1 /** 2 * \file pkcs12.h 3 * 4 * \brief PKCS#12 Personal Information Exchange Syntax 5 */ 6 /* 7 * Copyright The Mbed TLS Contributors 8 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9 */ 10 #ifndef MBEDTLS_PKCS12_H 11 #define MBEDTLS_PKCS12_H 12 13 #include "mbedtls/build_info.h" 14 15 #include "mbedtls/md.h" 16 #include "mbedtls/cipher.h" 17 #include "mbedtls/asn1.h" 18 19 #include <stddef.h> 20 21 /** Bad input parameters to function. */ 22 #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 23 /** Feature not available, e.g. unsupported encryption scheme. */ 24 #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 25 /** PBE ASN.1 data not as expected. */ 26 #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 27 /** Given private key password does not allow for correct decryption. */ 28 #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 29 30 #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ 31 #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ 32 #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ 33 34 #define MBEDTLS_PKCS12_PBE_DECRYPT MBEDTLS_DECRYPT 35 #define MBEDTLS_PKCS12_PBE_ENCRYPT MBEDTLS_ENCRYPT 36 37 #ifdef __cplusplus 38 extern "C" { 39 #endif 40 41 #if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) 42 43 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 44 /** 45 * \brief PKCS12 Password Based function (encryption / decryption) 46 * for cipher-based and mbedtls_md-based PBE's 47 * 48 * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must 49 * be enabled at compile time. 50 * 51 * \deprecated This function is deprecated and will be removed in a 52 * future version of the library. 53 * Please use mbedtls_pkcs12_pbe_ext() instead. 54 * 55 * \warning When decrypting: 56 * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile 57 * time, this function validates the CBC padding and returns 58 * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is 59 * invalid. Note that this can help active adversaries 60 * attempting to brute-forcing the password. Note also that 61 * there is no guarantee that an invalid password will be 62 * detected (the chances of a valid padding with a random 63 * password are about 1/255). 64 * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile 65 * time, this function does not validate the CBC padding. 66 * 67 * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure 68 * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or 69 * #MBEDTLS_PKCS12_PBE_DECRYPT 70 * \param cipher_type the cipher used 71 * \param md_type the mbedtls_md used 72 * \param pwd Latin1-encoded password used. This may only be \c NULL when 73 * \p pwdlen is 0. No null terminator should be used. 74 * \param pwdlen length of the password (may be 0) 75 * \param data the input data 76 * \param len data length 77 * \param output Output buffer. 78 * On success, it contains the encrypted or decrypted data, 79 * possibly followed by the CBC padding. 80 * On failure, the content is indeterminate. 81 * For decryption, there must be enough room for \p len 82 * bytes. 83 * For encryption, there must be enough room for 84 * \p len + 1 bytes, rounded up to the block size of 85 * the block cipher identified by \p pbe_params. 86 * 87 * \return 0 if successful, or a MBEDTLS_ERR_XXX code 88 */ 89 int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, 90 mbedtls_cipher_type_t cipher_type, 91 mbedtls_md_type_t md_type, 92 const unsigned char *pwd, size_t pwdlen, 93 const unsigned char *data, size_t len, 94 unsigned char *output); 95 #endif /* MBEDTLS_DEPRECATED_REMOVED */ 96 97 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 98 99 /** 100 * \brief PKCS12 Password Based function (encryption / decryption) 101 * for cipher-based and mbedtls_md-based PBE's 102 * 103 * 104 * \warning When decrypting: 105 * - This function validates the CBC padding and returns 106 * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is 107 * invalid. Note that this can help active adversaries 108 * attempting to brute-forcing the password. Note also that 109 * there is no guarantee that an invalid password will be 110 * detected (the chances of a valid padding with a random 111 * password are about 1/255). 112 * 113 * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure 114 * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or 115 * #MBEDTLS_PKCS12_PBE_DECRYPT 116 * \param cipher_type the cipher used 117 * \param md_type the mbedtls_md used 118 * \param pwd Latin1-encoded password used. This may only be \c NULL when 119 * \p pwdlen is 0. No null terminator should be used. 120 * \param pwdlen length of the password (may be 0) 121 * \param data the input data 122 * \param len data length 123 * \param output Output buffer. 124 * On success, it contains the encrypted or decrypted data, 125 * possibly followed by the CBC padding. 126 * On failure, the content is indeterminate. 127 * For decryption, there must be enough room for \p len 128 * bytes. 129 * For encryption, there must be enough room for 130 * \p len + 1 bytes, rounded up to the block size of 131 * the block cipher identified by \p pbe_params. 132 * \param output_size size of output buffer. 133 * This must be big enough to accommodate for output plus 134 * padding data. 135 * \param output_len On success, length of actual data written to the output buffer. 136 * 137 * \return 0 if successful, or a MBEDTLS_ERR_XXX code 138 */ 139 int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, 140 mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, 141 const unsigned char *pwd, size_t pwdlen, 142 const unsigned char *data, size_t len, 143 unsigned char *output, size_t output_size, 144 size_t *output_len); 145 146 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ 147 148 #endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C */ 149 150 /** 151 * \brief The PKCS#12 derivation function uses a password and a salt 152 * to produce pseudo-random bits for a particular "purpose". 153 * 154 * Depending on the given id, this function can produce an 155 * encryption/decryption key, an initialization vector or an 156 * integrity key. 157 * 158 * \param data buffer to store the derived data in 159 * \param datalen length of buffer to fill 160 * \param pwd The password to use. For compliance with PKCS#12 §B.1, this 161 * should be a BMPString, i.e. a Unicode string where each 162 * character is encoded as 2 bytes in big-endian order, with 163 * no byte order mark and with a null terminator (i.e. the 164 * last two bytes should be 0x00 0x00). 165 * \param pwdlen length of the password (may be 0). 166 * \param salt Salt buffer to use. This may only be \c NULL when 167 * \p saltlen is 0. 168 * \param saltlen length of the salt (may be zero) 169 * \param mbedtls_md mbedtls_md type to use during the derivation 170 * \param id id that describes the purpose (can be 171 * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or 172 * #MBEDTLS_PKCS12_DERIVE_MAC_KEY) 173 * \param iterations number of iterations 174 * 175 * \return 0 if successful, or a MD, BIGNUM type error. 176 */ 177 int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, 178 const unsigned char *pwd, size_t pwdlen, 179 const unsigned char *salt, size_t saltlen, 180 mbedtls_md_type_t mbedtls_md, int id, int iterations); 181 182 #ifdef __cplusplus 183 } 184 #endif 185 186 #endif /* pkcs12.h */ 187