1*8fb009dcSAndroid Build Coastguard Worker /* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL 2*8fb009dcSAndroid Build Coastguard Worker * project 1999. 3*8fb009dcSAndroid Build Coastguard Worker */ 4*8fb009dcSAndroid Build Coastguard Worker /* ==================================================================== 5*8fb009dcSAndroid Build Coastguard Worker * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 6*8fb009dcSAndroid Build Coastguard Worker * 7*8fb009dcSAndroid Build Coastguard Worker * Redistribution and use in source and binary forms, with or without 8*8fb009dcSAndroid Build Coastguard Worker * modification, are permitted provided that the following conditions 9*8fb009dcSAndroid Build Coastguard Worker * are met: 10*8fb009dcSAndroid Build Coastguard Worker * 11*8fb009dcSAndroid Build Coastguard Worker * 1. Redistributions of source code must retain the above copyright 12*8fb009dcSAndroid Build Coastguard Worker * notice, this list of conditions and the following disclaimer. 13*8fb009dcSAndroid Build Coastguard Worker * 14*8fb009dcSAndroid Build Coastguard Worker * 2. Redistributions in binary form must reproduce the above copyright 15*8fb009dcSAndroid Build Coastguard Worker * notice, this list of conditions and the following disclaimer in 16*8fb009dcSAndroid Build Coastguard Worker * the documentation and/or other materials provided with the 17*8fb009dcSAndroid Build Coastguard Worker * distribution. 18*8fb009dcSAndroid Build Coastguard Worker * 19*8fb009dcSAndroid Build Coastguard Worker * 3. All advertising materials mentioning features or use of this 20*8fb009dcSAndroid Build Coastguard Worker * software must display the following acknowledgment: 21*8fb009dcSAndroid Build Coastguard Worker * "This product includes software developed by the OpenSSL Project 22*8fb009dcSAndroid Build Coastguard Worker * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 23*8fb009dcSAndroid Build Coastguard Worker * 24*8fb009dcSAndroid Build Coastguard Worker * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 25*8fb009dcSAndroid Build Coastguard Worker * endorse or promote products derived from this software without 26*8fb009dcSAndroid Build Coastguard Worker * prior written permission. For written permission, please contact 27*8fb009dcSAndroid Build Coastguard Worker * [email protected]. 28*8fb009dcSAndroid Build Coastguard Worker * 29*8fb009dcSAndroid Build Coastguard Worker * 5. Products derived from this software may not be called "OpenSSL" 30*8fb009dcSAndroid Build Coastguard Worker * nor may "OpenSSL" appear in their names without prior written 31*8fb009dcSAndroid Build Coastguard Worker * permission of the OpenSSL Project. 32*8fb009dcSAndroid Build Coastguard Worker * 33*8fb009dcSAndroid Build Coastguard Worker * 6. Redistributions of any form whatsoever must retain the following 34*8fb009dcSAndroid Build Coastguard Worker * acknowledgment: 35*8fb009dcSAndroid Build Coastguard Worker * "This product includes software developed by the OpenSSL Project 36*8fb009dcSAndroid Build Coastguard Worker * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 37*8fb009dcSAndroid Build Coastguard Worker * 38*8fb009dcSAndroid Build Coastguard Worker * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 39*8fb009dcSAndroid Build Coastguard Worker * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 40*8fb009dcSAndroid Build Coastguard Worker * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 41*8fb009dcSAndroid Build Coastguard Worker * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 42*8fb009dcSAndroid Build Coastguard Worker * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 43*8fb009dcSAndroid Build Coastguard Worker * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 44*8fb009dcSAndroid Build Coastguard Worker * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 45*8fb009dcSAndroid Build Coastguard Worker * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 46*8fb009dcSAndroid Build Coastguard Worker * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 47*8fb009dcSAndroid Build Coastguard Worker * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 48*8fb009dcSAndroid Build Coastguard Worker * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49*8fb009dcSAndroid Build Coastguard Worker * OF THE POSSIBILITY OF SUCH DAMAGE. 