Changeset 100421 in vbox

Timestamp:

Jul 6, 2023 7:24:56 PM (19 months ago)

Author:

vboxsync

Message:

IPRT/PKCS8: add key format for PKCS #8 bugref:10299

Location:

trunk

Files:

• include/iprt/crypto/pkcs8.h (added)
• src/VBox/Runtime/Makefile.kmk (modified) (5 diffs)
• src/VBox/Runtime/common/crypto/key-file.cpp (modified) (2 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-asn1-decoder.cpp (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-asn1-decoder.cpp ) (2 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-core.cpp (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-core.cpp ) (3 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-init.cpp (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-init.cpp ) (2 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-internal.h (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-internal.h ) (3 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-sanity.cpp (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-sanity.cpp ) (2 diffs)
• src/VBox/Runtime/common/crypto/pkcs8-template.h (copied) (copied from trunk/src/VBox/Runtime/common/crypto/rsa-template.h ) (4 diffs)
• src/VBox/Runtime/testcase/tstRTCrPkix-1.cpp (modified) (1 diff)

trunk/src/VBox/Runtime/Makefile.kmk

@@ -455 +455 @@
         common/crypto/pkcs7-sign.cpp \
         common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkcs8-asn1-decoder.cpp \
+        common/crypto/pkcs8-core.cpp \
+        common/crypto/pkcs8-init.cpp \
+        common/crypto/pkcs8-sanity.cpp \
         common/crypto/pkix-sign.cpp \
         common/crypto/pkix-signature-builtin.cpp \
@@ -2298 +2302 @@
         common/crypto/pkcs7-sanity.cpp \
         common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkcs8-asn1-decoder.cpp \
+        common/crypto/pkcs8-core.cpp \
+        common/crypto/pkcs8-init.cpp \
+        common/crypto/pkcs8-sanity.cpp \
         common/crypto/pkix-signature-builtin.cpp \
         common/crypto/pkix-signature-core.cpp \
@@ -3709 +3717 @@
         common/crypto/pkcs7-sanity.cpp \
         common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkcs8-asn1-decoder.cpp \
+        common/crypto/pkcs8-core.cpp \
+        common/crypto/pkcs8-init.cpp \
+        common/crypto/pkcs8-sanity.cpp \
         common/crypto/pkix-signature-builtin.cpp \
         common/crypto/pkix-signature-core.cpp \
@@ -3862 +3874 @@
         common/crypto/pkcs7-sanity.cpp \
         common/crypto/pkcs7-verify.cpp \
+        common/crypto/pkcs8-asn1-decoder.cpp \
+        common/crypto/pkcs8-core.cpp \
+        common/crypto/pkcs8-init.cpp \
+        common/crypto/pkcs8-sanity.cpp \
         common/crypto/pkix-signature-builtin.cpp \
         common/crypto/pkix-signature-core.cpp \
@@ -4914 +4930 @@
 x509-template.o x509-template.obj: x509-core.o x509-asn1-decoder.o x509-sanity.o x509-init.o
 pkcs7-template.o pkcs7-template.obj: pkcs7-core.o pkcs7-asn1-decoder.o pkcs7-sanity.o pkcs7-init.o
+pkcs8-template.o pkcs8-template.obj: pkcs8-core.o pkcs8-asn1-decoder.o pkcs8-sanity.o pkcs8-init.o

trunk/src/VBox/Runtime/common/crypto/key-file.cpp

@@ -52 +52 @@
 #include <iprt/string.h>
 #include <iprt/crypto/rsa.h>
+#include <iprt/crypto/pkcs8.h>
 #include <iprt/crypto/pkix.h>
 #include <iprt/crypto/x509.h>
@@ -470 +471 @@
 
