pem_decrypt.c
Go to the documentation of this file.
1 /**
2  * @file pem_decrypt.c
3  * @brief PEM file decryption
4  *
5  * @section License
6  *
7  * SPDX-License-Identifier: GPL-2.0-or-later
8  *
9  * Copyright (C) 2010-2024 Oryx Embedded SARL. All rights reserved.
10  *
11  * This file is part of CycloneCRYPTO Open.
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License
15  * as published by the Free Software Foundation; either version 2
16  * of the License, or (at your option) any later version.
17  *
18  * This program is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
21  * GNU General Public License for more details.
22  *
23  * You should have received a copy of the GNU General Public License
24  * along with this program; if not, write to the Free Software Foundation,
25  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
26  *
27  * @author Oryx Embedded SARL (www.oryx-embedded.com)
28  * @version 2.4.0
29  **/
30 
31 //Switch to the appropriate trace level
32 #define TRACE_LEVEL CRYPTO_TRACE_LEVEL
33 
34 //Dependencies
35 #include "core/crypto.h"
36 #include "pkix/pem_decrypt.h"
37 #include "pkix/pkcs5_decrypt.h"
38 #include "pkix/pkcs8_key_parse.h"
39 #include "cipher/cipher_algorithms.h"
40 #include "cipher_modes/cbc.h"
41 #include "hash/md5.h"
42 #include "debug.h"
43 
44 //Check crypto library configuration
45 #if (PEM_SUPPORT == ENABLED)
46 
47 
48 /**
49  * @brief PEM private key decryption
50  * @param[in] input Pointer to the encrypted private key (PEM format)
51  * @param[in] inputLen Length of the encrypted private key
52  * @param[in] password NULL-terminated string containing the password
53  * @param[out] output Pointer to decrypted private key (PEM format)
54  * @param[out] outputLen Length of the decrypted private key
55  * @return Error code
56  **/
57 
58 error_t pemDecryptPrivateKey(const char_t *input, size_t inputLen,
59  const char_t *password, char_t *output, size_t *outputLen)
60 {
61 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
62  error_t error;
63  size_t n;
64  uint8_t *buffer;
65  PemHeader header;
66  Pkcs8PrivateKeyInfo privateKeyInfo;
67 
68  //Check parameters
69  if(input == NULL || password == NULL || output == NULL || outputLen == NULL)
70  return ERROR_INVALID_PARAMETER;
71 
72  //Clear the PrivateKeyInfo structure
73  osMemset(&privateKeyInfo, 0, sizeof(Pkcs8PrivateKeyInfo));
74 
75 #if (RSA_SUPPORT == ENABLED)
76  //RSA private key?
77  if(pemDecodeFile(input, inputLen, "RSA PRIVATE KEY", NULL, &n, NULL,
78  NULL) == NO_ERROR)
79  {
80  //Allocate a memory buffer to hold the ASN.1 data
81  buffer = cryptoAllocMem(n);
82 
83  //Successful memory allocation?
84  if(buffer != NULL)
85  {
86  //Decode the content of the PEM container
87  error = pemDecodeFile(input, inputLen, "RSA PRIVATE KEY", buffer, &n,
88  &header, NULL);
89 
90  //Check status code
91  if(!error)
92  {
93  //Check whether the PEM file is encrypted
94  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
95  {
96  //Perform decryption
97  error = pemDecryptMessage(&header, password, buffer, n,
98  buffer, &n);
99  }
100  }
101 
102  //Check status code
103  if(!error)
104  {
105  //Read RSAPrivateKey structure
106  error = pkcs8ParseRsaPrivateKey(buffer, n,
107  &privateKeyInfo.rsaPrivateKey);
108  }
109 
110  //Check status code
111  if(!error)
112  {
113  //Export the RSA private key to PEM format
114  error = pemEncodeFile(buffer, n, "RSA PRIVATE KEY", output,
115  outputLen);
116  }
117 
118  //Release previously allocated memory
119  cryptoFreeMem(buffer);
120  }
121  else
122  {
123  //Failed to allocate memory
124  error = ERROR_OUT_OF_MEMORY;
125  }
126  }
127  else
128 #endif
129 #if (DSA_SUPPORT == ENABLED)
130  //DSA private key?
