xref: /openbsd-src/lib/libcrypto/pkcs12/p12_asn.c (revision 53555c846a0a6f917dbd0a191f826da995ab1c42) 
1 /* $OpenBSD: p12_asn.c,v 1.16 2024/07/09 06:13:22 beck Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs12.h>
63 
64 #include "pkcs12_local.h"
65 
66 /* PKCS#12 ASN1 module */
67 
68 static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
69 	{
70 		.flags = 0,
71 		.tag = 0,
72 		.offset = offsetof(PKCS12, version),
73 		.field_name = "version",
74 		.item = &ASN1_INTEGER_it,
75 	},
76 	{
77 		.flags = 0,
78 		.tag = 0,
79 		.offset = offsetof(PKCS12, authsafes),
80 		.field_name = "authsafes",
81 		.item = &PKCS7_it,
82 	},
83 	{
84 		.flags = ASN1_TFLG_OPTIONAL,
85 		.tag = 0,
86 		.offset = offsetof(PKCS12, mac),
87 		.field_name = "mac",
88 		.item = &PKCS12_MAC_DATA_it,
89 	},
90 };
91 
92 const ASN1_ITEM PKCS12_it = {
93 	.itype = ASN1_ITYPE_SEQUENCE,
94 	.utype = V_ASN1_SEQUENCE,
95 	.templates = PKCS12_seq_tt,
96 	.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
97 	.funcs = NULL,
98 	.size = sizeof(PKCS12),
99 	.sname = "PKCS12",
100 };
101 LCRYPTO_ALIAS(PKCS12_it);
102 
103 
104 PKCS12 *
105 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
106 {
107 	return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
108 	    &PKCS12_it);
109 }
110 LCRYPTO_ALIAS(d2i_PKCS12);
111 
112 int
113 i2d_PKCS12(PKCS12 *a, unsigned char **out)
114 {
115 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
116 }
117 LCRYPTO_ALIAS(i2d_PKCS12);
118 
119 PKCS12 *
120 PKCS12_new(void)
121 {
122 	return (PKCS12 *)ASN1_item_new(&PKCS12_it);
123 }
124 LCRYPTO_ALIAS(PKCS12_new);
125 
126 void
127 PKCS12_free(PKCS12 *a)
128 {
129 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
130 }
131 LCRYPTO_ALIAS(PKCS12_free);
132 
133 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
134 	{
135 		.flags = 0,
136 		.tag = 0,
137 		.offset = offsetof(PKCS12_MAC_DATA, dinfo),
138 		.field_name = "dinfo",
139 		.item = &X509_SIG_it,
140 	},
141 	{
142 		.flags = 0,
143 		.tag = 0,
144 		.offset = offsetof(PKCS12_MAC_DATA, salt),
145 		.field_name = "salt",
146 		.item = &ASN1_OCTET_STRING_it,
147 	},
148 	{
149 		.flags = ASN1_TFLG_OPTIONAL,
150 		.tag = 0,
151 		.offset = offsetof(PKCS12_MAC_DATA, iter),
152 		.field_name = "iter",
153 		.item = &ASN1_INTEGER_it,
154 	},
155 };
156 
157 const ASN1_ITEM PKCS12_MAC_DATA_it = {
158 	.itype = ASN1_ITYPE_SEQUENCE,
159 	.utype = V_ASN1_SEQUENCE,
160 	.templates = PKCS12_MAC_DATA_seq_tt,
161 	.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
162 	.funcs = NULL,
163 	.size = sizeof(PKCS12_MAC_DATA),
164 	.sname = "PKCS12_MAC_DATA",
165 };
166 
167 
168 PKCS12_MAC_DATA *
169 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
170 {
171 	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
172 	    &PKCS12_MAC_DATA_it);
173 }
174 
175 int
176 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
177 {
178 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
179 }
180 
181 PKCS12_MAC_DATA *
182 PKCS12_MAC_DATA_new(void)
183 {
184 	return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
185 }
186 
187 void
188 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
189 {
190 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
191 }
192 
193 static const ASN1_TEMPLATE bag_default_tt = {
194 	.flags = ASN1_TFLG_EXPLICIT,
195 	.tag = 0,
196 	.offset = offsetof(PKCS12_BAGS, value.other),
197 	.field_name = "value.other",
198 	.item = &ASN1_ANY_it,
199 };
200 
201 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
202 	{
203 		.value = NID_x509Certificate,