         case kKeyFormat_PrivateKeyInfo:
-            rc = RTErrInfoSet(pErrInfo, VERR_CR_KEY_FORMAT_NOT_SUPPORTED,
-                              "Support for PKCS#8 PrivateKeyInfo is not yet implemented");
+            RTAsn1CursorInitPrimary(&PrimaryCursor, pSection->pbData, (uint32_t)pSection->cbData,
+                                    pErrInfo, &g_RTAsn1DefaultAllocator, RTASN1CURSOR_FLAGS_DER, pszErrorTag);
+            RTCRPKCS8PRIVATEKEYINFO PrivateKeyInfo;
+            RT_ZERO(PrivateKeyInfo);
+            rc = RTCrPkcs8PrivateKeyInfo_DecodeAsn1(&PrimaryCursor.Cursor, 0, &PrivateKeyInfo,
+                                                    pszErrorTag ? pszErrorTag : "PrivateKeyInfo");
+            if (RT_SUCCESS(rc))
+            {
+                /*
+                 * Check if the algorithm is pkcs1-RsaEncryption
+                 */
+                if (strcmp(PrivateKeyInfo.PrivateKeyAlgorithm.Algorithm.szObjId,"1.2.840.113549.1.1.1") == 0)
+                {
+                    uint32_t cbContent = PrivateKeyInfo.PrivateKey.Asn1Core.cb;
+                    rc = rtCrKeyCreateRsaPrivate(phKey, PrivateKeyInfo.PrivateKey.Asn1Core.uData.pv, cbContent, pErrInfo, pszErrorTag);
+                }
+                else
+                {
+                    rc = RTErrInfoSet(pErrInfo, VERR_CR_KEY_FORMAT_NOT_SUPPORTED,
+                                    "Support for PKCS#8 PrivateKeyInfo (with no RSA encryption) is not yet implemented");
+                }
+            }
             break;
 

trunk/src/VBox/Runtime/common/crypto/pkcs8-asn1-decoder.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Decoder for ASN.1.
+ * IPRT - Crypto - PKCS \#8, Decoder for ASN.1.
  */
 
@@ -40 +40 @@
 *********************************************************************************************************************************/
 #include "internal/iprt.h"
-#include <iprt/crypto/rsa.h>
+#include <iprt/crypto/pkcs8.h>
 
 #include <iprt/errcore.h>
 #include <iprt/string.h>
 
-#include "rsa-internal.h"
+#include "pkcs8-internal.h"
 
 /*

trunk/src/VBox/Runtime/common/crypto/pkcs8-core.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Core APIs.
+ * IPRT - Crypto - PKCS \#8, Core APIs.
  */
 
@@ -40 +40 @@
 *********************************************************************************************************************************/
 #include "internal/iprt.h"
-#include <iprt/crypto/rsa.h>
+#include <iprt/crypto/pkcs8.h>
 
 #include <iprt/errcore.h>
@@ -46 +46 @@
 #include <iprt/string.h>
 
-#include "rsa-internal.h"
+#include "pkcs8-internal.h"
 
 /*

trunk/src/VBox/Runtime/common/crypto/pkcs8-init.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Initialization API.
+ * IPRT - Crypto - PKCS \#8, Initialization API.
  */
 
@@ -40 +40 @@
 *********************************************************************************************************************************/
 #include "internal/iprt.h"
-#include <iprt/crypto/rsa.h>
+#include <iprt/crypto/pkcs8.h>
 
 #include <iprt/errcore.h>
 #include <iprt/string.h>
 
-#include "rsa-internal.h"
+#include "pkcs8-internal.h"
 
 /*

trunk/src/VBox/Runtime/common/crypto/pkcs8-internal.h

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Internal Header.
+ * IPRT - Crypto - PKCS \#8, Internal Header.
  */
 
@@ -35 +35 @@
  */
 
-#ifndef IPRT_INCLUDED_SRC_common_crypto_rsa_internal_h
-#define IPRT_INCLUDED_SRC_common_crypto_rsa_internal_h
+#ifndef IPRT_INCLUDED_SRC_common_crypto_pkcs8_internal_h
+#define IPRT_INCLUDED_SRC_common_crypto_pkcs8_internal_h
 #ifndef RT_WITHOUT_PRAGMA_ONCE
 # pragma once
@@ -44 +44 @@
 #define RTCRRSA_MAX_MODULUS_BITS        16384
 
-#define RTASN1TMPL_TEMPLATE_FILE "../common/crypto/rsa-template.h"
+#define RTASN1TMPL_TEMPLATE_FILE "../common/crypto/pkcs8-template.h"
 #include <iprt/asn1-generator-internal-header.h>
 
-#endif /* !IPRT_INCLUDED_SRC_common_crypto_rsa_internal_h */
-
+#endif /* !IPRT_INCLUDED_SRC_common_crypto_pkcs8_internal_h */

trunk/src/VBox/Runtime/common/crypto/pkcs8-sanity.cpp

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Sanity Checkers.
+ * IPRT - Crypto - PKCS \#8, Sanity Checkers.
  */
 
@@ -40 +40 @@
 *********************************************************************************************************************************/
 #include "internal/iprt.h"
-#include <iprt/crypto/rsa.h>
+#include <iprt/crypto/pkcs8.h>
 
 #include <iprt/errcore.h>
 #include <iprt/string.h>
 
-#include "rsa-internal.h"
+#include "pkcs8-internal.h"
 
