Mbed OS Reference
Loading...
Searching...
No Matches
pkcs12.h
Go to the documentation of this file.
1/**
2 * \file pkcs12.h
3 *
4 * \brief PKCS#12 Personal Information Exchange Syntax
5 */
6/*
7 * Copyright The Mbed TLS Contributors
8 * SPDX-License-Identifier: Apache-2.0
9 *
10 * Licensed under the Apache License, Version 2.0 (the "License"); you may
11 * not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
13 *
14 * http://www.apache.org/licenses/LICENSE-2.0
15 *
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
18 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 */
22#ifndef MBEDTLS_PKCS12_H
23#define MBEDTLS_PKCS12_H
24
25#if !defined(MBEDTLS_CONFIG_FILE)
26#include "mbedtls/config.h"
27#else
28#include MBEDTLS_CONFIG_FILE
29#endif
30
31#include "mbedtls/md.h"
32#include "mbedtls/cipher.h"
33#include "mbedtls/asn1.h"
34
35#include <stddef.h>
36
37/**
38 * \addtogroup mbedtls
39 * \{
40 * \defgroup mbedtls_pkcs12_module PKCS#12
41 * \{
42 */
43
44#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 /**< Bad input parameters to function. */
45#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 /**< Feature not available, e.g. unsupported encryption scheme. */
46#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 /**< PBE ASN.1 data not as expected. */
47#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 /**< Given private key password does not allow for correct decryption. */
48
49#define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */
50#define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */
51#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */
52
53#define MBEDTLS_PKCS12_PBE_DECRYPT 0
54#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
55
56#ifdef __cplusplus
57extern "C" {
58#endif
59
60#if defined(MBEDTLS_ASN1_PARSE_C)
61
62/**
63 * \brief PKCS12 Password Based function (encryption / decryption)
64 * for pbeWithSHAAnd128BitRC4
65 *
66 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
67 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
68 * \param pwd the password used (may be NULL if no password is used)
69 * \param pwdlen length of the password (may be 0)
70 * \param input the input data
71 * \param len data length
72 * \param output the output buffer
73 *
74 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
75 */
76int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
77 const unsigned char *pwd, size_t pwdlen,
78 const unsigned char *input, size_t len,
79 unsigned char *output );
80
81/**
82 * \brief PKCS12 Password Based function (encryption / decryption)
83 * for cipher-based and mbedtls_md-based PBE's
84 *
85 * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
86 * \param mode either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
87 * \param cipher_type the cipher used
88 * \param md_type the mbedtls_md used
89 * \param pwd the password used (may be NULL if no password is used)
90 * \param pwdlen length of the password (may be 0)
91 * \param input the input data
92 * \param len data length
93 * \param output the output buffer
94 *
95 * \return 0 if successful, or a MBEDTLS_ERR_XXX code
96 */
97int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
98 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
99 const unsigned char *pwd, size_t pwdlen,
100 const unsigned char *input, size_t len,
101 unsigned char *output );
102
103#endif /* MBEDTLS_ASN1_PARSE_C */
104
105/**
106 * \brief The PKCS#12 derivation function uses a password and a salt
107 * to produce pseudo-random bits for a particular "purpose".
108 *
109 * Depending on the given id, this function can produce an
110 * encryption/decryption key, an nitialization vector or an
111 * integrity key.
112 *
113 * \param data buffer to store the derived data in
114 * \param datalen length to fill
115 * \param pwd password to use (may be NULL if no password is used)
116 * \param pwdlen length of the password (may be 0)
117 * \param salt salt buffer to use
118 * \param saltlen length of the salt
119 * \param mbedtls_md mbedtls_md type to use during the derivation
120 * \param id id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
121 * MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
122 * \param iterations number of iterations
123 *
124 * \return 0 if successful, or a MD, BIGNUM type error.
125 */
126int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
127 const unsigned char *pwd, size_t pwdlen,
128 const unsigned char *salt, size_t saltlen,
129 mbedtls_md_type_t mbedtls_md, int id, int iterations );
130
131#ifdef __cplusplus
132}
133#endif
134
135/// \}
136/// \}
137
138#endif /* pkcs12.h */
asn1.h
Generic ASN.1 parsing.
cipher.h
This file contains an abstraction interface for use with the cipher primitives provided by the librar...
config.h
Configuration options (set of defines)
mbedtls_cipher_type_t
mbedtls_cipher_type_t
Supported {cipher type, cipher mode} pairs.
Definition: cipher.h:109
mbedtls_md_type_t
mbedtls_md_type_t
Supported message digests.
Definition: md.h:64
mbedtls_md
int mbedtls_md(const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen, unsigned char *output)
This function calculates the message-digest of a buffer, with respect to a configurable message-diges...
mbedtls_pkcs12_derivation
int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations)
The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a partic...
md.h
This file contains the generic message-digest wrapper.
mbedtls_asn1_buf
Type-length-value structure that allows for ASN1 using DER.
Definition: asn1.h:146