static gboolean rsa_subject_public_key_from_attributes (GckAttributes *attrs, GNode *info_asn) { const GckAttribute *modulus; const GckAttribute *exponent; GNode *key_asn; GNode *params_asn; GBytes *key; GBytes *usg; modulus = gck_attributes_find (attrs, CKA_MODULUS); exponent = gck_attributes_find (attrs, CKA_PUBLIC_EXPONENT); if (modulus == NULL || gck_attribute_is_invalid (modulus) || exponent == NULL || gck_attribute_is_invalid (exponent)) return FALSE; key_asn = egg_asn1x_create (pk_asn1_tab, "RSAPublicKey"); g_return_val_if_fail (key_asn, FALSE); params_asn = egg_asn1x_create (pk_asn1_tab, "RSAParameters"); g_return_val_if_fail (params_asn, FALSE); usg = g_bytes_new_with_free_func (modulus->value, modulus->length, gck_attributes_unref, gck_attributes_ref (attrs)); egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "modulus", NULL), usg); g_bytes_unref (usg); usg = g_bytes_new_with_free_func (exponent->value, exponent->length, gck_attributes_unref, gck_attributes_ref (attrs)); egg_asn1x_set_integer_as_usg (egg_asn1x_node (key_asn, "publicExponent", NULL), usg); g_bytes_unref (usg); key = egg_asn1x_encode (key_asn, NULL); egg_asn1x_destroy (key_asn); egg_asn1x_set_null (params_asn); egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL), key, g_bytes_get_size (key) * 8); egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_RSA); egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn); egg_asn1x_destroy (params_asn); g_bytes_unref (key); return TRUE; }
static void encode_take_signature_into_request (GcrCertificateRequest *self, GQuark algorithm, GNode *subject_public_key, guchar *result, gsize n_result) { GNode *params; GNode *node; node = egg_asn1x_node (self->asn, "signature", NULL); egg_asn1x_take_bits_as_raw (node, g_bytes_new_take (result, n_result), n_result * 8); node = egg_asn1x_node (self->asn, "signatureAlgorithm", "algorithm", NULL); egg_asn1x_set_oid_as_quark (node, algorithm); node = egg_asn1x_node (self->asn, "signatureAlgorithm", "parameters", NULL); params = egg_asn1x_node (subject_public_key, "algorithm", "parameters", NULL); egg_asn1x_set_any_from (node, params); }
static gboolean dsa_subject_public_key_from_attributes (GckAttributes *attrs, gulong klass, GNode *info_asn) { const GckAttribute *value, *g, *q, *p; GNode *key_asn, *params_asn; GBytes *key; p = gck_attributes_find (attrs, CKA_PRIME); q = gck_attributes_find (attrs, CKA_SUBPRIME); g = gck_attributes_find (attrs, CKA_BASE); value = gck_attributes_find (attrs, CKA_VALUE); if (p == NULL || gck_attribute_is_invalid (p) || q == NULL || gck_attribute_is_invalid (q) || g == NULL || gck_attribute_is_invalid (g) || value == NULL || gck_attribute_is_invalid (value)) return FALSE; key_asn = egg_asn1x_create (pk_asn1_tab, "DSAPublicPart"); g_return_val_if_fail (key_asn, FALSE); params_asn = egg_asn1x_create (pk_asn1_tab, "DSAParameters"); g_return_val_if_fail (params_asn, FALSE); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "p", NULL), g_bytes_new_with_free_func (p->value, p->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "q", NULL), g_bytes_new_with_free_func (q->value, q->length, gck_attributes_unref, gck_attributes_ref (attrs))); egg_asn1x_take_integer_as_usg (egg_asn1x_node (params_asn, "g", NULL), g_bytes_new_with_free_func (g->value, g->length, gck_attributes_unref, gck_attributes_ref (attrs))); /* Are these attributes for a public or private key? */ if (klass == CKO_PRIVATE_KEY) { /* We need to calculate the public from the private key */ if (!dsa_subject_public_key_from_private (key_asn, p, q, g, value)) g_return_val_if_reached (FALSE); } else if (klass == CKO_PUBLIC_KEY) { egg_asn1x_take_integer_as_usg (key_asn, g_bytes_new_with_free_func (value->value, value->length, gck_attributes_unref, gck_attributes_ref (attrs))); } else { g_assert_not_reached (); } key = egg_asn1x_encode (key_asn, NULL); egg_asn1x_destroy (key_asn); egg_asn1x_set_bits_as_raw (egg_asn1x_node (info_asn, "subjectPublicKey", NULL), key, g_bytes_get_size (key) * 8); egg_asn1x_set_any_from (egg_asn1x_node (info_asn, "algorithm", "parameters", NULL), params_asn); egg_asn1x_set_oid_as_quark (egg_asn1x_node (info_asn, "algorithm", "algorithm", NULL), GCR_OID_PKIX1_DSA); g_bytes_unref (key); egg_asn1x_destroy (params_asn); return TRUE; }
static gcry_cipher_hd_t prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password, gsize n_password, gsize *n_block) { GNode *asn1_params = NULL; gcry_cipher_hd_t cih; guchar salt[8]; gcry_error_t gcry; guchar *key, *iv, *portion; gsize n_key, n_portion; int iterations; init_quarks (); /* Make sure the encryption algorithm works */ g_return_val_if_fail (gcry_cipher_algo_info (OID_PKCS12_PBE_3DES_SHA1, GCRYCTL_TEST_ALGO, NULL, 0), NULL); /* The encryption algorithm */ if(!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "encryptionAlgorithm", "algorithm", NULL), OID_PKCS12_PBE_3DES_SHA1)) g_return_val_if_reached (NULL); /* Randomize some input for the password based secret */ iterations = 1000 + (int) (1000.0 * rand () / (RAND_MAX + 1.0)); gcry_create_nonce (salt, sizeof (salt)); /* Allocate space for the key and iv */ n_key = gcry_cipher_get_algo_keylen (GCRY_CIPHER_3DES); *n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1); g_return_val_if_fail (n_key && *n_block, NULL); if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1, password, n_password, salt, sizeof (salt), iterations, &key, &iv)) g_return_val_if_reached (NULL); /* Now write out the parameters */ asn1_params = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PbeParams"); g_return_val_if_fail (asn1_params, NULL); if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn1_params, "salt", NULL), salt, sizeof (salt), NULL)) g_return_val_if_reached (NULL); if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn1_params, "iterations", NULL), iterations)) g_return_val_if_reached (NULL); portion = egg_asn1x_encode (asn1_params, NULL, &n_portion); if (portion == NULL) { g_warning ("couldn't encode pkcs8 params key: %s", egg_asn1x_message (asn1_params)); g_return_val_if_reached (NULL); } if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "encryptionAlgorithm", "parameters", NULL), portion, n_portion, g_free)) g_return_val_if_reached (NULL); /* Now make a cipher that matches what we wrote out */ gcry = gcry_cipher_open (&cih, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); g_return_val_if_fail (gcry == 0, NULL); g_return_val_if_fail (cih, NULL); gcry_cipher_setiv (cih, iv, *n_block); gcry_cipher_setkey (cih, key, n_key); g_free (iv); egg_secure_free (key); egg_asn1x_destroy (asn1_params); return cih; }
