/* Get a PK algorithm identifier * * AlgorithmIdentifier ::= SEQUENCE { * algorithm OBJECT IDENTIFIER, * parameters ANY DEFINED BY algorithm OPTIONAL } */ static int pk_get_pk_alg( unsigned char **p, const unsigned char *end, pk_type_t *pk_alg, asn1_buf *params ) { int ret; asn1_buf alg_oid; memset( params, 0, sizeof(asn1_buf) ); if( ( ret = asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) return( POLARSSL_ERR_PK_INVALID_ALG + ret ); if( oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) return( POLARSSL_ERR_PK_UNKNOWN_PK_ALG ); /* * No parameters with RSA (only for EC) */ if( *pk_alg == POLARSSL_PK_RSA && ( ( params->tag != ASN1_NULL && params->tag != 0 ) || params->len != 0 ) ) { return( POLARSSL_ERR_PK_INVALID_ALG ); } return( 0 ); }
/* * Parse an algorithm identifier with (optional) paramaters */ int x509_get_alg( unsigned char **p, const unsigned char *end, x509_buf *alg, x509_buf *params ) { int ret; if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 ) return( POLARSSL_ERR_X509_INVALID_ALG + ret ); return( 0 ); }
int asn1_get_alg_null( unsigned char **p, const unsigned char *end, asn1_buf *alg ) { int ret; asn1_buf params; memset( ¶ms, 0, sizeof(asn1_buf) ); if( ( ret = asn1_get_alg( p, end, alg, ¶ms ) ) != 0 ) return( ret ); if( ( params.tag != ASN1_NULL && params.tag != 0 ) || params.len != 0 ) return( POLARSSL_ERR_ASN1_INVALID_DATA ); return( 0 ); }
static int pk_parse_key_pkcs8_encrypted_der( pk_context *pk, const unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { int ret, decrypted = 0; size_t len; unsigned char buf[2048]; unsigned char *p, *end; asn1_buf pbe_alg_oid, pbe_params; #if defined(POLARSSL_PKCS12_C) cipher_type_t cipher_alg; md_type_t md_alg; #endif memset( buf, 0, sizeof( buf ) ); p = (unsigned char *) key; end = p + keylen; if( pwdlen == 0 ) return( POLARSSL_ERR_PK_PASSWORD_REQUIRED ); /* * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) * * EncryptedPrivateKeyInfo ::= SEQUENCE { * encryptionAlgorithm EncryptionAlgorithmIdentifier, * encryptedData EncryptedData * } * * EncryptionAlgorithmIdentifier ::= AlgorithmIdentifier * * EncryptedData ::= OCTET STRING * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo */ if( ( ret = asn1_get_tag( &p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) { return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); } end = p + len; if( ( ret = asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); if( ( ret = asn1_get_tag( &p, end, &len, ASN1_OCTET_STRING ) ) != 0 ) return( POLARSSL_ERR_PK_KEY_INVALID_FORMAT + ret ); if( len > sizeof( buf ) ) return( POLARSSL_ERR_PK_BAD_INPUT_DATA ); /* * Decrypt EncryptedData with appropriate PDE */ #if defined(POLARSSL_PKCS12_C) if( oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) { if( ( ret = pkcs12_pbe( &pbe_params, PKCS12_PBE_DECRYPT, cipher_alg, md_alg, pwd, pwdlen, p, len, buf ) ) != 0 ) { if( ret == POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH ) return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); return( ret ); } decrypted = 1; } else if( OID_CMP( OID_PKCS12_PBE_SHA1_RC4_128, &pbe_alg_oid ) ) { if( ( ret = pkcs12_pbe_sha1_rc4_128( &pbe_params, PKCS12_PBE_DECRYPT, pwd, pwdlen, p, len, buf ) ) != 0 ) { return( ret ); } // Best guess for password mismatch when using RC4. If first tag is // not ASN1_CONSTRUCTED | ASN1_SEQUENCE // if( *buf != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); decrypted = 1; } else #endif /* POLARSSL_PKCS12_C */ #if defined(POLARSSL_PKCS5_C) if( OID_CMP( OID_PKCS5_PBES2, &pbe_alg_oid ) ) { if( ( ret = pkcs5_pbes2( &pbe_params, PKCS5_DECRYPT, pwd, pwdlen, p, len, buf ) ) != 0 ) { if( ret == POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH ) return( POLARSSL_ERR_PK_PASSWORD_MISMATCH ); return( ret ); } decrypted = 1; } else #endif /* POLARSSL_PKCS5_C */ { ((void) pwd); } if( decrypted == 0 ) return( POLARSSL_ERR_PK_FEATURE_UNAVAILABLE ); return( pk_parse_key_pkcs8_unencrypted_der( pk, buf, len ) ); }