--- /dev/null
+/*
+ * Copyright (c) 2003-2004,2011-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+/*
+ * SecPkcs12.cpp
+ */
+
+#include "SecPkcs12.h"
+#include "pkcs12Coder.h"
+#include "pkcs12BagAttrs.h"
+#include "pkcs12SafeBag.h"
+#include "pkcs12Utils.h"
+#include <security_cdsa_utilities/cssmerrors.h>
+#include <Security/SecBasePriv.h>
+
+/*
+ * API function call wrappers, impermeable to C++ exceptions
+ */
+#define BEGIN_P12API \
+ try {
+
+#define END_P12API \
+ } \
+ catch (const MacOSError &err) { return err.osStatus(); } \
+ catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \
+ catch (const std::bad_alloc &) { return errSecAllocate; } \
+ catch (...) { return errSecInternalComponent; } \
+ return errSecSuccess;
+
+/* catch incoming NULL parameters */
+static inline void required(
+ const void *param)
+{
+ if(param == NULL) {
+ MacOSError::throwMe(errSecParam);
+ }
+}
+
+/*
+ * Standard means of casting a SecPkcs12CoderRef to a P12Coder *
+ */
+static inline P12Coder *P12CoderCast(
+ SecPkcs12CoderRef coder)
+{
+ required(coder);
+ return reinterpret_cast<P12Coder *>(coder);
+}
+
+/*
+ * Standard means of casting a SecPkcs12AttrsRef to a P12BagAttrs *
+ * This one uses the P12BagAttrsStandAlone version, not tied to
+ * a specific P12Coder (actually, to a P12Coder's SecNssCoder).
+ */
+static inline P12BagAttrsStandAlone *P12AttrsCast(
+ SecPkcs12AttrsRef attrs)
+{
+ if(attrs == NULL) {
+ MacOSError::throwMe(errSecParam);
+ }
+ return reinterpret_cast<P12BagAttrsStandAlone *>(attrs);
+}
+
+/* optional flavor used in SecPkcs12Add*() */
+static inline P12BagAttrs *P12AttrsCastOpt(
+ SecPkcs12AttrsRef attrs)
+{
+ return reinterpret_cast<P12BagAttrs *>(attrs);
+}
+
+#pragma mark --- SecPkcs12CoderRef create/destroy ---
+
+/*
+ * Basic SecPkcs12CoderRef create/destroy.
+ */
+OSStatus SecPkcs12CoderCreate(
+ SecPkcs12CoderRef *coder) // RETURNED
+{
+ BEGIN_P12API
+
+ required(coder);
+ P12Coder *p12coder = new P12Coder;
+ *coder = p12coder;
+
+ END_P12API
+}
+
+/*
+ * Destroy object created in SecPkcs12CoderCreate.
+ * This will go away if we make this object a CoreFoundation type.
+ */
+OSStatus SecPkcs12CoderRelease(
+ SecPkcs12CoderRef coder)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ delete p12coder;
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetMACPassphrase(
+ SecPkcs12CoderRef coder,
+ CFStringRef passphrase)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(passphrase);
+ p12coder->setMacPassPhrase(passphrase);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetMACPassKey(
+ SecPkcs12CoderRef coder,
+ const CSSM_KEY *passKey)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(passKey);
+ p12coder->setMacPassKey(passKey);
+
+ END_P12API
+}
+
+/*
+ * Specify separate passphrase for encrypt/decrypt.
+ */
+OSStatus SecPkcs12SetCryptPassphrase(
+ SecPkcs12CoderRef coder,
+ CFStringRef passphrase)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(passphrase);
+ p12coder->setEncrPassPhrase(passphrase);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetCryptPassKey(
+ SecPkcs12CoderRef coder,
+ const CSSM_KEY *passKey)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(passKey);
+ p12coder->setEncrPassKey(passKey);
+
+ END_P12API
+}
+
+
+/*
+ * Target location of decoded keys and certs.
