From f496a339d7b3c81a337b8c9e3d2fd8643926dcf3 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 24 Aug 2008 22:39:15 +0000 Subject: removing dead code --- src/daemon/https/x509/privkey_pkcs8.c | 417 ---------------------------------- src/daemon/https/x509/x509_privkey.c | 352 ---------------------------- 2 files changed, 769 deletions(-) diff --git a/src/daemon/https/x509/privkey_pkcs8.c b/src/daemon/https/x509/privkey_pkcs8.c index 8b92f266..ae2c50dd 100644 --- a/src/daemon/https/x509/privkey_pkcs8.c +++ b/src/daemon/https/x509/privkey_pkcs8.c @@ -125,423 +125,6 @@ check_schema (const char *oid) return GNUTLS_E_UNKNOWN_CIPHER_TYPE; } -/* Encodes a private key to the raw format PKCS #8 needs. - * For RSA it is a PKCS #1 DER private key and for DSA it is - * an ASN.1 INTEGER of the x value. - */ -inline static int -_encode_privkey (gnutls_x509_privkey_t pkey, gnutls_datum_t * raw) -{ - size_t size = 0; - opaque *data = NULL; - int ret; - ASN1_TYPE spk = ASN1_TYPE_EMPTY; - - switch (pkey->pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - ret = - gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, NULL, &size); - if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) - { - gnutls_assert (); - goto error; - } - - data = gnutls_malloc (size); - if (data == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - ret = - gnutls_x509_privkey_export (pkey, GNUTLS_X509_FMT_DER, data, &size); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - raw->data = data; - raw->size = size; - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - return 0; - -error: - gnutls_free (data); - asn1_delete_structure (&spk); - return ret; - -} - -/* - * Encodes a PKCS #1 private key to a PKCS #8 private key - * info. The output will be allocated and stored into der. Also - * the ASN1_TYPE of private key info will be returned. - */ -static int -encode_to_private_key_info (gnutls_x509_privkey_t pkey, - gnutls_datum_t * der, ASN1_TYPE * pkey_info) -{ - int result, len; - opaque null = 0; - const char *oid; - gnutls_datum_t algo_params = { NULL, 0 }; - gnutls_datum_t algo_privkey = { NULL, 0 }; - - if (pkey->pk_algorithm == MHD_GNUTLS_PK_RSA) - { - oid = PK_PKIX1_RSA_OID; - /* parameters are null - */ - } - else - { - oid = PK_DSA_OID; - result = - _gnutls_x509_write_dsa_params (pkey->params, pkey->params_size, - &algo_params); - if (result < 0) - { - gnutls_assert (); - return result; - } - } - - if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-PrivateKeyInfo", - pkey_info)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* Write the version. - */ - result = asn1_write_value (*pkey_info, "version", &null, 1); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* write the privateKeyAlgorithm - * fields. (OID+NULL data) - */ - result = - asn1_write_value (*pkey_info, "privateKeyAlgorithm.algorithm", oid, 1); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - result = - asn1_write_value (*pkey_info, "privateKeyAlgorithm.parameters", - algo_params.data, algo_params.size); - _gnutls_free_datum (&algo_params); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* Write the raw private key - */ - result = _encode_privkey (pkey, &algo_privkey); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = - asn1_write_value (*pkey_info, "privateKey", algo_privkey.data, - algo_privkey.size); - _gnutls_free_datum (&algo_privkey); - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* Append an empty Attributes field. - */ - result = asn1_write_value (*pkey_info, "attributes", NULL, 0); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* DER Encode the generated private key info. - */ - len = 0; - result = asn1_der_coding (*pkey_info, "", NULL, &len, NULL); - if (result != ASN1_MEM_ERROR) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* allocate data for the der - */ - der->size = len; - der->data = gnutls_malloc (len); - if (der->data == NULL) - { - gnutls_assert (); - return GNUTLS_E_MEMORY_ERROR; - } - - result = asn1_der_coding (*pkey_info, "", der->data, &len, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - return 0; - -error: - asn1_delete_structure (pkey_info); - _gnutls_free_datum (&algo_params); - _gnutls_free_datum (&algo_privkey); - return