xref: /openbsd-src/lib/libcrypto/pkcs12/p12_asn.c (revision ff0e7be1ebbcc809ea8ad2b6dafe215824da9e46) 
1 /* $OpenBSD: p12_asn.c,v 1.14 2023/02/16 08:38:17 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3  * project 1999.
4  */
5 /* ====================================================================
6  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <stdio.h>
60 
61 #include <openssl/asn1t.h>
62 #include <openssl/pkcs12.h>
63 
64 #include "pkcs12_local.h"
65 
66 /* PKCS#12 ASN1 module */
67 
68 static const ASN1_TEMPLATE PKCS12_seq_tt[] = {
69 	{
70 		.flags = 0,
71 		.tag = 0,
72 		.offset = offsetof(PKCS12, version),
73 		.field_name = "version",
74 		.item = &ASN1_INTEGER_it,
75 	},
76 	{
77 		.flags = 0,
78 		.tag = 0,
79 		.offset = offsetof(PKCS12, authsafes),
80 		.field_name = "authsafes",
81 		.item = &PKCS7_it,
82 	},
83 	{
84 		.flags = ASN1_TFLG_OPTIONAL,
85 		.tag = 0,
86 		.offset = offsetof(PKCS12, mac),
87 		.field_name = "mac",
88 		.item = &PKCS12_MAC_DATA_it,
89 	},
90 };
91 
92 const ASN1_ITEM PKCS12_it = {
93 	.itype = ASN1_ITYPE_SEQUENCE,
94 	.utype = V_ASN1_SEQUENCE,
95 	.templates = PKCS12_seq_tt,
96 	.tcount = sizeof(PKCS12_seq_tt) / sizeof(ASN1_TEMPLATE),
97 	.funcs = NULL,
98 	.size = sizeof(PKCS12),
99 	.sname = "PKCS12",
100 };
101 
102 
103 PKCS12 *
104 d2i_PKCS12(PKCS12 **a, const unsigned char **in, long len)
105 {
106 	return (PKCS12 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
107 	    &PKCS12_it);
108 }
109 LCRYPTO_ALIAS(d2i_PKCS12);
110 
111 int
112 i2d_PKCS12(PKCS12 *a, unsigned char **out)
113 {
114 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_it);
115 }
116 LCRYPTO_ALIAS(i2d_PKCS12);
117 
118 PKCS12 *
119 PKCS12_new(void)
120 {
121 	return (PKCS12 *)ASN1_item_new(&PKCS12_it);
122 }
123 LCRYPTO_ALIAS(PKCS12_new);
124 
125 void
126 PKCS12_free(PKCS12 *a)
127 {
128 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_it);
129 }
130 LCRYPTO_ALIAS(PKCS12_free);
131 
132 static const ASN1_TEMPLATE PKCS12_MAC_DATA_seq_tt[] = {
133 	{
134 		.flags = 0,
135 		.tag = 0,
136 		.offset = offsetof(PKCS12_MAC_DATA, dinfo),
137 		.field_name = "dinfo",
138 		.item = &X509_SIG_it,
139 	},
140 	{
141 		.flags = 0,
142 		.tag = 0,
143 		.offset = offsetof(PKCS12_MAC_DATA, salt),
144 		.field_name = "salt",
145 		.item = &ASN1_OCTET_STRING_it,
146 	},
147 	{
148 		.flags = ASN1_TFLG_OPTIONAL,
149 		.tag = 0,
150 		.offset = offsetof(PKCS12_MAC_DATA, iter),
151 		.field_name = "iter",
152 		.item = &ASN1_INTEGER_it,
153 	},
154 };
155 
156 const ASN1_ITEM PKCS12_MAC_DATA_it = {
157 	.itype = ASN1_ITYPE_SEQUENCE,
158 	.utype = V_ASN1_SEQUENCE,
159 	.templates = PKCS12_MAC_DATA_seq_tt,
160 	.tcount = sizeof(PKCS12_MAC_DATA_seq_tt) / sizeof(ASN1_TEMPLATE),
161 	.funcs = NULL,
162 	.size = sizeof(PKCS12_MAC_DATA),
