]> git.saurik.com Git - apple/security.git/blob - Security/libsecurity_pkcs12/lib/pkcs12Utils.h
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-57031.40.6.tar.gz
[apple/security.git] / Security / libsecurity_pkcs12 / lib / pkcs12Utils.h
1 /*
2 * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 /*
24 * pkcs12Utils.h
25 */
26
27 #ifndef _PKCS12_UTILS_H_
28 #define _PKCS12_UTILS_H_
29
30 #include <Security/cssmtype.h>
31 #include <security_asn1/SecNssCoder.h>
32 #include <security_pkcs12/pkcs7Templates.h>
33 #include <security_pkcs12/pkcs12Templates.h>
34 #include <Security/cssmerr.h>
35 #include <CoreFoundation/CoreFoundation.h>
36
37 #ifdef __cplusplus
38 extern "C" {
39 #endif
40
41 /* malloc a NULL-ed array of pointers of size num+1 */
42 void **p12NssNullArray(
43 uint32 num,
44 SecNssCoder &coder);
45
46 /* CSSM_DATA --> uint32. Returns true if OK. */
47 bool p12DataToInt(
48 const CSSM_DATA &cdata,
49 uint32 &u);
50
51 /* uint32 --> CSSM_DATA */
52 void p12IntToData(
53 uint32 num,
54 CSSM_DATA &cdata,
55 SecNssCoder &coder);
56
57 /* CFDataRef <--> CSSM_DATA */
58 CFDataRef p12CssmDataToCf(
59 const CSSM_DATA &c);
60 void p12CfDataToCssm(
61 CFDataRef cf,
62 CSSM_DATA &c,
63 SecNssCoder &coder);
64
65 CSSM_DATA_PTR p12StringToUtf8(
66 CFStringRef cfStr,
67 SecNssCoder &coder);
68
69 const char *p12BagTypeStr(
70 NSS_P12_SB_Type type);
71 const char *p7ContentInfoTypeStr(
72 NSS_P7_CI_Type type);
73
74 /* map an OID to the components */
75
76 typedef enum {
77 PW_None, /* not comprehended */
78 PW_PKCS5_v1_5, /* PKCS5 v1.5 */
79 PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */
80 PW_PKCS12 /* PKCS12 */
81 } PKCS_Which;
82
83 /* returns false if OID not found */
84 bool pkcsOidToParams(
85 const CSSM_OID *oid,
86 CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES
87 CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE
88 CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5
89 uint32 &keySizeInBits,
90 uint32 &blockSizeInBytes, // for IV, optional
91 CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc.
92 CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc.
93 PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12
94
95 CSSM_RETURN p12VerifyMac(
96 const NSS_P12_DecodedPFX &pfx,
97 CSSM_CSP_HANDLE cspHand,
98 const CSSM_DATA *pwd, // unicode, double null terminated
99 const CSSM_KEY *passKey,
100 SecNssCoder &coder);// for temp mallocs
101
102 void p12GenSalt(
103 CSSM_DATA &salt,
104 SecNssCoder &coder);
105
106 void p12GenLabel(
107 CSSM_DATA &label,
108 SecNssCoder &coder);
109
110 void p12NullAlgParams(
111 CSSM_X509_ALGORITHM_IDENTIFIER &algId);
112
113 /*
114 * Free memory via specified plugin's app-level allocator
115 */
116 void freeCssmMemory(
117 CSSM_HANDLE hand,
118 void *p);
119
120 /*
121 * Though it pains me to do this, I must. We "happen to know" the
122 * names (in string form) of two of a key's attributes. These
123 * have not been published anywhere, they are hard-coded into
124 * the script (KeySchema.m4) which generates the KeySchema
125 * tables.
126 */
127
128 /*
129 * This one is initially the same as the "label" argument passed
130 * in to the CSP when creating or importing keys; it eventually
131 * gets munged into the hash of the associated public key (
132 * in our case, by p12SetPubKeyHash()).
133 */
134 #define P12_KEY_ATTR_LABEL_AND_HASH "Label"
135
136 /*
137 * This one is the user-friendly name.
138 */
139 #define P12_KEY_ATTR_PRINT_NAME "PrintName"
140
141 /*
142 * Find private key by label, modify its Label attr to be the
143 * hash of the associated public key.
144 */
145 CSSM_RETURN p12SetPubKeyHash(
146 CSSM_CSP_HANDLE cspHand, // where the key lives
147 CSSM_DL_DB_HANDLE dlDbHand, // ditto
148 CSSM_DATA &keyLabel, // for DB lookup
149 CSSM_DATA_PTR newPrintName, // optional
150 SecNssCoder &coder, // for mallocing newLabel
151 CSSM_DATA &newLabel, // RETURNED with label as hash
152 CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect
153
154 CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
155 uint32 AttributeType,
156 uint32 AttributeLength,
157 const void *AttributePtr);
158
159 /*
160 * Find private key by specified label, delete it.
161 */
162 CSSM_RETURN p12DeleteKey(
163 CSSM_DL_DB_HANDLE dlDbHand,
164 const CSSM_DATA &keyLabel);
165
166 /* convert App passphrase to array of chars used in P12 PBE */
167 void p12ImportPassPhrase(
168 CFStringRef inPhrase,
169 SecNssCoder &coder,
170 CSSM_DATA &outPhrase);
171
172 /*
173 * Standard error throwMes.
174 * P12_ENCODE_ERR only occurs on DER-encode which should never fail.
175 */
176 #define P12_DECODE_ERR errSecUnknownFormat
177 #define P12_ENCODE_ERR errSecInternalComponent
178 #define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR)
179 #define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR)
180
181 #ifdef __cplusplus
182 }
183 #endif
184
185 #endif /* _PKCS12_UTILS_H_ */
186
mirror of Security