1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12{- 13use OpenSSL::stackhash qw(generate_stack_macros); 14-} 15 16#ifndef OPENSSL_PKCS12_H 17# define OPENSSL_PKCS12_H 18# pragma once 19 20# include <openssl/macros.h> 21# ifndef OPENSSL_NO_DEPRECATED_3_0 22# define HEADER_PKCS12_H 23# endif 24 25# include <openssl/bio.h> 26# include <openssl/core.h> 27# include <openssl/x509.h> 28# include <openssl/pkcs12err.h> 29# ifndef OPENSSL_NO_STDIO 30# include <stdio.h> 31# endif 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37# define PKCS12_KEY_ID 1 38# define PKCS12_IV_ID 2 39# define PKCS12_MAC_ID 3 40 41/* Default iteration count */ 42# ifndef PKCS12_DEFAULT_ITER 43# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER 44# endif 45 46# define PKCS12_MAC_KEY_LENGTH 20 47 48/* The macro is expected to be used only internally. Kept for backwards compatibility. */ 49# define PKCS12_SALT_LEN 8 50 51/* It's not clear if these are actually needed... */ 52# define PKCS12_key_gen PKCS12_key_gen_utf8 53# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 54 55/* MS key usage constants */ 56 57# define KEY_EX 0x10 58# define KEY_SIG 0x80 59 60typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; 61 62typedef struct PKCS12_st PKCS12; 63 64typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; 65 66{- 67 generate_stack_macros("PKCS12_SAFEBAG"); 68-} 69 70typedef struct pkcs12_bag_st PKCS12_BAGS; 71 72# define PKCS12_ERROR 0 73# define PKCS12_OK 1 74 75/* Compatibility macros */ 76 77#ifndef OPENSSL_NO_DEPRECATED_1_1_0 78 79# define M_PKCS12_bag_type PKCS12_bag_type 80# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type 81# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type 82 83# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert 84# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl 85# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid 86# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid 87# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert 88# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl 89# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf 90# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt 91 92#endif 93#ifndef OPENSSL_NO_DEPRECATED_1_1_0 94OSSL_DEPRECATEDIN_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, 95 int attr_nid); 96#endif 97 98ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); 99int PKCS12_mac_present(const PKCS12 *p12); 100void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, 101 const X509_ALGOR **pmacalg, 102 const ASN1_OCTET_STRING **psalt, 103 const ASN1_INTEGER **piter, 104 const PKCS12 *p12); 105 106const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, 107 int attr_nid); 108const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); 109int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); 110int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); 111const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); 112const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); 113 114X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); 115X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); 116const STACK_OF(PKCS12_SAFEBAG) * 117PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); 118const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); 119const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); 120 121PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); 122PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); 123PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len); 124PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); 125PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); 126PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, 127 const char *pass, 128 int passlen, 129 unsigned char *salt, 130 int saltlen, int iter, 131 PKCS8_PRIV_KEY_INFO *p8inf); 132PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, 133 const char *pass, 134 int passlen, 135 unsigned char *salt, 136 int saltlen, int iter, 137 PKCS8_PRIV_KEY_INFO *p8inf, 138 OSSL_LIB_CTX *ctx, 139 const char *propq); 140 141PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, 142 int nid1, int nid2); 143PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, 144 int passlen); 145PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, 146 int passlen, OSSL_LIB_CTX *ctx, 147 const char *propq); 148PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, 149 const char *pass, int passlen); 150PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, 151 const char *pass, int passlen, 152 OSSL_LIB_CTX *ctx, 153 const char *propq); 154X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 155 const char *pass, int passlen, unsigned char *salt, 156 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); 157X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, 158 const char *pass, int passlen, unsigned char *salt, 159 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, 160 OSSL_LIB_CTX *ctx, const char *propq); 161X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, 162 PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); 163X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, 164 PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, 165 OSSL_LIB_CTX *ctx, const char *propq); 166PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); 167STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); 168PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 169 unsigned char *salt, int saltlen, int iter, 170 STACK_OF(PKCS12_SAFEBAG) *bags); 171PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, 172 unsigned char *salt, int saltlen, int iter, 173 STACK_OF(PKCS12_SAFEBAG) *bags, 174 OSSL_LIB_CTX *ctx, const char *propq); 175 176STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, 177 int passlen); 178 179int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); 180STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); 181 182int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, 183 int namelen); 184int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, 185 int namelen); 186int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, 