1 /* $OpenBSD: p12_asn.c,v 1.12 2022/08/20 09:16:18 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs12.h>
63 
64 #include "pkcs12_local.h"
65 
66 /* PKCS#12 ASN1 module */
67 
68 static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
69 	{
70 		.flags = 0,
71 		.tag = 0,
72 		.offset = offsetof(PKCS12, version),
73 		.field_name = "version",
74 		.item = &ASN1_INTEGER_it,
75 	},
76 	{
77 		.flags = 0,
78 		.tag = 0,
79 		.offset = offsetof(PKCS12, authsafes),
80 		.field_name = "authsafes",
81 		.item = &PKCS7_it,
82 	},
83 	{
84 		.flags = ASN1_TFLG_OPTIONAL,
85 		.tag = 0,
86 		.offset = offsetof(PKCS12, mac),
87 		.field_name = "mac",
88 		.item = &PKCS12_MAC_DATA_it,
89 	},
90 };
91 
92 const ASN1_ITEM PKCS12_it = {
93 	.itype = ASN1_ITYPE_SEQUENCE,
94 	.utype = V_ASN1_SEQUENCE,
95 	.templates = PKCS12_seq_tt,
96 	.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
97 	.funcs = NULL,
98 	.size = sizeof(PKCS12),
99 	.sname = "PKCS12",
100 };
101 
102 
103 PKCS12 *
104 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
105 {
106 	return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
107 	    &PKCS12_it);
108 }
109 
110 int
111 i2d_PKCS12(PKCS12 *a, unsigned char **out)
112 {
113 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
114 }
115 
116 PKCS12 *
117 PKCS12_new(void)
118 {
119 	return (PKCS12 *)ASN1_item_new(&PKCS12_it);
120 }
121 
122 void
123 PKCS12_free(PKCS12 *a)
124 {
125 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
126 }
127 
128 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
129 	{
130 		.flags = 0,
131 		.tag = 0,
132 		.offset = offsetof(PKCS12_MAC_DATA, dinfo),
133 		.field_name = "dinfo",
134 		.item = &X509_SIG_it,
135 	},
136 	{
137 		.flags = 0,
138 		.tag = 0,
139 		.offset = offsetof(PKCS12_MAC_DATA, salt),
140 		.field_name = "salt",
141 		.item = &ASN1_OCTET_STRING_it,
142 	},
143 	{
144 		.flags = ASN1_TFLG_OPTIONAL,
145 		.tag = 0,
146 		.offset = offsetof(PKCS12_MAC_DATA, iter),
147 		.field_name = "iter",
148 		.item = &ASN1_INTEGER_it,
149 	},
150 };
151 
152 const ASN1_ITEM PKCS12_MAC_DATA_it = {
153 	.itype = ASN1_ITYPE_SEQUENCE,
154 	.utype = V_ASN1_SEQUENCE,
155 	.templates = PKCS12_MAC_DATA_seq_tt,
156 	.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
157 	.funcs = NULL,
158 	.size = sizeof(PKCS12_MAC_DATA),
159 	.sname = "PKCS12_MAC_DATA",
160 };
161 
162 
163 PKCS12_MAC_DATA *
164 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
165 {
166 	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
167 	    &PKCS12_MAC_DATA_it);
168 }
169 
170 int
171 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
172 {
173 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
174 }
175 
176 PKCS12_MAC_DATA *
177 PKCS12_MAC_DATA_new(void)
178 {
179 	return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
180 }
181 
182 void
183 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
184 {
185 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
186 }
187 
188 static const ASN1_TEMPLATE bag_default_tt = {
189 	.flags = ASN1_TFLG_EXPLICIT,
190 	.tag = 0,
191 	.offset = offsetof(PKCS12_BAGS, value.other),
192 	.field_name = "value.other",
193 	.item = &ASN1_ANY_it,
194 };
195 
196 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
197 	{
198 		.value = NID_x509Certificate,
199 		.tt = {
200 			.flags = ASN1_TFLG_EXPLICIT,
201 			.tag = 0,
202 			.offset = offsetof(PKCS12_BAGS, value.x509cert),
