void SslContext::setKeyFile(const std::string& filename)
{
if (error_) return;
if (!enabled) return;
TRACE("SslContext::setKeyFile: \"%s\"", filename.c_str());
gnutls_datum_t data;
if ((error_ = loadFile(data, filename))) {
log(x0::Severity::error, "Error loading private key file(%s): %s", filename.c_str(), error_.message().c_str());
return;
}
int rv;
if ((rv = gnutls_x509_privkey_init(&x509PrivateKey_)) < 0) {
freeFile(data);
return;
}
if ((rv = gnutls_x509_privkey_import(x509PrivateKey_, &data, GNUTLS_X509_FMT_PEM)) < 0) {
TRACE("setKeyFile: failed to import key as x509-fmt-pem. trying pkcs-plain.");
rv = gnutls_x509_privkey_import_pkcs8(x509PrivateKey_, &data, GNUTLS_X509_FMT_PEM, nullptr, GNUTLS_PKCS_PLAIN);
}
if (rv < 0) {
log(x0::Severity::error, "Error loading private key file(%s): %s", filename.c_str(), gnutls_strerror(rv));
freeFile(data);
return;
}
freeFile(data);
TRACE("setKeyFile: success.");
}
/* Load the private key.
* @mand should be non zero if it is required to read a private key.
*/
gnutls_x509_privkey_t
load_x509_private_key (int mand, common_info_st * info)
{
gnutls_x509_privkey_t key;
int ret;
gnutls_datum_t dat;
size_t size;
unsigned int flags = 0;
const char* pass;
if (!info->privkey && !mand)
return NULL;
if (info->privkey == NULL)
error (EXIT_FAILURE, 0, "missing --load-privkey");
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
dat.data = (void*)read_binary_file (info->privkey, &size);
dat.size = size;
if (!dat.data)
error (EXIT_FAILURE, errno, "reading --load-privkey: %s", info->privkey);
if (info->pkcs8)
{
pass = get_password (info, &flags, 0);
ret =
gnutls_x509_privkey_import_pkcs8 (key, &dat, info->incert_format,
pass, flags);
}
else
{
ret = gnutls_x509_privkey_import2 (key, &dat, info->incert_format, NULL, 0);
if (ret == GNUTLS_E_DECRYPTION_FAILED)
{
pass = get_password (info, &flags, 0);
ret = gnutls_x509_privkey_import2 (key, &dat, info->incert_format, pass, flags);
}
}
free (dat.data);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #12 encoded");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
return key;
}
gboolean
crypto_verify_pkcs8 (const guint8 *data,
gsize data_len,
gboolean is_encrypted,
const char *password,
GError **error)
{
gnutls_x509_privkey_t p8;
gnutls_datum_t dt;
int err;
g_return_val_if_fail (data != NULL, FALSE);
if (!crypto_init (error))
return FALSE;
dt.data = (unsigned char *) data;
dt.size = data_len;
err = gnutls_x509_privkey_init (&p8);
if (err < 0) {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_FAILED,
_("Couldn't initialize PKCS#8 decoder: %s"),
gnutls_strerror (err));
return FALSE;
}
err = gnutls_x509_privkey_import_pkcs8 (p8,
&dt,
GNUTLS_X509_FMT_DER,
is_encrypted ? password : NULL,
is_encrypted ? 0 : GNUTLS_PKCS_PLAIN);
gnutls_x509_privkey_deinit (p8);
if (err < 0) {
if (err == GNUTLS_E_UNKNOWN_CIPHER_TYPE) {
/* HACK: gnutls doesn't support all the cipher types that openssl
* can use with PKCS#8, so if we encounter one, we have to assume
* the given password works. gnutls needs to unsuckify, apparently.
* Specifically, by default openssl uses pbeWithMD5AndDES-CBC
* which gnutls does not support.
*/
} else {
g_set_error (error, NM_CRYPTO_ERROR,
NM_CRYPTO_ERROR_INVALID_DATA,
_("Couldn't decode PKCS#8 file: %s"),
gnutls_strerror (err));
return FALSE;
}
}
return TRUE;
}
/**
* gnutls_x509_privkey_import2:
* @key: The structure to store the parsed key
* @data: The DER or PEM encoded key.
* @format: One of DER or PEM
* @password: A password (optional)
* @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t
*
* This function will import the given DER or PEM encoded key, to
* the native #gnutls_x509_privkey_t format, irrespective of the
* input format. The input format is auto-detected.
*
* The supported formats are basic unencrypted key, PKCS8, PKCS12,
* and the openssl format.
