/src/openssl/crypto/pkcs12/p12_add.c

Source (jump to first uncovered line)
/* p12_add.c */
/*
 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
 * 1999.
 */
/* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in
 *    the documentation and/or other materials provided with the
 *    distribution.
 *
 * 3. All advertising materials mentioning features or use of this
 *    software must display the following acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
 *
 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
 *    endorse or promote products derived from this software without
 *    prior written permission. For written permission, please contact
 *    licensing@OpenSSL.org.
 *
 * 5. Products derived from this software may not be called "OpenSSL"
 *    nor may "OpenSSL" appear in their names without prior written
 *    permission of the OpenSSL Project.
 *
 * 6. Redistributions of any form whatsoever must retain the following
 *    acknowledgment:
 *    "This product includes software developed by the OpenSSL Project
 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
 *
 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 * OF THE POSSIBILITY OF SUCH DAMAGE.
 * ====================================================================
 *
 * This product includes cryptographic software written by Eric Young
 * (eay@cryptsoft.com).  This product includes software written by Tim
 * Hudson (tjh@cryptsoft.com).
 *
 */

#include <stdio.h>
#include "cryptlib.h"
#include <openssl/pkcs12.h>

/* Pack an object into an OCTET STRING and turn into a safebag */

PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
                                         int nid1, int nid2)
{
    PKCS12_BAGS *bag;
    PKCS12_SAFEBAG *safebag;
    if (!(bag = PKCS12_BAGS_new())) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(nid1);
    if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    if (!(safebag = PKCS12_SAFEBAG_new())) {
        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    safebag->value.bag = bag;
    safebag->type = OBJ_nid2obj(nid2);
    return safebag;

 err:
    PKCS12_BAGS_free(bag);
    return NULL;
}

/* Turn PKCS8 object into a keybag */

PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag;
    if (!(bag = PKCS12_SAFEBAG_new())) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    bag->type = OBJ_nid2obj(NID_keyBag);
    bag->value.keybag = p8;
    return bag;
}

/* Turn PKCS8 object into a shrouded keybag */

PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
                                     int passlen, unsigned char *salt,
                                     int saltlen, int iter,
                                     PKCS8_PRIV_KEY_INFO *p8)
{
    PKCS12_SAFEBAG *bag;
    const EVP_CIPHER *pbe_ciph;

    /* Set up the safe bag */
    if (!(bag = PKCS12_SAFEBAG_new())) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);

    pbe_ciph = EVP_get_cipherbynid(pbe_nid);

    if (pbe_ciph)
        pbe_nid = -1;

    if (!(bag->value.shkeybag =
          PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
                        p8))) {
        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
        PKCS12_SAFEBAG_free(bag);
        return NULL;
    }

    return bag;
}

/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
{
    PKCS7 *p7;
    if (!(p7 = PKCS7_new())) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    p7->type = OBJ_nid2obj(NID_pkcs7_data);
    if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
        goto err;
    }
    return p7;

 err:
    PKCS7_free(p7);
    return NULL;
}

/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
{
    if (!PKCS7_type_is_data(p7)) {
        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
        return NULL;
    }
    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
}

/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */

PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
                             unsigned char *salt, int saltlen, int iter,
                             STACK_OF(PKCS12_SAFEBAG) *bags)
{
    PKCS7 *p7;
    X509_ALGOR *pbe;
    const EVP_CIPHER *pbe_ciph;
    if (!(p7 = PKCS7_new())) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
        return NULL;
    }
    if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
                  PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
        goto err;
    }

    pbe_ciph = EVP_get_cipherbynid(pbe_nid);

    if (pbe_ciph)
        pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
    else
        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);

    if (!pbe) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
        goto err;
    }
    X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
    p7->d.encrypted->enc_data->algorithm = pbe;
    M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
    if (!(p7->d.encrypted->enc_data->enc_data =
          PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
                                  passlen, bags, 1))) {
        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
        goto err;
    }

    return p7;

 err:
    PKCS7_free(p7);
    return NULL;
}

STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
                                                  int passlen)
{
    if (!PKCS7_type_is_encrypted(p7))
        return NULL;
    return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
                                   pass, passlen,
                                   p7->d.encrypted->enc_data->enc_data, 1);
}

PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
                                         const char *pass, int passlen)
{
    return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
}

int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
{
    if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
                       &p12->authsafes->d.data))
        return 1;
    return 0;
}

STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
{
    if (!PKCS7_type_is_data(p12->authsafes)) {
        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
        return NULL;
    }
    return ASN1_item_unpack(p12->authsafes->d.data,
                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
}

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/* p12_add.c */
2		/*
3		* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4		* 1999.
5		*/
6		/* ====================================================================
7		* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8		*
9		* Redistribution and use in source and binary forms, with or without
10		* modification, are permitted provided that the following conditions
11		* are met:
12		*
13		* 1. Redistributions of source code must retain the above copyright
14		* notice, this list of conditions and the following disclaimer.
15		*
16		* 2. Redistributions in binary form must reproduce the above copyright
17		* notice, this list of conditions and the following disclaimer in
18		* the documentation and/or other materials provided with the
19		* distribution.
20		*
21		* 3. All advertising materials mentioning features or use of this
22		* software must display the following acknowledgment:
23		* "This product includes software developed by the OpenSSL Project
24		* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25		*
26		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27		* endorse or promote products derived from this software without
28		* prior written permission. For written permission, please contact
29		* licensing@OpenSSL.org.
30		*
31		* 5. Products derived from this software may not be called "OpenSSL"
32		* nor may "OpenSSL" appear in their names without prior written
33		* permission of the OpenSSL Project.
34		*
35		* 6. Redistributions of any form whatsoever must retain the following
36		* acknowledgment:
37		* "This product includes software developed by the OpenSSL Project
38		* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39		*
40		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51		* OF THE POSSIBILITY OF SUCH DAMAGE.
52		* ====================================================================
53		*
54		* This product includes cryptographic software written by Eric Young
55		* (eay@cryptsoft.com). This product includes software written by Tim
56		* Hudson (tjh@cryptsoft.com).
57		*
58		*/
59
60		#include <stdio.h>
61		#include "cryptlib.h"
62		#include <openssl/pkcs12.h>
63
64		/* Pack an object into an OCTET STRING and turn into a safebag */
65
66		PKCS12_SAFEBAG PKCS12_item_pack_safebag(void obj, const ASN1_ITEM *it,
67		int nid1, int nid2)
68	0	{
69	0	PKCS12_BAGS *bag;
70	0	PKCS12_SAFEBAG *safebag;
71	0	if (!(bag = PKCS12_BAGS_new())) {
72	0	PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
73	0	return NULL;
74	0	}
75	0	bag->type = OBJ_nid2obj(nid1);
76	0	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
77	0	PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
78	0	goto err;
79	0	}
80	0	if (!(safebag = PKCS12_SAFEBAG_new())) {
81	0	PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
82	0	goto err;
83	0	}
84	0	safebag->value.bag = bag;
85	0	safebag->type = OBJ_nid2obj(nid2);
86	0	return safebag;
87
88	0	err:
89	0	PKCS12_BAGS_free(bag);
90	0	return NULL;
91	0	}
92
93		/* Turn PKCS8 object into a keybag */
94
95		PKCS12_SAFEBAG PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO p8)
96	0	{
97	0	PKCS12_SAFEBAG *bag;
98	0	if (!(bag = PKCS12_SAFEBAG_new())) {
99	0	PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
100	0	return NULL;
101	0	}
102	0	bag->type = OBJ_nid2obj(NID_keyBag);
103	0	bag->value.keybag = p8;
104	0	return bag;
105	0	}
106
107		/* Turn PKCS8 object into a shrouded keybag */
108
109		PKCS12_SAFEBAG PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char pass,
110		int passlen, unsigned char *salt,
111		int saltlen, int iter,
