2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 /* Functions that relate on PKCS12 packet parsing.
26 #include <gnutls_int.h>
29 #include <gnutls_datum.h>
30 #include <gnutls_global.h>
31 #include <gnutls_errors.h>
32 #include <gnutls_num.h>
39 /* Decodes the PKCS #12 auth_safe, and returns the allocated raw data,
40 * which holds them. Returns an ASN1_TYPE of authenticatedSafe.
43 _decode_pkcs12_auth_safe (ASN1_TYPE pkcs12
, ASN1_TYPE
* authen_safe
,
46 char oid
[MAX_OID_SIZE
];
47 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
48 gnutls_datum_t auth_safe
= { NULL
, 0 };
50 char error_str
[ASN1_MAX_ERROR_DESCRIPTION_SIZE
];
52 len
= sizeof (oid
) - 1;
53 result
= asn1_read_value (pkcs12
, "authSafe.contentType", oid
, &len
);
54 if (result
!= ASN1_SUCCESS
)
57 return _gnutls_asn2err (result
);
60 if (strcmp (oid
, DATA_OID
) != 0)
63 _gnutls_debug_log ("Unknown PKCS12 Content OID '%s'\n", oid
);
64 return GNUTLS_E_UNKNOWN_PKCS_CONTENT_TYPE
;
67 /* Step 1. Read the content data
71 _gnutls_x509_read_string (pkcs12
, "authSafe.content", &auth_safe
, ASN1_ETYPE_OCTET_STRING
);
78 /* Step 2. Extract the authenticatedSafe.
81 if ((result
= asn1_create_element
82 (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
83 &c2
)) != ASN1_SUCCESS
)
86 result
= _gnutls_asn2err (result
);
90 result
= asn1_der_decoding (&c2
, auth_safe
.data
, auth_safe
.size
, error_str
);
91 if (result
!= ASN1_SUCCESS
)
94 _gnutls_debug_log ("DER error: %s\n", error_str
);
95 result
= _gnutls_asn2err (result
);
101 _gnutls_free_datum (&auth_safe
);
105 raw
->data
= auth_safe
.data
;
106 raw
->size
= auth_safe
.size
;
112 asn1_delete_structure (&c2
);
118 asn1_delete_structure (&c2
);
119 _gnutls_free_datum (&auth_safe
);
124 * gnutls_pkcs12_init:
125 * @pkcs12: The structure to be initialized
127 * This function will initialize a PKCS12 structure. PKCS12 structures
128 * usually contain lists of X.509 Certificates and X.509 Certificate
131 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
132 * negative error value.
135 gnutls_pkcs12_init (gnutls_pkcs12_t
* pkcs12
)
137 *pkcs12
= gnutls_calloc (1, sizeof (gnutls_pkcs12_int
));
141 int result
= asn1_create_element (_gnutls_get_pkix (),
144 if (result
!= ASN1_SUCCESS
)
147 gnutls_free (*pkcs12
);
148 return _gnutls_asn2err (result
);
150 return 0; /* success */
152 return GNUTLS_E_MEMORY_ERROR
;
156 * gnutls_pkcs12_deinit:
157 * @pkcs12: The structure to be initialized
159 * This function will deinitialize a PKCS12 structure.
162 gnutls_pkcs12_deinit (gnutls_pkcs12_t pkcs12
)
168 asn1_delete_structure (&pkcs12
->pkcs12
);
170 gnutls_free (pkcs12
);
174 * gnutls_pkcs12_import:
175 * @pkcs12: The structure to store the parsed PKCS12.
176 * @data: The DER or PEM encoded PKCS12.
177 * @format: One of DER or PEM
178 * @flags: an ORed sequence of gnutls_privkey_pkcs8_flags
180 * This function will convert the given DER or PEM encoded PKCS12
181 * to the native gnutls_pkcs12_t format. The output will be stored in 'pkcs12'.
183 * If the PKCS12 is PEM encoded it should have a header of "PKCS12".
185 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
186 * negative error value.
189 gnutls_pkcs12_import (gnutls_pkcs12_t pkcs12
,
190 const gnutls_datum_t
* data
,
191 gnutls_x509_crt_fmt_t format
, unsigned int flags
)
193 int result
= 0, need_free
= 0;
194 gnutls_datum_t _data
;
195 char error_str
[ASN1_MAX_ERROR_DESCRIPTION_SIZE
];
197 _data
.data
= data
->data
;
198 _data
.size
= data
->size
;
203 return GNUTLS_E_INVALID_REQUEST
;
206 /* If the PKCS12 is in PEM format then decode it
208 if (format
== GNUTLS_X509_FMT_PEM
)
210 result
= _gnutls_fbase64_decode (PEM_PKCS12
, data
->data
, data
->size
,
223 asn1_der_decoding (&pkcs12
->pkcs12
, _data
.data
, _data
.size
, error_str
);
224 if (result
!= ASN1_SUCCESS
)
226 result
= _gnutls_asn2err (result
);
227 _gnutls_debug_log ("DER error: %s\n", error_str
);
233 _gnutls_free_datum (&_data
);
239 _gnutls_free_datum (&_data
);
245 * gnutls_pkcs12_export:
246 * @pkcs12: Holds the pkcs12 structure
247 * @format: the format of output params. One of PEM or DER.
