oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

add import/export type for private keys

Browse Source
This commit is contained in:
Love Hornquist Astrand
2010-10-03 16:32:01 -07:00
parent dfc54c6eea
commit 48ad3e1e65
6 changed files with 77 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lib/hx509/collector.c
View File

@@ -145,6 +145,7 @@ _hx509_collector_private_key_add(hx509_context context,
} else {
ret = _hx509_parse_private_key(context, alg,
key_data->data, key_data->length,
HX509_KEY_FORMAT_DER,
&key->private_key);
if (ret)
goto out;

39
lib/hx509/crypto.c
View File

@@ -53,9 +53,11 @@ struct hx509_private_key_ops {
SubjectPublicKeyInfo *);
int (*export)(hx509_context context,
const hx509_private_key,
hx509_key_format_t,
heim_octet_string *);
int (*import)(hx509_context, const AlgorithmIdentifier *,
const void *, size_t, hx509_private_key);
const void *, size_t, hx509_key_format_t,
hx509_private_key);
int (*generate_private_key)(hx509_context,
struct hx509_generate_private_context *,
hx509_private_key);
@@ -750,8 +752,11 @@ rsa_private_key_import(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
hx509_key_format_t format,
hx509_private_key private_key)
{
switch (format) {
case HX509_KEY_FORMAT_DER: {
const unsigned char *p = data;
private_key->private_key.rsa =
@@ -762,6 +767,12 @@ rsa_private_key_import(hx509_context context,
return HX509_PARSING_KEY_FAILED;
}
private_key->signature_alg = ASN1_OID_ID_PKCS1_SHA1WITHRSAENCRYPTION;
break;
}
default:
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
return 0;
}
@@ -844,6 +855,7 @@ rsa_generate_private_key(hx509_context context,
static int
rsa_private_key_export(hx509_context context,
const hx509_private_key key,
hx509_key_format_t format,
heim_octet_string *data)
{
int ret;
@@ -851,6 +863,9 @@ rsa_private_key_export(hx509_context context,
data->data = NULL;
data->length = 0;
switch (format) {
case HX509_KEY_FORMAT_DER:
ret = i2d_RSAPrivateKey(key->private_key.rsa, NULL);
if (ret <= 0) {
ret = EINVAL;
@@ -871,6 +886,10 @@ rsa_private_key_export(hx509_context context,
unsigned char *p = data->data;
i2d_RSAPrivateKey(key->private_key.rsa, &p);
}
break;
default:
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
return 0;
}
@@ -915,9 +934,10 @@ ecdsa_private_key2SPKI(hx509_context context,
static int
ecdsa_private_key_export(hx509_context context,
const hx509_private_key key,
hx509_key_format_t format,
heim_octet_string *data)
{
return ENOMEM;
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
static int
@@ -925,6 +945,7 @@ ecdsa_private_key_import(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
hx509_key_format_t format,
hx509_private_key private_key)
{
const unsigned char *p = data;
@@ -959,6 +980,9 @@ ecdsa_private_key_import(hx509_context context,
pkey = &key;
}
switch (format) {
case HX509_KEY_FORMAT_DER:
private_key->private_key.ecdsa = d2i_ECPrivateKey(pkey, &p, len);
if (private_key->private_key.ecdsa == NULL) {
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
@@ -966,6 +990,11 @@ ecdsa_private_key_import(hx509_context context,
return HX509_PARSING_KEY_FAILED;
}
private_key->signature_alg = ASN1_OID_ID_ECDSA_WITH_SHA256;
break;
default:
return HX509_CRYPTO_KEY_FORMAT_UNSUPPORTED;
}
return 0;
}
@@ -1733,6 +1762,7 @@ _hx509_parse_private_key(hx509_context context,
const AlgorithmIdentifier *keyai,
const void *data,
size_t len,
hx509_key_format_t format,
hx509_private_key *private_key)
{
struct hx509_private_key_ops *ops;
@@ -1752,7 +1782,7 @@ _hx509_parse_private_key(hx509_context context,
return ret;
}
ret = (*ops->import)(context, keyai, data, len, *private_key);
ret = (*ops->import)(context, keyai, data, len, format, *private_key);
if (ret)
_hx509_private_key_free(private_key);
@@ -2045,13 +2075,14 @@ _hx509_private_key_get_internal(hx509_context context,
int
_hx509_private_key_export(hx509_context context,
const hx509_private_key key,
hx509_key_format_t format,
heim_octet_string *data)
{
if (key->ops->export == NULL) {
hx509_clear_error_string(context);
return HX509_UNIMPLEMENTED_OPERATION;
}
return (*key->ops->export)(context, key, data);
return (*key->ops->export)(context, key, format, data);
}
/*

7
lib/hx509/hx509.h
View File

@@ -76,6 +76,13 @@ enum {
HX509_CRYPTO_PADDING_NONE = 1
};
enum {
HX509_KEY_FORMAT_GUESS = 0,
HX509_KEY_FORMAT_DER = 1,
HX509_KEY_FORMAT_WIN_BACKUPKEY = 2
};
typedef uint32_t hx509_key_format_t;
struct hx509_cert_attribute_data {
heim_oid oid;
heim_octet_string data;

1
lib/hx509/hx509_err.et
View File

@@ -66,6 +66,7 @@ error_code RSA_PRIVATE_ENCRYPT, "RSA private encyption failed"
error_code RSA_PUBLIC_DECRYPT, "RSA public decryption failed"
error_code RSA_PRIVATE_DECRYPT, "RSA private decryption failed"
error_code ALGORITHM_BEST_BEFORE, "Algorithm has passed its best before date"
error_code KEY_FORMAT_UNSUPPORTED, "Key format is unsupported"
# revoke related errors
index 96

3
lib/hx509/ks_file.c
View File

@@ -541,7 +541,8 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
free(data.data);
if (_hx509_cert_private_key_exportable(c)) {
hx509_private_key key = _hx509_cert_private_key(c);
ret = _hx509_private_key_export(context, key, &data);
ret = _hx509_private_key_export(context, key,
HX509_KEY_FORMAT_DER, &data);
if (ret)
break;
hx509_pem_write(context, _hx509_private_pem_name(key), NULL, sc->f,

1
lib/hx509/ks_p12.c
View File

@@ -535,6 +535,7 @@ store_func(hx509_context context, void *ctx, hx509_cert c)
}
ret = _hx509_private_key_export(context,
_hx509_cert_private_key(c),
HX509_KEY_FORMAT_DER,
&pki.privateKey);
if (ret) {
free_PKCS8PrivateKeyInfo(&pki);