2002-04-17 09:01:49 +00:00
|
|
|
/*
|
|
|
|
* pkcs15.c: PKCS #15 wrap/unwrap functions
|
|
|
|
*
|
|
|
|
* Copyright (C) 2002 Olaf Kirch <okir@lst.de>
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
*/
|
|
|
|
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "config.h"
|
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifdef ENABLE_OPENSSL
|
2002-04-17 09:01:49 +00:00
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
#endif
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The asn.1 stuff from openssl and the one from opensc don't
|
|
|
|
* coexist very well. Openssl has typedef ... ASN1_OBJECT; while
|
|
|
|
* in opensc has a #define ASN1_OBJECT 6.
|
|
|
|
*
|
|
|
|
* Everything seems to work fine however if the openssl one is included
|
|
|
|
* first.
|
|
|
|
*/
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "internal.h"
|
2002-04-17 09:01:49 +00:00
|
|
|
#include "asn1.h"
|
2010-03-04 08:14:36 +00:00
|
|
|
#include "pkcs15.h"
|
2002-04-17 09:01:49 +00:00
|
|
|
|
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
#ifndef ENABLE_OPENSSL
|
2002-04-17 09:01:49 +00:00
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_wrap_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
const char *passphrase,
|
|
|
|
const u8 *in, size_t in_len,
|
|
|
|
u8 **out, size_t *out_len)
|
|
|
|
{
|
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_unwrap_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
const char *passphrase,
|
|
|
|
const u8 *in, size_t in_len,
|
|
|
|
u8 **out, size_t *out_len)
|
|
|
|
{
|
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
}
|
|
|
|
|
2008-03-06 16:06:59 +00:00
|
|
|
#else /* ENABLE_OPENSSL */
|
2002-04-17 09:01:49 +00:00
|
|
|
|
|
|
|
static int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_derive_key(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
const struct sc_algorithm_id *der_alg,
|
|
|
|
const struct sc_algorithm_id *enc_alg,
|
|
|
|
const char *passphrase,
|
|
|
|
EVP_CIPHER_CTX *crypt_ctx, int enc_dec)
|
|
|
|
{
|
|
|
|
struct sc_pbkdf2_params *info;
|
|
|
|
unsigned int key_len;
|
2002-10-19 16:51:37 +00:00
|
|
|
const EVP_CIPHER *cipher;
|
2002-04-17 09:01:49 +00:00
|
|
|
u8 *iv = NULL, key[64];
|
|
|
|
int r;
|
|
|
|
|
2005-12-05 21:33:59 +00:00
|
|
|
if (!ctx || ! der_alg || !enc_alg)
|
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
|
2002-04-17 09:01:49 +00:00
|
|
|
/* XXX: We might also encounter PBES2 here */
|
|
|
|
if (der_alg->algorithm != SC_ALGORITHM_PBKDF2) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Unsupported key derivation algorithm.\n");
|
2002-04-17 09:01:49 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
}
|
|
|
|
|
|
|
|
switch (enc_alg->algorithm) {
|
|
|
|
case SC_ALGORITHM_3DES:
|
|
|
|
cipher = EVP_des_ede3_cbc();
|
|
|
|
iv = (u8 *) enc_alg->params;
|
|
|
|
break;
|
|
|
|
case SC_ALGORITHM_DES:
|
|
|
|
cipher = EVP_des_cbc();
|
|
|
|
iv = (u8 *) enc_alg->params;
|
|
|
|
break;
|
|
|
|
default:
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Unsupported key encryption algorithm.\n");
|
2002-04-17 09:01:49 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
}
|
2005-12-05 21:33:59 +00:00
|
|
|
|
|
|
|
if (!iv) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Unsupported key encryption parameters.\n");
|
2005-12-05 21:33:59 +00:00
|
|
|
return SC_ERROR_NOT_SUPPORTED;
|
|
|
|
}
|
2002-04-17 09:01:49 +00:00
|
|
|
