2_AES_128;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
- schema = PBES2_AES_192;
- else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
- schema = PBES2_AES_256;
- else {
- gnutls_assert();
+ int schema;
+
+ if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR)
+ schema = PKCS12_ARCFOUR_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40)
+ schema = PKCS12_RC2_40_SHA1;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_3DES)
+ schema = PBES2_3DES;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_128)
+ schema = PBES2_AES_128;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_192)
+ schema = PBES2_AES_192;
+ else if (flags & GNUTLS_PKCS_USE_PBES2_AES_256)
+ schema = PBES2_AES_256;
+ else
+ {
+ gnutls_assert ();
_gnutls_x509_log
- ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n", flags);
+ ("Selecting default encryption PKCS12_3DES_SHA1 (flags: %u).\n",
+ flags);
schema = PKCS12_3DES_SHA1;
}
- return schema;
+ return schema;
}
/* returns the OID corresponding to given schema
*/
-static int schema_to_oid(schema_id schema, const char** str_oid)
+static int
+schema_to_oid (schema_id schema, const char **str_oid)
{
-int result = 0;
+ int result = 0;
switch (schema)
{
@@ -461,11 +471,11 @@ int result = 0;
*str_oid = PKCS12_PBE_RC2_40_SHA1_OID;
break;
default:
- gnutls_assert();
+ gnutls_assert ();
result = GNUTLS_E_INTERNAL_ERROR;
}
-
- return result;
+
+ return result;
}
/* Converts a PKCS #8 private key info to
@@ -481,7 +491,7 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY;
struct pbkdf2_params kdf_params;
struct pbe_enc_params enc_params;
- const char* str_oid;
+ const char *str_oid;
if ((result =
@@ -496,16 +506,15 @@ encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key,
/* Write the encryption schema OID
*/
- result = schema_to_oid(schema, &str_oid);
+ result = schema_to_oid (schema, &str_oid);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return result;
}
result =
- asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm",
- str_oid, 1);
+ asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", str_oid, 1);
if (result != ASN1_SUCCESS)
{
@@ -628,7 +637,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
return ret;
}
- schema = _gnutls_pkcs_flags_to_schema(flags);
+ schema = _gnutls_pkcs_flags_to_schema (flags);
if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL)
{
@@ -669,7 +678,7 @@ gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
* schema ID.
*/
static int
-read_pkcs_schema_params (schema_id *schema, const char *password,
+read_pkcs_schema_params (schema_id * schema, const char *password,
const opaque * data, int data_size,
struct pbkdf2_params *kdf_params,
struct pbe_enc_params *enc_params)
@@ -726,14 +735,14 @@ read_pkcs_schema_params (schema_id *schema, const char *password,
}
asn1_delete_structure (&pbes2_asn);
-
- result = cipher_to_schema(enc_params->cipher);
+
+ result = cipher_to_schema (enc_params->cipher);
if (result < 0)
- {
- gnutls_assert();
- goto error;
- }
-
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
*schema = result;
return 0;
@@ -803,9 +812,9 @@ read_pkcs_schema_params (schema_id *schema, const char *password,
asn1_delete_structure (&pbes2_asn);
return 0;
-
- default:
- gnutls_assert();
+
+ default:
+ gnutls_assert ();
} /* switch */
return GNUTLS_E_UNKNOWN_CIPHER_TYPE;
@@ -893,7 +902,7 @@ decode_pkcs8_key (const gnutls_datum_t * raw_key,
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
goto error;
}
@@ -1443,26 +1452,22 @@ oid2cipher (const char *oid, gnutls_cipher_algorithm_t * algo)
*algo = GNUTLS_CIPHER_3DES_CBC;
return 0;
}
- else
- if (strcmp (oid, DES_CBC_OID) == 0)
+ else if (strcmp (oid, DES_CBC_OID) == 0)
{
*algo = GNUTLS_CIPHER_DES_CBC;
return 0;
}
- else
- if (strcmp (oid, AES_128_CBC_OID) == 0)
+ else if (strcmp (oid, AES_128_CBC_OID) == 0)
{
*algo = GNUTLS_CIPHER_AES_128_CBC;
return 0;
}
- else
- if (strcmp (oid, AES_192_CBC_OID) == 0)
+ else if (strcmp (oid, AES_192_CBC_OID) == 0)
{
*algo = GNUTLS_CIPHER_AES_192_CBC;
return 0;
}
- else
- if (strcmp (oid, AES_256_CBC_OID) == 0)
+ else if (strcmp (oid, AES_256_CBC_OID) == 0)
{
*algo = GNUTLS_CIPHER_AES_256_CBC;
return 0;
@@ -1483,7 +1488,7 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn,
int params_len, len, result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
char oid[64];
- const char* eparams;
+ const char *eparams;
memset (params, 0, sizeof (params));
@@ -1518,17 +1523,16 @@ read_pbe_enc_params (ASN1_TYPE pbes2_asn,
/* Now check the encryption parameters.
