[thirdparty/openssl.git] / crypto / pkcs12 / p12_sbag.c

/* p12_sbag.c */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999-2015.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/pkcs12.h>
#include "p12_lcl.h"

ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG *bag, int attr_nid)
{
    return PKCS12_get_attr_gen(bag->attrib, attr_nid);
}

ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
{
    return PKCS12_get_attr_gen(p8->attributes, attr_nid);
}

PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
        return NULL;
    return bag->value.keybag;
}

X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
        return NULL;
    return bag->value.shkeybag;
}

STACK_OF(PKCS12_SAFEBAG) *PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG *bag)
{
    if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
        return NULL;
    return bag->value.safes;
}

ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG *bag)
{
    return bag->type;
}

int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
{
    return OBJ_obj2nid(bag->type);
}

int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
{
    int btype = PKCS12_SAFEBAG_get_nid(bag);
    if (btype != NID_certBag || btype != NID_crlBag || btype != NID_secretBag)
        return -1;
    return OBJ_obj2nid(bag->value.bag->type);
}

X509 *PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
                            ASN1_ITEM_rptr(X509));
}

X509_CRL *PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG *bag)
{
    if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
        return NULL;
    if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
        return NULL;
    return ASN1_item_unpack(bag->value.bag->value.octet,
                            ASN1_ITEM_rptr(X509_CRL));
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
{
    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
                                    NID_x509Certificate, NID_certBag);
}

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
{
    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
                                    NID_x509Crl, NID_crlBag);
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag;

    if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_keyBag);
    bag->value.keybag = p8;
    return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char *pass,
                                            int passlen, unsigned char *salt,
                                            int saltlen, int iter,
                                            PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag;
    const EVP_CIPHER *pbe_ciph;

    /* Set up the safe bag */
    if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

    pbe_ciph = EVP_get_cipherbynid(pbe_nid);

    if (pbe_ciph)
        pbe_nid = -1;