248 * @output_data: will contain a structure PEM or DER encoded
249 * @output_data_size: holds the size of output_data (and will be
250 * replaced by the actual size of parameters)
252 * This function will export the pkcs12 structure to DER or PEM format.
254 * If the buffer provided is not long enough to hold the output, then
255 * *output_data_size will be updated and GNUTLS_E_SHORT_MEMORY_BUFFER
258 * If the structure is PEM encoded, it will have a header
261 * Returns: In case of failure a negative error code will be
262 * returned, and 0 on success.
265 gnutls_pkcs12_export (gnutls_pkcs12_t pkcs12
,
266 gnutls_x509_crt_fmt_t format
, void *output_data
,
267 size_t * output_data_size
)
272 return GNUTLS_E_INVALID_REQUEST
;
275 return _gnutls_x509_export_int (pkcs12
->pkcs12
, format
, PEM_PKCS12
,
276 output_data
, output_data_size
);
280 * gnutls_pkcs12_export2:
281 * @pkcs12: Holds the pkcs12 structure
282 * @format: the format of output params. One of PEM or DER.
283 * @out: will contain a structure PEM or DER encoded
285 * This function will export the pkcs12 structure to DER or PEM format.
287 * The output buffer is allocated using gnutls_malloc().
289 * If the structure is PEM encoded, it will have a header
292 * Returns: In case of failure a negative error code will be
293 * returned, and 0 on success.
298 gnutls_pkcs12_export2 (gnutls_pkcs12_t pkcs12
,
299 gnutls_x509_crt_fmt_t format
, gnutls_datum_t
*out
)
304 return GNUTLS_E_INVALID_REQUEST
;
307 return _gnutls_x509_export_int2 (pkcs12
->pkcs12
, format
, PEM_PKCS12
, out
);
311 oid2bag (const char *oid
)
313 if (strcmp (oid
, BAG_PKCS8_KEY
) == 0)
314 return GNUTLS_BAG_PKCS8_KEY
;
315 if (strcmp (oid
, BAG_PKCS8_ENCRYPTED_KEY
) == 0)
316 return GNUTLS_BAG_PKCS8_ENCRYPTED_KEY
;
317 if (strcmp (oid
, BAG_CERTIFICATE
) == 0)
318 return GNUTLS_BAG_CERTIFICATE
;
319 if (strcmp (oid
, BAG_CRL
) == 0)
320 return GNUTLS_BAG_CRL
;
321 if (strcmp (oid
, BAG_SECRET
) == 0)
322 return GNUTLS_BAG_SECRET
;
324 return GNUTLS_BAG_UNKNOWN
;
332 case GNUTLS_BAG_PKCS8_KEY
:
333 return BAG_PKCS8_KEY
;
334 case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY
:
335 return BAG_PKCS8_ENCRYPTED_KEY
;
336 case GNUTLS_BAG_CERTIFICATE
:
337 return BAG_CERTIFICATE
;
340 case GNUTLS_BAG_SECRET
:
346 /* Decodes the SafeContents, and puts the output in
350 _pkcs12_decode_safe_contents (const gnutls_datum_t
* content
,
351 gnutls_pkcs12_bag_t bag
)
353 char oid
[MAX_OID_SIZE
], root
[ASN1_MAX_NAME_SIZE
];
354 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
357 gnutls_datum_t attr_val
;
359 int count
= 0, i
, attributes
, j
;
361 /* Step 1. Extract the SEQUENCE.