131  if(pemDecodeFile(input, inputLen, "DSA PRIVATE KEY", NULL, &n, NULL,
132  NULL) == NO_ERROR)
133  {
134  //Allocate a memory buffer to hold the ASN.1 data
135  buffer = cryptoAllocMem(n);
136 
137  //Successful memory allocation?
138  if(buffer != NULL)
139  {
140  //Decode the content of the PEM container
141  error = pemDecodeFile(input, inputLen, "DSA PRIVATE KEY", buffer, &n,
142  &header, NULL);
143 
144  //Check status code
145  if(!error)
146  {
147  //Check whether the PEM file is encrypted
148  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
149  {
150  //Perform decryption
151  error = pemDecryptMessage(&header, password, buffer, n,
152  buffer, &n);
153  }
154  }
155 
156  //Check status code
157  if(!error)
158  {
159  //Read DSAPrivateKey structure
160  error = pkcs8ParseDsaPrivateKey(buffer, n, &privateKeyInfo.dsaParams,
161  &privateKeyInfo.dsaPrivateKey);
162  }
163 
164  //Check status code
165  if(!error)
166  {
167  //Export the DSA private key to PEM format
168  error = pemEncodeFile(buffer, n, "DSA PRIVATE KEY", output,
169  outputLen);
170  }
171 
172  //Release previously allocated memory
173  cryptoFreeMem(buffer);
174  }
175  else
176  {
177  //Failed to allocate memory
178  error = ERROR_OUT_OF_MEMORY;
179  }
180  }
181  else
182 #endif
183 #if (EC_SUPPORT == ENABLED)
184  //EC private key?
185  if(pemDecodeFile(input, inputLen, "EC PRIVATE KEY", NULL, &n, NULL,
186  NULL) == NO_ERROR)
187  {
188  //Allocate a memory buffer to hold the ASN.1 data
189  buffer = cryptoAllocMem(n);
190 
191  //Successful memory allocation?
192  if(buffer != NULL)
193  {
194  //Decode the content of the PEM container
195  error = pemDecodeFile(input, inputLen, "EC PRIVATE KEY", buffer, &n,
196  &header, NULL);
197 
198  //Check status code
199  if(!error)
200  {
201  //Check whether the PEM file is encrypted
202  if(pemCompareString(&header.procType.type, "ENCRYPTED"))
203  {
204  //Perform decryption
205  error = pemDecryptMessage(&header, password, buffer, n,
206  buffer, &n);
207  }
208  }
209 
210  //Check status code
211  if(!error)
212  {
213  //Read ECPrivateKey structure
214  error = pkcs8ParseEcPrivateKey(buffer, n, &privateKeyInfo.ecParams,
215  &privateKeyInfo.ecPrivateKey);
216  }
217 
218  //Check status code
219  if(!error)
220  {
221  //Export the EC private key to PEM format
222  error = pemEncodeFile(buffer, n, "EC PRIVATE KEY", output,
223  outputLen);
224  }
225 
226  //Release previously allocated memory
227  cryptoFreeMem(buffer);
228  }
229  else
230  {
231  //Failed to allocate memory
232  error = ERROR_OUT_OF_MEMORY;
233  }
234  }
235  else
236 #endif
237  //PKCS #8 format private key?
238  if(pemDecodeFile(input, inputLen, "PRIVATE KEY", NULL, &n,
239  NULL, NULL) == NO_ERROR)
240  {
241  //Allocate a memory buffer to hold the ASN.1 data
242  buffer = cryptoAllocMem(n);
243 
244  //Successful memory allocation?
245  if(buffer != NULL)
246  {
247  //Decode the content of the PEM container
248  error = pemDecodeFile(input, inputLen, "PRIVATE KEY", buffer, &n,
249  NULL, NULL);
250 
251  //Check status code
252  if(!error)
253  {
254  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
255  error = pkcs8ParsePrivateKeyInfo(buffer, n, &privateKeyInfo);
256  }
257 
258  //Check status code
259  if(!error)
260  {
261  //Export the private key to PEM format
262  error = pemEncodeFile(buffer, n, "PRIVATE KEY", output, outputLen);
263  }
264 
265  //Release previously allocated memory
266  cryptoFreeMem(buffer);
267  }
268  else
269  {
270  //Failed to allocate memory
271  error = ERROR_OUT_OF_MEMORY;
272  }
273  }
274  //PKCS #8 format encrypted private key?
