crypto/pkcs12/p12_sbag.c

   1 /*
   2  * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the OpenSSL license (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <stdio.h>
  11 #include "internal/cryptlib.h"
  12 #include <openssl/pkcs12.h>
  13 #include "p12_lcl.h"
  14
  15 #if !OPENSSL_API_1_1_0
  16 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
  17 {
  18     return PKCS12_get_attr_gen(bag->attrib, attr_nid);
  19 }
  20 #endif
  21
  22 const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag,
  23                                           int attr_nid)
  24 {
  25     return PKCS12_get_attr_gen(bag->attrib, attr_nid);
  26 }
  27
  28 ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
  29 {
  30     return PKCS12_get_attr_gen(PKCS8_pkey_get0_attrs(p8), attr_nid);
  31 }
  32
  33 const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
  34 {
  35     if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
  36         return NULL;
  37     return bag->value.keybag;
  38 }
  39
  40 const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
  41 {
  42     if (OBJ_obj2nid(bag->type) != NID_pkcs8ShroudedKeyBag)
  43         return NULL;
  44     return bag->value.shkeybag;
  45 }
  46
  47 const STACK_OF(PKCS12_SAFEBAG) *
  48 PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
  49 {
  50     if (OBJ_obj2nid(bag->type) != NID_safeContentsBag)
  51         return NULL;
  52     return bag->value.safes;
  53 }
  54
  55 const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
  56 {
  57     return bag->type;
  58 }
  59
  60 int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
  61 {
  62     return OBJ_obj2nid(bag->type);
  63 }
  64
  65 int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
  66 {
  67     int btype = PKCS12_SAFEBAG_get_nid(bag);
  68
  69     if (btype != NID_certBag && btype != NID_crlBag && btype != NID_secretBag)
  70         return -1;
  71     return OBJ_obj2nid(bag->value.bag->type);
  72 }
  73
  74 X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
  75 {
  76     if (PKCS12_SAFEBAG_get_nid(bag) != NID_certBag)
  77         return NULL;
  78     if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
  79         return NULL;
  80     return ASN1_item_unpack(bag->value.bag->value.octet,
  81                             ASN1_ITEM_rptr(X509));
  82 }
  83
  84 X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
  85 {
  86     if (PKCS12_SAFEBAG_get_nid(bag) != NID_crlBag)
  87         return NULL;
  88     if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
  89         return NULL;
  90     return ASN1_item_unpack(bag->value.bag->value.octet,
  91                             ASN1_ITEM_rptr(X509_CRL));
  92 }
  93
  94 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509)
  95 {
  96     return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
  97                                     NID_x509Certificate, NID_certBag);
  98 }
  99
 100 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
 101 {
 102     return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
 103                                     NID_x509Crl, NID_crlBag);
 104 }
 105
 106 /* Turn PKCS8 object into a keybag */
 107
 108 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
 109 {
 110     PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
 111
 112     if (bag == NULL) {
 113         PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_P8INF, ERR_R_MALLOC_FAILURE);
 114         return NULL;
 115     }
 116     bag->type = OBJ_nid2obj(NID_keyBag);
 117     bag->value.keybag = p8;
 118     return bag;
 119 }
 120
 121 /* Turn PKCS8 object into a shrouded keybag */
 122
 123 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
 124 {
 125     PKCS12_SAFEBAG *bag = PKCS12_SAFEBAG_new();
 126
 127     /* Set up the safe bag */
 128     if (bag == NULL) {
 129         PKCS12err(PKCS12_F_PKCS12_SAFEBAG_CREATE0_PKCS8, ERR_R_MALLOC_FAILURE);
 130         return NULL;
 131     }
 132     bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
 133     bag->value.shkeybag = p8;
 134     return bag;
 135 }
 136
 137 PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid,
 138                                                     const char *pass,
 139                                                     int passlen,
 140                                                     unsigned char *salt,
 141                                                     int saltlen, int iter,
 142                                                     PKCS8_PRIV_KEY_INFO *p8inf)
 143 {
 144     PKCS12_SAFEBAG *bag;
 145     const EVP_CIPHER *pbe_ciph;
 146     X509_SIG *p8;
 147
 148     pbe_ciph = EVP_get_cipherbynid(pbe_nid);
 149     if (pbe_ciph)
 150         pbe_nid = -1;
 151
 152     p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
 153                        p8inf);
 154     if (p8 == NULL)
 155         return NULL;
 156
 157     bag = PKCS12_SAFEBAG_create0_pkcs8(p8);
 158     if (bag == NULL)
 159         X509_SIG_free(p8);
 160
 161     return bag;
 162 }