Symaptic: os/ossrv/ssl/libcrypto/src/crypto/pkcs12/p12

sl@0	1	/* p12_crt.c */
sl@0	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
sl@0	3	* project.
sl@0	4	*/
sl@0	5	/* ====================================================================
sl@0	6	* Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved.
sl@0	7	*
sl@0	8	* Redistribution and use in source and binary forms, with or without
sl@0	9	* modification, are permitted provided that the following conditions
sl@0	10	* are met:
sl@0	11	*
sl@0	12	* 1. Redistributions of source code must retain the above copyright
sl@0	13	* notice, this list of conditions and the following disclaimer.
sl@0	14	*
sl@0	15	* 2. Redistributions in binary form must reproduce the above copyright
sl@0	16	* notice, this list of conditions and the following disclaimer in
sl@0	17	* the documentation and/or other materials provided with the
sl@0	18	* distribution.
sl@0	19	*
sl@0	20	* 3. All advertising materials mentioning features or use of this
sl@0	21	* software must display the following acknowledgment:
sl@0	22	* "This product includes software developed by the OpenSSL Project
sl@0	23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
sl@0	24	*
sl@0	25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
sl@0	26	* endorse or promote products derived from this software without
sl@0	27	* prior written permission. For written permission, please contact
sl@0	28	* licensing@OpenSSL.org.
sl@0	29	*
sl@0	30	* 5. Products derived from this software may not be called "OpenSSL"
sl@0	31	* nor may "OpenSSL" appear in their names without prior written
sl@0	32	* permission of the OpenSSL Project.
sl@0	33	*
sl@0	34	* 6. Redistributions of any form whatsoever must retain the following
sl@0	35	* acknowledgment:
sl@0	36	* "This product includes software developed by the OpenSSL Project
sl@0	37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
sl@0	38	*
sl@0	39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
sl@0	40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
sl@0	41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
sl@0	42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
sl@0	43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
sl@0	44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
sl@0	45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
sl@0	46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
sl@0	47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
sl@0	48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
sl@0	49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
sl@0	50	* OF THE POSSIBILITY OF SUCH DAMAGE.
sl@0	51	* ====================================================================
sl@0	52	*
sl@0	53	* This product includes cryptographic software written by Eric Young
sl@0	54	* (eay@cryptsoft.com). This product includes software written by Tim
sl@0	55	* Hudson (tjh@cryptsoft.com).
sl@0	56	*
sl@0	57	*/
sl@0	58
sl@0	59	#include <stdio.h>
sl@0	60	#include "cryptlib.h"
sl@0	61	#include <openssl/pkcs12.h>
sl@0	62
sl@0	63
sl@0	64	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag);
sl@0	65
sl@0	66	EXPORT_C PKCS12 PKCS12_create(char pass, char name, EVP_PKEY pkey, X509 *cert,
sl@0	67	STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
sl@0	68	int keytype)
sl@0	69	{
sl@0	70	PKCS12 *p12 = NULL;
sl@0	71	STACK_OF(PKCS7) *safes = NULL;
sl@0	72	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
sl@0	73	PKCS12_SAFEBAG *bag = NULL;
sl@0	74	int i;
