tasign 0.2.3

TA ELF signing utilities with CMS/PKCS#7 support
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

//! GmSSL `ENCRYPTED PRIVATE KEY` decryption via `tee_crypto`.

extern crate alloc;

use alloc::format;
use alloc::vec::Vec;

use crate::crypto::gmssl_pkcs8_parse::parse_gmssl_encrypted_pkcs8_der;
use crate::crypto::CryptoError;

use super::map::map_tee_err;

/// Decrypt GmSSL-encrypted PKCS#8 DER to plaintext `PrivateKeyInfo` DER.
pub fn decrypt_gmssl_encrypted_pkcs8_der(enc_der: &[u8], pass: &str) -> Result<Vec<u8>, CryptoError> {
    let params = parse_gmssl_encrypted_pkcs8_der(enc_der)?;
    let dk = tee_crypto::kdf::pbkdf2_hmac_sm3(
        pass.as_bytes(),
        params.salt,
        params.iterations,
        params.dk_len,
    )
    .map_err(map_tee_err)?;
    let plain = tee_crypto::cipher::sm4_cbc_decrypt(&dk, params.iv, params.enc_data)
        .map_err(map_tee_err)?;
    pkcs8::PrivateKeyInfoRef::try_from(plain.as_slice())
        .map_err(|e| CryptoError::Message(format!("pkcs8: {e}")))?;
    Ok(plain)
}