]> git.saurik.com Git - apple/security.git/blob - libsecurity_pkcs12/lib/SecPkcs12.cpp
projects / apple / security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Security-55179.13.tar.gz
[apple/security.git] / libsecurity_pkcs12 / lib / SecPkcs12.cpp
1 /*
2 * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23 /*
24 * SecPkcs12.cpp
25 */
26
27 #include "SecPkcs12.h"
28 #include "pkcs12Coder.h"
29 #include "pkcs12BagAttrs.h"
30 #include "pkcs12SafeBag.h"
31 #include "pkcs12Utils.h"
32 #include <CoreServices/../Frameworks/CarbonCore.framework/Headers/MacErrors.h>
33 #include <security_cdsa_utilities/cssmerrors.h>
34 #include <Security/SecBasePriv.h>
35
36 /*
37 * API function call wrappers, impermeable to C++ exceptions
38 */
39 #define BEGIN_P12API \
40 try {
41
42 #define END_P12API \
43 } \
44 catch (const MacOSError &err) { return err.osStatus(); } \
45 catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
46 catch (const std::bad_alloc &) { return memFullErr; } \
47 catch (...) { return internalComponentErr; } \
48 return noErr;
49
50 /* catch incoming NULL parameters */
51 static inline void required(
52 const void *param)
53 {
54 if(param == NULL) {
55 MacOSError::throwMe(paramErr);
56 }
57 }
58
59 /*
60 * Standard means of casting a SecPkcs12CoderRef to a P12Coder *
61 */
62 static inline P12Coder *P12CoderCast(
63 SecPkcs12CoderRef coder)
64 {
65 required(coder);
66 return reinterpret_cast<P12Coder *>(coder);
67 }
68
69 /*
70 * Standard means of casting a SecPkcs12AttrsRef to a P12BagAttrs *
71 * This one uses the P12BagAttrsStandAlone version, not tied to
72 * a specific P12Coder (actually, to a P12Coder's SecNssCoder).
73 */
74 static inline P12BagAttrsStandAlone *P12AttrsCast(
75 SecPkcs12AttrsRef attrs)
76 {
77 if(attrs == NULL) {
78 MacOSError::throwMe(paramErr);
79 }
80 return reinterpret_cast<P12BagAttrsStandAlone *>(attrs);
81 }
82
83 /* optional flavor used in SecPkcs12Add*() */
84 static inline P12BagAttrs *P12AttrsCastOpt(
85 SecPkcs12AttrsRef attrs)
86 {
87 return reinterpret_cast<P12BagAttrs *>(attrs);
88 }
89
90 #pragma mark --- SecPkcs12CoderRef create/destroy ---
91
92 /*
93 * Basic SecPkcs12CoderRef create/destroy.
94 */
95 OSStatus SecPkcs12CoderCreate(
96 SecPkcs12CoderRef *coder) // RETURNED
97 {
98 BEGIN_P12API
99
100 required(coder);
101 P12Coder *p12coder = new P12Coder;
102 *coder = p12coder;
103
104 END_P12API
105 }
106
107 /*
108 * Destroy object created in SecPkcs12CoderCreate.
109 * This will go away if we make this object a CoreFoundation type.
110 */
111 OSStatus SecPkcs12CoderRelease(
112 SecPkcs12CoderRef coder)
113 {
114 BEGIN_P12API
115
116 P12Coder *p12coder = P12CoderCast(coder);
117 delete p12coder;
118
119 END_P12API
120 }
121
122 OSStatus SecPkcs12SetMACPassphrase(
123 SecPkcs12CoderRef coder,
124 CFStringRef passphrase)
125 {
126 BEGIN_P12API
127
128 P12Coder *p12coder = P12CoderCast(coder);
129 required(passphrase);
130 p12coder->setMacPassPhrase(passphrase);
131
132 END_P12API
133 }
134
135 OSStatus SecPkcs12SetMACPassKey(
136 SecPkcs12CoderRef coder,
137 const CSSM_KEY *passKey)
138 {
139 BEGIN_P12API
140
141 P12Coder *p12coder = P12CoderCast(coder);
142 required(passKey);
143 p12coder->setMacPassKey(passKey);
144
145 END_P12API
146 }
147
148 /*
149 * Specify separate passphrase for encrypt/decrypt.