key_len = EVP_CIPHER_key_length(cipher);
|
|
|
|
|
|
|
|
info = (struct sc_pbkdf2_params *) der_alg->params;
|
2005-12-05 21:33:59 +00:00
|
|
|
if (!info) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Key parameters missing.\n");
|
2005-12-05 21:33:59 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
}
|
2002-04-17 09:01:49 +00:00
|
|
|
if (info->key_length && info->key_length != key_len) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Incompatible key length.\n");
|
2002-04-17 09:01:49 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
}
|
|
|
|
if (key_len > sizeof(key)) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Huge key length (%u).\n", key_len);
|
2002-04-17 09:01:49 +00:00
|
|
|
return SC_ERROR_INVALID_ARGUMENTS;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = PKCS5_PBKDF2_HMAC_SHA1(passphrase, -1,
|
|
|
|
info->salt, info->salt_len,
|
|
|
|
info->iterations, key_len, key);
|
|
|
|
if (r == 0) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Key derivation failed.\n");
|
2002-04-17 09:01:49 +00:00
|
|
|
return SC_ERROR_INTERNAL; /* for lack of something better */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Now we have the key. Set up the cipher context */
|
|
|
|
memset(crypt_ctx, 0, sizeof(*crypt_ctx));
|
|
|
|
EVP_CipherInit(crypt_ctx, cipher, key, iv, enc_dec);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
2005-08-05 07:24:43 +00:00
|
|
|
do_cipher(EVP_CIPHER_CTX *cipher_ctx, const u8 *in, size_t in_len,
|
2002-04-17 09:01:49 +00:00
|
|
|
u8 **out, size_t *out_len)
|
|
|
|
{
|
|
|
|
const u8 *end;
|
|
|
|
u8 *p;
|
|
|
|
size_t bl, done, left, total;
|
|
|
|
|
2002-04-19 14:23:31 +00:00
|
|
|
*out = p = (u8 *) malloc(in_len + EVP_CIPHER_CTX_key_length(cipher_ctx));
|
2002-04-17 09:01:49 +00:00
|
|
|
*out_len = total = 0;
|
|
|
|
|
|
|
|
bl = EVP_CIPHER_CTX_block_size(cipher_ctx);
|
|
|
|
end = in + in_len;
|
|
|
|
while (in < end) {
|
|
|
|
if ((left = end - in) > bl)
|
|
|
|
left = bl;
|
|
|
|
if (!EVP_CipherUpdate(cipher_ctx,
|
2002-04-17 13:13:44 +00:00
|
|
|
p + total, (int *) &done,
|
2005-08-05 07:24:43 +00:00
|
|
|
(u8 *) in, (int)left))
|
2002-04-17 09:01:49 +00:00
|
|
|
goto fail;
|
|
|
|
total += done;
|
|
|
|
in += left;
|
|
|
|
}
|
|
|
|
if (1 || total < in_len) {
|
2002-04-17 13:13:44 +00:00
|
|
|
if (!EVP_CipherFinal(cipher_ctx, p + total, (int *) &done))
|
2002-04-17 09:01:49 +00:00
|
|
|
goto fail;
|
|
|
|
total += done;
|
|
|
|
}
|
|
|
|
*out_len = total;
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
fail: free(p);
|
|
|
|
return SC_ERROR_INTERNAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_wrap_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
const char *passphrase,
|
|
|
|
const u8 *in, size_t in_len,
|
|
|
|
u8 **out, size_t *out_len)
|
|
|
|
{
|
|
|
|
struct sc_pkcs15_enveloped_data envdata;
|
|
|
|
EVP_CIPHER_CTX cipher_ctx;
|
|
|
|
struct sc_pbkdf2_params der_info;
|
|
|
|
u8 des_iv[8];
|
|
|
|
int r;
|
|
|
|
|
|
|
|
memset(&envdata, 0, sizeof(envdata));
|
2002-04-17 20:44:25 +00:00
|
|
|
memset(&der_info, 0, sizeof(der_info));
|
2002-04-17 09:01:49 +00:00
|
|
|
|
|
|
|
RAND_bytes(des_iv, sizeof(des_iv));
|
|
|
|
der_info.salt_len = sizeof(der_info.salt);
|
|
|
|
RAND_bytes(der_info.salt, sizeof(der_info.salt));
|
|
|
|
der_info.iterations = 32;
|
|
|
|
der_info.hash_alg.algorithm = SC_ALGORITHM_SHA1;
|
|
|
|
envdata.id.len = 1;
|
|
|
|
envdata.ke_alg.algorithm = SC_ALGORITHM_PBKDF2;
