]> git.saurik.com Git - apple/security.git/blame - libsecurity_pkcs12/lib/SecPkcs12.cpp
projects / apple / security.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Security-55179.13.tar.gz
[apple/security.git] / libsecurity_pkcs12 / lib / SecPkcs12.cpp
CommitLineData
b1ab9ed8
A		 1/*
2 * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23/*
24 * SecPkcs12.cpp
25 */
26
27#include "SecPkcs12.h"
28#include "pkcs12Coder.h"
29#include "pkcs12BagAttrs.h"
30#include "pkcs12SafeBag.h"
31#include "pkcs12Utils.h"
32#include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
33#include <security_cdsa_utilities/cssmerrors.h>
34#include <Security/SecBasePriv.h>
35
36/*
37 * API function call wrappers, impermeable to C++ exceptions
38 */
39#define BEGIN_P12API \
40 try {
41
42#define END_P12API \
43 } \
44 catch (const MacOSError &err) { return err.osStatus(); } \
45 catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
46 catch (const std::bad_alloc &) { return memFullErr; } \
47 catch (...) { return internalComponentErr; } \
48 return noErr;
49
50/* catch incoming NULL parameters */
51static inline void required(
52 const void *param)
53{
54 if(param == NULL) {
55 MacOSError::throwMe(paramErr);
56 }
57}
58
59/*
60 * Standard means of casting a SecPkcs12CoderRef to a P12Coder *
61 */
62static inline P12Coder *P12CoderCast(
63 SecPkcs12CoderRef coder)
64{
65 required(coder);
66 return reinterpret_cast<P12Coder *>(coder);
67}
68
69/*
70 * Standard means of casting a SecPkcs12AttrsRef to a P12BagAttrs *
71 * This one uses the P12BagAttrsStandAlone version, not tied to
72 * a specific P12Coder (actually, to a P12Coder's SecNssCoder).
73 */
74static inline P12BagAttrsStandAlone *P12AttrsCast(
75 SecPkcs12AttrsRef attrs)
76{
77 if(attrs == NULL) {
78 MacOSError::throwMe(paramErr);
79 }
80 return reinterpret_cast<P12BagAttrsStandAlone *>(attrs);
81}
82
83/* optional flavor used in SecPkcs12Add*() */
84static inline P12BagAttrs *P12AttrsCastOpt(
85 SecPkcs12AttrsRef attrs)
86{
87 return reinterpret_cast<P12BagAttrs *>(attrs);
88}
89
90#pragma mark --- SecPkcs12CoderRef create/destroy ---
91
92/*
93 * Basic SecPkcs12CoderRef create/destroy.
94 */
95OSStatus SecPkcs12CoderCreate(
96 SecPkcs12CoderRef *coder) // RETURNED
97{
98 BEGIN_P12API
99
100 required(coder);
101 P12Coder *p12coder = new P12Coder;
102 *coder = p12coder;
103
104 END_P12API
105}
106
107/*
108 * Destroy object created in SecPkcs12CoderCreate.
109 * This will go away if we make this object a CoreFoundation type.
110 */
111OSStatus SecPkcs12CoderRelease(
112 SecPkcs12CoderRef coder)
113{
114 BEGIN_P12API
115
116 P12Coder *p12coder = P12CoderCast(coder);
117 delete p12coder;
118
119 END_P12API
120}
121
122OSStatus SecPkcs12SetMACPassphrase(
123 SecPkcs12CoderRef coder,
124 CFStringRef passphrase)
125{
126 BEGIN_P12API
127
128 P12Coder *p12coder = P12CoderCast(coder);
129 required(passphrase);
130 p12coder->setMacPassPhrase(passphrase);
131
132 END_P12API
133}
134
135OSStatus SecPkcs12SetMACPassKey(
136 SecPkcs12CoderRef coder,
137 const CSSM_KEY *passKey)
138{
139 BEGIN_P12API
140
141 P12Coder *p12coder = P12CoderCast(coder);
142 required(passKey);
143 p12coder->setMacPassKey(passKey);
144
145 END_P12API
146}
147
148/*
149 * Specify separate passphrase for encrypt/decrypt.