364 if ((result
= asn1_create_element
365 (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
366 &c2
)) != ASN1_SUCCESS
)
369 result
= _gnutls_asn2err (result
);
373 result
= asn1_der_decoding (&c2
, content
->data
, content
->size
, NULL
);
374 if (result
!= ASN1_SUCCESS
)
377 result
= _gnutls_asn2err (result
);
381 /* Count the number of bags
383 result
= asn1_number_of_elements (c2
, "", &count
);
384 if (result
!= ASN1_SUCCESS
)
387 result
= _gnutls_asn2err (result
);
391 bag
->bag_elements
= MIN (MAX_BAG_ELEMENTS
, count
);
393 for (i
= 0; i
< bag
->bag_elements
; i
++)
396 snprintf (root
, sizeof (root
), "?%u.bagId", i
+ 1);
399 result
= asn1_read_value (c2
, root
, oid
, &len
);
400 if (result
!= ASN1_SUCCESS
)
403 result
= _gnutls_asn2err (result
);
409 bag_type
= oid2bag (oid
);
417 /* Read the Bag Value
420 snprintf (root
, sizeof (root
), "?%u.bagValue", i
+ 1);
422 result
= _gnutls_x509_read_value (c2
, root
, &bag
->element
[i
].data
);
429 if (bag_type
== GNUTLS_BAG_CERTIFICATE
|| bag_type
== GNUTLS_BAG_CRL
430 || bag_type
== GNUTLS_BAG_SECRET
)
432 gnutls_datum_t tmp
= bag
->element
[i
].data
;
435 _pkcs12_decode_crt_bag (bag_type
, &tmp
, &bag
->element
[i
].data
);
442 _gnutls_free_datum (&tmp
);
445 /* read the bag attributes
447 snprintf (root
, sizeof (root
), "?%u.bagAttributes", i
+ 1);
449 result
= asn1_number_of_elements (c2
, root
, &attributes
);
450 if (result
!= ASN1_SUCCESS
&& result
!= ASN1_ELEMENT_NOT_FOUND
)
453 result
= _gnutls_asn2err (result
);
460 if (result
!= ASN1_ELEMENT_NOT_FOUND
)
461 for (j
= 0; j
< attributes
; j
++)
464 snprintf (root
, sizeof (root
), "?%u.bagAttributes.?%u", i
+ 1,
468 _gnutls_x509_decode_and_read_attribute (c2
, root
, oid
,
469 sizeof (oid
), &attr_val
,
475 continue; /* continue in case we find some known attributes */
478 if (strcmp (oid
, KEY_ID_OID
) == 0)
481 _gnutls_x509_decode_string (ASN1_ETYPE_OCTET_STRING
, attr_val
.data
,
483 _gnutls_free_datum (&attr_val
);
488 ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid
);
492 attr_val
.data
= t
.data
;
493 attr_val
.size
= t
.size
;
495 bag
->element
[i
].local_key_id
= attr_val
;
497 else if (strcmp (oid
, FRIENDLY_NAME_OID
) == 0)
500 _gnutls_x509_decode_string (ASN1_ETYPE_BMP_STRING
,
501 attr_val
.data
, attr_val
.size
, &t
);
502 _gnutls_free_datum (&attr_val
);
507 ("Error decoding PKCS12 Bag Attribute OID '%s'\n", oid
);
511 attr_val
.data
= t
.data
;
512 attr_val
.size
= t
.size
;
514 bag
->element
[i
].friendly_name
= (char*)t
.data
;
518 _gnutls_free_datum (&attr_val
);
520 ("Unknown PKCS12 Bag Attribute OID '%s'\n", oid
);
525 bag
->element
[i
].type
= bag_type
;
529 asn1_delete_structure (&c2
);
536 asn1_delete_structure (&c2
);
543 _parse_safe_contents (ASN1_TYPE sc
, const char *sc_name
,
544 gnutls_pkcs12_bag_t bag
)
546 gnutls_datum_t content
= { NULL
, 0 };
549 /* Step 1. Extract the content.
552 result
= _gnutls_x509_read_string (sc
, sc_name
, &content
, ASN1_ETYPE_OCTET_STRING
);
559 result
= _pkcs12_decode_safe_contents (&content
, bag
);
566 _gnutls_free_datum (&content
);
571 _gnutls_free_datum (&content
);
577 * gnutls_pkcs12_get_bag:
578 * @pkcs12: should contain a gnutls_pkcs12_t structure
579 * @indx: contains the index of the bag to extract
580 * @bag: An initialized bag, where the contents of the bag will be copied
582 * This function will return a Bag from the PKCS12 structure.
584 * After the last Bag has been read
585 * %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE will be returned.
587 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
588 * negative error value.
591 gnutls_pkcs12_get_bag (gnutls_pkcs12_t pkcs12
,
592 int indx
, gnutls_pkcs12_bag_t bag
)
594 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
596 char root2
[ASN1_MAX_NAME_SIZE
];
597 char oid
[MAX_OID_SIZE
];
602 return GNUTLS_E_INVALID_REQUEST
;
605 /* Step 1. decode the data.
607 result
= _decode_pkcs12_auth_safe (pkcs12
->pkcs12
, &c2
, NULL
);
614 /* Step 2. Parse the AuthenticatedSafe
617 snprintf (root2
, sizeof (root2
), "?%u.contentType", indx
+ 1);
619 len
= sizeof (oid
) - 1;
620 result
= asn1_read_value (c2
, root2
, oid
, &len
);
622 if (result
== ASN1_ELEMENT_NOT_FOUND
)
624 result
= GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
;
628 if (result
!= ASN1_SUCCESS
)
631 result
= _gnutls_asn2err (result
);
638 snprintf (root2
, sizeof (root2
), "?%u.content", indx
+ 1);
640 if (strcmp (oid
, DATA_OID
) == 0)
642 result
= _parse_safe_contents (c2
, root2
, bag
);
646 /* ENC_DATA_OID needs decryption */
648 bag
->element
[0].type
= GNUTLS_BAG_ENCRYPTED
;
649 bag
->bag_elements
= 1;
651 result
= _gnutls_x509_read_value (c2
, root2
, &bag
->element
[0].data
);
662 asn1_delete_structure (&c2
);
666 /* Creates an empty PFX structure for the PKCS12 structure.