*
* If the provided key is encrypted but no password was given, then
* %GNUTLS_E_DECRYPTION_FAILED is returned.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_privkey_import2(gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format,
const char *password, unsigned int flags)
{
int ret = 0;
if (password == NULL && !(flags & GNUTLS_PKCS_NULL_PASSWORD)) {
ret = gnutls_x509_privkey_import(key, data, format);
if (ret < 0) {
gnutls_assert();
}
}
if ((password != NULL || (flags & GNUTLS_PKCS_NULL_PASSWORD))
|| ret < 0) {
ret =
gnutls_x509_privkey_import_pkcs8(key, data, format,
password, flags);
if (ret < 0) {
if (ret == GNUTLS_E_DECRYPTION_FAILED)
goto cleanup;
ret =
import_pkcs12_privkey(key, data, format,
password, flags);
if (ret < 0 && format == GNUTLS_X509_FMT_PEM) {
if (ret == GNUTLS_E_DECRYPTION_FAILED)
goto cleanup;
ret =
gnutls_x509_privkey_import_openssl(key,
data,
password);
if (ret < 0) {
gnutls_assert();
goto cleanup;
}
} else {
gnutls_assert();
goto cleanup;
}
}
}
ret = 0;
cleanup:
return ret;
}
int
_gnutls_x509_raw_privkey_to_gkey (gnutls_privkey * privkey,
const gnutls_datum_t * raw_key,
gnutls_x509_crt_fmt_t type)
{
gnutls_x509_privkey_t tmpkey;
int ret;
ret = gnutls_x509_privkey_init (&tmpkey);
if (ret < 0)
{
gnutls_assert ();
return ret;
}
ret = gnutls_x509_privkey_import (tmpkey, raw_key, type);
#ifdef ENABLE_PKI
/* If normal key decoding doesn't work try decoding a plain PKCS #8 key */
if (ret < 0)
ret = gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type,
NULL, GNUTLS_PKCS_PLAIN);
#endif
if (ret < 0)
{
gnutls_assert ();
gnutls_x509_privkey_deinit (tmpkey);
return ret;
}
ret = _gnutls_x509_privkey_to_gkey (privkey, tmpkey);
if (ret < 0)
{
gnutls_assert ();
gnutls_x509_privkey_deinit (tmpkey);
return ret;
}
gnutls_x509_privkey_deinit (tmpkey);
return 0;
}
static gnutls_privkey_t _load_privkey(gnutls_datum_t *dat, common_info_st * info)
{
int ret;
gnutls_privkey_t key;
gnutls_x509_privkey_t xkey;
ret = gnutls_x509_privkey_init (&xkey);
if (ret < 0)
error (EXIT_FAILURE, 0, "x509_privkey_init: %s", gnutls_strerror (ret));
ret = gnutls_privkey_init (&key);
if (ret < 0)
error (EXIT_FAILURE, 0, "privkey_init: %s", gnutls_strerror (ret));
if (info->pkcs8)
{
const char *pass = get_pass ();
ret =
gnutls_x509_privkey_import_pkcs8 (xkey, dat, info->incert_format,
pass, 0);
}
else
ret = gnutls_x509_privkey_import (xkey, dat, info->incert_format);
if (ret == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
error (EXIT_FAILURE, 0,
"import error: could not find a valid PEM header; "
"check if your key is PKCS #8 or PKCS #12 encoded");
}
if (ret < 0)
error (EXIT_FAILURE, 0, "importing --load-privkey: %s: %s",
info->privkey, gnutls_strerror (ret));
ret = gnutls_privkey_import_x509(key, xkey, GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE);
if (ret < 0)
error (EXIT_FAILURE, 0, "gnutls_privkey_import_x509: %s",
gnutls_strerror (ret));
return key;
}
void Plugin::_loadPrivateKey()
{
QFile file(this->keyFile);
int bits;
size_t size;
QByteArray data;
gnutls_datum_t datum;
int error;
if (!file.open(QIODevice::ReadWrite))
throw Properties("error", "Unable to open the private key file").add("file", this->keyFile);
ASSERT_INIT(gnutls_x509_privkey_init(&this->key), "privkey");
// Checks that the private key is valid
if (file.size() > 0)
{
data = file.readAll();
datum.size = data.size();
datum.data = (unsigned char *)data.data();
if ((error = gnutls_x509_privkey_import_pkcs8(this->key, &datum, GNUTLS_X509_FMT_PEM, this->keyPassword.data(), 0)) != GNUTLS_E_SUCCESS)
{
LOG_ERROR("Invalid private key", Properties("error", gnutls_strerror(error)).toMap(), "Plugin", "_generatePrivateKey");
file.resize(0);
}
else if (gnutls_x509_privkey_sec_param(this->key) != this->secParam)
file.resize(0);
}
// Generates the private key
if (file.size() == 0)
{
bits = gnutls_sec_param_to_pk_bits(GNUTLS_PK_RSA, this->secParam);
LOG_INFO("Generating a new private key", Properties("secParam", gnutls_sec_param_get_name(this->secParam)).add("bits", bits).toMap(), "Plugin", "_generatePrivateKey");
ASSERT(gnutls_x509_privkey_generate(this->key, GNUTLS_PK_RSA, bits, 0));
ASSERT(gnutls_x509_privkey_verify_params(this->key));
size = bits;
data.resize((int)size);
ASSERT(gnutls_x509_privkey_export_pkcs8(this->key, GNUTLS_X509_FMT_PEM, this->keyPassword.data(), GNUTLS_PKCS_USE_PBES2_AES_256, data.data(), &size));
data.resize((int)size);
file.write(data);
}
}
static int pem_to_x509(const dnssec_binary_t *data, gnutls_x509_privkey_t *key_ptr)
{
assert(data);
gnutls_datum_t pem = binary_to_datum(data);
gnutls_x509_privkey_t key = NULL;
int r = gnutls_x509_privkey_init(&key);
if (r != GNUTLS_E_SUCCESS) {
return DNSSEC_ENOMEM;
}
int format = GNUTLS_X509_FMT_PEM;
r = gnutls_x509_privkey_import_pkcs8(key, &pem, format, NULL, 0);
if (r != GNUTLS_E_SUCCESS) {
gnutls_x509_privkey_deinit(key);
return DNSSEC_PKCS8_IMPORT_ERROR;
}
*key_ptr = key;
return DNSSEC_EOK;
}
int
main (void)
{
gnutls_x509_privkey_t key;
size_t i;
int ret;
gnutls_global_init ();
for (i = 0; i < sizeof (keys) / sizeof (keys[0]); i++)
{
gnutls_datum_t tmp;
ret = gnutls_x509_privkey_init (&key);
if (ret < 0)
return 1;
tmp.data = (char *) keys[i].pkcs12key;
tmp.size = strlen (tmp.data);
ret = gnutls_x509_privkey_import_pkcs8 (key, &tmp,
GNUTLS_X509_FMT_PEM,
keys[i].password, 0);
gnutls_x509_privkey_deinit (key);
if (ret != keys[i].expected_result)
{
printf ("fail[%d]: %d: %s\n", (int) i, ret, gnutls_strerror (ret));
return 1;
}
}
gnutls_global_deinit ();
return 0;
}
/**
* gnutls_x509_privkey_import:
* @key: The structure to store the parsed key
* @data: The DER or PEM encoded certificate.
