gitee.com/ks-custle/core-gm@v0.0.0-20230922171213-b83bdd97b62c/xcrypto/pkcs12/pkcs12.go (about) 1 // Copyright 2015 The Go Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style 3 // license that can be found in the LICENSE file. 4 5 // Package pkcs12 implements some of PKCS#12. 6 // 7 // This implementation is distilled from https://tools.ietf.org/html/rfc7292 8 // and referenced documents. It is intended for decoding P12/PFX-stored 9 // certificates and keys for use with the crypto/tls package. 10 // 11 // This package is frozen. If it's missing functionality you need, consider 12 // an alternative like software.sslmate.com/src/go-pkcs12. 13 package pkcs12 14 15 import ( 16 "crypto/ecdsa" 17 "crypto/rsa" 18 "crypto/x509/pkix" 19 "encoding/asn1" 20 "encoding/hex" 21 "encoding/pem" 22 "errors" 23 24 "gitee.com/ks-custle/core-gm/sm2" 25 "gitee.com/ks-custle/core-gm/x509" 26 ) 27 28 var ( 29 oidDataContentType = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 7, 1}) 30 oidEncryptedDataContentType = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 7, 6}) 31 32 oidFriendlyName = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 20}) 33 oidLocalKeyID = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21}) 34 oidMicrosoftCSPName = asn1.ObjectIdentifier([]int{1, 3, 6, 1, 4, 1, 311, 17, 1}) 35 36 errUnknownAttributeOID = errors.New("pkcs12: unknown attribute OID") 37 ) 38 39 type pfxPdu struct { 40 Version int 41 AuthSafe contentInfo 42 MacData macData `asn1:"optional"` 43 } 44 45 type contentInfo struct { 46 ContentType asn1.ObjectIdentifier 47 Content asn1.RawValue `asn1:"tag:0,explicit,optional"` 48 } 49 50 type encryptedData struct { 51 Version int 52 EncryptedContentInfo encryptedContentInfo 53 } 54 55 type encryptedContentInfo struct { 56 ContentType asn1.ObjectIdentifier 57 ContentEncryptionAlgorithm pkix.AlgorithmIdentifier 58 EncryptedContent []byte `asn1:"tag:0,optional"` 59 } 60 61 func (i encryptedContentInfo) Algorithm() pkix.AlgorithmIdentifier { 62 return i.ContentEncryptionAlgorithm 63 } 64 65 func (i encryptedContentInfo) Data() []byte { return i.EncryptedContent } 66 67 type safeBag struct { 68 Id asn1.ObjectIdentifier 69 Value asn1.RawValue `asn1:"tag:0,explicit"` 70 Attributes []pkcs12Attribute `asn1:"set,optional"` 71 } 72 73 type pkcs12Attribute struct { 74 Id asn1.ObjectIdentifier 75 Value asn1.RawValue `asn1:"set"` 76 } 77 78 type encryptedPrivateKeyInfo struct { 79 AlgorithmIdentifier pkix.AlgorithmIdentifier 80 EncryptedData []byte 81 } 82 83 func (i encryptedPrivateKeyInfo) Algorithm() pkix.AlgorithmIdentifier { 84 return i.AlgorithmIdentifier 85 } 86 87 func (i encryptedPrivateKeyInfo) Data() []byte { 88 return i.EncryptedData 89 } 90 91 // PEM block types 92 const ( 93 certificateType = "CERTIFICATE" 94 privateKeyType = "PRIVATE KEY" 95 ) 96 97 // unmarshal calls asn1.Unmarshal, but also returns an error if there is any 98 // trailing data after unmarshaling. 99 func unmarshal(in []byte, out interface{}) error { 100 trailing, err := asn1.Unmarshal(in, out) 101 if err != nil { 102 return err 103 } 104 if len(trailing) != 0 { 105 return errors.New("pkcs12: trailing data found") 106 } 107 return nil 108 } 109 110 // ToPEM converts all "safe bags" contained in pfxData to PEM blocks. 111 // Unknown attributes are discarded. 