669 create_empty_pfx (ASN1_TYPE pkcs12
)
673 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
677 result
= asn1_write_value (pkcs12
, "version", &three
, 1);
678 if (result
!= ASN1_SUCCESS
)
681 result
= _gnutls_asn2err (result
);
685 /* Write the content type of the data
687 result
= asn1_write_value (pkcs12
, "authSafe.contentType", DATA_OID
, 1);
688 if (result
!= ASN1_SUCCESS
)
691 result
= _gnutls_asn2err (result
);
695 /* Check if the authenticatedSafe content is empty, and encode a
696 * null one in that case.
699 if ((result
= asn1_create_element
700 (_gnutls_get_pkix (), "PKIX1.pkcs-12-AuthenticatedSafe",
701 &c2
)) != ASN1_SUCCESS
)
704 result
= _gnutls_asn2err (result
);
709 _gnutls_x509_der_encode_and_copy (c2
, "", pkcs12
, "authSafe.content", 1);
715 asn1_delete_structure (&c2
);
720 asn1_delete_structure (&c2
);
726 * gnutls_pkcs12_set_bag:
727 * @pkcs12: should contain a gnutls_pkcs12_t structure
728 * @bag: An initialized bag
730 * This function will insert a Bag into the PKCS12 structure.
732 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
733 * negative error value.
736 gnutls_pkcs12_set_bag (gnutls_pkcs12_t pkcs12
, gnutls_pkcs12_bag_t bag
)
738 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
739 ASN1_TYPE safe_cont
= ASN1_TYPE_EMPTY
;
741 int enc
= 0, dum
= 1;
747 return GNUTLS_E_INVALID_REQUEST
;
750 /* Step 1. Check if the pkcs12 structure is empty. In that
751 * case generate an empty PFX.
753 result
= asn1_read_value (pkcs12
->pkcs12
, "authSafe.content", &null
, &dum
);
754 if (result
== ASN1_VALUE_NOT_FOUND
)
756 result
= create_empty_pfx (pkcs12
->pkcs12
);
764 /* Step 2. decode the authenticatedSafe.
766 result
= _decode_pkcs12_auth_safe (pkcs12
->pkcs12
, &c2
, NULL
);
773 /* Step 3. Encode the bag elements into a SafeContents
776 result
= _pkcs12_encode_safe_contents (bag
, &safe_cont
, &enc
);
783 /* Step 4. Insert the encoded SafeContents into the AuthenticatedSafe
786 result
= asn1_write_value (c2
, "", "NEW", 1);
787 if (result
!= ASN1_SUCCESS
)
790 result
= _gnutls_asn2err (result
);
795 result
= asn1_write_value (c2
, "?LAST.contentType", ENC_DATA_OID
, 1);
797 result
= asn1_write_value (c2
, "?LAST.contentType", DATA_OID
, 1);
798 if (result
!= ASN1_SUCCESS
)
801 result
= _gnutls_asn2err (result
);
807 /* Encrypted packets are written directly.
810 asn1_write_value (c2
, "?LAST.content",
811 bag
->element
[0].data
.data
,
812 bag
->element
[0].data
.size
);
813 if (result
!= ASN1_SUCCESS
)
816 result
= _gnutls_asn2err (result
);
823 _gnutls_x509_der_encode_and_copy (safe_cont
, "", c2
,
832 asn1_delete_structure (&safe_cont
);
835 /* Step 5. Reencode and copy the AuthenticatedSafe into the pkcs12
839 _gnutls_x509_der_encode_and_copy (c2
, "", pkcs12
->pkcs12
,
840 "authSafe.content", 1);
847 asn1_delete_structure (&c2
);
852 asn1_delete_structure (&c2
);
853 asn1_delete_structure (&safe_cont
);
858 * gnutls_pkcs12_generate_mac:
859 * @pkcs12: should contain a gnutls_pkcs12_t structure
860 * @pass: The password for the MAC
862 * This function will generate a MAC for the PKCS12 structure.
864 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
865 * negative error value.
868 gnutls_pkcs12_generate_mac (gnutls_pkcs12_t pkcs12
, const char *pass
)
870 uint8_t salt
[8], key
[20];
874 gnutls_datum_t tmp
= { NULL
, 0 };
880 return GNUTLS_E_INVALID_REQUEST
;
883 /* Generate the salt.
885 result
= _gnutls_rnd (GNUTLS_RND_NONCE
, salt
, sizeof (salt
));
892 /* Write the salt into the structure.
