p12_npas.c 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260
  1. /*
  2. * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <stdlib.h>
  11. #include <string.h>
  12. #include <openssl/pem.h>
  13. #include <openssl/err.h>
  14. #include <openssl/pkcs12.h>
  15. #include "p12_local.h"
  16. /* PKCS#12 password change routine */
  17. static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
  18. static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
  19. const char *newpass,
  20. OSSL_LIB_CTX *libctx, const char *propq);
  21. static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
  22. const char *newpass,
  23. OSSL_LIB_CTX *libctx, const char *propq);
  24. static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
  25. int *psaltlen, int *cipherid);
  26. /*
  27. * Change the password on a PKCS#12 structure.
  28. */
  29. int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass)
  30. {
  31. /* Check for NULL PKCS12 structure */
  32. if (p12 == NULL) {
  33. ERR_raise(ERR_LIB_PKCS12, PKCS12_R_INVALID_NULL_PKCS12_POINTER);
  34. return 0;
  35. }
  36. /* Check the mac */
  37. if (p12->mac != NULL) {
  38. if (!PKCS12_verify_mac(p12, oldpass, -1)) {
  39. ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_VERIFY_FAILURE);
  40. return 0;
  41. }
  42. }
  43. if (!newpass_p12(p12, oldpass, newpass)) {
  44. ERR_raise(ERR_LIB_PKCS12, PKCS12_R_PARSE_ERROR);
  45. return 0;
  46. }
  47. return 1;
  48. }
  49. /* Parse the outer PKCS#12 structure */
  50. static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass)
  51. {
  52. STACK_OF(PKCS7) *asafes = NULL, *newsafes = NULL;
  53. STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
  54. int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0, cipherid = NID_undef;
  55. PKCS7 *p7, *p7new;
  56. ASN1_OCTET_STRING *p12_data_tmp = NULL, *macoct = NULL;
  57. unsigned char mac[EVP_MAX_MD_SIZE];
  58. unsigned int maclen;
  59. int rv = 0;
  60. if ((asafes = PKCS12_unpack_authsafes(p12)) == NULL)
  61. goto err;
  62. if ((newsafes = sk_PKCS7_new_null()) == NULL)
  63. goto err;
  64. for (i = 0; i < sk_PKCS7_num(asafes); i++) {
  65. p7 = sk_PKCS7_value(asafes, i);
  66. bagnid = OBJ_obj2nid(p7->type);
  67. if (bagnid == NID_pkcs7_data) {
  68. bags = PKCS12_unpack_p7data(p7);
  69. } else if (bagnid == NID_pkcs7_encrypted) {
  70. bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
  71. if (p7->d.encrypted == NULL
  72. || !alg_get(p7->d.encrypted->enc_data->algorithm,
  73. &pbe_nid, &pbe_iter, &pbe_saltlen, &cipherid))
  74. goto err;
  75. } else {
  76. continue;
  77. }
  78. if (bags == NULL)
  79. goto err;
  80. if (!newpass_bags(bags, oldpass, newpass,
  81. p7->ctx.libctx, p7->ctx.propq))
  82. goto err;
  83. /* Repack bag in same form with new password */
  84. if (bagnid == NID_pkcs7_data)
  85. p7new = PKCS12_pack_p7data(bags);
  86. else
  87. p7new = PKCS12_pack_p7encdata_ex(pbe_nid, newpass, -1, NULL,
  88. pbe_saltlen, pbe_iter, bags,
  89. p7->ctx.libctx, p7->ctx.propq);
  90. if (p7new == NULL || !sk_PKCS7_push(newsafes, p7new))
  91. goto err;
  92. sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
  93. bags = NULL;
  94. }
  95. /* Repack safe: save old safe in case of error */
  96. p12_data_tmp = p12->authsafes->d.data;
  97. if ((p12->authsafes->d.data = ASN1_OCTET_STRING_new()) == NULL)
  98. goto err;
  99. if (!PKCS12_pack_authsafes(p12, newsafes))
  100. goto err;
  101. if (p12->mac != NULL) {
  102. if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
  103. goto err;
  104. X509_SIG_getm(p12->mac->dinfo, NULL, &macoct);
  105. if (!ASN1_OCTET_STRING_set(macoct, mac, maclen))
  106. goto err;
  107. }
  108. rv = 1;
  109. err:
  110. /* Restore old safe if necessary */
  111. if (rv == 1) {
  112. ASN1_OCTET_STRING_free(p12_data_tmp);
  113. } else if (p12_data_tmp != NULL) {
  114. ASN1_OCTET_STRING_free(p12->authsafes->d.data);
