29 { NULL, 0 }, { NULL, 0 }
36 { NULL, 0 }, { NULL, 0 }
40 { NULL, 0 }, { NULL, 0 }
51 enum { PKCS12_ALGO_NONE, PKCS12_ALGO_3DES_192, PKCS12_ALGO_3DES_128,
70 { NULL, 0 }, { NULL, 0 }
76 enum { PKCS12_ATTRIBUTE_NONE, PKCS12_ATTRIBUTE_LABEL, PKCS12_ATTRIBUTE_ID };
82 { NULL, 0 }, { NULL, 0 }
99 const PKCS12_ALGO_MAP *algoMapInfoPtr;
104 assert(
isWritePtr( keySize,
sizeof(
int ) ) );
112 readSequence( stream, NULL );
113 status = readOIDEx( stream, encryptionOIDinfo,
119 *cryptAlgo = algoMapInfoPtr->cryptAlgo;
120 *keySize = algoMapInfoPtr->keySize;
128 static
int readKeyDerivationInfo(
INOUT STREAM *stream,
139 assert(
isWritePtr( saltLen,
sizeof(
int ) ) );
140 assert(
isWritePtr( iterations,
sizeof(
int ) ) );
145 memset( salt, 0,
min( 16, saltMaxLen ) );
146 *saltLen = *iterations = 0;
149 readSequence( stream, NULL );
161 *iterations = ( int ) intValue;
175 static
int readObjectAttributes(
INOUT STREAM *stream,
184 status = readSet( stream, &length );
187 endPos = stell( stream ) +
length;
190 for( iterationCount = 0;
191 stell( stream ) < endPos && \
200 readSequence( stream, NULL );
201 status = readOID( stream, attributeOIDinfo,
208 status = readSet( stream, &length );
212 switch( attributeType )
214 case PKCS12_ATTRIBUTE_NONE:
217 status = sSkip( stream, length );
220 case PKCS12_ATTRIBUTE_LABEL:
225 status = readCharacterString( stream, stringBuffer,
231 srcIndex +=2, destIndex++ )
233 pkcs12info->label[ destIndex ] = \
234 stringBuffer[ srcIndex + 1 ];
236 pkcs12info->labelLength = destIndex;
239 case PKCS12_ATTRIBUTE_ID:
246 &pkcs12info->idLength,
256 ENSURES( iterationCount < FAILSAFE_ITERATIONS_MED );
285 status = readCMSheader( stream, certOIDinfo,
294 payloadOffset = stell( stream );
295 status = sSkip( stream, length );
301 "Invalid certificate payload data" ) );
303 pkcs12objectInfo->payloadOffset = payloadOffset;
304 pkcs12objectInfo->payloadSize =
length;
310 static
int readEncryptedObjectInfo(
INOUT STREAM *stream,
315 const char *objectName = isEncryptedCert ?
"encrypted certificate" : \
316 "encrypted private key";
329 status = readProtAlgoInfo( stream, &pkcs12objectInfo->cryptAlgo,
330 &pkcs12objectInfo->keySize );
335 "Invalid %s protection algorithm", objectName ) );
339 status = readKeyDerivationInfo( stream, pkcs12objectInfo->salt,
341 &pkcs12objectInfo->saltSize,
342 &pkcs12objectInfo->iterations );
347 "Invalid %s protection parameters", objectName ) );
359 payloadOffset = stell( stream );
360 status = sSkip( stream, payloadLength );
366 "Invalid %s payload data", objectName ) );
368 pkcs12objectInfo->payloadOffset = payloadOffset;
403 status = readRawObjectAlloc( stream, &objectData, &objectLength,
409 "Couldn't read PKCS #12 object data" ) );
430 sMemConnect( &objectStream, objectData, objectLength );
431 if( isEncryptedCert )
435 readSequence( &objectStream, NULL );
441 int isEncryptedPrivateKey;
453 status = isEncryptedPrivateKey =
454 readCMSheader( &objectStream, keyCertBagOIDinfo,
460 status = readSequence( &objectStream, NULL );
465 sMemDisconnect( &objectStream );
466 clFree(
"readObject", objectData );
469 "Invalid PKCS #12 object header" ) );
475 if( isEncryptedCert || isPrivateKey )
477 status = readEncryptedObjectInfo( &objectStream,
478 &localPkcs12ObjectInfo,
479 isEncryptedCert, errorInfo );
483 status = readObjectInfo( &objectStream, &localPkcs12ObjectInfo,
486 if(
cryptStatusOK( status ) && stell( &objectStream ) < objectLength )
492 status = readObjectAttributes( &objectStream, pkcs12info );
494 sMemDisconnect( &objectStream );
497 clFree(
"readObject", objectData );
499 ( status, errorInfo,
"Invalid %s information",
500 isPrivateKey ?
"private key" :
"certificate" ) );
504 if( isEncryptedCert )
513 pkcs12ObjectInfoPtr = isPrivateKey ? &pkcs12info->keyInfo : \
514 &pkcs12info->certInfo;
515 memcpy( pkcs12ObjectInfoPtr, &localPkcs12ObjectInfo,
517 pkcs12ObjectInfoPtr->data = objectData;