150 */
151 OSStatus SecPkcs12SetCryptPassphrase(
152 SecPkcs12CoderRef coder,
153 CFStringRef passphrase)
154 {
155 BEGIN_P12API
156
157 P12Coder *p12coder = P12CoderCast(coder);
158 required(passphrase);
159 p12coder->setEncrPassPhrase(passphrase);
160
161 END_P12API
162 }
163
164 OSStatus SecPkcs12SetCryptPassKey(
165 SecPkcs12CoderRef coder,
166 const CSSM_KEY *passKey)
167 {
168 BEGIN_P12API
169
170 P12Coder *p12coder = P12CoderCast(coder);
171 required(passKey);
172 p12coder->setEncrPassKey(passKey);
173
174 END_P12API
175 }
176
177
178 /*
179 * Target location of decoded keys and certs.
180 */
181 OSStatus SecPkcs12SetKeychain(
182 SecPkcs12CoderRef coder,
183 SecKeychainRef keychain)
184 {
185 BEGIN_P12API
186
187 P12Coder *p12coder = P12CoderCast(coder);
188 required(keychain);
189 p12coder->setKeychain(keychain);
190
191 END_P12API
192 }
193
194 /*
195 * Required iff SecPkcs12SetKeychain() not called.
196 */
197 OSStatus SecPkcs12SetCspHandle(
198 SecPkcs12CoderRef coder,
199 CSSM_CSP_HANDLE cspHandle)
200 {
201 BEGIN_P12API
202
203 P12Coder *p12coder = P12CoderCast(coder);
204 p12coder->setCsp(cspHandle);
205
206 END_P12API
207 }
208
209 OSStatus SecPkcs12SetImportToKeychain(
210 SecPkcs12CoderRef coder,
211 SecPkcs12ImportFlags flags)
212 {
213 BEGIN_P12API
214
215 P12Coder *p12coder = P12CoderCast(coder);
216 p12coder->importFlags(flags);
217
218 END_P12API
219 }
220
221 OSStatus SecPkcs12GetImportToKeychain(
222 SecPkcs12CoderRef coder,
223 SecPkcs12ImportFlags *flags) // RETURNED
224 {
225 BEGIN_P12API
226
227 P12Coder *p12coder = P12CoderCast(coder);
228 required(flags);
229 *flags = p12coder->importFlags();
230
231 END_P12API
232 }
233
234 OSStatus SecPkcs12ExportKeychainItems(
235 SecPkcs12CoderRef coder,
236 CFArrayRef items)
237 {
238 BEGIN_P12API
239
240 P12Coder *p12coder = P12CoderCast(coder);
241 required(items);
242 p12coder->exportKeychainItems(items);
243
244 END_P12API
245 }
246
247 OSStatus SecPkcs12SetAccess(
248 SecPkcs12CoderRef coder,
249 SecAccessRef access)
250 {
251 BEGIN_P12API
252
253 P12Coder *p12coder = P12CoderCast(coder);
254 p12coder->setAccess(access);
255
256 END_P12API
257 }
258
259 OSStatus SecPkcs12SetKeyUsage(
260 SecPkcs12CoderRef coder,
261 CSSM_KEYUSE keyUsage)
262 {
263 BEGIN_P12API
264
265 P12Coder *p12coder = P12CoderCast(coder);
266 p12coder->setKeyUsage(keyUsage);
267
268 END_P12API
269 }
270
271 OSStatus SecPkcs12SetKeyAttrs(
272 SecPkcs12CoderRef coder,
273 CSSM_KEYATTR_FLAGS keyAttrs)
274 {
275 BEGIN_P12API
276
277 P12Coder *p12coder = P12CoderCast(coder);
278 p12coder->setKeyAttrs(keyAttrs);
279
280 END_P12API
281 }
282
283 #pragma mark --- Decoder Functions ---
284
285 /*
286 * Parse and decode.