+ */
+OSStatus SecPkcs12SetKeychain(
+ SecPkcs12CoderRef coder,
+ SecKeychainRef keychain)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(keychain);
+ p12coder->setKeychain(keychain);
+
+ END_P12API
+}
+
+/*
+ * Required iff SecPkcs12SetKeychain() not called.
+ */
+OSStatus SecPkcs12SetCspHandle(
+ SecPkcs12CoderRef coder,
+ CSSM_CSP_HANDLE cspHandle)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->setCsp(cspHandle);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetImportToKeychain(
+ SecPkcs12CoderRef coder,
+ SecPkcs12ImportFlags flags)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->importFlags(flags);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12GetImportToKeychain(
+ SecPkcs12CoderRef coder,
+ SecPkcs12ImportFlags *flags) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(flags);
+ *flags = p12coder->importFlags();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12ExportKeychainItems(
+ SecPkcs12CoderRef coder,
+ CFArrayRef items)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(items);
+ p12coder->exportKeychainItems(items);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetAccess(
+ SecPkcs12CoderRef coder,
+ SecAccessRef access)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->setAccess(access);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetKeyUsage(
+ SecPkcs12CoderRef coder,
+ CSSM_KEYUSE keyUsage)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->setKeyUsage(keyUsage);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetKeyAttrs(
+ SecPkcs12CoderRef coder,
+ CSSM_KEYATTR_FLAGS keyAttrs)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->setKeyAttrs(keyAttrs);
+
+ END_P12API
+}
+
+#pragma mark --- Decoder Functions ---
+
+/*
+ * Parse and decode.
+ */
+OSStatus SecPkcs12Decode(
+ SecPkcs12CoderRef coder,
+ CFDataRef pfx)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(pfx);
+ try {
+ p12coder->decode(pfx);
+ }
+ catch(...) {
+ /* abort - clean up - delete stored keys */
+ p12coder->deleteDecodedItems();
+ throw;
+ }
+ END_P12API
+}
+
+/*
+ * Subsequent to decoding, obtain the components.
+ * These functions can also be used as "getter" functions while encoding.
+ *
+ * Certificates:
+ */
+OSStatus SecPkcs12CertificateCount(
+ SecPkcs12CoderRef coder,
+ CFIndex *numCerts) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(numCerts);
+ *numCerts = p12coder->numCerts();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyCertificate(
+ SecPkcs12CoderRef coder,
+ CFIndex certNum,
+ SecCertificateRef *secCert, // RETURNED
+ CFStringRef *friendlyName, // RETURNED
+ CFDataRef *localKeyId, // RETURNED
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(secCert);
+ /* others are optional - if NULL, we don't return that param */
+ P12CertBag *bag = p12coder->getCert((unsigned)certNum);
+ *secCert = bag->getSecCert();
+
+ /* now the optional attrs */
+ P12BagAttrs *p12Attrs = NULL;
+ bag->copyAllAttrs(friendlyName, localKeyId,
+ attrs ? &p12Attrs : NULL);
+ if(p12Attrs) {
+ *attrs = p12Attrs;
+ }
+ END_P12API
+}
+
+/*
+ * CRLs. The might change if a SecCrl type is defined elsewhere.
+ * We'll typedef it here to preserve the semantics of this function.
+ */
+OSStatus SecPkcs12CrlCount(
+ SecPkcs12CoderRef coder,
+ CFIndex *numCrls) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(numCrls);
+ *numCrls = p12coder->numCrls();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyCrl(
+ SecPkcs12CoderRef coder,
+ CFIndex crlNum,
+ SecCrlRef *crl, // RETURNED
+ CFStringRef *friendlyName, // RETURNED
+ CFDataRef *localKeyId, // RETURNED
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(crl);
+ /* others are optional - if NULL, we don't return that param */
+ P12CrlBag *bag = p12coder->getCrl((unsigned)crlNum);
+ *crl = p12CssmDataToCf(bag->crlData());
+
+ /* now the optional attrs */
+ P12BagAttrs *p12Attrs = NULL;
+ bag->copyAllAttrs(friendlyName, localKeyId,
+ attrs ? &p12Attrs : NULL);
+ if(p12Attrs) {
+ *attrs = p12Attrs;
+ }
+
+ END_P12API
+}
+
+/*
+ * Private keys.
