int gnutls_pkcs12_bag_encrypt(gnutls_pkcs12_bag_t bag,
const char *pass, unsigned int flags);
+int
+gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, unsigned int *cipher,
+ void *salt, unsigned int *salt_size, unsigned int *iter_count, char **oid);
+
#define GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED 1
int gnutls_pkcs12_simple_parse(gnutls_pkcs12_t p12,
const char *password,
gnutls_pkcs_schema_get_name;
gnutls_pkcs_schema_get_oid;
gnutls_pkcs8_info;
+ gnutls_pkcs12_bag_enc_info;
} GNUTLS_3_0_0;
GNUTLS_FIPS140 {
/*
- * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2003-2014 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Red Hat
*
* Author: Nikos Mavrogiannopoulos
*
bag->bag_elements = 1;
+ return 0;
+}
+
+/**
+ * gnutls_pkcs12_bag_enc_info:
+ * @bag: The bag
+ * @schema: indicate the schema as one of %gnutls_pkcs_encrypt_flags_t
+ * @cipher: the cipher used as %gnutls_cipher_algorithm_t
+ * @salt: PBKDF2 salt (if non-NULL then @salt_size initially holds its size)
+ * @salt_size: PBKDF2 salt size
+ * @iter_count: PBKDF2 iteration count
+ * @oid: if non-NULL it will contain an allocated null-terminated variable with the OID
+ *
+ * This function will provide information on the encryption algorithms used
+ * in an encrypted bag. If the structure algorithms
+ * are unknown the code %GNUTLS_E_UNKNOWN_CIPHER_TYPE will be returned,
+ * and only @oid, will be set. That is, @oid will be set on encrypted bags
+ * whether supported or not. It must be deinitialized using gnutls_free().
+ * The other variables are only set on supported structures.
+ *
+ * Returns: %GNUTLS_E_INVALID_REQUEST if the provided bag isn't encrypted,
+ * %GNUTLS_E_UNKNOWN_CIPHER_TYPE if the structure's encryption isn't supported, or
+ * another negative error code in case of a failure. Zero on success.
+ **/
+int
+gnutls_pkcs12_bag_enc_info(gnutls_pkcs12_bag_t bag, unsigned int *schema, unsigned int *cipher,
+ void *salt, unsigned int *salt_size, unsigned int *iter_count, char **oid)
+{
+ int ret;
+ struct pbkdf2_params kdf;
+ const struct pbes2_schema_st *p;
+
+ if (bag == NULL) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ if (bag->element[0].type != GNUTLS_BAG_ENCRYPTED) {
+ gnutls_assert();
+ return GNUTLS_E_INVALID_REQUEST;
+ }
+
+ ret =
+ _gnutls_pkcs7_data_enc_info(&bag->element[0].data, &p, &kdf, oid);
+
+ if (ret < 0) {
+ gnutls_assert();
+ return ret;
+ }
+
+ if (schema)
+ *schema = p->flag;
+
+ if (cipher)
+ *cipher = p->cipher;
+
+ if (iter_count)
+ *iter_count = kdf.iter_count;
+
+ if (salt) {
+ if (*salt_size >= (unsigned)kdf.salt_size) {
+ memcpy(salt, kdf.salt, kdf.salt_size);
+ } else {
+ *salt_size = kdf.salt_size;
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
+ }
+ }
+
+ if (salt_size)
+ *salt_size = kdf.salt_size;
+
+
return 0;
}
/*
- * Copyright (C) 2003-2012 Free Software Foundation, Inc.
+ * Copyright (C) 2003-2014 Free Software Foundation, Inc.
+ * Copyright (C) 2014 Red Hat
+ * Copyright (C) 2014 Nikos Mavrogiannopoulos
*
* Author: Nikos Mavrogiannopoulos
*
*
* This function will provide information on the algorithms used
* in a particular PKCS #8 structure. If the structure algorithms
- * are unknown the return code will be %GNUTLS_E_UNKNOWN_CIPHER_TYPE,
+ * are unknown the code %GNUTLS_E_UNKNOWN_CIPHER_TYPE will be returned,
* and only @oid, will be set. That is, @oid will be set on encrypted PKCS #8
- * structures whether supported or not. The other variables are only set
- * on supported structures.
+ * structures whether supported or not. It must be deinitialized using gnutls_free().
+ * The other variables are only set on supported structures.
*
- * Returns: %GNUTLS_E_DECRYPTION_FAILED if the provided structure isn't encrypted,
+ * Returns: %GNUTLS_E_INVALID_REQUEST if the provided structure isn't encrypted,
* %GNUTLS_E_UNKNOWN_CIPHER_TYPE if the structure's encryption isn't supported, or
* another negative error code in case of a failure. Zero on success.
**/
}
ret = pkcs8_key_info(&_data, &p, &kdf, oid);
+ if (ret == GNUTLS_E_DECRYPTION_FAILED)
+ ret = GNUTLS_E_INVALID_REQUEST;
if (ret < 0) {
gnutls_assert();
goto cleanup;
if (cipher)
*cipher = p->cipher;
+ if (iter_count)
+ *iter_count = kdf.iter_count;
+
if (salt) {
if (*salt_size >= (unsigned)kdf.salt_size) {
memcpy(salt, kdf.salt, kdf.salt_size);
+ } else {
+ *salt_size = kdf.salt_size;
+ return gnutls_assert_val(GNUTLS_E_SHORT_MEMORY_BUFFER);
}
}
if (salt_size)
*salt_size = kdf.salt_size;
- if (iter_count)
- *iter_count = kdf.iter_count;
return 0;
int
_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pbes2_schema_st **p,
- struct pbkdf2_params *kdf_params)
+ struct pbkdf2_params *kdf_params, char **oid)
{
int result, len;
char enc_oid[MAX_OID_SIZE];
goto error;
}
+ if (oid) {
+ *oid = gnutls_strdup(enc_oid);
+ }
+
if ((result = check_pkcs12_schema(enc_oid)) < 0) {
gnutls_assert();
goto error;
int _gnutls_pkcs7_encrypt_data(schema_id schema,
const gnutls_datum_t * data,
const char *password, gnutls_datum_t * enc);
+
int
_gnutls_pkcs7_data_enc_info(const gnutls_datum_t * data, const struct pbes2_schema_st **p,
- struct pbkdf2_params *kdf_params);
+ struct pbkdf2_params *kdf_params, char **oid);
int _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
gnutls_pkcs12_bag_t bag);