|
|
|
|
envdata.ke_alg.params = &der_info;
|
|
|
|
envdata.ce_alg.algorithm = SC_ALGORITHM_3DES;
|
|
|
|
envdata.ce_alg.params = des_iv;
|
2002-04-17 13:13:44 +00:00
|
|
|
envdata.key = (u8 *) "";
|
2002-04-17 09:01:49 +00:00
|
|
|
r = sc_pkcs15_derive_key(ctx, &envdata.ke_alg, &envdata.ce_alg,
|
|
|
|
passphrase, &cipher_ctx, 1);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* Now encrypt the data using the derived key */
|
2005-08-05 07:24:43 +00:00
|
|
|
r = do_cipher(&cipher_ctx, in, in_len,
|
2002-04-17 09:01:49 +00:00
|
|
|
&envdata.content, &envdata.content_len);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* Finally, DER encode the whole mess */
|
|
|
|
r = sc_pkcs15_encode_enveloped_data(ctx, &envdata, out, out_len);
|
|
|
|
|
|
|
|
free(envdata.content);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_unwrap_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
const char *passphrase,
|
|
|
|
const u8 *in, size_t in_len,
|
|
|
|
u8 **out, size_t *out_len)
|
|
|
|
{
|
|
|
|
struct sc_pkcs15_enveloped_data envdata;
|
|
|
|
EVP_CIPHER_CTX cipher_ctx;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
memset(&envdata, 0, sizeof(envdata));
|
|
|
|
r = sc_pkcs15_decode_enveloped_data(ctx, &envdata, in, in_len);
|
|
|
|
if (r < 0) {
|
2009-09-14 08:46:59 +00:00
|
|
|
sc_debug(ctx, "Failed to decode EnvelopedData.\n");
|
2002-04-17 09:01:49 +00:00
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Derive the key using the info in EnvelopedData */
|
|
|
|
r = sc_pkcs15_derive_key(ctx, &envdata.ke_alg, &envdata.ce_alg,
|
|
|
|
passphrase, &cipher_ctx, 0);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
/* Now decrypt the data using the derived key */
|
2005-08-05 07:24:43 +00:00
|
|
|
r = do_cipher(&cipher_ctx, envdata.content, envdata.content_len,
|
2002-04-17 09:01:49 +00:00
|
|
|
out, out_len);
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
|
|
|
|
if (envdata.ce_alg.params)
|
|
|
|
free(envdata.ce_alg.params);
|
|
|
|
if (envdata.ke_alg.params)
|
|
|
|
free(envdata.ke_alg.params);
|
|
|
|
free(envdata.content);
|
|
|
|
return r;
|
|
|
|
}
|
2008-03-06 16:06:59 +00:00
|
|
|
#endif /* ENABLE_OPENSSL */
|
2002-04-17 09:01:49 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Encode/decode EnvelopedData
|
|
|
|
* Note we cheat with the recipientInfo field, which is a SET OF:
|
|
|
|
* we treat it as if there's always just one element in the set.
|
|
|
|
*/
|
|
|
|
static const struct sc_asn1_entry c_asn1_enveloped_data_attr[] = {
|
2006-01-20 20:52:36 +00:00
|
|
|
{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL },
|
|
|
|
{ "originator", SC_ASN1_STRUCT, SC_ASN1_CONS| SC_ASN1_TAG_SEQUENCE, SC_ASN1_OPTIONAL, NULL, NULL },
|
|
|
|
{ "recipients", SC_ASN1_STRUCT, SC_ASN1_CONS| SC_ASN1_TAG_SET, 0, NULL, NULL },
|
|
|
|
{ "contentInfo",SC_ASN1_STRUCT, SC_ASN1_CONS| SC_ASN1_TAG_SEQUENCE, 0, NULL, NULL },
|
2002-04-17 09:01:49 +00:00
|
|
|
/* some more optional foo we ignore for now */
|
2005-08-05 07:24:43 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL, NULL}
|
2002-04-17 09:01:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const struct sc_asn1_entry c_asn1_content_attr[] = {
|
2006-01-20 20:52:36 +00:00
|
|
|
{ "contentType",SC_ASN1_OBJECT, SC_ASN1_TAG_OBJECT, 0, NULL, NULL },
|
|
|
|
{ "contentEncrAlg", SC_ASN1_ALGORITHM_ID, SC_ASN1_CONS| SC_ASN1_TAG_SEQUENCE, 0, NULL, NULL },
|
2005-08-05 07:24:43 +00:00