+ */
+OSStatus SecPkcs12PrivateKeyCount(
+ SecPkcs12CoderRef coder,
+ CFIndex *numKeys) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(numKeys);
+ *numKeys = p12coder->numKeys();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyPrivateKey(
+ SecPkcs12CoderRef coder,
+ CFIndex keyNum,
+ SecKeyRef *privateKey, // RETURNED
+ CFStringRef *friendlyName, // RETURNED
+ CFDataRef *localKeyId, // RETURNED
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+ /*P12Coder *p12coder = P12CoderCast(coder); */
+ return errSecUnimplemented;
+ END_P12API
+}
+
+OSStatus SecPkcs12GetCssmPrivateKey(
+ SecPkcs12CoderRef coder,
+ CFIndex keyNum,
+ CSSM_KEY_PTR *privateKey, // RETURNED
+ CFStringRef *friendlyName, // RETURNED
+ CFDataRef *localKeyId, // RETURNED
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(privateKey);
+ /* others are optional - if NULL, we don't return that param */
+ P12KeyBag *bag = p12coder->getKey((unsigned)keyNum);
+ *privateKey = bag->key();
+
+ /* now the optional attrs */
+ P12BagAttrs *p12Attrs = NULL;
+ bag->copyAllAttrs(friendlyName, localKeyId,
+ attrs ? &p12Attrs : NULL);
+ if(p12Attrs) {
+ *attrs = p12Attrs;
+ }
+
+ END_P12API
+}
+
+/*
+ * Catch-all for other components not currently understood
+ * or supported by this library. An "opaque blob" component
+ * is identified by an OID and is obtained as an opaque data
+ * blob.
+ */
+OSStatus SecPkcs12OpaqueBlobCount(
+ SecPkcs12CoderRef coder,
+ CFIndex *numBlobs) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(numBlobs);
+ *numBlobs = p12coder->numOpaqueBlobs();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyOpaqueBlob(
+ SecPkcs12CoderRef coder,
+ CFIndex blobNum,
+ CFDataRef *blobOid, // RETURNED
+ CFDataRef *opaqueBlob, // RETURNED
+ CFStringRef *friendlyName, // RETURNED
+ CFDataRef *localKeyId, // RETURNED
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(blobOid);
+ required(opaqueBlob);
+
+ /* others are optional - if NULL, we don't return that param */
+ P12OpaqueBag *bag = p12coder->getOpaque((unsigned)blobNum);
+ *opaqueBlob = p12CssmDataToCf(bag->blob());
+ *blobOid = p12CssmDataToCf(bag->oid());
+
+ /* now the optional attrs */
+ P12BagAttrs *p12Attrs = NULL;
+ bag->copyAllAttrs(friendlyName, localKeyId,
+ attrs ? &p12Attrs : NULL);
+ if(p12Attrs) {
+ *attrs = p12Attrs;
+ }
+
+ END_P12API
+}
+
+#pragma mark --- Encoder Functions ---
+
+/*
+ * This the final step to create an encoded PKCS12 PFX blob,
+ * after calling some number of SecPkcs12Set* functions below.
+ * The result is a DER_encoded PFX in PKCS12 lingo.
+ */
+OSStatus SecPkcs12Encode(
+ SecPkcs12CoderRef coder,
+ CFDataRef *pfx) // RETURNED
+{
+ BEGIN_P12API
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(pfx);
+ p12coder->encode(pfx);
+ END_P12API
+}
+
+/*
+ * Add individual components. "Getter" functions are available
+ * as described above (under "Functions used for decoding").