287 */
288 OSStatus SecPkcs12Decode(
289 SecPkcs12CoderRef coder,
290 CFDataRef pfx)
291 {
292 BEGIN_P12API
293
294 P12Coder *p12coder = P12CoderCast(coder);
295 required(pfx);
296 try {
297 p12coder->decode(pfx);
298 }
299 catch(...) {
300 /* abort - clean up - delete stored keys */
301 p12coder->deleteDecodedItems();
302 throw;
303 }
304 END_P12API
305 }
306
307 /*
308 * Subsequent to decoding, obtain the components.
309 * These functions can also be used as "getter" functions while encoding.
310 *
311 * Certificates:
312 */
313 OSStatus SecPkcs12CertificateCount(
314 SecPkcs12CoderRef coder,
315 CFIndex *numCerts) // RETURNED
316 {
317 BEGIN_P12API
318
319 P12Coder *p12coder = P12CoderCast(coder);
320 required(numCerts);
321 *numCerts = p12coder->numCerts();
322
323 END_P12API
324 }
325
326 OSStatus SecPkcs12CopyCertificate(
327 SecPkcs12CoderRef coder,
328 CFIndex certNum,
329 SecCertificateRef *secCert, // RETURNED
330 CFStringRef *friendlyName, // RETURNED
331 CFDataRef *localKeyId, // RETURNED
332 SecPkcs12AttrsRef *attrs) // RETURNED
333 {
334 BEGIN_P12API
335
336 P12Coder *p12coder = P12CoderCast(coder);
337 required(secCert);
338 /* others are optional - if NULL, we don't return that param */
339 P12CertBag *bag = p12coder->getCert(certNum);
340 *secCert = bag->getSecCert();
341
342 /* now the optional attrs */
343 P12BagAttrs *p12Attrs = NULL;
344 bag->copyAllAttrs(friendlyName, localKeyId,
345 attrs ? &p12Attrs : NULL);
346 if(p12Attrs) {
347 *attrs = p12Attrs;
348 }
349 END_P12API
350 }
351
352 /*
353 * CRLs. The might change if a SecCrl type is defined elsewhere.
354 * We'll typedef it here to preserve the semantics of this function.
355 */
356 OSStatus SecPkcs12CrlCount(
357 SecPkcs12CoderRef coder,
358 CFIndex *numCrls) // RETURNED
359 {
360 BEGIN_P12API
361
362 P12Coder *p12coder = P12CoderCast(coder);
363 required(numCrls);
364 *numCrls = p12coder->numCrls();
365
366 END_P12API
367 }
368
369 OSStatus SecPkcs12CopyCrl(
370 SecPkcs12CoderRef coder,
371 CFIndex crlNum,
372 SecCrlRef *crl, // RETURNED
373 CFStringRef *friendlyName, // RETURNED
374 CFDataRef *localKeyId, // RETURNED
375 SecPkcs12AttrsRef *attrs) // RETURNED
376 {
377 BEGIN_P12API
378
379 P12Coder *p12coder = P12CoderCast(coder);
380 required(crl);
381 /* others are optional - if NULL, we don't return that param */
382 P12CrlBag *bag = p12coder->getCrl(crlNum);
383 *crl = p12CssmDataToCf(bag->crlData());
384
385 /* now the optional attrs */
386 P12BagAttrs *p12Attrs = NULL;
387 bag->copyAllAttrs(friendlyName, localKeyId,
388 attrs ? &p12Attrs : NULL);
389 if(p12Attrs) {
390 *attrs = p12Attrs;
391 }
392
393 END_P12API
394 }
395
396 /*
397 * Private keys.