sl@0	75	unsigned char keyid[EVP_MAX_MD_SIZE];
sl@0	76	unsigned int keyidlen = 0;
sl@0	77
sl@0	78	/* Set defaults */
sl@0	79	if (!nid_cert)
sl@0	80	nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
sl@0	81	if (!nid_key)
sl@0	82	nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
sl@0	83	if (!iter)
sl@0	84	iter = PKCS12_DEFAULT_ITER;
sl@0	85	if (!mac_iter)
sl@0	86	mac_iter = 1;
sl@0	87
sl@0	88	if(!pkey && !cert && !ca)
sl@0	89	{
sl@0	90	PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
sl@0	91	return NULL;
sl@0	92	}
sl@0	93
sl@0	94	if (pkey && cert)
sl@0	95	{
sl@0	96	if(!X509_check_private_key(cert, pkey))
sl@0	97	return NULL;
sl@0	98	X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
sl@0	99	}
sl@0	100
sl@0	101	if (cert)
sl@0	102	{
sl@0	103	bag = PKCS12_add_cert(&bags, cert);
sl@0	104	if(name && !PKCS12_add_friendlyname(bag, name, -1))
sl@0	105	goto err;
sl@0	106	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
sl@0	107	goto err;
sl@0	108	}
sl@0	109
sl@0	110	/* Add all other certificates */
sl@0	111	for(i = 0; i < sk_X509_num(ca); i++)
sl@0	112	{
sl@0	113	if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
sl@0	114	goto err;
sl@0	115	}
sl@0	116
sl@0	117	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
sl@0	118	goto err;
sl@0	119
sl@0	120	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sl@0	121	bags = NULL;
sl@0	122
sl@0	123	if (pkey)
sl@0	124	{
sl@0	125	int cspidx;
sl@0	126	bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
sl@0	127
sl@0	128	if (!bag)
sl@0	129	goto err;
sl@0	130
sl@0	131	cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);
sl@0	132	if (cspidx >= 0)
sl@0	133	{
sl@0	134	X509_ATTRIBUTE *cspattr;
sl@0	135	cspattr = EVP_PKEY_get_attr(pkey, cspidx);
sl@0	136	if (!X509at_add1_attr(&bag->attrib, cspattr))
sl@0	137	goto err;
sl@0	138	}
sl@0	139
sl@0	140	if(name && !PKCS12_add_friendlyname(bag, name, -1))
sl@0	141	goto err;
sl@0	142	if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
sl@0	143	goto err;
sl@0	144	}
sl@0	145
sl@0	146	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
sl@0	147	goto err;
sl@0	148
sl@0	149	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sl@0	150	bags = NULL;
sl@0	151
sl@0	152	p12 = PKCS12_add_safes(safes, 0);
sl@0	153
sl@0	154	sk_PKCS7_pop_free(safes, PKCS7_free);
sl@0	155
sl@0	156	safes = NULL;
sl@0	157
sl@0	158	if ((mac_iter != -1) &&
sl@0	159	!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
sl@0	160	goto err;
sl@0	161
sl@0	162	return p12;
sl@0	163
sl@0	164	err:
sl@0	165
sl@0	166	if (p12)
sl@0	167	PKCS12_free(p12);
sl@0	168	if (safes)
sl@0	169	sk_PKCS7_pop_free(safes, PKCS7_free);
sl@0	170	if (bags)
sl@0	171	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
sl@0	172	return NULL;
sl@0	173
sl@0	174	}
sl@0	175
sl@0	176	EXPORT_C PKCS12_SAFEBAG PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) pbags, X509 cert)
sl@0	177	{
sl@0	178	PKCS12_SAFEBAG *bag = NULL;
sl@0	179	char *name;
sl@0	180	int namelen = -1;
sl@0	181	unsigned char *keyid;
sl@0	182	int keyidlen = -1;
sl@0	183
sl@0	184	/* Add user certificate */
sl@0	185	if(!(bag = PKCS12_x5092certbag(cert)))
sl@0	186	goto err;
sl@0	187
sl@0	188	/* Use friendlyName and localKeyID in certificate.
sl@0	189	* (if present)
sl@0	190	*/
sl@0	191
sl@0	192	name = (char *)X509_alias_get0(cert, &namelen);
sl@0	193
sl@0	194	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
sl@0	195	goto err;
sl@0	196
sl@0	197	keyid = X509_keyid_get0(cert, &keyidlen);
sl@0	198
sl@0	199	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