* @format: One of DER or PEM
*
* This function will convert the given DER or PEM encoded key to the
* native #gnutls_x509_privkey_t format. The output will be stored in
* @key .
*
* If the key is PEM encoded it should have a header that contains "PRIVATE
* KEY". Note that this function falls back to PKCS #8 decoding without
* password, if the default format fails to import.
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
**/
int
gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
const gnutls_datum_t * data,
gnutls_x509_crt_fmt_t format)
{
int result = 0, need_free = 0;
gnutls_datum_t _data;
if (key == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
_data.data = data->data;
_data.size = data->size;
key->pk_algorithm = GNUTLS_PK_UNKNOWN;
/* If the Certificate is in PEM format then decode it
*/
if (format == GNUTLS_X509_FMT_PEM)
{
uint8_t *out;
/* Try the first header */
result =
_gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out);
if (result >= 0)
key->pk_algorithm = GNUTLS_PK_RSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
/* try for the second header */
result =
_gnutls_fbase64_decode (PEM_KEY_DSA, data->data, data->size,
&out);
if (result >= 0)
key->pk_algorithm = GNUTLS_PK_DSA;
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
/* try for the second header */
result =
_gnutls_fbase64_decode (PEM_KEY_ECC, data->data, data->size,
&out);
if (result >= 0)
key->pk_algorithm = GNUTLS_PK_EC;
}
}
if (result < 0)
{
gnutls_assert ();
goto failover;
}
_data.data = out;
_data.size = result;
need_free = 1;
}
if (key->pk_algorithm == GNUTLS_PK_RSA)
{
key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
if (key->key == NULL)
gnutls_assert ();
}
else if (key->pk_algorithm == GNUTLS_PK_DSA)
{
key->key = decode_dsa_key (&_data, key);
if (key->key == NULL)
gnutls_assert ();
}
else if (key->pk_algorithm == GNUTLS_PK_EC)
{
key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
if (key->key == NULL)
gnutls_assert ();
}
else
{
/* Try decoding with both, and accept the one that
* succeeds.
*/
key->pk_algorithm = GNUTLS_PK_RSA;
key->key = _gnutls_privkey_decode_pkcs1_rsa_key (&_data, key);
if (key->key == NULL)
{
key->pk_algorithm = GNUTLS_PK_DSA;
key->key = decode_dsa_key (&_data, key);
if (key->key == NULL)
{
key->pk_algorithm = GNUTLS_PK_EC;
key->key = _gnutls_privkey_decode_ecc_key (&_data, key);
if (key->key == NULL)
gnutls_assert ();
}
}
}
if (key->key == NULL)
{
gnutls_assert ();
result = GNUTLS_E_ASN1_DER_ERROR;
goto failover;
}
if (need_free)
_gnutls_free_datum (&_data);
/* The key has now been decoded.
*/
return 0;
failover:
/* Try PKCS #8 */
if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR)
{
_gnutls_debug_log ("Falling back to PKCS #8 key decoding\n");
result = gnutls_x509_privkey_import_pkcs8 (key, data, format,
NULL, GNUTLS_PKCS_PLAIN);
}
if (need_free)
_gnutls_free_datum (&_data);
return result;
}
/**
* gnutls_pkcs12_simple_parse:
* @p12: A pkcs12 type
* @password: optional password used to decrypt the structure, bags and keys.
* @key: a structure to store the parsed private key.
* @chain: the corresponding to key certificate chain (may be %NULL)
* @chain_len: will be updated with the number of additional (may be %NULL)
* @extra_certs: optional pointer to receive an array of additional
* certificates found in the PKCS12 structure (may be %NULL).
* @extra_certs_len: will be updated with the number of additional
* certs (may be %NULL).
* @crl: an optional structure to store the parsed CRL (may be %NULL).
* @flags: should be zero or one of GNUTLS_PKCS12_SP_*
*
* This function parses a PKCS12 structure in @pkcs12 and extracts the
* private key, the corresponding certificate chain, any additional
* certificates and a CRL. The structures in @key, @chain @crl, and @extra_certs
* must not be initialized.
*
* The @extra_certs and @extra_certs_len parameters are optional
* and both may be set to %NULL. If either is non-%NULL, then both must
* be set. The value for @extra_certs is allocated
* using gnutls_malloc().