203 			.field_name = "value.x509cert",
204 			.item = &ASN1_OCTET_STRING_it,
205 		},
206 
207 	},
208 	{
209 		.value = NID_x509Crl,
210 		.tt = {
211 			.flags = ASN1_TFLG_EXPLICIT,
212 			.tag = 0,
213 			.offset = offsetof(PKCS12_BAGS, value.x509crl),
214 			.field_name = "value.x509crl",
215 			.item = &ASN1_OCTET_STRING_it,
216 		},
217 
218 	},
219 	{
220 		.value = NID_sdsiCertificate,
221 		.tt = {
222 			.flags = ASN1_TFLG_EXPLICIT,
223 			.tag = 0,
224 			.offset = offsetof(PKCS12_BAGS, value.sdsicert),
225 			.field_name = "value.sdsicert",
226 			.item = &ASN1_IA5STRING_it,
227 		},
228 
229 	},
230 };
231 
232 static const ASN1_ADB PKCS12_BAGS_adb = {
233 	.flags = 0,
234 	.offset = offsetof(PKCS12_BAGS, type),
235 	.tbl = PKCS12_BAGS_adbtbl,
236 	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
237 	.default_tt = &bag_default_tt,
238 	.null_tt = NULL,
239 };
240 
241 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
242 	{
243 		.flags = 0,
244 		.tag = 0,
245 		.offset = offsetof(PKCS12_BAGS, type),
246 		.field_name = "type",
247 		.item = &ASN1_OBJECT_it,
248 	},
249 	{
250 		.flags = ASN1_TFLG_ADB_OID,
251 		.tag = -1,
252 		.offset = 0,
253 		.field_name = "PKCS12_BAGS",
254 		.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
255 	},
256 };
257 
258 const ASN1_ITEM PKCS12_BAGS_it = {
259 	.itype = ASN1_ITYPE_SEQUENCE,
260 	.utype = V_ASN1_SEQUENCE,
261 	.templates = PKCS12_BAGS_seq_tt,
262 	.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
263 	.funcs = NULL,
264 	.size = sizeof(PKCS12_BAGS),
265 	.sname = "PKCS12_BAGS",
266 };
267 
268 
269 PKCS12_BAGS *
270 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
271 {
272 	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
273 	    &PKCS12_BAGS_it);
274 }
275 
276 int
277 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
278 {
279 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
280 }
281 
282 PKCS12_BAGS *
283 PKCS12_BAGS_new(void)
284 {
285 	return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
286 }
287 
288 void
289 PKCS12_BAGS_free(PKCS12_BAGS *a)
290 {
291 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
292 }
293 
294 static const ASN1_TEMPLATE safebag_default_tt = {
295 	.flags = ASN1_TFLG_EXPLICIT,
296 	.tag = 0,
297 	.offset = offsetof(PKCS12_SAFEBAG, value.other),
298 	.field_name = "value.other",
299 	.item = &ASN1_ANY_it,
300 };
301 
302 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
303 	{
304 		.value = NID_keyBag,
305 		.tt = {
306 			.flags = ASN1_TFLG_EXPLICIT,
307 			.tag = 0,
308 			.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
309 			.field_name = "value.keybag",
310 			.item = &PKCS8_PRIV_KEY_INFO_it,
311 		},
312 
313 	},
314 	{
315 		.value = NID_pkcs8ShroudedKeyBag,
316 		.tt = {
317 			.flags = ASN1_TFLG_EXPLICIT,
318 			.tag = 0,
319 			.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
320 			.field_name = "value.shkeybag",
321 			.item = &X509_SIG_it,
322 		},
323 
324 	},
325 	{
326 		.value = NID_safeContentsBag,
327 		.tt = {
328 			.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
329 			.tag = 0,
330 			.offset = offsetof(PKCS12_SAFEBAG, value.safes),
331 			.field_name = "value.safes",
332 			.item = &PKCS12_SAFEBAG_it,
333 		},
334 	},
335 	{
336 		.value = NID_certBag,
337 		.tt = {
338 			.flags = ASN1_TFLG_EXPLICIT,
339 			.tag = 0,
340 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