*/
- eparams = cipher_to_pkcs_params( params->cipher, NULL);
+ eparams = cipher_to_pkcs_params (params->cipher, NULL);
if (eparams == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- eparams,
- &pbe_asn)) != ASN1_SUCCESS)
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
@@ -1617,35 +1621,35 @@ decrypt_data (schema_id schema, ASN1_TYPE pkcs8_asn,
/* generate the key
*/
- switch(schema)
+ switch (schema)
{
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
- result = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ result = _gnutls_pbkdf2_sha1 (password, strlen (password),
kdf_params->salt, kdf_params->salt_size,
kdf_params->iter_count, key, key_size);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
- break;
- default:
- result =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
- kdf_params->salt_size,
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+ break;
+ default:
+ result =
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ kdf_params->salt_size,
kdf_params->iter_count, password,
key_size, key);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
}
/* do the decryption.
@@ -1810,20 +1814,18 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn,
{
int result;
ASN1_TYPE pbe_asn = ASN1_TYPE_EMPTY;
- const char* oid, *eparams;
+ const char *oid, *eparams;
/* Write the encryption algorithm
*/
- eparams = cipher_to_pkcs_params(params->cipher, &oid);
+ eparams = cipher_to_pkcs_params (params->cipher, &oid);
if (eparams == NULL)
{
- gnutls_assert();
+ gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
- result =
- asn1_write_value (pbes2_asn, "encryptionScheme.algorithm",
- oid, 1);
+ result = asn1_write_value (pbes2_asn, "encryptionScheme.algorithm", oid, 1);
if (result != ASN1_SUCCESS)
{
gnutls_assert ();
@@ -1835,8 +1837,7 @@ write_pbe_enc_params (ASN1_TYPE pbes2_asn,
*/
if ((result =
asn1_create_element (_gnutls_get_pkix (),
- eparams,
- &pbe_asn)) != ASN1_SUCCESS)
+ eparams, &pbe_asn)) != ASN1_SUCCESS)
{
gnutls_assert ();
return _gnutls_asn2err (result);
@@ -1895,36 +1896,36 @@ generate_key (schema_id schema,
kdf_params->salt_size =
MIN (sizeof (kdf_params->salt), (unsigned) (10 + (rnd[1] % 10)));
- switch(schema)
- {
- case PBES2_3DES:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- break;
- case PBES2_AES_128:
- enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
- break;
- case PBES2_AES_192:
- enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
- break;
- case PBES2_AES_256:
- enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
- break;
+ switch (schema)
+ {
+ case PBES2_3DES:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ break;
+ case PBES2_AES_128:
+ enc_params->cipher = GNUTLS_CIPHER_AES_128_CBC;
+ break;
+ case PBES2_AES_192:
+ enc_params->cipher = GNUTLS_CIPHER_AES_192_CBC;
+ break;
+ case PBES2_AES_256:
+ enc_params->cipher = GNUTLS_CIPHER_AES_256_CBC;
+ break;
/* non PBES2 algorithms */
- case PKCS12_ARCFOUR_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_3DES_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
- kdf_params->salt_size = 8;
- break;
- case PKCS12_RC2_40_SHA1:
- enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
- kdf_params->salt_size = 8;
- break;
- default:
- gnutls_assert();
- return GNUTLS_E_INVALID_REQUEST;
+ case PKCS12_ARCFOUR_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_ARCFOUR_128;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_3DES_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_3DES_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ case PKCS12_RC2_40_SHA1:
+ enc_params->cipher = GNUTLS_CIPHER_RC2_40_CBC;
+ kdf_params->salt_size = 8;
+ break;
+ default:
+ gnutls_assert ();
+ return GNUTLS_E_INVALID_REQUEST;
}
ret = _gnutls_rnd (GNUTLS_RND_RANDOM, kdf_params->salt,
@@ -1950,63 +1951,63 @@ generate_key (schema_id schema,
/* now generate the key.