275  else if(pemDecodeFile(input, inputLen, "ENCRYPTED PRIVATE KEY", NULL, &n,
276  NULL, NULL) == NO_ERROR)
277  {
278  //Allocate a memory buffer to hold the ASN.1 data
279  buffer = cryptoAllocMem(n);
280 
281  //Successful memory allocation?
282  if(buffer != NULL)
283  {
284  uint8_t *data;
285  Pkcs8EncryptedPrivateKeyInfo encryptedPrivateKeyInfo;
286 
287  //Decode the content of the PEM container
288  error = pemDecodeFile(input, inputLen, "ENCRYPTED PRIVATE KEY", buffer,
289  &n, NULL, NULL);
290 
291  //Check status code
292  if(!error)
293  {
294  //Read the EncryptedPrivateKeyInfo structure (refer to RFC 5208,
295  //section 6)
296  error = pkcs8ParseEncryptedPrivateKeyInfo(buffer, n,
297  &encryptedPrivateKeyInfo);
298  }
299 
300  //Check status code
301  if(!error)
302  {
303  //Point to the encrypted data
304  data = (uint8_t *) encryptedPrivateKeyInfo.encryptedData.value;
305  n = encryptedPrivateKeyInfo.encryptedData.length;
306 
307  //Decrypt the private key information
308  error = pkcs5Decrypt(&encryptedPrivateKeyInfo.encryptionAlgo,
309  password, data, n, data, &n);
310  }
311 
312  //Check status code
313  if(!error)
314  {
315  //Read the PrivateKeyInfo structure (refer to RFC 5208, section 5)
316  error = pkcs8ParsePrivateKeyInfo(data, n, &privateKeyInfo);
317  }
318 
319  //Check status code
320  if(!error)
321  {
322  //Export the private key to PEM format
323  error = pemEncodeFile(data, n, "PRIVATE KEY", output, outputLen);
324  }
325 
326  //Release previously allocated memory
327  cryptoFreeMem(buffer);
328  }
329  else
330  {
331  //Failed to allocate memory
332  error = ERROR_OUT_OF_MEMORY;
333  }
334  }
335  else
336  {
337  //The PEM file does not contain a valid private key
338  error = ERROR_END_OF_FILE;
339  }
340 
341  //Return status code
342  return error;
343 #else
344  //Encrypted private keys are not supported
345  return ERROR_NOT_IMPLEMENTED;
346 #endif
347 }
348 
349 
350 /**
351  * @brief PEM message decryption
352  * @param[in] header PEM encapsulated header
353  * @param[in] password NULL-terminated string containing the password
354  * @param[in] ciphertext Pointer to the ciphertext data
355  * @param[in] ciphertextLen Length of the ciphertext data, in bytes
356  * @param[out] plaintext Pointer to the plaintext data
357  * @param[out] plaintextLen Length of the plaintext data, in bytes
358  * @return Error code
359  **/
360 
361 error_t pemDecryptMessage(const PemHeader *header, const char_t *password,
362  const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext,
363  size_t *plaintextLen)
364 {
365 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED)
366  error_t error;
367  size_t i;
368  size_t dkLen;
369  size_t psLen;
370  size_t passwordLen;
371  uint8_t dk[32];
372  uint8_t iv[16];
373  const CipherAlgo *cipherAlgo;
374 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
375  CipherContext *cipherContext;
376 #else
377  CipherContext cipherContext[1];
378 #endif
379 
380  //Check parameters
381  if(header == NULL || password == NULL || ciphertext == NULL ||
382  plaintext == NULL || plaintextLen == NULL)
383  {
384  return ERROR_INVALID_PARAMETER;
385  }
386 
387  //Messages processed according to RFC 1421 will carry the subfield value "4"
388  if(!pemCompareString(&header->procType.version, "4"))
389  return ERROR_INVALID_VERSION;
390 
391  //Retrieve cipher algorithm
392  cipherAlgo = pemGetCipherAlgo(&header->dekInfo.algo);
393  //Invalid cipher algorithm?
