--- /dev/null
+/*
+ * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
+ *
+ * @APPLE_LICENSE_HEADER_START@
+ *
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ *
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ *
+ * @APPLE_LICENSE_HEADER_END@
+ */
+/*
+ * pkcs12Utils.h
+ */
+
+#ifndef _PKCS12_UTILS_H_
+#define _PKCS12_UTILS_H_
+
+#include <Security/cssmtype.h>
+#include <security_asn1/SecNssCoder.h>
+#include <security_pkcs12/pkcs7Templates.h>
+#include <security_pkcs12/pkcs12Templates.h>
+#include <Security/cssmerr.h>
+#include <CoreFoundation/CoreFoundation.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* malloc a NULL-ed array of pointers of size num+1 */
+void **p12NssNullArray(
+ uint32 num,
+ SecNssCoder &coder);
+
+/* CSSM_DATA --> uint32. Returns true if OK. */
+bool p12DataToInt(
+ const CSSM_DATA &cdata,
+ uint32 &u);
+
+/* uint32 --> CSSM_DATA */
+void p12IntToData(
+ uint32 num,
+ CSSM_DATA &cdata,
+ SecNssCoder &coder);
+
+/* CFDataRef <--> CSSM_DATA */
+CFDataRef p12CssmDataToCf(
+ const CSSM_DATA &c);
+void p12CfDataToCssm(
+ CFDataRef cf,
+ CSSM_DATA &c,
+ SecNssCoder &coder);
+
+CSSM_DATA_PTR p12StringToUtf8(
+ CFStringRef cfStr,
+ SecNssCoder &coder);
+
+const char *p12BagTypeStr(
+ NSS_P12_SB_Type type);
+const char *p7ContentInfoTypeStr(
+ NSS_P7_CI_Type type);
+
+/* map an OID to the components */
+
+typedef enum {
+ PW_None, /* not comprehended */
+ PW_PKCS5_v1_5, /* PKCS5 v1.5 */
+ PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */
+ PW_PKCS12 /* PKCS12 */
+} PKCS_Which;
+
+/* returns false if OID not found */
+bool pkcsOidToParams(
+ const CSSM_OID *oid,
+ CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES
+ CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE
+ CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5
+ uint32 &keySizeInBits,
+ uint32 &blockSizeInBytes, // for IV, optional
+ CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc.
+ CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc.
+ PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12
+
+CSSM_RETURN p12VerifyMac(
+ const NSS_P12_DecodedPFX &pfx,
+ CSSM_CSP_HANDLE cspHand,
+ const CSSM_DATA *pwd, // unicode, double null terminated
+ const CSSM_KEY *passKey,
+ SecNssCoder &coder);// for temp mallocs
+
+void p12GenSalt(
+ CSSM_DATA &salt,
+ SecNssCoder &coder);
+
+void p12GenLabel(
+ CSSM_DATA &label,
+ SecNssCoder &coder);
+
+void p12NullAlgParams(
+ CSSM_X509_ALGORITHM_IDENTIFIER &algId);
+
+/*
+ * Free memory via specified plugin's app-level allocator
+ */
+void freeCssmMemory(
+ CSSM_HANDLE hand,
+ void *p);
+
+/*
+ * Though it pains me to do this, I must. We "happen to know" the
+ * names (in string form) of two of a key's attributes. These
+ * have not been published anywhere, they are hard-coded into
+ * the script (KeySchema.m4) which generates the KeySchema
+ * tables.
+ */
+
+/*
+ * This one is initially the same as the "label" argument passed
+ * in to the CSP when creating or importing keys; it eventually
+ * gets munged into the hash of the associated public key (
+ * in our case, by p12SetPubKeyHash()).
+ */
+#define P12_KEY_ATTR_LABEL_AND_HASH "Label"
+
+/*
+ * This one is the user-friendly name.
+ */
+#define P12_KEY_ATTR_PRINT_NAME "PrintName"
+
+/*
+ * Find private key by label, modify its Label attr to be the
+ * hash of the associated public key.
+ */
+CSSM_RETURN p12SetPubKeyHash(
+ CSSM_CSP_HANDLE cspHand, // where the key lives
+ CSSM_DL_DB_HANDLE dlDbHand, // ditto
+ CSSM_DATA &keyLabel, // for DB lookup
+ CSSM_DATA_PTR newPrintName, // optional
+ SecNssCoder &coder, // for mallocing newLabel
+ CSSM_DATA &newLabel, // RETURNED with label as hash
+ CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect
+
+CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
+ uint32 AttributeType,
+ uint32 AttributeLength,
+ const void *AttributePtr);
+
+/*
+ * Find private key by specified label, delete it.
+ */
+CSSM_RETURN p12DeleteKey(
+ CSSM_DL_DB_HANDLE dlDbHand,
+ const CSSM_DATA &keyLabel);
+
+/* convert App passphrase to array of chars used in P12 PBE */
+void p12ImportPassPhrase(
+ CFStringRef inPhrase,
+ SecNssCoder &coder,
+ CSSM_DATA &outPhrase);
+
+/*
+ * Standard error throwMes.
+ * P12_ENCODE_ERR only occurs on DER-encode which should never fail.
+ */
+#define P12_DECODE_ERR errSecUnknownFormat
+#define P12_ENCODE_ERR errSecInternalComponent
+#define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR)
+#define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* _PKCS12_UTILS_H_ */
+
projects / apple / security.git / blobdiff