50*8fb009dcSAndroid Build Coastguard Worker * ==================================================================== 51*8fb009dcSAndroid Build Coastguard Worker * 52*8fb009dcSAndroid Build Coastguard Worker * This product includes cryptographic software written by Eric Young 53*8fb009dcSAndroid Build Coastguard Worker * ([email protected]). This product includes software written by Tim 54*8fb009dcSAndroid Build Coastguard Worker * Hudson ([email protected]). */ 55*8fb009dcSAndroid Build Coastguard Worker 56*8fb009dcSAndroid Build Coastguard Worker 57*8fb009dcSAndroid Build Coastguard Worker #ifndef OPENSSL_HEADER_PKCS8_H 58*8fb009dcSAndroid Build Coastguard Worker #define OPENSSL_HEADER_PKCS8_H 59*8fb009dcSAndroid Build Coastguard Worker 60*8fb009dcSAndroid Build Coastguard Worker #include <openssl/base.h> 61*8fb009dcSAndroid Build Coastguard Worker #include <openssl/x509.h> 62*8fb009dcSAndroid Build Coastguard Worker 63*8fb009dcSAndroid Build Coastguard Worker 64*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 65*8fb009dcSAndroid Build Coastguard Worker extern "C" { 66*8fb009dcSAndroid Build Coastguard Worker #endif 67*8fb009dcSAndroid Build Coastguard Worker 68*8fb009dcSAndroid Build Coastguard Worker 69*8fb009dcSAndroid Build Coastguard Worker // PKCS8_encrypt serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 or 70*8fb009dcSAndroid Build Coastguard Worker // PBES2 as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4, 71*8fb009dcSAndroid Build Coastguard Worker // pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS 72*8fb009dcSAndroid Build Coastguard Worker // #12, and PBES2, are supported. PBES2 is selected by setting |cipher| and 73*8fb009dcSAndroid Build Coastguard Worker // passing -1 for |pbe_nid|. Otherwise, PBES1 is used and |cipher| is ignored. 74*8fb009dcSAndroid Build Coastguard Worker // 75*8fb009dcSAndroid Build Coastguard Worker // |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this 76*8fb009dcSAndroid Build Coastguard Worker // will be converted to a raw byte string as specified in B.1 of PKCS #12. If 77*8fb009dcSAndroid Build Coastguard Worker // |pass| is NULL, it will be encoded as the empty byte string rather than two 78*8fb009dcSAndroid Build Coastguard Worker // zero bytes, the PKCS #12 encoding of the empty string. 79*8fb009dcSAndroid Build Coastguard Worker // 80*8fb009dcSAndroid Build Coastguard Worker // If |salt| is NULL, a random salt of |salt_len| bytes is generated. If 81*8fb009dcSAndroid Build Coastguard Worker // |salt_len| is zero, a default salt length is used instead. 82*8fb009dcSAndroid Build Coastguard Worker // 83*8fb009dcSAndroid Build Coastguard Worker // The resulting structure is stored in an |X509_SIG| which must be freed by the 84*8fb009dcSAndroid Build Coastguard Worker // caller. 85*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, 86*8fb009dcSAndroid Build Coastguard Worker const char *pass, int pass_len, 87*8fb009dcSAndroid Build Coastguard Worker const uint8_t *salt, size_t salt_len, 88*8fb009dcSAndroid Build Coastguard Worker int iterations, 89*8fb009dcSAndroid Build Coastguard Worker PKCS8_PRIV_KEY_INFO *p8inf); 90*8fb009dcSAndroid Build Coastguard Worker 91*8fb009dcSAndroid Build Coastguard Worker // PKCS8_marshal_encrypted_private_key behaves like |PKCS8_encrypt| but encrypts 92*8fb009dcSAndroid Build Coastguard Worker // an |EVP_PKEY| and writes the serialized EncryptedPrivateKeyInfo to |out|. It 93*8fb009dcSAndroid Build Coastguard Worker // returns one on success and zero on error. 94*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int PKCS8_marshal_encrypted_private_key( 95*8fb009dcSAndroid Build Coastguard Worker CBB *out, int pbe_nid, const EVP_CIPHER *cipher, const char *pass, 96*8fb009dcSAndroid Build Coastguard Worker size_t pass_len, const uint8_t *salt, size_t salt_len, int iterations, 97*8fb009dcSAndroid Build Coastguard Worker const EVP_PKEY *pkey); 98*8fb009dcSAndroid Build Coastguard Worker 99*8fb009dcSAndroid Build Coastguard Worker // PKCS8_decrypt decrypts and decodes a PKCS8_PRIV_KEY_INFO with PBES1 or PBES2 100*8fb009dcSAndroid Build Coastguard Worker // as defined in PKCS #5. Only pbeWithSHAAnd128BitRC4, 101*8fb009dcSAndroid Build Coastguard Worker // pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, and PBES2, 102*8fb009dcSAndroid Build Coastguard Worker // defined in PKCS #12, are supported. 