 /*

trunk/src/VBox/Runtime/common/crypto/pkcs8-template.h

@@ -1 +1 @@
 /* $Id$ */
 /** @file
- * IPRT - Crypto - RSA, Code Generator Template.
+ * IPRT - Crypto - PKCS \#8, Code Generator Template.
  */
 
@@ -38 +38 @@
 
 /*
- * RSA public key.
+ * PKCS\#8 Private key info
  */
-#define RTASN1TMPL_TYPE         RTCRRSAPUBLICKEY
-#define RTASN1TMPL_EXT_NAME     RTCrRsaPublicKey
-#define RTASN1TMPL_INT_NAME     rtCrRsaPublicKey
+#define RTASN1TMPL_TYPE         RTCRPKCS8PRIVATEKEYINFO
+#define RTASN1TMPL_EXT_NAME     RTCrPkcs8PrivateKeyInfo
+#define RTASN1TMPL_INT_NAME     rTCrPkcs8PrivateKeyInfo
 RTASN1TMPL_BEGIN_SEQCORE();
-RTASN1TMPL_MEMBER(              Modulus,            RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              PublicExponent,     RTASN1INTEGER,                  RTAsn1Integer);
+RTASN1TMPL_MEMBER(              Version,                RTASN1INTEGER,                  RTAsn1Integer);
+RTASN1TMPL_MEMBER(              PrivateKeyAlgorithm,    RTCRX509ALGORITHMIDENTIFIER,    RTCrX509AlgorithmIdentifier);
+RTASN1TMPL_MEMBER(              PrivateKey,             RTASN1OCTETSTRING,              RTAsn1OctetString);
+RTASN1TMPL_MEMBER_OPT_ITAG(     Attributes,             RTCRPKCS7ATTRIBUTES,            RTCrPkcs7Attributes,     0);
 RTASN1TMPL_END_SEQCORE();
 #undef RTASN1TMPL_TYPE
@@ -51 +53 @@
 #undef RTASN1TMPL_INT_NAME
 
+#if 0
 
 /*
- * One RSA other prime info.
+ * Encrypted private key info
  */
-#define RTASN1TMPL_TYPE         RTCRRSAOTHERPRIMEINFO
-#define RTASN1TMPL_EXT_NAME     RTCrRsaOtherPrimeInfo
-#define RTASN1TMPL_INT_NAME     rtCrRsaOtherPrimeInfo
+#define RTASN1TMPL_TYPE         RTCRENCRYPTEDPRIVATEKEY
+#define RTASN1TMPL_EXT_NAME     RTCrEncryptedPrivateKey
+#define RTASN1TMPL_INT_NAME     rtCrEncryptedPrivateKey
 RTASN1TMPL_BEGIN_SEQCORE();
-RTASN1TMPL_MEMBER(              Prime,              RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Exponent,           RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Coefficient,        RTASN1INTEGER,                  RTAsn1Integer);
+RTASN1TMPL_MEMBER(              EncryptionAlgorithm,    RTCRX509ALGORITHMIDENTIFIER,    RTCrX509AlgorithmIdentifier);
+RTASN1TMPL_MEMBER(              EncryptedData,          RTASN1OCTETSTRING,              RTAsn1OctetString);
 RTASN1TMPL_END_SEQCORE();
 #undef RTASN1TMPL_TYPE
@@ -67 +69 @@
 #undef RTASN1TMPL_INT_NAME
 