    if (!(bag->value.shkeybag =
          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                        p8))) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    return bag;
}
Commit	Line	Data
293042c9 DSH	1	/* p12_sbag.c */
	2	/*
	3	* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
	4	* 1999-2015.
	5	*/
	6	/* ====================================================================
	7	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	*
	13	* 1. Redistributions of source code must retain the above copyright
	14	* notice, this list of conditions and the following disclaimer.
	15	*
	16	* 2. Redistributions in binary form must reproduce the above copyright
	17	* notice, this list of conditions and the following disclaimer in
	18	* the documentation and/or other materials provided with the
	19	* distribution.
	20	*
	21	* 3. All advertising materials mentioning features or use of this
	22	* software must display the following acknowledgment:
	23	* "This product includes software developed by the OpenSSL Project
	24	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
	25	*
	26	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	27	* endorse or promote products derived from this software without
	28	* prior written permission. For written permission, please contact
	29	* licensing@OpenSSL.org.
	30	*
	31	* 5. Products derived from this software may not be called "OpenSSL"
	32	* nor may "OpenSSL" appear in their names without prior written
	33	* permission of the OpenSSL Project.
	34	*
	35	* 6. Redistributions of any form whatsoever must retain the following
	36	* acknowledgment:
	37	* "This product includes software developed by the OpenSSL Project
	38	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
	39	*
	40	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	41	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	42	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	43	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	44	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	45	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	46	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	47	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	49	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	50	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	51	* OF THE POSSIBILITY OF SUCH DAMAGE.
	52	* ====================================================================
	53	*
	54	* This product includes cryptographic software written by Eric Young
	55	* (eay@cryptsoft.com). This product includes software written by Tim
	56	* Hudson (tjh@cryptsoft.com).
	57	*
	58	*/
	59
	60	#include <stdio.h>
	61	#include "internal/cryptlib.h"
	62	#include <openssl/pkcs12.h>
	63	#include "p12_lcl.h"
	64
65	ASN1_TYPE PKCS12_SAFEBAG_get0_attr(PKCS12_SAFEBAG bag, int attr_nid)
66	{
67	return PKCS12_get_attr_gen(bag->attrib, attr_nid);
68	}
69
70	ASN1_TYPE PKCS8_get_attr(PKCS8_PRIV_KEY_INFO p8, int attr_nid)
71	{
72	return PKCS12_get_attr_gen(p8->attributes, attr_nid);
73	}
74
75	PKCS8_PRIV_KEY_INFO PKCS12_SAFEBAG_get0_p8inf(PKCS12_SAFEBAG bag)
76	{
77	if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
78	return NULL;
79	return bag->value.keybag;
80	}
81
82	X509_SIG PKCS12_SAFEBAG_get0_pkcs8(PKCS12_SAFEBAG bag)
83	{
84	if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
85	return NULL;
86	return bag->value.shkeybag;
87	}
88
89	STACK_OF(PKCS12_SAFEBAG) PKCS12_SAFEBAG_get0_safes(PKCS12_SAFEBAG bag)
90	{
91	if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
92	return NULL;
93	return bag->value.safes;
94	}
95
96	ASN1_OBJECT PKCS12_SAFEBAG_get0_type(PKCS12_SAFEBAG bag)
97	{
98	return bag->type;
99	}
100
101	int PKCS12_SAFEBAG_get_nid(PKCS12_SAFEBAG *bag)
102	{
103	return OBJ_obj2nid(bag->type);
104	}
105
106	int PKCS12_SAFEBAG_get_bag_nid(PKCS12_SAFEBAG *bag)
107	{
108	int btype = PKCS12_SAFEBAG_get_nid(bag);
109	if (btype != NID_certBag \|\| btype != NID_crlBag \|\| btype != NID_secretBag)
110	return -1;
111	return OBJ_obj2nid(bag->value.bag->type);
112	}
113
114	X509 PKCS12_SAFEBAG_get1_cert(PKCS12_SAFEBAG bag)
115	{
116	if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
117	return NULL;
118	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
119	return NULL;
120	return ASN1_item_unpack(bag->value.bag->value.octet,
121	ASN1_ITEM_rptr(X509));
122	}
123
124	X509_CRL PKCS12_SAFEBAG_get1_crl(PKCS12_SAFEBAG bag)
125	{
126	if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
127	return NULL;
128	if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
129	return NULL;
130	return ASN1_item_unpack(bag->value.bag->value.octet,
131	ASN1_ITEM_rptr(X509_CRL));
132	}
133
134	PKCS12_SAFEBAG PKCS12_SAFEBAG_create_cert(X509 x509)
135	{
136	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
137	NID_x509Certificate, NID_certBag);
138	}
139
140	PKCS12_SAFEBAG PKCS12_SAFEBAG_create_crl(X509_CRL crl)
141	{
142	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
143	NID_x509Crl, NID_crlBag);
144	}
145
146	/* Turn PKCS8 object into a keybag */
147
148	PKCS12_SAFEBAG PKCS12_SAFEBAG_create_p8inf(PKCS8_PRIV_KEY_INFO p8)
149	{
150	PKCS12_SAFEBAG *bag;
151
152	if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
153	PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
154	return NULL;
155	}
156	bag->type = OBJ_nid2obj(NID_keyBag);
157	bag->value.keybag = p8;
158	return bag;
159	}
160
161	/* Turn PKCS8 object into a shrouded keybag */
162
163	PKCS12_SAFEBAG PKCS12_SAFEBAG_create_pkcs8(int pbe_nid, const char pass,
164	int passlen, unsigned char *salt,
165	int saltlen, int iter,
166	PKCS8_PRIV_KEY_INFO *p8)
167	{
168	PKCS12_SAFEBAG *bag;
169	const EVP_CIPHER *pbe_ciph;
170
171	/* Set up the safe bag */
172	if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
173	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
174	return NULL;
175	}
176
177	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
178
179	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
180
181	if (pbe_ciph)
182	pbe_nid = -1;
183
184	if (!(bag->value.shkeybag =
185	PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
186	p8))) {
187	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
188	return NULL;
189	}
190
191	return bag;
192	}