1 /* 2 * Copyright 2014-2022 The GmSSL Project. All Rights Reserved. 3 * 4 * Licensed under the Apache License, Version 2.0 (the License); you may 5 * not use this file except in compliance with the License. 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 */ 9 10 // RFC 5208: PKCS #8: Private-Key Information Syntax Specification version 1.2 11 12 13 #ifndef GMSSL_PKCS8_H 14 #define GMSSL_PKCS8_H 15 16 #include <stdio.h> 17 #include <string.h> 18 #include <stdlib.h> 19 #include <stdint.h> 20 #include <gmssl/sm2.h> 21 #include <gmssl/pem.h> 22 23 #ifdef __cplusplus 24 extern "C" { 25 #endif 26 27 28 /* 29 id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} 30 31 PBKDF2-params ::= SEQUENCE { 32 salt CHOICE { 33 specified OCTET STRING, 34 otherSource AlgorithmIdentifier {{PBKDF2-SaltSources}} 35 }, 36 iterationCount INTEGER (1..MAX), 37 keyLength INTEGER (1..MAX) OPTIONAL, -- 这个参数可以由函数指定 38 prf AlgorithmIdentifier {{PBKDF2-PRFs}} DEFAULT algid-hmacWithSHA1 39 } 40 41 prf must be OID_hmac_sm3 42 cipher must be OID_sm4_cbc 43 */ 44 int pbkdf2_params_to_der(const uint8_t *salt, size_t saltlen, int iter, int keylen, int prf, 45 uint8_t **out, size_t *outlen); 46 int pbkdf2_params_from_der(const uint8_t **salt, size_t *saltlen, int *iter, int *keylen, int *prf, 47 const uint8_t **in, size_t *inlen); 48 int pbkdf2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 49 50 int pbkdf2_algor_to_der( 51 const uint8_t *salt, size_t saltlen, 52 int iter, 53 int keylen, 54 int prf, 55 uint8_t **out, size_t *outlen); 56 int pbkdf2_algor_from_der( 57 const uint8_t **salt, size_t *saltlen, 58 int *iter, 59 int *keylen, 60 int *prf, 61 const uint8_t **in, size_t *inlen); 62 int pbkdf2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 63 64 65 /* 66 id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} 67 68 PBES2-params ::= SEQUENCE { 69 keyDerivationFunc AlgorithmIdentifier {{PBES2-KDFs}}, -- id-PBKDF2 70 encryptionScheme AlgorithmIdentifier {{PBES2-Encs}}} 71 72 PBES2-Encs: 73 AES-CBC-Pad [RFC2898] 74 RC5-CBC-Pad 75 DES-CBC-Pad legacy 76 DES-EDE3-CBC-Pad legacy 77 RC2-CBC-Pad legacy 78 */ 79 80 int pbes2_enc_algor_to_der( 81 int cipher, 82 const uint8_t *iv, size_t ivlen, 83 uint8_t **out, size_t *outlen); 84 int pbes2_enc_algor_from_der( 85 int *cipher, 86 const uint8_t **iv, size_t *ivlen, 87 const uint8_t **in, size_t *inlen); 88 int pbes2_enc_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 89 90 91 int pbes2_params_to_der( 92 const uint8_t *salt, size_t saltlen, 93 int iter, 94 int keylen, 95 int prf, 96 int cipher, 97 const uint8_t *iv, size_t ivlen, 98 uint8_t **out, size_t *outlen); 99 int pbes2_params_from_der( 100 const uint8_t **salt, size_t *saltlen, 101 int *iter, 102 int *keylen, 103 int *prf, 104 int *cipher, 105 const uint8_t **iv, size_t *ivlen, 106 const uint8_t **in, size_t *inlen); 107 int pbes2_params_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 108 109 110 int pbes2_algor_to_der( 111 const uint8_t *salt, size_t saltlen, 112 int iter, 113 int keylen, 114 int prf, 115 int cipher, 116 const uint8_t *iv, size_t ivlen, 117 uint8_t **out, size_t *outlen); 118 int pbes2_algor_from_der( 119 const uint8_t **salt, size_t *saltlen, 120 int *iter, 121 int *keylen, 122 int *prf, 123 int *cipher, 124 const uint8_t **iv, size_t *ivlen, 125 const uint8_t **in, size_t *inlen); 126 int pbes2_algor_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 127 128 /* 129 from [RFC 5208] 130 131 EncryptedPrivateKeyInfo ::= SEQUENCE { 132 encryptionAlgorithm EncryptionAlgorithmIdentifier, 133 encryptedData OCTET STRING } 134 135 encryptionAlgorithm: 136 id-PBES2 137 138 PrivateKeyInfo ::= SEQUENCE { 139 version INTEGER { v1(0) }, 140 privateKeyAlgorithm AlgorithmIdentifier, 141 privateKey OCTET STRING, 142 attributes [0] Attributes OPTIONAL } 143 */ 144 145 int pkcs8_enced_private_key_info_to_der( 146 const uint8_t *salt, size_t saltlen, 147 int iter, 148 int keylen, 149 int prf, 150 int cipher, 151 const uint8_t *iv, size_t ivlen, 152 const uint8_t *enced, size_t encedlen, 153 uint8_t **out, size_t *outlen); 154 int pkcs8_enced_private_key_info_from_der( 155 const uint8_t **salt, size_t *saltlen, 156 int *iter, 157 int *keylen, 158 int *prf, 159 int *cipher, 160 const uint8_t **iv, size_t *ivlen, 161 const uint8_t **enced, size_t *encedlen, 162 const uint8_t **in, size_t *inlen); 163 int pkcs8_enced_private_key_info_print(FILE *fp, int fmt, int ind, const char *label, const uint8_t *d, size_t dlen); 164 165 166 #ifdef __cplusplus 167 } 168 #endif 169 #endif 170