result; - -} - -/* Converts a PKCS #8 private key info to - * a PKCS #8 EncryptedPrivateKeyInfo. - */ -static int -encode_to_pkcs8_key (schema_id schema, const gnutls_datum_t * der_key, - const char *password, ASN1_TYPE * out) -{ - int result; - gnutls_datum_t key = { NULL, 0 }; - gnutls_datum_t tmp = { NULL, 0 }; - ASN1_TYPE pkcs8_asn = ASN1_TYPE_EMPTY; - struct pbkdf2_params kdf_params; - struct pbe_enc_params enc_params; - - if ((result = - asn1_create_element (_gnutls_get_pkix (), - "PKIX1.pkcs-8-EncryptedPrivateKeyInfo", - &pkcs8_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* Write the encryption schema OID - */ - switch (schema) - { - case PBES2: - result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - PBES2_OID, 1); - break; - case PKCS12_3DES_SHA1: - result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_3DES_SHA1_OID, 1); - break; - case PKCS12_ARCFOUR_SHA1: - result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_ARCFOUR_SHA1_OID, 1); - break; - case PKCS12_RC2_40_SHA1: - result = - asn1_write_value (pkcs8_asn, "encryptionAlgorithm.algorithm", - PKCS12_PBE_RC2_40_SHA1_OID, 1); - break; - - } - - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - /* Generate a symmetric key. - */ - - result = generate_key (schema, password, &kdf_params, &enc_params, &key); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - result = - write_schema_params (schema, pkcs8_asn, - "encryptionAlgorithm.parameters", &kdf_params, - &enc_params); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - /* Parameters have been encoded. Now - * encrypt the Data. - */ - result = encrypt_data (der_key, &enc_params, &key, &tmp); - if (result < 0) - { - gnutls_assert (); - goto error; - } - - /* write the encrypted data. - */ - result = asn1_write_value (pkcs8_asn, "encryptedData", tmp.data, tmp.size); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - result = mhd_gtls_asn2err (result); - goto error; - } - - _gnutls_free_datum (&tmp); - _gnutls_free_datum (&key); - - *out = pkcs8_asn; - - return 0; - -error: - _gnutls_free_datum (&key); - _gnutls_free_datum (&tmp); - asn1_delete_structure (&pkcs8_asn); - return result; -} - -/** - * gnutls_x509_privkey_export_pkcs8 - This function will export the private key to PKCS8 format - * @key: Holds the key - * @format: the format of output params. One of PEM or DER. - * @password: the password that will be used to encrypt the key. - * @flags: an ORed sequence of gnutls_pkcs_encrypt_flags_t - * @output_data: will contain a private key PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the private key to a PKCS8 structure. - * Both RSA and DSA keys can be exported. For DSA keys we use - * PKCS #11 definitions. If the flags do not specify the encryption - * cipher, then the default 3DES (PBES2) will be used. - * - * The @password can be either ASCII or UTF-8 in the default PBES2 - * encryption schemas, or ASCII for the PKCS12 schemas. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN ENCRYPTED PRIVATE KEY" or "BEGIN PRIVATE KEY" if - * encryption is not used. - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - * - **/ -int -gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - const char *password, - unsigned int flags, - void *output_data, - size_t * output_data_size) -{ - ASN1_TYPE pkcs8_asn, pkey_info; - int ret; - gnutls_datum_t tmp; - schema_id schema; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - /* Get the private key info - * tmp holds the DER encoding. - */ - ret = encode_to_private_key_info (key, &tmp, &pkey_info); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - if (flags & GNUTLS_PKCS_USE_PKCS12_3DES) - schema = PKCS12_3DES_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_ARCFOUR) - schema = PKCS12_ARCFOUR_SHA1; - else if (flags & GNUTLS_PKCS_USE_PKCS12_RC2_40) - schema = PKCS12_RC2_40_SHA1; - else - schema = PBES2; - - if ((flags & GNUTLS_PKCS_PLAIN) || password == NULL) - { - _gnutls_free_datum (&tmp); - - ret = - _gnutls_x509_export_int (pkey_info, format, - PEM_UNENCRYPTED_PKCS8, - output_data, output_data_size); - - asn1_delete_structure (&pkey_info); - } - else - { - asn1_delete_structure (&pkey_info); /* we don't need it */ - - ret = encode_to_pkcs8_key (schema, &tmp, password, &pkcs8_asn); - _gnutls_free_datum (&tmp); - - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - ret = - _gnutls_x509_export_int (pkcs8_asn, format, PEM_PKCS8, - output_data, output_data_size); - - asn1_delete_structure (&pkcs8_asn); - } - - return ret; -} - /* Read the parameters cipher, IV, salt etc using the given * schema ID. */ diff --git a/src/daemon/https/x509/x509_privkey.c b/src/daemon/https/x509/x509_privkey.c index e890843d..3f168eac 100644 --- a/src/daemon/https/x509/x509_privkey.c +++ b/src/daemon/https/x509/x509_privkey.c @@ -248,79 +248,6 @@ error:asn1_delete_structure (&pkey_asn); } -static ASN1_TYPE -decode_dsa_key (const gnutls_datum_t * raw_key, gnutls_x509_privkey_t pkey) -{ - int result; - ASN1_TYPE dsa_asn; - - if ((result = asn1_create_element (_gnutls_get_gnutls_asn (), - "GNUTLS.DSAPrivateKey", - &dsa_asn)) != ASN1_SUCCESS) - { - gnutls_assert (); - return NULL; - } - - if ((sizeof (pkey->params) / sizeof (mpi_t)) < DSA_PRIVATE_PARAMS) - { - gnutls_assert (); - /* internal error. Increase the mpi_ts in params */ - return NULL; - } - - result = asn1_der_decoding (&dsa_asn, raw_key->data, raw_key->size, NULL); - if (result != ASN1_SUCCESS) - { - gnutls_assert (); - goto error; - } - - if ((result = _gnutls_x509_read_int (dsa_asn, "p", &pkey->params[0])) < 0) - { - gnutls_assert (); - goto error; - } - - if ((result = _gnutls_x509_read_int (dsa_asn, "q", &pkey->params[1])) < 0) - { - gnutls_assert (); - goto error; - } - - if ((result = _gnutls_x509_read_int (dsa_asn, "g", &pkey->params[2])) < 0) - { - gnutls_assert (); - goto error; - } - - if ((result = _gnutls_x509_read_int (dsa_asn, "Y", &pkey->params[3])) < 0) - { - gnutls_assert (); - goto error; - } - - if ((result = - _gnutls_x509_read_int (dsa_asn, "priv", &pkey->params[4])) < 0) - { - gnutls_assert (); - goto error; - } - pkey->params_size = 5; - - return dsa_asn; - -error:asn1_delete_structure (&dsa_asn); - mhd_gtls_mpi_release (&pkey->params[0]); - mhd_gtls_mpi_release (&pkey->params[1]); - mhd_gtls_mpi_release (&pkey->params[2]); - mhd_gtls_mpi_release (&pkey->params[3]); - mhd_gtls_mpi_release (&pkey->params[4]); - return NULL; - -} - -#define PEM_KEY_DSA "DSA PRIVATE KEY" #define PEM_KEY_RSA "RSA PRIVATE KEY" /** @@ -367,23 +294,6 @@ gnutls_x509_privkey_import (gnutls_x509_privkey_t key, = _gnutls_fbase64_decode (PEM_KEY_RSA, data->data, data->size, &out); key->pk_algorithm = MHD_GNUTLS_PK_RSA; - // TODO rm -// if (result == GNUTLS_E_BASE64_UNEXPECTED_HEADER_ERROR) -// { -// /* try for the second header */ -// result = _gnutls_fbase64_decode(PEM_KEY_DSA, data->data, data->size, -// &out); -// key->pk_algorithm = GNUTLS_PK_DSA; -// -// if (result <= 0) -// { -// if (result == 0) -// result = GNUTLS_E_INTERNAL_ERROR; -// gnutls_assert (); -// return result; -// } -// } - _data.data = out; _data.size = result; @@ -568,268 +478,6 @@ gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key) return key->pk_algorithm; } -/** - * gnutls_x509_privkey_export - This function will export the private key - * @key: Holds the key - * @format: the format of output params. One of PEM or DER. - * @output_data: will contain a private key PEM or DER encoded - * @output_data_size: holds the size of output_data (and will be - * replaced by the actual size of parameters) - * - * This function will export the private key to a PKCS1 structure for - * RSA keys, or an integer sequence for DSA keys. The DSA keys are in - * the same format with the parameters used by openssl. - * - * If the buffer provided is not long enough to hold the output, then - * *output_data_size is updated and GNUTLS_E_SHORT_MEMORY_BUFFER will - * be returned. - * - * If the structure is PEM encoded, it will have a header - * of "BEGIN RSA PRIVATE KEY". - * - * Return value: In case of failure a negative value will be - * returned, and 0 on success. - * - **/ -int -gnutls_x509_privkey_export (gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, - void *output_data, size_t * output_data_size) -{ - char *msg; - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - if (key->pk_algorithm == MHD_GNUTLS_PK_RSA) - msg = PEM_KEY_RSA; - else - msg = NULL; - - if (key->crippled) - { /* encode the parameters on the fly. - */ - switch (key->pk_algorithm) - { - case MHD_GNUTLS_PK_RSA: - ret = _gnutls_asn1_encode_rsa (&key->key, key->params); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - break; - default: - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - } - - return _gnutls_x509_export_int (key->key, format, msg, output_data, - output_data_size); -} - -/** - * gnutls_x509_privkey_export_rsa_raw - This function will export the RSA private key - * @key: a structure that holds the rsa parameters - * @m: will hold the modulus - * @e: will hold the public exponent - * @d: will hold the private exponent - * @p: will hold the first prime (p) - * @q: will hold the second prime (q) - * @u: will hold the coefficient - * - * This function will export the RSA private key's parameters found in the given - * structure. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * - **/ -int -gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * m, - gnutls_datum_t * e, - gnutls_datum_t * d, - gnutls_datum_t * p, - gnutls_datum_t * q, gnutls_datum_t * u) -{ - int ret; - mpi_t coeff = NULL; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - m->data = e->data = d->data = p->data = q->data = u->data = NULL; - m->size = e->size = d->size = p->size = q->size = u->size = 0; - - ret = mhd_gtls_mpi_dprint (m, key->params[0]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - /* E */ - ret = mhd_gtls_mpi_dprint (e, key->params[1]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - /* D */ - ret = mhd_gtls_mpi_dprint (d, key->params[2]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - /* P */ - ret = mhd_gtls_mpi_dprint (p, key->params[3]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - /* Q */ - ret = mhd_gtls_mpi_dprint (q, key->params[4]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - -#ifdef CALC_COEFF - coeff = _gnutls_mpi_snew (_gnutls_mpi_get_nbits (key->params[0])); - - if (coeff == NULL) - { - gnutls_assert (); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; - } - - _gnutls_mpi_invm (coeff, key->params[4], key->params[3]); - ret = mhd_gtls_mpi_dprint (u, coeff); - if (ret < 0) - { - gnutls_assert (); - goto error; - } - - mhd_gtls_mpi_release (&coeff); -#else - /* U */ - ret = mhd_gtls_mpi_dprint (u, key->params[5]); - if (ret < 0) - { - gnutls_assert (); - goto error; - } -#endif - - return 0; - -error:_gnutls_free_datum (m); - _gnutls_free_datum (d); - _gnutls_free_datum (e); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - mhd_gtls_mpi_release (&coeff); - - return ret; -} - -/** - * gnutls_x509_privkey_export_dsa_raw - This function will export the DSA private key - * @params: a structure that holds the DSA parameters - * @p: will hold the p - * @q: will hold the q - * @g: will hold the g - * @y: will hold the y - * @x: will hold the x - * - * This function will export the DSA private key's parameters found in the given - * structure. The new parameters will be allocated using - * gnutls_malloc() and will be stored in the appropriate datum. - * - **/ -int -gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, - gnutls_datum_t * p, - gnutls_datum_t * q, - gnutls_datum_t * g, - gnutls_datum_t * y, gnutls_datum_t * x) -{ - int ret; - - if (key == NULL) - { - gnutls_assert (); - return GNUTLS_E_INVALID_REQUEST; - } - - /* P */ - ret = mhd_gtls_mpi_dprint (p, key->params[0]); - if (ret < 0) - { - gnutls_assert (); - return ret; - } - - /* Q */ - ret = mhd_gtls_mpi_dprint (q, key->params[1]); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - return ret; - } - - /* G */ - ret = mhd_gtls_mpi_dprint (g, key->params[2]); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (q); - return ret; - } - - /* Y */ - ret = mhd_gtls_mpi_dprint (y, key->params[3]); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - return ret; - } - - /* X */ - ret = mhd_gtls_mpi_dprint (x, key->params[4]); - if (ret < 0) - { - gnutls_assert (); - _gnutls_free_datum (y); - _gnutls_free_datum (p); - _gnutls_free_datum (g); - _gnutls_free_datum (q); - return ret; - } - - return 0; -} - /* Encodes the RSA parameters into an ASN.1 RSA private key structure. */ static int -- cgit v1.2.3