1 /* pkcs12.h */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60 #ifndef HEADER_PKCS12_H 61 # define HEADER_PKCS12_H 62 63 # include <openssl/bio.h> 64 # include <openssl/x509.h> 65 66 #ifdef __cplusplus 67 extern "C" { 68 #endif 69 70 # define PKCS12_KEY_ID 1 71 # define PKCS12_IV_ID 2 72 # define PKCS12_MAC_ID 3 73 74 /* Default iteration count */ 75 # ifndef PKCS12_DEFAULT_ITER 76 # define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER 77 # endif 78 79 # define PKCS12_MAC_KEY_LENGTH 20 80 81 # define PKCS12_SALT_LEN 8 82 83 /* Uncomment out next line for unicode password and names, otherwise ASCII */ 84 85 /* 86 * #define PBE_UNICODE 87 */ 88 89 # ifdef PBE_UNICODE 90 # define PKCS12_key_gen PKCS12_key_gen_uni 91 # define PKCS12_add_friendlyname PKCS12_add_friendlyname_uni 92 # else 93 # define PKCS12_key_gen PKCS12_key_gen_asc 94 # define PKCS12_add_friendlyname PKCS12_add_friendlyname_asc 95 # endif 96 97 /* MS key usage constants */ 98 99 # define KEY_EX 0x10 100 # define KEY_SIG 0x80 101 102 typedef struct { 103 X509_SIG *dinfo; 104 ASN1_OCTET_STRING *salt; 105 ASN1_INTEGER *iter; /* defaults to 1 */ 106 } PKCS12_MAC_DATA; 107 108 typedef struct { 109 ASN1_INTEGER *version; 110 PKCS12_MAC_DATA *mac; 111 PKCS7 *authsafes; 112 } PKCS12; 113 114 typedef struct { 115 ASN1_OBJECT *type; 116 union { 117 struct pkcs12_bag_st *bag; /* secret, crl and certbag */ 118 struct pkcs8_priv_key_info_st *keybag; /* keybag */ 119 X509_SIG *shkeybag; /* shrouded key bag */ 120 STACK_OF(PKCS12_SAFEBAG) *safes; 121 ASN1_TYPE *other; 122 } value; 123 STACK_OF(X509_ATTRIBUTE) *attrib; 124 } PKCS12_SAFEBAG; 125 126 DECLARE_STACK_OF(PKCS12_SAFEBAG) 127 DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) 128 DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) 129 130 typedef struct pkcs12_bag_st { 131 ASN1_OBJECT *type; 132 union { 133 ASN1_OCTET_STRING *x509cert; 134 ASN1_OCTET_STRING *x509crl; 135 ASN1_OCTET_STRING *octet; 136 ASN1_IA5STRING *sdsicert; 137 ASN1_TYPE *other; /* Secret or other bag */ 138 } value; 139 } PKCS12_BAGS; 140 141 # define PKCS12_ERROR 0 142 # define PKCS12_OK 1 143 144 /* Compatibility macros */ 145 146 # define M_PKCS12_x5092certbag PKCS12_x5092certbag 147 # define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag 148 149 # define M_PKCS12_certbag2x509 PKCS12_certbag2x509 150 # define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl 151 152 # define M_PKCS12_unpack_p7data PKCS12_unpack_p7data 153 # define M_PKCS12_pack_authsafes PKCS12_pack_authsafes 154 # define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes 155 # define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata 156 157 # define M_PKCS12_decrypt_skey PKCS12_decrypt_skey 158 # define M_PKCS8_decrypt PKCS8_decrypt 159 160 # define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type) 161 # define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type) 162 # define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type 163 164 # define PKCS12_get_attr(bag, attr_nid) \ 165 PKCS12_get_attr_gen(bag->attrib, attr_nid) 166 167 # define PKCS8_get_attr(p8, attr_nid) \ 168 PKCS12_get_attr_gen(p8->attributes, attr_nid) 169 170 # define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) 171 172 PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); 173 PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); 174 X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); 175 X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); 176 177 PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, 178 int nid1, int nid2); 179 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); 180 PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, 181 int passlen); 182 PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, 183 const char *pass, int passlen); 184 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 185 const char *pass, int passlen, unsigned char *salt, 186 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); 187 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, 188 int passlen, unsigned char *salt, 189 int saltlen, int iter, 190 PKCS8_PRIV_KEY_INFO *p8); 191 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); 192 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); 193 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 194 unsigned char *salt, int saltlen, int iter, 195 STACK_OF(PKCS12_SAFEBAG) *bags); 196 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, 197 int passlen); 198 199 int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); 200 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); 201 202 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, 203 int namelen); 204 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, 205 int namelen); 206 int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, 207 int namelen); 208 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, 209 const unsigned char *name, int namelen); 210 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 211 ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid); 212 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); 213 unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, 214 int passlen, unsigned char *in, int inlen, 215 unsigned char **data, int *datalen, 216 int en_de); 217 void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, 218 const char *pass, int passlen, 219 ASN1_OCTET_STRING *oct, int zbuf); 220 ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 221 const ASN1_ITEM *it, 222 const char *pass, int passlen, 223 void *obj, int zbuf); 224 PKCS12 *PKCS12_init(int mode); 225 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 226 int saltlen, int id, int iter, int n, 227 unsigned char *out, const EVP_MD *md_type); 228 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 229 int saltlen, int id, int iter, int n, 230 unsigned char *out, const EVP_MD *md_type); 231 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 232 ASN1_TYPE *param, const EVP_CIPHER *cipher, 233 const EVP_MD *md_type, int en_de); 234 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 235 unsigned char *mac, unsigned int *maclen); 236 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 237 int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 238 unsigned char *salt, int saltlen, int iter, 239 const EVP_MD *md_type); 240 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 241 int saltlen, const EVP_MD *md_type); 242 unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, 243 unsigned char **uni, int *unilen); 244 char *OPENSSL_uni2asc(unsigned char *uni, int unilen); 245 246 DECLARE_ASN1_FUNCTIONS(PKCS12) 247 DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) 248 DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) 249 DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) 250 251 DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) 252 DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) 253 254 void PKCS12_PBE_add(void); 255 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 256 STACK_OF(X509) **ca); 257 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, 258 STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, 259 int mac_iter, int keytype); 260 261 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); 262 PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, 263 EVP_PKEY *key, int key_usage, int iter, 264 int key_nid, char *pass); 265 int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 266 int safe_nid, int iter, char *pass); 267 PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); 268 269 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); 270 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); 271 PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 272 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 273 int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); 274 275 /* BEGIN ERROR CODES */ 276 /* 277 * The following lines are auto generated by the script mkerr.pl. Any changes 278 * made after this point may be overwritten when the script is next run. 279 */ 280 void ERR_load_PKCS12_strings(void); 281 282 /* Error codes for the PKCS12 functions. */ 283 284 /* Function codes. */ 285 # define PKCS12_F_PARSE_BAG 129 286 # define PKCS12_F_PARSE_BAGS 103 287 # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME 100 288 # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC 127 289 # define PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI 102 290 # define PKCS12_F_PKCS12_ADD_LOCALKEYID 104 291 # define PKCS12_F_PKCS12_CREATE 105 292 # define PKCS12_F_PKCS12_GEN_MAC 107 293 # define PKCS12_F_PKCS12_INIT 109 294 # define PKCS12_F_PKCS12_ITEM_DECRYPT_D2I 106 295 # define PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT 108 296 # define PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG 117 297 # define PKCS12_F_PKCS12_KEY_GEN_ASC 110 298 # define PKCS12_F_PKCS12_KEY_GEN_UNI 111 299 # define PKCS12_F_PKCS12_MAKE_KEYBAG 112 300 # define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 301 # define PKCS12_F_PKCS12_NEWPASS 128 302 # define PKCS12_F_PKCS12_PACK_P7DATA 114 303 # define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 304 # define PKCS12_F_PKCS12_PARSE 118 305 # define PKCS12_F_PKCS12_PBE_CRYPT 119 306 # define PKCS12_F_PKCS12_PBE_KEYIVGEN 120 307 # define PKCS12_F_PKCS12_SETUP_MAC 122 308 # define PKCS12_F_PKCS12_SET_MAC 123 309 # define PKCS12_F_PKCS12_UNPACK_AUTHSAFES 130 310 # define PKCS12_F_PKCS12_UNPACK_P7DATA 131 311 # define PKCS12_F_PKCS12_VERIFY_MAC 126 312 # define PKCS12_F_PKCS8_ADD_KEYUSAGE 124 313 # define PKCS12_F_PKCS8_ENCRYPT 125 314 315 /* Reason codes. */ 316 # define PKCS12_R_CANT_PACK_STRUCTURE 100 317 # define PKCS12_R_CONTENT_TYPE_NOT_DATA 121 318 # define PKCS12_R_DECODE_ERROR 101 319 # define PKCS12_R_ENCODE_ERROR 102 320 # define PKCS12_R_ENCRYPT_ERROR 103 321 # define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 322 # define PKCS12_R_INVALID_NULL_ARGUMENT 104 323 # define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 324 # define PKCS12_R_IV_GEN_ERROR 106 325 # define PKCS12_R_KEY_GEN_ERROR 107 326 # define PKCS12_R_MAC_ABSENT 108 327 # define PKCS12_R_MAC_GENERATION_ERROR 109 328 # define PKCS12_R_MAC_SETUP_ERROR 110 329 # define PKCS12_R_MAC_STRING_SET_ERROR 111 330 # define PKCS12_R_MAC_VERIFY_ERROR 112 331 # define PKCS12_R_MAC_VERIFY_FAILURE 113 332 # define PKCS12_R_PARSE_ERROR 114 333 # define PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR 115 334 # define PKCS12_R_PKCS12_CIPHERFINAL_ERROR 116 335 # define PKCS12_R_PKCS12_PBE_CRYPT_ERROR 117 336 # define PKCS12_R_UNKNOWN_DIGEST_ALGORITHM 118 337 # define PKCS12_R_UNSUPPORTED_PKCS12_MODE 119 338 339 #ifdef __cplusplus 340 } 341 #endif 342 #endif 343