103*8fb009dcSAndroid Build Coastguard Worker // 104*8fb009dcSAndroid Build Coastguard Worker // |pass| is used as the password. If a PBES1 scheme from PKCS #12 is used, this 105*8fb009dcSAndroid Build Coastguard Worker // will be converted to a raw byte string as specified in B.1 of PKCS #12. If 106*8fb009dcSAndroid Build Coastguard Worker // |pass| is NULL, it will be encoded as the empty byte string rather than two 107*8fb009dcSAndroid Build Coastguard Worker // zero bytes, the PKCS #12 encoding of the empty string. 108*8fb009dcSAndroid Build Coastguard Worker // 109*8fb009dcSAndroid Build Coastguard Worker // The resulting structure must be freed by the caller. 110*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *pkcs8, 111*8fb009dcSAndroid Build Coastguard Worker const char *pass, 112*8fb009dcSAndroid Build Coastguard Worker int pass_len); 113*8fb009dcSAndroid Build Coastguard Worker 114*8fb009dcSAndroid Build Coastguard Worker // PKCS8_parse_encrypted_private_key behaves like |PKCS8_decrypt| but it parses 115*8fb009dcSAndroid Build Coastguard Worker // the EncryptedPrivateKeyInfo structure from |cbs| and advances |cbs|. It 116*8fb009dcSAndroid Build Coastguard Worker // returns a newly-allocated |EVP_PKEY| on success and zero on error. 117*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT EVP_PKEY *PKCS8_parse_encrypted_private_key(CBS *cbs, 118*8fb009dcSAndroid Build Coastguard Worker const char *pass, 119*8fb009dcSAndroid Build Coastguard Worker size_t pass_len); 120*8fb009dcSAndroid Build Coastguard Worker 121*8fb009dcSAndroid Build Coastguard Worker // PKCS12_get_key_and_certs parses a PKCS#12 structure from |in|, authenticates 122*8fb009dcSAndroid Build Coastguard Worker // and decrypts it using |password|, sets |*out_key| to the included private 123*8fb009dcSAndroid Build Coastguard Worker // key and appends the included certificates to |out_certs|. It returns one on 124*8fb009dcSAndroid Build Coastguard Worker // success and zero on error. The caller takes ownership of the outputs. 125*8fb009dcSAndroid Build Coastguard Worker // Any friendlyName attributes (RFC 2985) in the PKCS#12 structure will be 126*8fb009dcSAndroid Build Coastguard Worker // returned on the |X509| objects as aliases. See also |X509_alias_get0|. 127*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key, 128*8fb009dcSAndroid Build Coastguard Worker STACK_OF(X509) *out_certs, 129*8fb009dcSAndroid Build Coastguard Worker CBS *in, const char *password); 130*8fb009dcSAndroid Build Coastguard Worker 131*8fb009dcSAndroid Build Coastguard Worker 132*8fb009dcSAndroid Build Coastguard Worker // Deprecated functions. 133*8fb009dcSAndroid Build Coastguard Worker 134*8fb009dcSAndroid Build Coastguard Worker // PKCS12_PBE_add does nothing. It exists for compatibility with OpenSSL. 135*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void PKCS12_PBE_add(void); 136*8fb009dcSAndroid Build Coastguard Worker 137*8fb009dcSAndroid Build Coastguard Worker // d2i_PKCS12 is a dummy function that copies |*ber_bytes| into a 138*8fb009dcSAndroid Build Coastguard Worker // |PKCS12| structure. The |out_p12| argument should be NULL(✝). On exit, 139*8fb009dcSAndroid Build Coastguard Worker // |*ber_bytes| will be advanced by |ber_len|. It returns a fresh |PKCS12| 140*8fb009dcSAndroid Build Coastguard Worker // structure or NULL on error. 141*8fb009dcSAndroid Build Coastguard Worker // 142*8fb009dcSAndroid Build Coastguard Worker // Note: unlike other d2i functions, |d2i_PKCS12| will always consume |ber_len| 143*8fb009dcSAndroid Build Coastguard Worker // bytes. 