1 /* p12_crt.c */

     2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL

     3  * project.

     4  */

     5 /* ====================================================================

     6  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.

     7  *

     8  * Redistribution and use in source and binary forms, with or without

     9  * modification, are permitted provided that the following conditions

    10  * are met:

    11  *

    12  * 1. Redistributions of source code must retain the above copyright

    13  *    notice, this list of conditions and the following disclaimer. 

    14  *

    15  * 2. Redistributions in binary form must reproduce the above copyright

    16  *    notice, this list of conditions and the following disclaimer in

    17  *    the documentation and/or other materials provided with the

    18  *    distribution.

    19  *

    20  * 3. All advertising materials mentioning features or use of this

    21  *    software must display the following acknowledgment:

    22  *    "This product includes software developed by the OpenSSL Project

    23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"

    24  *

    25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to

    26  *    endorse or promote products derived from this software without

    27  *    prior written permission. For written permission, please contact

    28  *    licensing@OpenSSL.org.

    29  *

    30  * 5. Products derived from this software may not be called "OpenSSL"

    31  *    nor may "OpenSSL" appear in their names without prior written

    32  *    permission of the OpenSSL Project.

    33  *

    34  * 6. Redistributions of any form whatsoever must retain the following

    35  *    acknowledgment:

    36  *    "This product includes software developed by the OpenSSL Project

    37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"

    38  *

    39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY

    40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR

    42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR

    43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,

    44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT

    45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

    46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,

    48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)

    49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED

    50  * OF THE POSSIBILITY OF SUCH DAMAGE.

    51  * ====================================================================

    52  *

    53  * This product includes cryptographic software written by Eric Young

    54  * (eay@cryptsoft.com).  This product includes software written by Tim

    55  * Hudson (tjh@cryptsoft.com).

    56  *

    57  */

    58 

    59 #include <stdio.h>

    60 #include "cryptlib.h"

    61 #include <openssl/pkcs12.h>

    62 

    63 

    64 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);

    65 

    66 EXPORT_C PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,

    67 	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,

    68 	     int keytype)

    69 {

    70 	PKCS12 *p12 = NULL;

    71 	STACK_OF(PKCS7) *safes = NULL;

    72 	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;

    73 	PKCS12_SAFEBAG *bag = NULL;

    74 	int i;

    75 	unsigned char keyid[EVP_MAX_MD_SIZE];

    76 	unsigned int keyidlen = 0;

    77 

    78 	/* Set defaults */

    79 	if (!nid_cert)

    80 		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;

    81 	if (!nid_key)

    82 		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;

    83 	if (!iter)

    84 		iter = PKCS12_DEFAULT_ITER;

    85 	if (!mac_iter)

    86 		mac_iter = 1;

    87 

    88 	if(!pkey && !cert && !ca)

    89 		{

    90 		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);

    91 		return NULL;

    92 		}

    93 

    94 	if (pkey && cert)

    95 		{

    96 		if(!X509_check_private_key(cert, pkey))

    97 			return NULL;

    98 		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);

    99 		}

   100 

   101 	if (cert)

   102 		{

   103 		bag = PKCS12_add_cert(&bags, cert);

   104 		if(name && !PKCS12_add_friendlyname(bag, name, -1))

   105 			goto err;

   106 		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

   107 			goto err;

   108 		}

   109 

   110 	/* Add all other certificates */

   111 	for(i = 0; i < sk_X509_num(ca); i++)

   112 		{

   113 		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))

   114 			goto err;

   115 		}

   116 

   117 	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))

   118 			goto err;

   119 

   120 	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

   121 	bags = NULL;

   122 

   123 	if (pkey)

   124 		{

   125 		int cspidx;

   126 		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);

   127 

   128 		if (!bag)

   129 			goto err;

   130 

   131 		cspidx = EVP_PKEY_get_attr_by_NID(pkey, NID_ms_csp_name, -1);

   132 		if (cspidx >= 0)

   133 			{

   134 			X509_ATTRIBUTE *cspattr;

   135 			cspattr = EVP_PKEY_get_attr(pkey, cspidx);

   136 			if (!X509at_add1_attr(&bag->attrib, cspattr))

   137 				goto err;

   138 			}

   139 

   140 		if(name && !PKCS12_add_friendlyname(bag, name, -1))

   141 			goto err;

   142 		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

   143 			goto err;

   144 		}

   145 

   146 	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))

   147 			goto err;

   148 

   149 	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

   150 	bags = NULL;

   151 

   152 	p12 = PKCS12_add_safes(safes, 0);

   153 

   154 	sk_PKCS7_pop_free(safes, PKCS7_free);

   155 

   156 	safes = NULL;

   157 

   158 	if ((mac_iter != -1) &&

   159 		!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))

   160 	    goto err;

   161 

   162 	return p12;

   163 

   164 	err:

   165 

   166 	if (p12)

   167 		PKCS12_free(p12);

   168 	if (safes)

   169 		sk_PKCS7_pop_free(safes, PKCS7_free);

   170 	if (bags)

   171 		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);

   172 	return NULL;

   173 

   174 }

   175 

   176 EXPORT_C PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)

   177 	{

   178 	PKCS12_SAFEBAG *bag = NULL;

   179 	char *name;

   180 	int namelen = -1;

   181 	unsigned char *keyid;

   182 	int keyidlen = -1;

   183 

   184 	/* Add user certificate */

   185 	if(!(bag = PKCS12_x5092certbag(cert)))

   186 		goto err;

   187 

   188 	/* Use friendlyName and localKeyID in certificate.

