1 /* $OpenBSD: p12_sbag.c,v 1.5 2022/08/20 09:16:18 tb Exp $ */
2 /*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 1999-2018.
5 */
6 /* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60 #include <stdio.h>
61
62 #include <openssl/err.h>
63 #include <openssl/pkcs12.h>
64
65 #include "pkcs12_local.h"
66 #include "x509_lcl.h"
67
68 const ASN1_TYPE *
PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG * bag,int attr_nid)69 PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
70 {
71 return PKCS12_get_attr_gen(bag->attrib, attr_nid);
72 }
73
74 ASN1_TYPE *
PKCS8_get_attr(PKCS8_PRIV_KEY_INFO * p8,int attr_nid)75 PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
76 {
77 return PKCS12_get_attr_gen(p8->attributes, attr_nid);
78 }
79
80 const PKCS8_PRIV_KEY_INFO *
PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG * bag)81 PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
82 {
83 if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
84 return NULL;
85
86 return bag->value.keybag;
87 }
88
89 const X509_SIG *
PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG * bag)90 PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
91 {
92 if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
93 return NULL;
94
95 return bag->value.shkeybag;
96 }
97
STACK_OF(PKCS12_SAFEBAG)98 const STACK_OF(PKCS12_SAFEBAG) *
99 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
100 {
101 if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag)
102 return NULL;
103
104 return bag->value.safes;
105 }
106
107 const ASN1_OBJECT *
PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG * bag)108 PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
109 {
110 return bag->type;
111 }
112
113 int
PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG * bag)114 PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
115 {
116 return OBJ_obj2nid(bag->type);
117 }
118
119 int
PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG * bag)120 PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
121 {
122 int bag_type;
123
124 bag_type = PKCS12_SAFEBAG_get_nid(bag);
125
126 if (bag_type == NID_certBag || bag_type == NID_crlBag ||
127 bag_type == NID_secretBag)
128 return OBJ_obj2nid(bag->value.bag->type);
129
130 return -1;
131 }
132
133 X509 *
PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG * bag)134 PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
135 {
136 if (OBJ_obj2nid(bag->type) != NID_certBag)
137 return NULL;
138 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
139 return NULL;
140 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
141 }
142
143 X509_CRL *
PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG * bag)144 PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
145 {
146 if (OBJ_obj2nid(bag->type) != NID_crlBag)
147 return NULL;
148 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
149 return NULL;
150 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it);
151 }
152
153 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create_cert(X509 * x509)154 PKCS12_SAFEBAG_create_cert(X509 *x509)
155 {
156 return PKCS12_item_pack_safebag(x509, &X509_it,
157 NID_x509Certificate, NID_certBag);
158 }
159
160 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create_crl(X509_CRL * crl)161 PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
162 {
163 return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
164 NID_x509Crl, NID_crlBag);
165 }
166
167 /* Turn PKCS8 object into a keybag */
168
169 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO * p8)170 PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
171 {
172 PKCS12_SAFEBAG *bag;
173
174 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
175 PKCS12error(ERR_R_MALLOC_FAILURE);
176 return NULL;
177 }
178
179 bag->type = OBJ_nid2obj(NID_keyBag);
180 bag->value.keybag = p8;
181
182 return bag;
183 }
184
185 /* Turn PKCS8 object into a shrouded keybag */
186
187 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create0_pkcs8(X509_SIG * p8)188 PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
189 {
190 PKCS12_SAFEBAG *bag;
191
192 /* Set up the safe bag */
193 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
194 PKCS12error(ERR_R_MALLOC_FAILURE);
195 return NULL;
196 }
197
198 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
199 bag->value.shkeybag = p8;
200
201 return bag;
202 }
203
204 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,const char * pass,int passlen,unsigned char * salt,int saltlen,int iter,PKCS8_PRIV_KEY_INFO * p8info)205 PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
206 unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info)
207 {
208 const EVP_CIPHER *pbe_ciph;
209 X509_SIG *p8;
210 PKCS12_SAFEBAG *bag;
211
212 if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL)
213 pbe_nid = -1;
214
215 if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen,
216 iter, p8info)) == NULL)
217 return NULL;
218
219 if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) {
220 X509_SIG_free(p8);
221 return NULL;
222 }
223
224 return bag;
225 }
226