163 	.sname = "PKCS12_MAC_DATA",
164 };
165 
166 
167 PKCS12_MAC_DATA *
168 d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
169 {
170 	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
171 	    &PKCS12_MAC_DATA_it);
172 }
173 LCRYPTO_ALIAS(d2i_PKCS12_MAC_DATA);
174 
175 int
176 i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **out)
177 {
178 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_MAC_DATA_it);
179 }
180 LCRYPTO_ALIAS(i2d_PKCS12_MAC_DATA);
181 
182 PKCS12_MAC_DATA *
183 PKCS12_MAC_DATA_new(void)
184 {
185 	return (PKCS12_MAC_DATA *)ASN1_item_new(&PKCS12_MAC_DATA_it);
186 }
187 LCRYPTO_ALIAS(PKCS12_MAC_DATA_new);
188 
189 void
190 PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a)
191 {
192 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_MAC_DATA_it);
193 }
194 LCRYPTO_ALIAS(PKCS12_MAC_DATA_free);
195 
196 static const ASN1_TEMPLATE bag_default_tt = {
197 	.flags = ASN1_TFLG_EXPLICIT,
198 	.tag = 0,
199 	.offset = offsetof(PKCS12_BAGS, value.other),
200 	.field_name = "value.other",
201 	.item = &ASN1_ANY_it,
202 };
203 
204 static const ASN1_ADB_TABLE PKCS12_BAGS_adbtbl[] = {
205 	{
206 		.value = NID_x509Certificate,
207 		.tt = {
208 			.flags = ASN1_TFLG_EXPLICIT,
209 			.tag = 0,
210 			.offset = offsetof(PKCS12_BAGS, value.x509cert),
211 			.field_name = "value.x509cert",
212 			.item = &ASN1_OCTET_STRING_it,
213 		},
214 
215 	},
216 	{
217 		.value = NID_x509Crl,
218 		.tt = {
219 			.flags = ASN1_TFLG_EXPLICIT,
220 			.tag = 0,
221 			.offset = offsetof(PKCS12_BAGS, value.x509crl),
222 			.field_name = "value.x509crl",
223 			.item = &ASN1_OCTET_STRING_it,
224 		},
225 
226 	},
227 	{
228 		.value = NID_sdsiCertificate,
229 		.tt = {
230 			.flags = ASN1_TFLG_EXPLICIT,
231 			.tag = 0,
232 			.offset = offsetof(PKCS12_BAGS, value.sdsicert),
233 			.field_name = "value.sdsicert",
234 			.item = &ASN1_IA5STRING_it,
235 		},
236 
237 	},
238 };
239 
240 static const ASN1_ADB PKCS12_BAGS_adb = {
241 	.flags = 0,
242 	.offset = offsetof(PKCS12_BAGS, type),
243 	.tbl = PKCS12_BAGS_adbtbl,
244 	.tblcount = sizeof(PKCS12_BAGS_adbtbl) / sizeof(ASN1_ADB_TABLE),
245 	.default_tt = &bag_default_tt,
246 	.null_tt = NULL,
247 };
248 
249 static const ASN1_TEMPLATE PKCS12_BAGS_seq_tt[] = {
250 	{
251 		.flags = 0,
252 		.tag = 0,
253 		.offset = offsetof(PKCS12_BAGS, type),
254 		.field_name = "type",
255 		.item = &ASN1_OBJECT_it,
256 	},
257 	{
258 		.flags = ASN1_TFLG_ADB_OID,
259 		.tag = -1,
260 		.offset = 0,
261 		.field_name = "PKCS12_BAGS",
262 		.item = (const ASN1_ITEM *)&PKCS12_BAGS_adb,
263 	},
264 };
265 
266 const ASN1_ITEM PKCS12_BAGS_it = {
267 	.itype = ASN1_ITYPE_SEQUENCE,
268 	.utype = V_ASN1_SEQUENCE,
269 	.templates = PKCS12_BAGS_seq_tt,
270 	.tcount = sizeof(PKCS12_BAGS_seq_tt) / sizeof(ASN1_TEMPLATE),
271 	.funcs = NULL,
