Home | History | Annotate | Download | only in pkcs12 
      1 /* p12_add.c */
      2 /* Written by Dr Stephen N Henson (steve (at) openssl.org) for the OpenSSL
      3  * project 1999.
      4  */
      5 /* ====================================================================
      6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
      7  *
      8  * Redistribution and use in source and binary forms, with or without
      9  * modification, are permitted provided that the following conditions
     10  * are met:
     11  *
     12  * 1. Redistributions of source code must retain the above copyright
     13  *    notice, this list of conditions and the following disclaimer.
     14  *
     15  * 2. Redistributions in binary form must reproduce the above copyright
     16  *    notice, this list of conditions and the following disclaimer in
     17  *    the documentation and/or other materials provided with the
     18  *    distribution.
     19  *
     20  * 3. All advertising materials mentioning features or use of this
     21  *    software must display the following acknowledgment:
     22  *    "This product includes software developed by the OpenSSL Project
     23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
     24  *
     25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
     26  *    endorse or promote products derived from this software without
     27  *    prior written permission. For written permission, please contact
     28  *    licensing (at) OpenSSL.org.
     29  *
     30  * 5. Products derived from this software may not be called "OpenSSL"
     31  *    nor may "OpenSSL" appear in their names without prior written
     32  *    permission of the OpenSSL Project.
     33  *
     34  * 6. Redistributions of any form whatsoever must retain the following
     35  *    acknowledgment:
     36  *    "This product includes software developed by the OpenSSL Project
     37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
     38  *
     39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
     40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
     42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
     43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
     46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
     48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
     49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
     50  * OF THE POSSIBILITY OF SUCH DAMAGE.
     51  * ====================================================================
     52  *
     53  * This product includes cryptographic software written by Eric Young
     54  * (eay (at) cryptsoft.com).  This product includes software written by Tim
     55  * Hudson (tjh (at) cryptsoft.com).
     56  *
     57  */
     58 
     59 #include <stdio.h>
     60 #include "cryptlib.h"
     61 #include <openssl/pkcs12.h>
     62 
     63 /* Pack an object into an OCTET STRING and turn into a safebag */
     64 
     65 PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
     66 	     int nid2)
     67 {
     68 	PKCS12_BAGS *bag;
     69 	PKCS12_SAFEBAG *safebag;
     70 	if (!(bag = PKCS12_BAGS_new())) {
     71 		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
     72 		return NULL;
     73 	}
     74 	bag->type = OBJ_nid2obj(nid1);
     75 	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
     76 		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
     77 		return NULL;
     78 	}
     79 	if (!(safebag = PKCS12_SAFEBAG_new())) {
     80 		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
     81 		return NULL;
     82 	}
     83 	safebag->value.bag = bag;
     84 	safebag->type = OBJ_nid2obj(nid2);
     85 	return safebag;
     86 }
     87 
     88 /* Turn PKCS8 object into a keybag */
     89 
     90 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
     91 {
     92 	PKCS12_SAFEBAG *bag;
     93 	if (!(bag = PKCS12_SAFEBAG_new())) {
     94 		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
     95 		return NULL;
     96 	}
     97 	bag->type = OBJ_nid2obj(NID_keyBag);
     98 	bag->value.keybag = p8;
     99 	return bag;
    100 }
    101 
    102 /* Turn PKCS8 object into a shrouded keybag */
    103 
    104 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
    105 	     int passlen, unsigned char *salt, int saltlen, int iter,
    106 	     PKCS8_PRIV_KEY_INFO *p8)
    107 {
    108 	PKCS12_SAFEBAG *bag;
    109 	const EVP_CIPHER *pbe_ciph;
    110 
    111 	/* Set up the safe bag */
    112 	if (!(bag = PKCS12_SAFEBAG_new())) {
    113 		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
    114 		return NULL;
    115 	}
    116 
    117 	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
    118 
    119 	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
    120 
    121 	if (pbe_ciph)
    122 		pbe_nid = -1;
    123 
    124 	if (!(bag->value.shkeybag =
    125 	  PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
    126 									 p8))) {
    127 		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
    128 		return NULL;
    129 	}
    130 
    131 	return bag;
    132 }
    133 
    134 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
    135 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
    136 {
    137 	PKCS7 *p7;
    138 	if (!(p7 = PKCS7_new())) {
    139 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
    140 		return NULL;
    141 	}
    142 	p7->type = OBJ_nid2obj(NID_pkcs7_data);
    143 	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
    144 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
    145 		return NULL;
    146 	}
    147 
    148 	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
    149 		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
    150 		return NULL;
    151 	}
    152 	return p7;
    153 }
    154 
    155 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
    156 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
    157 {
    158 	if(!PKCS7_type_is_data(p7))
    159 		{
    160 		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
    161 		return NULL;
    162 		}
    163 	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
    164 }
    165 
    166 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
    167 
    168 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
    169 			      unsigned char *salt, int saltlen, int iter,
    170 			      STACK_OF(PKCS12_SAFEBAG) *bags)
    171 {
    172 	PKCS7 *p7;
    173 	X509_ALGOR *pbe;
    174 	const EVP_CIPHER *pbe_ciph;
    175 	if (!(p7 = PKCS7_new())) {
    176 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
    177 		return NULL;
    178 	}
    179 	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
    180 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
    181 				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
    182 		return NULL;
    183 	}
    184 
    185 	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
    186 
    187 	if (pbe_ciph)
    188 		pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
    189 	else
    190 		pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
    191 
    192 	if (!pbe) {
    193 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
    194 		return NULL;
    195 	}
    196 	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
    197 	p7->d.encrypted->enc_data->algorithm = pbe;
    198 	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
    199 	if (!(p7->d.encrypted->enc_data->enc_data =
    200 	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
    201 				 bags, 1))) {
    202 		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
    203 		return NULL;
    204 	}
    205 
    206 	return p7;
    207 }
    208 
    209 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
    210 {
    211 	if(!PKCS7_type_is_encrypted(p7)) return NULL;
    212 	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
    213 			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
    214 				   pass, passlen,
    215 			           p7->d.encrypted->enc_data->enc_data, 1);
    216 }
    217 
    218 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
    219 								int passlen)
    220 {
    221 	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
    222 }
    223 
    224 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
    225 {
    226 	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
    227 		&p12->authsafes->d.data))
    228 			return 1;
    229 	return 0;
    230 }
    231 
    232 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
    233 {
    234 	if (!PKCS7_type_is_data(p12->authsafes))
    235 		{
    236 		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
    237 		return NULL;
    238 		}
    239 	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
    240 }
    241