]>
Commit | Line | Data |
---|---|---|
8d8c7266 | 1 | /* pkcs12.h */ |
ae5c8664 MC |
2 | /* |
3 | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project | |
4 | * 1999. | |
8d8c7266 DSH |
5 | */ |
6 | /* ==================================================================== | |
7 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
8 | * | |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
ae5c8664 | 14 | * notice, this list of conditions and the following disclaimer. |
8d8c7266 DSH |
15 | * |
16 | * 2. Redistributions in binary form must reproduce the above copyright | |
17 | * notice, this list of conditions and the following disclaimer in | |
18 | * the documentation and/or other materials provided with the | |
19 | * distribution. | |
20 | * | |
21 | * 3. All advertising materials mentioning features or use of this | |
22 | * software must display the following acknowledgment: | |
23 | * "This product includes software developed by the OpenSSL Project | |
24 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
25 | * | |
26 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
27 | * endorse or promote products derived from this software without | |
28 | * prior written permission. For written permission, please contact | |
29 | * licensing@OpenSSL.org. | |
30 | * | |
31 | * 5. Products derived from this software may not be called "OpenSSL" | |
32 | * nor may "OpenSSL" appear in their names without prior written | |
33 | * permission of the OpenSSL Project. | |
34 | * | |
35 | * 6. Redistributions of any form whatsoever must retain the following | |
36 | * acknowledgment: | |
37 | * "This product includes software developed by the OpenSSL Project | |
38 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
39 | * | |
40 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
41 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
42 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
43 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
44 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
45 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
46 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
47 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
49 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
50 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
51 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
52 | * ==================================================================== | |
53 | * | |
54 | * This product includes cryptographic software written by Eric Young | |
55 | * (eay@cryptsoft.com). This product includes software written by Tim | |
56 | * Hudson (tjh@cryptsoft.com). | |
57 | * | |
58 | */ | |
59 | ||
60 | #ifndef HEADER_PKCS12_H | |
ae5c8664 | 61 | # define HEADER_PKCS12_H |
8d8c7266 | 62 | |
ae5c8664 MC |
63 | # include <openssl/bio.h> |
64 | # include <openssl/x509.h> | |
82271cee | 65 | |
8d8c7266 DSH |
66 | #ifdef __cplusplus |
67 | extern "C" { | |
68 | #endif | |
69 | ||
ae5c8664 MC |
70 | # define PKCS12_KEY_ID 1 |
71 | # define PKCS12_IV_ID 2 | |
72 | # define PKCS12_MAC_ID 3 | |
8d8c7266 | 73 | |
e84240d4 | 74 | /* Default iteration count */ |
ae5c8664 MC |
75 | # ifndef PKCS12_DEFAULT_ITER |
76 | # define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER | |
77 | # endif | |
e84240d4 | 78 | |
ae5c8664 | 79 | # define PKCS12_MAC_KEY_LENGTH 20 |
8d8c7266 | 80 | |
ae5c8664 | 81 | # define PKCS12_SALT_LEN 8 |
8d8c7266 DSH |
82 | |
83 | /* Uncomment out next line for unicode password and names, otherwise ASCII */ | |
84 | ||
ae5c8664 MC |
85 | /* |
86 | * #define PBE_UNICODE | |
87 | */ | |
8d8c7266 | 88 | |
ae5c8664 MC |
89 | # ifdef PBE_UNICODE |
90 | # define PKCS12_key_gen PKCS12_key_gen_uni | |
91 | # define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni | |
92 | # else | |
93 | # define PKCS12_key_gen PKCS12_key_gen_asc | |
94 | # define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc | |
95 | # endif | |
8d8c7266 DSH |
96 | |
97 | /* MS key usage constants */ | |
98 | ||
ae5c8664 MC |
99 | # define KEY_EX 0x10 |
100 | # define KEY_SIG 0x80 | |