150 */
151OSStatus SecPkcs12SetCryptPassphrase(
152 SecPkcs12CoderRef coder,
153 CFStringRef passphrase)
154{
155 BEGIN_P12API
156
157 P12Coder *p12coder = P12CoderCast(coder);
158 required(passphrase);
159 p12coder->setEncrPassPhrase(passphrase);
160
161 END_P12API
162}
163
164OSStatus SecPkcs12SetCryptPassKey(
165 SecPkcs12CoderRef coder,
166 const CSSM_KEY *passKey)
167{
168 BEGIN_P12API
169
170 P12Coder *p12coder = P12CoderCast(coder);
171 required(passKey);
172 p12coder->setEncrPassKey(passKey);
173
174 END_P12API
175}
176
177
178/*
179 * Target location of decoded keys and certs.
180 */
181OSStatus SecPkcs12SetKeychain(
182 SecPkcs12CoderRef coder,
183 SecKeychainRef keychain)
184{
185 BEGIN_P12API
186
187 P12Coder *p12coder = P12CoderCast(coder);
188 required(keychain);
189 p12coder->setKeychain(keychain);
190
191 END_P12API
192}
193
194/*
195 * Required iff SecPkcs12SetKeychain() not called.
196 */
197OSStatus SecPkcs12SetCspHandle(
198 SecPkcs12CoderRef coder,
199 CSSM_CSP_HANDLE cspHandle)
200{
201 BEGIN_P12API
202
203 P12Coder *p12coder = P12CoderCast(coder);
204 p12coder->setCsp(cspHandle);
205
206 END_P12API
207}
208
209OSStatus SecPkcs12SetImportToKeychain(
210 SecPkcs12CoderRef coder,
211 SecPkcs12ImportFlags flags)
212{
213 BEGIN_P12API
214
215 P12Coder *p12coder = P12CoderCast(coder);
216 p12coder->importFlags(flags);
217
218 END_P12API
219}
220
221OSStatus SecPkcs12GetImportToKeychain(
222 SecPkcs12CoderRef coder,
223 SecPkcs12ImportFlags *flags) // RETURNED
224{
225 BEGIN_P12API
226
227 P12Coder *p12coder = P12CoderCast(coder);
228 required(flags);
229 *flags = p12coder->importFlags();
230
231 END_P12API
232}
233
234OSStatus SecPkcs12ExportKeychainItems(
235 SecPkcs12CoderRef coder,
236 CFArrayRef items)
237{
238 BEGIN_P12API
239
240 P12Coder *p12coder = P12CoderCast(coder);
241 required(items);
242 p12coder->exportKeychainItems(items);
243
244 END_P12API
245}
246
247OSStatus SecPkcs12SetAccess(
248 SecPkcs12CoderRef coder,
249 SecAccessRef access)
250{
251 BEGIN_P12API
252
253 P12Coder *p12coder = P12CoderCast(coder);
254 p12coder->setAccess(access);
255
256 END_P12API
257}
258
259OSStatus SecPkcs12SetKeyUsage(
260 SecPkcs12CoderRef coder,
261 CSSM_KEYUSE keyUsage)
262{
263 BEGIN_P12API
264
265 P12Coder *p12coder = P12CoderCast(coder);
266 p12coder->setKeyUsage(keyUsage);
267
268 END_P12API
269}
270
271OSStatus SecPkcs12SetKeyAttrs(
272 SecPkcs12CoderRef coder,
273 CSSM_KEYATTR_FLAGS keyAttrs)
274{
275 BEGIN_P12API
276
277 P12Coder *p12coder = P12CoderCast(coder);
278 p12coder->setKeyAttrs(keyAttrs);
279
280 END_P12API
281}
282
283#pragma mark --- Decoder Functions ---
284
285/*
286 * Parse and decode.
