1 /* $OpenBSD: p12_asn.c,v 1.12 2022/08/20 09:16:18 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5 /* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs12.h>
63
64 #include "pkcs12_local.h"
65
66 /* PKCS#12 ASN1 module */
67
68 static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
69 {
70 .flags = 0,
71 .tag = 0,
72 .offset = offsetof(PKCS12, version),
73 .field_name = "version",
74 .item = &ASN1_INTEGER_it,
75 },
76 {
77 .flags = 0,
78 .tag = 0,
79 .offset = offsetof(PKCS12, authsafes),
80 .field_name = "authsafes",
81 .item = &PKCS7_it,
82 },
83 {
84 .flags = ASN1_TFLG_OPTIONAL,
85 .tag = 0,
86 .offset = offsetof(PKCS12, mac),
87 .field_name = "mac",
88 .item = &PKCS12_MAC_DATA_it,
89 },
90 };
91
92 const ASN1_ITEM PKCS12_it = {
93 .itype = ASN1_ITYPE_SEQUENCE,
94 .utype = V_ASN1_SEQUENCE,
95 .templates = PKCS12_seq_tt,
96 .tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
97 .funcs = NULL,
98 .size = sizeof(PKCS12),
99 .sname = "PKCS12",
100 };
101
102
103 PKCS12 *
d2i_PKCS12(PKCS12 ** a,const unsigned char ** in,long len)104 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
105 {
106 return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
107 &PKCS12_it);
108 }
109
110 int
i2d_PKCS12(PKCS12 * a,unsigned char ** out)111 i2d_PKCS12(PKCS12 *a, unsigned char **out)
112 {
113 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
114 }
115
116 PKCS12 *
PKCS12_new(void)117 PKCS12_new(void)
118 {
119 return (PKCS12 *)ASN1_item_new(&PKCS12_it);
120 }
121
122 void
PKCS12_free(PKCS12 * a)123 PKCS12_free(PKCS12 *a)
124 {
125 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
126 }
127
128 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
129 {
130 .flags = 0,
131 .tag = 0,
132 .offset = offsetof(PKCS12_MAC_DATA, dinfo),
133 .field_name = "dinfo",
134 .item = &X509_SIG_it,
135 },
136 {
137 .flags = 0,
138 .tag = 0,
139 .offset = offsetof(PKCS12_MAC_DATA, salt),
140 .field_name = "salt",
141 .item = &ASN1_OCTET_STRING_it,
142 },
143 {
144 .flags = ASN1_TFLG_OPTIONAL,
145 .tag = 0,
146 .offset = offsetof(PKCS12_MAC_DATA, iter),
147 .field_name = "iter",
148 .item = &ASN1_INTEGER_it,
149 },
150 };
151
152 const ASN1_ITEM PKCS12_MAC_DATA_it = {
153 .itype = ASN1_ITYPE_SEQUENCE,
154 .utype = V_ASN1_SEQUENCE,
155 .templates = PKCS12_MAC_DATA_seq_tt,
156 .tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
157 .funcs = NULL,
158 .size = sizeof(PKCS12_MAC_DATA),
159 .sname = "PKCS12_MAC_DATA",
160 };
161
162
163 PKCS12_MAC_DATA *
d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA ** a,const unsigned char ** in,long len)164 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
165 {
166 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
167 &PKCS12_MAC_DATA_it);
168 }
169
170 int
i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA * a,unsigned char ** out)171 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
172 {
173 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
174 }
175
176 PKCS12_MAC_DATA *
PKCS12_MAC_DATA_new(void)177 PKCS12_MAC_DATA_new(void)
178 {
179 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
180 }
181
182 void
PKCS12_MAC_DATA_free(PKCS12_MAC_DATA * a)183 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
184 {
185 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
186 }
187
188 static const ASN1_TEMPLATE bag_default_tt = {
189 .flags = ASN1_TFLG_EXPLICIT,
190 .tag = 0,
191 .offset = offsetof(PKCS12_BAGS, value.other),
192 .field_name = "value.other",
193 .item = &ASN1_ANY_it,
194 };
195
