1 | /**
|
---|
2 | * \file pkcs12.h
|
---|
3 | *
|
---|
4 | * \brief PKCS#12 Personal Information Exchange Syntax
|
---|
5 | */
|
---|
6 | /*
|
---|
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
|
---|
8 | * SPDX-License-Identifier: Apache-2.0
|
---|
9 | *
|
---|
10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may
|
---|
11 | * not use this file except in compliance with the License.
|
---|
12 | * You may obtain a copy of the License at
|
---|
13 | *
|
---|
14 | * http://www.apache.org/licenses/LICENSE-2.0
|
---|
15 | *
|
---|
16 | * Unless required by applicable law or agreed to in writing, software
|
---|
17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
---|
18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
---|
19 | * See the License for the specific language governing permissions and
|
---|
20 | * limitations under the License.
|
---|
21 | *
|
---|
22 | * This file is part of mbed TLS (https://tls.mbed.org)
|
---|
23 | */
|
---|
24 | #ifndef MBEDTLS_PKCS12_H
|
---|
25 | #define MBEDTLS_PKCS12_H
|
---|
26 |
|
---|
27 | #if !defined(MBEDTLS_CONFIG_FILE)
|
---|
28 | #include "config.h"
|
---|
29 | #else
|
---|
30 | #include MBEDTLS_CONFIG_FILE
|
---|
31 | #endif
|
---|
32 |
|
---|
33 | #include "md.h"
|
---|
34 | #include "cipher.h"
|
---|
35 | #include "asn1.h"
|
---|
36 |
|
---|
37 | #include <stddef.h>
|
---|
38 |
|
---|
39 | #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
|
---|
40 | #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
|
---|
41 | #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
|
---|
42 | #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
|
---|
43 |
|
---|
44 | #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
|
---|
45 | #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
|
---|
46 | #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
|
---|
47 |
|
---|
48 | #define MBEDTLS_PKCS12_PBE_DECRYPT 0
|
---|
49 | #define MBEDTLS_PKCS12_PBE_ENCRYPT 1
|
---|
50 |
|
---|
51 | #ifdef __cplusplus
|
---|
52 | extern "C" {
|
---|
53 | #endif
|
---|
54 |
|
---|
55 | #if defined(MBEDTLS_ASN1_PARSE_C)
|
---|
56 |
|
---|
57 | /**
|
---|
58 | * \brief PKCS12 Password Based function (encryption / decryption)
|
---|
59 | * for pbeWithSHAAnd128BitRC4
|
---|
60 | *
|
---|
61 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
---|
62 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
|
---|
63 | * \param pwd the password used (may be NULL if no password is used)
|
---|
64 | * \param pwdlen length of the password (may be 0)
|
---|
65 | * \param input the input data
|
---|
66 | * \param len data length
|
---|
67 | * \param output the output buffer
|
---|
68 | *
|
---|
69 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
---|
70 | */
|
---|
71 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
72 | const unsigned char *pwd, size_t pwdlen,
|
---|
73 | const unsigned char *input, size_t len,
|
---|
74 | unsigned char *output );
|
---|
75 |
|
---|
76 | /**
|
---|
77 | * \brief PKCS12 Password Based function (encryption / decryption)
|
---|
78 | * for cipher-based and mbedtls_md-based PBE's
|
---|
79 | *
|
---|
80 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
|
---|
81 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
|
---|
82 | * \param cipher_type the cipher used
|
---|
83 | * \param md_type the mbedtls_md used
|
---|
84 | * \param pwd the password used (may be NULL if no password is used)
|
---|
85 | * \param pwdlen length of the password (may be 0)
|
---|
86 | * \param input the input data
|
---|
87 | * \param len data length
|
---|
88 | * \param output the output buffer
|
---|
89 | *
|
---|
90 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code
|
---|
91 | */
|
---|
92 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
|
---|
93 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
|
---|
94 | const unsigned char *pwd, size_t pwdlen,
|
---|
95 | const unsigned char *input, size_t len,
|
---|
96 | unsigned char *output );
|
---|
97 |
|
---|
98 | #endif /* MBEDTLS_ASN1_PARSE_C */
|
---|
99 |
|
---|
100 | /**
|
---|
101 | * \brief The PKCS#12 derivation function uses a password and a salt
|
---|
102 | * to produce pseudo-random bits for a particular "purpose".
|
---|
103 | *
|
---|
104 | * Depending on the given id, this function can produce an
|
---|
105 | * encryption/decryption key, an nitialization vector or an
|
---|
106 | * integrity key.
|
---|
107 | *
|
---|
108 | * \param data buffer to store the derived data in
|
---|
109 | * \param datalen length to fill
|
---|
110 | * \param pwd password to use (may be NULL if no password is used)
|
---|
111 | * \param pwdlen length of the password (may be 0)
|
---|
112 | * \param salt salt buffer to use
|
---|
113 | * \param saltlen length of the salt
|
---|
114 | * \param mbedtls_md mbedtls_md type to use during the derivation
|
---|
115 | * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
|
---|
116 | * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
|
---|
117 | * \param iterations number of iterations
|
---|
118 | *
|
---|
119 | * \return 0 if successful, or a MD, BIGNUM type error.
|
---|
120 | */
|
---|
121 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
|
---|
122 | const unsigned char *pwd, size_t pwdlen,
|
---|
123 | const unsigned char *salt, size_t saltlen,
|
---|
124 | mbedtls_md_type_t mbedtls_md, int id, int iterations );
|
---|
125 |
|
---|
126 | #ifdef __cplusplus
|
---|
127 | }
|
---|
128 | #endif
|
---|
129 |
|
---|
130 | #endif /* pkcs12.h */
|
---|