394  if(cipherAlgo == NULL)
395  return ERROR_UNSUPPORTED_CIPHER_ALGO;
396 
397  //Obtain the key length in octets for the derived key
398  dkLen = pemGetKeyLength(&header->dekInfo.algo);
399  //Invalid key length?
400  if(dkLen == 0)
401  return ERROR_UNSUPPORTED_CIPHER_ALGO;
402 
403  //If the length in octets of the ciphertext C is not a multiple of the block
404  //size, output a decryption error and stop
405  if((ciphertextLen % cipherAlgo->blockSize) != 0)
406  return ERROR_DECRYPTION_FAILED;
407 
408  //Extract the IV from the PEM encapsulated header
409  error = pemFormatIv(header, iv, cipherAlgo->blockSize);
410  //Any error to report?
411  if(error)
412  return error;
413 
414  //Retrieve the length of the password
415  passwordLen = osStrlen(password);
416 
417  //Apply the key derivation function to produce a derived key DK
418  error = pemKdf(password, passwordLen, iv, 8, dk, dkLen);
419  //Any error to report?
420  if(error)
421  return error;
422 
423 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
424  //Allocate a memory buffer to hold the cipher context
425  cipherContext = cryptoAllocMem(cipherAlgo->contextSize);
426  //Failed to allocate memory?
427  if(cipherContext == NULL)
428  return ERROR_OUT_OF_MEMORY;
429 #endif
430 
431  //Load encryption key DK
432  error = cipherAlgo->init(cipherContext, dk, dkLen);
433 
434  //Check status code
435  if(!error)
436  {
437  //Decrypt the ciphertext C with the underlying block cipher in CBC
438  //mode under the encryption key K with initialization vector IV to
439  //recover an encoded message EM
440  error = cbcDecrypt(cipherAlgo, cipherContext, iv, ciphertext,
441  plaintext, ciphertextLen);
442  }
443 
444  //Erase cipher context
445  cipherAlgo->deinit(cipherContext);
446 
447 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
448  //Release previously allocated memory
449  cryptoFreeMem(cipherContext);
450 #endif
451 
452  //Any error to report?
453  if(error)
454  return error;
455 
456  //Retrieve the length of the padding string PS
457  psLen = plaintext[ciphertextLen - 1];
458 
459  //Ensure that psLen is valid
460  if(psLen < 1 || psLen > cipherAlgo->blockSize)
461  return ERROR_DECRYPTION_FAILED;
462 
463  //Malformed padding?
464  if(psLen > ciphertextLen)
465  return ERROR_DECRYPTION_FAILED;
466 
467  //Verify padding string
468  for(i = 0; i < psLen; i++)
469  {
470  //The padding string PS consists of psLen octets each with value psLen
471  if(plaintext[ciphertextLen - i - 1] != psLen)
472  return ERROR_DECRYPTION_FAILED;
473  }
474 
475  //Strip padding bytes from the encoded message EM
476  *plaintextLen = ciphertextLen - psLen;
477 
478  //Successful processing
479  return NO_ERROR;
480 #else
481  //Encrypted private keys are not supported
482  return ERROR_DECRYPTION_FAILED;
483 #endif
484 }
485 
486 
487 /**
488  * @brief Extract the IV from the PEM encapsulated header
489  * @param[in] header PEM encapsulated header
490  * @param[out] iv Initialization vector
491  * @param[in] ivLen Length of the initialization vector, in bytes
492  * @return Error code
493  **/
494 
495 error_t pemFormatIv(const PemHeader *header, uint8_t *iv, size_t ivLen)
496 {
497  error_t error;
498  size_t i;
499  char_t *end;
500  char_t buffer[3];
501 
502  //Check the length of the IV
503  if(header->dekInfo.iv.length == (2 * ivLen))
504  {
505  //Initialize status code
506  error = NO_ERROR;
507 
508  //Extract the IV from the PEM encapsulated header
509  for(i = 0; i < ivLen && !error; i++)
510  {
511  //Hexadecimal representation of the current byte
512  buffer[0] = header->dekInfo.iv.value[2 * i];
513  buffer[1] = header->dekInfo.iv.value[2 * i + 1];
514  buffer[2] = '\0';
515 
516  //Convert the current byte
517  iv[i] = (uint8_t) osStrtoul(buffer, &end, 16);
518 
519  //Syntax error?