287 */
288OSStatus SecPkcs12Decode(
289 SecPkcs12CoderRef coder,
290 CFDataRef pfx)
291{
292 BEGIN_P12API
293
294 P12Coder *p12coder = P12CoderCast(coder);
295 required(pfx);
296 try {
297 p12coder->decode(pfx);
298 }
299 catch(...) {
300 /* abort - clean up - delete stored keys */
301 p12coder->deleteDecodedItems();
302 throw;
303 }
304 END_P12API
305}
306
307/*
308 * Subsequent to decoding, obtain the components.
309 * These functions can also be used as "getter" functions while encoding.
310 *
311 * Certificates:
312 */
313OSStatus SecPkcs12CertificateCount(
314 SecPkcs12CoderRef coder,
315 CFIndex *numCerts) // RETURNED
316{
317 BEGIN_P12API
318
319 P12Coder *p12coder = P12CoderCast(coder);
320 required(numCerts);
321 *numCerts = p12coder->numCerts();
322
323 END_P12API
324}
325
326OSStatus SecPkcs12CopyCertificate(
327 SecPkcs12CoderRef coder,
328 CFIndex certNum,
329 SecCertificateRef *secCert, // RETURNED
330 CFStringRef *friendlyName, // RETURNED
331 CFDataRef *localKeyId, // RETURNED
332 SecPkcs12AttrsRef *attrs) // RETURNED
333{
334 BEGIN_P12API
335
336 P12Coder *p12coder = P12CoderCast(coder);
337 required(secCert);
338 /* others are optional - if NULL, we don't return that param */
339 P12CertBag *bag = p12coder->getCert(certNum);
340 *secCert = bag->getSecCert();
341
342 /* now the optional attrs */
343 P12BagAttrs *p12Attrs = NULL;
344 bag->copyAllAttrs(friendlyName, localKeyId,
345 attrs ? &p12Attrs : NULL);
346 if(p12Attrs) {
347 *attrs = p12Attrs;
348 }
349 END_P12API
350}
351
352/*
353 * CRLs. The might change if a SecCrl type is defined elsewhere.
354 * We'll typedef it here to preserve the semantics of this function.
355 */
356OSStatus SecPkcs12CrlCount(
357 SecPkcs12CoderRef coder,
358 CFIndex *numCrls) // RETURNED
359{
360 BEGIN_P12API
361
362 P12Coder *p12coder = P12CoderCast(coder);
363 required(numCrls);
364 *numCrls = p12coder->numCrls();
365
366 END_P12API
367}
368
369OSStatus SecPkcs12CopyCrl(
370 SecPkcs12CoderRef coder,
371 CFIndex crlNum,
372 SecCrlRef *crl, // RETURNED
373 CFStringRef *friendlyName, // RETURNED
374 CFDataRef *localKeyId, // RETURNED
375 SecPkcs12AttrsRef *attrs) // RETURNED
376{
377 BEGIN_P12API
378
379 P12Coder *p12coder = P12CoderCast(coder);
380 required(crl);
381 /* others are optional - if NULL, we don't return that param */
382 P12CrlBag *bag = p12coder->getCrl(crlNum);
383 *crl = p12CssmDataToCf(bag->crlData());
384
385 /* now the optional attrs */
386 P12BagAttrs *p12Attrs = NULL;
387 bag->copyAllAttrs(friendlyName, localKeyId,
388 attrs ? &p12Attrs : NULL);
389 if(p12Attrs) {
390 *attrs = p12Attrs;
391 }
392
393 END_P12API
394}
395
396/*
397 * Private keys.