204 		.tt = {
205 			.flags = ASN1_TFLG_EXPLICIT,
206 			.tag = 0,
207 			.offset = offsetof(PKCS12_BAGS, value.x509cert),
208 			.field_name = "value.x509cert",
209 			.item = &ASN1_OCTET_STRING_it,
210 		},
211 
212 	},
213 	{
214 		.value = NID_x509Crl,
215 		.tt = {
216 			.flags = ASN1_TFLG_EXPLICIT,
217 			.tag = 0,
218 			.offset = offsetof(PKCS12_BAGS, value.x509crl),
219 			.field_name = "value.x509crl",
220 			.item = &ASN1_OCTET_STRING_it,
221 		},
222 
223 	},
224 	{
225 		.value = NID_sdsiCertificate,
226 		.tt = {
227 			.flags = ASN1_TFLG_EXPLICIT,
228 			.tag = 0,
229 			.offset = offsetof(PKCS12_BAGS, value.sdsicert),
230 			.field_name = "value.sdsicert",
231 			.item = &ASN1_IA5STRING_it,
232 		},
233 
234 	},
235 };
236 
237 static const ASN1_ADB PKCS12_BAGS_adb = {
238 	.flags = 0,
239 	.offset = offsetof(PKCS12_BAGS, type),
240 	.tbl = PKCS12_BAGS_adbtbl,
241 	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
242 	.default_tt = &bag_default_tt,
243 	.null_tt = NULL,
244 };
245 
246 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
247 	{
248 		.flags = 0,
249 		.tag = 0,
250 		.offset = offsetof(PKCS12_BAGS, type),
251 		.field_name = "type",
252 		.item = &ASN1_OBJECT_it,
253 	},
254 	{
255 		.flags = ASN1_TFLG_ADB_OID,
256 		.tag = -1,
257 		.offset = 0,
258 		.field_name = "PKCS12_BAGS",
259 		.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
260 	},
261 };
262 
263 const ASN1_ITEM PKCS12_BAGS_it = {
264 	.itype = ASN1_ITYPE_SEQUENCE,
265 	.utype = V_ASN1_SEQUENCE,
266 	.templates = PKCS12_BAGS_seq_tt,
267 	.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
268 	.funcs = NULL,
269 	.size = sizeof(PKCS12_BAGS),
270 	.sname = "PKCS12_BAGS",
271 };
272 
273 
274 PKCS12_BAGS *
275 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
276 {
277 	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
278 	    &PKCS12_BAGS_it);
279 }
280 
281 int
282 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
283 {
284 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
285 }
286 
287 PKCS12_BAGS *
288 PKCS12_BAGS_new(void)
289 {
290 	return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
291 }
292 
293 void
294 PKCS12_BAGS_free(PKCS12_BAGS *a)
295 {
296 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
297 }
298 
299 static const ASN1_TEMPLATE safebag_default_tt = {
300 	.flags = ASN1_TFLG_EXPLICIT,
301 	.tag = 0,
302 	.offset = offsetof(PKCS12_SAFEBAG, value.other),
303 	.field_name = "value.other",
304 	.item = &ASN1_ANY_it,
305 };
306 
307 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
308 	{
309 		.value = NID_keyBag,
310 		.tt = {
311 			.flags = ASN1_TFLG_EXPLICIT,
312 			.tag = 0,
313 			.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
314 			.field_name = "value.keybag",
315 			.item = &PKCS8_PRIV_KEY_INFO_it,
316 		},
317 
318 	},
319 	{
320 		.value = NID_pkcs8ShroudedKeyBag,
321 		.tt = {
322 			.flags = ASN1_TFLG_EXPLICIT,
323 			.tag = 0,
324 			.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
325 			.field_name = "value.shkeybag",
326 			.item = &X509_SIG_it,
327 		},
328 
329 	},
330 	{
331 		.value = NID_safeContentsBag,
332 		.tt = {
333 			.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
334 			.tag = 0,
335 			.offset = offsetof(PKCS12_SAFEBAG, value.safes),
336 			.field_name = "value.safes",
337 			.item = &PKCS12_SAFEBAG_it,
338 		},
339 	},
340 	{
341 		.value = NID_certBag,
342 		.tt = {
343 			.flags = ASN1_TFLG_EXPLICIT,
344 			.tag = 0,
345 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