895 asn1_write_value (pkcs12
->pkcs12
, "macData.macSalt", salt
, sizeof (salt
));
896 if (result
!= ASN1_SUCCESS
)
899 result
= _gnutls_asn2err (result
);
903 /* write the iterations
909 _gnutls_x509_write_uint32 (pkcs12
->pkcs12
, "macData.iterations",
920 result
= _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt
, sizeof (salt
),
921 iter
, pass
, sizeof (key
), key
);
928 /* Get the data to be MACed
930 result
= _decode_pkcs12_auth_safe (pkcs12
->pkcs12
, NULL
, &tmp
);
939 result
= _gnutls_hmac_init (&td1
, GNUTLS_MAC_SHA1
, key
, sizeof (key
));
946 _gnutls_hmac (&td1
, tmp
.data
, tmp
.size
);
947 _gnutls_free_datum (&tmp
);
949 _gnutls_hmac_deinit (&td1
, sha_mac
);
953 asn1_write_value (pkcs12
->pkcs12
, "macData.mac.digest", sha_mac
,
955 if (result
!= ASN1_SUCCESS
)
958 result
= _gnutls_asn2err (result
);
963 asn1_write_value (pkcs12
->pkcs12
,
964 "macData.mac.digestAlgorithm.parameters", NULL
, 0);
965 if (result
!= ASN1_SUCCESS
)
968 result
= _gnutls_asn2err (result
);
973 asn1_write_value (pkcs12
->pkcs12
,
974 "macData.mac.digestAlgorithm.algorithm", HASH_OID_SHA1
,
976 if (result
!= ASN1_SUCCESS
)
979 result
= _gnutls_asn2err (result
);
986 _gnutls_free_datum (&tmp
);
991 * gnutls_pkcs12_verify_mac:
992 * @pkcs12: should contain a gnutls_pkcs12_t structure
993 * @pass: The password for the MAC
995 * This function will verify the MAC for the PKCS12 structure.
997 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
998 * negative error value.
1001 gnutls_pkcs12_verify_mac (gnutls_pkcs12_t pkcs12
, const char *pass
)
1008 gnutls_datum_t tmp
= { NULL
, 0 }, salt
=
1011 uint8_t sha_mac
[20];
1012 uint8_t sha_mac_orig
[20];
1017 return GNUTLS_E_INVALID_REQUEST
;
1020 /* read the iterations
1024 _gnutls_x509_read_uint (pkcs12
->pkcs12
, "macData.iterations", &iter
);
1027 iter
= 1; /* the default */
1031 /* Read the salt from the structure.
1034 _gnutls_x509_read_value (pkcs12
->pkcs12
, "macData.macSalt", &salt
);
1035 if (result
!= ASN1_SUCCESS
)
1038 result
= _gnutls_asn2err (result
);
1042 /* Generate the key.
1044 result
= _gnutls_pkcs12_string_to_key (3 /*MAC*/, salt
.data
, salt
.size
,
1045 iter
, pass
, sizeof (key
), key
);
1052 _gnutls_free_datum (&salt
);
1054 /* Get the data to be MACed
1056 result
= _decode_pkcs12_auth_safe (pkcs12
->pkcs12
, NULL
, &tmp
);
1065 result
= _gnutls_hmac_init (&td1
, GNUTLS_MAC_SHA1
, key
, sizeof (key
));
1072 _gnutls_hmac (&td1
, tmp
.data
, tmp
.size
);
1073 _gnutls_free_datum (&tmp
);
1075 _gnutls_hmac_deinit (&td1
, sha_mac
);
1077 len
= sizeof (sha_mac_orig
);
1079 asn1_read_value (pkcs12
->pkcs12
, "macData.mac.digest", sha_mac_orig
,
1081 if (result
!= ASN1_SUCCESS
)
1084 result
= _gnutls_asn2err (result
);
1088 if (memcmp (sha_mac_orig
, sha_mac
, sizeof (sha_mac
)) != 0)
1091 return GNUTLS_E_MAC_VERIFY_FAILED
;
1097 _gnutls_free_datum (&tmp
);
1098 _gnutls_free_datum (&salt
);
1104 write_attributes (gnutls_pkcs12_bag_t bag
, int elem
,
1105 ASN1_TYPE c2
, const char *where
)
1110 /* If the bag attributes are empty, then write
1111 * nothing to the attribute field.
1113 if (bag
->element
[elem
].friendly_name
== NULL
&&
1114 bag
->element
[elem
].local_key_id
.data
== NULL
)
1118 result
= asn1_write_value (c2
, where
, NULL
, 0);
1119 if (result
!= ASN1_SUCCESS
)
1122 return _gnutls_asn2err (result
);
1128 if (bag
->element
[elem
].local_key_id
.data
!= NULL
)
1131 /* Add a new Attribute
1133 result
= asn1_write_value (c2
, where
, "NEW", 1);
1134 if (result
!= ASN1_SUCCESS
)
1137 return _gnutls_asn2err (result
);
1140 _gnutls_str_cpy (root
, sizeof (root
), where
);
1141 _gnutls_str_cat (root
, sizeof (root
), ".?LAST");
1144 _gnutls_x509_encode_and_write_attribute (KEY_ID_OID
, c2
, root
,
1146 element
[elem
].local_key_id
.