  115. p12->authsafes->d.data = p12_data_tmp;
  116. }
  117. sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
  118. sk_PKCS7_pop_free(asafes, PKCS7_free);
  119. sk_PKCS7_pop_free(newsafes, PKCS7_free);
  120. return rv;
  121. }
  122. static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *oldpass,
  123. const char *newpass,
  124. OSSL_LIB_CTX *libctx, const char *propq)
  125. {
  126. int i;
  127. for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
  128. if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass,
  129. libctx, propq))
  130. return 0;
  131. }
  132. return 1;
  133. }
  134. /* Change password of safebag: only needs handle shrouded keybags */
  135. static int newpass_bag(PKCS12_SAFEBAG *bag, const char *oldpass,
  136. const char *newpass,
  137. OSSL_LIB_CTX *libctx, const char *propq)
  138. {
  139. EVP_CIPHER *cipher = NULL;
  140. PKCS8_PRIV_KEY_INFO *p8;
  141. X509_SIG *p8new;
  142. int p8_nid, p8_saltlen, p8_iter, cipherid = 0;
  143. const X509_ALGOR *shalg;
  144. if (PKCS12_SAFEBAG_get_nid(bag) != NID_pkcs8ShroudedKeyBag)
  145. return 1;
  146. if ((p8 = PKCS8_decrypt_ex(bag->value.shkeybag, oldpass, -1,
  147. libctx, propq)) == NULL)
  148. return 0;
  149. X509_SIG_get0(bag->value.shkeybag, &shalg, NULL);
  150. if (!alg_get(shalg, &p8_nid, &p8_iter, &p8_saltlen, &cipherid)) {
  151. PKCS8_PRIV_KEY_INFO_free(p8);
  152. return 0;
  153. }
  154. if (cipherid != NID_undef) {
  155. cipher = EVP_CIPHER_fetch(libctx, OBJ_nid2sn(cipherid), propq);
  156. if (cipher == NULL) {
  157. PKCS8_PRIV_KEY_INFO_free(p8);
  158. return 0;
  159. }
  160. }
  161. p8new = PKCS8_encrypt_ex(p8_nid, cipher, newpass, -1, NULL, p8_saltlen,
  162. p8_iter, p8, libctx, propq);
  163. PKCS8_PRIV_KEY_INFO_free(p8);
  164. EVP_CIPHER_free(cipher);
  165. if (p8new == NULL)
  166. return 0;
  167. X509_SIG_free(bag->value.shkeybag);
  168. bag->value.shkeybag = p8new;
  169. return 1;
  170. }
  171. static int alg_get(const X509_ALGOR *alg, int *pnid, int *piter,
  172. int *psaltlen, int *cipherid)
  173. {
  174. int ret = 0, pbenid, aparamtype;
  175. int encnid, prfnid;
  176. const ASN1_OBJECT *aoid;
  177. const void *aparam;
  178. PBEPARAM *pbe = NULL;
  179. PBE2PARAM *pbe2 = NULL;
  180. PBKDF2PARAM *kdf = NULL;
  181. X509_ALGOR_get0(&aoid, &aparamtype, &aparam, alg);
  182. pbenid = OBJ_obj2nid(aoid);
  183. switch (pbenid) {
  184. case NID_pbes2:
  185. if (aparamtype == V_ASN1_SEQUENCE)
  186. pbe2 = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBE2PARAM));
  187. if (pbe2 == NULL)
  188. goto done;
  189. X509_ALGOR_get0(&aoid, &aparamtype, &aparam, pbe2->keyfunc);
  190. pbenid = OBJ_obj2nid(aoid);
  191. X509_ALGOR_get0(&aoid, NULL, NULL, pbe2->encryption);
  192. encnid = OBJ_obj2nid(aoid);
  193. if (aparamtype == V_ASN1_SEQUENCE)
  194. kdf = ASN1_item_unpack(aparam, ASN1_ITEM_rptr(PBKDF2PARAM));
  195. if (kdf == NULL)
  196. goto done;
  197. /* Only OCTET_STRING is supported */
  198. if (kdf->salt->type != V_ASN1_OCTET_STRING)
  199. goto done;
  200. if (kdf->prf == NULL) {
  201. prfnid = NID_hmacWithSHA1;
  202. } else {
  203. X509_ALGOR_get0(&aoid, NULL, NULL, kdf->prf);
  204. prfnid = OBJ_obj2nid(aoid);
  205. }
  206. *psaltlen = kdf->salt->value.octet_string->length;
  207. *piter = ASN1_INTEGER_get(kdf->iter);
  208. *pnid = prfnid;
  209. *cipherid = encnid;
  210. break;
  211. default:
  212. pbe = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBEPARAM), alg->parameter);
  213. if (pbe == NULL)
  214. goto done;
  215. *pnid = OBJ_obj2nid(alg->algorithm);
  216. *piter = ASN1_INTEGER_get(pbe->iter);
  217. *psaltlen = pbe->salt->length;
  218. *cipherid = NID_undef;
  219. ret = 1;
  220. break;
  221. }
  222. ret = 1;
  223. done:
  224. if (kdf != NULL)
  225. PBKDF2PARAM_free(kdf);
  226. if (pbe2 != NULL)
  227. PBE2PARAM_free(pbe2);
  228. if (pbe != NULL)
  229. PBEPARAM_free(pbe);
  230. return ret;
  231. }