1*62c56f98SSadaf Ebrahimi /** 2*62c56f98SSadaf Ebrahimi * \file pkcs12.h 3*62c56f98SSadaf Ebrahimi * 4*62c56f98SSadaf Ebrahimi * \brief PKCS#12 Personal Information Exchange Syntax 5*62c56f98SSadaf Ebrahimi */ 6*62c56f98SSadaf Ebrahimi /* 7*62c56f98SSadaf Ebrahimi * Copyright The Mbed TLS Contributors 8*62c56f98SSadaf Ebrahimi * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 9*62c56f98SSadaf Ebrahimi */ 10*62c56f98SSadaf Ebrahimi #ifndef MBEDTLS_PKCS12_H 11*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_H 12*62c56f98SSadaf Ebrahimi 13*62c56f98SSadaf Ebrahimi #include "mbedtls/build_info.h" 14*62c56f98SSadaf Ebrahimi 15*62c56f98SSadaf Ebrahimi #include "mbedtls/md.h" 16*62c56f98SSadaf Ebrahimi #include "mbedtls/cipher.h" 17*62c56f98SSadaf Ebrahimi #include "mbedtls/asn1.h" 18*62c56f98SSadaf Ebrahimi 19*62c56f98SSadaf Ebrahimi #include <stddef.h> 20*62c56f98SSadaf Ebrahimi 21*62c56f98SSadaf Ebrahimi /** Bad input parameters to function. */ 22*62c56f98SSadaf Ebrahimi #define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80 23*62c56f98SSadaf Ebrahimi /** Feature not available, e.g. unsupported encryption scheme. */ 24*62c56f98SSadaf Ebrahimi #define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00 25*62c56f98SSadaf Ebrahimi /** PBE ASN.1 data not as expected. */ 26*62c56f98SSadaf Ebrahimi #define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80 27*62c56f98SSadaf Ebrahimi /** Given private key password does not allow for correct decryption. */ 28*62c56f98SSadaf Ebrahimi #define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00 29*62c56f98SSadaf Ebrahimi 30*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_DERIVE_KEY 1 /**< encryption/decryption key */ 31*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_DERIVE_IV 2 /**< initialization vector */ 32*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3 /**< integrity / MAC key */ 33*62c56f98SSadaf Ebrahimi 34*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_PBE_DECRYPT 0 35*62c56f98SSadaf Ebrahimi #define MBEDTLS_PKCS12_PBE_ENCRYPT 1 36*62c56f98SSadaf Ebrahimi 37*62c56f98SSadaf Ebrahimi #ifdef __cplusplus 38*62c56f98SSadaf Ebrahimi extern "C" { 39*62c56f98SSadaf Ebrahimi #endif 40*62c56f98SSadaf Ebrahimi 41*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_ASN1_PARSE_C) 42*62c56f98SSadaf Ebrahimi 43*62c56f98SSadaf Ebrahimi #if !defined(MBEDTLS_DEPRECATED_REMOVED) 44*62c56f98SSadaf Ebrahimi /** 45*62c56f98SSadaf Ebrahimi * \brief PKCS12 Password Based function (encryption / decryption) 46*62c56f98SSadaf Ebrahimi * for cipher-based and mbedtls_md-based PBE's 47*62c56f98SSadaf Ebrahimi * 48*62c56f98SSadaf Ebrahimi * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must 49*62c56f98SSadaf Ebrahimi * be enabled at compile time. 50*62c56f98SSadaf Ebrahimi * 51*62c56f98SSadaf Ebrahimi * \deprecated This function is deprecated and will be removed in a 52*62c56f98SSadaf Ebrahimi * future version of the library. 53*62c56f98SSadaf Ebrahimi * Please use mbedtls_pkcs12_pbe_ext() instead. 54*62c56f98SSadaf Ebrahimi * 55*62c56f98SSadaf Ebrahimi * \warning When decrypting: 56*62c56f98SSadaf Ebrahimi * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile 57*62c56f98SSadaf Ebrahimi * time, this function validates the CBC padding and returns 58*62c56f98SSadaf Ebrahimi * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is 59*62c56f98SSadaf Ebrahimi * invalid. Note that this can help active adversaries 60*62c56f98SSadaf Ebrahimi * attempting to brute-forcing the password. Note also that 61*62c56f98SSadaf Ebrahimi * there is no guarantee that an invalid password will be 62*62c56f98SSadaf Ebrahimi * detected (the chances of a valid padding with a random 63*62c56f98SSadaf Ebrahimi * password are about 1/255). 64*62c56f98SSadaf Ebrahimi * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile 65*62c56f98SSadaf Ebrahimi * time, this function does not validate the CBC padding. 