p12_crt.c revision 55714
155714Skris/* p12_crt.c */ 255714Skris/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 355714Skris * project 1999. 455714Skris */ 555714Skris/* ==================================================================== 655714Skris * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 755714Skris * 855714Skris * Redistribution and use in source and binary forms, with or without 955714Skris * modification, are permitted provided that the following conditions 1055714Skris * are met: 1155714Skris * 1255714Skris * 1. Redistributions of source code must retain the above copyright 1355714Skris * notice, this list of conditions and the following disclaimer. 1455714Skris * 1555714Skris * 2. Redistributions in binary form must reproduce the above copyright 1655714Skris * notice, this list of conditions and the following disclaimer in 1755714Skris * the documentation and/or other materials provided with the 1855714Skris * distribution. 1955714Skris * 2055714Skris * 3. All advertising materials mentioning features or use of this 2155714Skris * software must display the following acknowledgment: 2255714Skris * "This product includes software developed by the OpenSSL Project 2355714Skris * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2455714Skris * 2555714Skris * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 2655714Skris * endorse or promote products derived from this software without 2755714Skris * prior written permission. For written permission, please contact 2855714Skris * licensing@OpenSSL.org. 2955714Skris * 3055714Skris * 5. Products derived from this software may not be called "OpenSSL" 3155714Skris * nor may "OpenSSL" appear in their names without prior written 3255714Skris * permission of the OpenSSL Project. 3355714Skris * 3455714Skris * 6. Redistributions of any form whatsoever must retain the following 3555714Skris * acknowledgment: 3655714Skris * "This product includes software developed by the OpenSSL Project 3755714Skris * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3855714Skris * 3955714Skris * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4055714Skris * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4155714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4255714Skris * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4355714Skris * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4455714Skris * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4555714Skris * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4655714Skris * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4755714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4855714Skris * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 4955714Skris * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5055714Skris * OF THE POSSIBILITY OF SUCH DAMAGE. 5155714Skris * ==================================================================== 5255714Skris * 5355714Skris * This product includes cryptographic software written by Eric Young 5455714Skris * (eay@cryptsoft.com). This product includes software written by Tim 5555714Skris * Hudson (tjh@cryptsoft.com). 5655714Skris * 5755714Skris */ 5855714Skris 5955714Skris#include <stdio.h> 6055714Skris#include "cryptlib.h" 6155714Skris#include <openssl/pkcs12.h> 6255714Skris 6355714SkrisPKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 6455714Skris STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, 6555714Skris int keytype) 6655714Skris{ 6755714Skris PKCS12 *p12; 6855714Skris STACK *bags, *safes; 6955714Skris PKCS12_SAFEBAG *bag; 7055714Skris PKCS8_PRIV_KEY_INFO *p8; 7155714Skris PKCS7 *authsafe; 7255714Skris X509 *tcert; 7355714Skris int i; 7455714Skris unsigned char keyid[EVP_MAX_MD_SIZE]; 7555714Skris unsigned int keyidlen; 7655714Skris 7755714Skris /* Set defaults */ 7855714Skris if(!nid_cert) nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC; 7955714Skris if(!nid_key) nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC; 8055714Skris if(!iter) iter = PKCS12_DEFAULT_ITER; 8155714Skris if(!mac_iter) mac_iter = 1; 8255714Skris 8355714Skris if(!pkey || !cert) { 8455714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT); 8555714Skris return NULL; 8655714Skris } 8755714Skris 8855714Skris if(!(bags = sk_new (NULL))) { 8955714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 9055714Skris return NULL; 9155714Skris } 9255714Skris 9355714Skris /* Add user certificate */ 9455714Skris if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL; 9555714Skris if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; 9655714Skris X509_digest(cert, EVP_sha1(), keyid, &keyidlen); 9755714Skris if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; 9855714Skris 9955714Skris if(!sk_push(bags, (char *)bag)) { 10055714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 10155714Skris return NULL; 10255714Skris } 10355714Skris 10455714Skris /* Add all other certificates */ 10555714Skris if(ca) { 10655714Skris for(i = 0; i < sk_num(ca); i++) { 10755714Skris tcert = (X509 *)sk_value(ca, i); 10855714Skris if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; 10955714Skris if(!sk_push(bags, (char *)bag)) { 11055714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 11155714Skris return NULL; 11255714Skris } 11355714Skris } 11455714Skris } 11555714Skris 11655714Skris /* Turn certbags into encrypted authsafe */ 11755714Skris authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, 11855714Skris iter, bags); 11955714Skris sk_pop_free(bags, PKCS12_SAFEBAG_free); 12055714Skris 12155714Skris if (!authsafe) return NULL; 12255714Skris 12355714Skris if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) { 12455714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 12555714Skris return NULL; 12655714Skris } 12755714Skris 12855714Skris /* Make a shrouded key bag */ 12955714Skris if(!(p8 = EVP_PKEY2PKCS8 (pkey))) return NULL; 13055714Skris if(keytype && !PKCS8_add_keyusage(p8, keytype)) return NULL; 13155714Skris bag = PKCS12_MAKE_SHKEYBAG (nid_key, pass, -1, NULL, 0, iter, p8); 13255714Skris if(!bag) return NULL; 13355714Skris PKCS8_PRIV_KEY_INFO_free(p8); 13455714Skris if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; 13555714Skris if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; 13655714Skris if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { 13755714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 13855714Skris return NULL; 13955714Skris } 14055714Skris /* Turn it into unencrypted safe bag */ 14155714Skris if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; 14255714Skris sk_pop_free(bags, PKCS12_SAFEBAG_free); 14355714Skris if(!sk_push(safes, (char *)authsafe)) { 14455714Skris PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); 14555714Skris return NULL; 14655714Skris } 14755714Skris 14855714Skris if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; 14955714Skris 15055714Skris if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL; 15155714Skris 15255714Skris sk_pop_free(safes, PKCS7_free); 15355714Skris 15455714Skris if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) 15555714Skris return NULL; 15655714Skris 15755714Skris return p12; 15855714Skris 15955714Skris} 160