187 int namelen); 188int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, 189 int namelen); 190int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, 191 const unsigned char *name, int namelen); 192int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, 193 const unsigned char *bytes, int len); 194int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, 195 const unsigned char *bytes, int len); 196int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 197ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, 198 int attr_nid); 199char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); 200const STACK_OF(X509_ATTRIBUTE) * 201PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); 202unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, 203 const char *pass, int passlen, 204 const unsigned char *in, int inlen, 205 unsigned char **data, int *datalen, 206 int en_de); 207unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, 208 const char *pass, int passlen, 209 const unsigned char *in, int inlen, 210 unsigned char **data, int *datalen, 211 int en_de, OSSL_LIB_CTX *libctx, 212 const char *propq); 213void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, 214 const char *pass, int passlen, 215 const ASN1_OCTET_STRING *oct, int zbuf); 216void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, 217 const char *pass, int passlen, 218 const ASN1_OCTET_STRING *oct, int zbuf, 219 OSSL_LIB_CTX *libctx, 220 const char *propq); 221ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 222 const ASN1_ITEM *it, 223 const char *pass, int passlen, 224 void *obj, int zbuf); 225ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, 226 const ASN1_ITEM *it, 227 const char *pass, int passlen, 228 void *obj, int zbuf, 229 OSSL_LIB_CTX *ctx, 230 const char *propq); 231PKCS12 *PKCS12_init(int mode); 232PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); 233 234int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 235 int saltlen, int id, int iter, int n, 236 unsigned char *out, const EVP_MD *md_type); 237int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, 238 int saltlen, int id, int iter, int n, 239 unsigned char *out, const EVP_MD *md_type, 240 OSSL_LIB_CTX *ctx, const char *propq); 241int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 242 int saltlen, int id, int iter, int n, 243 unsigned char *out, const EVP_MD *md_type); 244int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, 245 int saltlen, int id, int iter, int n, 246 unsigned char *out, const EVP_MD *md_type, 247 OSSL_LIB_CTX *ctx, const char *propq); 248int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, 249 int saltlen, int id, int iter, int n, 250 unsigned char *out, const EVP_MD *md_type); 251int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, 252 int saltlen, int id, int iter, int n, 253 unsigned char *out, const EVP_MD *md_type, 254 OSSL_LIB_CTX *ctx, const char *propq); 255 256int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 257 ASN1_TYPE *param, const EVP_CIPHER *cipher, 258 const EVP_MD *md_type, int en_de); 259int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 260 ASN1_TYPE *param, const EVP_CIPHER *cipher, 261 const EVP_MD *md_type, int en_de, 262 OSSL_LIB_CTX *libctx, const char *propq); 263int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 264 unsigned char *mac, unsigned int *maclen); 265int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 266int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 267 unsigned char *salt, int saltlen, int iter, 268 const EVP_MD *md_type); 269int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 270 int saltlen, const EVP_MD *md_type); 271unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, 272 unsigned char **uni, int *unilen); 273char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); 274unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, 275 unsigned char **uni, int *unilen); 276char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); 277 278DECLARE_ASN1_FUNCTIONS(PKCS12) 279DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) 280DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) 281DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) 282 283DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) 284DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) 285 286void PKCS12_PBE_add(void); 287int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 288 STACK_OF(X509) **ca); 289PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, 290 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, 291 int iter, int mac_iter, int keytype); 292PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, 293 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, 294 int iter, int mac_iter, int keytype, 295 OSSL_LIB_CTX *ctx, const char *propq); 296 297PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); 298PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, 299 EVP_PKEY *key, int key_usage, int iter, 300 int key_nid, const char *pass); 301PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, 302 EVP_PKEY *key, int key_usage, int iter, 303 int key_nid, const char *pass, 304 OSSL_LIB_CTX *ctx, const char *propq); 305 306PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, 307 int nid_type, const unsigned char *value, int len); 308int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 309 int safe_nid, int iter, const char *pass); 310int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 311 int safe_nid, int iter, const char *pass, 312 OSSL_LIB_CTX *ctx, const char *propq); 313 314PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); 315PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, 316 OSSL_LIB_CTX *ctx, const char *propq); 317 318int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); 319# ifndef OPENSSL_NO_STDIO 320int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); 321# endif 322PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 323# ifndef OPENSSL_NO_STDIO 324PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 325# endif 326int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); 327 328# ifdef __cplusplus 329} 330# endif 331#endif 332