398 */
399OSStatus SecPkcs12PrivateKeyCount(
400 SecPkcs12CoderRef coder,
401 CFIndex *numKeys) // RETURNED
402{
403 BEGIN_P12API
404
405 P12Coder *p12coder = P12CoderCast(coder);
406 required(numKeys);
407 *numKeys = p12coder->numKeys();
408
409 END_P12API
410}
411
412OSStatus SecPkcs12CopyPrivateKey(
413 SecPkcs12CoderRef coder,
414 CFIndex keyNum,
415 SecKeyRef *privateKey, // RETURNED
416 CFStringRef *friendlyName, // RETURNED
417 CFDataRef *localKeyId, // RETURNED
418 SecPkcs12AttrsRef *attrs) // RETURNED
419{
420 BEGIN_P12API
421 /*P12Coder *p12coder = P12CoderCast(coder); */
422 return unimpErr;
423 END_P12API
424}
425
426OSStatus SecPkcs12GetCssmPrivateKey(
427 SecPkcs12CoderRef coder,
428 CFIndex keyNum,
429 CSSM_KEY_PTR *privateKey, // RETURNED
430 CFStringRef *friendlyName, // RETURNED
431 CFDataRef *localKeyId, // RETURNED
432 SecPkcs12AttrsRef *attrs) // RETURNED
433{
434 BEGIN_P12API
435 P12Coder *p12coder = P12CoderCast(coder);
436 required(privateKey);
437 /* others are optional - if NULL, we don't return that param */
438 P12KeyBag *bag = p12coder->getKey(keyNum);
439 *privateKey = bag->key();
440
441 /* now the optional attrs */
442 P12BagAttrs *p12Attrs = NULL;
443 bag->copyAllAttrs(friendlyName, localKeyId,
444 attrs ? &p12Attrs : NULL);
445 if(p12Attrs) {
446 *attrs = p12Attrs;
447 }
448
449 END_P12API
450}
451
452/*
453 * Catch-all for other components not currently understood
454 * or supported by this library. An "opaque blob" component
455 * is identified by an OID and is obtained as an opaque data
456 * blob.
457 */
458OSStatus SecPkcs12OpaqueBlobCount(
459 SecPkcs12CoderRef coder,
460 CFIndex *numBlobs) // RETURNED
461{
462 BEGIN_P12API
463
464 P12Coder *p12coder = P12CoderCast(coder);
465 required(numBlobs);
466 *numBlobs = p12coder->numOpaqueBlobs();
467
468 END_P12API
469}
470
471OSStatus SecPkcs12CopyOpaqueBlob(
472 SecPkcs12CoderRef coder,
473 CFIndex blobNum,
474 CFDataRef *blobOid, // RETURNED
475 CFDataRef *opaqueBlob, // RETURNED
476 CFStringRef *friendlyName, // RETURNED
477 CFDataRef *localKeyId, // RETURNED
478 SecPkcs12AttrsRef *attrs) // RETURNED
479{
480 BEGIN_P12API
481
482 P12Coder *p12coder = P12CoderCast(coder);
483 required(blobOid);
484 required(opaqueBlob);
485
486 /* others are optional - if NULL, we don't return that param */
487 P12OpaqueBag *bag = p12coder->getOpaque(blobNum);
488 *opaqueBlob = p12CssmDataToCf(bag->blob());
489 *blobOid = p12CssmDataToCf(bag->oid());
490
491 /* now the optional attrs */
492 P12BagAttrs *p12Attrs = NULL;
493 bag->copyAllAttrs(friendlyName, localKeyId,
494 attrs ? &p12Attrs : NULL);
495 if(p12Attrs) {
496 *attrs = p12Attrs;
497 }
498
499 END_P12API
500}
501
502#pragma mark --- Encoder Functions ---
503
504/*
505 * This the final step to create an encoded PKCS12 PFX blob,
506 * after calling some number of SecPkcs12Set* functions below.
507 * The result is a DER_encoded PFX in PKCS12 lingo.
508 */
509OSStatus SecPkcs12Encode(
510 SecPkcs12CoderRef coder,
511 CFDataRef *pfx) // RETURNED
512{
513 BEGIN_P12API
514 P12Coder *p12coder = P12CoderCast(coder);
515 required(pfx);
516 p12coder->encode(pfx);
517 END_P12API
518}
519
520/*
521 * Add individual components. "Getter" functions are available
522 * as described above (under "Functions used for decoding").