8d8c7266 | 101 | |
8d8c7266 | 102 | typedef struct { |
ae5c8664 MC |
103 | X509_SIG *dinfo; |
104 | ASN1_OCTET_STRING *salt; | |
105 | ASN1_INTEGER *iter; /* defaults to 1 */ | |
8d8c7266 DSH |
106 | } PKCS12_MAC_DATA; |
107 | ||
108 | typedef struct { | |
ae5c8664 MC |
109 | ASN1_INTEGER *version; |
110 | PKCS12_MAC_DATA *mac; | |
111 | PKCS7 *authsafes; | |
8d8c7266 DSH |
112 | } PKCS12; |
113 | ||
8d8c7266 | 114 | typedef struct { |
ae5c8664 MC |
115 | ASN1_OBJECT *type; |
116 | union { | |
117 | struct pkcs12_bag_st *bag; /* secret, crl and certbag */ | |
118 | struct pkcs8_priv_key_info_st *keybag; /* keybag */ | |
119 | X509_SIG *shkeybag; /* shrouded key bag */ | |
120 | STACK_OF(PKCS12_SAFEBAG) *safes; | |
121 | ASN1_TYPE *other; | |
122 | } value; | |
123 | STACK_OF(X509_ATTRIBUTE) *attrib; | |
8d8c7266 DSH |
124 | } PKCS12_SAFEBAG; |
125 | ||
f2716dad BL |
126 | DECLARE_STACK_OF(PKCS12_SAFEBAG) |
127 | DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) | |
128 | DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) | |
129 | ||
8d8c7266 | 130 | typedef struct pkcs12_bag_st { |
ae5c8664 MC |
131 | ASN1_OBJECT *type; |
132 | union { | |
133 | ASN1_OCTET_STRING *x509cert; | |
134 | ASN1_OCTET_STRING *x509crl; | |
135 | ASN1_OCTET_STRING *octet; | |
136 | ASN1_IA5STRING *sdsicert; | |
137 | ASN1_TYPE *other; /* Secret or other bag */ | |
138 | } value; | |
8d8c7266 DSH |
139 | } PKCS12_BAGS; |
140 | ||
ae5c8664 MC |
141 | # define PKCS12_ERROR 0 |
142 | # define PKCS12_OK 1 | |
8d8c7266 | 143 | |
ecbe0781 | 144 | /* Compatibility macros */ |
8d8c7266 | 145 | |
ae5c8664 MC |
146 | # define M_PKCS12_x5092certbag PKCS12_x5092certbag |
147 | # define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag | |
8d8c7266 | 148 | |
ae5c8664 MC |
149 | # define M_PKCS12_certbag2x509 PKCS12_certbag2x509 |
150 | # define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl | |
8d8c7266 | 151 | |
ae5c8664 MC |
152 | # define M_PKCS12_unpack_p7data PKCS12_unpack_p7data |
153 | # define M_PKCS12_pack_authsafes PKCS12_pack_authsafes | |
154 | # define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes | |
155 | # define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata | |
8d8c7266 | 156 | |
ae5c8664 MC |
157 | # define M_PKCS12_decrypt_skey PKCS12_decrypt_skey |
158 | # define M_PKCS8_decrypt PKCS8_decrypt | |
8d8c7266 | 159 | |
ae5c8664 MC |
160 | # define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) |
161 | # define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) | |
162 | # define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type | |
8d8c7266 | 163 | |
ae5c8664 MC |
164 | # define PKCS12_get_attr(bag, attr_nid) \ |
165 | PKCS12_get_attr_gen(bag->attrib, attr_nid) | |
8d8c7266 | 166 | |
ae5c8664 MC |
167 | # define PKCS8_get_attr(p8, attr_nid) \ |
168 | PKCS12_get_attr_gen(p8->attributes, attr_nid) | |
8d8c7266 | 169 | |
ae5c8664 | 170 | # define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) |
8d8c7266 | 171 | |
ecbe0781 DSH |
172 | PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); |
173 | PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); | |
174 | X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); | |
175 | X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); | |
176 | ||
ae5c8664 MC |
177 | PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, |
178 | int nid1, int nid2); | |
8d8c7266 | 179 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); |
ae5c8664 MC |
180 | PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, |
181 | int passlen); | |
182 | PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, | |
183 | const char *pass, int passlen); | |
184 | X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, | |
185 | const char *pass, int passlen, unsigned char *salt, | |
186 | int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); | |
61f5b6f3 | 187 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, |
ae5c8664 MC |
188 | int passlen, unsigned char *salt, |
189 | int saltlen, int iter, | |
190 | PKCS8_PRIV_KEY_INFO *p8); | |