144*8fb009dcSAndroid Build Coastguard Worker // 145*8fb009dcSAndroid Build Coastguard Worker // (✝) If |out_p12| is not NULL and the function is successful, |*out_p12| will 146*8fb009dcSAndroid Build Coastguard Worker // be freed if not NULL itself and the result will be written to |*out_p12|. 147*8fb009dcSAndroid Build Coastguard Worker // New code should not depend on this. 148*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT PKCS12 *d2i_PKCS12(PKCS12 **out_p12, const uint8_t **ber_bytes, 149*8fb009dcSAndroid Build Coastguard Worker size_t ber_len); 150*8fb009dcSAndroid Build Coastguard Worker 151*8fb009dcSAndroid Build Coastguard Worker // d2i_PKCS12_bio acts like |d2i_PKCS12| but reads from a |BIO|. 152*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT PKCS12* d2i_PKCS12_bio(BIO *bio, PKCS12 **out_p12); 153*8fb009dcSAndroid Build Coastguard Worker 154*8fb009dcSAndroid Build Coastguard Worker // d2i_PKCS12_fp acts like |d2i_PKCS12| but reads from a |FILE|. 155*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT PKCS12* d2i_PKCS12_fp(FILE *fp, PKCS12 **out_p12); 156*8fb009dcSAndroid Build Coastguard Worker 157*8fb009dcSAndroid Build Coastguard Worker // i2d_PKCS12 is a dummy function which copies the contents of |p12|. If |out| 158*8fb009dcSAndroid Build Coastguard Worker // is not NULL then the result is written to |*out| and |*out| is advanced just 159*8fb009dcSAndroid Build Coastguard Worker // past the output. It returns the number of bytes in the result, whether 160*8fb009dcSAndroid Build Coastguard Worker // written or not, or a negative value on error. 161*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int i2d_PKCS12(const PKCS12 *p12, uint8_t **out); 162*8fb009dcSAndroid Build Coastguard Worker 163*8fb009dcSAndroid Build Coastguard Worker // i2d_PKCS12_bio writes the contents of |p12| to |bio|. It returns one on 164*8fb009dcSAndroid Build Coastguard Worker // success and zero on error. 165*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int i2d_PKCS12_bio(BIO *bio, const PKCS12 *p12); 166*8fb009dcSAndroid Build Coastguard Worker 167*8fb009dcSAndroid Build Coastguard Worker // i2d_PKCS12_fp writes the contents of |p12| to |fp|. It returns one on 168*8fb009dcSAndroid Build Coastguard Worker // success and zero on error. 169*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int i2d_PKCS12_fp(FILE *fp, const PKCS12 *p12); 170*8fb009dcSAndroid Build Coastguard Worker 171*8fb009dcSAndroid Build Coastguard Worker // PKCS12_parse calls |PKCS12_get_key_and_certs| on the ASN.1 data stored in 172*8fb009dcSAndroid Build Coastguard Worker // |p12|. The |out_pkey| and |out_cert| arguments must not be NULL and, on 173*8fb009dcSAndroid Build Coastguard Worker // successful exit, the private key and matching certificate will be stored in 174*8fb009dcSAndroid Build Coastguard Worker // them. The |out_ca_certs| argument may be NULL but, if not, then any extra 175*8fb009dcSAndroid Build Coastguard Worker // certificates will be appended to |*out_ca_certs|. If |*out_ca_certs| is NULL 176*8fb009dcSAndroid Build Coastguard Worker // then it will be set to a freshly allocated stack containing the extra certs. 177*8fb009dcSAndroid Build Coastguard Worker // 178*8fb009dcSAndroid Build Coastguard Worker // Note if |p12| does not contain a private key, both |*out_pkey| and 179*8fb009dcSAndroid Build Coastguard Worker // |*out_cert| will be set to NULL and all certificates will be returned via 180*8fb009dcSAndroid Build Coastguard Worker // |*out_ca_certs|. Also note this function differs from OpenSSL in that extra 181*8fb009dcSAndroid Build Coastguard Worker // certificates are returned in the order they appear in the file. OpenSSL 1.1.1 182*8fb009dcSAndroid Build Coastguard Worker // returns them in reverse order, but this will be fixed in OpenSSL 3.0. 183*8fb009dcSAndroid Build Coastguard Worker // 184*8fb009dcSAndroid Build Coastguard Worker // It returns one on success and zero on error. 185*8fb009dcSAndroid Build Coastguard Worker // 186*8fb009dcSAndroid Build Coastguard Worker // Use |PKCS12_get_key_and_certs| instead. 