+ */
+OSStatus SecPkcs12AddCertificate(
+ SecPkcs12CoderRef coder,
+ SecCertificateRef cert,
+ CFStringRef friendlyName, // optional
+ CFDataRef localKeyId, // optional
+ SecPkcs12AttrsRef attrs) // optional
+{
+ BEGIN_P12API
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(cert);
+ CSSM_DATA certData;
+ OSStatus ortn = SecCertificateGetData(cert, &certData);
+ if(ortn) {
+ return ortn;
+ }
+ CSSM_CERT_TYPE certType;
+ ortn = SecCertificateGetType(cert, &certType);
+ if(ortn) {
+ return ortn;
+ }
+ NSS_P12_CertBagType type;
+ switch(certType) {
+ case CSSM_CERT_X_509v1:
+ case CSSM_CERT_X_509v2:
+ case CSSM_CERT_X_509v3:
+ type = CT_X509;
+ break;
+ case CSSM_CERT_SDSIv1:
+ type = CT_SDSI;
+ break;
+ default:
+ type = CT_Unknown;
+ break;
+ }
+ P12CertBag *bag = new P12CertBag(type, certData, friendlyName,
+ localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
+ p12coder->addCert(bag);
+ END_P12API
+}
+
+OSStatus SecPkcs12AddCrl(
+ SecPkcs12CoderRef coder,
+ SecCrlRef crl,
+ CFStringRef friendlyName, // optional
+ CFDataRef localKeyId, // optional
+ SecPkcs12AttrsRef attrs) // optional
+{
+ BEGIN_P12API
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(crl);
+ P12CrlBag *bag = new P12CrlBag(CRT_X509, crl, friendlyName,
+ localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
+ p12coder->addCrl(bag);
+ END_P12API
+}
+
+OSStatus SecPkcs12AddPrivateKey(
+ SecPkcs12CoderRef coder,
+ SecKeyRef privateKey,
+ CFStringRef friendlyName, // optional
+ CFDataRef localKeyId, // optional
+ SecPkcs12AttrsRef attrs) // optional
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(privateKey);
+ const CSSM_KEY *cssmKey;
+ OSStatus ortn = SecKeyGetCSSMKey(privateKey, &cssmKey);
+ if(ortn) {
+ return ortn;
+ }
+ P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
+ friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
+ p12coder->addKey(bag);
+
+ END_P12API
+}
+
+#if 0 /* Unused */
+OSStatus SecPkcs12AddCssmPrivateKey(
+ SecPkcs12CoderRef coder,
+ CSSM_KEY_PTR cssmKey,
+ CFStringRef friendlyName, // optional
+ CFDataRef localKeyId, // optional
+ SecPkcs12AttrsRef attrs) // optional
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(cssmKey);
+ P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(),
+ friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
+ p12coder->addKey(bag);
+
+ END_P12API
+}
+#endif
+
+OSStatus SecPkcs12AddOpaqueBlob(
+ SecPkcs12CoderRef coder,
+ CFDataRef blobOid,
+ CFDataRef opaqueBlob,
+ CFStringRef friendlyName, // optional
+ CFDataRef localKeyId, // optional
+ SecPkcs12AttrsRef attrs) // optional
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(blobOid);
+ required(opaqueBlob);
+ P12OpaqueBag *bag = new P12OpaqueBag(blobOid, opaqueBlob, friendlyName,
+ localKeyId, P12AttrsCastOpt(attrs), p12coder->coder());
+ p12coder->addOpaque(bag);
+
+ END_P12API
+}
+
+#pragma mark --- Optional Functions ---
+
+/***
+ *** SecPkcs12AttrsRef manipulation. Optional and in fact expected to
+ *** be rarely used, if ever.
+ ***/
+
+/*
+ * Create/destroy.
+ */
+OSStatus SecPkcs12AttrsCreate(
+ SecPkcs12AttrsRef *attrs) // RETURNED
+{
+ BEGIN_P12API
+
+ required(attrs);
+ P12BagAttrsStandAlone *bagAttrs = new P12BagAttrsStandAlone;
+ *attrs = (SecPkcs12AttrsRef)bagAttrs;
+
+ END_P12API
+}
+
+OSStatus SecPkcs12AttrsRelease(
+ SecPkcs12AttrsRef attrs)
+{
+ BEGIN_P12API
+
+ P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
+ delete bagAttrs;
+
+ END_P12API
+}
+
+/*
+ * Add an OID/value set to an existing SecPkcs12AttrsRef.
