• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL license (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/pkcs12.h>
13 #include "crypto/x509.h"
14 
PKCS8_encrypt(int pbe_nid,const EVP_CIPHER * cipher,const char * pass,int passlen,unsigned char * salt,int saltlen,int iter,PKCS8_PRIV_KEY_INFO * p8inf)15 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
16                         const char *pass, int passlen,
17                         unsigned char *salt, int saltlen, int iter,
18                         PKCS8_PRIV_KEY_INFO *p8inf)
19 {
20     X509_SIG *p8 = NULL;
21     X509_ALGOR *pbe;
22 
23     if (pbe_nid == -1)
24         pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
25     else if (EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
26         pbe = PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, pbe_nid);
27     else {
28         ERR_clear_error();
29         pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
30     }
31     if (!pbe) {
32         PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
33         return NULL;
34     }
35     p8 = PKCS8_set0_pbe(pass, passlen, p8inf, pbe);
36     if (p8 == NULL) {
37         X509_ALGOR_free(pbe);
38         return NULL;
39     }
40 
41     return p8;
42 }
43 
PKCS8_set0_pbe(const char * pass,int passlen,PKCS8_PRIV_KEY_INFO * p8inf,X509_ALGOR * pbe)44 X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen,
45                          PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe)
46 {
47     X509_SIG *p8;
48     ASN1_OCTET_STRING *enckey;
49 
50     enckey =
51         PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
52                                 pass, passlen, p8inf, 1);
53     if (!enckey) {
54         PKCS12err(PKCS12_F_PKCS8_SET0_PBE, PKCS12_R_ENCRYPT_ERROR);
55         return NULL;
56     }
57 
58     p8 = OPENSSL_zalloc(sizeof(*p8));
59 
60     if (p8 == NULL) {
61         PKCS12err(PKCS12_F_PKCS8_SET0_PBE, ERR_R_MALLOC_FAILURE);
62         ASN1_OCTET_STRING_free(enckey);
63         return NULL;
64     }
65     p8->algor = pbe;
66     p8->digest = enckey;
67 
68     return p8;
69 }
70