xref: /openbsd-src/lib/libcrypto/pkcs12/p12_asn.c (revision c1a45aed656e7d5627c30c92421893a76f370ccb) 
1 /* $OpenBSD: p12_asn.c,v 1.10 2022/01/14 08:16:13 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs12.h>
63 
64 /* PKCS#12 ASN1 module */
65 
66 static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
67 	{
68 		.flags = 0,
69 		.tag = 0,
70 		.offset = offsetof(PKCS12, version),
71 		.field_name = "version",
72 		.item = &ASN1_INTEGER_it,
73 	},
74 	{
75 		.flags = 0,
76 		.tag = 0,
77 		.offset = offsetof(PKCS12, authsafes),
78 		.field_name = "authsafes",
79 		.item = &PKCS7_it,
80 	},
81 	{
82 		.flags = ASN1_TFLG_OPTIONAL,
83 		.tag = 0,
84 		.offset = offsetof(PKCS12, mac),
85 		.field_name = "mac",
86 		.item = &PKCS12_MAC_DATA_it,
87 	},
88 };
89 
90 const ASN1_ITEM PKCS12_it = {
91 	.itype = ASN1_ITYPE_SEQUENCE,
92 	.utype = V_ASN1_SEQUENCE,
93 	.templates = PKCS12_seq_tt,
94 	.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
95 	.funcs = NULL,
96 	.size = sizeof(PKCS12),
97 	.sname = "PKCS12",
98 };
99 
100 
101 PKCS12 *
102 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
103 {
104 	return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
105 	    &PKCS12_it);
106 }
107 
108 int
109 i2d_PKCS12(PKCS12 *a, unsigned char **out)
110 {
111 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
112 }
113 
114 PKCS12 *
115 PKCS12_new(void)
116 {
117 	return (PKCS12 *)ASN1_item_new(&PKCS12_it);
118 }
119 
120 void
121 PKCS12_free(PKCS12 *a)
122 {
123 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
124 }
125 
126 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
127 	{
128 		.flags = 0,
129 		.tag = 0,
130 		.offset = offsetof(PKCS12_MAC_DATA, dinfo),
131 		.field_name = "dinfo",
132 		.item = &X509_SIG_it,
133 	},
134 	{
135 		.flags = 0,
136 		.tag = 0,
137 		.offset = offsetof(PKCS12_MAC_DATA, salt),
138 		.field_name = "salt",
139 		.item = &ASN1_OCTET_STRING_it,
140 	},
141 	{
142 		.flags = ASN1_TFLG_OPTIONAL,
143 		.tag = 0,
144 		.offset = offsetof(PKCS12_MAC_DATA, iter),
145 		.field_name = "iter",
146 		.item = &ASN1_INTEGER_it,
147 	},
148 };
149 
150 const ASN1_ITEM PKCS12_MAC_DATA_it = {
151 	.itype = ASN1_ITYPE_SEQUENCE,
152 	.utype = V_ASN1_SEQUENCE,
153 	.templates = PKCS12_MAC_DATA_seq_tt,
154 	.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
155 	.funcs = NULL,
156 	.size = sizeof(PKCS12_MAC_DATA),
157 	.sname = "PKCS12_MAC_DATA",
158 };
159 
160 
161 PKCS12_MAC_DATA *
162 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
163 {
164 	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
165 	    &PKCS12_MAC_DATA_it);
166 }
167 
168 int
169 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
170 {
171 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
172 }
173 
174 PKCS12_MAC_DATA *
175 PKCS12_MAC_DATA_new(void)
176 {
177 	return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
178 }
179 
180 void
181 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
182 {
183 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
184 }
185 
186 static const ASN1_TEMPLATE bag_default_tt = {
187 	.flags = ASN1_TFLG_EXPLICIT,
188 	.tag = 0,
189 	.offset = offsetof(PKCS12_BAGS, value.other),
190 	.field_name = "value.other",
191 	.item = &ASN1_ANY_it,
192 };
193 
194 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
195 	{
196 		.value = NID_x509Certificate,
197 		.tt = {
198 			.flags = ASN1_TFLG_EXPLICIT,
199 			.tag = 0,