66*62c56f98SSadaf Ebrahimi * 67*62c56f98SSadaf Ebrahimi * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure 68*62c56f98SSadaf Ebrahimi * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or 69*62c56f98SSadaf Ebrahimi * #MBEDTLS_PKCS12_PBE_DECRYPT 70*62c56f98SSadaf Ebrahimi * \param cipher_type the cipher used 71*62c56f98SSadaf Ebrahimi * \param md_type the mbedtls_md used 72*62c56f98SSadaf Ebrahimi * \param pwd Latin1-encoded password used. This may only be \c NULL when 73*62c56f98SSadaf Ebrahimi * \p pwdlen is 0. No null terminator should be used. 74*62c56f98SSadaf Ebrahimi * \param pwdlen length of the password (may be 0) 75*62c56f98SSadaf Ebrahimi * \param data the input data 76*62c56f98SSadaf Ebrahimi * \param len data length 77*62c56f98SSadaf Ebrahimi * \param output Output buffer. 78*62c56f98SSadaf Ebrahimi * On success, it contains the encrypted or decrypted data, 79*62c56f98SSadaf Ebrahimi * possibly followed by the CBC padding. 80*62c56f98SSadaf Ebrahimi * On failure, the content is indeterminate. 81*62c56f98SSadaf Ebrahimi * For decryption, there must be enough room for \p len 82*62c56f98SSadaf Ebrahimi * bytes. 83*62c56f98SSadaf Ebrahimi * For encryption, there must be enough room for 84*62c56f98SSadaf Ebrahimi * \p len + 1 bytes, rounded up to the block size of 85*62c56f98SSadaf Ebrahimi * the block cipher identified by \p pbe_params. 86*62c56f98SSadaf Ebrahimi * 87*62c56f98SSadaf Ebrahimi * \return 0 if successful, or a MBEDTLS_ERR_XXX code 88*62c56f98SSadaf Ebrahimi */ 89*62c56f98SSadaf Ebrahimi int MBEDTLS_DEPRECATED mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params, int mode, 90*62c56f98SSadaf Ebrahimi mbedtls_cipher_type_t cipher_type, 91*62c56f98SSadaf Ebrahimi mbedtls_md_type_t md_type, 92*62c56f98SSadaf Ebrahimi const unsigned char *pwd, size_t pwdlen, 93*62c56f98SSadaf Ebrahimi const unsigned char *data, size_t len, 94*62c56f98SSadaf Ebrahimi unsigned char *output); 95*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_DEPRECATED_REMOVED */ 96*62c56f98SSadaf Ebrahimi 97*62c56f98SSadaf Ebrahimi #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 98*62c56f98SSadaf Ebrahimi 99*62c56f98SSadaf Ebrahimi /** 100*62c56f98SSadaf Ebrahimi * \brief PKCS12 Password Based function (encryption / decryption) 101*62c56f98SSadaf Ebrahimi * for cipher-based and mbedtls_md-based PBE's 102*62c56f98SSadaf Ebrahimi * 103*62c56f98SSadaf Ebrahimi * 104*62c56f98SSadaf Ebrahimi * \warning When decrypting: 105*62c56f98SSadaf Ebrahimi * - This function validates the CBC padding and returns 106*62c56f98SSadaf Ebrahimi * #MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is 107*62c56f98SSadaf Ebrahimi * invalid. Note that this can help active adversaries 108*62c56f98SSadaf Ebrahimi * attempting to brute-forcing the password. Note also that 109*62c56f98SSadaf Ebrahimi * there is no guarantee that an invalid password will be 110*62c56f98SSadaf Ebrahimi * detected (the chances of a valid padding with a random 111*62c56f98SSadaf Ebrahimi * password are about 1/255). 112*62c56f98SSadaf Ebrahimi * 113*62c56f98SSadaf Ebrahimi * \param pbe_params an ASN1 buffer containing the pkcs-12 PbeParams structure 114*62c56f98SSadaf Ebrahimi * \param mode either #MBEDTLS_PKCS12_PBE_ENCRYPT or 115*62c56f98SSadaf Ebrahimi * #MBEDTLS_PKCS12_PBE_DECRYPT 116*62c56f98SSadaf Ebrahimi * \param cipher_type the cipher used 117*62c56f98SSadaf Ebrahimi * \param md_type the mbedtls_md used 118*62c56f98SSadaf Ebrahimi * \param pwd Latin1-encoded password used. This may only be \c NULL when 119*62c56f98SSadaf Ebrahimi * \p pwdlen is 0. No null terminator should be used. 120*62c56f98SSadaf Ebrahimi * \param pwdlen length of the password (may be 0) 121*62c56f98SSadaf Ebrahimi * \param data the input data 122*62c56f98SSadaf Ebrahimi * \param len data length 123*62c56f98SSadaf Ebrahimi * \param output Output buffer. 124*62c56f98SSadaf Ebrahimi * On success, it contains the encrypted or decrypted data, 125*62c56f98SSadaf Ebrahimi * possibly followed by the CBC padding. 