]>
Commit | Line | Data |
---|---|---|
1 | /** | |
2 | * \file pkcs12.h | |
3 | * | |
4 | * \brief PKCS#12 Personal Information Exchange Syntax | |
5 | */ | |
6 | /* | |
7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved | |
8 | * SPDX-License-Identifier: GPL-2.0 | |
9 | * | |
10 | * This program is free software; you can redistribute it and/or modify | |
11 | * it under the terms of the GNU General Public License as published by | |
12 | * the Free Software Foundation; either version 2 of the License, or | |
13 | * (at your option) any later version. | |
14 | * | |
15 | * This program is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
18 | * GNU General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU General Public License along | |
21 | * with this program; if not, write to the Free Software Foundation, Inc., | |
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
23 | * | |
24 | * This file is part of mbed TLS (https://tls.mbed.org) | |
25 | */ | |
26 | #ifndef MBEDTLS_PKCS12_H | |
27 | #define MBEDTLS_PKCS12_H | |
28 | ||
29 | #include "md.h" | |
30 | #include "cipher.h" | |
31 | #include "asn1.h" | |
32 | ||
33 | #include <stddef.h> | |
34 | ||
35 | #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ | |
36 | #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ | |
37 | #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ | |
38 | #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ | |
39 | ||
40 | #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ | |
41 | #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ | |
42 | #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ | |
43 | ||
44 | #define MBEDTLS_PKCS12_PBE_DECRYPT 0 | |
45 | #define MBEDTLS_PKCS12_PBE_ENCRYPT 1 | |
46 | ||
47 | #ifdef __cplusplus | |
48 | extern "C" { | |
49 | #endif | |
50 | ||
51 | /** | |
52 | * \brief PKCS12 Password Based function (encryption / decryption) | |
53 | * for pbeWithSHAAnd128BitRC4 | |
54 | * | |
55 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure | |
56 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT | |
57 | * \param pwd the password used (may be NULL if no password is used) | |
58 | * \param pwdlen length of the password (may be 0) | |
59 | * \param input the input data | |
60 | * \param len data length | |
61 | * \param output the output buffer | |
62 | * | |
63 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code | |
64 | */ | |
65 | int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode, | |
66 | const unsigned char *pwd, size_t pwdlen, | |
67 | const unsigned char *input, size_t len, | |
68 | unsigned char *output ); | |
69 | ||
70 | /** | |
71 | * \brief PKCS12 Password Based function (encryption / decryption) | |
72 | * for cipher-based and mbedtls_md-based PBE's | |
73 | * | |
74 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure | |
75 | * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT | |
76 | * \param cipher_type the cipher used | |
77 | * \param md_type the mbedtls_md used | |
78 | * \param pwd the password used (may be NULL if no password is used) | |
79 | * \param pwdlen length of the password (may be 0) | |
80 | * \param input the input data | |
81 | * \param len data length | |
82 | * \param output the output buffer | |
83 | * | |
84 | * \return 0 if successful, or a MBEDTLS_ERR_XXX code | |
85 | */ | |
86 | int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode, | |
87 | mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, | |
88 | const unsigned char *pwd, size_t pwdlen, | |
89 | const unsigned char *input, size_t len, | |
90 | unsigned char *output ); | |
91 | ||
92 | /** | |
93 | * \brief The PKCS#12 derivation function uses a password and a salt | |
94 | * to produce pseudo-random bits for a particular "purpose". | |
95 | * | |
96 | * Depending on the given id, this function can produce an | |
97 | * encryption/decryption key, an nitialization vector or an | |
98 | * integrity key. | |
99 | * | |
100 | * \param data buffer to store the derived data in | |
101 | * \param datalen length to fill | |
102 | * \param pwd password to use (may be NULL if no password is used) | |
103 | * \param pwdlen length of the password (may be 0) | |
104 | * \param salt salt buffer to use | |
105 | * \param saltlen length of the salt | |
106 | * \param mbedtls_md mbedtls_md type to use during the derivation | |
107 | * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, | |
108 | * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY) | |
109 | * \param iterations number of iterations | |
110 | * | |
111 | * \return 0 if successful, or a MD, BIGNUM type error. | |
112 | */ | |
113 | int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen, | |
114 | const unsigned char *pwd, size_t pwdlen, | |
115 | const unsigned char *salt, size_t saltlen, | |
116 | mbedtls_md_type_t mbedtls_md, int id, int iterations ); | |
117 | ||
118 | #ifdef __cplusplus | |
119 | } | |
120 | #endif | |
121 | ||
122 | #endif /* pkcs12.h */ |