112		PKCS8_PRIV_KEY_INFO *p8)
113	0	{
114	0	PKCS12_SAFEBAG *bag;
115	0	const EVP_CIPHER *pbe_ciph;
116
117		/* Set up the safe bag */
118	0	if (!(bag = PKCS12_SAFEBAG_new())) {
119	0	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
120	0	return NULL;
121	0	}
122
123	0	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
124
125	0	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
126
127	0	if (pbe_ciph)
128	0	pbe_nid = -1;
129
130	0	if (!(bag->value.shkeybag =
131	0	PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen, iter,
132	0	p8))) {
133	0	PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
134	0	PKCS12_SAFEBAG_free(bag);
135	0	return NULL;
136	0	}
137
138	0	return bag;
139	0	}
140
141		/* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
142		PKCS7 PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) sk)
143	0	{
144	0	PKCS7 *p7;
145	0	if (!(p7 = PKCS7_new())) {
146	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
147	0	return NULL;
148	0	}
149	0	p7->type = OBJ_nid2obj(NID_pkcs7_data);
150	0	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
151	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
152	0	goto err;
153	0	}
154
155	0	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
156	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
157	0	goto err;
158	0	}
159	0	return p7;
160
161	0	err:
162	0	PKCS7_free(p7);
163	0	return NULL;
164	0	}
165
166		/* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
167		STACK_OF(PKCS12_SAFEBAG) PKCS12_unpack_p7data(PKCS7 p7)
168	0	{
169	0	if (!PKCS7_type_is_data(p7)) {
170	0	PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
171	0	PKCS12_R_CONTENT_TYPE_NOT_DATA);
172	0	return NULL;
173	0	}
174	0	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
175	0	}
176
177		/* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
178
179		PKCS7 PKCS12_pack_p7encdata(int pbe_nid, const char pass, int passlen,
180		unsigned char *salt, int saltlen, int iter,
181		STACK_OF(PKCS12_SAFEBAG) *bags)
182	0	{
183	0	PKCS7 *p7;
184	0	X509_ALGOR *pbe;
185	0	const EVP_CIPHER *pbe_ciph;
186	0	if (!(p7 = PKCS7_new())) {
187	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
188	0	return NULL;
189	0	}
190	0	if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
191	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
192	0	PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
193	0	goto err;
194	0	}
195
196	0	pbe_ciph = EVP_get_cipherbynid(pbe_nid);
197
198	0	if (pbe_ciph)
199	0	pbe = PKCS5_pbe2_set(pbe_ciph, iter, salt, saltlen);
200	0	else
201	0	pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
202
203	0	if (!pbe) {
204	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
205	0	goto err;
206	0	}
207	0	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
208	0	p7->d.encrypted->enc_data->algorithm = pbe;
209	0	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
210	0	if (!(p7->d.encrypted->enc_data->enc_data =
211	0	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
212	0	passlen, bags, 1))) {
213	0	PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
214	0	goto err;
215	0	}
216
217	0	return p7;
218
219	0	err:
220	0	PKCS7_free(p7);
221	0	return NULL;
222	0	}
223
224		STACK_OF(PKCS12_SAFEBAG) PKCS12_unpack_p7encdata(PKCS7 p7, const char *pass,
225		int passlen)
226	0	{
227	0	if (!PKCS7_type_is_encrypted(p7))
228	0	return NULL;
229	0	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
230	0	ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
231	0	pass, passlen,
232	0	p7->d.encrypted->enc_data->enc_data, 1);
233	0	}
234
235		PKCS8_PRIV_KEY_INFO PKCS12_decrypt_skey(PKCS12_SAFEBAG bag,
236		const char *pass, int passlen)
237	0	{
238	0	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
239	0	}
240
241		int PKCS12_pack_authsafes(PKCS12 p12, STACK_OF(PKCS7) safes)
242	0	{
243	0	if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
244	0	&p12->authsafes->d.data))
245	0	return 1;
246	0	return 0;
247	0	}
248
249		STACK_OF(PKCS7) PKCS12_unpack_authsafes(PKCS12 p12)
250	0	{
251	0	if (!PKCS7_type_is_data(p12->authsafes)) {
252	0	PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
253	0	PKCS12_R_CONTENT_TYPE_NOT_DATA);
254	0	return NULL;
255	0	}
256	0	return ASN1_item_unpack(p12->authsafes->d.data,
257	0	ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
258	0	}