112 // 113 // Note that although the returned PEM blocks for private keys have type 114 // "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according 115 // to PKCS #1 for RSA keys and SEC 1 for ECDSA keys. 116 func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) { 117 encodedPassword, err := bmpString(password) 118 if err != nil { 119 return nil, ErrIncorrectPassword 120 } 121 122 bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword) 123 124 if err != nil { 125 return nil, err 126 } 127 128 blocks := make([]*pem.Block, 0, len(bags)) 129 for _, bag := range bags { 130 block, err := convertBag(&bag, encodedPassword) 131 if err != nil { 132 return nil, err 133 } 134 blocks = append(blocks, block) 135 } 136 137 return blocks, nil 138 } 139 140 func convertBag(bag *safeBag, password []byte) (*pem.Block, error) { 141 block := &pem.Block{ 142 Headers: make(map[string]string), 143 } 144 145 for _, attribute := range bag.Attributes { 146 k, v, err := convertAttribute(&attribute) 147 if err == errUnknownAttributeOID { 148 continue 149 } 150 if err != nil { 151 return nil, err 152 } 153 block.Headers[k] = v 154 } 155 156 switch { 157 case bag.Id.Equal(oidCertBag): 158 block.Type = certificateType 159 certsData, err := decodeCertBag(bag.Value.Bytes) 160 if err != nil { 161 return nil, err 162 } 163 block.Bytes = certsData 164 case bag.Id.Equal(oidPKCS8ShroundedKeyBag): 165 block.Type = privateKeyType 166 167 key, err := decodePkcs8ShroudedKeyBag(bag.Value.Bytes, password) 168 if err != nil { 169 return nil, err 170 } 171 172 switch key := key.(type) { 173 case *rsa.PrivateKey: 174 block.Bytes = x509.MarshalPKCS1PrivateKey(key) 175 case *sm2.PrivateKey, *ecdsa.PrivateKey: 176 block.Bytes, err = x509.MarshalECPrivateKey(key) 177 if err != nil { 178 return nil, err 179 } 180 default: 181 return nil, errors.New("found unknown private key type in PKCS#8 wrapping") 182 } 183 default: 184 return nil, errors.New("don't know how to convert a safe bag of type " + bag.Id.String()) 185 } 186 return block, nil 187 } 188 189 func convertAttribute(attribute *pkcs12Attribute) (key, value string, err error) { 190 isString := false 191 192 switch { 193 case attribute.Id.Equal(oidFriendlyName): 194 key = "friendlyName" 195 isString = true 196 case attribute.Id.Equal(oidLocalKeyID): 197 key = "localKeyId" 198 case attribute.Id.Equal(oidMicrosoftCSPName): 199 // This key is chosen to match OpenSSL. 200 key = "Microsoft CSP Name" 201 isString = true 202 default: 203 return "", "", errUnknownAttributeOID 204 } 205 206 if isString { 207 if err := unmarshal(attribute.Value.Bytes, &attribute.Value); err != nil { 208 return "", "", err 209 } 210 if value, err = decodeBMPString(attribute.Value.Bytes); err != nil { 211 return "", "", err 212 } 213 } else { 214 var id []byte 215 if err := unmarshal(attribute.Value.Bytes, &id); err != nil { 216 return "", "", err 217 } 218 value = hex.EncodeToString(id) 219 } 220 221 return key, value, nil 222 } 223 224 // Decode extracts a certificate and private key from pfxData. This function 225 // assumes that there is only one certificate and only one private key in the 226 // pfxData; if there are more use ToPEM instead. 227 func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) { 228 encodedPassword, err := bmpString(password) 229 if err != nil { 230 return nil, nil, err 231 } 232 233 bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword) 234 if err != nil { 235 return nil, nil, err 236 } 237 238 if len(bags) != 2 { 239 err = errors.New("pkcs12: expected exactly two safe bags in the PFX PDU") 240 return 241 } 242 243 for _, bag := range bags { 244 switch { 245 case bag.Id.Equal(oidCertBag): 246 if certificate != nil { 247 err = errors.New("pkcs12: expected exactly one certificate bag") 248 } 249 250 certsData, err := decodeCertBag(bag.Value.Bytes) 251 if err != nil { 252 return nil, nil, err 253 } 254 certs, err := x509.ParseCertificates(certsData) 255 if err != nil { 256 return nil, nil, err 257 } 258 if len(certs) != 1 { 259 err = errors.New("pkcs12: expected exactly one certificate in the certBag") 260 return nil, nil, err 261 } 262 certificate = certs[0] 263 264 case bag.Id.Equal(oidPKCS8ShroundedKeyBag): 265 if privateKey != nil { 266 err = errors.New("pkcs12: expected exactly one key bag") 267 return nil, nil, err 268 } 269 270 if privateKey, err = decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword); err != nil { 271 return nil, nil, err 272 } 273 } 274 } 275 276 if certificate == nil { 277 return nil, nil, errors.New("pkcs12: certificate missing") 278 } 279 if privateKey == nil { 280 return nil, nil, errors.New("pkcs12: private key missing") 281 } 282 283 return 284 } 285 286 func getSafeContents(p12Data, password []byte) (bags []safeBag, updatedPassword []byte, err error) { 287 pfx := new(pfxPdu) 288 if err := unmarshal(p12Data, pfx); err != nil { 289 return nil, nil, errors.New("pkcs12: error reading P12 data: " + err.Error()) 290 } 291 292 if pfx.Version != 3 { 293 return nil, nil, NotImplementedError("can only decode v3 PFX PDU's") 294 } 295 296 if !pfx.AuthSafe.ContentType.Equal(oidDataContentType) { 297 return nil, nil, NotImplementedError("only password-protected PFX is implemented") 298 } 299 300 // unmarshal the explicit bytes in the content for type 'data' 301 if err := unmarshal(pfx.AuthSafe.Content.Bytes, &pfx.AuthSafe.Content); err != nil { 302 return nil, nil, err 303 } 304 305 if len(pfx.MacData.Mac.Algorithm.Algorithm) == 0 { 306 return nil, nil, errors.New("pkcs12: no MAC in data") 307 } 308 309 if err := verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password); err != nil { 310 if err == ErrIncorrectPassword && len(password) == 2 && password[0] == 0 && password[1] == 0 { 311 // some implementations use an empty byte array 312 // for the empty string password try one more 313 // time with empty-empty password 314 password = nil 315 err = verifyMac(&pfx.MacData, pfx.AuthSafe.Content.Bytes, password) 316 } 317 if err != nil { 318 return nil, nil, err 319 } 320 } 321 322 var authenticatedSafe []contentInfo 323 if err := unmarshal(pfx.AuthSafe.Content.Bytes, &authenticatedSafe); err != nil { 324 return nil, nil, err 325 } 326 327 if len(authenticatedSafe) != 2 { 328 return nil, nil, NotImplementedError("expected exactly two items in the authenticated safe") 329 } 330 331 for _, ci := range authenticatedSafe { 332 var data []byte 333 334 switch { 335 case ci.ContentType.Equal(oidDataContentType): 336 if err := unmarshal(ci.Content.Bytes, &data); err != nil { 337 return nil, nil, err 338 } 339 case ci.ContentType.Equal(oidEncryptedDataContentType): 340 var encryptedData encryptedData 341 if err := unmarshal(ci.Content.Bytes, &encryptedData); err != nil { 342 return nil, nil, err 343 } 344 if encryptedData.Version != 0 { 345 return nil, nil, NotImplementedError("only version 0 of EncryptedData is supported") 346 } 347 if data, err = pbDecrypt(encryptedData.EncryptedContentInfo, password); err != nil { 348 return nil, nil, err 349 } 350 default: 351 return nil, nil, NotImplementedError("only data and encryptedData content types are supported in authenticated safe") 352 } 353 354 var safeContents []safeBag 355 if err := unmarshal(data, &safeContents); err != nil { 356 return nil, nil, err 357 } 358 bags = append(bags, safeContents...) 359 } 360 361 return bags, password, nil 362 }