520  if(*end != '\0')
521  {
522  error = ERROR_INVALID_SYNTAX;
523  }
524  }
525  }
526  else
527  {
528  //Report an error
529  error = ERROR_INVALID_SYNTAX;
530  }
531 
532  //Return status code
533  return error;
534 }
535 
536 
537 /**
538  * @brief Key derivation function
539  * @param[in] p Password, an octet string
540  * @param[in] pLen Length in octets of password
541  * @param[in] s Salt, an octet string
542  * @param[in] sLen Length in octets of salt
543  * @param[out] dk Derived key
544  * @param[in] dkLen Intended length in octets of the derived key
545  * @return Error code
546  **/
547 
548 error_t pemKdf(const char_t *p, size_t pLen, const uint8_t *s, size_t sLen,
549  uint8_t *dk, size_t dkLen)
550 {
551 #if (PEM_ENCRYPTED_KEY_SUPPORT == ENABLED && MD5_SUPPORT == ENABLED)
552  size_t n;
553  uint8_t t[MD5_DIGEST_SIZE];
554 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
555  Md5Context *md5Context;
556 #else
557  Md5Context md5Context[1];
558 #endif
559 
560  //Check parameters
561  if(p == NULL || s == NULL || dk == NULL)
562  return ERROR_INVALID_PARAMETER;
563 
564 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
565  //Allocate a memory buffer to hold the MD5 context
566  md5Context = cryptoAllocMem(sizeof(Md5Context));
567  //Failed to allocate memory?
568  if(md5Context == NULL)
569  return ERROR_OUT_OF_MEMORY;
570 #endif
571 
572  //Apply the hash function to generate the first block
573  md5Init(md5Context);
574  md5Update(md5Context, p, pLen);
575  md5Update(md5Context, s, sLen);
576  md5Final(md5Context, t);
577 
578  //Save the resulting block
579  n = MIN(dkLen, MD5_DIGEST_SIZE);
580  osMemcpy(dk, t, n);
581 
582  //Point to the next block
583  dk += n;
584  dkLen -= n;
585 
586  //Generate subsequent blocks
587  while(dkLen > 0)
588  {
589  //Apply the hash function to generate a new block
590  md5Init(md5Context);
591  md5Update(md5Context, t, MD5_DIGEST_SIZE);
592  md5Update(md5Context, p, pLen);
593  md5Update(md5Context, s, sLen);
594  md5Final(md5Context, t);
595 
596  //Save the resulting block
597  n = MIN(dkLen, MD5_DIGEST_SIZE);
598  osMemcpy(dk, t, n);
599 
600  //Point to the next block
601  dk += n;
602  dkLen -= n;
603  }
604 
605 #if (CRYPTO_STATIC_MEM_SUPPORT == DISABLED)
606  //Free previously allocated memory
607  cryptoFreeMem(md5Context);
608 #endif
609 
610  //Successful processing
611  return NO_ERROR;
612 #else
613  //Encrypted private keys are not supported
614  return ERROR_NOT_IMPLEMENTED;
615 #endif
616 }
617 
618 #endif
md5Update
void md5Update(Md5Context *context, const void *data, size_t length)
Update the MD5 context with a portion of the message being hashed.
Definition: apm32f4xx_crypto_hash.c:153
cbcDecrypt
__weak_func error_t cbcDecrypt(const CipherAlgo *cipher, void *context, uint8_t *iv, const uint8_t *c, uint8_t *p, size_t length)
CBC decryption.
Definition: cbc.c:108
cbc.h
Cipher Block Chaining (CBC) mode.
cipher_algorithms.h
Collection of AEAD algorithms.
char_t
char char_t
Definition: compiler_port.h:48
crypto.h
General definitions for cryptographic algorithms.
cryptoAllocMem
#define cryptoAllocMem(size)
Definition: crypto.h:765
cryptoFreeMem
#define cryptoFreeMem(p)
Definition: crypto.h:770
debug.h
Debugging facilities.
n
uint8_t n
Definition: dhcpv6_common.h:416
error_t
error_t
Error codes.
