X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/80e2389990082500d76eb566d4946be3e786c3ef..d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb:/Security/libsecurity_pkcs12/lib/pkcs12Utils.h?ds=inline diff --git a/Security/libsecurity_pkcs12/lib/pkcs12Utils.h b/Security/libsecurity_pkcs12/lib/pkcs12Utils.h new file mode 100644 index 00000000..e39ebc3e --- /dev/null +++ b/Security/libsecurity_pkcs12/lib/pkcs12Utils.h @@ -0,0 +1,186 @@ +/* + * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved. + * + * @APPLE_LICENSE_HEADER_START@ + * + * This file contains Original Code and/or Modifications of Original Code + * as defined in and that are subject to the Apple Public Source License + * Version 2.0 (the 'License'). You may not use this file except in + * compliance with the License. Please obtain a copy of the License at + * http://www.opensource.apple.com/apsl/ and read it before using this + * file. + * + * The Original Code and all software distributed under the License are + * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER + * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, + * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. + * Please see the License for the specific language governing rights and + * limitations under the License. + * + * @APPLE_LICENSE_HEADER_END@ + */ +/* + * pkcs12Utils.h + */ + +#ifndef _PKCS12_UTILS_H_ +#define _PKCS12_UTILS_H_ + +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* malloc a NULL-ed array of pointers of size num+1 */ +void **p12NssNullArray( + uint32 num, + SecNssCoder &coder); + +/* CSSM_DATA --> uint32. Returns true if OK. */ +bool p12DataToInt( + const CSSM_DATA &cdata, + uint32 &u); + +/* uint32 --> CSSM_DATA */ +void p12IntToData( + uint32 num, + CSSM_DATA &cdata, + SecNssCoder &coder); + +/* CFDataRef <--> CSSM_DATA */ +CFDataRef p12CssmDataToCf( + const CSSM_DATA &c); +void p12CfDataToCssm( + CFDataRef cf, + CSSM_DATA &c, + SecNssCoder &coder); + +CSSM_DATA_PTR p12StringToUtf8( + CFStringRef cfStr, + SecNssCoder &coder); + +const char *p12BagTypeStr( + NSS_P12_SB_Type type); +const char *p7ContentInfoTypeStr( + NSS_P7_CI_Type type); + +/* map an OID to the components */ + +typedef enum { + PW_None, /* not comprehended */ + PW_PKCS5_v1_5, /* PKCS5 v1.5 */ + PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */ + PW_PKCS12 /* PKCS12 */ +} PKCS_Which; + +/* returns false if OID not found */ +bool pkcsOidToParams( + const CSSM_OID *oid, + CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES + CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE + CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5 + uint32 &keySizeInBits, + uint32 &blockSizeInBytes, // for IV, optional + CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc. + CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc. + PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12 + +CSSM_RETURN p12VerifyMac( + const NSS_P12_DecodedPFX &pfx, + CSSM_CSP_HANDLE cspHand, + const CSSM_DATA *pwd, // unicode, double null terminated + const CSSM_KEY *passKey, + SecNssCoder &coder);// for temp mallocs + +void p12GenSalt( + CSSM_DATA &salt, + SecNssCoder &coder); + +void p12GenLabel( + CSSM_DATA &label, + SecNssCoder &coder); + +void p12NullAlgParams( + CSSM_X509_ALGORITHM_IDENTIFIER &algId); + +/* + * Free memory via specified plugin's app-level allocator + */ +void freeCssmMemory( + CSSM_HANDLE hand, + void *p); + +/* + * Though it pains me to do this, I must. We "happen to know" the + * names (in string form) of two of a key's attributes. These + * have not been published anywhere, they are hard-coded into + * the script (KeySchema.m4) which generates the KeySchema + * tables. + */ + +/* + * This one is initially the same as the "label" argument passed + * in to the CSP when creating or importing keys; it eventually + * gets munged into the hash of the associated public key ( + * in our case, by p12SetPubKeyHash()). + */ +#define P12_KEY_ATTR_LABEL_AND_HASH "Label" + +/* + * This one is the user-friendly name. + */ +#define P12_KEY_ATTR_PRINT_NAME "PrintName" + +/* + * Find private key by label, modify its Label attr to be the + * hash of the associated public key. + */ +CSSM_RETURN p12SetPubKeyHash( + CSSM_CSP_HANDLE cspHand, // where the key lives + CSSM_DL_DB_HANDLE dlDbHand, // ditto + CSSM_DATA &keyLabel, // for DB lookup + CSSM_DATA_PTR newPrintName, // optional + SecNssCoder &coder, // for mallocing newLabel + CSSM_DATA &newLabel, // RETURNED with label as hash + CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect + +CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle, + uint32 AttributeType, + uint32 AttributeLength, + const void *AttributePtr); + +/* + * Find private key by specified label, delete it. + */ +CSSM_RETURN p12DeleteKey( + CSSM_DL_DB_HANDLE dlDbHand, + const CSSM_DATA &keyLabel); + +/* convert App passphrase to array of chars used in P12 PBE */ +void p12ImportPassPhrase( + CFStringRef inPhrase, + SecNssCoder &coder, + CSSM_DATA &outPhrase); + +/* + * Standard error throwMes. + * P12_ENCODE_ERR only occurs on DER-encode which should never fail. + */ +#define P12_DECODE_ERR errSecUnknownFormat +#define P12_ENCODE_ERR errSecInternalComponent +#define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR) +#define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR) + +#ifdef __cplusplus +} +#endif + +#endif /* _PKCS12_UTILS_H_ */ +