*
* Encrypted PKCS12 bags and PKCS8 private keys are supported, but
* only with password based security and the same password for all
* operations.
*
* Note that a PKCS12 structure may contain many keys and/or certificates,
* and there is no way to identify which key/certificate pair you want.
* For this reason this function is useful for PKCS12 files that contain
* only one key/certificate pair and/or one CRL.
*
* If the provided structure has encrypted fields but no password
* is provided then this function returns %GNUTLS_E_DECRYPTION_FAILED.
*
* Note that normally the chain constructed does not include self signed
* certificates, to comply with TLS' requirements. If, however, the flag
* %GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED is specified then
* self signed certificates will be included in the chain.
*
* Prior to using this function the PKCS #12 structure integrity must
* be verified using gnutls_pkcs12_verify_mac().
*
* Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
* negative error value.
*
* Since: 3.1.0
**/
int
gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
const char *password,
gnutls_x509_privkey_t * key,
gnutls_x509_crt_t ** chain,
unsigned int *chain_len,
gnutls_x509_crt_t ** extra_certs,
unsigned int *extra_certs_len,
gnutls_x509_crl_t * crl, unsigned int flags)
{
gnutls_pkcs12_bag_t bag = NULL;
gnutls_x509_crt_t *_extra_certs = NULL;
unsigned int _extra_certs_len = 0;
gnutls_x509_crt_t *_chain = NULL;
unsigned int _chain_len = 0;
int idx = 0;
int ret;
size_t cert_id_size = 0;
size_t key_id_size = 0;
uint8_t cert_id[20];
uint8_t key_id[20];
int privkey_ok = 0;
unsigned int i;
int elements_in_bag;
*key = NULL;
if (crl)
*crl = NULL;
/* find the first private key */
for (;;) {
ret = gnutls_pkcs12_bag_init(&bag);
if (ret < 0) {
bag = NULL;
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_get_bag(p12, idx, bag);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
gnutls_pkcs12_bag_deinit(bag);
bag = NULL;
break;
}
if (ret < 0) {
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_bag_get_type(bag, 0);
if (ret < 0) {
gnutls_assert();
goto done;
}
if (ret == GNUTLS_BAG_ENCRYPTED) {
if (password == NULL) {
ret =
gnutls_assert_val
(GNUTLS_E_DECRYPTION_FAILED);
goto done;
}
ret = gnutls_pkcs12_bag_decrypt(bag, password);
if (ret < 0) {
gnutls_assert();
goto done;
}
}
elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
if (elements_in_bag < 0) {
gnutls_assert();
goto done;
}
for (i = 0; i < (unsigned)elements_in_bag; i++) {
int type;
gnutls_datum_t data;
type = gnutls_pkcs12_bag_get_type(bag, i);
if (type < 0) {
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
if (ret < 0) {
gnutls_assert();
goto done;
}
switch (type) {
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
if (password == NULL) {
ret =
gnutls_assert_val
(GNUTLS_E_DECRYPTION_FAILED);
goto done;
}
FALLTHROUGH;
case GNUTLS_BAG_PKCS8_KEY:
if (*key != NULL) { /* too simple to continue */
gnutls_assert();
break;
}
ret = gnutls_x509_privkey_init(key);
if (ret < 0) {
gnutls_assert();
goto done;
}
ret = gnutls_x509_privkey_import_pkcs8
(*key, &data, GNUTLS_X509_FMT_DER,
password,
type ==
GNUTLS_BAG_PKCS8_KEY ?
GNUTLS_PKCS_PLAIN : 0);
if (ret < 0) {
gnutls_assert();
goto done;
}
key_id_size = sizeof(key_id);
ret =
gnutls_x509_privkey_get_key_id(*key, 0,
key_id,
&key_id_size);
if (ret < 0) {
gnutls_assert();
goto done;
}
privkey_ok = 1; /* break */
break;
default:
break;
}
}
idx++;
gnutls_pkcs12_bag_deinit(bag);
bag = NULL;
if (privkey_ok != 0) /* private key was found */
break;
}
if (privkey_ok == 0) { /* no private key */
gnutls_assert();
return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
}
/* now find the corresponding certificate
*/
idx = 0;
bag = NULL;
for (;;) {
ret = gnutls_pkcs12_bag_init(&bag);
if (ret < 0) {
bag = NULL;
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_get_bag(p12, idx, bag);
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
gnutls_pkcs12_bag_deinit(bag);
bag = NULL;
break;
}
if (ret < 0) {
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_bag_get_type(bag, 0);
if (ret < 0) {
gnutls_assert();
goto done;
}