   189 	 * (if present)

   190 	 */

   191 

   192 	name = (char *)X509_alias_get0(cert, &namelen);

   193 

   194 	if(name && !PKCS12_add_friendlyname(bag, name, namelen))

   195 		goto err;

   196 

   197 	keyid = X509_keyid_get0(cert, &keyidlen);

   198 

   199 	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))

   200 		goto err;

   201 

   202 	if (!pkcs12_add_bag(pbags, bag))

   203 		goto err;

   204 

   205 	return bag;

   206 

   207 	err:

   208 

   209 	if (bag)

   210 		PKCS12_SAFEBAG_free(bag);

   211 

   212 	return NULL;

   213 

   214 	}

   215 

   216 EXPORT_C PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,

   217 						int key_usage, int iter,

   218 						int nid_key, char *pass)

   219 	{

   220 

   221 	PKCS12_SAFEBAG *bag = NULL;

   222 	PKCS8_PRIV_KEY_INFO *p8 = NULL;

   223 

   224 	/* Make a PKCS#8 structure */

   225 	if(!(p8 = EVP_PKEY2PKCS8(key)))

   226 		goto err;

   227 	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))

   228 		goto err;

   229 	if (nid_key != -1)

   230 		{

   231 		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);

   232 		PKCS8_PRIV_KEY_INFO_free(p8);

   233 		}

   234 	else

   235 		bag = PKCS12_MAKE_KEYBAG(p8);

   236 

   237 	if(!bag)

   238 		goto err;

   239 

   240 	if (!pkcs12_add_bag(pbags, bag))

   241 		goto err;

   242 

   243 	return bag;

   244 

   245 	err:

   246 

   247 	if (bag)

   248 		PKCS12_SAFEBAG_free(bag);

   249 

   250 	return NULL;

   251 

   252 	}

   253 

   254 EXPORT_C int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,

   255 						int nid_safe, int iter, char *pass)

   256 	{

   257 	PKCS7 *p7 = NULL;

   258 	int free_safes = 0;

   259 

   260 	if (!*psafes)

   261 		{

   262 		*psafes = sk_PKCS7_new_null();

   263 		if (!*psafes)

   264 			return 0;

   265 		free_safes = 1;

   266 		}

   267 	else

   268 		free_safes = 0;

   269 

   270 	if (nid_safe == 0)

   271 		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;

   272 

   273 	if (nid_safe == -1)

   274 		p7 = PKCS12_pack_p7data(bags);

   275 	else

   276 		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,

   277 					  iter, bags);

   278 	if (!p7)

   279 		goto err;

   280 

   281 	if (!sk_PKCS7_push(*psafes, p7))

   282 		goto err;

   283 

   284 	return 1;

   285 

   286 	err:

   287 	if (free_safes)

   288 		{

   289 		sk_PKCS7_free(*psafes);

   290 		*psafes = NULL;

   291 		}

   292 

   293 	if (p7)

   294 		PKCS7_free(p7);

   295 

   296 	return 0;

   297 

   298 	}

   299 

   300 static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)

   301 	{

   302 	int free_bags;

   303 	if (!pbags)

   304 		return 1;

   305 	if (!*pbags)

   306 		{

   307 		*pbags = sk_PKCS12_SAFEBAG_new_null();

   308 		if (!*pbags)

   309 			return 0;

   310 		free_bags = 1;

   311 		}

   312 	else 

   313 		free_bags = 0;

   314 

   315 	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))

   316 		{

   317 		if (free_bags)

   318 			{

   319 			sk_PKCS12_SAFEBAG_free(*pbags);

   320 			*pbags = NULL;

   321 			}

   322 		return 0;

   323 		}

   324 

   325 	return 1;

   326 

   327 	}

   328 		

   329 

   330 EXPORT_C PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)

   331 	{

   332 	PKCS12 *p12;

   333 	if (nid_p7 <= 0)

   334 		nid_p7 = NID_pkcs7_data;

   335 	p12 = PKCS12_init(nid_p7);

   336 

   337 	if (!p12)

   338 		return NULL;

   339 

   340 	if(!PKCS12_pack_authsafes(p12, safes))

   341 		{

   342 		PKCS12_free(p12);

   343 		return NULL;

   344 		}

   345 

   346 	return p12;

   347 

   348 	}