1149 element
[elem
].local_key_id
.
1158 if (bag
->element
[elem
].friendly_name
!= NULL
)
1164 /* Add a new Attribute
1166 result
= asn1_write_value (c2
, where
, "NEW", 1);
1167 if (result
!= ASN1_SUCCESS
)
1170 return _gnutls_asn2err (result
);
1173 /* convert name to BMPString
1175 size
= strlen (bag
->element
[elem
].friendly_name
) * 2;
1176 name
= gnutls_malloc (size
);
1181 return GNUTLS_E_MEMORY_ERROR
;
1184 p
= bag
->element
[elem
].friendly_name
;
1185 for (i
= 0; i
< size
; i
+= 2)
1192 _gnutls_str_cpy (root
, sizeof (root
), where
);
1193 _gnutls_str_cat (root
, sizeof (root
), ".?LAST");
1196 _gnutls_x509_encode_and_write_attribute (FRIENDLY_NAME_OID
, c2
,
1197 root
, name
, size
, 1);
1212 /* Encodes the bag into a SafeContents structure, and puts the output in
1213 * the given datum. Enc is set to non-zero if the data are encrypted;
1216 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag
, ASN1_TYPE
* contents
,
1219 ASN1_TYPE c2
= ASN1_TYPE_EMPTY
;
1224 if (bag
->element
[0].type
== GNUTLS_BAG_ENCRYPTED
&& enc
)
1227 return 0; /* ENCRYPTED BAG, do nothing. */
1232 /* Step 1. Create the SEQUENCE.
1235 if ((result
= asn1_create_element
1236 (_gnutls_get_pkix (), "PKIX1.pkcs-12-SafeContents",
1237 &c2
)) != ASN1_SUCCESS
)
1240 result
= _gnutls_asn2err (result
);
1244 for (i
= 0; i
< bag
->bag_elements
; i
++)
1247 oid
= bag_to_oid (bag
->element
[i
].type
);
1254 result
= asn1_write_value (c2
, "", "NEW", 1);
1255 if (result
!= ASN1_SUCCESS
)
1258 result
= _gnutls_asn2err (result
);
1262 /* Copy the bag type.
1264 result
= asn1_write_value (c2
, "?LAST.bagId", oid
, 1);
1265 if (result
!= ASN1_SUCCESS
)
1268 result
= _gnutls_asn2err (result
);
1272 /* Set empty attributes
1274 result
= write_attributes (bag
, i
, c2
, "?LAST.bagAttributes");
1282 /* Copy the Bag Value
1285 if (bag
->element
[i
].type
== GNUTLS_BAG_CERTIFICATE
||
1286 bag
->element
[i
].type
== GNUTLS_BAG_SECRET
||
1287 bag
->element
[i
].type
== GNUTLS_BAG_CRL
)
1291 /* in that case encode it to a CertBag or
1296 _pkcs12_encode_crt_bag (bag
->element
[i
].type
,
1297 &bag
->element
[i
].data
, &tmp
);
1305 result
= _gnutls_x509_write_value (c2
, "?LAST.bagValue", &tmp
);
1307 _gnutls_free_datum (&tmp
);
1313 result
= _gnutls_x509_write_value (c2
, "?LAST.bagValue",
1314 &bag
->element
[i
].data
);
1325 /* Encode the data and copy them into the datum
1333 asn1_delete_structure (&c2
);
1338 /* Checks if the extra_certs contain certificates that may form a chain
1339 * with the first certificate in chain (it is expected that chain_len==1)
1340 * and appends those in the chain.
1342 static int make_chain(gnutls_x509_crt_t
**chain
, unsigned int *chain_len
,
1343 gnutls_x509_crt_t
**extra_certs
, unsigned int *extra_certs_len
,
1348 if (*chain_len
!= 1)
1349 return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST
);
1352 while(i
<*extra_certs_len
)
1354 /* if it is an issuer but not a self-signed one */
1355 if (gnutls_x509_crt_check_issuer((*chain
)[*chain_len
- 1], (*extra_certs
)[i
]) != 0)
1357 if (!(flags
& GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED
) &&
1358 gnutls_x509_crt_check_issuer((*extra_certs
)[i
], (*extra_certs
)[i
]) != 0)
1361 *chain
= gnutls_realloc (*chain
, sizeof((*chain
)[0]) *
1366 return GNUTLS_E_MEMORY_ERROR
;
1368 (*chain
)[*chain_len
- 1] = (*extra_certs
)[i
];
1370 (*extra_certs
)[i
] = (*extra_certs
)[*extra_certs_len
-1];
1371 (*extra_certs_len
)--;
1384 * gnutls_pkcs12_simple_parse:
1385 * @p12: the PKCS#12 blob.
