OLD | NEW |
| (Empty) |
1 /* p12_add.c */ | |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | |
3 * project 1999. | |
4 */ | |
5 /* ==================================================================== | |
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 * | |
8 * Redistribution and use in source and binary forms, with or without | |
9 * modification, are permitted provided that the following conditions | |
10 * are met: | |
11 * | |
12 * 1. Redistributions of source code must retain the above copyright | |
13 * notice, this list of conditions and the following disclaimer. | |
14 * | |
15 * 2. Redistributions in binary form must reproduce the above copyright | |
16 * notice, this list of conditions and the following disclaimer in | |
17 * the documentation and/or other materials provided with the | |
18 * distribution. | |
19 * | |
20 * 3. All advertising materials mentioning features or use of this | |
21 * software must display the following acknowledgment: | |
22 * "This product includes software developed by the OpenSSL Project | |
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 * | |
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 * endorse or promote products derived from this software without | |
27 * prior written permission. For written permission, please contact | |
28 * licensing@OpenSSL.org. | |
29 * | |
30 * 5. Products derived from this software may not be called "OpenSSL" | |
31 * nor may "OpenSSL" appear in their names without prior written | |
32 * permission of the OpenSSL Project. | |
33 * | |
34 * 6. Redistributions of any form whatsoever must retain the following | |
35 * acknowledgment: | |
36 * "This product includes software developed by the OpenSSL Project | |
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 * | |
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 * ==================================================================== | |
52 * | |
53 * This product includes cryptographic software written by Eric Young | |
54 * (eay@cryptsoft.com). This product includes software written by Tim | |
55 * Hudson (tjh@cryptsoft.com). | |
56 * | |
57 */ | |
58 | |
59 #include <stdio.h> | |
60 #include "cryptlib.h" | |
61 #include <openssl/pkcs12.h> | |
62 | |
63 /* Pack an object into an OCTET STRING and turn into a safebag */ | |
64 | |
65 PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid
1, | |
66 int nid2) | |
67 { | |
68 PKCS12_BAGS *bag; | |
69 PKCS12_SAFEBAG *safebag; | |
70 if (!(bag = PKCS12_BAGS_new())) { | |
71 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILUR
E); | |
72 return NULL; | |
73 } | |
74 bag->type = OBJ_nid2obj(nid1); | |
75 if (!ASN1_item_pack(obj, it, &bag->value.octet)) { | |
76 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILUR
E); | |
77 return NULL; | |
78 } | |
79 if (!(safebag = PKCS12_SAFEBAG_new())) { | |
80 PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILUR
E); | |
81 return NULL; | |
82 } | |
83 safebag->value.bag = bag; | |
84 safebag->type = OBJ_nid2obj(nid2); | |
85 return safebag; | |
86 } | |
87 | |
88 /* Turn PKCS8 object into a keybag */ | |
89 | |
90 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) | |
91 { | |
92 PKCS12_SAFEBAG *bag; | |
93 if (!(bag = PKCS12_SAFEBAG_new())) { | |
94 PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE); | |
95 return NULL; | |
96 } | |
97 bag->type = OBJ_nid2obj(NID_keyBag); | |
98 bag->value.keybag = p8; | |
99 return bag; | |
100 } | |
101 | |
102 /* Turn PKCS8 object into a shrouded keybag */ | |
103 | |
104 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, | |
105 int passlen, unsigned char *salt, int saltlen, int iter, | |
106 PKCS8_PRIV_KEY_INFO *p8) | |
107 { | |
108 PKCS12_SAFEBAG *bag; | |
109 const EVP_CIPHER *pbe_ciph; | |
110 | |
111 /* Set up the safe bag */ | |
112 if (!(bag = PKCS12_SAFEBAG_new())) { | |
113 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); | |
114 return NULL; | |
115 } | |
116 | |
117 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag); | |
118 | |
119 pbe_ciph = EVP_get_cipherbynid(pbe_nid); | |
120 | |
121 if (pbe_ciph) | |
122 pbe_nid = -1; | |
123 | |
124 if (!(bag->value.shkeybag = | |
125 PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter, | |
126 p8))) { | |
127 PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); | |
128 return NULL; | |
129 } | |
130 | |
131 return bag; | |
132 } | |
133 | |
134 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ | |
135 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) | |
136 { | |
137 PKCS7 *p7; | |
138 if (!(p7 = PKCS7_new())) { | |
139 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); | |
140 return NULL; | |
141 } | |
142 p7->type = OBJ_nid2obj(NID_pkcs7_data); | |
143 if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { | |
144 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); | |
145 return NULL; | |
146 } | |
147 | |
148 if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { | |
149 PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCT
URE); | |
150 return NULL; | |
151 } | |
152 return p7; | |
153 } | |
154 | |
155 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | |
156 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) | |
157 { | |
158 if(!PKCS7_type_is_data(p7)) | |
159 { | |
160 PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NO
T_DATA); | |
161 return NULL; | |
162 } | |
163 return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); | |
164 } | |
165 | |
166 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ | |
167 | |
168 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | |
169 unsigned char *salt, int saltlen, int iter, | |
170 STACK_OF(PKCS12_SAFEBAG) *bags) | |
171 { | |
172 PKCS7 *p7; | |
173 X509_ALGOR *pbe; | |
174 const EVP_CIPHER *pbe_ciph; | |
175 if (!(p7 = PKCS7_new())) { | |
176 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | |
177 return NULL; | |
178 } | |
179 if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { | |
180 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, | |
181 PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); | |
182 return NULL; | |
183 } | |
184 | |
185 pbe_ciph = EVP_get_cipherbynid(pbe_nid); | |
186 | |
187 if (pbe_ciph) | |
188 pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen); | |
189 else | |
190 pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); | |
191 | |
192 if (!pbe) { | |
193 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | |
194 return NULL; | |
195 } | |
196 X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); | |
197 p7->d.encrypted->enc_data->algorithm = pbe; | |
198 M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); | |
199 if (!(p7->d.encrypted->enc_data->enc_data = | |
200 PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, pass
len, | |
201 bags, 1))) { | |
202 PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR
); | |
203 return NULL; | |
204 } | |
205 | |
206 return p7; | |
207 } | |
208 | |
209 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, i
nt passlen) | |
210 { | |
211 if(!PKCS7_type_is_encrypted(p7)) return NULL; | |
212 return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, | |
213 ASN1_ITEM_rptr(PKCS12_SAFEBAGS), | |
214 pass, passlen, | |
215 p7->d.encrypted->enc_data->enc_data, 1); | |
216 } | |
217 | |
218 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, | |
219 int passlen) | |
220 { | |
221 return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); | |
222 } | |
223 | |
224 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) | |
225 { | |
226 if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), | |
227 &p12->authsafes->d.data)) | |
228 return 1; | |
229 return 0; | |
230 } | |
231 | |
232 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) | |
233 { | |
234 if (!PKCS7_type_is_data(p12->authsafes)) | |
235 { | |
236 PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE
_NOT_DATA); | |
237 return NULL; | |
238 } | |
239 return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AU
THSAFES)); | |
240 } | |
OLD | NEW |