187*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int PKCS12_parse(const PKCS12 *p12, const char *password, 188*8fb009dcSAndroid Build Coastguard Worker EVP_PKEY **out_pkey, X509 **out_cert, 189*8fb009dcSAndroid Build Coastguard Worker STACK_OF(X509) **out_ca_certs); 190*8fb009dcSAndroid Build Coastguard Worker 191*8fb009dcSAndroid Build Coastguard Worker // PKCS12_verify_mac returns one if |password| is a valid password for |p12| 192*8fb009dcSAndroid Build Coastguard Worker // and zero otherwise. Since |PKCS12_parse| doesn't take a length parameter, 193*8fb009dcSAndroid Build Coastguard Worker // it's not actually possible to use a non-NUL-terminated password to actually 194*8fb009dcSAndroid Build Coastguard Worker // get anything from a |PKCS12|. Thus |password| and |password_len| may be 195*8fb009dcSAndroid Build Coastguard Worker // |NULL| and zero, respectively, or else |password_len| may be -1, or else 196*8fb009dcSAndroid Build Coastguard Worker // |password[password_len]| must be zero and no other NUL bytes may appear in 197*8fb009dcSAndroid Build Coastguard Worker // |password|. If the |password_len| checks fail, zero is returned 198*8fb009dcSAndroid Build Coastguard Worker // immediately. 199*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT int PKCS12_verify_mac(const PKCS12 *p12, const char *password, 200*8fb009dcSAndroid Build Coastguard Worker int password_len); 201*8fb009dcSAndroid Build Coastguard Worker 202*8fb009dcSAndroid Build Coastguard Worker // PKCS12_DEFAULT_ITER is the default number of KDF iterations used when 203*8fb009dcSAndroid Build Coastguard Worker // creating a |PKCS12| object. 204*8fb009dcSAndroid Build Coastguard Worker #define PKCS12_DEFAULT_ITER 2048 205*8fb009dcSAndroid Build Coastguard Worker 206*8fb009dcSAndroid Build Coastguard Worker // PKCS12_create returns a newly-allocated |PKCS12| object containing |pkey|, 207*8fb009dcSAndroid Build Coastguard Worker // |cert|, and |chain|, encrypted with the specified password. |name|, if not 208*8fb009dcSAndroid Build Coastguard Worker // NULL, specifies a user-friendly name to encode with the key and 209*8fb009dcSAndroid Build Coastguard Worker // certificate. The key and certificates are encrypted with |key_nid| and 210*8fb009dcSAndroid Build Coastguard Worker // |cert_nid|, respectively, using |iterations| iterations in the 211*8fb009dcSAndroid Build Coastguard Worker // KDF. |mac_iterations| is the number of iterations when deriving the MAC 212*8fb009dcSAndroid Build Coastguard Worker // key. |key_type| must be zero. |pkey| and |cert| may be NULL to omit them. 213*8fb009dcSAndroid Build Coastguard Worker // 214*8fb009dcSAndroid Build Coastguard Worker // Each of |key_nid|, |cert_nid|, |iterations|, and |mac_iterations| may be zero 215*8fb009dcSAndroid Build Coastguard Worker // to use defaults, which are |NID_pbe_WithSHA1And3_Key_TripleDES_CBC|, 216*8fb009dcSAndroid Build Coastguard Worker // |NID_pbe_WithSHA1And40BitRC2_CBC|, |PKCS12_DEFAULT_ITER|, and one, 217*8fb009dcSAndroid Build Coastguard Worker // respectively. 218*8fb009dcSAndroid Build Coastguard Worker // 219*8fb009dcSAndroid Build Coastguard Worker // |key_nid| or |cert_nid| may also be -1 to disable encryption of the key or 220*8fb009dcSAndroid Build Coastguard Worker // certificate, respectively. This option is not recommended and is only 221*8fb009dcSAndroid Build Coastguard Worker // implemented for compatibility with external packages. Note the output still 222*8fb009dcSAndroid Build Coastguard Worker // requires a password for the MAC. Unencrypted keys in PKCS#12 are also not 223*8fb009dcSAndroid Build Coastguard Worker // widely supported and may not open in other implementations. 224*8fb009dcSAndroid Build Coastguard Worker // 225*8fb009dcSAndroid Build Coastguard Worker // If |cert| or |chain| have associated aliases (see |X509_alias_set1|), they 226*8fb009dcSAndroid Build Coastguard Worker // will be included in the output as friendlyName attributes (RFC 2985). It is 227*8fb009dcSAndroid Build Coastguard Worker // an error to specify both an alias on |cert| and a non-NULL |name| 228*8fb009dcSAndroid Build Coastguard Worker // parameter. 