1e1051a39Sopenharmony_ci/* 2e1051a39Sopenharmony_ci * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved. 3e1051a39Sopenharmony_ci * 4e1051a39Sopenharmony_ci * Licensed under the Apache License 2.0 (the "License"). You may not use 5e1051a39Sopenharmony_ci * this file except in compliance with the License. You can obtain a copy 6e1051a39Sopenharmony_ci * in the file LICENSE in the source distribution or at 7e1051a39Sopenharmony_ci * https://www.openssl.org/source/license.html 8e1051a39Sopenharmony_ci */ 9e1051a39Sopenharmony_ci 10e1051a39Sopenharmony_ci#include <stdio.h> 11e1051a39Sopenharmony_ci#include "internal/cryptlib.h" 12e1051a39Sopenharmony_ci#include <openssl/core.h> 13e1051a39Sopenharmony_ci#include <openssl/pkcs12.h> 14e1051a39Sopenharmony_ci#include "crypto/x509.h" 15e1051a39Sopenharmony_ci 16e1051a39Sopenharmony_ciX509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, 17e1051a39Sopenharmony_ci const char *pass, int passlen, 18e1051a39Sopenharmony_ci unsigned char *salt, int saltlen, int iter, 19e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8inf, 20e1051a39Sopenharmony_ci OSSL_LIB_CTX *libctx, const char *propq) 21e1051a39Sopenharmony_ci{ 22e1051a39Sopenharmony_ci X509_SIG *p8 = NULL; 23e1051a39Sopenharmony_ci X509_ALGOR *pbe; 24e1051a39Sopenharmony_ci 25e1051a39Sopenharmony_ci if (pbe_nid == -1) { 26e1051a39Sopenharmony_ci if (cipher == NULL) { 27e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); 28e1051a39Sopenharmony_ci return NULL; 29e1051a39Sopenharmony_ci } 30e1051a39Sopenharmony_ci pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, 31e1051a39Sopenharmony_ci libctx); 32e1051a39Sopenharmony_ci } else { 33e1051a39Sopenharmony_ci ERR_set_mark(); 34e1051a39Sopenharmony_ci if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0)) { 35e1051a39Sopenharmony_ci ERR_clear_last_mark(); 36e1051a39Sopenharmony_ci if (cipher == NULL) { 37e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_NULL_PARAMETER); 38e1051a39Sopenharmony_ci return NULL; 39e1051a39Sopenharmony_ci } 40e1051a39Sopenharmony_ci pbe = PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, 41e1051a39Sopenharmony_ci pbe_nid, libctx); 42e1051a39Sopenharmony_ci } else { 43e1051a39Sopenharmony_ci ERR_pop_to_mark(); 44e1051a39Sopenharmony_ci pbe = PKCS5_pbe_set_ex(pbe_nid, iter, salt, saltlen, libctx); 45e1051a39Sopenharmony_ci } 46e1051a39Sopenharmony_ci } 47e1051a39Sopenharmony_ci if (pbe == NULL) { 48e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB); 49e1051a39Sopenharmony_ci return NULL; 50e1051a39Sopenharmony_ci } 51e1051a39Sopenharmony_ci p8 = PKCS8_set0_pbe_ex(pass, passlen, p8inf, pbe, libctx, propq); 52e1051a39Sopenharmony_ci if (p8 == NULL) { 53e1051a39Sopenharmony_ci X509_ALGOR_free(pbe); 54e1051a39Sopenharmony_ci return NULL; 55e1051a39Sopenharmony_ci } 56e1051a39Sopenharmony_ci 57e1051a39Sopenharmony_ci return p8; 58e1051a39Sopenharmony_ci} 59e1051a39Sopenharmony_ci 60e1051a39Sopenharmony_ciX509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 61e1051a39Sopenharmony_ci const char *pass, int passlen, 62e1051a39Sopenharmony_ci unsigned char *salt, int saltlen, int iter, 63e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8inf) 64e1051a39Sopenharmony_ci{ 65e1051a39Sopenharmony_ci return PKCS8_encrypt_ex(pbe_nid, cipher, pass, passlen, salt, saltlen, iter, 66e1051a39Sopenharmony_ci p8inf, NULL, NULL); 67e1051a39Sopenharmony_ci} 68e1051a39Sopenharmony_ci 69e1051a39Sopenharmony_ciX509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, 70e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, 71e1051a39Sopenharmony_ci OSSL_LIB_CTX *ctx, const char *propq) 72e1051a39Sopenharmony_ci{ 73e1051a39Sopenharmony_ci X509_SIG *p8; 74e1051a39Sopenharmony_ci ASN1_OCTET_STRING *enckey; 75e1051a39Sopenharmony_ci 76e1051a39Sopenharmony_ci enckey = 77e1051a39Sopenharmony_ci PKCS12_item_i2d_encrypt_ex(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), 78e1051a39Sopenharmony_ci pass, passlen, p8inf, 1, ctx, propq); 79e1051a39Sopenharmony_ci if (!enckey) { 80e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PKCS12, PKCS12_R_ENCRYPT_ERROR); 81e1051a39Sopenharmony_ci return NULL; 82e1051a39Sopenharmony_ci } 83e1051a39Sopenharmony_ci 84e1051a39Sopenharmony_ci p8 = OPENSSL_zalloc(sizeof(*p8)); 85e1051a39Sopenharmony_ci 86e1051a39Sopenharmony_ci if (p8 == NULL) { 87e1051a39Sopenharmony_ci ERR_raise(ERR_LIB_PKCS12, ERR_R_MALLOC_FAILURE); 88e1051a39Sopenharmony_ci ASN1_OCTET_STRING_free(enckey); 89e1051a39Sopenharmony_ci return NULL; 90e1051a39Sopenharmony_ci } 91e1051a39Sopenharmony_ci p8->algor = pbe; 92e1051a39Sopenharmony_ci p8->digest = enckey; 93e1051a39Sopenharmony_ci 94e1051a39Sopenharmony_ci return p8; 95e1051a39Sopenharmony_ci} 96e1051a39Sopenharmony_ci 97e1051a39Sopenharmony_ciX509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, 98e1051a39Sopenharmony_ci PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe) 99e1051a39Sopenharmony_ci{ 100e1051a39Sopenharmony_ci return PKCS8_set0_pbe_ex(pass, passlen, p8inf, pbe, NULL, NULL); 101e1051a39Sopenharmony_ci} 102