398 */
399 OSStatus SecPkcs12PrivateKeyCount(
400 SecPkcs12CoderRef coder,
401 CFIndex *numKeys) // RETURNED
402 {
403 BEGIN_P12API
404
405 P12Coder *p12coder = P12CoderCast(coder);
406 required(numKeys);
407 *numKeys = p12coder->numKeys();
408
409 END_P12API
410 }
411
412 OSStatus SecPkcs12CopyPrivateKey(
413 SecPkcs12CoderRef coder,
414 CFIndex keyNum,
415 SecKeyRef *privateKey, // RETURNED
416 CFStringRef *friendlyName, // RETURNED
417 CFDataRef *localKeyId, // RETURNED
418 SecPkcs12AttrsRef *attrs) // RETURNED
419 {
420 BEGIN_P12API
421 /*P12Coder *p12coder = P12CoderCast(coder); */
422 return unimpErr;
423 END_P12API
424 }
425
426 OSStatus SecPkcs12GetCssmPrivateKey(
427 SecPkcs12CoderRef coder,
428 CFIndex keyNum,
429 CSSM_KEY_PTR *privateKey, // RETURNED
430 CFStringRef *friendlyName, // RETURNED
431 CFDataRef *localKeyId, // RETURNED
432 SecPkcs12AttrsRef *attrs) // RETURNED
433 {
434 BEGIN_P12API
435 P12Coder *p12coder = P12CoderCast(coder);
436 required(privateKey);
437 /* others are optional - if NULL, we don't return that param */
438 P12KeyBag *bag = p12coder->getKey(keyNum);
439 *privateKey = bag->key();
440
441 /* now the optional attrs */
442 P12BagAttrs *p12Attrs = NULL;
443 bag->copyAllAttrs(friendlyName, localKeyId,
444 attrs ? &p12Attrs : NULL);
445 if(p12Attrs) {
446 *attrs = p12Attrs;
447 }
448
449 END_P12API
450 }
451
452 /*
453 * Catch-all for other components not currently understood
454 * or supported by this library. An "opaque blob" component
455 * is identified by an OID and is obtained as an opaque data
456 * blob.
457 */
458 OSStatus SecPkcs12OpaqueBlobCount(
459 SecPkcs12CoderRef coder,
460 CFIndex *numBlobs) // RETURNED
461 {
462 BEGIN_P12API
463
464 P12Coder *p12coder = P12CoderCast(coder);
465 required(numBlobs);
466 *numBlobs = p12coder->numOpaqueBlobs();
467
468 END_P12API
469 }
470
471 OSStatus SecPkcs12CopyOpaqueBlob(
472 SecPkcs12CoderRef coder,
473 CFIndex blobNum,
474 CFDataRef *blobOid, // RETURNED
475 CFDataRef *opaqueBlob, // RETURNED
476 CFStringRef *friendlyName, // RETURNED
477 CFDataRef *localKeyId, // RETURNED
478 SecPkcs12AttrsRef *attrs) // RETURNED
479 {
480 BEGIN_P12API
481
482 P12Coder *p12coder = P12CoderCast(coder);
483 required(blobOid);
484 required(opaqueBlob);
485
486 /* others are optional - if NULL, we don't return that param */
487 P12OpaqueBag *bag = p12coder->getOpaque(blobNum);
488 *opaqueBlob = p12CssmDataToCf(bag->blob());
489 *blobOid = p12CssmDataToCf(bag->oid());
490
491 /* now the optional attrs */
492 P12BagAttrs *p12Attrs = NULL;
493 bag->copyAllAttrs(friendlyName, localKeyId,
494 attrs ? &p12Attrs : NULL);
495 if(p12Attrs) {
496 *attrs = p12Attrs;
497 }
498
499 END_P12API
500 }
501
502 #pragma mark --- Encoder Functions ---
503
504 /*
505 * This the final step to create an encoded PKCS12 PFX blob,
506 * after calling some number of SecPkcs12Set* functions below.
507 * The result is a DER_encoded PFX in PKCS12 lingo.
508 */
509 OSStatus SecPkcs12Encode(
510 SecPkcs12CoderRef coder,
511 CFDataRef *pfx) // RETURNED
512 {
513 BEGIN_P12API
514 P12Coder *p12coder = P12CoderCast(coder);
515 required(pfx);
516 p12coder->encode(pfx);
517 END_P12API
518 }
519
520 /*
521 * Add individual components. "Getter" functions are available
522 * as described above (under "Functions used for decoding").
