TrustCore SDK NanoCert API reference  version 7.0
pkcs12.h
Go to the documentation of this file.
1 /*
2  * pkcs12.h
3  *
4  * PKCS#12 Parser
5  *
6  * Copyright 2019-2024 DigiCert, Inc. All Rights Reserved.
7  * Proprietary and Confidential Material.
8  *
9  */
18 #ifndef __PKCS12_HEADER__
19 #define __PKCS12_HEADER__
20 
21 #include "../common/sizedbuffer.h"
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 
27 /*------------------------------------------------------------------*/
28 
29 #ifdef __ENABLE_MOCANA_PKCS12__
30 /* public constants */
31 MOC_EXTERN const ubyte pkcs12_bagtypes_root_OID[]; /* 1.2.840.113549.1.12.10.1 */
32 MOC_EXTERN const ubyte pkcs12_Pbe_root_OID[]; /* 1.2.840.113549.1.12.1 */
33 
38 typedef enum
39 {
40  KEYINFO, CERT, CRL
41 } contentTypes;
42 
48 typedef enum
49 {
50 #ifndef __DISABLE_MOCANA_PKCS12_X509_CERTTYPE_DEFINITION__
51  X509 = 1,
52 #endif
53  SDSI=2
54 } certTypes;
55 
56 /*PKCS12 Encryption and Integrity Modes */
62 typedef enum ePKCS12Mode
63 {
64  PKCS12Mode_Privacy_none = 0,
65  PKCS12Mode_Privacy_data,
66  PKCS12Mode_Privacy_password,
67  PKCS12Mode_Privacy_pubKey,
68  PKCS12Mode_Integrity_password,
69  PKCS12Mode_Integrity_pubKey
70 } ePKCS12Mode;
71 
72 /* enum for pkcs12 attribute */
77 typedef enum ePKCS12AttributeType
78 {
79  PKCS12_AttributeType_friendlyName = 0,
80  PKCS12_AttributeType_localKeyId
81 } ePKCS12AttributeType;
82 
83 /* User configuration related structures */
84 
85 /*
86  * PKCS12AttributeUserValue
87  * Section 4.2 PKCS12AttrSet : If the user desires to assign nicknames and identifiers to keys etc
88  */
100 typedef struct PKCS12AttributeUserValue
101 {
108  ePKCS12AttributeType eAttrType; /* One of the above mentioned Attribute type */
113  ubyte* pValue; /* Holds the Value */
118  ubyte4 valueLen; /* length of Value */
119 } PKCS12AttributeUserValue;
120 
121 /*
122  * PKCS12DataObject
123  * Contents that need to be published within the PKCS#12 file along with the privacy mode
124  */
132 typedef struct PKCS12DataObject
133 {
148  ePKCS12Mode privacyMode; /* Privacy Mode: Indicates how the user wants to encrypt the data given below.
149  * for PKCS12Mode_Privacy_none: In this case the mode would default to PKCS12Mode_Privacy_password
150  */
158  ubyte4 encKeyType; /* enum PKCS8EncryptionType : PKCS#8 Encrytion Key type */
168  const ubyte* pKeyPassword; /* Password for Key encryption
169  * Option 1: if NULL then PKCS#8PrivateKeyInfo is used
170  * Option 2: if set then PKCS#8ShroudedKey is used.
