1/* 2 * {- join("\n * ", @autowarntext) -} 3 * 4 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 */ 11 12{- 13use OpenSSL::stackhash qw(generate_stack_macros); 14-} 15 16#ifndef OPENSSL_PKCS12_H 17# define OPENSSL_PKCS12_H 18# pragma once 19 20# include <openssl/macros.h> 21# ifndef OPENSSL_NO_DEPRECATED_3_0 22# define HEADER_PKCS12_H 23# endif 24 25# include <openssl/bio.h> 26# include <openssl/core.h> 27# include <openssl/x509.h> 28# include <openssl/pkcs12err.h> 29# ifndef OPENSSL_NO_STDIO 30# include <stdio.h> 31# endif 32 33#ifdef __cplusplus 34extern "C" { 35#endif 36 37# define PKCS12_KEY_ID 1 38# define PKCS12_IV_ID 2 39# define PKCS12_MAC_ID 3 40 41/* Default iteration count */ 42# ifndef PKCS12_DEFAULT_ITER 43# define PKCS12_DEFAULT_ITER PKCS5_DEFAULT_ITER 44# endif 45 46# define PKCS12_MAC_KEY_LENGTH 20 47 48/* The macro is expected to be used only internally. Kept for backwards compatibility. */ 49# define PKCS12_SALT_LEN 8 50 51/* It's not clear if these are actually needed... */ 52# define PKCS12_key_gen PKCS12_key_gen_utf8 53# define PKCS12_add_friendlyname PKCS12_add_friendlyname_utf8 54 55/* MS key usage constants */ 56 57# define KEY_EX 0x10 58# define KEY_SIG 0x80 59 60typedef struct PKCS12_MAC_DATA_st PKCS12_MAC_DATA; 61 62typedef struct PKCS12_st PKCS12; 63 64typedef struct PKCS12_SAFEBAG_st PKCS12_SAFEBAG; 65 66{- 67 generate_stack_macros("PKCS12_SAFEBAG"); 68-} 69 70typedef struct pkcs12_bag_st PKCS12_BAGS; 71 72# define PKCS12_ERROR 0 73# define PKCS12_OK 1 74 75/* Compatibility macros */ 76 77#ifndef OPENSSL_NO_DEPRECATED_1_1_0 78 79# define M_PKCS12_bag_type PKCS12_bag_type 80# define M_PKCS12_cert_bag_type PKCS12_cert_bag_type 81# define M_PKCS12_crl_bag_type PKCS12_cert_bag_type 82 83# define PKCS12_certbag2x509 PKCS12_SAFEBAG_get1_cert 84# define PKCS12_certbag2scrl PKCS12_SAFEBAG_get1_crl 85# define PKCS12_bag_type PKCS12_SAFEBAG_get_nid 86# define PKCS12_cert_bag_type PKCS12_SAFEBAG_get_bag_nid 87# define PKCS12_x5092certbag PKCS12_SAFEBAG_create_cert 88# define PKCS12_x509crl2certbag PKCS12_SAFEBAG_create_crl 89# define PKCS12_MAKE_KEYBAG PKCS12_SAFEBAG_create0_p8inf 90# define PKCS12_MAKE_SHKEYBAG PKCS12_SAFEBAG_create_pkcs8_encrypt 91 92#endif 93#ifndef OPENSSL_NO_DEPRECATED_1_1_0 94OSSL_DEPRECATEDIN_1_1_0 ASN1_TYPE *PKCS12_get_attr(const PKCS12_SAFEBAG *bag, 95 int attr_nid); 96#endif 97 98ASN1_TYPE *PKCS8_get_attr(PKCS8_PRIV_KEY_INFO *p8, int attr_nid); 99int PKCS12_mac_present(const PKCS12 *p12); 100void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac, 101 const X509_ALGOR **pmacalg, 102 const ASN1_OCTET_STRING **psalt, 103 const ASN1_INTEGER **piter, 104 const PKCS12 *p12); 105 106const ASN1_TYPE *PKCS12_SAFEBAG_get0_attr(const PKCS12_SAFEBAG *bag, 107 int attr_nid); 108const ASN1_OBJECT *PKCS12_SAFEBAG_get0_type(const PKCS12_SAFEBAG *bag); 109int PKCS12_SAFEBAG_get_nid(const PKCS12_SAFEBAG *bag); 110int PKCS12_SAFEBAG_get_bag_nid(const PKCS12_SAFEBAG *bag); 111const ASN1_TYPE *PKCS12_SAFEBAG_get0_bag_obj(const PKCS12_SAFEBAG *bag); 112const ASN1_OBJECT *PKCS12_SAFEBAG_get0_bag_type(const PKCS12_SAFEBAG *bag); 113 114X509 *PKCS12_SAFEBAG_get1_cert_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); 115X509 *PKCS12_SAFEBAG_get1_cert(const PKCS12_SAFEBAG *bag); 116X509_CRL *PKCS12_SAFEBAG_get1_crl_ex(const PKCS12_SAFEBAG *bag, OSSL_LIB_CTX *libctx, const char *propq); 117X509_CRL *PKCS12_SAFEBAG_get1_crl(const PKCS12_SAFEBAG *bag); 118const STACK_OF(PKCS12_SAFEBAG) * 