229*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT PKCS12 *PKCS12_create(const char *password, const char *name, 230*8fb009dcSAndroid Build Coastguard Worker const EVP_PKEY *pkey, X509 *cert, 231*8fb009dcSAndroid Build Coastguard Worker const STACK_OF(X509) *chain, int key_nid, 232*8fb009dcSAndroid Build Coastguard Worker int cert_nid, int iterations, 233*8fb009dcSAndroid Build Coastguard Worker int mac_iterations, int key_type); 234*8fb009dcSAndroid Build Coastguard Worker 235*8fb009dcSAndroid Build Coastguard Worker // PKCS12_free frees |p12| and its contents. 236*8fb009dcSAndroid Build Coastguard Worker OPENSSL_EXPORT void PKCS12_free(PKCS12 *p12); 237*8fb009dcSAndroid Build Coastguard Worker 238*8fb009dcSAndroid Build Coastguard Worker 239*8fb009dcSAndroid Build Coastguard Worker #if defined(__cplusplus) 240*8fb009dcSAndroid Build Coastguard Worker } // extern C 241*8fb009dcSAndroid Build Coastguard Worker 242*8fb009dcSAndroid Build Coastguard Worker extern "C++" { 243*8fb009dcSAndroid Build Coastguard Worker 244*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_BEGIN 245*8fb009dcSAndroid Build Coastguard Worker 246*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(PKCS12, PKCS12_free) 247*8fb009dcSAndroid Build Coastguard Worker BORINGSSL_MAKE_DELETER(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free) 248*8fb009dcSAndroid Build Coastguard Worker 249*8fb009dcSAndroid Build Coastguard Worker BSSL_NAMESPACE_END 250*8fb009dcSAndroid Build Coastguard Worker 251*8fb009dcSAndroid Build Coastguard Worker } // extern C++ 252*8fb009dcSAndroid Build Coastguard Worker 253*8fb009dcSAndroid Build Coastguard Worker #endif 254*8fb009dcSAndroid Build Coastguard Worker 255*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_BAD_PKCS12_DATA 100 256*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_BAD_PKCS12_VERSION 101 257*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 102 258*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_CRYPT_ERROR 103 259*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_DECODE_ERROR 104 260*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_ENCODE_ERROR 105 261*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_ENCRYPT_ERROR 106 262*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 107 263*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_INCORRECT_PASSWORD 108 264*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_KEYGEN_FAILURE 109 265*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_KEY_GEN_ERROR 110 266*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_METHOD_NOT_SUPPORTED 111 267*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_MISSING_MAC 112 268*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 113 269*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 114 270*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 115 271*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 116 272*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 117 273*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_TOO_LONG 118 274*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNKNOWN_ALGORITHM 119 275*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNKNOWN_CIPHER 120 276*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 121 277*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNKNOWN_DIGEST 122 278*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNKNOWN_HASH 123 279*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 124 280*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_KEYLENGTH 125 281*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_SALT_TYPE 126 282*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_CIPHER 127 283*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 128 284*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_BAD_ITERATION_COUNT 129 285*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_PRF 130 286*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_INVALID_CHARACTERS 131 287*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_UNSUPPORTED_OPTIONS 132 288*8fb009dcSAndroid Build Coastguard Worker #define PKCS8_R_AMBIGUOUS_FRIENDLY_NAME 133 289*8fb009dcSAndroid Build Coastguard Worker 290*8fb009dcSAndroid Build Coastguard Worker #endif // OPENSSL_HEADER_PKCS8_H 291