[apple/security.git] / libsecurity_pkcs12 / lib / pkcs12Utils.h

/*
 * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * pkcs12Utils.h
 */
 
#ifndef	_PKCS12_UTILS_H_
#define _PKCS12_UTILS_H_

#include <Security/cssmtype.h>
#include <security_asn1/SecNssCoder.h>
#include <security_pkcs12/pkcs7Templates.h>
#include <security_pkcs12/pkcs12Templates.h>
#include <Security/cssmerr.h>
#include <CoreFoundation/CoreFoundation.h>
#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>

#ifdef __cplusplus
extern "C" {
#endif

/* malloc a NULL-ed array of pointers of size num+1 */
void **p12NssNullArray(
	uint32 num,
	SecNssCoder &coder);

/* CSSM_DATA --> uint32. Returns true if OK. */
bool p12DataToInt(
	const CSSM_DATA &cdata,
	uint32 &u);

/* uint32 --> CSSM_DATA */
void p12IntToData(
	uint32 num,
	CSSM_DATA &cdata,
	SecNssCoder &coder);

/* CFDataRef <--> CSSM_DATA */
CFDataRef p12CssmDataToCf(
	const CSSM_DATA &c);
void p12CfDataToCssm(
	CFDataRef cf,
	CSSM_DATA &c,
	SecNssCoder &coder);

CSSM_DATA_PTR p12StringToUtf8(
	CFStringRef cfStr,
	SecNssCoder &coder);

const char *p12BagTypeStr(
	NSS_P12_SB_Type type);
const char *p7ContentInfoTypeStr(
	NSS_P7_CI_Type type);

/* map an OID to the components */

typedef enum {
	PW_None,			/* not comprehended */
	PW_PKCS5_v1_5,		/* PKCS5 v1.5 */
	PW_PKCS5_v2,		/* PKCS5 v2.0, not used by this module but parsed here */
	PW_PKCS12			/* PKCS12 */
} PKCS_Which;

/* returns false if OID not found */
bool pkcsOidToParams(
	const CSSM_OID 		*oid,
	CSSM_ALGORITHMS		&keyAlg,		// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		&encrAlg,		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		&pbeHashAlg,	// SHA1 or MD5
	uint32				&keySizeInBits,
	uint32				&blockSizeInBytes,	// for IV, optional
	CSSM_PADDING		&padding,		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	&mode,			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			&pkcs);			// PW_PKCS5_v1_5 or PW_PKCS12

CSSM_RETURN p12VerifyMac(
	const NSS_P12_DecodedPFX 	&pfx,
	CSSM_CSP_HANDLE				cspHand,
	const CSSM_DATA				*pwd,	// unicode, double null terminated
	const CSSM_KEY				*passKey,
	SecNssCoder					&coder);// for temp mallocs

void p12GenSalt(
	CSSM_DATA 	&salt,
	SecNssCoder &coder);

void p12GenLabel(
	CSSM_DATA &label,
	SecNssCoder &coder);

void p12NullAlgParams(
	CSSM_X509_ALGORITHM_IDENTIFIER &algId);

/*
 * Free memory via specified plugin's app-level allocator
 */
void freeCssmMemory(
	CSSM_HANDLE	hand,
	void 		*p);

/*
 * Though it pains me to do this, I must. We "happen to know" the 
 * names (in string form) of two of a key's attributes. These
 * have not been published anywhere, they are hard-coded into 
 * the script (KeySchema.m4) which generates the KeySchema
 * tables. 
 */

/*
 * This one is initially the same as the "label" argument passed 
 * in to the CSP when creating or importing keys; it eventually
 * gets munged into the hash of the associated public key (
 * in our case, by p12SetPubKeyHash()).
 */
#define P12_KEY_ATTR_LABEL_AND_HASH		"Label"

/*
 * This one is the user-friendly name.
 */
#define P12_KEY_ATTR_PRINT_NAME			"PrintName"

/*
 * Find private key by label, modify its Label attr to be the
 * hash of the associated public key. 
 */
CSSM_RETURN p12SetPubKeyHash(
	CSSM_CSP_HANDLE 	cspHand,		// where the key lives
	CSSM_DL_DB_HANDLE 	dlDbHand,		// ditto
	CSSM_DATA			&keyLabel,		// for DB lookup
	CSSM_DATA_PTR		newPrintName,	// optional
	SecNssCoder			&coder,			// for mallocing newLabel
	CSSM_DATA			&newLabel,		// RETURNED with label as hash
	CSSM_KEY_PTR		&foundKey);		// RETURNED on dup key detect

CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
	uint32 				AttributeType,
	uint32 				AttributeLength,
	const void 			*AttributePtr);

/*
 * Find private key by specified label, delete it.
 */
CSSM_RETURN p12DeleteKey(
	CSSM_DL_DB_HANDLE 	dlDbHand, 
	const CSSM_DATA		&keyLabel);

/* convert App passphrase to array of chars used in P12 PBE */
void p12ImportPassPhrase(
	CFStringRef			inPhrase,
	SecNssCoder			&coder,
	CSSM_DATA			&outPhrase);

/*
 * Standard error throwMes.
 * P12_ENCODE_ERR only occurs on DER-encode which should never fail. 
 */
#define P12_DECODE_ERR		errSecUnknownFormat
#define P12_ENCODE_ERR		internalComponentErr
#define P12_THROW_DECODE	MacOSError::throwMe(P12_DECODE_ERR)
#define P12_THROW_ENCODE	MacOSError::throwMe(P12_ENCODE_ERR)

