2
0

p12_add.c 5.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. /*
  2. * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the OpenSSL license (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include <openssl/pkcs12.h>
  12. #include "p12_local.h"
  13. /* Pack an object into an OCTET STRING and turn into a safebag */
  14. PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
  15. int nid1, int nid2)
  16. {
  17. PKCS12_BAGS *bag;
  18. PKCS12_SAFEBAG *safebag;
  19. if ((bag = PKCS12_BAGS_new()) == NULL) {
  20. PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
  21. return NULL;
  22. }
  23. bag->type = OBJ_nid2obj(nid1);
  24. if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
  25. PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
  26. goto err;
  27. }
  28. if ((safebag = PKCS12_SAFEBAG_new()) == NULL) {
  29. PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
  30. goto err;
  31. }
  32. safebag->value.bag = bag;
  33. safebag->type = OBJ_nid2obj(nid2);
  34. return safebag;
  35. err:
  36. PKCS12_BAGS_free(bag);
  37. return NULL;
  38. }
  39. /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
  40. PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
  41. {
  42. PKCS7 *p7;
  43. if ((p7 = PKCS7_new()) == NULL) {
  44. PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
  45. return NULL;
  46. }
  47. p7->type = OBJ_nid2obj(NID_pkcs7_data);
  48. if ((p7->d.data = ASN1_OCTET_STRING_new()) == NULL) {
  49. PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
  50. goto err;
  51. }
  52. if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
  53. PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
  54. goto err;
  55. }
  56. return p7;
  57. err:
  58. PKCS7_free(p7);
  59. return NULL;
  60. }
  61. /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
  62. STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
  63. {
  64. if (!PKCS7_type_is_data(p7)) {
  65. PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
  66. PKCS12_R_CONTENT_TYPE_NOT_DATA);
  67. return NULL;
  68. }
  69. return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
  70. }
  71. /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
  72. PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
  73. unsigned char *salt, int saltlen, int iter,
  74. STACK_OF(PKCS12_SAFEBAG) *bags)
  75. {
  76. PKCS7 *p7;
  77. X509_ALGOR *pbe;
  78. const EVP_CIPHER *pbe_ciph;
  79. if ((p7 = PKCS7_new()) == NULL) {
  80. PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
  81. return NULL;
  82. }
  83. if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
  84. PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
  85. PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
  86. goto err;
  87. }
  88. pbe_ciph = EVP_get_cipherbynid(pbe_nid);
  89. if (pbe_ciph)
  90. pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
  91. else
  92. pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
  93. if (!pbe) {
  94. PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
  95. goto err;
  96. }
  97. X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
  98. p7->d.encrypted->enc_data->algorithm = pbe;
  99. ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
  100. if (!(p7->d.encrypted->enc_data->enc_data =
  101. PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
  102. passlen, bags, 1))) {
  103. PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
  104. goto err;
  105. }
  106. return p7;
  107. err:
  108. PKCS7_free(p7);
  109. return NULL;
  110. }
  111. STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
  112. int passlen)
  113. {
  114. if (!PKCS7_type_is_encrypted(p7))
  115. return NULL;
  116. return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
  117. ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
  118. pass, passlen,
  119. p7->d.encrypted->enc_data->enc_data, 1);
  120. }
  121. PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag,
  122. const char *pass, int passlen)
  123. {
  124. return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
  125. }
  126. int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
  127. {
  128. if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
  129. &p12->authsafes->d.data))
  130. return 1;
  131. return 0;
  132. }
  133. STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12)
  134. {
  135. if (!PKCS7_type_is_data(p12->authsafes)) {
  136. PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
  137. PKCS12_R_CONTENT_TYPE_NOT_DATA);
  138. return NULL;
  139. }
  140. return ASN1_item_unpack(p12->authsafes->d.data,
  141. ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
  142. }