f2716dad | 191 | PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); |
ecbe0781 | 192 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); |
61f5b6f3 | 193 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, |
ae5c8664 MC |
194 | unsigned char *salt, int saltlen, int iter, |
195 | STACK_OF(PKCS12_SAFEBAG) *bags); | |
196 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, | |
197 | int passlen); | |
ecbe0781 DSH |
198 | |
199 | int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); | |
200 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); | |
201 | ||
ae5c8664 MC |
202 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, |
203 | int namelen); | |
61f5b6f3 | 204 | int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, |
ae5c8664 | 205 | int namelen); |
f2a253e0 | 206 | int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, |
ae5c8664 MC |
207 | int namelen); |
208 | int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, | |
209 | const unsigned char *name, int namelen); | |
8d8c7266 | 210 | int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); |
84c15db5 | 211 | ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); |
8d8c7266 | 212 | char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); |
61f5b6f3 | 213 | unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, |
ae5c8664 MC |
214 | int passlen, unsigned char *in, int inlen, |
215 | unsigned char **data, int *datalen, | |
216 | int en_de); | |
217 | void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, | |
218 | const char *pass, int passlen, | |
219 | ASN1_OCTET_STRING *oct, int zbuf); | |
220 | ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, | |
221 | const ASN1_ITEM *it, | |
222 | const char *pass, int passlen, | |
223 | void *obj, int zbuf); | |
8d8c7266 | 224 | PKCS12 *PKCS12_init(int mode); |
61f5b6f3 | 225 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
ae5c8664 MC |
226 | int saltlen, int id, int iter, int n, |
227 | unsigned char *out, const EVP_MD *md_type); | |
228 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, | |
229 | int saltlen, int id, int iter, int n, | |
230 | unsigned char *out, const EVP_MD *md_type); | |
2bd83ca1 | 231 | int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
ae5c8664 MC |
232 | ASN1_TYPE *param, const EVP_CIPHER *cipher, |
233 | const EVP_MD *md_type, int en_de); | |
69cbf468 | 234 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, |
ae5c8664 | 235 | unsigned char *mac, unsigned int *maclen); |
61f5b6f3 BL |
236 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); |
237 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, | |
ae5c8664 MC |
238 | unsigned char *salt, int saltlen, int iter, |
239 | const EVP_MD *md_type); | |
69cbf468 | 240 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, |
ae5c8664 MC |
241 | int saltlen, const EVP_MD *md_type); |
242 | unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, | |
243 | unsigned char **uni, int *unilen); | |
6178da01 | 244 | char *OPENSSL_uni2asc(unsigned char *uni, int unilen); |
9d6b1ce6 DSH |
245 | |
246 | DECLARE_ASN1_FUNCTIONS(PKCS12) | |
247 | DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) | |
248 | DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) | |
249 | DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) | |
250 | ||
ecbe0781 DSH |
251 | DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) |
252 | DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) | |
253 | ||
8d8c7266 | 254 | void PKCS12_PBE_add(void); |
61f5b6f3 | 255 | int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, |
ae5c8664 | 256 | STACK_OF(X509) **ca); |
69cbf468 | 257 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
ae5c8664 MC |
258 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, |
259 | int mac_iter, int keytype); | |
9a48b07e DSH |
260 | |
261 | PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); | |
ae5c8664 MC |
262 | PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, |
263 | EVP_PKEY *key, int key_usage, int iter, | |
264 | int key_nid, char *pass); | |