119PKCS12_SAFEBAG_get0_safes(const PKCS12_SAFEBAG *bag); 120const PKCS8_PRIV_KEY_INFO *PKCS12_SAFEBAG_get0_p8inf(const PKCS12_SAFEBAG *bag); 121const X509_SIG *PKCS12_SAFEBAG_get0_pkcs8(const PKCS12_SAFEBAG *bag); 122 123PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_cert(X509 *x509); 124PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_crl(X509_CRL *crl); 125PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_secret(int type, int vtype, const unsigned char *value, int len); 126PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_p8inf(PKCS8_PRIV_KEY_INFO *p8); 127PKCS12_SAFEBAG *PKCS12_SAFEBAG_create0_pkcs8(X509_SIG *p8); 128PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt(int pbe_nid, 129 const char *pass, 130 int passlen, 131 unsigned char *salt, 132 int saltlen, int iter, 133 PKCS8_PRIV_KEY_INFO *p8inf); 134PKCS12_SAFEBAG *PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(int pbe_nid, 135 const char *pass, 136 int passlen, 137 unsigned char *salt, 138 int saltlen, int iter, 139 PKCS8_PRIV_KEY_INFO *p8inf, 140 OSSL_LIB_CTX *ctx, 141 const char *propq); 142 143PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, 144 int nid1, int nid2); 145PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(const X509_SIG *p8, const char *pass, 146 int passlen); 147PKCS8_PRIV_KEY_INFO *PKCS8_decrypt_ex(const X509_SIG *p8, const char *pass, 148 int passlen, OSSL_LIB_CTX *ctx, 149 const char *propq); 150PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(const PKCS12_SAFEBAG *bag, 151 const char *pass, int passlen); 152PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey_ex(const PKCS12_SAFEBAG *bag, 153 const char *pass, int passlen, 154 OSSL_LIB_CTX *ctx, 155 const char *propq); 156X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 157 const char *pass, int passlen, unsigned char *salt, 158 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8); 159X509_SIG *PKCS8_encrypt_ex(int pbe_nid, const EVP_CIPHER *cipher, 160 const char *pass, int passlen, unsigned char *salt, 161 int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8, 162 OSSL_LIB_CTX *ctx, const char *propq); 163X509_SIG *PKCS8_set0_pbe(const char *pass, int passlen, 164 PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe); 165X509_SIG *PKCS8_set0_pbe_ex(const char *pass, int passlen, 166 PKCS8_PRIV_KEY_INFO *p8inf, X509_ALGOR *pbe, 167 OSSL_LIB_CTX *ctx, const char *propq); 168PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); 169STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); 170PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, 171 unsigned char *salt, int saltlen, int iter, 172 STACK_OF(PKCS12_SAFEBAG) *bags); 173PKCS7 *PKCS12_pack_p7encdata_ex(int pbe_nid, const char *pass, int passlen, 174 unsigned char *salt, int saltlen, int iter, 175 STACK_OF(PKCS12_SAFEBAG) *bags, 176 OSSL_LIB_CTX *ctx, const char *propq); 177 178STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, 179 int passlen); 180 181int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); 182STACK_OF(PKCS7) *PKCS12_unpack_authsafes(const PKCS12 *p12); 183 184int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, 185 int namelen); 186int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, 187 int namelen); 188int PKCS12_add_friendlyname_utf8(PKCS12_SAFEBAG *bag, const char *name, 189 int namelen); 190int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, 191 int namelen); 192int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, 