if (ret == GNUTLS_BAG_ENCRYPTED) {
ret = gnutls_pkcs12_bag_decrypt(bag, password);
if (ret < 0) {
gnutls_assert();
goto done;
}
}
elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
if (elements_in_bag < 0) {
gnutls_assert();
goto done;
}
for (i = 0; i < (unsigned)elements_in_bag; i++) {
int type;
gnutls_datum_t data;
gnutls_x509_crt_t this_cert;
type = gnutls_pkcs12_bag_get_type(bag, i);
if (type < 0) {
gnutls_assert();
goto done;
}
ret = gnutls_pkcs12_bag_get_data(bag, i, &data);
if (ret < 0) {
gnutls_assert();
goto done;
}
switch (type) {
case GNUTLS_BAG_CERTIFICATE:
ret = gnutls_x509_crt_init(&this_cert);
if (ret < 0) {
gnutls_assert();
goto done;
}
ret =
gnutls_x509_crt_import(this_cert,
&data,
GNUTLS_X509_FMT_DER);
if (ret < 0) {
gnutls_assert();
gnutls_x509_crt_deinit(this_cert);
this_cert = NULL;
goto done;
}
/* check if the key id match */
cert_id_size = sizeof(cert_id);
ret =
gnutls_x509_crt_get_key_id(this_cert,
0, cert_id,
&cert_id_size);
if (ret < 0) {
gnutls_assert();
gnutls_x509_crt_deinit(this_cert);
this_cert = NULL;
goto done;
}
if (memcmp(cert_id, key_id, cert_id_size) != 0) { /* they don't match - skip the certificate */
_extra_certs =
gnutls_realloc_fast
(_extra_certs,
sizeof(_extra_certs
[0]) *
++_extra_certs_len);
if (!_extra_certs) {
gnutls_assert();
ret =
GNUTLS_E_MEMORY_ERROR;
goto done;
}
_extra_certs
[_extra_certs_len -
1] = this_cert;
this_cert = NULL;
} else {
if (chain && _chain_len == 0) {
_chain =
gnutls_malloc(sizeof
(_chain
[0]) *
(++_chain_len));
if (!_chain) {
gnutls_assert();
ret =
GNUTLS_E_MEMORY_ERROR;
goto done;
}
_chain[_chain_len - 1] =
this_cert;
this_cert = NULL;
} else {
gnutls_x509_crt_deinit
(this_cert);
this_cert = NULL;
}
}
break;
case GNUTLS_BAG_CRL:
if (crl == NULL || *crl != NULL) {
gnutls_assert();
break;
}
ret = gnutls_x509_crl_init(crl);
if (ret < 0) {
gnutls_assert();
goto done;
}
ret =
gnutls_x509_crl_import(*crl, &data,
GNUTLS_X509_FMT_DER);
if (ret < 0) {
gnutls_assert();
gnutls_x509_crl_deinit(*crl);
*crl = NULL;
goto done;
}
break;
case GNUTLS_BAG_ENCRYPTED:
/* XXX Bother to recurse one level down? Unlikely to
use the same password anyway. */
case GNUTLS_BAG_EMPTY:
default:
break;
}
}
idx++;
gnutls_pkcs12_bag_deinit(bag);
bag = NULL;
}
if (chain != NULL) {
if (_chain_len != 1) {
ret = GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE;
goto done;
}
ret =
make_chain(&_chain, &_chain_len, &_extra_certs,
&_extra_certs_len, flags);
if (ret < 0) {
gnutls_assert();
goto done;
}
}
ret = 0;
done:
if (bag)
gnutls_pkcs12_bag_deinit(bag);
if (ret < 0) {
if (*key) {
gnutls_x509_privkey_deinit(*key);
*key = NULL;
}
if (crl != NULL && *crl != NULL) {
gnutls_x509_crl_deinit(*crl);
*crl = NULL;
}
if (_extra_certs_len && _extra_certs != NULL) {
for (i = 0; i < _extra_certs_len; i++)
gnutls_x509_crt_deinit(_extra_certs[i]);
gnutls_free(_extra_certs);
}
if (_chain_len && _chain != NULL) {
for (i = 0; i < _chain_len; i++)
gnutls_x509_crt_deinit(_chain[i]);
gnutls_free(_chain);
}
return ret;
}
if (extra_certs && _extra_certs_len > 0) {
*extra_certs = _extra_certs;
*extra_certs_len = _extra_certs_len;
} else {
if (extra_certs) {
*extra_certs = NULL;
*extra_certs_len = 0;
}
for (i = 0; i < _extra_certs_len; i++)
gnutls_x509_crt_deinit(_extra_certs[i]);
gnutls_free(_extra_certs);
}
if (chain != NULL) {
*chain = _chain;
*chain_len = _chain_len;
}
return ret;
}
EAPI Eet_Key *
eet_identity_open(const char *certificate_file,
const char *private_key_file,
Eet_Key_Password_Callback cb)
{
#ifdef HAVE_SIGNATURE
/* Signature declarations */
Eet_Key *key = NULL;
# ifdef HAVE_GNUTLS
/* Gnutls private declarations */
Eina_File *f = NULL;
void *data = NULL;
gnutls_datum_t load_file = { NULL, 0 };
char pass[1024];
if (!emile_cipher_init()) return NULL;
/* Init */
if (!(key = malloc(sizeof(Eet_Key))))
goto on_error;
key->references = 1;
if (gnutls_x509_crt_init(&(key->certificate)))
goto on_error;
if (gnutls_x509_privkey_init(&(key->private_key)))
goto on_error;
/* Mmap certificate_file */
f = eina_file_open(certificate_file, 0);
if (!f)
goto on_error;
/* let's make mmap safe and just get 0 pages for IO erro */
eina_mmap_safety_enabled_set(EINA_TRUE);
