| Jaeden Amero | e54e693 | 2018-08-06 16:19:58 +0100 | [diff] [blame] | 1 | /** |
| 2 | * \file pkcs12.h |
| 3 | * |
| 4 | * \brief PKCS#12 Personal Information Exchange Syntax |
| 5 | */ |
| 6 | /* |
| 7 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| 8 | * SPDX-License-Identifier: Apache-2.0 |
| 9 | * |
| 10 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 11 | * not use this file except in compliance with the License. |
| 12 | * You may obtain a copy of the License at |
| 13 | * |
| 14 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 15 | * |
| 16 | * Unless required by applicable law or agreed to in writing, software |
| 17 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 18 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 19 | * See the License for the specific language governing permissions and |
| 20 | * limitations under the License. |
| 21 | * |
| 22 | * This file is part of Mbed Crypto (https://tls.mbed.org) |
| 23 | */ |
| 24 | #ifndef MBEDCRYPTO_PKCS12_H |
| 25 | #define MBEDCRYPTO_PKCS12_H |
| 26 | |
| 27 | #include "md.h" |
| 28 | #include "cipher.h" |
| 29 | #include "asn1.h" |
| 30 | |
| 31 | #include <stddef.h> |
| 32 | |
| 33 | #define MBEDCRYPTO_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */ |
| 34 | #define MBEDCRYPTO_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */ |
| 35 | #define MBEDCRYPTO_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */ |
| 36 | #define MBEDCRYPTO_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */ |
| 37 | |
| 38 | #define MBEDCRYPTO_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ |
| 39 | #define MBEDCRYPTO_PKCS12_DERIVE_IV 2 /**< initialization vector */ |
| 40 | #define MBEDCRYPTO_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ |
| 41 | |
| 42 | #define MBEDCRYPTO_PKCS12_PBE_DECRYPT 0 |
| 43 | #define MBEDCRYPTO_PKCS12_PBE_ENCRYPT 1 |
| 44 | |
| 45 | #ifdef __cplusplus |
| 46 | extern "C" { |
| 47 | #endif |
| 48 | |
| 49 | /** |
| 50 | * \brief PKCS12 Password Based function (encryption / decryption) |
| 51 | * for pbeWithSHAAnd128BitRC4 |
| 52 | * |
| 53 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure |
| 54 | * \param mode either MBEDCRYPTO_PKCS12_PBE_ENCRYPT or MBEDCRYPTO_PKCS12_PBE_DECRYPT |
| 55 | * \param pwd the password used (may be NULL if no password is used) |
| 56 | * \param pwdlen length of the password (may be 0) |
| 57 | * \param input the input data |
| 58 | * \param len data length |
| 59 | * \param output the output buffer |
| 60 | * |
| 61 | * \return 0 if successful, or a MBEDCRYPTO_ERR_XXX code |
| 62 | */ |
| 63 | int mbedcrypto_pkcs12_pbe_sha1_rc4_128( mbedcrypto_asn1_buf *pbe_params, int mode, |
| 64 | const unsigned char *pwd, size_t pwdlen, |
| 65 | const unsigned char *input, size_t len, |
| 66 | unsigned char *output ); |
| 67 | |
| 68 | /** |
| 69 | * \brief PKCS12 Password Based function (encryption / decryption) |
| 70 | * for cipher-based and mbedcrypto_md-based PBE's |
| 71 | * |
| 72 | * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure |
| 73 | * \param mode either MBEDCRYPTO_PKCS12_PBE_ENCRYPT or MBEDCRYPTO_PKCS12_PBE_DECRYPT |
| 74 | * \param cipher_type the cipher used |
| 75 | * \param md_type the mbedcrypto_md used |
| 76 | * \param pwd the password used (may be NULL if no password is used) |
| 77 | * \param pwdlen length of the password (may be 0) |
| 78 | * \param input the input data |
| 79 | * \param len data length |
| 80 | * \param output the output buffer |
| 81 | * |
| 82 | * \return 0 if successful, or a MBEDCRYPTO_ERR_XXX code |
| 83 | */ |
| 84 | int mbedcrypto_pkcs12_pbe( mbedcrypto_asn1_buf *pbe_params, int mode, |
| 85 | mbedcrypto_cipher_type_t cipher_type, mbedcrypto_md_type_t md_type, |
| 86 | const unsigned char *pwd, size_t pwdlen, |
| 87 | const unsigned char *input, size_t len, |
| 88 | unsigned char *output ); |
| 89 | |
| 90 | /** |
| 91 | * \brief The PKCS#12 derivation function uses a password and a salt |
| 92 | * to produce pseudo-random bits for a particular "purpose". |
| 93 | * |
| 94 | * Depending on the given id, this function can produce an |
| 95 | * encryption/decryption key, an nitialization vector or an |
| 96 | * integrity key. |
| 97 | * |
| 98 | * \param data buffer to store the derived data in |
| 99 | * \param datalen length to fill |
| 100 | * \param pwd password to use (may be NULL if no password is used) |
| 101 | * \param pwdlen length of the password (may be 0) |
| 102 | * \param salt salt buffer to use |
| 103 | * \param saltlen length of the salt |
| 104 | * \param mbedcrypto_md mbedcrypto_md type to use during the derivation |
| 105 | * \param id id that describes the purpose (can be MBEDCRYPTO_PKCS12_DERIVE_KEY, |
| 106 | * MBEDCRYPTO_PKCS12_DERIVE_IV or MBEDCRYPTO_PKCS12_DERIVE_MAC_KEY) |
| 107 | * \param iterations number of iterations |
| 108 | * |
| 109 | * \return 0 if successful, or a MD, BIGNUM type error. |
| 110 | */ |
| 111 | int mbedcrypto_pkcs12_derivation( unsigned char *data, size_t datalen, |
| 112 | const unsigned char *pwd, size_t pwdlen, |
| 113 | const unsigned char *salt, size_t saltlen, |
| 114 | mbedcrypto_md_type_t mbedcrypto_md, int id, int iterations ); |
| 115 | |
| 116 | #ifdef __cplusplus |
| 117 | } |
| 118 | #endif |
| 119 | |
| 120 | #endif /* pkcs12.h */ |