200 			.offset = offsetof(PKCS12_BAGS, value.x509cert),
201 			.field_name = "value.x509cert",
202 			.item = &ASN1_OCTET_STRING_it,
203 		},
204 
205 	},
206 	{
207 		.value = NID_x509Crl,
208 		.tt = {
209 			.flags = ASN1_TFLG_EXPLICIT,
210 			.tag = 0,
211 			.offset = offsetof(PKCS12_BAGS, value.x509crl),
212 			.field_name = "value.x509crl",
213 			.item = &ASN1_OCTET_STRING_it,
214 		},
215 
216 	},
217 	{
218 		.value = NID_sdsiCertificate,
219 		.tt = {
220 			.flags = ASN1_TFLG_EXPLICIT,
221 			.tag = 0,
222 			.offset = offsetof(PKCS12_BAGS, value.sdsicert),
223 			.field_name = "value.sdsicert",
224 			.item = &ASN1_IA5STRING_it,
225 		},
226 
227 	},
228 };
229 
230 static const ASN1_ADB PKCS12_BAGS_adb = {
231 	.flags = 0,
232 	.offset = offsetof(PKCS12_BAGS, type),
233 	.tbl = PKCS12_BAGS_adbtbl,
234 	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
235 	.default_tt = &bag_default_tt,
236 	.null_tt = NULL,
237 };
238 
239 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
240 	{
241 		.flags = 0,
242 		.tag = 0,
243 		.offset = offsetof(PKCS12_BAGS, type),
244 		.field_name = "type",
245 		.item = &ASN1_OBJECT_it,
246 	},
247 	{
248 		.flags = ASN1_TFLG_ADB_OID,
249 		.tag = -1,
250 		.offset = 0,
251 		.field_name = "PKCS12_BAGS",
252 		.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
253 	},
254 };
255 
256 const ASN1_ITEM PKCS12_BAGS_it = {
257 	.itype = ASN1_ITYPE_SEQUENCE,
258 	.utype = V_ASN1_SEQUENCE,
259 	.templates = PKCS12_BAGS_seq_tt,
260 	.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
261 	.funcs = NULL,
262 	.size = sizeof(PKCS12_BAGS),
263 	.sname = "PKCS12_BAGS",
264 };
265 
266 
267 PKCS12_BAGS *
268 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
269 {
270 	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
271 	    &PKCS12_BAGS_it);
272 }
273 
274 int
275 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
276 {
277 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
278 }
279 
280 PKCS12_BAGS *
281 PKCS12_BAGS_new(void)
282 {
283 	return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
284 }
285 
286 void
287 PKCS12_BAGS_free(PKCS12_BAGS *a)
288 {
289 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
290 }
291 
292 static const ASN1_TEMPLATE safebag_default_tt = {
293 	.flags = ASN1_TFLG_EXPLICIT,
294 	.tag = 0,
295 	.offset = offsetof(PKCS12_SAFEBAG, value.other),
296 	.field_name = "value.other",
297 	.item = &ASN1_ANY_it,
298 };
299 
300 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
301 	{
302 		.value = NID_keyBag,
303 		.tt = {
304 			.flags = ASN1_TFLG_EXPLICIT,
305 			.tag = 0,
306 			.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
307 			.field_name = "value.keybag",
308 			.item = &PKCS8_PRIV_KEY_INFO_it,
309 		},
310 
311 	},
312 	{
313 		.value = NID_pkcs8ShroudedKeyBag,
314 		.tt = {
315 			.flags = ASN1_TFLG_EXPLICIT,
316 			.tag = 0,
317 			.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
318 			.field_name = "value.shkeybag",
319 			.item = &X509_SIG_it,
320 		},
321 
322 	},
323 	{
324 		.value = NID_safeContentsBag,
325 		.tt = {
326 			.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SET_OF,
327 			.tag = 0,
328 			.offset = offsetof(PKCS12_SAFEBAG, value.safes),
329 			.field_name = "value.safes",
330 			.item = &PKCS12_SAFEBAG_it,
331 		},
332 	},
333 	{
334 		.value = NID_certBag,
335 		.tt = {
336 			.flags = ASN1_TFLG_EXPLICIT,
337 			.tag = 0,