data = eina_file_map_all(f, EINA_FILE_SEQUENTIAL);
if (!data) goto on_error;
/* Import the certificate in Eet_Key structure */
load_file.data = data;
load_file.size = eina_file_size_get(f);
if (gnutls_x509_crt_import(key->certificate, &load_file,
GNUTLS_X509_FMT_PEM) < 0)
goto on_error;
eina_file_map_free(f, data);
/* Reset values */
eina_file_close(f);
f = NULL;
data = NULL;
load_file.data = NULL;
load_file.size = 0;
/* Mmap private_key_file */
f = eina_file_open(private_key_file, 0);
if (!f)
goto on_error;
/* let's make mmap safe and just get 0 pages for IO erro */
eina_mmap_safety_enabled_set(EINA_TRUE);
data = eina_file_map_all(f, EINA_FILE_SEQUENTIAL);
if (!data)
goto on_error;
/* Import the private key in Eet_Key structure */
load_file.data = data;
load_file.size = eina_file_size_get(f);
/* Try to directly import the PEM encoded private key */
if (gnutls_x509_privkey_import(key->private_key, &load_file,
GNUTLS_X509_FMT_PEM) < 0)
{
/* Else ask for the private key pass */
if (cb && cb(pass, 1024, 0, NULL))
{
/* If pass then try to decode the pkcs 8 private key */
if (gnutls_x509_privkey_import_pkcs8(key->private_key, &load_file,
GNUTLS_X509_FMT_PEM, pass, 0))
goto on_error;
}
else
/* Else try to import the pkcs 8 private key without pass */
if (gnutls_x509_privkey_import_pkcs8(key->private_key, &load_file,
GNUTLS_X509_FMT_PEM, NULL, 1))
goto on_error;
}
eina_file_map_free(f, data);
eina_file_close(f);
return key;
on_error:
if (data) eina_file_map_free(f, data);
if (f) eina_file_close(f);
if (key)
{
if (key->certificate)
gnutls_x509_crt_deinit(key->certificate);
if (key->private_key)
gnutls_x509_privkey_deinit(key->private_key);
free(key);
}
# else /* ifdef HAVE_GNUTLS */
/* Openssl private declarations */
FILE *fp;
EVP_PKEY *pkey = NULL;
X509 *cert = NULL;
if (!emile_cipher_init()) return NULL;
/* Load the X509 certificate in memory. */
fp = fopen(certificate_file, "rb");
if (!fp)
return NULL;
cert = PEM_read_X509(fp, NULL, NULL, NULL);
fclose(fp);
if (!cert)
goto on_error;
/* Check the presence of the public key. Just in case. */
pkey = X509_get_pubkey(cert);
if (!pkey)
goto on_error;
/* Load the private key in memory. */
fp = fopen(private_key_file, "rb");
if (!fp)
goto on_error;
pkey = PEM_read_PrivateKey(fp, NULL, cb, NULL);
fclose(fp);
if (!pkey)
goto on_error;
/* Load the certificate and the private key in Eet_Key structure */
key = malloc(sizeof(Eet_Key));
if (!key)
goto on_error;
key->references = 1;
key->certificate = cert;
key->private_key = pkey;
return key;
on_error:
if (cert)
X509_free(cert);
if (pkey)
EVP_PKEY_free(pkey);
# endif /* ifdef HAVE_GNUTLS */
#else
(void) certificate_file;
(void) private_key_file;
(void) cb;
#endif /* ifdef HAVE_SIGNATURE */
return NULL;
}
/**
* ntfs_pkcs12_extract_rsa_key
*/
static ntfs_rsa_private_key ntfs_pkcs12_extract_rsa_key(u8 *pfx, int pfx_size,
char *password, char *thumbprint, int thumbprint_size,
NTFS_DF_TYPES *df_type)
{
int err, bag_index, flags;
gnutls_datum_t dpfx, dkey;
gnutls_pkcs12_t pkcs12 = NULL;
gnutls_pkcs12_bag_t bag = NULL;
gnutls_x509_privkey_t pkey = NULL;
gnutls_x509_crt_t crt = NULL;
ntfs_rsa_private_key rsa_key = NULL;
char purpose_oid[100];
size_t purpose_oid_size = sizeof(purpose_oid);
size_t tp_size = thumbprint_size;
BOOL have_thumbprint = FALSE;
*df_type = DF_TYPE_UNKNOWN;
/* Create a pkcs12 structure. */
err = gnutls_pkcs12_init(&pkcs12);
if (err) {
ntfs_log_error("Failed to initialize PKCS#12 structure: %s\n",
gnutls_strerror(err));
return NULL;
}
/* Convert the PFX file (DER format) to native pkcs12 format. */
dpfx.data = pfx;
dpfx.size = pfx_size;
err = gnutls_pkcs12_import(pkcs12, &dpfx, GNUTLS_X509_FMT_DER, 0);
if (err) {
ntfs_log_error("Failed to convert the PFX file from DER to "
"native PKCS#12 format: %s\n",
gnutls_strerror(err));
goto err;
}
/*
* Verify that the password is correct and that the key file has not
* been tampered with. Note if the password has zero length and the
* verification fails, retry with password set to NULL. This is needed
* to get passwordless .pfx files generated with Windows XP SP1 (and
* probably earlier versions of Windows) to work.