523 */
524 OSStatus SecPkcs12AddCertificate(
525 SecPkcs12CoderRef coder,
526 SecCertificateRef cert,
527 CFStringRef friendlyName, // optional
528 CFDataRef localKeyId, // optional
529 SecPkcs12AttrsRef attrs) // optional
530 {
531 BEGIN_P12API
532 P12Coder *p12coder = P12CoderCast(coder);
533 required(cert);
534 CSSM_DATA certData;
535 OSStatus ortn = SecCertificateGetData(cert, &certData);
536 if(ortn) {
537 return ortn;
538 }
539 CSSM_CERT_TYPE certType;
540 ortn = SecCertificateGetType(cert, &certType);
541 if(ortn) {
542 return ortn;
543 }
544 NSS_P12_CertBagType type;
545 switch(certType) {
546 case CSSM_CERT_X_509v1:
547 case CSSM_CERT_X_509v2:
548 case CSSM_CERT_X_509v3:
549 type = CT_X509;
550 break;
551 case CSSM_CERT_SDSIv1:
552 type = CT_SDSI;
553 break;
554 default:
555 type = CT_Unknown;
556 break;
557 }
558 P12CertBag *bag = new P12CertBag(type, certData, friendlyName,
559 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
560 p12coder->addCert(bag);
561 END_P12API
562 }
563
564 OSStatus SecPkcs12AddCrl(
565 SecPkcs12CoderRef coder,
566 SecCrlRef crl,
567 CFStringRef friendlyName, // optional
568 CFDataRef localKeyId, // optional
569 SecPkcs12AttrsRef attrs) // optional
570 {
571 BEGIN_P12API
572 P12Coder *p12coder = P12CoderCast(coder);
573 required(crl);
574 P12CrlBag *bag = new P12CrlBag(CRT_X509, crl, friendlyName,
575 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
576 p12coder->addCrl(bag);
577 END_P12API
578 }
579
580 OSStatus SecPkcs12AddPrivateKey(
581 SecPkcs12CoderRef coder,
582 SecKeyRef privateKey,
583 CFStringRef friendlyName, // optional
584 CFDataRef localKeyId, // optional
585 SecPkcs12AttrsRef attrs) // optional
586 {
587 BEGIN_P12API
588
589 P12Coder *p12coder = P12CoderCast(coder);
590 required(privateKey);
591 const CSSM_KEY *cssmKey;
592 OSStatus ortn = SecKeyGetCSSMKey(privateKey, &cssmKey);
593 if(ortn) {
594 return ortn;
595 }
596 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
597 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
598 p12coder->addKey(bag);
599
600 END_P12API
601 }
602
603 OSStatus SecPkcs12AddCssmPrivateKey(
604 SecPkcs12CoderRef coder,
605 CSSM_KEY_PTR cssmKey,
606 CFStringRef friendlyName, // optional
607 CFDataRef localKeyId, // optional
608 SecPkcs12AttrsRef attrs) // optional
609 {
610 BEGIN_P12API
611
612 P12Coder *p12coder = P12CoderCast(coder);
613 required(cssmKey);
614 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
615 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
616 p12coder->addKey(bag);
617
618 END_P12API
619 }
620
621 OSStatus SecPkcs12AddOpaqueBlob(
622 SecPkcs12CoderRef coder,
623 CFDataRef blobOid,
624 CFDataRef opaqueBlob,
625 CFStringRef friendlyName, // optional
626 CFDataRef localKeyId, // optional
627 SecPkcs12AttrsRef attrs) // optional
628 {
629 BEGIN_P12API
630
631 P12Coder *p12coder = P12CoderCast(coder);
632 required(blobOid);
633 required(opaqueBlob);
634 P12OpaqueBag *bag = new P12OpaqueBag(blobOid, opaqueBlob, friendlyName,
635 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
636 p12coder->addOpaque(bag);
637
638 END_P12API
639 }
640
641 #pragma mark --- Optional Functions ---
642
643 /***
644 *** SecPkcs12AttrsRef manipulation. Optional and in fact expected to
645 *** be rarely used, if ever.