guchar* gkm_data_der_write_private_pkcs8_plain (gcry_sexp_t skey, gsize *n_data) { GNode *asn = NULL; int algorithm; gboolean is_priv; GQuark oid; guchar *params, *key, *data; gsize n_params, n_key; init_quarks (); /* Parse and check that the key is for real */ if (!gkm_sexp_parse_key (skey, &algorithm, &is_priv, NULL)) g_return_val_if_reached (NULL); g_return_val_if_fail (is_priv == TRUE, NULL); asn = egg_asn1x_create (pkix_asn1_tab, "pkcs-8-PrivateKeyInfo"); g_return_val_if_fail (asn, NULL); /* Write out the version */ if (!egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn, "version", NULL), 0)) g_return_val_if_reached (NULL); /* Per algorithm differences */ switch (algorithm) { /* RSA gets encoded in a standard simple way */ case GCRY_PK_RSA: oid = OID_PKIX1_RSA; params = NULL; n_params = 0; key = gkm_data_der_write_private_key_rsa (skey, &n_key); break; /* DSA gets incoded with the params seperate */ case GCRY_PK_DSA: oid = OID_PKIX1_DSA; key = gkm_data_der_write_private_key_dsa_part (skey, &n_key); params = gkm_data_der_write_private_key_dsa_params (skey, &n_params); break; default: g_warning ("trying to serialize unsupported private key algorithm: %d", algorithm); return NULL; }; /* Write out the algorithm */ if (!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "privateKeyAlgorithm", "algorithm", NULL), oid)) g_return_val_if_reached (NULL); /* Write out the parameters */ if (params) { if (!egg_asn1x_set_raw_element (egg_asn1x_node (asn, "privateKeyAlgorithm", "parameters", NULL), params, n_params, egg_secure_free)) g_return_val_if_reached (NULL); } /* Write out the key portion */ if (!egg_asn1x_set_string_as_raw (egg_asn1x_node (asn, "privateKey", NULL), key, n_key, egg_secure_free)) g_return_val_if_reached (NULL); data = egg_asn1x_encode (asn, egg_secure_realloc, n_data); if (data == NULL) g_warning ("couldn't encode private pkcs8 key: %s", egg_asn1x_message (asn)); egg_asn1x_destroy (asn); return data; }
static gcry_cipher_hd_t prepare_and_encode_pkcs8_cipher (GNode *asn, const gchar *password, gsize n_password, gsize *n_block) { GNode *asn1_params = NULL; gcry_cipher_hd_t cih; guchar *salt; gsize n_salt; gcry_error_t gcry; guchar *key, *iv; gsize n_key; int iterations; init_quarks (); /* Make sure the encryption algorithm works */ g_return_val_if_fail (gcry_cipher_algo_info (gcry_cipher_map_name (g_quark_to_string (OID_PKCS12_PBE_3DES_SHA1)), GCRYCTL_TEST_ALGO, NULL, 0) == 0, NULL); /* The encryption algorithm */ if(!egg_asn1x_set_oid_as_quark (egg_asn1x_node (asn, "encryptionAlgorithm", "algorithm", NULL), OID_PKCS12_PBE_3DES_SHA1)) g_return_val_if_reached (NULL); /* Randomize some input for the password based secret */ iterations = g_random_int_range (1000, 4096); n_salt = 8; salt = g_malloc (n_salt); gcry_create_nonce (salt, n_salt); /* Allocate space for the key and iv */ n_key = gcry_cipher_get_algo_keylen (GCRY_CIPHER_3DES); *n_block = gcry_cipher_get_algo_blklen (GCRY_MD_SHA1); g_return_val_if_fail (n_key && *n_block, NULL); if (!egg_symkey_generate_pkcs12 (GCRY_CIPHER_3DES, GCRY_MD_SHA1, password, n_password, salt, sizeof (salt), iterations, &key, &iv)) g_return_val_if_reached (NULL); /* Now write out the parameters */ asn1_params = egg_asn1x_create (pkix_asn1_tab, "pkcs-12-PbeParams"); g_return_val_if_fail (asn1_params, NULL); egg_asn1x_set_string_as_raw (egg_asn1x_node (asn1_params, "salt", NULL), salt, n_salt, g_free); egg_asn1x_set_integer_as_ulong (egg_asn1x_node (asn1_params, "iterations", NULL), iterations); egg_asn1x_set_any_from (egg_asn1x_node (asn, "encryptionAlgorithm", "parameters", NULL), asn1_params); /* Now make a cipher that matches what we wrote out */ gcry = gcry_cipher_open (&cih, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, 0); g_return_val_if_fail (gcry == 0, NULL); g_return_val_if_fail (cih, NULL); gcry_cipher_setiv (cih, iv, *n_block); gcry_cipher_setkey (cih, key, n_key); g_free (iv); egg_secure_free (key); egg_asn1x_destroy (asn1_params); return cih; }