1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre ProncheryPKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, 6b077aed3SPierre ProncheryPKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 SYNOPSIS 9b077aed3SPierre Pronchery 10b077aed3SPierre Pronchery #include <openssl/pkcs12.h> 11b077aed3SPierre Pronchery 12b077aed3SPierre Pronchery int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 13b077aed3SPierre Pronchery unsigned char *mac, unsigned int *maclen); 14b077aed3SPierre Pronchery int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 15b077aed3SPierre Pronchery int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 16b077aed3SPierre Pronchery unsigned char *salt, int saltlen, int iter, 17b077aed3SPierre Pronchery const EVP_MD *md_type); 18b077aed3SPierre Pronchery int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 19b077aed3SPierre Pronchery int saltlen, const EVP_MD *md_type); 20b077aed3SPierre Pronchery 21b077aed3SPierre Pronchery=head1 DESCRIPTION 22b077aed3SPierre Pronchery 23b077aed3SPierre ProncheryPKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the 24aa795734SPierre Proncherysupplied password along with a set of already configured parameters. 25*6f1af0d7SPierre ProncheryThe default key generation mechanism used is PKCS12KDF. 26b077aed3SPierre Pronchery 27b077aed3SPierre ProncheryPKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied 28b077aed3SPierre Proncherypassword. 29b077aed3SPierre Pronchery 30b077aed3SPierre ProncheryPKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied 31b077aed3SPierre Proncheryparameters. 32b077aed3SPierre Pronchery 33b077aed3SPierre ProncheryPKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object. 34b077aed3SPierre Pronchery 35b077aed3SPierre ProncheryI<pass> is the passphrase to use in the HMAC. I<salt> is the salt value to use, 36b077aed3SPierre ProncheryI<iter> is the iteration count and I<md_type> is the message digest 37b077aed3SPierre Proncheryfunction to use. 38b077aed3SPierre Pronchery 39b077aed3SPierre Pronchery=head1 NOTES 40b077aed3SPierre Pronchery 41b077aed3SPierre ProncheryIf I<salt> is NULL then a suitable salt will be generated and used. 42b077aed3SPierre Pronchery 43b077aed3SPierre ProncheryIf I<iter> is 1 then an iteration count will be omitted from the PKCS#12 44b077aed3SPierre Proncherystructure. 45b077aed3SPierre Pronchery 46b077aed3SPierre ProncheryPKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions 47b077aed3SPierre Proncheryregarding the encoding of the given passphrase. See L<passphrase-encoding(7)> 48b077aed3SPierre Proncheryfor more information. 49b077aed3SPierre Pronchery 50b077aed3SPierre Pronchery=head1 RETURN VALUES 51b077aed3SPierre Pronchery 52b077aed3SPierre ProncheryAll functions return 1 on success and 0 if an error occurred. 53b077aed3SPierre Pronchery 54b077aed3SPierre Pronchery=head1 CONFORMING TO 55b077aed3SPierre Pronchery 56b077aed3SPierre ProncheryIETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) 57b077aed3SPierre Pronchery 58b077aed3SPierre Pronchery=head1 SEE ALSO 59b077aed3SPierre Pronchery 60b077aed3SPierre ProncheryL<d2i_PKCS12(3)>, 61*6f1af0d7SPierre ProncheryL<EVP_KDF-PKCS12KDF(7)>, 62b077aed3SPierre ProncheryL<PKCS12_create(3)>, 63b077aed3SPierre ProncheryL<passphrase-encoding(7)> 64b077aed3SPierre Pronchery 65b077aed3SPierre Pronchery=head1 COPYRIGHT 66b077aed3SPierre Pronchery 67aa795734SPierre ProncheryCopyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. 68b077aed3SPierre Pronchery 69b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 70b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 71b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 72b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 73b077aed3SPierre Pronchery 74b077aed3SPierre Pronchery=cut 75