]>
Commit | Line | Data |
---|---|---|
8d8c7266 DSH |
1 | /* pkcs12.h */ |
2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | |
3 | * project 1999. | |
4 | */ | |
5 | /* ==================================================================== | |
6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | |
7 | * | |
8 | * Redistribution and use in source and binary forms, with or without | |
9 | * modification, are permitted provided that the following conditions | |
10 | * are met: | |
11 | * | |
12 | * 1. Redistributions of source code must retain the above copyright | |
13 | * notice, this list of conditions and the following disclaimer. | |
14 | * | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * 3. All advertising materials mentioning features or use of this | |
21 | * software must display the following acknowledgment: | |
22 | * "This product includes software developed by the OpenSSL Project | |
23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | |
24 | * | |
25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | |
26 | * endorse or promote products derived from this software without | |
27 | * prior written permission. For written permission, please contact | |
28 | * licensing@OpenSSL.org. | |
29 | * | |
30 | * 5. Products derived from this software may not be called "OpenSSL" | |
31 | * nor may "OpenSSL" appear in their names without prior written | |
32 | * permission of the OpenSSL Project. | |
33 | * | |
34 | * 6. Redistributions of any form whatsoever must retain the following | |
35 | * acknowledgment: | |
36 | * "This product includes software developed by the OpenSSL Project | |
37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | |
38 | * | |
39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | |
40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | |
43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | |
44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | |
45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | |
48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | |
49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
51 | * ==================================================================== | |
52 | * | |
53 | * This product includes cryptographic software written by Eric Young | |
54 | * (eay@cryptsoft.com). This product includes software written by Tim | |
55 | * Hudson (tjh@cryptsoft.com). | |
56 | * | |
57 | */ | |
58 | ||
59 | #ifndef HEADER_PKCS12_H | |
60 | #define HEADER_PKCS12_H | |
61 | ||
82271cee RL |
62 | #include <openssl/bio.h> |
63 | #include <openssl/x509.h> | |
64 | ||
8d8c7266 DSH |
65 | #ifdef __cplusplus |
66 | extern "C" { | |
67 | #endif | |
68 | ||
8d8c7266 DSH |
69 | #define PKCS12_KEY_ID 1 |
70 | #define PKCS12_IV_ID 2 | |
71 | #define PKCS12_MAC_ID 3 | |
72 | ||
e84240d4 DSH |
73 | /* Default iteration count */ |
74 | #ifndef PKCS12_DEFAULT_ITER | |
b7d135b3 | 75 | #define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER |
e84240d4 DSH |
76 | #endif |
77 | ||
8d8c7266 DSH |
78 | #define PKCS12_MAC_KEY_LENGTH 20 |
79 | ||
80 | #define PKCS12_SALT_LEN 8 | |
81 | ||
82 | /* Uncomment out next line for unicode password and names, otherwise ASCII */ | |
83 | ||
84 | /*#define PBE_UNICODE*/ | |
85 | ||
86 | #ifdef PBE_UNICODE | |
87 | #define PKCS12_key_gen PKCS12_key_gen_uni | |
88 | #define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni | |
89 | #else | |
90 | #define PKCS12_key_gen PKCS12_key_gen_asc | |
91 | #define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc | |
92 | #endif | |
93 | ||
94 | /* MS key usage constants */ | |
95 | ||
96 | #define KEY_EX 0x10 | |
97 | #define KEY_SIG 0x80 | |
98 | ||
8d8c7266 DSH |
99 | typedef struct { |
100 | X509_SIG *dinfo; | |
101 | ASN1_OCTET_STRING *salt; | |
102 | ASN1_INTEGER *iter; /* defaults to 1 */ | |
103 | } PKCS12_MAC_DATA; | |
104 | ||
105 | typedef struct { | |
106 | ASN1_INTEGER *version; | |
107 | PKCS12_MAC_DATA *mac; | |
108 | PKCS7 *authsafes; | |
109 | } PKCS12; | |
110 | ||
f2716dad BL |
111 | PREDECLARE_STACK_OF(PKCS12_SAFEBAG) |
112 | ||
8d8c7266 DSH |
113 | typedef struct { |
114 | ASN1_OBJECT *type; | |
115 | union { | |
116 | struct pkcs12_bag_st *bag; /* secret, crl and certbag */ | |
117 | struct pkcs8_priv_key_info_st *keybag; /* keybag */ | |
118 | X509_SIG *shkeybag; /* shrouded key bag */ | |
f2716dad | 119 | STACK_OF(PKCS12_SAFEBAG) *safes; |
8d8c7266 DSH |
120 | ASN1_TYPE *other; |
121 | }value; | |
84c15db5 | 122 | STACK_OF(X509_ATTRIBUTE) *attrib; |
8d8c7266 DSH |
123 | } PKCS12_SAFEBAG; |
124 | ||
f2716dad BL |
125 | DECLARE_STACK_OF(PKCS12_SAFEBAG) |
126 | DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) | |
127 | DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) | |
128 | ||
8d8c7266 DSH |
129 | typedef struct pkcs12_bag_st { |
130 | ASN1_OBJECT *type; | |
131 | union { | |
132 | ASN1_OCTET_STRING *x509cert; | |
133 | ASN1_OCTET_STRING *x509crl; | |
