1/* 2 * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23/* 24 * pkcs12Utils.h 25 */ 26 27#ifndef _PKCS12_UTILS_H_ 28#define _PKCS12_UTILS_H_ 29 30#include <Security/cssmtype.h> 31#include <security_asn1/SecNssCoder.h> 32#include <security_pkcs12/pkcs7Templates.h> 33#include <security_pkcs12/pkcs12Templates.h> 34#include <Security/cssmerr.h> 35#include <CoreFoundation/CoreFoundation.h> 36 37#ifdef __cplusplus 38extern "C" { 39#endif 40 41/* malloc a NULL-ed array of pointers of size num+1 */ 42void **p12NssNullArray( 43 uint32 num, 44 SecNssCoder &coder); 45 46/* CSSM_DATA --> uint32. Returns true if OK. */ 47bool p12DataToInt( 48 const CSSM_DATA &cdata, 49 uint32 &u); 50 51/* uint32 --> CSSM_DATA */ 52void p12IntToData( 53 uint32 num, 54 CSSM_DATA &cdata, 55 SecNssCoder &coder); 56 57/* CFDataRef <--> CSSM_DATA */ 58CFDataRef p12CssmDataToCf( 59 const CSSM_DATA &c); 60void p12CfDataToCssm( 61 CFDataRef cf, 62 CSSM_DATA &c, 63 SecNssCoder &coder); 64 65CSSM_DATA_PTR p12StringToUtf8( 66 CFStringRef cfStr, 67 SecNssCoder &coder); 68 69const char *p12BagTypeStr( 70 NSS_P12_SB_Type type); 71const char *p7ContentInfoTypeStr( 72 NSS_P7_CI_Type type); 73 74/* map an OID to the components */ 75 76typedef enum { 77 PW_None, /* not comprehended */ 78 PW_PKCS5_v1_5, /* PKCS5 v1.5 */ 79 PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */ 80 PW_PKCS12 /* PKCS12 */ 81} PKCS_Which; 82 83/* returns false if OID not found */ 84bool pkcsOidToParams( 85 const CSSM_OID *oid, 86 CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES 87 CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE 88 CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5 89 uint32 &keySizeInBits, 90 uint32 &blockSizeInBytes, // for IV, optional 91 CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc. 92 CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc. 93 PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12 94 95CSSM_RETURN p12VerifyMac( 96 const NSS_P12_DecodedPFX &pfx, 97 CSSM_CSP_HANDLE cspHand, 98 const CSSM_DATA *pwd, // unicode, double null terminated 99 const CSSM_KEY *passKey, 100 SecNssCoder &coder);// for temp mallocs 101 102void p12GenSalt( 103 CSSM_DATA &salt, 104 SecNssCoder &coder); 105 106void p12GenLabel( 107 CSSM_DATA &label, 108 SecNssCoder &coder); 109 110void p12NullAlgParams( 111 CSSM_X509_ALGORITHM_IDENTIFIER &algId); 112 113/* 114 * Free memory via specified plugin's app-level allocator 115 */ 116void freeCssmMemory( 117 CSSM_HANDLE hand, 118 void *p); 119 120/* 121 * Though it pains me to do this, I must. We "happen to know" the 122 * names (in string form) of two of a key's attributes. These 123 * have not been published anywhere, they are hard-coded into 124 * the script (KeySchema.m4) which generates the KeySchema 125 * tables. 126 */ 127 128/* 129 * This one is initially the same as the "label" argument passed 130 * in to the CSP when creating or importing keys; it eventually 131 * gets munged into the hash of the associated public key ( 132 * in our case, by p12SetPubKeyHash()). 133 */ 134#define P12_KEY_ATTR_LABEL_AND_HASH "Label" 135 136/* 137 * This one is the user-friendly name. 138 */ 139#define P12_KEY_ATTR_PRINT_NAME "PrintName" 140 141/* 142 * Find private key by label, modify its Label attr to be the 143 * hash of the associated public key. 144 */ 145CSSM_RETURN p12SetPubKeyHash( 146 CSSM_CSP_HANDLE cspHand, // where the key lives 147 CSSM_DL_DB_HANDLE dlDbHand, // ditto 148 CSSM_DATA &keyLabel, // for DB lookup 149 CSSM_DATA_PTR newPrintName, // optional 150 SecNssCoder &coder, // for mallocing newLabel 151 CSSM_DATA &newLabel, // RETURNED with label as hash 152 CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect 153 154CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle, 155 uint32 AttributeType, 156 uint32 AttributeLength, 157 const void *AttributePtr); 158 159/* 160 * Find private key by specified label, delete it. 161 */ 162CSSM_RETURN p12DeleteKey( 163 CSSM_DL_DB_HANDLE dlDbHand, 164 const CSSM_DATA &keyLabel); 165 166/* convert App passphrase to array of chars used in P12 PBE */ 167void p12ImportPassPhrase( 168 CFStringRef inPhrase, 169 SecNssCoder &coder, 170 CSSM_DATA &outPhrase); 171 172/* 173 * Standard error throwMes. 174 * P12_ENCODE_ERR only occurs on DER-encode which should never fail. 175 */ 176#define P12_DECODE_ERR errSecUnknownFormat 177#define P12_ENCODE_ERR errSecInternalComponent 178#define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR) 179#define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR) 180 181#ifdef __cplusplus 182} 183#endif 184 185#endif /* _PKCS12_UTILS_H_ */ 186 187