@@ -22,7 +22,6 @@
#ifndef QCRYPTO_RSAKEY_H
#define QCRYPTO_RSAKEY_H
-#include "qemu/osdep.h"
#include "qemu/host-utils.h"
#include "crypto/akcipher.h"
@@ -84,6 +83,16 @@ QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
QCryptoAkCipherKeyType type,
const uint8_t *key, size_t keylen, Error **errp);
+/**
+ * qcrypto_akcipher_rsakey_export_as_p8info:
+ *
+ * Export RSA private key to PKCS#8 private key info.
+ */
+void qcrypto_akcipher_rsakey_export_p8info(const uint8_t *key,
+ size_t keylen,
+ uint8_t **dst,
+ size_t *dlen);
+
void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *key);
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipherRSAKey,
@@ -153,6 +153,27 @@ int qcrypto_akcipher_max_dgst_len(QCryptoAkCipher *akcipher);
*/
void qcrypto_akcipher_free(QCryptoAkCipher *akcipher);
+/**
+ * qcrypto_akcipher_export_p8info:
+ * @opts: the options of the akcipher to be exported.
+ * @key: the original key of the akcipher to be exported.
+ * @keylen: length of the 'key'
+ * @dst: output parameter, if export succeed, *dst is set to the
+ * PKCS#8 encoded private key, caller MUST free this key with
+ * g_free after use.
+ * @dst_len: output parameter, indicates the length of PKCS#8 encoded
+ * key.
+ *
+ * Export the akcipher into DER encoded pkcs#8 private key info, expects
+ * |key| stores a valid asymmetric PRIVATE key.
+ *
+ * Returns: 0 for succeed, otherwise -1 is returned.
+ */
+int qcrypto_akcipher_export_p8info(const QCryptoAkCipherOptions *opts,
+ uint8_t *key, size_t keylen,
+ uint8_t **dst, size_t *dst_len,
+ Error **errp);
+
G_DEFINE_AUTOPTR_CLEANUP_FUNC(QCryptoAkCipher, qcrypto_akcipher_free)
#endif /* QCRYPTO_AKCIPHER_H */
@@ -22,6 +22,8 @@
#include "qemu/osdep.h"
#include "crypto/akcipher.h"
#include "akcipherpriv.h"
+#include "der.h"
+#include "rsakey.h"
#if defined(CONFIG_GCRYPT)
#include "akcipher-gcrypt.c.inc"
@@ -106,3 +108,19 @@ void qcrypto_akcipher_free(QCryptoAkCipher *akcipher)
drv->free(akcipher);
}
+
+int qcrypto_akcipher_export_p8info(const QCryptoAkCipherOptions *opts,
+ uint8_t *key, size_t keylen,
+ uint8_t **dst, size_t *dst_len,
+ Error **errp)
+{
+ switch (opts->alg) {
+ case QCRYPTO_AKCIPHER_ALG_RSA:
+ qcrypto_akcipher_rsakey_export_p8info(key, keylen, dst, dst_len);
+ return 0;
+
+ default:
+ error_setg(errp, "Unsupported algorithm: %u", opts->alg);
+ return -1;
+ }
+}
@@ -19,6 +19,8 @@
*
*/
+#include "qemu/osdep.h"
+#include "der.h"
#include "rsakey.h"
void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *rsa_key)
@@ -37,6 +39,46 @@ void qcrypto_akcipher_rsakey_free(QCryptoAkCipherRSAKey *rsa_key)
g_free(rsa_key);
}
+/**
+ * PKCS#8 private key info for RSA
+ *
+ * PrivateKeyInfo ::= SEQUENCE {
+ * version INTEGER,
+ * privateKeyAlgorithm PrivateKeyAlgorithmIdentifier,
+ * privateKey OCTET STRING,
+ * attributes [0] IMPLICIT Attributes OPTIONAL
+ * }
+ */
+void qcrypto_akcipher_rsakey_export_p8info(const uint8_t *key,
+ size_t keylen,
+ uint8_t **dst,
+ size_t *dlen)
+{
+ QCryptoEncodeContext *ctx = qcrypto_der_encode_ctx_new();
+ uint8_t version = 0;
+
+ qcrypto_der_encode_seq_begin(ctx);
+
+ /* version */
+ qcrypto_der_encode_int(ctx, &version, sizeof(version));
+
+ /* algorithm identifier */
+ qcrypto_der_encode_seq_begin(ctx);
+ qcrypto_der_encode_oid(ctx, (uint8_t *)QCRYPTO_OID_rsaEncryption,
+ sizeof(QCRYPTO_OID_rsaEncryption) - 1);
+ qcrypto_der_encode_null(ctx);
+ qcrypto_der_encode_seq_end(ctx);
+
+ /* RSA private key */
+ qcrypto_der_encode_octet_str(ctx, key, keylen);
+
+ qcrypto_der_encode_seq_end(ctx);
+
+ *dlen = qcrypto_der_encode_ctx_buffer_len(ctx);
+ *dst = g_malloc(*dlen);
+ qcrypto_der_encode_ctx_flush_and_free(ctx, *dst);
+}
+
#if defined(CONFIG_NETTLE) && defined(CONFIG_HOGWEED)
#include "rsakey-nettle.c.inc"
#else