171  */
176  ubyte4 keyPasswordLen; /* Indicates the length of the password in bytes */
181  AsymmetricKey* pPrivateKey; /* Private key that needs to be published in PKCS#12 */
188  certTypes eCertType; /* Type of certificate from certTypes enum */
193  ubyte* pCertificate; /* DER formatted certificate file to be published in PKCS#12 */
200  ubyte4 certificateLen; /* Length of certificate file */
205  ubyte* pCrl; /* Stream that hold the crl to be published in PKCS#12 */
212  ubyte4 crlLen; /* Length of CRL format */
219  PKCS12AttributeUserValue** ppPKCS12AttrValue; /* Stores 1 or more instances, if no parameters need to passed assign NULL / 0 */
226  ubyte4 numPKCS12AttrValue; /* Indicates number of PKCS12AtttributeUserValue instance/s, 0 if none */
227 } PKCS12DataObject;
228 
229 /*
230  * PKCS12PrivacyModeConfig
231  */
254 typedef struct PKCS12PrivacyModeConfig
255 {
256  /* Privacy Mode : Password */
264  const ubyte* pPrivacyPassword; /* Password for privacy mode, if its NULL/0 then password from Integrity password mode is used */
271  ubyte4 privacyPasswordLen; /* Length of the password in bytes */
286  ubyte4 pkcs12EncryptionType;
287  /* Privacy Mode : Public Key */
299  const ubyte* pEncryptionAlgoOID;
304  CStream** ppCSDestPubKeyStream; /* public key stream/s*/
309  ubyte4 numPubKeyStream; /* number of public key stream/s */
310 } PKCS12PrivacyModeConfig;
311 
312 /* End of User configuration realted structures */
313 
314 /*
315  * when type is KEYINFO, content contains the DER encoded PKCS#8 PrivateKeyInfo;
316  * when type is CERT, and extraInfo is X509, content contains the DER encoded X.509 certificate;
317  * when type is CERT, and extraInfo is SDSI, content contains the BASE64 encoded SDSI certificate;
318  * when type is CRL, and extraInfo is X509, content contains the DER encoded X.509 CRL.
319 */
320 
369 typedef MSTATUS (*PKCS12_contentHandler)(const void* context, contentTypes type,
370  ubyte4 extraInfo,
371  const ubyte* content,
372  ubyte4 contentLen);
373 
374 /*------------------------------------------------------------------*/
375 
376 /* these routines take a pointer to the root item of a parsed PKCS12
377  message (by ASN1_Parse) */
378 
427 MOC_EXTERN MSTATUS PKCS12_ExtractInfo(MOC_HW(hwAccelDescr hwAccelCtx)
428  ASN1_ITEM* pRootItem,
429  CStream s,
430  const ubyte* uniPassword,
431  sbyte4 uniPassLen,
432  void* pkcs7CBArg,
433  PKCS7_Callbacks* pkcs7CBs,
434  void* handlerContext,
435  PKCS12_contentHandler handler);
436 
437 
438 /* NOTE for PKCS12_decrypt/PKCS12_encrypt: password argument can be unicode or not */
439 
479 MOC_EXTERN MSTATUS PKCS12_decrypt(MOC_SYM(hwAccelDescr hwAccelCtx)
480  ASN1_ITEMPTR pEncryptedData,
481  ASN1_ITEMPTR pAlgoIdentifier,
482  CStream s, const ubyte* password,
483  sbyte4 passwordLen,
484  ubyte** decryptedInfo,
485  sbyte4* decryptedInfoLen);
486 
540 MOC_EXTERN MSTATUS PKCS12_encrypt(MOC_SYM(hwAccelDescr hwAccelCtx)
541  ubyte pbeSubType,
542  const ubyte* password, sbyte4 passwordLen,
543  const ubyte* salt, sbyte4 saltLen, ubyte4 iterCount,
544  ubyte* plainText, sbyte4 plainTextLen);
545 
682 MOC_EXTERN const BulkEncryptionAlgo* PKCS12_GetEncryptionAlgo( ubyte pbeSubType);
683 
754 MOC_EXTERN MSTATUS
755 PKCS12_EncryptPFXPdu(MOC_HW(hwAccelDescr hwAccelCtx)
756  randomContext* pRandomContext,
757  ubyte4 integrityMode,
758  /* Password Integrity Mode */