134 | ASN1_OCTET_STRING *octet; | |
135 | ASN1_IA5STRING *sdsicert; | |
136 | ASN1_TYPE *other; /* Secret or other bag */ | |
137 | }value; | |
138 | } PKCS12_BAGS; | |
139 | ||
140 | #define PKCS12_ERROR 0 | |
141 | #define PKCS12_OK 1 | |
142 | ||
ecbe0781 | 143 | /* Compatibility macros */ |
8d8c7266 | 144 | |
ecbe0781 DSH |
145 | #define M_PKCS12_x5092certbag PKCS12_x5092certbag |
146 | #define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag | |
8d8c7266 | 147 | |
ecbe0781 DSH |
148 | #define M_PKCS12_certbag2x509 PKCS12_certbag2x509 |
149 | #define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl | |
8d8c7266 | 150 | |
ecbe0781 DSH |
151 | #define M_PKCS12_unpack_p7data PKCS12_unpack_p7data |
152 | #define M_PKCS12_pack_authsafes PKCS12_pack_authsafes | |
153 | #define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes | |
154 | #define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata | |
8d8c7266 | 155 | |
ecbe0781 DSH |
156 | #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey |
157 | #define M_PKCS8_decrypt PKCS8_decrypt | |
8d8c7266 | 158 | |
ecbe0781 DSH |
159 | #define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) |
160 | #define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) | |
161 | #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type | |
8d8c7266 DSH |
162 | |
163 | #define PKCS12_get_attr(bag, attr_nid) \ | |
164 | PKCS12_get_attr_gen(bag->attrib, attr_nid) | |
165 | ||
166 | #define PKCS8_get_attr(p8, attr_nid) \ | |
167 | PKCS12_get_attr_gen(p8->attributes, attr_nid) | |
168 | ||
169 | #define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) | |
170 | ||
8d8c7266 | 171 | |
ecbe0781 DSH |
172 | PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); |
173 | PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); | |
174 | X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); | |
175 | X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); | |
176 | ||
177 | PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, | |
178 | int nid2); | |
8d8c7266 | 179 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); |
ecbe0781 DSH |
180 | PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); |
181 | PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, | |
182 | int passlen); | |
8eb57af5 DSH |
183 | X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, |
184 | const char *pass, int passlen, | |
61f5b6f3 BL |
185 | unsigned char *salt, int saltlen, int iter, |
186 | PKCS8_PRIV_KEY_INFO *p8); | |
187 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, | |
188 | int passlen, unsigned char *salt, | |
189 | int saltlen, int iter, | |
190 | PKCS8_PRIV_KEY_INFO *p8); | |
f2716dad | 191 | PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); |
ecbe0781 | 192 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); |
61f5b6f3 BL |
193 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, |
194 | unsigned char *salt, int saltlen, int iter, | |
f2716dad | 195 | STACK_OF(PKCS12_SAFEBAG) *bags); |
ecbe0781 DSH |
196 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); |
197 | ||
198 | int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); | |
199 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); | |
200 | ||
8d8c7266 | 201 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); |
61f5b6f3 BL |
202 | int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, |
203 | int namelen); | |
f2a253e0 DSH |
204 | int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, |
205 | int namelen); | |
61f5b6f3 BL |
206 | int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, |
207 | int namelen); | |
8d8c7266 | 208 | int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); |
84c15db5 | 209 | ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); |
8d8c7266 | 210 | char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); |
61f5b6f3 BL |
211 | unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, |
212 | int passlen, unsigned char *in, int inlen, | |
213 | unsigned char **data, int *datalen, int en_de); | |
ecbe0781 DSH |
214 | void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, |
215 | const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); | |
216 | ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, | |
217 | const char *pass, int passlen, | |
218 | void *obj, int zbuf); | |
8d8c7266 | 219 | PKCS12 *PKCS12_init(int mode); |
61f5b6f3 BL |
220 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
221 | int saltlen, int id, int iter, int n, | |
222 | unsigned char *out, const EVP_MD *md_type); | |
e778802f | 223 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); |
2bd83ca1 | 224 | int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
13588350 | 225 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, |
2bd83ca1 | 226 | int en_de); |
69cbf468 DSH |
227 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, |