523 */
524OSStatus SecPkcs12AddCertificate(
525 SecPkcs12CoderRef coder,
526 SecCertificateRef cert,
527 CFStringRef friendlyName, // optional
528 CFDataRef localKeyId, // optional
529 SecPkcs12AttrsRef attrs) // optional
530{
531 BEGIN_P12API
532 P12Coder *p12coder = P12CoderCast(coder);
533 required(cert);
534 CSSM_DATA certData;
535 OSStatus ortn = SecCertificateGetData(cert, &certData);
536 if(ortn) {
537 return ortn;
538 }
539 CSSM_CERT_TYPE certType;
540 ortn = SecCertificateGetType(cert, &certType);
541 if(ortn) {
542 return ortn;
543 }
544 NSS_P12_CertBagType type;
545 switch(certType) {
546 case CSSM_CERT_X_509v1:
547 case CSSM_CERT_X_509v2:
548 case CSSM_CERT_X_509v3:
549 type = CT_X509;
550 break;
551 case CSSM_CERT_SDSIv1:
552 type = CT_SDSI;
553 break;
554 default:
555 type = CT_Unknown;
556 break;
557 }
558 P12CertBag *bag = new P12CertBag(type, certData, friendlyName,
559 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
560 p12coder->addCert(bag);
561 END_P12API
562}
563
564OSStatus SecPkcs12AddCrl(
565 SecPkcs12CoderRef coder,
566 SecCrlRef crl,
567 CFStringRef friendlyName, // optional
568 CFDataRef localKeyId, // optional
569 SecPkcs12AttrsRef attrs) // optional
570{
571 BEGIN_P12API
572 P12Coder *p12coder = P12CoderCast(coder);
573 required(crl);
574 P12CrlBag *bag = new P12CrlBag(CRT_X509, crl, friendlyName,
575 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
576 p12coder->addCrl(bag);
577 END_P12API
578}
579
580OSStatus SecPkcs12AddPrivateKey(
581 SecPkcs12CoderRef coder,
582 SecKeyRef privateKey,
583 CFStringRef friendlyName, // optional
584 CFDataRef localKeyId, // optional
585 SecPkcs12AttrsRef attrs) // optional
586{
587 BEGIN_P12API
588
589 P12Coder *p12coder = P12CoderCast(coder);
590 required(privateKey);
591 const CSSM_KEY *cssmKey;
592 OSStatus ortn = SecKeyGetCSSMKey(privateKey, &cssmKey);
593 if(ortn) {
594 return ortn;
595 }
596 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
597 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
598 p12coder->addKey(bag);
599
600 END_P12API
601}
602
603OSStatus SecPkcs12AddCssmPrivateKey(
604 SecPkcs12CoderRef coder,
605 CSSM_KEY_PTR cssmKey,
606 CFStringRef friendlyName, // optional
607 CFDataRef localKeyId, // optional
608 SecPkcs12AttrsRef attrs) // optional
609{
610 BEGIN_P12API
611
612 P12Coder *p12coder = P12CoderCast(coder);
613 required(cssmKey);
614 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
615 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
616 p12coder->addKey(bag);
617
618 END_P12API
619}
620
621OSStatus SecPkcs12AddOpaqueBlob(
622 SecPkcs12CoderRef coder,
623 CFDataRef blobOid,
624 CFDataRef opaqueBlob,
625 CFStringRef friendlyName, // optional
626 CFDataRef localKeyId, // optional
627 SecPkcs12AttrsRef attrs) // optional
628{
629 BEGIN_P12API
630
631 P12Coder *p12coder = P12CoderCast(coder);
632 required(blobOid);
633 required(opaqueBlob);
634 P12OpaqueBag *bag = new P12OpaqueBag(blobOid, opaqueBlob, friendlyName,
635 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
636 p12coder->addOpaque(bag);
637
638 END_P12API
639}
640
641#pragma mark --- Optional Functions ---
642
643/***
644 *** SecPkcs12AttrsRef manipulation. Optional and in fact expected to
645 *** be rarely used, if ever.