759  const ubyte* pIntegrityPswd,
760  ubyte4 integrityPswdLen,
761  /* Pub Key Integrity Mode */
762  AsymmetricKey* pVsrcSigK,
763  const ubyte* pDigestAlgoOID,
764  CStream csSignerCertificate[],
765  ubyte4 numSignerCerts,
766  /* PKCS Privacy Mode Configuration and Data */
767  const PKCS12PrivacyModeConfig *pPkcs12PrivacyModeConfig,
768  /* Data to be encrypted */
769  PKCS12DataObject pkcs12DataObject[/*numPKCS12DataObj*/],
770  ubyte4 numPKCS12DataObj,
771  /* return PKCS#12 certificate */
772  ubyte** ppRetPkcs12CertDer, ubyte4* pRetPkcs12CertDerLen);
773 
817 MOC_EXTERN MSTATUS PKCS12_DecryptPFXPduPwMode(
818  MOC_HW(hwAccelDescr hwAccelCtx)
819  ubyte *pPkcs12Data,
820  ubyte4 pkcs12DataLen,
821  ubyte *pEncPw,
822  ubyte4 encPwLen,
823  ubyte *pPrivacyPswd,
824  ubyte4 privacyPswdLen,
825  ubyte *pIntegrityPswd,
826  ubyte4 integrityPswdLen,
827  SizedBuffer **ppCerts,
828  ubyte4 *pCertCount,
829  ubyte **ppKeyBlob,
830  ubyte4 *pKeyBlobLen);
831 
879 MOC_EXTERN MSTATUS PKCS12_EncryptPFXPduPwMode(
880  MOC_HW(hwAccelDescr hwAccelCtx)
881  randomContext *pRandomContext,
882  SizedBuffer *pCerts,
883  ubyte4 certCount,
884  ubyte *pKeyBlob,
885  ubyte4 keyBlobLen,
886  ubyte *pCA,
887  ubyte4 caLen,
888  ubyte *pEncPw,
889  ubyte4 encPwLen,
890  ubyte4 pkcs12EncryptionType,
891  ubyte *pPrivacyPswd,
892  ubyte4 privacyPswdLen,
893  ubyte *pIntegrityPswd,
894  ubyte4 integrityPswdLen,
895  ubyte **ppRetPkcs12CertDer,
896  ubyte4 *pRetPkcs12CertDerLen);
897 
898 
950 MOC_EXTERN MSTATUS PKCS12_EncryptPFXPduCertMode(
951  MOC_HW(hwAccelDescr hwAccelCtx)
952  randomContext *pRandomContext,
953  SizedBuffer *pCerts,
954  ubyte4 certCount,
955  ubyte *pKeyBlob,
956  ubyte4 keyBlobLen,
957  ubyte *pCA,
958  ubyte4 caLen,
959  ubyte *pEncPw,
960  ubyte4 encPwLen,
961  ubyte4 pkcs12EncryptionType,
962  ubyte *pEncKeyCert,
963  ubyte4 encKeyCertLen,
964  const ubyte *pEncAlgoId,
965  ubyte *pIntegrityKeyblob,
966  ubyte4 integrityKeyblobLen,
967  ubyte *pIntegrityCert,
968  ubyte4 integrityCertLen,
969  const ubyte *pDigestAlgoOID,
970  ubyte **ppRetPkcs12CertDer,
971  ubyte4 *pRetPkcs12CertDerLen);
972 
973 #endif /* __ENABLE_MOCANA_PKCS12__ */
974 
975 
976 #ifdef __cplusplus
977 }
978 #endif
979 
980 #endif /*#ifndef __PKCS12_HEADER__ */
PKCS12_encrypt
MOC_EXTERN MSTATUS PKCS12_encrypt(MOC_SYM(hwAccelDescr hwAccelCtx) ubyte pbeSubType, const ubyte *password, sbyte4 passwordLen, const ubyte *salt, sbyte4 saltLen, ubyte4 iterCount, ubyte *plainText, sbyte4 plainTextLen)
Encrypt a buffer, typically a public key, according to the specified algorithm.
PKCS12DataObject::numPKCS12AttrValue
ubyte4 numPKCS12AttrValue
Number of PKCS12AtttributeUserValue instances in ppPKCS12AttrValue.
Definition: pkcs12.h:226
PKCS12DataObject
Content to be published in the PKCS #12 file with the privacy mode.
Definition: pkcs12.h:132
PKCS12DataObject::encKeyType
ubyte4 encKeyType
PKCS #8 encrytion key type; any of the PKCS8EncryptionType enum values from pkcs_key.h.
Definition: pkcs12.h:158
PKCS12_contentHandler
MSTATUS(* PKCS12_contentHandler)(const void *context, contentTypes type, ubyte4 extraInfo, const ubyte *content, ubyte4 contentLen)
Process and return the information extracted from a PFX PDU.
Definition: pkcs12.h:369
PKCS12DataObject::eCertType
certTypes eCertType
Type of certificate; any of the certTypes enum values from pkcs12.h.
