示例#1
0
文件: pkcs12.c 项目: gnutls/gnutls
static int
_parse_safe_contents(ASN1_TYPE sc, const char *sc_name,
		     gnutls_pkcs12_bag_t bag)
{
	gnutls_datum_t content = { NULL, 0 };
	int result;

	/* Step 1. Extract the content.
	 */

	result =
	    _gnutls_x509_read_string(sc, sc_name, &content,
				     ASN1_ETYPE_OCTET_STRING, 1);
	if (result < 0) {
		gnutls_assert();
		goto cleanup;
	}

	result = _pkcs12_decode_safe_contents(&content, bag);
	if (result < 0) {
		gnutls_assert();
		goto cleanup;
	}

	_gnutls_free_datum(&content);

	return 0;

      cleanup:
	_gnutls_free_datum(&content);
	return result;
}
示例#2
0
/* Decodes an X.509 Attribute (if multi==1) or an AttributeTypeAndValue
 * otherwise.
 *
 * octet_string should be non-zero if we are to decode octet strings after
 * decoding.
 *
 * The output is allocated and stored in value.
 */
int
_gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
				       const char *where, char *oid,
				       int oid_size,
				       gnutls_datum_t * value, int multi,
				       int octet_string)
{
	char tmpbuffer[128];
	int len, result;

	/* Read the OID 
	 */
	_gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
	_gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".type");

	len = oid_size - 1;
	result = asn1_read_value(asn1_struct, tmpbuffer, oid, &len);

	if (result != ASN1_SUCCESS) {
		gnutls_assert();
		result = _gnutls_asn2err(result);
		return result;
	}

	/* Read the Value 
	 */

	_gnutls_str_cpy(tmpbuffer, sizeof(tmpbuffer), where);
	_gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), ".value");

	if (multi)
		_gnutls_str_cat(tmpbuffer, sizeof(tmpbuffer), "s.?1");	/* .values.?1 */

	if (octet_string)
		result =
		    _gnutls_x509_read_string(asn1_struct, tmpbuffer, value,
					     ASN1_ETYPE_OCTET_STRING, 0);
	else
		result =
		    _gnutls_x509_read_value(asn1_struct, tmpbuffer, value);
	if (result < 0) {
		gnutls_assert();
		return result;
	}

	return 0;

}
示例#3
0
static int
_decode_pkcs8_eddsa_key(ASN1_TYPE pkcs8_asn, gnutls_x509_privkey_t pkey, const char *oid)
{
	int ret;
	gnutls_datum_t tmp;
	gnutls_ecc_curve_t curve = GNUTLS_ECC_CURVE_INVALID;
	const gnutls_ecc_curve_entry_st *ce;

	gnutls_pk_params_init(&pkey->params);

	curve = gnutls_oid_to_ecc_curve(oid);
	if (curve == GNUTLS_ECC_CURVE_INVALID) {
		_gnutls_debug_log("PKCS#8: unknown curve OID %s\n", oid);
		return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
	}

	ce = _gnutls_ecc_curve_get_params(curve);
	if (_curve_is_eddsa(ce)) {
		ret = _gnutls_x509_read_string(pkcs8_asn, "privateKey", &tmp, ASN1_ETYPE_OCTET_STRING, 1);
		if (ret < 0) {
			gnutls_assert();
			return gnutls_assert_val(ret);
		}

		if (tmp.size != ce->size) {
			gnutls_free(tmp.data);
			return gnutls_assert_val(GNUTLS_E_ILLEGAL_PARAMETER);
		}
		gnutls_free(pkey->params.raw_priv.data);
		pkey->params.algo = GNUTLS_PK_EDDSA_ED25519;
		pkey->params.raw_priv.data = tmp.data;
		pkey->params.raw_priv.size = tmp.size;
		pkey->params.curve = curve;

		tmp.data = NULL;
		return 0;
	} else {
		return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
	}
}
示例#4
0
文件: pkcs12.c 项目: gnutls/gnutls
/* Decodes the PKCS #12 auth_safe, and returns the allocated raw data,
 * which holds them. Returns an ASN1_TYPE of authenticatedSafe.
 */
static int
_decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
			 gnutls_datum_t * raw)
{
	char oid[MAX_OID_SIZE];
	ASN1_TYPE c2 = ASN1_TYPE_EMPTY;
	gnutls_datum_t auth_safe = { NULL, 0 };
	int len, result;
	char error_str[ASN1_MAX_ERROR_DESCRIPTION_SIZE];