-
-/*
- * Sequence of RSA other prime infos.
- */
-#define RTASN1TMPL_TYPE         RTCRRSAOTHERPRIMEINFOS
-#define RTASN1TMPL_EXT_NAME     RTCrRsaOtherPrimeInfos
-#define RTASN1TMPL_INT_NAME     rtCrRsaOtherPrimeInfos
-RTASN1TMPL_SEQ_OF(RTCRRSAOTHERPRIMEINFO, RTCrRsaOtherPrimeInfo);
-#undef RTASN1TMPL_TYPE
-#undef RTASN1TMPL_EXT_NAME
-#undef RTASN1TMPL_INT_NAME
-
-
-/*
- * RSA private key.
- */
-#define RTASN1TMPL_TYPE         RTCRRSAPRIVATEKEY
-#define RTASN1TMPL_EXT_NAME     RTCrRsaPrivateKey
-#define RTASN1TMPL_INT_NAME     rtCrRsaPrivateKey
-RTASN1TMPL_BEGIN_SEQCORE();
-RTASN1TMPL_MEMBER(              Version,            RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Modulus,            RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              PublicExponent,     RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              PrivateExponent,    RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Prime1,             RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Prime2,             RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Exponent1,          RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Exponent2,          RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER(              Coefficient,        RTASN1INTEGER,                  RTAsn1Integer);
-RTASN1TMPL_MEMBER_OPT_ITAG_EX(  OtherPrimeInfos,    RTCRRSAOTHERPRIMEINFOS,         RTCrRsaOtherPrimeInfos, ASN1_TAG_SEQUENCE, RTASN1TMPL_ITAG_F_UC,  RT_NOTHING);
-RTASN1TMPL_END_SEQCORE();
-#undef RTASN1TMPL_TYPE
-#undef RTASN1TMPL_EXT_NAME
-#undef RTASN1TMPL_INT_NAME
-
-
-/*
- * RSA Digest Info.
- */
-#define RTASN1TMPL_TYPE         RTCRRSADIGESTINFO
-#define RTASN1TMPL_EXT_NAME     RTCrRsaDigestInfo
-#define RTASN1TMPL_INT_NAME     rtCrRsaDigestInfo
-RTASN1TMPL_BEGIN_SEQCORE();
-RTASN1TMPL_MEMBER(              DigestAlgorithm,    RTCRX509ALGORITHMIDENTIFIER,    RTCrX509AlgorithmIdentifier);
-RTASN1TMPL_MEMBER(              Digest,             RTASN1OCTETSTRING,              RTAsn1OctetString);
-RTASN1TMPL_END_SEQCORE();
-#undef RTASN1TMPL_TYPE
-#undef RTASN1TMPL_EXT_NAME
-#undef RTASN1TMPL_INT_NAME
-
+#endif

trunk/src/VBox/Runtime/testcase/tstRTCrPkix-1.cpp

@@ -255 +255 @@
         "-----END PUBLIC KEY-----\n",
         "password"
+    },
+
+    /*
+     * PKCS8 Test Keys
+     */
+    {
+        1024,
+        "-----BEGIN PRIVATE KEY-----\n"
+        "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAK4uHX+XRbLQ7dGm\n"
+        "sE1IqNDi4Obf7WS2TwfklmterJvCMrN3DxDAFq9et5j8kFRtI0Lgbc6sVAxlSkaw\n"
+        "+0LltbkC8JX0cjPSIlozzcZn+9dQ+m5rVLDl3AaV3kBLrYpnNggdTRiHuVbNPqZq\n"
+        "0CNDMxCqHpqRjtIOuoKukcOZasD5AgMBAAECgYA4IlKNaTIkM+NBGshcz9rgHw4+\n"
+        "OdKnD34e3BOCHOvh8s8mOWuYiV+GOy9OVa8qFlYz2mJpJe6cZBRw/d6sK53Jrzc1\n"
+        "ULULW9YNqgkhdhTm0z8QolYjBU+qp9pAXhh29tCdMxgCWAsiVR9jsnFtPQX4QEmM\n"
+        "9t+65ghTFQWtQXMqpQJBANly600i4GYoxvzvp67RvUkmnG47LvwuVRMwUAmAX6QP\n"
+        "Ww5q6aJd9HnHttLsNHxgX49aVxgpFu2uJI2SwSV3qwMCQQDND2kty83UXW5RahIt\n"
+        "BXAY8W60Itw6+bPLg3P4IixDCoHphnLqkz5ZT2NxxPsAPGeaFZDVyNs3Hgasnd8V\n"
+        "V8VTAkEAi4KWgrvQmtqoqFkeDSRVvBwAmxxvja4wOQpzH1V0hy6u7fYcBWcgVg2T\n"
+        "N4oCNpYiWTfNzxt1sXJb01UHhIFdfwJAO8ZiQpdGSMFzhwgEhFsxchPu0VPYHtjr\n"
+        "MEgBZjOP83r8o7YtiXOimSYrNt7UzBzPlnry3V7PiCGYkHj0rqQHQQJBANi5N5X4\n"
+        "g7dNDsE5i1B0JsQ4ru8qE60ZtoOOCwNjwiI/IIsMVW2KqhTBynEYLnWolkRRogEF\n"
+        "ACoRRxUBhj9EefI=\n"
+        "-----END PRIVATE KEY-----\n",
+        "-----BEGIN PUBLIC KEY-----\n"
+        "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCuLh1/l0Wy0O3RprBNSKjQ4uDm\n"
+        "3+1ktk8H5JZrXqybwjKzdw8QwBavXreY/JBUbSNC4G3OrFQMZUpGsPtC5bW5AvCV\n"
+        "9HIz0iJaM83GZ/vXUPpua1Sw5dwGld5AS62KZzYIHU0Yh7lWzT6matAjQzMQqh6a\n"
+        "kY7SDrqCrpHDmWrA+QIDAQAB\n"
+        "-----END PUBLIC KEY-----\n",
+        NULL
     }
 };