*/
retry_verify:
err = gnutls_pkcs12_verify_mac(pkcs12, password);
if (err) {
if (err == GNUTLS_E_MAC_VERIFY_FAILED &&
password && !strlen(password)) {
password = NULL;
goto retry_verify;
}
ntfs_log_error("Failed to verify the MAC: %s Is the "
"password correct?\n", gnutls_strerror(err));
goto err;
}
for (bag_index = 0; ; bag_index++) {
err = gnutls_pkcs12_bag_init(&bag);
if (err) {
ntfs_log_error("Failed to initialize PKCS#12 Bag "
"structure: %s\n",
gnutls_strerror(err));
goto err;
}
err = gnutls_pkcs12_get_bag(pkcs12, bag_index, bag);
if (err) {
if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
err = 0;
break;
}
ntfs_log_error("Failed to obtain Bag from PKCS#12 "
"structure: %s\n",
gnutls_strerror(err));
goto err;
}
check_again:
err = gnutls_pkcs12_bag_get_count(bag);
if (err < 0) {
ntfs_log_error("Failed to obtain Bag count: %s\n",
gnutls_strerror(err));
goto err;
}
err = gnutls_pkcs12_bag_get_type(bag, 0);
if (err < 0) {
ntfs_log_error("Failed to determine Bag type: %s\n",
gnutls_strerror(err));
goto err;
}
flags = 0;
switch (err) {
case GNUTLS_BAG_PKCS8_KEY:
flags = GNUTLS_PKCS_PLAIN;
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
err = gnutls_pkcs12_bag_get_data(bag, 0, &dkey);
if (err < 0) {
ntfs_log_error("Failed to obtain Bag data: "
"%s\n", gnutls_strerror(err));
goto err;
}
err = gnutls_x509_privkey_init(&pkey);
if (err) {
ntfs_log_error("Failed to initialized "
"private key structure: %s\n",
gnutls_strerror(err));
goto err;
}
/* Decrypt the private key into GNU TLS format. */
err = gnutls_x509_privkey_import_pkcs8(pkey, &dkey,
GNUTLS_X509_FMT_DER, password, flags);
if (err) {
ntfs_log_error("Failed to convert private "
"key from DER to GNU TLS "
"format: %s\n",
gnutls_strerror(err));
goto err;
}
#if 0
/*
* Export the key again, but unencrypted, and output it
* to stderr. Note the output has an RSA header so to
* compare to openssl pkcs12 -nodes -in myfile.pfx
* output need to ignore the part of the key between
* the first "MII..." up to the second "MII...". The
* actual RSA private key begins at the second "MII..."
* and in my testing at least was identical to openssl
* output and was also identical both on big and little
* endian so gnutls should be endianness safe.
*/
char *buf = malloc(8192);
size_t bufsize = 8192;
err = gnutls_x509_privkey_export_pkcs8(pkey,
GNUTLS_X509_FMT_PEM, "", GNUTLS_PKCS_PLAIN, buf,
&bufsize);
if (err) {
ntfs_log_error("eek1\n");
exit(1);
}
ntfs_log_error("%s\n", buf);
free(buf);
#endif
/* Convert the private key to our internal format. */
rsa_key = ntfs_rsa_private_key_import_from_gnutls(pkey);
if (!rsa_key)
goto err;
break;
case GNUTLS_BAG_ENCRYPTED:
err = gnutls_pkcs12_bag_decrypt(bag, password);
if (err) {
ntfs_log_error("Failed to decrypt Bag: %s\n",
gnutls_strerror(err));
goto err;
}
goto check_again;
case GNUTLS_BAG_CERTIFICATE:
err = gnutls_pkcs12_bag_get_data(bag, 0, &dkey);
if (err < 0) {
ntfs_log_error("Failed to obtain Bag data: "
"%s\n", gnutls_strerror(err));
goto err;
}
err = gnutls_x509_crt_init(&crt);
if (err) {
ntfs_log_error("Failed to initialize "
"certificate structure: %s\n",
gnutls_strerror(err));
goto err;
}
err = gnutls_x509_crt_import(crt, &dkey,
GNUTLS_X509_FMT_DER);
if (err) {
ntfs_log_error("Failed to convert certificate "
"from DER to GNU TLS format: "
"%s\n", gnutls_strerror(err));
goto err;
}
err = gnutls_x509_crt_get_key_purpose_oid(crt, 0,
purpose_oid, &purpose_oid_size, NULL);
if (err) {
ntfs_log_error("Failed to get key purpose "
"OID: %s\n",
gnutls_strerror(err));
goto err;
}
purpose_oid[purpose_oid_size - 1] = '\0';
if (!strcmp(purpose_oid,
NTFS_EFS_CERT_PURPOSE_OID_DRF))
*df_type = DF_TYPE_DRF;
else if (!strcmp(purpose_oid,
NTFS_EFS_CERT_PURPOSE_OID_DDF))
*df_type = DF_TYPE_DDF;
else {
ntfs_log_error("Certificate has unknown "
"purpose OID %s.\n",
purpose_oid);
err = EINVAL;
goto err;
}
/* Return the thumbprint to the caller. */
err = gnutls_x509_crt_get_fingerprint(crt,
GNUTLS_DIG_SHA1, thumbprint, &tp_size);
if (err) {
ntfs_log_error("Failed to get thumbprint: "
"%s\n", gnutls_strerror(err));
goto err;
}
if (tp_size != NTFS_SHA1_THUMBPRINT_SIZE) {
ntfs_log_error("Invalid thumbprint size %zd. "
"Should be %d.\n", tp_size,
thumbprint_size);
