summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/pkcs12/p12_sbag.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/pkcs12/p12_sbag.c224
1 files changed, 224 insertions, 0 deletions
diff --git a/src/lib/libcrypto/pkcs12/p12_sbag.c b/src/lib/libcrypto/pkcs12/p12_sbag.c
new file mode 100644
index 0000000000..4e9f7ed3dd
--- /dev/null
+++ b/src/lib/libcrypto/pkcs12/p12_sbag.c
@@ -0,0 +1,224 @@
1/* $OpenBSD: p12_sbag.c,v 1.4 2022/08/03 20:16:06 tb Exp $ */
2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 * 1999-2018.
5 */
6/* ====================================================================
7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60#include <stdio.h>
61
62#include <openssl/err.h>
63#include <openssl/pkcs12.h>
64
65#include "x509_lcl.h"
66
67const ASN1_TYPE *
68PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, int attr_nid)
69{
70 return PKCS12_get_attr_gen(bag->attrib, attr_nid);
71}
72
73ASN1_TYPE *
74PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid)
75{
76 return PKCS12_get_attr_gen(p8->attributes, attr_nid);
77}
78
79const PKCS8_PRIV_KEY_INFO *
80PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag)
81{
82 if (PKCS12_SAFEBAG_get_nid(bag) != NID_keyBag)
83 return NULL;
84
85 return bag->value.keybag;
86}
87
88const X509_SIG *
89PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag)
90{
91 if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
92 return NULL;
93
94 return bag->value.shkeybag;
95}
96
97const STACK_OF(PKCS12_SAFEBAG) *
98PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag)
99{
100 if (PKCS12_SAFEBAG_get_nid(bag) != NID_safeContentsBag)
101 return NULL;
102
103 return bag->value.safes;
104}
105
106const ASN1_OBJECT *
107PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag)
108{
109 return bag->type;
110}
111
112int
113PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag)
114{
115 return OBJ_obj2nid(bag->type);
116}
117
118int
119PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag)
120{
121 int bag_type;
122
123 bag_type = PKCS12_SAFEBAG_get_nid(bag);
124
125 if (bag_type == NID_certBag || bag_type == NID_crlBag ||
126 bag_type == NID_secretBag)
127 return OBJ_obj2nid(bag->value.bag->type);
128
129 return -1;
130}
131
132X509 *
133PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag)
134{
135 if (OBJ_obj2nid(bag->type) != NID_certBag)
136 return NULL;
137 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Certificate)
138 return NULL;
139 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_it);
140}
141
142X509_CRL *
143PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag)
144{
145 if (OBJ_obj2nid(bag->type) != NID_crlBag)
146 return NULL;
147 if (OBJ_obj2nid(bag->value.bag->type) != NID_x509Crl)
148 return NULL;
149 return ASN1_item_unpack(bag->value.bag->value.octet, &X509_CRL_it);
150}
151
152PKCS12_SAFEBAG *
153PKCS12_SAFEBAG_create_cert(X509 *x509)
154{
155 return PKCS12_item_pack_safebag(x509, &X509_it,
156 NID_x509Certificate, NID_certBag);
157}
158
159PKCS12_SAFEBAG *
160PKCS12_SAFEBAG_create_crl(X509_CRL *crl)
161{
162 return PKCS12_item_pack_safebag(crl, &X509_CRL_it,
163 NID_x509Crl, NID_crlBag);
164}
165
166/* Turn PKCS8 object into a keybag */
167
168PKCS12_SAFEBAG *
169PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8)
170{
171 PKCS12_SAFEBAG *bag;
172
173 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
174 PKCS12error(ERR_R_MALLOC_FAILURE);
175 return NULL;
176 }
177
178 bag->type = OBJ_nid2obj(NID_keyBag);
179 bag->value.keybag = p8;
180
181 return bag;
182}
183
184/* Turn PKCS8 object into a shrouded keybag */
185
186PKCS12_SAFEBAG *
187PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8)
188{
189 PKCS12_SAFEBAG *bag;
190
191 /* Set up the safe bag */
192 if ((bag = PKCS12_SAFEBAG_new()) == NULL) {
193 PKCS12error(ERR_R_MALLOC_FAILURE);
194 return NULL;
195 }
196
197 bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
198 bag->value.shkeybag = p8;
199
200 return bag;
201}
202
203PKCS12_SAFEBAG *
204PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, const char *pass, int passlen,
205 unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8info)
206{
207 const EVP_CIPHER *pbe_ciph;
208 X509_SIG *p8;
209 PKCS12_SAFEBAG *bag;
210
211 if ((pbe_ciph = EVP_get_cipherbynid(pbe_nid)) != NULL)
212 pbe_nid = -1;
213
214 if ((p8 = PKCS8_encrypt(pbe_nid, pbe_ciph, pass, passlen, salt, saltlen,
215 iter, p8info)) == NULL)
216 return NULL;
217
218 if ((bag = PKCS12_SAFEBAG_create0_pkcs8(p8)) == NULL) {
219 X509_SIG_free(p8);
220 return NULL;
221 }
222
223 return bag;
224}