Make parsing of private key generic, prepare for EC private keys.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24657 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
@@ -50,7 +50,8 @@ static int
|
|||||||
parse_certificate(hx509_context context, const char *fn,
|
parse_certificate(hx509_context context, const char *fn,
|
||||||
struct hx509_collector *c,
|
struct hx509_collector *c,
|
||||||
const hx509_pem_header *headers,
|
const hx509_pem_header *headers,
|
||||||
const void *data, size_t len)
|
const void *data, size_t len,
|
||||||
|
const AlgorithmIdentifier *ai)
|
||||||
{
|
{
|
||||||
hx509_cert cert;
|
hx509_cert cert;
|
||||||
int ret;
|
int ret;
|
||||||
@@ -130,10 +131,11 @@ out:
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int
|
static int
|
||||||
parse_rsa_private_key(hx509_context context, const char *fn,
|
parse_private_key(hx509_context context, const char *fn,
|
||||||
struct hx509_collector *c,
|
struct hx509_collector *c,
|
||||||
const hx509_pem_header *headers,
|
const hx509_pem_header *headers,
|
||||||
const void *data, size_t len)
|
const void *data, size_t len,
|
||||||
|
const AlgorithmIdentifier *ai)
|
||||||
{
|
{
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
const char *enc;
|
const char *enc;
|
||||||
@@ -159,7 +161,7 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
|
|
||||||
if (strcmp(enc, "4,ENCRYPTED") != 0) {
|
if (strcmp(enc, "4,ENCRYPTED") != 0) {
|
||||||
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
||||||
"RSA key encrypted in unknown method %s "
|
"Private key encrypted in unknown method %s "
|
||||||
"in file",
|
"in file",
|
||||||
enc, fn);
|
enc, fn);
|
||||||
hx509_clear_error_string(context);
|
hx509_clear_error_string(context);
|
||||||
@@ -169,7 +171,7 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
dek = hx509_pem_find_header(headers, "DEK-Info");
|
dek = hx509_pem_find_header(headers, "DEK-Info");
|
||||||
if (dek == NULL) {
|
if (dek == NULL) {
|
||||||
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
||||||
"Encrypted RSA missing DEK-Info");
|
"Encrypted private key missing DEK-Info");
|
||||||
return HX509_PARSING_KEY_FAILED;
|
return HX509_PARSING_KEY_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -201,7 +203,7 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
if (cipher == NULL) {
|
if (cipher == NULL) {
|
||||||
free(ivdata);
|
free(ivdata);
|
||||||
hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
|
hx509_set_error_string(context, 0, HX509_ALG_NOT_SUPP,
|
||||||
"RSA key encrypted with "
|
"Private key encrypted with "
|
||||||
"unsupported cipher: %s",
|
"unsupported cipher: %s",
|
||||||
type);
|
type);
|
||||||
free(type);
|
free(type);
|
||||||
@@ -218,7 +220,8 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
|
if (ssize < 0 || ssize < PKCS5_SALT_LEN || ssize < EVP_CIPHER_iv_length(cipher)) {
|
||||||
free(ivdata);
|
free(ivdata);
|
||||||
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
hx509_set_error_string(context, 0, HX509_PARSING_KEY_FAILED,
|
||||||
"Salt have wrong length in RSA key file");
|
"Salt have wrong length in "
|
||||||
|
"private key file");
|
||||||
return HX509_PARSING_KEY_FAILED;
|
return HX509_PARSING_KEY_FAILED;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -231,9 +234,8 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
password = pw->val[i];
|
password = pw->val[i];
|
||||||
passwordlen = strlen(password);
|
passwordlen = strlen(password);
|
||||||
|
|
||||||
ret = try_decrypt(context, c, hx509_signature_rsa(),
|