346 			.field_name = "value.bag",
347 			.item = &PKCS12_BAGS_it,
348 		},
349 
350 	},
351 	{
352 		.value = NID_crlBag,
353 		.tt = {
354 			.flags = ASN1_TFLG_EXPLICIT,
355 			.tag = 0,
356 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
357 			.field_name = "value.bag",
358 			.item = &PKCS12_BAGS_it,
359 		},
360 
361 	},
362 	{
363 		.value = NID_secretBag,
364 		.tt = {
365 			.flags = ASN1_TFLG_EXPLICIT,
366 			.tag = 0,
367 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
368 			.field_name = "value.bag",
369 			.item = &PKCS12_BAGS_it,
370 		},
371 
372 	},
373 };
374 
375 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
376 	.flags = 0,
377 	.offset = offsetof(PKCS12_SAFEBAG, type),
378 	.tbl = PKCS12_SAFEBAG_adbtbl,
379 	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
380 	.default_tt = &safebag_default_tt,
381 	.null_tt = NULL,
382 };
383 
384 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
385 	{
386 		.flags = 0,
387 		.tag = 0,
388 		.offset = offsetof(PKCS12_SAFEBAG, type),
389 		.field_name = "type",
390 		.item = &ASN1_OBJECT_it,
391 	},
392 	{
393 		.flags = ASN1_TFLG_ADB_OID,
394 		.tag = -1,
395 		.offset = 0,
396 		.field_name = "PKCS12_SAFEBAG",
397 		.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
398 	},
399 	{
400 		.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
401 		.tag = 0,
402 		.offset = offsetof(PKCS12_SAFEBAG, attrib),
403 		.field_name = "attrib",
404 		.item = &X509_ATTRIBUTE_it,
405 	},
406 };
407 
408 const ASN1_ITEM PKCS12_SAFEBAG_it = {
409 	.itype = ASN1_ITYPE_SEQUENCE,
410 	.utype = V_ASN1_SEQUENCE,
411 	.templates = PKCS12_SAFEBAG_seq_tt,
412 	.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
413 	.funcs = NULL,
414 	.size = sizeof(PKCS12_SAFEBAG),
415 	.sname = "PKCS12_SAFEBAG",
416 };
417 LCRYPTO_ALIAS(PKCS12_SAFEBAG_it);
418 
419 
420 PKCS12_SAFEBAG *
421 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
422 {
423 	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
424 	    &PKCS12_SAFEBAG_it);
425 }
426 LCRYPTO_ALIAS(d2i_PKCS12_SAFEBAG);
427 
428 int
429 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
430 {
431 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
432 }
433 LCRYPTO_ALIAS(i2d_PKCS12_SAFEBAG);
434 
435 PKCS12_SAFEBAG *
436 PKCS12_SAFEBAG_new(void)
437 {
438 	return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
439 }
440 LCRYPTO_ALIAS(PKCS12_SAFEBAG_new);
441 
442 void
443 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
444 {
445 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
446 }
447 LCRYPTO_ALIAS(PKCS12_SAFEBAG_free);
448 
449 /* SEQUENCE OF SafeBag */
450 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
451 	.flags = ASN1_TFLG_SEQUENCE_OF,
452 	.tag = 0,
453 	.offset = 0,
454 	.field_name = "PKCS12_SAFEBAGS",
455 	.item = &PKCS12_SAFEBAG_it,
456 };
457 
458 const ASN1_ITEM PKCS12_SAFEBAGS_it = {
459 	.itype = ASN1_ITYPE_PRIMITIVE,
460 	.utype = -1,
461 	.templates = &PKCS12_SAFEBAGS_item_tt,
462 	.tcount = 0,
463 	.funcs = NULL,
464 	.size = 0,
465 	.sname = "PKCS12_SAFEBAGS",
466 };
467 
468 /* Authsafes: SEQUENCE OF PKCS7 */
469 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
470 	.flags = ASN1_TFLG_SEQUENCE_OF,
471 	.tag = 0,
472 	.offset = 0,
473 	.field_name = "PKCS12_AUTHSAFES",
474 	.item = &PKCS7_it,
475 };
476 
477 const ASN1_ITEM PKCS12_AUTHSAFES_it = {
478 	.itype = ASN1_ITYPE_PRIMITIVE,
479 	.utype = -1,
480 	.templates = &PKCS12_AUTHSAFES_item_tt,
481 	.tcount = 0,
482 	.funcs = NULL,
483 	.size = 0,
484 	.sname = "PKCS12_AUTHSAFES",
485 };
486