+ * Values are a CFArray containing an arbitrary number of
+ * CFDataRefs.
+ */
+OSStatus SecPkcs12AttrsAddAttr(
+ SecPkcs12AttrsRef attrs,
+ CFDataRef attrOid,
+ CFArrayRef attrValues)
+{
+ BEGIN_P12API
+
+ P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
+ bagAttrs->addAttr(attrOid, attrValues);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12AttrCount(
+ SecPkcs12AttrsRef attrs,
+ CFIndex *numAttrs) // RETURNED
+{
+ BEGIN_P12API
+
+ P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
+ required(numAttrs);
+ *numAttrs = bagAttrs->numAttrs();
+
+ END_P12API
+}
+
+/*
+ * Obtain n'th oid/value set from an existing SecPkcs12AttrsRef.
+ */
+OSStatus SecPkcs12AttrsGetAttr(
+ SecPkcs12AttrsRef attrs,
+ CFIndex attrNum,
+ CFDataRef *attrOid, // RETURNED
+ CFArrayRef *attrValues) // RETURNED
+{
+ BEGIN_P12API
+
+ P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs);
+ required(attrOid);
+ required(attrValues);
+ bagAttrs->getAttr((unsigned)attrNum, attrOid, attrValues);
+ END_P12API
+}
+
+OSStatus SecPkcs12SetIntegrityMode(
+ SecPkcs12CoderRef coder,
+ SecPkcs12Mode mode)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->integrityMode(mode);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12GetIntegrityMode(
+ SecPkcs12CoderRef coder,
+ SecPkcs12Mode *mode) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(mode);
+ *mode = p12coder->integrityMode();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetPrivacyMode(
+ SecPkcs12CoderRef coder,
+ SecPkcs12Mode mode)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->privacyMode(mode);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12GetPrivacyMode(
+ SecPkcs12CoderRef coder,
+ SecPkcs12Mode *mode) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(mode);
+ *mode = p12coder->privacyMode();
+
+ END_P12API
+}
+
+/***
+ *** Encryption algorithms
+ ***/
+OSStatus SecPkcs12SetKeyEncryptionAlg(
+ SecPkcs12CoderRef coder,
+ CFDataRef encryptionAlg)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(encryptionAlg);
+ p12coder->strongEncrAlg(encryptionAlg);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetCertCrlEncryptionAlg(
+ SecPkcs12CoderRef coder,
+ CFDataRef encryptionAlg)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(encryptionAlg);
+ p12coder->weakEncrAlg(encryptionAlg);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetKeyEncryptionIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned iterCount)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->strongEncrIterCount(iterCount);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetCertCrlEncryptionIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned iterCount)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->weakEncrIterCount(iterCount);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12SetMacIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned iterCount)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->macEncrIterCount(iterCount);
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyKeyEncryptionAlg(
+ SecPkcs12CoderRef coder,
+ CFDataRef *encryptionAlg) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(encryptionAlg);
+ *encryptionAlg = p12coder->strongEncrAlg();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyCertCrlEncryptionAlg(
+ SecPkcs12CoderRef coder,
+ CFDataRef *encryptionAlg) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(encryptionAlg);
+ *encryptionAlg = p12coder->weakEncrAlg();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyKeyEncryptionIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned *iterCount) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(iterCount);
+ *iterCount = p12coder->strongEncrIterCount();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyCertCrlEncryptionIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned *iterCount) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(iterCount);
+ *iterCount = p12coder->weakEncrIterCount();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12CopyMacIterCount(
+ SecPkcs12CoderRef coder,
+ unsigned *iterCount) // RETURNED
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ required(iterCount);
+ *iterCount = p12coder->macEncrIterCount();
+
+ END_P12API
+}
+
+OSStatus SecPkcs12LimitPrivateKeyImport(
+ SecPkcs12CoderRef coder,
+ bool foundOneKey)
+{
+ BEGIN_P12API
+
+ P12Coder *p12coder = P12CoderCast(coder);
+ p12coder->limitPrivKeyImport(foundOneKey);
+
+ END_P12API
+}
projects / apple / security.git / blobdiff