Blame - include/polarssl/pkcs12.h - mirror/mbed-tls

blob: 2a28c7128a35ad1f368aebaca5905a95a2a40786 [file] [log] [blame]

Paul Bakker	f1f21fe	2013-06-24 19:17:19 +0200	[diff] [blame^]	1	/**
				2	* \file pkcs12.h
				3	*
				4	* \brief PKCS#12 Personal Information Exchange Syntax
				5	*
				6	* Copyright (C) 2006-2013, Brainspark B.V.
				7	*
				8	* This file is part of PolarSSL (http://www.polarssl.org)
				9	* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
				10	*
				11	* All rights reserved.
				12	*
				13	* This program is free software; you can redistribute it and/or modify
				14	* it under the terms of the GNU General Public License as published by
				15	* the Free Software Foundation; either version 2 of the License, or
				16	* (at your option) any later version.
				17	*
				18	* This program is distributed in the hope that it will be useful,
				19	* but WITHOUT ANY WARRANTY; without even the implied warranty of
				20	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
				21	* GNU General Public License for more details.
				22	*
				23	* You should have received a copy of the GNU General Public License along
				24	* with this program; if not, write to the Free Software Foundation, Inc.,
				25	* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
				26	*/
				27	#ifndef POLARSSL_PKCS12_H
				28	#define POLARSSL_PKCS12_H
				29
				30	#include <string.h>
				31
				32	#include "md.h"
				33	#include "asn1.h"
				34
				35	#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /*< Bad input parameters to function. /
				36	#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /*< Feature not available, e.g. unsupported encryption scheme. /
				37	#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /*< PBE ASN.1 data not as expected. /
				38
				39	#define PKCS12_DERIVE_KEY 1 /< encryption/decryption key /
				40	#define PKCS12_DERIVE_IV 2 /< initialization vector /
				41	#define PKCS12_DERIVE_MAC_KEY 3 /< integrity / MAC key /
				42
				43	#define PKCS12_PBE_ENCRYPT 1
				44	#define PKCS12_PBE_DECRYPT 2
				45
				46	/*
				47	* PKCS#12 PBE types
				48	*/
				49	#define OID_PKCS12 "\x2a\x86\x48\x86\xf7\x0d\x01\x0c"
				50	#define OID_PKCS12_PBE_SHA1_RC4_128 OID_PKCS12 "\x01\x01"
				51	#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC OID_PKCS12 "\x01\x03"
				52	#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC OID_PKCS12 "\x01\x04"
				53
				54	#ifdef __cplusplus
				55	extern "C" {
				56	#endif
				57
				58	/**
				59	* \brief PKCS12 Password Based function (encryption / decryption)
				60	* for pbeWithSHAAnd128BitRC4
				61	*
				62	* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
				63	* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
				64	* \param pwd the password used (may be NULL if no password is used)
				65	* \param pwdlen length of the password (may be 0)
				66	* \param input the input data
				67	* \param len data length
				68	* \param output the output buffer
				69	*/
				70	int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
				71	const unsigned char *pwd, size_t pwdlen,
				72	const unsigned char *input, size_t len,
				73	unsigned char *output );
				74
				75	/**
				76	* \brief PKCS12 Password Based function (encryption / decryption)
				77	* for pbeWithSHAAnd3-KeyTripleDES-CBC
				78	*
				79	* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
				80	* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
				81	* \param pwd the password used (may be NULL if no password is used)
				82	* \param pwdlen length of the password (may be 0)
				83	* \param input the input data
				84	* \param len data length
				85	* \param output the output buffer
				86	*/
				87	int pkcs12_pbe_sha1_des3_ede_cbc( asn1_buf *pbe_params, int mode,
				88	const unsigned char *pwd, size_t pwdlen,
				89	const unsigned char *input, size_t len,
				90	unsigned char *output );
				91
				92	/**
				93	* \brief PKCS12 Password Based function (encryption / decryption)
				94	* for pbeWithSHAAnd2-KeyTripleDES-CBC
				95	*
				96	* \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
				97	* \param mode either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
				98	* \param pwd the password used (may be NULL if no password is used)
				99	* \param pwdlen length of the password (may be 0)
				100	* \param input the input data
				101	* \param len data length
				102	* \param output the output buffer
				103	*/
				104	int pkcs12_pbe_sha1_des2_ede_cbc( asn1_buf *pbe_params, int mode,
				105	const unsigned char *pwd, size_t pwdlen,
				106	const unsigned char *input, size_t len,
				107	unsigned char *output );
				108
				109	/**
				110	* \brief The PKCS#12 derivation function uses a password and a salt
				111	* to produce pseudo-random bits for a particular "purpose".
				112	*
				113	* Depending on the given id, this function can produce an
				114	* encryption/decryption key, an nitialization vector or an
				115	* integrity key.
				116	*
				117	* \param data buffer to store the derived data in
				118	* \param datalen length to fill
				119	* \param pwd password to use (may be NULL if no password is used)
				120	* \param pwdlen length of the password (may be 0)
				121	* \param salt salt buffer to use
				122	* \param saltlen length of the salt
				123	* \param md md type to use during the derivation
				124	* \param id id that describes the purpose (can be PKCS12_DERIVE_KEY,
				125	* PKCS12_DERIVE_IV or PKCS12_DERIVE_MAC_KEY)
				126	* \param iterations number of iterations
				127	*
				128	* \return 0 if successful, or a MD, BIGNUM type error.
				129	*/
				130	int pkcs12_derivation( unsigned char *data, size_t datalen,
				131	const unsigned char *pwd, size_t pwdlen,
				132	const unsigned char *salt, size_t saltlen,
				133	md_type_t md, int id, int iterations );
				134
				135	#ifdef __cplusplus
				136	}
				137	#endif
				138
				139	#endif /* pkcs12.h */