ret = try_decrypt(context, c, ai, cipher, ivdata,
|
||||||
cipher, ivdata, password, passwordlen,
|
password, passwordlen, data, len);
|
||||||
data, len);
|
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
decrypted = 1;
|
decrypted = 1;
|
||||||
break;
|
break;
|
||||||
@@ -253,9 +255,8 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
|
|
||||||
ret = hx509_lock_prompt(lock, &prompt);
|
ret = hx509_lock_prompt(lock, &prompt);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = try_decrypt(context, c, hx509_signature_rsa(),
|
ret = try_decrypt(context, c, ai, cipher, ivdata, password,
|
||||||
cipher, ivdata, password, strlen(password),
|
strlen(password), data, len);
|
||||||
data, len);
|
|
||||||
/* XXX add password to lock password collection ? */
|
/* XXX add password to lock password collection ? */
|
||||||
memset(password, 0, sizeof(password));
|
memset(password, 0, sizeof(password));
|
||||||
}
|
}
|
||||||
@@ -267,12 +268,8 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
keydata.data = rk_UNCONST(data);
|
keydata.data = rk_UNCONST(data);
|
||||||
keydata.length = len;
|
keydata.length = len;
|
||||||
|
|
||||||
ret = _hx509_collector_private_key_add(context,
|
ret = _hx509_collector_private_key_add(context, c, ai, NULL,
|
||||||
c,
|
&keydata, NULL);
|
||||||
hx509_signature_rsa(),
|
|
||||||
NULL,
|
|
||||||
&keydata,
|
|
||||||
NULL);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
@@ -282,10 +279,15 @@ parse_rsa_private_key(hx509_context context, const char *fn,
|
|||||||
struct pem_formats {
|
struct pem_formats {
|
||||||
const char *name;
|
const char *name;
|
||||||
int (*func)(hx509_context, const char *, struct hx509_collector *,
|
int (*func)(hx509_context, const char *, struct hx509_collector *,
|
||||||
const hx509_pem_header *, const void *, size_t);
|
const hx509_pem_header *, const void *, size_t,
|
||||||
|
const AlgorithmIdentifier *);
|
||||||
|
const AlgorithmIdentifier *(*ai)(void);
|
||||||
} formats[] = {
|
} formats[] = {
|
||||||
{ "CERTIFICATE", parse_certificate },
|
{ "CERTIFICATE", parse_certificate, NULL },
|
||||||
{ "RSA PRIVATE KEY", parse_rsa_private_key }
|
{ "RSA PRIVATE KEY", parse_private_key, hx509_signature_rsa }
|
||||||
|
#if 0
|
||||||
|
{ "EC PRIVATE KEY", parse_private_key, hx509_signature_rsa } /* XXX */
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -305,7 +307,12 @@ pem_func(hx509_context context, const char *type,
|
|||||||
for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
|
for (j = 0; j < sizeof(formats)/sizeof(formats[0]); j++) {
|
||||||
const char *q = formats[j].name;
|
const char *q = formats[j].name;
|
||||||
if (strcasecmp(type, q) == 0) {
|
if (strcasecmp(type, q) == 0) {
|
||||||
ret = (*formats[j].func)(context, NULL, pem_ctx->c, header, data, len);
|
const AlgorithmIdentifier *ai = NULL;
|
||||||
|
if (formats[j].ai != NULL)
|
||||||
|
ai = (*formats[j].ai)();
|
||||||
|
|
||||||
|
ret = (*formats[j].func)(context, NULL, pem_ctx->c,
|
||||||
|
header, data, len, ai);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -409,7 +416,11 @@ file_init_common(hx509_context context,
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
|
for (i = 0; i < sizeof(formats)/sizeof(formats[0]); i++) {
|
||||||
ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length);
|
const AlgorithmIdentifier *ai = NULL;
|
||||||
|
if (formats[i].ai != NULL)
|
||||||
|
ai = (*formats[i].ai)();
|
||||||
|
|
||||||
|
ret = (*formats[i].func)(context, p, pem_ctx.c, NULL, ptr, length, ai);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user