TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1e14827bebc8480786498f007304bd852ef953c6 / . / include / mbedtls / pkcs12.h
blob: 4b8ce7ed0de535a30155b3320831125bd119d95e [file] [log] [blame]
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]1/**
2 * \file pkcs12.h
3 *
4 * \brief PKCS#12 Personal Information Exchange Syntax
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]5 */
6/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame^]7 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]21 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#ifndef MBEDTLS_PKCS12_H
23#define MBEDTLS_PKCS12_H
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]24
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]25#if !defined(MBEDTLS_CONFIG_FILE)
Jaeden Ameroc49fbbf2019-07-04 20:01:14 +0100[diff] [blame]26#include "mbedtls/config.h"
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]27#else
28#include MBEDTLS_CONFIG_FILE
29#endif
30
Jaeden Ameroc49fbbf2019-07-04 20:01:14 +0100[diff] [blame]31#include "mbedtls/md.h"
32#include "mbedtls/cipher.h"
33#include "mbedtls/asn1.h"
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]34
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]35#include <stddef.h>
36
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]37#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
38#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
39#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
40#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]41
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
43#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
44#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]45
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]46#define MBEDTLS_PKCS12_PBE_DECRYPT 0
47#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]48
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]49#ifdef __cplusplus
50extern "C" {
51#endif
52
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]53#if defined(MBEDTLS_ASN1_PARSE_C)
54
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]55/**
56 * \brief PKCS12 Password Based function (encryption / decryption)
57 * for pbeWithSHAAnd128BitRC4
58 *
59 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]60 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]61 * \param pwd the password used (may be NULL if no password is used)
62 * \param pwdlen length of the password (may be 0)
63 * \param input the input data
64 * \param len data length
65 * \param output the output buffer
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]66 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]67 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]68 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]70 const unsigned char *pwd, size_t pwdlen,
71 const unsigned char *input, size_t len,
72 unsigned char *output );
73
74/**
75 * \brief PKCS12 Password Based function (encryption / decryption)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 * for cipher-based and mbedtls_md-based PBE's
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]77 *
78 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]80 * \param cipher_type the cipher used
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 * \param md_type the mbedtls_md used
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]82 * \param pwd the password used (may be NULL if no password is used)
83 * \param pwdlen length of the password (may be 0)
84 * \param input the input data
85 * \param len data length
86 * \param output the output buffer
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]87 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]88 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]89 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
91 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]92 const unsigned char *pwd, size_t pwdlen,
93 const unsigned char *input, size_t len,
94 unsigned char *output );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]95
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]96#endif /* MBEDTLS_ASN1_PARSE_C */
97
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]98/**
99 * \brief The PKCS#12 derivation function uses a password and a salt
100 * to produce pseudo-random bits for a particular "purpose".
101 *
102 * Depending on the given id, this function can produce an
103 * encryption/decryption key, an nitialization vector or an
104 * integrity key.
105 *
106 * \param data buffer to store the derived data in
107 * \param datalen length to fill
108 * \param pwd password to use (may be NULL if no password is used)
109 * \param pwdlen length of the password (may be 0)
110 * \param salt salt buffer to use
111 * \param saltlen length of the salt
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]112 * \param mbedtls_md mbedtls_md type to use during the derivation
113 * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
114 * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]115 * \param iterations number of iterations
116 *
117 * \return 0 if successful, or a MD, BIGNUM type error.
118 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]119int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]120 const unsigned char *pwd, size_t pwdlen,
121 const unsigned char *salt, size_t saltlen,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]122 mbedtls_md_type_t mbedtls_md, int id, int iterations );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]123
124#ifdef __cplusplus
125}
126#endif
127
128#endif /* pkcs12.h */