	len = sizeof(oid) - 1;
	result =
	    asn1_read_value(pkcs12, "authSafe.contentType", oid, &len);
	if (result != ASN1_SUCCESS) {
		gnutls_assert();
		return _gnutls_asn2err(result);
	}

	if (strcmp(oid, DATA_OID) != 0) {
		gnutls_assert();
		_gnutls_debug_log("Unknown PKCS12 Content OID '%s'\n",
				  oid);
		return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE;
	}

	/* Step 1. Read the content data
	 */

	result =
	    _gnutls_x509_read_string(pkcs12, "authSafe.content",
				     &auth_safe, ASN1_ETYPE_OCTET_STRING, 1);
	if (result < 0) {
		gnutls_assert();
		goto cleanup;
	}

	/* Step 2. Extract the authenticatedSafe.
	 */

	if ((result = asn1_create_element
	     (_gnutls_get_pkix(), "PKIX1.pkcs-12-AuthenticatedSafe",
	      &c2)) != ASN1_SUCCESS) {
		gnutls_assert();
		result = _gnutls_asn2err(result);
		goto cleanup;
	}

	result =
	    asn1_der_decoding(&c2, auth_safe.data, auth_safe.size,
			      error_str);
	if (result != ASN1_SUCCESS) {
		gnutls_assert();
		_gnutls_debug_log("DER error: %s\n", error_str);
		result = _gnutls_asn2err(result);
		goto cleanup;
	}

	if (raw == NULL) {
		_gnutls_free_datum(&auth_safe);
	} else {
		raw->data = auth_safe.data;
		raw->size = auth_safe.size;
	}

	if (authen_safe)
		*authen_safe = c2;
	else
		asn1_delete_structure(&c2);

	return 0;

      cleanup:
	if (c2)
		asn1_delete_structure(&c2);
	_gnutls_free_datum(&auth_safe);
	return result;
}
示例#5
0
int
_pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
		       const gnutls_datum_t * in, gnutls_datum_t * out)
{
	int ret;
	ASN1_TYPE c2 = ASN1_TYPE_EMPTY;

	switch (type) {
	case GNUTLS_BAG_CERTIFICATE:
		if ((ret = asn1_create_element(_gnutls_get_pkix(),
					       "PKIX1.pkcs-12-CertBag",
					       &c2)) != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
		if (ret != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret =
		    _gnutls_x509_read_string(c2, "certValue", out,
					     ASN1_ETYPE_OCTET_STRING, 1);
		if (ret < 0) {
			gnutls_assert();
			goto cleanup;
		}
		break;

	case GNUTLS_BAG_CRL:
		if ((ret = asn1_create_element(_gnutls_get_pkix(),
					       "PKIX1.pkcs-12-CRLBag",
					       &c2)) != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
		if (ret != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret =
		    _gnutls_x509_read_string(c2, "crlValue", out,
					     ASN1_ETYPE_OCTET_STRING, 1);
		if (ret < 0) {
			gnutls_assert();
			goto cleanup;
		}
		break;

	case GNUTLS_BAG_SECRET:
		if ((ret = asn1_create_element(_gnutls_get_pkix(),
					       "PKIX1.pkcs-12-SecretBag",
					       &c2)) != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret = asn1_der_decoding(&c2, in->data, in->size, NULL);
		if (ret != ASN1_SUCCESS) {
			gnutls_assert();
			ret = _gnutls_asn2err(ret);
			goto cleanup;
		}

		ret =
		    _gnutls_x509_read_string(c2, "secretValue", out,
					     ASN1_ETYPE_OCTET_STRING, 1);
		if (ret < 0) {
			gnutls_assert();
			goto cleanup;
		}
		break;

	default:
		gnutls_assert();
		asn1_delete_structure(&c2);
		return GNUTLS_E_UNIMPLEMENTED_FEATURE;
	}

	asn1_delete_structure(&c2);

	return 0;


      cleanup:

	asn1_delete_structure(&c2);
	return ret;
}