193 const unsigned char *name, int namelen); 194int PKCS12_add1_attr_by_NID(PKCS12_SAFEBAG *bag, int nid, int type, 195 const unsigned char *bytes, int len); 196int PKCS12_add1_attr_by_txt(PKCS12_SAFEBAG *bag, const char *attrname, int type, 197 const unsigned char *bytes, int len); 198int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); 199ASN1_TYPE *PKCS12_get_attr_gen(const STACK_OF(X509_ATTRIBUTE) *attrs, 200 int attr_nid); 201char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); 202const STACK_OF(X509_ATTRIBUTE) * 203PKCS12_SAFEBAG_get0_attrs(const PKCS12_SAFEBAG *bag); 204void PKCS12_SAFEBAG_set0_attrs(PKCS12_SAFEBAG *bag, STACK_OF(X509_ATTRIBUTE) *attrs); 205unsigned char *PKCS12_pbe_crypt(const X509_ALGOR *algor, 206 const char *pass, int passlen, 207 const unsigned char *in, int inlen, 208 unsigned char **data, int *datalen, 209 int en_de); 210unsigned char *PKCS12_pbe_crypt_ex(const X509_ALGOR *algor, 211 const char *pass, int passlen, 212 const unsigned char *in, int inlen, 213 unsigned char **data, int *datalen, 214 int en_de, OSSL_LIB_CTX *libctx, 215 const char *propq); 216void *PKCS12_item_decrypt_d2i(const X509_ALGOR *algor, const ASN1_ITEM *it, 217 const char *pass, int passlen, 218 const ASN1_OCTET_STRING *oct, int zbuf); 219void *PKCS12_item_decrypt_d2i_ex(const X509_ALGOR *algor, const ASN1_ITEM *it, 220 const char *pass, int passlen, 221 const ASN1_OCTET_STRING *oct, int zbuf, 222 OSSL_LIB_CTX *libctx, 223 const char *propq); 224ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, 225 const ASN1_ITEM *it, 226 const char *pass, int passlen, 227 void *obj, int zbuf); 228ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt_ex(X509_ALGOR *algor, 229 const ASN1_ITEM *it, 230 const char *pass, int passlen, 231 void *obj, int zbuf, 232 OSSL_LIB_CTX *ctx, 233 const char *propq); 234PKCS12 *PKCS12_init(int mode); 235PKCS12 *PKCS12_init_ex(int mode, OSSL_LIB_CTX *ctx, const char *propq); 236 237int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, 238 int saltlen, int id, int iter, int n, 239 unsigned char *out, const EVP_MD *md_type); 240int PKCS12_key_gen_asc_ex(const char *pass, int passlen, unsigned char *salt, 241 int saltlen, int id, int iter, int n, 242 unsigned char *out, const EVP_MD *md_type, 243 OSSL_LIB_CTX *ctx, const char *propq); 244int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, 245 int saltlen, int id, int iter, int n, 246 unsigned char *out, const EVP_MD *md_type); 247int PKCS12_key_gen_uni_ex(unsigned char *pass, int passlen, unsigned char *salt, 248 int saltlen, int id, int iter, int n, 249 unsigned char *out, const EVP_MD *md_type, 250 OSSL_LIB_CTX *ctx, const char *propq); 251int PKCS12_key_gen_utf8(const char *pass, int passlen, unsigned char *salt, 252 int saltlen, int id, int iter, int n, 253 unsigned char *out, const EVP_MD *md_type); 254int PKCS12_key_gen_utf8_ex(const char *pass, int passlen, unsigned char *salt, 255 int saltlen, int id, int iter, int n, 256 unsigned char *out, const EVP_MD *md_type, 257 OSSL_LIB_CTX *ctx, const char *propq); 258 259int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 260 ASN1_TYPE *param, const EVP_CIPHER *cipher, 261 const EVP_MD *md_type, int en_de); 262int PKCS12_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 263 ASN1_TYPE *param, const EVP_CIPHER *cipher, 264 const EVP_MD *md_type, int en_de, 265 OSSL_LIB_CTX *libctx, const char *propq); 266int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 