126*62c56f98SSadaf Ebrahimi * On failure, the content is indeterminate. 127*62c56f98SSadaf Ebrahimi * For decryption, there must be enough room for \p len 128*62c56f98SSadaf Ebrahimi * bytes. 129*62c56f98SSadaf Ebrahimi * For encryption, there must be enough room for 130*62c56f98SSadaf Ebrahimi * \p len + 1 bytes, rounded up to the block size of 131*62c56f98SSadaf Ebrahimi * the block cipher identified by \p pbe_params. 132*62c56f98SSadaf Ebrahimi * \param output_size size of output buffer. 133*62c56f98SSadaf Ebrahimi * This must be big enough to accommodate for output plus 134*62c56f98SSadaf Ebrahimi * padding data. 135*62c56f98SSadaf Ebrahimi * \param output_len On success, length of actual data written to the output buffer. 136*62c56f98SSadaf Ebrahimi * 137*62c56f98SSadaf Ebrahimi * \return 0 if successful, or a MBEDTLS_ERR_XXX code 138*62c56f98SSadaf Ebrahimi */ 139*62c56f98SSadaf Ebrahimi int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, 140*62c56f98SSadaf Ebrahimi mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, 141*62c56f98SSadaf Ebrahimi const unsigned char *pwd, size_t pwdlen, 142*62c56f98SSadaf Ebrahimi const unsigned char *data, size_t len, 143*62c56f98SSadaf Ebrahimi unsigned char *output, size_t output_size, 144*62c56f98SSadaf Ebrahimi size_t *output_len); 145*62c56f98SSadaf Ebrahimi 146*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ 147*62c56f98SSadaf Ebrahimi 148*62c56f98SSadaf Ebrahimi #endif /* MBEDTLS_ASN1_PARSE_C */ 149*62c56f98SSadaf Ebrahimi 150*62c56f98SSadaf Ebrahimi /** 151*62c56f98SSadaf Ebrahimi * \brief The PKCS#12 derivation function uses a password and a salt 152*62c56f98SSadaf Ebrahimi * to produce pseudo-random bits for a particular "purpose". 153*62c56f98SSadaf Ebrahimi * 154*62c56f98SSadaf Ebrahimi * Depending on the given id, this function can produce an 155*62c56f98SSadaf Ebrahimi * encryption/decryption key, an initialization vector or an 156*62c56f98SSadaf Ebrahimi * integrity key. 157*62c56f98SSadaf Ebrahimi * 158*62c56f98SSadaf Ebrahimi * \param data buffer to store the derived data in 159*62c56f98SSadaf Ebrahimi * \param datalen length of buffer to fill 160*62c56f98SSadaf Ebrahimi * \param pwd The password to use. For compliance with PKCS#12 §B.1, this 161*62c56f98SSadaf Ebrahimi * should be a BMPString, i.e. a Unicode string where each 162*62c56f98SSadaf Ebrahimi * character is encoded as 2 bytes in big-endian order, with 163*62c56f98SSadaf Ebrahimi * no byte order mark and with a null terminator (i.e. the 164*62c56f98SSadaf Ebrahimi * last two bytes should be 0x00 0x00). 165*62c56f98SSadaf Ebrahimi * \param pwdlen length of the password (may be 0). 166*62c56f98SSadaf Ebrahimi * \param salt Salt buffer to use. This may only be \c NULL when 167*62c56f98SSadaf Ebrahimi * \p saltlen is 0. 168*62c56f98SSadaf Ebrahimi * \param saltlen length of the salt (may be zero) 169*62c56f98SSadaf Ebrahimi * \param mbedtls_md mbedtls_md type to use during the derivation 170*62c56f98SSadaf Ebrahimi * \param id id that describes the purpose (can be 171*62c56f98SSadaf Ebrahimi * #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or 172*62c56f98SSadaf Ebrahimi * #MBEDTLS_PKCS12_DERIVE_MAC_KEY) 173*62c56f98SSadaf Ebrahimi * \param iterations number of iterations 174*62c56f98SSadaf Ebrahimi * 175*62c56f98SSadaf Ebrahimi * \return 0 if successful, or a MD, BIGNUM type error. 176*62c56f98SSadaf Ebrahimi */ 177*62c56f98SSadaf Ebrahimi int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, 178*62c56f98SSadaf Ebrahimi const unsigned char *pwd, size_t pwdlen, 179*62c56f98SSadaf Ebrahimi const unsigned char *salt, size_t saltlen, 180*62c56f98SSadaf Ebrahimi mbedtls_md_type_t mbedtls_md, int id, int iterations); 181*62c56f98SSadaf Ebrahimi 182*62c56f98SSadaf Ebrahimi #ifdef __cplusplus 183*62c56f98SSadaf Ebrahimi } 184*62c56f98SSadaf Ebrahimi #endif 185*62c56f98SSadaf Ebrahimi 186*62c56f98SSadaf Ebrahimi #endif /* pkcs12.h */ 187