272 	.size = sizeof(PKCS12_BAGS),
273 	.sname = "PKCS12_BAGS",
274 };
275 
276 
277 PKCS12_BAGS *
278 d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
279 {
280 	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
281 	    &PKCS12_BAGS_it);
282 }
283 LCRYPTO_ALIAS(d2i_PKCS12_BAGS);
284 
285 int
286 i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **out)
287 {
288 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_BAGS_it);
289 }
290 LCRYPTO_ALIAS(i2d_PKCS12_BAGS);
291 
292 PKCS12_BAGS *
293 PKCS12_BAGS_new(void)
294 {
295 	return (PKCS12_BAGS *)ASN1_item_new(&PKCS12_BAGS_it);
296 }
297 LCRYPTO_ALIAS(PKCS12_BAGS_new);
298 
299 void
300 PKCS12_BAGS_free(PKCS12_BAGS *a)
301 {
302 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_BAGS_it);
303 }
304 LCRYPTO_ALIAS(PKCS12_BAGS_free);
305 
306 static const ASN1_TEMPLATE safebag_default_tt = {
307 	.flags = ASN1_TFLG_EXPLICIT,
308 	.tag = 0,
309 	.offset = offsetof(PKCS12_SAFEBAG, value.other),
310 	.field_name = "value.other",
311 	.item = &ASN1_ANY_it,
312 };
313 
314 static const ASN1_ADB_TABLE PKCS12_SAFEBAG_adbtbl[] = {
315 	{
316 		.value = NID_keyBag,
317 		.tt = {
318 			.flags = ASN1_TFLG_EXPLICIT,
319 			.tag = 0,
320 			.offset = offsetof(PKCS12_SAFEBAG, value.keybag),
321 			.field_name = "value.keybag",
322 			.item = &PKCS8_PRIV_KEY_INFO_it,
323 		},
324 
325 	},
326 	{
327 		.value = NID_pkcs8ShroudedKeyBag,
328 		.tt = {
329 			.flags = ASN1_TFLG_EXPLICIT,
330 			.tag = 0,
331 			.offset = offsetof(PKCS12_SAFEBAG, value.shkeybag),
332 			.field_name = "value.shkeybag",
333 			.item = &X509_SIG_it,
334 		},
335 
336 	},
337 	{
338 		.value = NID_safeContentsBag,
339 		.tt = {
340 			.flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF,
341 			.tag = 0,
342 			.offset = offsetof(PKCS12_SAFEBAG, value.safes),
343 			.field_name = "value.safes",
344 			.item = &PKCS12_SAFEBAG_it,
345 		},
346 	},
347 	{
348 		.value = NID_certBag,
349 		.tt = {
350 			.flags = ASN1_TFLG_EXPLICIT,
351 			.tag = 0,
352 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
353 			.field_name = "value.bag",
354 			.item = &PKCS12_BAGS_it,
355 		},
356 
357 	},
358 	{
359 		.value = NID_crlBag,
360 		.tt = {
361 			.flags = ASN1_TFLG_EXPLICIT,
362 			.tag = 0,
363 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
364 			.field_name = "value.bag",
365 			.item = &PKCS12_BAGS_it,
366 		},
367 
368 	},
369 	{
370 		.value = NID_secretBag,
371 		.tt = {
372 			.flags = ASN1_TFLG_EXPLICIT,
373 			.tag = 0,
374 			.offset = offsetof(PKCS12_SAFEBAG, value.bag),
375 			.field_name = "value.bag",
376 			.item = &PKCS12_BAGS_it,
377 		},
378 
379 	},
380 };
381 
382 static const ASN1_ADB PKCS12_SAFEBAG_adb = {
383 	.flags = 0,
384 	.offset = offsetof(PKCS12_SAFEBAG, type),
385 	.tbl = PKCS12_SAFEBAG_adbtbl,