646 ***/
647
648/*
649 * Create/destroy.
650 */
651OSStatus SecPkcs12AttrsCreate(
652 SecPkcs12AttrsRef *attrs) // RETURNED
653{
654 BEGIN_P12API
655
656 required(attrs);
657 P12BagAttrsStandAlone *bagAttrs = new P12BagAttrsStandAlone;
658 *attrs = (SecPkcs12AttrsRef)bagAttrs;
659
660 END_P12API
661}
662
663OSStatus SecPkcs12AttrsRelease(
664 SecPkcs12AttrsRef attrs)
665{
666 BEGIN_P12API
667
668 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
669 delete bagAttrs;
670
671 END_P12API
672}
673
674/*
675 * Add an OID/value set to an existing SecPkcs12AttrsRef.
676 * Values are a CFArray containing an arbitrary number of
677 * CFDataRefs.
678 */
679OSStatus SecPkcs12AttrsAddAttr(
680 SecPkcs12AttrsRef attrs,
681 CFDataRef attrOid,
682 CFArrayRef attrValues)
683{
684 BEGIN_P12API
685
686 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
687 bagAttrs->addAttr(attrOid, attrValues);
688
689 END_P12API
690}
691
692OSStatus SecPkcs12AttrCount(
693 SecPkcs12AttrsRef attrs,
694 CFIndex *numAttrs) // RETURNED
695{
696 BEGIN_P12API
697
698 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
699 required(numAttrs);
700 *numAttrs = bagAttrs->numAttrs();
701
702 END_P12API
703}
704
705/*
706 * Obtain n'th oid/value set from an existing SecPkcs12AttrsRef.
707 */
708OSStatus SecPkcs12AttrsGetAttr(
709 SecPkcs12AttrsRef attrs,
710 CFIndex attrNum,
711 CFDataRef *attrOid, // RETURNED
712 CFArrayRef *attrValues) // RETURNED
713{
714 BEGIN_P12API
715
716 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
717 required(attrOid);
718 required(attrValues);
719 bagAttrs->getAttr(attrNum, attrOid, attrValues);
720 END_P12API
721}
722
723OSStatus SecPkcs12SetIntegrityMode(
724 SecPkcs12CoderRef coder,
725 SecPkcs12Mode mode)
726{
727 BEGIN_P12API
728
729 P12Coder *p12coder = P12CoderCast(coder);
730 p12coder->integrityMode(mode);
731
732 END_P12API
733}
734
735OSStatus SecPkcs12GetIntegrityMode(
736 SecPkcs12CoderRef coder,
737 SecPkcs12Mode *mode) // RETURNED
738{
739 BEGIN_P12API
740
741 P12Coder *p12coder = P12CoderCast(coder);
742 required(mode);
743 *mode = p12coder->integrityMode();
744
745 END_P12API
746}
747
748OSStatus SecPkcs12SetPrivacyMode(
749 SecPkcs12CoderRef coder,
750 SecPkcs12Mode mode)
751{
752 BEGIN_P12API
753
754 P12Coder *p12coder = P12CoderCast(coder);
755 p12coder->privacyMode(mode);
756
757 END_P12API
758}
759
760OSStatus SecPkcs12GetPrivacyMode(
761 SecPkcs12CoderRef coder,
762 SecPkcs12Mode *mode) // RETURNED
763{
764 BEGIN_P12API
765
766 P12Coder *p12coder = P12CoderCast(coder);
767 required(mode);
768 *mode = p12coder->privacyMode();
769
770 END_P12API
771}
772
773/***
774 *** Encryption algorithms
775 ***/
776OSStatus SecPkcs12SetKeyEncryptionAlg(
777 SecPkcs12CoderRef coder,
778 CFDataRef encryptionAlg)
779{
780 BEGIN_P12API
781
782 P12Coder *p12coder = P12CoderCast(coder);
