1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre ProncheryPKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac, 6b077aed3SPierre ProncheryPKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure 7b077aed3SPierre Pronchery 8b077aed3SPierre Pronchery=head1 SYNOPSIS 9b077aed3SPierre Pronchery 10b077aed3SPierre Pronchery #include <openssl/pkcs12.h> 11b077aed3SPierre Pronchery 12b077aed3SPierre Pronchery int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, 13b077aed3SPierre Pronchery unsigned char *mac, unsigned int *maclen); 14b077aed3SPierre Pronchery int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); 15b077aed3SPierre Pronchery int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, 16b077aed3SPierre Pronchery unsigned char *salt, int saltlen, int iter, 17b077aed3SPierre Pronchery const EVP_MD *md_type); 18b077aed3SPierre Pronchery int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, 19b077aed3SPierre Pronchery int saltlen, const EVP_MD *md_type); 20b077aed3SPierre Pronchery 21b077aed3SPierre Pronchery=head1 DESCRIPTION 22b077aed3SPierre Pronchery 23b077aed3SPierre ProncheryPKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the 24*aa795734SPierre Proncherysupplied password along with a set of already configured parameters. 25b077aed3SPierre Pronchery 26b077aed3SPierre ProncheryPKCS12_verify_mac() verifies the PKCS#12 object's HMAC using the supplied 27b077aed3SPierre Proncherypassword. 28b077aed3SPierre Pronchery 29b077aed3SPierre ProncheryPKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied 30b077aed3SPierre Proncheryparameters. 31b077aed3SPierre Pronchery 32b077aed3SPierre ProncheryPKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object. 33b077aed3SPierre Pronchery 34b077aed3SPierre ProncheryI<pass> is the passphrase to use in the HMAC. I<salt> is the salt value to use, 35b077aed3SPierre ProncheryI<iter> is the iteration count and I<md_type> is the message digest 36b077aed3SPierre Proncheryfunction to use. 37b077aed3SPierre Pronchery 38b077aed3SPierre Pronchery=head1 NOTES 39b077aed3SPierre Pronchery 40b077aed3SPierre ProncheryIf I<salt> is NULL then a suitable salt will be generated and used. 41b077aed3SPierre Pronchery 42b077aed3SPierre ProncheryIf I<iter> is 1 then an iteration count will be omitted from the PKCS#12 43b077aed3SPierre Proncherystructure. 44b077aed3SPierre Pronchery 45b077aed3SPierre ProncheryPKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions 46b077aed3SPierre Proncheryregarding the encoding of the given passphrase. See L<passphrase-encoding(7)> 47b077aed3SPierre Proncheryfor more information. 48b077aed3SPierre Pronchery 49b077aed3SPierre Pronchery=head1 RETURN VALUES 50b077aed3SPierre Pronchery 51b077aed3SPierre ProncheryAll functions return 1 on success and 0 if an error occurred. 52b077aed3SPierre Pronchery 53b077aed3SPierre Pronchery=head1 CONFORMING TO 54b077aed3SPierre Pronchery 55b077aed3SPierre ProncheryIETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>) 56b077aed3SPierre Pronchery 57b077aed3SPierre Pronchery=head1 SEE ALSO 58b077aed3SPierre Pronchery 59b077aed3SPierre ProncheryL<d2i_PKCS12(3)>, 60b077aed3SPierre ProncheryL<PKCS12_create(3)>, 61b077aed3SPierre ProncheryL<passphrase-encoding(7)> 62b077aed3SPierre Pronchery 63b077aed3SPierre Pronchery=head1 COPYRIGHT 64b077aed3SPierre Pronchery 65*aa795734SPierre ProncheryCopyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. 66b077aed3SPierre Pronchery 67b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 68b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 69b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 70b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 71b077aed3SPierre Pronchery 72b077aed3SPierre Pronchery=cut 73