196 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
197 {
198 .value = NID_x509Certificate,
199 .tt = {
200 .flags = ASN1_TFLG_EXPLICIT,
201 .tag = 0,
202 .offset = offsetof(PKCS12_BAGS, value.x509cert),
203 .field_name = "value.x509cert",
204 .item = &ASN1_OCTET_STRING_it,
205 },
206
207 },
208 {
209 .value = NID_x509Crl,
210 .tt = {
211 .flags = ASN1_TFLG_EXPLICIT,
212 .tag = 0,
213 .offset = offsetof(PKCS12_BAGS, value.x509crl),
214 .field_name = "value.x509crl",
215 .item = &ASN1_OCTET_STRING_it,
216 },
217
218 },
219 {
220 .value = NID_sdsiCertificate,
221 .tt = {
222 .flags = ASN1_TFLG_EXPLICIT,
223 .tag = 0,
224 .offset = offsetof(PKCS12_BAGS, value.sdsicert),
225 .field_name = "value.sdsicert",
226 .item = &ASN1_IA5STRING_it,
227 },
228
229 },
230 };
231
232 static const ASN1_ADB PKCS12_BAGS_adb = {
233 .flags = 0,
234 .offset = offsetof(PKCS12_BAGS, type),
235 .tbl = PKCS12_BAGS_adbtbl,
236 .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
237 .default_tt = &bag_default_tt,
238 .null_tt = NULL,
239 };
240
241 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
242 {
243 .flags = 0,
244 .tag = 0,
245 .offset = offsetof(PKCS12_BAGS, type),
246 .field_name = "type",
247 .item = &ASN1_OBJECT_it,
248 },
249 {
250 .flags = ASN1_TFLG_ADB_OID,
251 .tag = -1,
252 .offset = 0,
253 .field_name = "PKCS12_BAGS",
254 .item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
255 },
256 };
257
258 const ASN1_ITEM PKCS12_BAGS_it = {
259 .itype = ASN1_ITYPE_SEQUENCE,
260 .utype = V_ASN1_SEQUENCE,
261 .templates = PKCS12_BAGS_seq_tt,
262 .tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
263 .funcs = NULL,
264 .size = sizeof(PKCS12_BAGS),
265 .sname = "PKCS12_BAGS",
266 };
267
268
269 PKCS12_BAGS *
d2i_PKCS12_BAGS(PKCS12_BAGS ** a,const unsigned char ** in,long len)270 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
271 {
272 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
273 &PKCS12_BAGS_it);
274 }
275
276 int
i2d_PKCS12_BAGS(PKCS12_BAGS * a,unsigned char ** out)277 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
278 {
279 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
280 }
281
282 PKCS12_BAGS *
PKCS12_BAGS_new(void)283 PKCS12_BAGS_new(void)
284 {
285 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
286 }
287
288 void
PKCS12_BAGS_free(PKCS12_BAGS * a)289 PKCS12_BAGS_free(PKCS12_BAGS *a)
290 {
291 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
292 }
293
294 static const ASN1_TEMPLATE safebag_default_tt = {
295 .flags = ASN1_TFLG_EXPLICIT,
296 .tag = 0,
297 .offset = offsetof(PKCS12_SAFEBAG, value.other),
298 .field_name = "value.other",
299 .item = &ASN1_ANY_it,
300 };
301
302 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
303 {
304 .value = NID_keyBag,
305 .tt = {
306 .flags = ASN1_TFLG_EXPLICIT,
307 .tag = 0,
308 .offset = offsetof(PKCS12_SAFEBAG, value.keybag),
309 .field_name = "value.keybag",
310 .item = &PKCS8_PRIV_KEY_INFO_it,
311 },
312
313 },
314 {
315 .value = NID_pkcs8ShroudedKeyBag,
316 .tt = {
317 .flags = ASN1_TFLG_EXPLICIT,
318 .tag = 0,
319 .offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
320 .field_name = "value.shkeybag",
321 .item = &X509_SIG_it,
322 },
323
324 },
325 {
326 .value = NID_safeContentsBag,
327 .tt = {
328 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
329 .tag = 0,
330 .offset = offsetof(PKCS12_SAFEBAG, value.safes),
331 .field_name = "value.safes",
332 .item = &PKCS12_SAFEBAG_it,
333 },
334 },
335 {
336 .value = NID_certBag,
337 .tt = {
338 .flags = ASN1_TFLG_EXPLICIT,
339 .tag = 0,
