1/*
2 * Copyright (c) 2003-2004 Apple Computer, Inc. All Rights Reserved.
3 *
4 * @APPLE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
21 * @APPLE_LICENSE_HEADER_END@
22 */
23/*
24 * pkcs12Utils.h
25 */
26
27#ifndef	_PKCS12_UTILS_H_
28#define _PKCS12_UTILS_H_
29
30#include <Security/cssmtype.h>
31#include <security_asn1/SecNssCoder.h>
32#include <security_pkcs12/pkcs7Templates.h>
33#include <security_pkcs12/pkcs12Templates.h>
34#include <Security/cssmerr.h>
35#include <CoreFoundation/CoreFoundation.h>
36
37#ifdef __cplusplus
38extern "C" {
39#endif
40
41/* malloc a NULL-ed array of pointers of size num+1 */
42void **p12NssNullArray(
43	uint32 num,
44	SecNssCoder &coder);
45
46/* CSSM_DATA --> uint32. Returns true if OK. */
47bool p12DataToInt(
48	const CSSM_DATA &cdata,
49	uint32 &u);
50
51/* uint32 --> CSSM_DATA */
52void p12IntToData(
53	uint32 num,
54	CSSM_DATA &cdata,
55	SecNssCoder &coder);
56
57/* CFDataRef <--> CSSM_DATA */
58CFDataRef p12CssmDataToCf(
59	const CSSM_DATA &c);
60void p12CfDataToCssm(
61	CFDataRef cf,
62	CSSM_DATA &c,
63	SecNssCoder &coder);
64
65CSSM_DATA_PTR p12StringToUtf8(
66	CFStringRef cfStr,
67	SecNssCoder &coder);
68
69const char *p12BagTypeStr(
70	NSS_P12_SB_Type type);
71const char *p7ContentInfoTypeStr(
72	NSS_P7_CI_Type type);
73
74/* map an OID to the components */
75
76typedef enum {
77	PW_None,			/* not comprehended */
78	PW_PKCS5_v1_5,		/* PKCS5 v1.5 */
79	PW_PKCS5_v2,		/* PKCS5 v2.0, not used by this module but parsed here */
80	PW_PKCS12			/* PKCS12 */
81} PKCS_Which;
82
83/* returns false if OID not found */
84bool pkcsOidToParams(
85	const CSSM_OID 		*oid,
86	CSSM_ALGORITHMS		&keyAlg,		// e.g., CSSM_ALGID_DES
87	CSSM_ALGORITHMS		&encrAlg,		// e.g., CSSM_ALGID_3DES_3KEY_EDE
88	CSSM_ALGORITHMS		&pbeHashAlg,	// SHA1 or MD5
89	uint32				&keySizeInBits,
90	uint32				&blockSizeInBytes,	// for IV, optional
91	CSSM_PADDING		&padding,		// CSSM_PADDING_PKCS7, etc.
92	CSSM_ENCRYPT_MODE	&mode,			// CSSM_ALGMODE_CBCPadIV8, etc.
93	PKCS_Which			&pkcs);			// PW_PKCS5_v1_5 or PW_PKCS12
94
95CSSM_RETURN p12VerifyMac(
96	const NSS_P12_DecodedPFX 	&pfx,
97	CSSM_CSP_HANDLE				cspHand,
98	const CSSM_DATA				*pwd,	// unicode, double null terminated
99	const CSSM_KEY				*passKey,
100	SecNssCoder					&coder);// for temp mallocs
101
102void p12GenSalt(
103	CSSM_DATA 	&salt,
104	SecNssCoder &coder);
105
106void p12GenLabel(
107	CSSM_DATA &label,
108	SecNssCoder &coder);
109
110void p12NullAlgParams(
111	CSSM_X509_ALGORITHM_IDENTIFIER &algId);
112
113/*
114 * Free memory via specified plugin's app-level allocator
115 */
116void freeCssmMemory(
117	CSSM_HANDLE	hand,
118	void 		*p);
119
120/*
121 * Though it pains me to do this, I must. We "happen to know" the
122 * names (in string form) of two of a key's attributes. These
123 * have not been published anywhere, they are hard-coded into
124 * the script (KeySchema.m4) which generates the KeySchema
125 * tables.
126 */
127
128/*
129 * This one is initially the same as the "label" argument passed
130 * in to the CSP when creating or importing keys; it eventually
131 * gets munged into the hash of the associated public key (
132 * in our case, by p12SetPubKeyHash()).
133 */
134#define P12_KEY_ATTR_LABEL_AND_HASH		"Label"
135
136/*
137 * This one is the user-friendly name.
138 */
139#define P12_KEY_ATTR_PRINT_NAME			"PrintName"
140
141/*
142 * Find private key by label, modify its Label attr to be the
143 * hash of the associated public key.
144 */
145CSSM_RETURN p12SetPubKeyHash(
146	CSSM_CSP_HANDLE 	cspHand,		// where the key lives
147	CSSM_DL_DB_HANDLE 	dlDbHand,		// ditto
148	CSSM_DATA			&keyLabel,		// for DB lookup
149	CSSM_DATA_PTR		newPrintName,	// optional
150	SecNssCoder			&coder,			// for mallocing newLabel
151	CSSM_DATA			&newLabel,		// RETURNED with label as hash
152	CSSM_KEY_PTR		&foundKey);		// RETURNED on dup key detect
153
154CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
155	uint32 				AttributeType,
156	uint32 				AttributeLength,
157	const void 			*AttributePtr);
158
159/*
160 * Find private key by specified label, delete it.
161 */
162CSSM_RETURN p12DeleteKey(
163	CSSM_DL_DB_HANDLE 	dlDbHand,
164	const CSSM_DATA		&keyLabel);
165
166/* convert App passphrase to array of chars used in P12 PBE */
167void p12ImportPassPhrase(
168	CFStringRef			inPhrase,
169	SecNssCoder			&coder,
170	CSSM_DATA			&outPhrase);
171
172/*
173 * Standard error throwMes.
174 * P12_ENCODE_ERR only occurs on DER-encode which should never fail.
175 */
176#define P12_DECODE_ERR		errSecUnknownFormat
177#define P12_ENCODE_ERR		errSecInternalComponent
178#define P12_THROW_DECODE	MacOSError::throwMe(P12_DECODE_ERR)
179#define P12_THROW_ENCODE	MacOSError::throwMe(P12_ENCODE_ERR)
180
181#ifdef __cplusplus
182}
183#endif
184
185#endif	/* _PKCS12_UTILS_H_ */
186
187