Definition: error.h:43
ERROR_UNSUPPORTED_CIPHER_ALGO
@ ERROR_UNSUPPORTED_CIPHER_ALGO
Definition: error.h:129
ERROR_DECRYPTION_FAILED
@ ERROR_DECRYPTION_FAILED
Definition: error.h:241
ERROR_END_OF_FILE
@ ERROR_END_OF_FILE
Definition: error.h:159
ERROR_INVALID_SYNTAX
@ ERROR_INVALID_SYNTAX
Definition: error.h:68
ERROR_NOT_IMPLEMENTED
@ ERROR_NOT_IMPLEMENTED
Definition: error.h:66
NO_ERROR
@ NO_ERROR
Success.
Definition: error.h:44
ERROR_OUT_OF_MEMORY
@ ERROR_OUT_OF_MEMORY
Definition: error.h:63
ERROR_INVALID_PARAMETER
@ ERROR_INVALID_PARAMETER
Invalid parameter.
Definition: error.h:47
ERROR_INVALID_VERSION
@ ERROR_INVALID_VERSION
Definition: error.h:118
data
uint8_t data[]
Definition: ethernet.h:222
iv
uint8_t iv[]
Definition: ike.h:1502
t
uint8_t t
Definition: lldp_ext_med.h:212
md5.h
MD5 (Message-Digest Algorithm)
MD5_DIGEST_SIZE
#define MD5_DIGEST_SIZE
Definition: md5.h:45
md5Init
void md5Init(Md5Context *context)
Initialize MD5 message digest context.
Definition: msp432e4_crypto_hash.c:189
md5Final
void md5Final(Md5Context *context, uint8_t *digest)
Finish the MD5 message digest.
Definition: msp432e4_crypto_hash.c:292
s
uint8_t s
Definition: ndp.h:345
p
uint8_t p
Definition: ndp.h:300
osMemset
#define osMemset(p, value, length)
Definition: os_port.h:135
osMemcpy
#define osMemcpy(dest, src, length)
Definition: os_port.h:141
MIN
#define MIN(a, b)
Definition: os_port.h:63
osStrlen
#define osStrlen(s)
Definition: os_port.h:165
osStrtoul
#define osStrtoul(s, endptr, base)
Definition: os_port.h:249
pemDecodeFile
error_t pemDecodeFile(const char_t *input, size_t inputLen, const char_t *label, uint8_t *output, size_t *outputLen, PemHeader *header, size_t *consumed)
Convert PEM container to ASN.1 format.
Definition: pem_common.c:58
pemEncodeFile
error_t pemEncodeFile(const void *input, size_t inputLen, const char_t *label, char_t *output, size_t *outputLen)
Convert ASN.1 data to PEM encoding.
Definition: pem_common.c:118
pemGetKeyLength
uint_t pemGetKeyLength(const PemString *algo)
Get the encryption key length to be used for PEM encryption/decryption.
Definition: pem_common.c:624
pemGetCipherAlgo
const CipherAlgo * pemGetCipherAlgo(const PemString *algo)
Get the cipher algorithm to be used for PEM encryption/decryption.
Definition: pem_common.c:526
pemCompareString
bool_t pemCompareString(const PemString *string, const char_t *value)
Compare a string against the supplied value.
Definition: pem_common.c:414
pemDecryptPrivateKey
error_t pemDecryptPrivateKey(const char_t *input, size_t inputLen, const char_t *password, char_t *output, size_t *outputLen)
PEM private key decryption.
Definition: pem_decrypt.c:58
pemDecryptMessage
error_t pemDecryptMessage(const PemHeader *header, const char_t *password, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen)
PEM message decryption.
Definition: pem_decrypt.c:361
pemFormatIv
error_t pemFormatIv(const PemHeader *header, uint8_t *iv, size_t ivLen)
Extract the IV from the PEM encapsulated header.
Definition: pem_decrypt.c:495
pemKdf
error_t pemKdf(const char_t *p, size_t pLen, const uint8_t *s, size_t sLen, uint8_t *dk, size_t dkLen)
Key derivation function.
Definition: pem_decrypt.c:548
pem_decrypt.h
PEM file decryption.
pkcs5Decrypt
error_t pkcs5Decrypt(const X509AlgoId *encryptionAlgoId, const char_t *password, const uint8_t *ciphertext, size_t ciphertextLen, uint8_t *plaintext, size_t *plaintextLen)
PKCS #5 decryption operation.