|
|
|
{ "encrContent",SC_ASN1_STRUCT, SC_ASN1_CTX | 0 | SC_ASN1_CONS, SC_ASN1_OPTIONAL, NULL, NULL },
|
|
|
|
{ NULL, 0, 0, 0, NULL, NULL }
|
2002-04-18 09:11:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const struct sc_asn1_entry c_asn1_encr_content[] = {
|
2006-01-20 20:52:36 +00:00
|
|
|
{ "data", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_ALLOC, NULL, NULL },
|
2005-08-05 07:24:43 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL, NULL }
|
2002-04-17 09:01:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const struct sc_asn1_entry c_asn1_recipients_attr[] = {
|
2005-08-05 07:24:43 +00:00
|
|
|
{ "kekri", SC_ASN1_STRUCT, SC_ASN1_CTX | 2 | SC_ASN1_CONS , 0, NULL, NULL },
|
|
|
|
{ NULL, 0, 0, 0, NULL, NULL }
|
2002-04-17 09:01:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const struct sc_asn1_entry c_asn1_kekri_attr[] = {
|
2006-01-20 20:52:36 +00:00
|
|
|
{ "version", SC_ASN1_INTEGER, SC_ASN1_TAG_INTEGER, 0, NULL, NULL },
|
|
|
|
{ "id", SC_ASN1_STRUCT, SC_ASN1_CONS | SC_ASN1_TAG_SEQUENCE, 0, NULL, NULL },
|
|
|
|
{ "keyEncrAlg", SC_ASN1_ALGORITHM_ID, SC_ASN1_CONS | SC_ASN1_TAG_SEQUENCE, 0, NULL, NULL },
|
|
|
|
{ "keyEncrKey", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, SC_ASN1_ALLOC, NULL, NULL },
|
2005-08-05 07:24:43 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL, NULL }
|
2002-04-17 09:01:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static const struct sc_asn1_entry c_asn1_kek_attr[] = {
|
2006-01-20 20:52:36 +00:00
|
|
|
{ "id", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_OCTET_STRING, 0, NULL, NULL },
|
|
|
|
{ "date", SC_ASN1_OCTET_STRING, SC_ASN1_TAG_GENERALIZEDTIME, SC_ASN1_OPTIONAL, NULL, NULL },
|
|
|
|
{ "other", SC_ASN1_STRUCT, SC_ASN1_CONS | SC_ASN1_TAG_SEQUENCE, SC_ASN1_OPTIONAL, NULL, NULL },
|
2005-08-05 07:24:43 +00:00
|
|
|
{ NULL, 0, 0, 0, NULL, NULL }
|
2002-04-17 09:01:49 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_decode_enveloped_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
struct sc_pkcs15_enveloped_data *result,
|
|
|
|
const u8 *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
struct sc_asn1_entry asn1_enveloped_data_attr[5],
|
|
|
|
asn1_content_attr[4],
|
2002-04-18 09:11:18 +00:00
|
|
|
asn1_encr_content[2],
|
2002-04-17 09:01:49 +00:00
|
|
|
asn1_recipients_attr[2],
|
|
|
|
asn1_kekri_attr[5],
|
|
|
|
asn1_kek_attr[4];
|
|
|
|
struct sc_pkcs15_enveloped_data data;
|
|
|
|
int r;
|
|
|
|
|
|
|
|
sc_copy_asn1_entry(c_asn1_enveloped_data_attr, asn1_enveloped_data_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_content_attr, asn1_content_attr);
|
2002-04-18 09:11:18 +00:00
|
|
|
sc_copy_asn1_entry(c_asn1_encr_content, asn1_encr_content);
|
2002-04-17 09:01:49 +00:00
|
|
|
sc_copy_asn1_entry(c_asn1_recipients_attr, asn1_recipients_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_kekri_attr, asn1_kekri_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_kek_attr, asn1_kek_attr);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_enveloped_data_attr + 2,
|
|
|
|
asn1_recipients_attr, NULL, 0);
|
|
|
|
sc_format_asn1_entry(asn1_enveloped_data_attr + 3,
|
|
|
|
asn1_content_attr, NULL, 0);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_content_attr + 1, &data.ce_alg, NULL, 0);
|
|
|
|
sc_format_asn1_entry(asn1_content_attr + 2,
|
2002-04-18 09:11:18 +00:00
|
|
|
asn1_encr_content, NULL, 0);
|
|
|
|
