TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 853c0da8de599bc5bb5785635e3837768e7e034e / . / include / mbedtls / pkcs12.h
blob: a6808c56e8710aade9cf3ce96ebc248afaf7bc68 [file] [log] [blame]
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]1/**
2 * \file pkcs12.h
3 *
4 * \brief PKCS#12 Personal Information Exchange Syntax
Darryl Greena40a1012018-01-05 15:33:17 +0000[diff] [blame]5 */
6/*
Bence Szépkúti1e148272020-08-07 13:07:28 +0200[diff] [blame]7 * Copyright The Mbed TLS Contributors
Manuel Pégourié-Gonnard37ff1402015-09-04 14:21:07 +0200[diff] [blame]8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]21 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]22#ifndef MBEDTLS_PKCS12_H
23#define MBEDTLS_PKCS12_H
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]24
Bence Szépkútic662b362021-05-27 11:25:03 +0200[diff] [blame]25#include "mbedtls/build_info.h"
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]26
Jaeden Ameroc49fbbf2019-07-04 20:01:14 +0100[diff] [blame]27#include "mbedtls/md.h"
28#include "mbedtls/cipher.h"
29#include "mbedtls/asn1.h"
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]30
Rich Evans00ab4702015-02-06 13:43:58 +0000[diff] [blame]31#include <stddef.h>
32
Gilles Peskined2971572021-07-26 18:48:10 +0200[diff] [blame]33/** Bad input parameters to function. */
34#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
35/** Feature not available, e.g. unsupported encryption scheme. */
36#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
37/** PBE ASN.1 data not as expected. */
38#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
39/** Given private key password does not allow for correct decryption. */
40#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]41
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]42#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
43#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
44#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]45
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]46#define MBEDTLS_PKCS12_PBE_DECRYPT 0
47#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]48
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]49#ifdef __cplusplus
50extern "C" {
51#endif
52
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]53#if defined(MBEDTLS_ASN1_PARSE_C)
54
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]55/**
56 * \brief PKCS12 Password Based function (encryption / decryption)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]57 * for cipher-based and mbedtls_md-based PBE's
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]58 *
Paul Elliott853c0da2021-11-11 19:00:38 +0000[diff] [blame^]59 * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure
60 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or
61 * MBEDTLS_PKCS12_PBE_DECRYPT
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]62 * \param cipher_type the cipher used
Paul Elliott853c0da2021-11-11 19:00:38 +0000[diff] [blame^]63 * \param md_type the mbedtls_md used
64 * \param pwd Latin1-encoded password used (may be NULL if no password is
65 * used, but not if pwdlen is non-zero)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]66 * \param pwdlen length of the password (may be 0)
67 * \param input the input data
68 * \param len data length
69 * \param output the output buffer
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]70 *
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]71 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]72 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]73int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
74 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
Paul Bakker38b50d72013-06-24 19:33:27 +0200[diff] [blame]75 const unsigned char *pwd, size_t pwdlen,
76 const unsigned char *input, size_t len,
77 unsigned char *output );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]78
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]79#endif /* MBEDTLS_ASN1_PARSE_C */
80
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]81/**
82 * \brief The PKCS#12 derivation function uses a password and a salt
83 * to produce pseudo-random bits for a particular "purpose".
84 *
85 * Depending on the given id, this function can produce an
86 * encryption/decryption key, an nitialization vector or an
87 * integrity key.
88 *
89 * \param data buffer to store the derived data in
Paul Elliott853c0da2021-11-11 19:00:38 +0000[diff] [blame^]90 * \param datalen length of buffer to fill
91 * \param pwd Null terminated BMPString password to use (may be NULL if
92 * no password is used, but not if pwdlen is non-zero)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]93 * \param pwdlen length of the password (may be 0)
94 * \param salt salt buffer to use
95 * \param saltlen length of the salt
Paul Elliott853c0da2021-11-11 19:00:38 +0000[diff] [blame^]96 * \param mbedtls_md mbedtls_md type to use during the derivation
97 * \param id id that describes the purpose (can be
98 * MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or
99 * MBEDTLS_PKCS12_DERIVE_MAC_KEY)
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]100 * \param iterations number of iterations
101 *
102 * \return 0 if successful, or a MD, BIGNUM type error.
103 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]104int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]105 const unsigned char *pwd, size_t pwdlen,
106 const unsigned char *salt, size_t saltlen,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]107 mbedtls_md_type_t mbedtls_md, int id, int iterations );
Paul Bakkerf1f21fe2013-06-24 19:17:19 +0200[diff] [blame]108
109#ifdef __cplusplus
110}
111#endif
112
113#endif /* pkcs12.h */