1386 * @password: optional password used to decrypt PKCS#12 blob, bags and keys.
1387 * @key: a structure to store the parsed private key.
1388 * @chain: the corresponding to key certificate chain (may be %NULL)
1389 * @chain_len: will be updated with the number of additional (may be %NULL)
1390 * @extra_certs: optional pointer to receive an array of additional
1391 * certificates found in the PKCS#12 blob (may be %NULL).
1392 * @extra_certs_len: will be updated with the number of additional
1393 * certs (may be %NULL).
1394 * @crl: an optional structure to store the parsed CRL (may be %NULL).
1395 * @flags: should be zero or one of GNUTLS_PKCS12_SP_*
1397 * This function parses a PKCS#12 blob in @p12blob and extracts the
1398 * private key, the corresponding certificate chain, and any additional
1399 * certificates and a CRL.
1401 * The @extra_certs_ret and @extra_certs_ret_len parameters are optional
1402 * and both may be set to %NULL. If either is non-%NULL, then both must
1405 * Encrypted PKCS#12 bags and PKCS#8 private keys are supported. However,
1406 * only password based security, and the same password for all
1407 * operations, are supported.
1409 * PKCS#12 file may contain many keys and/or certificates, and there
1410 * is no way to identify which key/certificate pair you want. You
1411 * should make sure the PKCS#12 file only contain one key/certificate
1412 * pair and/or one CRL.
1414 * It is believed that the limitations of this function is acceptable
1415 * for most usage, and that any more flexibility would introduce
1416 * complexity that would make it harder to use this functionality at
1419 * If the provided structure has encrypted fields but no password
1420 * is provided then this function returns %GNUTLS_E_DECRYPTION_FAILED.
1422 * Note that normally the chain constructed does not include self signed
1423 * certificates, to comply with TLS' requirements. If, however, the flag
1424 * %GNUTLS_PKCS12_SP_INCLUDE_SELF_SIGNED is specified then
1425 * self signed certificates will be included in the chain.
1427 * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise a
1428 * negative error value.
1433 gnutls_pkcs12_simple_parse (gnutls_pkcs12_t p12
,
1434 const char *password
,
1435 gnutls_x509_privkey_t
* key
,
1436 gnutls_x509_crt_t
** chain
,
1437 unsigned int * chain_len
,
1438 gnutls_x509_crt_t
** extra_certs
,
1439 unsigned int * extra_certs_len
,
1440 gnutls_x509_crl_t
* crl
,
1443 gnutls_pkcs12_bag_t bag
= NULL
;
1444 gnutls_x509_crt_t
*_extra_certs
= NULL
;
1445 unsigned int _extra_certs_len
= 0;
1446 gnutls_x509_crt_t
*_chain
= NULL
;
1447 unsigned int _chain_len
= 0;
1450 size_t cert_id_size
= 0;
1451 size_t key_id_size
= 0;
1452 uint8_t cert_id
[20];
1462 /* find the first private key */
1465 int elements_in_bag
;
1468 ret
= gnutls_pkcs12_bag_init (&bag
);
1476 ret
= gnutls_pkcs12_get_bag (p12
, idx
, bag
);
1477 if (ret
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
1485 ret
= gnutls_pkcs12_bag_get_type (bag
, 0);
1492 if (ret
== GNUTLS_BAG_ENCRYPTED
)
1494 if (password
== NULL
)
1496 ret
= gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED
);
1500 ret
= gnutls_pkcs12_bag_decrypt (bag
, password
);
1508 elements_in_bag
= gnutls_pkcs12_bag_get_count (bag
);
1509 if (elements_in_bag
< 0)
1515 for (i
= 0; i
< elements_in_bag
; i
++)
1518 gnutls_datum_t data
;
1520 type
= gnutls_pkcs12_bag_get_type (bag
, i
);
1527 ret
= gnutls_pkcs12_bag_get_data (bag
, i
, &data
);
1536 case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY
:
1537 if (password
== NULL
)
1539 ret
= gnutls_assert_val(GNUTLS_E_DECRYPTION_FAILED
);
1543 case GNUTLS_BAG_PKCS8_KEY
:
