1 /* $OpenBSD: p12_asn.c,v 1.12 2022/08/20 09:16:18 tb Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 61 #include <openssl/asn1t.h> 62 #include <openssl/pkcs12.h> 63 64 #include "pkcs12_local.h" 65 66 /* PKCS#12 ASN1 module */ 67 68 static const ASN1_TEMPLATE PKCS12_seq_tt[] = { 69 { 70 .flags = 0, 71 .tag = 0, 72 .offset = offsetof(PKCS12, version), 73 .field_name = "version", 74 .item = &ASN1_INTEGER_it, 75 }, 76 { 77 .flags = 0, 78 .tag = 0, 79 .offset = offsetof(PKCS12, authsafes), 80 .field_name = "authsafes", 81 .item = &PKCS7_it, 82 }, 83 { 84 .flags = ASN1_TFLG_OPTIONAL, 85 .tag = 0, 86 .offset = offsetof(PKCS12, mac), 87 .field_name = "mac", 88 .item = &PKCS12_MAC_DATA_it, 89 }, 90 }; 91 92 const ASN1_ITEM PKCS12_it = { 93 .itype = ASN1_ITYPE_SEQUENCE, 94 .utype = V_ASN1_SEQUENCE, 95 .templates = PKCS12_seq_tt, 96 .tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE), 97 .funcs = NULL, 98 .size = sizeof(PKCS12), 99 .sname = "PKCS12", 100 }; 101 102 103 PKCS12 * 104 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len) 105 { 106 return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 107 &PKCS12_it); 108 } 109 110 int 111 i2d_PKCS12(PKCS12 *a, unsigned char **out) 112 { 113 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it); 114 } 115 116 PKCS12 * 117 PKCS12_new(void) 118 { 119 return (PKCS12 *)ASN1_item_new(&PKCS12_it); 120 } 121 122 void 123 PKCS12_free(PKCS12 *a) 124 { 125 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it); 126 } 127 128 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = { 129 { 130 .flags = 0, 131 .tag = 0, 132 .offset = offsetof(PKCS12_MAC_DATA, dinfo), 133 .field_name = "dinfo", 134 .item = &X509_SIG_it, 135 }, 136 { 137 .flags = 0, 138 .tag = 0, 139 .offset = offsetof(PKCS12_MAC_DATA, salt), 140 .field_name = "salt", 141 .item = &ASN1_OCTET_STRING_it, 142 }, 143 { 144 .flags = ASN1_TFLG_OPTIONAL, 145 .tag = 0, 146 .offset = offsetof(PKCS12_MAC_DATA, iter), 147 .field_name = "iter", 148 .item = &ASN1_INTEGER_it, 149 }, 150 }; 151 152 const ASN1_ITEM PKCS12_MAC_DATA_it = { 153 .itype = ASN1_ITYPE_SEQUENCE, 154 .utype = V_ASN1_SEQUENCE, 155 .templates = PKCS12_MAC_DATA_seq_tt, 156 .tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE), 157 .funcs = NULL, 158 .size = sizeof(PKCS12_MAC_DATA), 159 .sname = "PKCS12_MAC_DATA", 160 }; 161 162 163 PKCS12_MAC_DATA * 164 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len) 165 { 166 return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 167 &PKCS12_MAC_DATA_it); 168 } 169 170 int 171 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out) 172 { 173 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it); 174 } 175 176 PKCS12_MAC_DATA * 177 PKCS12_MAC_DATA_new(void) 178 { 179 return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it); 180 } 181 182 void 183 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a) 184 { 185 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it); 186 } 187 188 static const ASN1_TEMPLATE bag_default_tt = { 189 .flags = ASN1_TFLG_EXPLICIT, 190 .tag = 0, 191 .offset = offsetof(PKCS12_BAGS, value.other), 192 .field_name = "value.other", 193 .item = &ASN1_ANY_it, 194 }; 195 196 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = { 197 { 198 .value = NID_x509Certificate, 199 .tt = { 200 .flags = ASN1_TFLG_EXPLICIT, 201 .tag = 0, 202 .offset = offsetof(PKCS12_BAGS, value.x509cert), 203 .field_name = "value.x509cert", 204 .item = &ASN1_OCTET_STRING_it, 205 }, 206 207 }, 208 { 209 .value = NID_x509Crl, 210 .tt = { 211 .flags = ASN1_TFLG_EXPLICIT, 212 .tag = 0, 213 .offset = offsetof(PKCS12_BAGS, value.x509crl), 214 .field_name = "value.x509crl", 215 .item = &ASN1_OCTET_STRING_it, 216 }, 217 218 }, 219 { 220 .value = NID_sdsiCertificate, 221 .tt = { 222 .flags = ASN1_TFLG_EXPLICIT, 223 .tag = 0, 224 .offset = offsetof(PKCS12_BAGS, value.sdsicert), 225 .field_name = "value.sdsicert", 226 .item = &ASN1_IA5STRING_it, 227 }, 228 229 }, 230 }; 231 232 static const ASN1_ADB PKCS12_BAGS_adb = { 233 .flags = 0, 234 .offset = offsetof(PKCS12_BAGS, type), 235 .tbl = PKCS12_BAGS_adbtbl, 236 .tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE), 237 .default_tt = &bag_default_tt, 238 .null_tt = NULL, 239 }; 240 241 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = { 242 { 243 .flags = 0, 244 .tag = 0, 245 .offset = offsetof(PKCS12_BAGS, type), 246 .field_name = "type", 247 .item = &ASN1_OBJECT_it, 248 }, 249 { 250 .flags = ASN1_TFLG_ADB_OID, 251 .tag = -1, 252 .offset = 0, 253 .field_name = "PKCS12_BAGS", 254 .item = (const ASN1_ITEM *)&PKCS12_BAGS_adb, 255 }, 256 }; 257 258 const ASN1_ITEM PKCS12_BAGS_it = { 259 .itype = ASN1_ITYPE_SEQUENCE, 260 .utype = V_ASN1_SEQUENCE, 261 .templates = PKCS12_BAGS_seq_tt, 262 .tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE), 263 .funcs = NULL, 264 .size = sizeof(PKCS12_BAGS), 265 .sname = "PKCS12_BAGS", 266 }; 267 268 269 PKCS12_BAGS * 270 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len) 271 { 272 return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 273 &PKCS12_BAGS_it); 274 } 275 276 int 277 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out) 278 { 279 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it); 280 } 281 282 PKCS12_BAGS * 283 PKCS12_BAGS_new(void) 284 { 285 return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it); 286 } 287 288 void 289 PKCS12_BAGS_free(PKCS12_BAGS *a) 290 { 291 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it); 292 } 293 294 static const ASN1_TEMPLATE safebag_default_tt = { 295 .flags = ASN1_TFLG_EXPLICIT, 296 .tag = 0, 297 .offset = offsetof(PKCS12_SAFEBAG, value.other), 298 .field_name = "value.other", 299 .item = &ASN1_ANY_it, 300 }; 301 302 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = { 303 { 304 .value = NID_keyBag, 305 .tt = { 306 .flags = ASN1_TFLG_EXPLICIT, 307 .tag = 0, 308 .offset = offsetof(PKCS12_SAFEBAG, value.keybag), 309 .field_name = "value.keybag", 310 .item = &PKCS8_PRIV_KEY_INFO_it, 311 }, 312 313 }, 314 { 315 .value = NID_pkcs8ShroudedKeyBag, 316 .tt = { 317 .flags = ASN1_TFLG_EXPLICIT, 318 .tag = 0, 319 .offset = offsetof(PKCS12_SAFEBAG, value.shkeybag), 320 .field_name = "value.shkeybag", 321 .item = &X509_SIG_it, 322 }, 323 324 }, 325 { 326 .value = NID_safeContentsBag, 327 .tt = { 328 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF, 329 .tag = 0, 330 .offset = offsetof(PKCS12_SAFEBAG, value.safes), 331 .field_name = "value.safes", 332 .item = &PKCS12_SAFEBAG_it, 333 }, 334 }, 335 { 336 .value = NID_certBag, 337 .tt = { 338 .flags = ASN1_TFLG_EXPLICIT, 339 .tag = 0, 340 .offset = offsetof(PKCS12_SAFEBAG, value.bag), 341 .field_name = "value.bag", 342 .item = &PKCS12_BAGS_it, 343 }, 344 345 }, 346 { 347 .value = NID_crlBag, 348 .tt = { 349 .flags = ASN1_TFLG_EXPLICIT, 350 .tag = 0, 351 .offset = offsetof(PKCS12_SAFEBAG, value.bag), 352 .field_name = "value.bag", 353 .item = &PKCS12_BAGS_it, 354 }, 355 356 }, 357 { 358 .value = NID_secretBag, 359 .tt = { 360 .flags = ASN1_TFLG_EXPLICIT, 361 .tag = 0, 362 .offset = offsetof(PKCS12_SAFEBAG, value.bag), 363 .field_name = "value.bag", 364 .item = &PKCS12_BAGS_it, 365 }, 366 367 }, 368 }; 369 370 static const ASN1_ADB PKCS12_SAFEBAG_adb = { 371 .flags = 0, 372 .offset = offsetof(PKCS12_SAFEBAG, type), 373 .tbl = PKCS12_SAFEBAG_adbtbl, 374 .tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE), 375 .default_tt = &safebag_default_tt, 376 .null_tt = NULL, 377 }; 378 379 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = { 380 { 381 .flags = 0, 382 .tag = 0, 383 .offset = offsetof(PKCS12_SAFEBAG, type), 384 .field_name = "type", 385 .item = &ASN1_OBJECT_it, 386 }, 387 { 388 .flags = ASN1_TFLG_ADB_OID, 389 .tag = -1, 390 .offset = 0, 391 .field_name = "PKCS12_SAFEBAG", 392 .item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb, 393 }, 394 { 395 .flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL, 396 .tag = 0, 397 .offset = offsetof(PKCS12_SAFEBAG, attrib), 398 .field_name = "attrib", 399 .item = &X509_ATTRIBUTE_it, 400 }, 401 }; 402 403 const ASN1_ITEM PKCS12_SAFEBAG_it = { 404 .itype = ASN1_ITYPE_SEQUENCE, 405 .utype = V_ASN1_SEQUENCE, 406 .templates = PKCS12_SAFEBAG_seq_tt, 407 .tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE), 408 .funcs = NULL, 409 .size = sizeof(PKCS12_SAFEBAG), 410 .sname = "PKCS12_SAFEBAG", 411 }; 412 413 414 PKCS12_SAFEBAG * 415 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len) 416 { 417 return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, 418 &PKCS12_SAFEBAG_it); 419 } 420 421 int 422 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out) 423 { 424 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it); 425 } 426 427 PKCS12_SAFEBAG * 428 PKCS12_SAFEBAG_new(void) 429 { 430 return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it); 431 } 432 433 void 434 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a) 435 { 436 ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it); 437 } 438 439 /* SEQUENCE OF SafeBag */ 440 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = { 441 .flags = ASN1_TFLG_SEQUENCE_OF, 442 .tag = 0, 443 .offset = 0, 444 .field_name = "PKCS12_SAFEBAGS", 445 .item = &PKCS12_SAFEBAG_it, 446 }; 447 448 const ASN1_ITEM PKCS12_SAFEBAGS_it = { 449 .itype = ASN1_ITYPE_PRIMITIVE, 450 .utype = -1, 451 .templates = &PKCS12_SAFEBAGS_item_tt, 452 .tcount = 0, 453 .funcs = NULL, 454 .size = 0, 455 .sname = "PKCS12_SAFEBAGS", 456 }; 457 458 /* Authsafes: SEQUENCE OF PKCS7 */ 459 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = { 460 .flags = ASN1_TFLG_SEQUENCE_OF, 461 .tag = 0, 462 .offset = 0, 463 .field_name = "PKCS12_AUTHSAFES", 464 .item = &PKCS7_it, 465 }; 466 467 const ASN1_ITEM PKCS12_AUTHSAFES_it = { 468 .itype = ASN1_ITYPE_PRIMITIVE, 469 .utype = -1, 470 .templates = &PKCS12_AUTHSAFES_item_tt, 471 .tcount = 0, 472 .funcs = NULL, 473 .size = 0, 474 .sname = "PKCS12_AUTHSAFES", 475 }; 476 477