338 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
339 			.field_name = "value.bag",
340 			.item = &PKCS12_BAGS_it,
341 		},
342 
343 	},
344 	{
345 		.value = NID_crlBag,
346 		.tt = {
347 			.flags = ASN1_TFLG_EXPLICIT,
348 			.tag = 0,
349 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
350 			.field_name = "value.bag",
351 			.item = &PKCS12_BAGS_it,
352 		},
353 
354 	},
355 	{
356 		.value = NID_secretBag,
357 		.tt = {
358 			.flags = ASN1_TFLG_EXPLICIT,
359 			.tag = 0,
360 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
361 			.field_name = "value.bag",
362 			.item = &PKCS12_BAGS_it,
363 		},
364 
365 	},
366 };
367 
368 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
369 	.flags = 0,
370 	.offset = offsetof(PKCS12_SAFEBAG, type),
371 	.tbl = PKCS12_SAFEBAG_adbtbl,
372 	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
373 	.default_tt = &safebag_default_tt,
374 	.null_tt = NULL,
375 };
376 
377 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
378 	{
379 		.flags = 0,
380 		.tag = 0,
381 		.offset = offsetof(PKCS12_SAFEBAG, type),
382 		.field_name = "type",
383 		.item = &ASN1_OBJECT_it,
384 	},
385 	{
386 		.flags = ASN1_TFLG_ADB_OID,
387 		.tag = -1,
388 		.offset = 0,
389 		.field_name = "PKCS12_SAFEBAG",
390 		.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
391 	},
392 	{
393 		.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
394 		.tag = 0,
395 		.offset = offsetof(PKCS12_SAFEBAG, attrib),
396 		.field_name = "attrib",
397 		.item = &X509_ATTRIBUTE_it,
398 	},
399 };
400 
401 const ASN1_ITEM PKCS12_SAFEBAG_it = {
402 	.itype = ASN1_ITYPE_SEQUENCE,
403 	.utype = V_ASN1_SEQUENCE,
404 	.templates = PKCS12_SAFEBAG_seq_tt,
405 	.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
406 	.funcs = NULL,
407 	.size = sizeof(PKCS12_SAFEBAG),
408 	.sname = "PKCS12_SAFEBAG",
409 };
410 
411 
412 PKCS12_SAFEBAG *
413 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
414 {
415 	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
416 	    &PKCS12_SAFEBAG_it);
417 }
418 
419 int
420 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
421 {
422 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
423 }
424 
425 PKCS12_SAFEBAG *
426 PKCS12_SAFEBAG_new(void)
427 {
428 	return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
429 }
430 
431 void
432 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
433 {
434 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
435 }
436 
437 /* SEQUENCE OF SafeBag */
438 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
439 	.flags = ASN1_TFLG_SEQUENCE_OF,
440 	.tag = 0,
441 	.offset = 0,
442 	.field_name = "PKCS12_SAFEBAGS",
443 	.item = &PKCS12_SAFEBAG_it,
444 };
445 
446 const ASN1_ITEM PKCS12_SAFEBAGS_it = {
447 	.itype = ASN1_ITYPE_PRIMITIVE,
448 	.utype = -1,
449 	.templates = &PKCS12_SAFEBAGS_item_tt,
450 	.tcount = 0,
451 	.funcs = NULL,
452 	.size = 0,
453 	.sname = "PKCS12_SAFEBAGS",
454 };
455 
456 /* Authsafes: SEQUENCE OF PKCS7 */
457 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
458 	.flags = ASN1_TFLG_SEQUENCE_OF,
459 	.tag = 0,
460 	.offset = 0,
461 	.field_name = "PKCS12_AUTHSAFES",
462 	.item = &PKCS7_it,
463 };
464 
465 const ASN1_ITEM PKCS12_AUTHSAFES_it = {
466 	.itype = ASN1_ITYPE_PRIMITIVE,
467 	.utype = -1,
468 	.templates = &PKCS12_AUTHSAFES_item_tt,
469 	.tcount = 0,
470 	.funcs = NULL,
471 	.size = 0,
472 	.sname = "PKCS12_AUTHSAFES",
473 };
474 
475