228 | unsigned char *mac, unsigned int *maclen); | |
61f5b6f3 BL |
229 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); |
230 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, | |
231 | unsigned char *salt, int saltlen, int iter, | |
13588350 | 232 | const EVP_MD *md_type); |
69cbf468 | 233 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, |
13588350 | 234 | int saltlen, const EVP_MD *md_type); |
6308af19 | 235 | unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); |
8d8c7266 | 236 | char *uni2asc(unsigned char *uni, int unilen); |
9d6b1ce6 DSH |
237 | |
238 | DECLARE_ASN1_FUNCTIONS(PKCS12) | |
239 | DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) | |
240 | DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) | |
241 | DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) | |
242 | ||
ecbe0781 DSH |
243 | DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) |
244 | DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) | |
245 | ||
8d8c7266 | 246 | void ERR_load_PKCS12_strings(void); |
8d8c7266 | 247 | void PKCS12_PBE_add(void); |
61f5b6f3 | 248 | int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, |
e77066ea | 249 | STACK_OF(X509) **ca); |
69cbf468 | 250 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
e77066ea | 251 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, |
69cbf468 | 252 | int mac_iter, int keytype); |
8d8c7266 DSH |
253 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); |
254 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); | |
255 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); | |
256 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | |
21131f00 | 257 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); |
8d8c7266 | 258 | |
8d8c7266 | 259 | /* BEGIN ERROR CODES */ |
6d311938 DSH |
260 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
261 | * made after this point may be overwritten when the script is next run. | |
262 | */ | |
263 | ||
8d8c7266 DSH |
264 | /* Error codes for the PKCS12 functions. */ |
265 | ||
266 | /* Function codes. */ | |
8d8c7266 | 267 | #define PKCS12_F_PARSE_BAGS 103 |
6e781e8e DSH |
268 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 |
269 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 | |
270 | #define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 | |
8d8c7266 DSH |
271 | #define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 |
272 | #define PKCS12_F_PKCS12_CREATE 105 | |
273 | #define PKCS12_F_PKCS12_DECRYPT_D2I 106 | |
274 | #define PKCS12_F_PKCS12_GEN_MAC 107 | |
275 | #define PKCS12_F_PKCS12_I2D_ENCRYPT 108 | |
276 | #define PKCS12_F_PKCS12_INIT 109 | |
277 | #define PKCS12_F_PKCS12_KEY_GEN_ASC 110 | |
278 | #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 | |
6e781e8e | 279 | #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 |
8d8c7266 | 280 | #define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 |
21131f00 | 281 | #define PKCS12_F_PKCS12_NEWPASS 128 |
8d8c7266 DSH |
282 | #define PKCS12_F_PKCS12_PACK_P7DATA 114 |
283 | #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 | |
8d8c7266 DSH |
284 | #define PKCS12_F_PKCS12_PACK_SAFEBAG 117 |
285 | #define PKCS12_F_PKCS12_PARSE 118 | |
286 | #define PKCS12_F_PKCS12_PBE_CRYPT 119 | |
287 | #define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 | |
8d8c7266 DSH |
288 | #define PKCS12_F_PKCS12_SETUP_MAC 122 |
289 | #define PKCS12_F_PKCS12_SET_MAC 123 | |
290 | #define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 | |
291 | #define PKCS12_F_PKCS8_ENCRYPT 125 | |
292 | #define PKCS12_F_VERIFY_MAC 126 | |
293 | ||
294 | /* Reason codes. */ | |
295 | #define PKCS12_R_CANT_PACK_STRUCTURE 100 | |
296 | #define PKCS12_R_DECODE_ERROR 101 | |
297 | #define PKCS12_R_ENCODE_ERROR 102 | |
298 | #define PKCS12_R_ENCRYPT_ERROR 103 | |
c6c34506 | 299 | #define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 |
8d8c7266 DSH |
300 | #define PKCS12_R_INVALID_NULL_ARGUMENT 104 |
301 | #define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 | |
302 | #define PKCS12_R_IV_GEN_ERROR 106 | |
303 | #define PKCS12_R_KEY_GEN_ERROR 107 | |
304 | #define PKCS12_R_MAC_ABSENT 108 | |
305 | #define PKCS12_R_MAC_GENERATION_ERROR 109 | |
306 | #define PKCS12_R_MAC_SETUP_ERROR 110 | |
307 | #define PKCS12_R_MAC_STRING_SET_ERROR 111 | |
308 | #define PKCS12_R_MAC_VERIFY_ERROR 112 | |
309 | #define PKCS12_R_MAC_VERIFY_FAILURE 113 | |
310 | #define PKCS12_R_PARSE_ERROR 114 | |
311 | #define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 | |
312 | #define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 | |
313 | #define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 | |
314 | #define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 | |
315 | #define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 | |
6d311938 | 316 | |
8d8c7266 DSH |
317 | #ifdef __cplusplus |
318 | } | |
319 | #endif | |
320 | #endif | |
321 |