TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 3625e56930fab3eb095582b418e64d382a70083c / . / include / mbedtls / pkcs12.h
blob: d441357b7f4ff386bb1f7c142eea8cc74f98487e [file] [log] [blame]
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]1/**
2 * \file pkcs12.h
3 *
4 * \brief PKCS#12 Personal Information Exchange Syntax
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]5 */
6/*
Manuel Pégourié-Gonnard6fb81872015-07-27 11:11:48 +0200[diff] [blame]7 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]21 *
Manuel Pégourié-Gonnardfe446432015-03-06 13:17:10 +0000[diff] [blame]22 * This file is part of mbed TLS (https://tls.mbed.org)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]23 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]24#ifndef MBEDTLS_PKCS12_H
25#define MBEDTLS_PKCS12_H
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]26
Ron Eldor3625e562018-12-16 12:14:37 +0200[diff] [blame^]27#if !defined(MBEDTLS_CONFIG_FILE)
28#include "config.h"
29#else
30#include MBEDTLS_CONFIG_FILE
31#endif
32
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]33#include "md.h"
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]34#include "cipher.h"
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]35#include "asn1.h"
36
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]37#include <stddef.h>
38
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]39#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
40#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
41#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
42#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]43
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]44#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
45#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
46#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]47
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]48#define MBEDTLS_PKCS12_PBE_DECRYPT 0
49#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]50
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]51#ifdef __cplusplus
52extern "C" {
53#endif
54
Hanno Beckerd30cd342018-10-12 10:46:32 +0100[diff] [blame]55#if defined(MBEDTLS_ASN1_PARSE_C)
56
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]57/**
58 * \brief PKCS12 Password Based function (encryption / decryption)
59 * for pbeWithSHAAnd128BitRC4
60 *
61 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]62 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]63 * \param pwd the password used (may be NULL if no password is used)
64 * \param pwdlen length of the password (may be 0)
65 * \param input the input data
66 * \param len data length
67 * \param output the output buffer
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]68 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]70 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]71int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]72 const unsigned char *pwd, size_t pwdlen,
73 const unsigned char *input, size_t len,
74 unsigned char *output );
75
76/**
77 * \brief PKCS12 Password Based function (encryption / decryption)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]78 * for cipher-based and mbedtls_md-based PBE's
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]79 *
80 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]81 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]82 * \param cipher_type the cipher used
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]83 * \param md_type the mbedtls_md used
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]84 * \param pwd the password used (may be NULL if no password is used)
85 * \param pwdlen length of the password (may be 0)
86 * \param input the input data
87 * \param len data length
88 * \param output the output buffer
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]89 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]90 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]91 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
93 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]94 const unsigned char *pwd, size_t pwdlen,
95 const unsigned char *input, size_t len,
96 unsigned char *output );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]97
Hanno Beckerd30cd342018-10-12 10:46:32 +0100[diff] [blame]98#endif /* MBEDTLS_ASN1_PARSE_C */
99
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]100/**
101 * \brief The PKCS#12 derivation function uses a password and a salt
102 * to produce pseudo-random bits for a particular "purpose".
103 *
104 * Depending on the given id, this function can produce an
105 * encryption/decryption key, an nitialization vector or an
106 * integrity key.
107 *
108 * \param data buffer to store the derived data in
109 * \param datalen length to fill
110 * \param pwd password to use (may be NULL if no password is used)
111 * \param pwdlen length of the password (may be 0)
112 * \param salt salt buffer to use
113 * \param saltlen length of the salt
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]114 * \param mbedtls_md mbedtls_md type to use during the derivation
115 * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
116 * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]117 * \param iterations number of iterations
118 *
119 * \return 0 if successful, or a MD, BIGNUM type error.
120 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]121int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]122 const unsigned char *pwd, size_t pwdlen,
123 const unsigned char *salt, size_t saltlen,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]124 mbedtls_md_type_t mbedtls_md, int id, int iterations );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]125
126#ifdef __cplusplus
127}
128#endif
129
130#endif /* pkcs12.h */