646 ***/
647
648 /*
649 * Create/destroy.
650 */
651 OSStatus SecPkcs12AttrsCreate(
652 SecPkcs12AttrsRef *attrs) // RETURNED
653 {
654 BEGIN_P12API
655
656 required(attrs);
657 P12BagAttrsStandAlone *bagAttrs = new P12BagAttrsStandAlone;
658 *attrs = (SecPkcs12AttrsRef)bagAttrs;
659
660 END_P12API
661 }
662
663 OSStatus SecPkcs12AttrsRelease(
664 SecPkcs12AttrsRef attrs)
665 {
666 BEGIN_P12API
667
668 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
669 delete bagAttrs;
670
671 END_P12API
672 }
673
674 /*
675 * Add an OID/value set to an existing SecPkcs12AttrsRef.
676 * Values are a CFArray containing an arbitrary number of
677 * CFDataRefs.
678 */
679 OSStatus SecPkcs12AttrsAddAttr(
680 SecPkcs12AttrsRef attrs,
681 CFDataRef attrOid,
682 CFArrayRef attrValues)
683 {
684 BEGIN_P12API
685
686 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
687 bagAttrs->addAttr(attrOid, attrValues);
688
689 END_P12API
690 }
691
692 OSStatus SecPkcs12AttrCount(
693 SecPkcs12AttrsRef attrs,
694 CFIndex *numAttrs) // RETURNED
695 {
696 BEGIN_P12API
697
698 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
699 required(numAttrs);
700 *numAttrs = bagAttrs->numAttrs();
701
702 END_P12API
703 }
704
705 /*
706 * Obtain n'th oid/value set from an existing SecPkcs12AttrsRef.
707 */
708 OSStatus SecPkcs12AttrsGetAttr(
709 SecPkcs12AttrsRef attrs,
710 CFIndex attrNum,
711 CFDataRef *attrOid, // RETURNED
712 CFArrayRef *attrValues) // RETURNED
713 {
714 BEGIN_P12API
715
716 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
717 required(attrOid);
718 required(attrValues);
719 bagAttrs->getAttr(attrNum, attrOid, attrValues);
720 END_P12API
721 }
722
723 OSStatus SecPkcs12SetIntegrityMode(
724 SecPkcs12CoderRef coder,
725 SecPkcs12Mode mode)
726 {
727 BEGIN_P12API
728
729 P12Coder *p12coder = P12CoderCast(coder);
730 p12coder->integrityMode(mode);
731
732 END_P12API
733 }
734
735 OSStatus SecPkcs12GetIntegrityMode(
736 SecPkcs12CoderRef coder,
737 SecPkcs12Mode *mode) // RETURNED
738 {
739 BEGIN_P12API
740
741 P12Coder *p12coder = P12CoderCast(coder);
742 required(mode);
743 *mode = p12coder->integrityMode();
744
745 END_P12API
746 }
747
748 OSStatus SecPkcs12SetPrivacyMode(
749 SecPkcs12CoderRef coder,
750 SecPkcs12Mode mode)
751 {
752 BEGIN_P12API
753
754 P12Coder *p12coder = P12CoderCast(coder);
755 p12coder->privacyMode(mode);
756
757 END_P12API
758 }
759
760 OSStatus SecPkcs12GetPrivacyMode(
761 SecPkcs12CoderRef coder,
762 SecPkcs12Mode *mode) // RETURNED
763 {
764 BEGIN_P12API
765
766 P12Coder *p12coder = P12CoderCast(coder);
767 required(mode);
768 *mode = p12coder->privacyMode();
769
770 END_P12API
771 }
772
773 /***
774 *** Encryption algorithms
775 ***/
776 OSStatus SecPkcs12SetKeyEncryptionAlg(
777 SecPkcs12CoderRef coder,
778 CFDataRef encryptionAlg)
779 {
780 BEGIN_P12API
781
782 P12Coder *p12coder = P12CoderCast(coder);