#ifdef __cplusplus
}
#endif

#endif	/* _PKCS12_UTILS_H_ */
Commit	Line	Data
b1ab9ed8 A	1	/*
	2	* Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23	/*
	24	* pkcs12Utils.h
	25	*/
	26
	27	#ifndef _PKCS12_UTILS_H_
	28	#define _PKCS12_UTILS_H_
	29
	30	#include <Security/cssmtype.h>
	31	#include <security_asn1/SecNssCoder.h>
	32	#include <security_pkcs12/pkcs7Templates.h>
	33	#include <security_pkcs12/pkcs12Templates.h>
	34	#include <Security/cssmerr.h>
	35	#include <CoreFoundation/CoreFoundation.h>
	36	#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
	37
	38	#ifdef __cplusplus
	39	extern "C" {
	40	#endif
	41
	42	/* malloc a NULL-ed array of pointers of size num+1 */
	43	void **p12NssNullArray(
	44	uint32 num,
	45	SecNssCoder &coder);
	46
	47	/* CSSM_DATA --> uint32. Returns true if OK. */
	48	bool p12DataToInt(
	49	const CSSM_DATA &cdata,
	50	uint32 &u);
	51
	52	/* uint32 --> CSSM_DATA */
	53	void p12IntToData(
	54	uint32 num,
	55	CSSM_DATA &cdata,
	56	SecNssCoder &coder);
	57
	58	/* CFDataRef <--> CSSM_DATA */
	59	CFDataRef p12CssmDataToCf(
	60	const CSSM_DATA &c);
	61	void p12CfDataToCssm(
	62	CFDataRef cf,
	63	CSSM_DATA &c,
	64	SecNssCoder &coder);
65
66	CSSM_DATA_PTR p12StringToUtf8(
67	CFStringRef cfStr,
68	SecNssCoder &coder);
69
70	const char *p12BagTypeStr(
71	NSS_P12_SB_Type type);
72	const char *p7ContentInfoTypeStr(
73	NSS_P7_CI_Type type);
74
75	/* map an OID to the components */
76
77	typedef enum {
78	PW_None, /* not comprehended */
79	PW_PKCS5_v1_5, /* PKCS5 v1.5 */
80	PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */
81	PW_PKCS12 /* PKCS12 */
82	} PKCS_Which;
83
84	/* returns false if OID not found */
85	bool pkcsOidToParams(
86	const CSSM_OID *oid,
87	CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES
88	CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE
89	CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5
90	uint32 &keySizeInBits,
91	uint32 &blockSizeInBytes, // for IV, optional
92	CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc.
93	CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc.
94	PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12
95
96	CSSM_RETURN p12VerifyMac(
97	const NSS_P12_DecodedPFX &pfx,
98	CSSM_CSP_HANDLE cspHand,
99	const CSSM_DATA *pwd, // unicode, double null terminated
100	const CSSM_KEY *passKey,
101	SecNssCoder &coder);// for temp mallocs
102
103	void p12GenSalt(
104	CSSM_DATA &salt,
105	SecNssCoder &coder);
106
107	void p12GenLabel(
108	CSSM_DATA &label,
109	SecNssCoder &coder);
110
111	void p12NullAlgParams(
112	CSSM_X509_ALGORITHM_IDENTIFIER &algId);
113
114	/*
115	* Free memory via specified plugin's app-level allocator
116	*/
117	void freeCssmMemory(
118	CSSM_HANDLE hand,
119	void *p);
120
121	/*
122	* Though it pains me to do this, I must. We "happen to know" the
123	* names (in string form) of two of a key's attributes. These
124	* have not been published anywhere, they are hard-coded into
125	* the script (KeySchema.m4) which generates the KeySchema
126	* tables.
127	*/
128
129	/*
130	* This one is initially the same as the "label" argument passed
131	* in to the CSP when creating or importing keys; it eventually
132	* gets munged into the hash of the associated public key (
133	* in our case, by p12SetPubKeyHash()).
134	*/
135	#define P12_KEY_ATTR_LABEL_AND_HASH "Label"
136
137	/*
138	* This one is the user-friendly name.
139	*/
140	#define P12_KEY_ATTR_PRINT_NAME "PrintName"
141
142	/*
143	* Find private key by label, modify its Label attr to be the
144	* hash of the associated public key.
145	*/
146	CSSM_RETURN p12SetPubKeyHash(
147	CSSM_CSP_HANDLE cspHand, // where the key lives
148	CSSM_DL_DB_HANDLE dlDbHand, // ditto
149	CSSM_DATA &keyLabel, // for DB lookup
150	CSSM_DATA_PTR newPrintName, // optional
151	SecNssCoder &coder, // for mallocing newLabel
152	CSSM_DATA &newLabel, // RETURNED with label as hash
153	CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect
154
155	CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
156	uint32 AttributeType,
157	uint32 AttributeLength,
158	const void *AttributePtr);
159
160	/*
161	* Find private key by specified label, delete it.
162	*/
163	CSSM_RETURN p12DeleteKey(
164	CSSM_DL_DB_HANDLE dlDbHand,
165	const CSSM_DATA &keyLabel);
166
167	/* convert App passphrase to array of chars used in P12 PBE */
168	void p12ImportPassPhrase(
169	CFStringRef inPhrase,
170	SecNssCoder &coder,
171	CSSM_DATA &outPhrase);
172
173	/*
174	* Standard error throwMes.
175	* P12_ENCODE_ERR only occurs on DER-encode which should never fail.
176	*/
177	#define P12_DECODE_ERR errSecUnknownFormat
178	#define P12_ENCODE_ERR internalComponentErr
179	#define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR)
180	#define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR)
181
182	#ifdef __cplusplus
183	}
184	#endif
185
186	#endif /* _PKCS12_UTILS_H_ */
187