err = EINVAL;
goto err;
}
have_thumbprint = TRUE;
gnutls_x509_crt_deinit(crt);
crt = NULL;
break;
default:
/* We do not care about other types. */
break;
}
gnutls_pkcs12_bag_deinit(bag);
}
err:
if (rsa_key && (err || *df_type == DF_TYPE_UNKNOWN ||
!have_thumbprint)) {
if (!err)
ntfs_log_error("Key type or thumbprint not found, "
"aborting.\n");
ntfs_rsa_private_key_release(rsa_key);
rsa_key = NULL;
}
if (crt)
gnutls_x509_crt_deinit(crt);
if (pkey)
gnutls_x509_privkey_deinit(pkey);
if (bag)
gnutls_pkcs12_bag_deinit(bag);
if (pkcs12)
gnutls_pkcs12_deinit(pkcs12);
return rsa_key;
}
static bool tls_get_item_from_bag_at(gnutls_pkcs12_bag_t *const bag,
const int index,
const char *const password,
gnutls_x509_privkey_t *const key,
gnutls_x509_crt_t *const cert)
{
gnutls_pkcs12_bag_type_t type;
gnutls_datum_t data;
int ret;
assert(bag != NULL);
assert(index >= 0);
assert(key != NULL);
assert(cert != NULL);
*key = NULL;
*cert = NULL;
type = gnutls_pkcs12_bag_get_type(*bag, index);
ret = gnutls_pkcs12_bag_get_data(*bag, index, &data);
if(ret < 0)
{
goto error;
}
switch(type)
{
case GNUTLS_BAG_PKCS8_KEY:
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
{
unsigned int flags = (type == GNUTLS_BAG_PKCS8_KEY ? GNUTLS_PKCS_PLAIN : 0);
trace(LOG_DEBUG, "key found!");
ret = gnutls_pkcs12_bag_get_data(*bag, index, &data);
if(ret < 0)
{
goto error;
}
ret = gnutls_x509_privkey_init(key); // TODO gnutls_x509_privkey_deinit
if(ret < 0)
{
goto error;
}
ret = gnutls_x509_privkey_import_pkcs8(*key, &data,
GNUTLS_X509_FMT_DER,
password, flags);
if(ret < 0)
{
gnutls_x509_privkey_deinit(*key);
goto error;
}
break;
}
case GNUTLS_BAG_CERTIFICATE:
{
trace(LOG_DEBUG, "certificate found!");
gnutls_x509_crt_init(cert);
if(ret < 0)
{
goto error;
}
ret = gnutls_x509_crt_import(*cert, &data, GNUTLS_X509_FMT_DER);
if(ret < 0)
{
gnutls_x509_crt_deinit(*cert);
goto error;
}
break;
}
default:
{
ret = GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
trace(LOG_ERR, "unknown element %d\n", type);
goto error;
}
}
return true;
error:
return false;
}
/* Parses a PKCS#12 structure and loads the certificate, private key
* and friendly name if possible. Returns zero on success, non-zero
* on error. */
static int pkcs12_parse(gnutls_pkcs12 p12, gnutls_x509_privkey *pkey,
gnutls_x509_crt *x5, char **friendly_name,
const char *password)
{
gnutls_pkcs12_bag bag = NULL;
int i, j, ret = 0;
for (i = 0; ret == 0; ++i) {
if (bag) gnutls_pkcs12_bag_deinit(bag);
ret = gnutls_pkcs12_bag_init(&bag);
if (ret < 0) continue;
ret = gnutls_pkcs12_get_bag(p12, i, bag);
if (ret < 0) continue;
gnutls_pkcs12_bag_decrypt(bag, password);
for (j = 0; ret == 0 && j < gnutls_pkcs12_bag_get_count(bag); ++j) {
gnutls_pkcs12_bag_type type;
gnutls_datum data;
if (friendly_name && *friendly_name == NULL) {
char *name = NULL;
gnutls_pkcs12_bag_get_friendly_name(bag, j, &name);
if (name) {
if (name[0] == '.') name++; /* weird GnuTLS bug? */
*friendly_name = ne_strdup(name);
}
}
type = gnutls_pkcs12_bag_get_type(bag, j);
switch (type) {
case GNUTLS_BAG_PKCS8_KEY:
case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
/* Ignore any but the first key encountered; really
* need to match up keyids. */
if (*pkey) break;
gnutls_x509_privkey_init(pkey);
ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
if (ret < 0) continue;
ret = gnutls_x509_privkey_import_pkcs8(*pkey, &data,
GNUTLS_X509_FMT_DER,
password,
0);
if (ret < 0) continue;
break;
case GNUTLS_BAG_CERTIFICATE:
/* Ignore any but the first cert encountered; again,
* really need to match up keyids. */
if (*x5) break;
ret = gnutls_x509_crt_init(x5);
if (ret < 0) continue;
ret = gnutls_pkcs12_bag_get_data(bag, j, &data);
if (ret < 0) continue;
ret = gnutls_x509_crt_import(*x5, &data, GNUTLS_X509_FMT_DER);
if (ret < 0) continue;
break;
default:
break;
}
}
}
/* Make sure last bag is freed */
if (bag) gnutls_pkcs12_bag_deinit(bag);
/* Free in case of error */
if (ret < 0 && ret != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
if (*x5) gnutls_x509_crt_deinit(*x5);
if (*pkey) gnutls_x509_privkey_deinit(*pkey);
if (friendly_name && *friendly_name) ne_free(*friendly_name);
}
if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) ret = 0;
return ret;
}