783 required(encryptionAlg);
784 p12coder->strongEncrAlg(encryptionAlg);
785
786 END_P12API
787}
788
789OSStatus SecPkcs12SetCertCrlEncryptionAlg(
790 SecPkcs12CoderRef coder,
791 CFDataRef encryptionAlg)
792{
793 BEGIN_P12API
794
795 P12Coder *p12coder = P12CoderCast(coder);
796 required(encryptionAlg);
797 p12coder->weakEncrAlg(encryptionAlg);
798
799 END_P12API
800}
801
802OSStatus SecPkcs12SetKeyEncryptionIterCount(
803 SecPkcs12CoderRef coder,
804 unsigned iterCount)
805{
806 BEGIN_P12API
807
808 P12Coder *p12coder = P12CoderCast(coder);
809 p12coder->strongEncrIterCount(iterCount);
810
811 END_P12API
812}
813
814OSStatus SecPkcs12SetCertCrlEncryptionIterCount(
815 SecPkcs12CoderRef coder,
816 unsigned iterCount)
817{
818 BEGIN_P12API
819
820 P12Coder *p12coder = P12CoderCast(coder);
821 p12coder->weakEncrIterCount(iterCount);
822
823 END_P12API
824}
825
826OSStatus SecPkcs12SetMacIterCount(
827 SecPkcs12CoderRef coder,
828 unsigned iterCount)
829{
830 BEGIN_P12API
831
832 P12Coder *p12coder = P12CoderCast(coder);
833 p12coder->macEncrIterCount(iterCount);
834
835 END_P12API
836}
837
838OSStatus SecPkcs12CopyKeyEncryptionAlg(
839 SecPkcs12CoderRef coder,
840 CFDataRef *encryptionAlg) // RETURNED
841{
842 BEGIN_P12API
843
844 P12Coder *p12coder = P12CoderCast(coder);
845 required(encryptionAlg);
846 *encryptionAlg = p12coder->strongEncrAlg();
847
848 END_P12API
849}
850
851OSStatus SecPkcs12CopyCertCrlEncryptionAlg(
852 SecPkcs12CoderRef coder,
853 CFDataRef *encryptionAlg) // RETURNED
854{
855 BEGIN_P12API
856
857 P12Coder *p12coder = P12CoderCast(coder);
858 required(encryptionAlg);
859 *encryptionAlg = p12coder->weakEncrAlg();
860
861 END_P12API
862}
863
864OSStatus SecPkcs12CopyKeyEncryptionIterCount(
865 SecPkcs12CoderRef coder,
866 unsigned *iterCount) // RETURNED
867{
868 BEGIN_P12API
869
870 P12Coder *p12coder = P12CoderCast(coder);
871 required(iterCount);
872 *iterCount = p12coder->strongEncrIterCount();
873
874 END_P12API
875}
876
877OSStatus SecPkcs12CopyCertCrlEncryptionIterCount(
878 SecPkcs12CoderRef coder,
879 unsigned *iterCount) // RETURNED
880{
881 BEGIN_P12API
882
883 P12Coder *p12coder = P12CoderCast(coder);
884 required(iterCount);
885 *iterCount = p12coder->weakEncrIterCount();
886
887 END_P12API
888}
889
890OSStatus SecPkcs12CopyMacIterCount(
891 SecPkcs12CoderRef coder,
892 unsigned *iterCount) // RETURNED
893{
894 BEGIN_P12API
895
896 P12Coder *p12coder = P12CoderCast(coder);
897 required(iterCount);
898 *iterCount = p12coder->macEncrIterCount();
899
900 END_P12API
901}
902
903OSStatus SecPkcs12LimitPrivateKeyImport(
904 SecPkcs12CoderRef coder,
905 bool foundOneKey)
906{
907 BEGIN_P12API
908
909 P12Coder *p12coder = P12CoderCast(coder);
910 p12coder->limitPrivKeyImport(foundOneKey);
911
912 END_P12API
913}
mirror of Security