sc_format_asn1_entry(asn1_encr_content + 0,
|
2002-04-17 09:01:49 +00:00
|
|
|
&data.content, &data.content_len, 0);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_recipients_attr + 0,
|
|
|
|
asn1_kekri_attr, NULL, 0);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 1,
|
|
|
|
asn1_kek_attr, NULL, 0);
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 2,
|
|
|
|
&data.ke_alg, NULL, 0);
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 3,
|
|
|
|
&data.key, &data.key_len, 0);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_kek_attr + 0,
|
|
|
|
&data.id, &data.id.len, 0);
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
|
|
|
|
r = sc_asn1_decode(ctx, asn1_enveloped_data_attr, buf, buflen, NULL, NULL);
|
|
|
|
if (r >= 0)
|
|
|
|
*result = data;
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
int
|
2005-03-08 20:59:35 +00:00
|
|
|
sc_pkcs15_encode_enveloped_data(sc_context_t *ctx,
|
2002-04-17 09:01:49 +00:00
|
|
|
struct sc_pkcs15_enveloped_data *data,
|
|
|
|
u8 **buf, size_t *buflen)
|
|
|
|
{
|
2002-04-18 09:11:18 +00:00
|
|
|
static struct sc_object_id oid_id_data = {{ 1, 2, 840, 113549, 1, 7, 1, -1 }};
|
2002-04-17 09:01:49 +00:00
|
|
|
struct sc_asn1_entry asn1_enveloped_data_attr[5],
|
|
|
|
asn1_content_attr[4],
|
2002-04-18 09:11:18 +00:00
|
|
|
asn1_encr_content[2],
|
2002-04-17 09:01:49 +00:00
|
|
|
asn1_recipients_attr[2],
|
|
|
|
asn1_kekri_attr[5],
|
|
|
|
asn1_kek_attr[4];
|
|
|
|
int version2 = 2, version4 = 4, r;
|
|
|
|
|
|
|
|
sc_copy_asn1_entry(c_asn1_enveloped_data_attr, asn1_enveloped_data_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_content_attr, asn1_content_attr);
|
2002-04-18 09:11:18 +00:00
|
|
|
sc_copy_asn1_entry(c_asn1_encr_content, asn1_encr_content);
|
2002-04-17 09:01:49 +00:00
|
|
|
sc_copy_asn1_entry(c_asn1_recipients_attr, asn1_recipients_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_kekri_attr, asn1_kekri_attr);
|
|
|
|
sc_copy_asn1_entry(c_asn1_kek_attr, asn1_kek_attr);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_enveloped_data_attr + 0,
|
|
|
|
&version2, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_enveloped_data_attr + 2,
|
|
|
|
asn1_recipients_attr, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_enveloped_data_attr + 3,
|
|
|
|
asn1_content_attr, NULL, 1);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_content_attr + 0, &oid_id_data, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_content_attr + 1, &data->ce_alg, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_content_attr + 2,
|
2002-04-18 09:11:18 +00:00
|
|
|
asn1_encr_content, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_encr_content + 0,
|
2002-04-17 09:01:49 +00:00
|
|
|
data->content, &data->content_len, 1);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_recipients_attr + 0,
|
|
|
|
asn1_kekri_attr, NULL, 1);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 0,
|
|
|
|
&version4, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 1,
|
|
|
|
asn1_kek_attr, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 2,
|
|
|
|
&data->ke_alg, NULL, 1);
|
|
|
|
sc_format_asn1_entry(asn1_kekri_attr + 3,
|
|
|
|
data->key, &data->key_len, 1);
|
|
|
|
|
|
|
|
sc_format_asn1_entry(asn1_kek_attr + 0,
|
|
|
|
&data->id, &data->id.len, 1);
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
|
|
|
|
r = sc_asn1_encode(ctx, asn1_enveloped_data_attr, buf, buflen);
|
|
|
|
return r;
|
|
|
|
}
|