sl@0	200	goto err;
sl@0	201
sl@0	202	if (!pkcs12_add_bag(pbags, bag))
sl@0	203	goto err;
sl@0	204
sl@0	205	return bag;
sl@0	206
sl@0	207	err:
sl@0	208
sl@0	209	if (bag)
sl@0	210	PKCS12_SAFEBAG_free(bag);
sl@0	211
sl@0	212	return NULL;
sl@0	213
sl@0	214	}
sl@0	215
sl@0	216	EXPORT_C PKCS12_SAFEBAG PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) pbags, EVP_PKEY key,
sl@0	217	int key_usage, int iter,
sl@0	218	int nid_key, char *pass)
sl@0	219	{
sl@0	220
sl@0	221	PKCS12_SAFEBAG *bag = NULL;
sl@0	222	PKCS8_PRIV_KEY_INFO *p8 = NULL;
sl@0	223
sl@0	224	/* Make a PKCS#8 structure */
sl@0	225	if(!(p8 = EVP_PKEY2PKCS8(key)))
sl@0	226	goto err;
sl@0	227	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
sl@0	228	goto err;
sl@0	229	if (nid_key != -1)
sl@0	230	{
sl@0	231	bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
sl@0	232	PKCS8_PRIV_KEY_INFO_free(p8);
sl@0	233	}
sl@0	234	else
sl@0	235	bag = PKCS12_MAKE_KEYBAG(p8);
sl@0	236
sl@0	237	if(!bag)
sl@0	238	goto err;
sl@0	239
sl@0	240	if (!pkcs12_add_bag(pbags, bag))
sl@0	241	goto err;
sl@0	242
sl@0	243	return bag;
sl@0	244
sl@0	245	err:
sl@0	246
sl@0	247	if (bag)
sl@0	248	PKCS12_SAFEBAG_free(bag);
sl@0	249
sl@0	250	return NULL;
sl@0	251
sl@0	252	}
sl@0	253
sl@0	254	EXPORT_C int PKCS12_add_safe(STACK_OF(PKCS7) *psafes, STACK_OF(PKCS12_SAFEBAG) bags,
sl@0	255	int nid_safe, int iter, char *pass)
sl@0	256	{
sl@0	257	PKCS7 *p7 = NULL;
sl@0	258	int free_safes = 0;
sl@0	259
sl@0	260	if (!*psafes)
sl@0	261	{
sl@0	262	*psafes = sk_PKCS7_new_null();
sl@0	263	if (!*psafes)
sl@0	264	return 0;
sl@0	265	free_safes = 1;
sl@0	266	}
sl@0	267	else
sl@0	268	free_safes = 0;
sl@0	269
sl@0	270	if (nid_safe == 0)
sl@0	271	nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
sl@0	272
sl@0	273	if (nid_safe == -1)
sl@0	274	p7 = PKCS12_pack_p7data(bags);
sl@0	275	else
sl@0	276	p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
sl@0	277	iter, bags);
sl@0	278	if (!p7)
sl@0	279	goto err;
sl@0	280
sl@0	281	if (!sk_PKCS7_push(*psafes, p7))
sl@0	282	goto err;
sl@0	283
sl@0	284	return 1;
sl@0	285
sl@0	286	err:
sl@0	287	if (free_safes)
sl@0	288	{
sl@0	289	sk_PKCS7_free(*psafes);
sl@0	290	*psafes = NULL;
sl@0	291	}
sl@0	292
sl@0	293	if (p7)
sl@0	294	PKCS7_free(p7);
sl@0	295
sl@0	296	return 0;
sl@0	297
sl@0	298	}
sl@0	299
sl@0	300	static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) *pbags, PKCS12_SAFEBAG bag)
sl@0	301	{
sl@0	302	int free_bags;
sl@0	303	if (!pbags)
sl@0	304	return 1;
sl@0	305	if (!*pbags)
sl@0	306	{
sl@0	307	*pbags = sk_PKCS12_SAFEBAG_new_null();
sl@0	308	if (!*pbags)
sl@0	309	return 0;
sl@0	310	free_bags = 1;
sl@0	311	}
sl@0	312	else
sl@0	313	free_bags = 0;
sl@0	314
sl@0	315	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
sl@0	316	{
sl@0	317	if (free_bags)
sl@0	318	{
sl@0	319	sk_PKCS12_SAFEBAG_free(*pbags);
sl@0	320	*pbags = NULL;
sl@0	321	}
sl@0	322	return 0;
sl@0	323	}
sl@0	324
sl@0	325	return 1;
sl@0	326
sl@0	327	}
sl@0	328
sl@0	329
sl@0	330	EXPORT_C PKCS12 PKCS12_add_safes(STACK_OF(PKCS7) safes, int nid_p7)
sl@0	331	{
sl@0	332	PKCS12 *p12;
sl@0	333	if (nid_p7 <= 0)
sl@0	334	nid_p7 = NID_pkcs7_data;
sl@0	335	p12 = PKCS12_init(nid_p7);
sl@0	336
sl@0	337	if (!p12)
sl@0	338	return NULL;
sl@0	339
sl@0	340	if(!PKCS12_pack_authsafes(p12, safes))
sl@0	341	{
sl@0	342	PKCS12_free(p12);
sl@0	343	return NULL;
sl@0	344	}
sl@0	345
sl@0	346	return p12;
sl@0	347
sl@0	348	}

author	sl
	Tue, 10 Jun 2014 14:32:02 +0200
changeset 1	260cb5ec6c19
permissions	-rw-r--r--