341 			.field_name = "value.bag",
342 			.item = &PKCS12_BAGS_it,
343 		},
344 
345 	},
346 	{
347 		.value = NID_crlBag,
348 		.tt = {
349 			.flags = ASN1_TFLG_EXPLICIT,
350 			.tag = 0,
351 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
352 			.field_name = "value.bag",
353 			.item = &PKCS12_BAGS_it,
354 		},
355 
356 	},
357 	{
358 		.value = NID_secretBag,
359 		.tt = {
360 			.flags = ASN1_TFLG_EXPLICIT,
361 			.tag = 0,
362 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
363 			.field_name = "value.bag",
364 			.item = &PKCS12_BAGS_it,
365 		},
366 
367 	},
368 };
369 
370 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
371 	.flags = 0,
372 	.offset = offsetof(PKCS12_SAFEBAG, type),
373 	.tbl = PKCS12_SAFEBAG_adbtbl,
374 	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
375 	.default_tt = &safebag_default_tt,
376 	.null_tt = NULL,
377 };
378 
379 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
380 	{
381 		.flags = 0,
382 		.tag = 0,
383 		.offset = offsetof(PKCS12_SAFEBAG, type),
384 		.field_name = "type",
385 		.item = &ASN1_OBJECT_it,
386 	},
387 	{
388 		.flags = ASN1_TFLG_ADB_OID,
389 		.tag = -1,
390 		.offset = 0,
391 		.field_name = "PKCS12_SAFEBAG",
392 		.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
393 	},
394 	{
395 		.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
396 		.tag = 0,
397 		.offset = offsetof(PKCS12_SAFEBAG, attrib),
398 		.field_name = "attrib",
399 		.item = &X509_ATTRIBUTE_it,
400 	},
401 };
402 
403 const ASN1_ITEM PKCS12_SAFEBAG_it = {
404 	.itype = ASN1_ITYPE_SEQUENCE,
405 	.utype = V_ASN1_SEQUENCE,
406 	.templates = PKCS12_SAFEBAG_seq_tt,
407 	.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
408 	.funcs = NULL,
409 	.size = sizeof(PKCS12_SAFEBAG),
410 	.sname = "PKCS12_SAFEBAG",
411 };
412 
413 
414 PKCS12_SAFEBAG *
415 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
416 {
417 	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
418 	    &PKCS12_SAFEBAG_it);
419 }
420 
421 int
422 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
423 {
424 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
425 }
426 
427 PKCS12_SAFEBAG *
428 PKCS12_SAFEBAG_new(void)
429 {
430 	return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
431 }
432 
433 void
434 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
435 {
436 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
437 }
438 
439 /* SEQUENCE OF SafeBag */
440 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
441 	.flags = ASN1_TFLG_SEQUENCE_OF,
442 	.tag = 0,
443 	.offset = 0,
444 	.field_name = "PKCS12_SAFEBAGS",
445 	.item = &PKCS12_SAFEBAG_it,
446 };
447 
448 const ASN1_ITEM PKCS12_SAFEBAGS_it = {
449 	.itype = ASN1_ITYPE_PRIMITIVE,
450 	.utype = -1,
451 	.templates = &PKCS12_SAFEBAGS_item_tt,
452 	.tcount = 0,
453 	.funcs = NULL,
454 	.size = 0,
455 	.sname = "PKCS12_SAFEBAGS",
456 };
457 
458 /* Authsafes: SEQUENCE OF PKCS7 */
459 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
460 	.flags = ASN1_TFLG_SEQUENCE_OF,
461 	.tag = 0,
462 	.offset = 0,
463 	.field_name = "PKCS12_AUTHSAFES",
464 	.item = &PKCS7_it,
465 };
466 
467 const ASN1_ITEM PKCS12_AUTHSAFES_it = {
468 	.itype = ASN1_ITYPE_PRIMITIVE,
469 	.utype = -1,
470 	.templates = &PKCS12_AUTHSAFES_item_tt,
471 	.tcount = 0,
472 	.funcs = NULL,
473 	.size = 0,
474 	.sname = "PKCS12_AUTHSAFES",
475 };
476 
477