340 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
341 .field_name = "value.bag",
342 .item = &PKCS12_BAGS_it,
343 },
344
345 },
346 {
347 .value = NID_crlBag,
348 .tt = {
349 .flags = ASN1_TFLG_EXPLICIT,
350 .tag = 0,
351 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
352 .field_name = "value.bag",
353 .item = &PKCS12_BAGS_it,
354 },
355
356 },
357 {
358 .value = NID_secretBag,
359 .tt = {
360 .flags = ASN1_TFLG_EXPLICIT,
361 .tag = 0,
362 .offset = offsetof(PKCS12_SAFEBAG, value.bag),
363 .field_name = "value.bag",
364 .item = &PKCS12_BAGS_it,
365 },
366
367 },
368 };
369
370 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
371 .flags = 0,
372 .offset = offsetof(PKCS12_SAFEBAG, type),
373 .tbl = PKCS12_SAFEBAG_adbtbl,
374 .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
375 .default_tt = &safebag_default_tt,
376 .null_tt = NULL,
377 };
378
379 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
380 {
381 .flags = 0,
382 .tag = 0,
383 .offset = offsetof(PKCS12_SAFEBAG, type),
384 .field_name = "type",
385 .item = &ASN1_OBJECT_it,
386 },
387 {
388 .flags = ASN1_TFLG_ADB_OID,
389 .tag = -1,
390 .offset = 0,
391 .field_name = "PKCS12_SAFEBAG",
392 .item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
393 },
394 {
395 .flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
396 .tag = 0,
397 .offset = offsetof(PKCS12_SAFEBAG, attrib),
398 .field_name = "attrib",
399 .item = &X509_ATTRIBUTE_it,
400 },
401 };
402
403 const ASN1_ITEM PKCS12_SAFEBAG_it = {
404 .itype = ASN1_ITYPE_SEQUENCE,
405 .utype = V_ASN1_SEQUENCE,
406 .templates = PKCS12_SAFEBAG_seq_tt,
407 .tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
408 .funcs = NULL,
409 .size = sizeof(PKCS12_SAFEBAG),
410 .sname = "PKCS12_SAFEBAG",
411 };
412
413
414 PKCS12_SAFEBAG *
d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG ** a,const unsigned char ** in,long len)415 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
416 {
417 return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
418 &PKCS12_SAFEBAG_it);
419 }
420
421 int
i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG * a,unsigned char ** out)422 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
423 {
424 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
425 }
426
427 PKCS12_SAFEBAG *
PKCS12_SAFEBAG_new(void)428 PKCS12_SAFEBAG_new(void)
429 {
430 return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
431 }
432
433 void
PKCS12_SAFEBAG_free(PKCS12_SAFEBAG * a)434 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
435 {
436 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
437 }
438
439 /* SEQUENCE OF SafeBag */
440 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
441 .flags = ASN1_TFLG_SEQUENCE_OF,
442 .tag = 0,
443 .offset = 0,
444 .field_name = "PKCS12_SAFEBAGS",
445 .item = &PKCS12_SAFEBAG_it,
446 };
447
448 const ASN1_ITEM PKCS12_SAFEBAGS_it = {
449 .itype = ASN1_ITYPE_PRIMITIVE,
450 .utype = -1,
451 .templates = &PKCS12_SAFEBAGS_item_tt,
452 .tcount = 0,
453 .funcs = NULL,
454 .size = 0,
455 .sname = "PKCS12_SAFEBAGS",
456 };
457
458 /* Authsafes: SEQUENCE OF PKCS7 */
459 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
460 .flags = ASN1_TFLG_SEQUENCE_OF,
461 .tag = 0,
462 .offset = 0,
463 .field_name = "PKCS12_AUTHSAFES",
464 .item = &PKCS7_it,
465 };
466
467 const ASN1_ITEM PKCS12_AUTHSAFES_it = {
468 .itype = ASN1_ITYPE_PRIMITIVE,
469 .utype = -1,
470 .templates = &PKCS12_AUTHSAFES_item_tt,
471 .tcount = 0,
472 .funcs = NULL,
473 .size = 0,
474 .sname = "PKCS12_AUTHSAFES",
475 };
476
477