*/
- switch(schema)
+ switch (schema)
{
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
- ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
+ ret = _gnutls_pbkdf2_sha1 (password, strlen (password),
kdf_params->salt, kdf_params->salt_size,
kdf_params->iter_count,
key->data, kdf_params->key_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- if (enc_params->iv_size)
- {
- ret = _gnutls_rnd (GNUTLS_RND_NONCE,
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ if (enc_params->iv_size)
+ {
+ ret = _gnutls_rnd (GNUTLS_RND_NONCE,
enc_params->iv, enc_params->iv_size);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
- break;
-
- default:
- ret =
- _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
+ break;
+
+ default:
+ ret =
+ _gnutls_pkcs12_string_to_key (1 /*KEY*/, kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count, password,
kdf_params->key_size, key->data);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
-
- /* Now generate the IV
- */
- if (enc_params->iv_size)
- {
- ret =
- _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+
+ /* Now generate the IV
+ */
+ if (enc_params->iv_size)
+ {
+ ret =
+ _gnutls_pkcs12_string_to_key (2 /*IV*/, kdf_params->salt,
kdf_params->salt_size,
kdf_params->iter_count, password,
enc_params->iv_size,
enc_params->iv);
- if (ret < 0)
- {
- gnutls_assert ();
- return ret;
- }
- }
+ if (ret < 0)
+ {
+ gnutls_assert ();
+ return ret;
+ }
+ }
}
@@ -2026,74 +2027,74 @@ write_schema_params (schema_id schema, ASN1_TYPE pkcs8_asn,
int result;
ASN1_TYPE pbes2_asn = ASN1_TYPE_EMPTY;
- switch(schema)
+ switch (schema)
{
- case PBES2_3DES:
- case PBES2_AES_128:
- case PBES2_AES_192:
- case PBES2_AES_256:
- if ((result =
+ case PBES2_3DES:
+ case PBES2_AES_128:
+ case PBES2_AES_192:
+ case PBES2_AES_256:
+ if ((result =
asn1_create_element (_gnutls_get_pkix (),
"PKIX1.pkcs-5-PBES2-params",
&pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- return _gnutls_asn2err (result);
- }
-
- result = write_pbkdf2_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = write_pbe_enc_params (pbes2_asn, enc_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
+ {
+ gnutls_assert ();
+ return _gnutls_asn2err (result);
+ }
+
+ result = write_pbkdf2_params (pbes2_asn, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = write_pbe_enc_params (pbes2_asn, enc_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- asn1_delete_structure (&pbes2_asn);
- break;
-
- default:
-
- if ((result =
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ asn1_delete_structure (&pbes2_asn);
+ break;
+
+ default:
+
+ if ((result =
asn1_create_element (_gnutls_get_pkix (),
"PKIX1.pkcs-12-PbeParams",
&pbes2_asn)) != ASN1_SUCCESS)
- {
- gnutls_assert ();
- result = _gnutls_asn2err (result);
- goto error;
- }
-
- result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
-
- result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
+ {
+ gnutls_assert ();
+ result = _gnutls_asn2err (result);
+ goto error;
+ }
+
+ result = write_pkcs12_kdf_params (pbes2_asn, kdf_params);
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
+
+ result = _gnutls_x509_der_encode_and_copy (pbes2_asn, "",
pkcs8_asn, where, 0);
- if (result < 0)
- {
- gnutls_assert ();
- goto error;
- }
+ if (result < 0)
+ {
+ gnutls_assert ();
+ goto error;
+ }
- asn1_delete_structure (&pbes2_asn);
+ asn1_delete_structure (&pbes2_asn);
}
@@ -2297,7 +2298,7 @@ _gnutls_pkcs7_encrypt_data (schema_id schema,
ASN1_TYPE pkcs7_asn = ASN1_TYPE_EMPTY;
struct pbkdf2_params kdf_params;
struct pbe_enc_params enc_params;
- const char* str_oid;
+ const char *str_oid;
if ((result =
asn1_create_element (_gnutls_get_pkix (),
@@ -2311,17 +2312,17 @@ _gnutls_pkcs7_encrypt_data (schema_id schema,
/* Write the encryption schema OID
*/
- result = schema_to_oid(schema, &str_oid);
+ result = schema_to_oid (schema, &str_oid);
if (result < 0)
{
- gnutls_assert();
+ gnutls_assert ();
return result;
}
result =
- asn1_write_value (pkcs7_asn,
- "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
- str_oid, 1);
+ asn1_write_value (pkcs7_asn,
+ "encryptedContentInfo.contentEncryptionAlgorithm.algorithm",
+ str_oid, 1);
if (result != ASN1_SUCCESS)
{
View Lorry Controller Status