783 required(encryptionAlg);
784 p12coder->strongEncrAlg(encryptionAlg);
785
786 END_P12API
787 }
788
789 OSStatus SecPkcs12SetCertCrlEncryptionAlg(
790 SecPkcs12CoderRef coder,
791 CFDataRef encryptionAlg)
792 {
793 BEGIN_P12API
794
795 P12Coder *p12coder = P12CoderCast(coder);
796 required(encryptionAlg);
797 p12coder->weakEncrAlg(encryptionAlg);
798
799 END_P12API
800 }
801
802 OSStatus SecPkcs12SetKeyEncryptionIterCount(
803 SecPkcs12CoderRef coder,
804 unsigned iterCount)
805 {
806 BEGIN_P12API
807
808 P12Coder *p12coder = P12CoderCast(coder);
809 p12coder->strongEncrIterCount(iterCount);
810
811 END_P12API
812 }
813
814 OSStatus SecPkcs12SetCertCrlEncryptionIterCount(
815 SecPkcs12CoderRef coder,
816 unsigned iterCount)
817 {
818 BEGIN_P12API
819
820 P12Coder *p12coder = P12CoderCast(coder);
821 p12coder->weakEncrIterCount(iterCount);
822
823 END_P12API
824 }
825
826 OSStatus SecPkcs12SetMacIterCount(
827 SecPkcs12CoderRef coder,
828 unsigned iterCount)
829 {
830 BEGIN_P12API
831
832 P12Coder *p12coder = P12CoderCast(coder);
833 p12coder->macEncrIterCount(iterCount);
834
835 END_P12API
836 }
837
838 OSStatus SecPkcs12CopyKeyEncryptionAlg(
839 SecPkcs12CoderRef coder,
840 CFDataRef *encryptionAlg) // RETURNED
841 {
842 BEGIN_P12API
843
844 P12Coder *p12coder = P12CoderCast(coder);
845 required(encryptionAlg);
846 *encryptionAlg = p12coder->strongEncrAlg();
847
848 END_P12API
849 }
850
851 OSStatus SecPkcs12CopyCertCrlEncryptionAlg(
852 SecPkcs12CoderRef coder,
853 CFDataRef *encryptionAlg) // RETURNED
854 {
855 BEGIN_P12API
856
857 P12Coder *p12coder = P12CoderCast(coder);
858 required(encryptionAlg);
859 *encryptionAlg = p12coder->weakEncrAlg();
860
861 END_P12API
862 }
863
864 OSStatus SecPkcs12CopyKeyEncryptionIterCount(
865 SecPkcs12CoderRef coder,
866 unsigned *iterCount) // RETURNED
867 {
868 BEGIN_P12API
869
870 P12Coder *p12coder = P12CoderCast(coder);
871 required(iterCount);
872 *iterCount = p12coder->strongEncrIterCount();
873
874 END_P12API
875 }
876
877 OSStatus SecPkcs12CopyCertCrlEncryptionIterCount(
878 SecPkcs12CoderRef coder,
879 unsigned *iterCount) // RETURNED
880 {
881 BEGIN_P12API
882
883 P12Coder *p12coder = P12CoderCast(coder);
884 required(iterCount);
885 *iterCount = p12coder->weakEncrIterCount();
886
887 END_P12API
888 }
889
890 OSStatus SecPkcs12CopyMacIterCount(
891 SecPkcs12CoderRef coder,
892 unsigned *iterCount) // RETURNED
893 {
894 BEGIN_P12API
895
896 P12Coder *p12coder = P12CoderCast(coder);
897 required(iterCount);
898 *iterCount = p12coder->macEncrIterCount();
899
900 END_P12API
901 }
902
903 OSStatus SecPkcs12LimitPrivateKeyImport(
904 SecPkcs12CoderRef coder,
905 bool foundOneKey)
906 {
907 BEGIN_P12API
908
909 P12Coder *p12coder = P12CoderCast(coder);
910 p12coder->limitPrivKeyImport(foundOneKey);
911
912 END_P12API
913 }
mirror of Security