9a48b07e | 265 | int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, |
ae5c8664 | 266 | int safe_nid, int iter, char *pass); |
9a48b07e DSH |
267 | PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); |
268 | ||
8d8c7266 DSH |
269 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); |
270 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); | |
271 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); | |
272 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | |
21131f00 | 273 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); |
8d8c7266 | 274 | |
8d8c7266 | 275 | /* BEGIN ERROR CODES */ |
ae5c8664 MC |
276 | /* |
277 | * The following lines are auto generated by the script mkerr.pl. Any changes | |
6d311938 DSH |
278 | * made after this point may be overwritten when the script is next run. |
279 | */ | |
b476df64 | 280 | void ERR_load_PKCS12_strings(void); |
6d311938 | 281 | |
8d8c7266 DSH |
282 | /* Error codes for the PKCS12 functions. */ |
283 | ||
284 | /* Function codes. */ | |
ae5c8664 MC |
285 | # define PKCS12_F_PARSE_BAG 129 |
286 | # define PKCS12_F_PARSE_BAGS 103 | |
287 | # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 | |
288 | # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 | |
289 | # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 | |
290 | # define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 | |
291 | # define PKCS12_F_PKCS12_CREATE 105 | |
292 | # define PKCS12_F_PKCS12_GEN_MAC 107 | |
293 | # define PKCS12_F_PKCS12_INIT 109 | |
294 | # define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 | |
295 | # define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 | |
296 | # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 | |
297 | # define PKCS12_F_PKCS12_KEY_GEN_ASC 110 | |
298 | # define PKCS12_F_PKCS12_KEY_GEN_UNI 111 | |
299 | # define PKCS12_F_PKCS12_MAKE_KEYBAG 112 | |
300 | # define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 | |
301 | # define PKCS12_F_PKCS12_NEWPASS 128 | |
302 | # define PKCS12_F_PKCS12_PACK_P7DATA 114 | |
303 | # define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 | |
304 | # define PKCS12_F_PKCS12_PARSE 118 | |
305 | # define PKCS12_F_PKCS12_PBE_CRYPT 119 | |
306 | # define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 | |
307 | # define PKCS12_F_PKCS12_SETUP_MAC 122 | |
308 | # define PKCS12_F_PKCS12_SET_MAC 123 | |
309 | # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 | |
310 | # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 | |
311 | # define PKCS12_F_PKCS12_VERIFY_MAC 126 | |
312 | # define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 | |
313 | # define PKCS12_F_PKCS8_ENCRYPT 125 | |
8d8c7266 DSH |
314 | |
315 | /* Reason codes. */ | |
ae5c8664 MC |
316 | # define PKCS12_R_CANT_PACK_STRUCTURE 100 |
317 | # define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 | |
318 | # define PKCS12_R_DECODE_ERROR 101 | |
319 | # define PKCS12_R_ENCODE_ERROR 102 | |
320 | # define PKCS12_R_ENCRYPT_ERROR 103 | |
321 | # define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 | |
322 | # define PKCS12_R_INVALID_NULL_ARGUMENT 104 | |
323 | # define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 | |
324 | # define PKCS12_R_IV_GEN_ERROR 106 | |
325 | # define PKCS12_R_KEY_GEN_ERROR 107 | |
326 | # define PKCS12_R_MAC_ABSENT 108 | |
327 | # define PKCS12_R_MAC_GENERATION_ERROR 109 | |
328 | # define PKCS12_R_MAC_SETUP_ERROR 110 | |
329 | # define PKCS12_R_MAC_STRING_SET_ERROR 111 | |
330 | # define PKCS12_R_MAC_VERIFY_ERROR 112 | |
331 | # define PKCS12_R_MAC_VERIFY_FAILURE 113 | |
332 | # define PKCS12_R_PARSE_ERROR 114 | |
333 | # define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 | |
334 | # define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 | |
335 | # define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 | |
336 | # define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 | |
337 | # define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 | |
6d311938 | 338 | |
8d8c7266 DSH |
339 | #ifdef __cplusplus |
340 | } | |
341 | #endif | |
342 | #endif |