1544 if (*key
!= NULL
) /* too simple to continue */
1550 ret
= gnutls_x509_privkey_init (key
);
1557 ret
= gnutls_x509_privkey_import_pkcs8
1558 (*key
, &data
, GNUTLS_X509_FMT_DER
, password
,
1559 type
== GNUTLS_BAG_PKCS8_KEY
? GNUTLS_PKCS_PLAIN
: 0);
1563 gnutls_x509_privkey_deinit (*key
);
1567 key_id_size
= sizeof (key_id
);
1569 gnutls_x509_privkey_get_key_id (*key
, 0, key_id
,
1574 gnutls_x509_privkey_deinit (*key
);
1578 privkey_ok
= 1; /* break */
1586 gnutls_pkcs12_bag_deinit (bag
);
1588 if (privkey_ok
!= 0) /* private key was found */
1592 if (privkey_ok
== 0) /* no private key */
1595 return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
;
1598 /* now find the corresponding certificate
1604 int elements_in_bag
;
1607 ret
= gnutls_pkcs12_bag_init (&bag
);
1615 ret
= gnutls_pkcs12_get_bag (p12
, idx
, bag
);
1616 if (ret
== GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
)
1624 ret
= gnutls_pkcs12_bag_get_type (bag
, 0);
1631 if (ret
== GNUTLS_BAG_ENCRYPTED
)
1633 ret
= gnutls_pkcs12_bag_decrypt (bag
, password
);
1641 elements_in_bag
= gnutls_pkcs12_bag_get_count (bag
);
1642 if (elements_in_bag
< 0)
1648 for (i
= 0; i
< elements_in_bag
; i
++)
1651 gnutls_datum_t data
;
1652 gnutls_x509_crt_t this_cert
;
1654 type
= gnutls_pkcs12_bag_get_type (bag
, i
);
1661 ret
= gnutls_pkcs12_bag_get_data (bag
, i
, &data
);
1670 case GNUTLS_BAG_CERTIFICATE
:
1671 ret
= gnutls_x509_crt_init (&this_cert
);
1679 gnutls_x509_crt_import (this_cert
, &data
, GNUTLS_X509_FMT_DER
);
1683 gnutls_x509_crt_deinit (this_cert
);
1687 /* check if the key id match */
1688 cert_id_size
= sizeof (cert_id
);
1690 gnutls_x509_crt_get_key_id (this_cert
, 0, cert_id
, &cert_id_size
);
1694 gnutls_x509_crt_deinit (this_cert
);
1698 if (memcmp (cert_id
, key_id
, cert_id_size
) != 0)
1699 { /* they don't match - skip the certificate */
1702 _extra_certs
= gnutls_realloc (_extra_certs
,
1703 sizeof(_extra_certs
[0]) *
1704 ++_extra_certs_len
);
1708 ret
= GNUTLS_E_MEMORY_ERROR
;
1711 _extra_certs
[_extra_certs_len
- 1] = this_cert
;
1716 gnutls_x509_crt_deinit (this_cert
);
1721 if (chain
&& _chain_len
== 0)
1723 _chain
= gnutls_malloc (sizeof(_chain
[0]) * (++_chain_len
));
1727 ret
= GNUTLS_E_MEMORY_ERROR
;
1730 _chain
[_chain_len
- 1] = this_cert
;
1735 gnutls_x509_crt_deinit (this_cert
);
1740 case GNUTLS_BAG_CRL
:
1741 if (crl
== NULL
|| *crl
!= NULL
)
1747 ret
= gnutls_x509_crl_init (crl
);
1754 ret
= gnutls_x509_crl_import (*crl
, &data
, GNUTLS_X509_FMT_DER
);
1758 gnutls_x509_crl_deinit (*crl
);
1763 case GNUTLS_BAG_ENCRYPTED
:
1764 /* XXX Bother to recurse one level down? Unlikely to
1765 use the same password anyway. */
1766 case GNUTLS_BAG_EMPTY
:
1773 gnutls_pkcs12_bag_deinit (bag
);
1778 if (_chain_len
!= 1)
1780 ret
= GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE
;
1784 ret
= make_chain(&_chain
, &_chain_len
, &_extra_certs
, &_extra_certs_len
, flags
);
1796 gnutls_pkcs12_bag_deinit (bag
);
1801 gnutls_x509_privkey_deinit(*key
);
1802 if (_extra_certs_len
&& _extra_certs
!= NULL
)
1804 for (i
= 0; i
< _extra_certs_len
; i
++)
1805 gnutls_x509_crt_deinit(_extra_certs
[i
]);
1806 gnutls_free(_extra_certs
);
1808 if (_chain_len
&& _chain
!= NULL
)
1810 for (i
= 0; i
< _chain_len
; i
++)
1811 gnutls_x509_crt_deinit(_chain
[i
]);
1812 gnutls_free(_chain
);
1818 if (extra_certs
&& _extra_certs_len
> 0)
1820 *extra_certs
= _extra_certs
;
1821 *extra_certs_len
= _extra_certs_len
;
1827 *extra_certs
= NULL
;
1828 *extra_certs_len
= 0;
1830 for (i
= 0; i
< _extra_certs_len
; i
++)
1831 gnutls_x509_crt_deinit(_extra_certs
[i
]);
1832 gnutls_free(_extra_certs
);
1838 *chain_len
= _chain_len
;