386 	.tblcount = sizeof(PKCS12_SAFEBAG_adbtbl) / sizeof(ASN1_ADB_TABLE),
387 	.default_tt = &safebag_default_tt,
388 	.null_tt = NULL,
389 };
390 
391 static const ASN1_TEMPLATE PKCS12_SAFEBAG_seq_tt[] = {
392 	{
393 		.flags = 0,
394 		.tag = 0,
395 		.offset = offsetof(PKCS12_SAFEBAG, type),
396 		.field_name = "type",
397 		.item = &ASN1_OBJECT_it,
398 	},
399 	{
400 		.flags = ASN1_TFLG_ADB_OID,
401 		.tag = -1,
402 		.offset = 0,
403 		.field_name = "PKCS12_SAFEBAG",
404 		.item = (const ASN1_ITEM *)&PKCS12_SAFEBAG_adb,
405 	},
406 	{
407 		.flags = ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
408 		.tag = 0,
409 		.offset = offsetof(PKCS12_SAFEBAG, attrib),
410 		.field_name = "attrib",
411 		.item = &X509_ATTRIBUTE_it,
412 	},
413 };
414 
415 const ASN1_ITEM PKCS12_SAFEBAG_it = {
416 	.itype = ASN1_ITYPE_SEQUENCE,
417 	.utype = V_ASN1_SEQUENCE,
418 	.templates = PKCS12_SAFEBAG_seq_tt,
419 	.tcount = sizeof(PKCS12_SAFEBAG_seq_tt) / sizeof(ASN1_TEMPLATE),
420 	.funcs = NULL,
421 	.size = sizeof(PKCS12_SAFEBAG),
422 	.sname = "PKCS12_SAFEBAG",
423 };
424 
425 
426 PKCS12_SAFEBAG *
427 d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
428 {
429 	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
430 	    &PKCS12_SAFEBAG_it);
431 }
432 LCRYPTO_ALIAS(d2i_PKCS12_SAFEBAG);
433 
434 int
435 i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **out)
436 {
437 	return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS12_SAFEBAG_it);
438 }
439 LCRYPTO_ALIAS(i2d_PKCS12_SAFEBAG);
440 
441 PKCS12_SAFEBAG *
442 PKCS12_SAFEBAG_new(void)
443 {
444 	return (PKCS12_SAFEBAG *)ASN1_item_new(&PKCS12_SAFEBAG_it);
445 }
446 LCRYPTO_ALIAS(PKCS12_SAFEBAG_new);
447 
448 void
449 PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a)
450 {
451 	ASN1_item_free((ASN1_VALUE *)a, &PKCS12_SAFEBAG_it);
452 }
453 LCRYPTO_ALIAS(PKCS12_SAFEBAG_free);
454 
455 /* SEQUENCE OF SafeBag */
456 static const ASN1_TEMPLATE PKCS12_SAFEBAGS_item_tt = {
457 	.flags = ASN1_TFLG_SEQUENCE_OF,
458 	.tag = 0,
459 	.offset = 0,
460 	.field_name = "PKCS12_SAFEBAGS",
461 	.item = &PKCS12_SAFEBAG_it,
462 };
463 
464 const ASN1_ITEM PKCS12_SAFEBAGS_it = {
465 	.itype = ASN1_ITYPE_PRIMITIVE,
466 	.utype = -1,
467 	.templates = &PKCS12_SAFEBAGS_item_tt,
468 	.tcount = 0,
469 	.funcs = NULL,
470 	.size = 0,
471 	.sname = "PKCS12_SAFEBAGS",
472 };
473 
474 /* Authsafes: SEQUENCE OF PKCS7 */
475 static const ASN1_TEMPLATE PKCS12_AUTHSAFES_item_tt = {
476 	.flags = ASN1_TFLG_SEQUENCE_OF,
477 	.tag = 0,
478 	.offset = 0,
479 	.field_name = "PKCS12_AUTHSAFES",
480 	.item = &PKCS7_it,
481 };
482 
483 const ASN1_ITEM PKCS12_AUTHSAFES_it = {
484 	.itype = ASN1_ITYPE_PRIMITIVE,
485 	.utype = -1,
486 	.templates = &PKCS12_AUTHSAFES_item_tt,
487 	.tcount = 0,
488 	.funcs = NULL,
489 	.size = 0,
490 	.sname = "PKCS12_AUTHSAFES",
491 };
492