267 unsigned char *mac, unsigned int *maclen); 268int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 269int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 270 unsigned char *salt, int saltlen, int iter, 271 const EVP_MD *md_type); 272int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen, 273 unsigned char *salt, int saltlen, int iter, 274 const EVP_MD *md_type, const char *prf_md_name); 275int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 276 int saltlen, const EVP_MD *md_type); 277unsigned char *OPENSSL_asc2uni(const char *asc, int asclen, 278 unsigned char **uni, int *unilen); 279char *OPENSSL_uni2asc(const unsigned char *uni, int unilen); 280unsigned char *OPENSSL_utf82uni(const char *asc, int asclen, 281 unsigned char **uni, int *unilen); 282char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen); 283 284DECLARE_ASN1_FUNCTIONS(PKCS12) 285DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) 286DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) 287DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) 288 289DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) 290DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) 291 292void PKCS12_PBE_add(void); 293int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, 294 STACK_OF(X509) **ca); 295typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg); 296PKCS12 *PKCS12_create(const char *pass, const char *name, EVP_PKEY *pkey, 297 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, 298 int iter, int mac_iter, int keytype); 299PKCS12 *PKCS12_create_ex(const char *pass, const char *name, EVP_PKEY *pkey, 300 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, 301 int iter, int mac_iter, int keytype, 302 OSSL_LIB_CTX *ctx, const char *propq); 303PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey, 304 X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert, 305 int iter, int mac_iter, int keytype, 306 OSSL_LIB_CTX *ctx, const char *propq, 307 PKCS12_create_cb *cb, void *cbarg); 308 309PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert); 310PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, 311 EVP_PKEY *key, int key_usage, int iter, 312 int key_nid, const char *pass); 313PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags, 314 EVP_PKEY *key, int key_usage, int iter, 315 int key_nid, const char *pass, 316 OSSL_LIB_CTX *ctx, const char *propq); 317 318PKCS12_SAFEBAG *PKCS12_add_secret(STACK_OF(PKCS12_SAFEBAG) **pbags, 319 int nid_type, const unsigned char *value, int len); 320int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 321 int safe_nid, int iter, const char *pass); 322int PKCS12_add_safe_ex(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags, 323 int safe_nid, int iter, const char *pass, 324 OSSL_LIB_CTX *ctx, const char *propq); 325 326PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int p7_nid); 327PKCS12 *PKCS12_add_safes_ex(STACK_OF(PKCS7) *safes, int p7_nid, 328 OSSL_LIB_CTX *ctx, const char *propq); 329 330int i2d_PKCS12_bio(BIO *bp, const PKCS12 *p12); 331# ifndef OPENSSL_NO_STDIO 332int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); 333# endif 334PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); 335# ifndef OPENSSL_NO_STDIO 336PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); 337# endif 338int PKCS12_newpass(PKCS12 *p12, const char *oldpass, const char *newpass); 339 340# ifdef __cplusplus 341} 342# endif 343#endif 344