Definition: pkcs5_decrypt.c:61
pkcs5_decrypt.h
PKCS #5 decryption routines.
pkcs8ParseRsaPrivateKey
error_t pkcs8ParseRsaPrivateKey(const uint8_t *data, size_t length, Pkcs8RsaPrivateKey *rsaPrivateKey)
Parse RSAPrivateKey structure.
Definition: pkcs8_key_parse.c:294
pkcs8ParseDsaPrivateKey
error_t pkcs8ParseDsaPrivateKey(const uint8_t *data, size_t length, X509DsaParameters *dsaParams, Pkcs8DsaPrivateKey *dsaPrivateKey)
Parse DSAPrivateKey structure.
Definition: pkcs8_key_parse.c:490
pkcs8ParseEcPrivateKey
error_t pkcs8ParseEcPrivateKey(const uint8_t *data, size_t length, X509EcParameters *ecParams, Pkcs8EcPrivateKey *ecPrivateKey)
Parse ECPrivateKey structure.
Definition: pkcs8_key_parse.c:631
pkcs8ParseEncryptedPrivateKeyInfo
error_t pkcs8ParseEncryptedPrivateKeyInfo(const uint8_t *data, size_t length, Pkcs8EncryptedPrivateKeyInfo *encryptedPrivateKeyInfo)
Parse EncryptedPrivateKeyInfo structure.
Definition: pkcs8_key_parse.c:741
pkcs8ParsePrivateKeyInfo
error_t pkcs8ParsePrivateKeyInfo(const uint8_t *data, size_t length, Pkcs8PrivateKeyInfo *privateKeyInfo)
Parse PrivateKeyInfo structure.
Definition: pkcs8_key_parse.c:54
pkcs8_key_parse.h
PKCS #8 key parsing.
CipherAlgo
Common interface for encryption algorithms.
Definition: crypto.h:1036
CipherAlgo::contextSize
size_t contextSize
Definition: crypto.h:1038
CipherAlgo::deinit
CipherAlgoDeinit deinit
Definition: crypto.h:1046
CipherAlgo::blockSize
size_t blockSize
Definition: crypto.h:1040
CipherAlgo::init
CipherAlgoInit init
Definition: crypto.h:1041
Md5Context
MD5 algorithm context.
Definition: md5.h:62
PemDekInfo::algo
PemString algo
Definition: pem_common.h:120
PemDekInfo::iv
PemString iv
Definition: pem_common.h:121
PemHeader
PEM encapsulated header.
Definition: pem_common.h:130
PemHeader::procType
PemProcType procType
Definition: pem_common.h:131
PemHeader::dekInfo
PemDekInfo dekInfo
Definition: pem_common.h:132
PemProcType::version
PemString version
Definition: pem_common.h:109
PemProcType::type
PemString type
Definition: pem_common.h:110
PemString::value
const char_t * value
Definition: pem_common.h:98
PemString::length
size_t length
Definition: pem_common.h:99
Pkcs8EncryptedPrivateKeyInfo
Encrypted private key information.
Definition: pkcs8_key_parse.h:123
Pkcs8PrivateKeyInfo
Private key information.
Definition: pkcs8_key_parse.h:98
Pkcs8PrivateKeyInfo::dsaPrivateKey
Pkcs8DsaPrivateKey dsaPrivateKey
Definition: pkcs8_key_parse.h:106
Pkcs8PrivateKeyInfo::rsaPrivateKey
Pkcs8RsaPrivateKey rsaPrivateKey
Definition: pkcs8_key_parse.h:102
Pkcs8PrivateKeyInfo::dsaParams
X509DsaParameters dsaParams
Definition: pkcs8_key_parse.h:105
Pkcs8PrivateKeyInfo::ecParams
X509EcParameters ecParams
Definition: pkcs8_key_parse.h:109
Pkcs8PrivateKeyInfo::ecPrivateKey
Pkcs8EcPrivateKey ecPrivateKey
Definition: pkcs8_key_parse.h:110
X509OctetString::value
const uint8_t * value
Definition: x509_common.h:647
CipherContext
Generic cipher algorithm context.
Definition: cipher_algorithms.h:209