Definition: pkcs12.h:188
PKCS12_decrypt
MOC_EXTERN MSTATUS PKCS12_decrypt(MOC_SYM(hwAccelDescr hwAccelCtx) ASN1_ITEMPTR pEncryptedData, ASN1_ITEMPTR pAlgoIdentifier, CStream s, const ubyte *password, sbyte4 passwordLen, ubyte **decryptedInfo, sbyte4 *decryptedInfoLen)
Decrypt data according to a given algorithm, pAlgorithmIdentifier.
ePKCS12AttributeType
ePKCS12AttributeType
Enumeration of PKCS #12 attributes.
Definition: pkcs12.h:77
PKCS12PrivacyModeConfig::privacyPasswordLen
ubyte4 privacyPasswordLen
Length, in bytes, of the password referenced by pPrivacyPassword.
Definition: pkcs12.h:271
PKCS12AttributeUserValue::valueLen
ubyte4 valueLen
Length of the attribute value, PKCS12AttributeUserValue::pValue.
Definition: pkcs12.h:118
ePKCS12Mode
ePKCS12Mode
Enumeration of PKCS12 encryption and integrity modes.
Definition: pkcs12.h:62
PKCS12DataObject::certificateLen
ubyte4 certificateLen
Length of certificate file to publish, PKCS12DataObject::pCertificate.
Definition: pkcs12.h:200
PKCS12PrivacyModeConfig::pPrivacyPassword
const ubyte * pPrivacyPassword
Password for the privacy (encryption) mode; if it is NULL/0, the password from Integrity password mod...
Definition: pkcs12.h:264
PKCS12DataObject::ppPKCS12AttrValue
PKCS12AttributeUserValue ** ppPKCS12AttrValue
NULL if no parameters required; otherwise pointer to PKCS12AtttributeUserValue object instance(s)...
Definition: pkcs12.h:219
PKCS12_EncryptPFXPduPwMode
MOC_EXTERN MSTATUS PKCS12_EncryptPFXPduPwMode(randomContext *pRandomContext, SizedBuffer *pCerts, ubyte4 certCount, ubyte *pKeyBlob, ubyte4 keyBlobLen, ubyte *pCA, ubyte4 caLen, ubyte *pEncPw, ubyte4 encPwLen, ubyte4 pkcs12EncryptionType, ubyte *pPrivacyPswd, ubyte4 privacyPswdLen, ubyte *pIntegrityPswd, ubyte4 integrityPswdLen, ubyte **ppRetPkcs12CertDer, ubyte4 *pRetPkcs12CertDerLen)
Create a password integrity mode encrypted PFX PDU.
PKCS12AttributeUserValue
Nickname and/or identifier for keys; as defined in Section 4.2, "PKCS12AttrSet,", in PKCS 12 v1...
Definition: pkcs12.h:100
PKCS12PrivacyModeConfig::pEncryptionAlgoOID
const ubyte * pEncryptionAlgoOID
For public key privacy, encryption to apply.
Definition: pkcs12.h:299
PKCS12DataObject::pCrl
ubyte * pCrl
Stream containing the CRL to publish in PKCS #12.
Definition: pkcs12.h:205
PKCS12PrivacyModeConfig
Configuration information for PKCS 12 privacy (encryption) operations.
Definition: pkcs12.h:254
PKCS12PrivacyModeConfig::ppCSDestPubKeyStream
CStream ** ppCSDestPubKeyStream
Pointer to array of CStream objects containing the public key(s).
Definition: pkcs12.h:304
PKCS12DataObject::crlLen
ubyte4 crlLen
Length of the CRL data object to publish, KCS12DataObject::pCrl.
Definition: pkcs12.h:212
PKCS12DataObject::privacyMode
ePKCS12Mode privacyMode
Encryption and integrity to apply to the data; any of the ePKCS12Mode enum values from pkcs12...
Definition: pkcs12.h:148
certTypes
certTypes
Enumeration of certificate types for PKCS #12.
Definition: pkcs12.h:48
PKCS12DataObject::pCertificate
ubyte * pCertificate
DER-encoded certificate file to publish in PKCS #12.
Definition: pkcs12.h:193
PKCS12PrivacyModeConfig::pkcs12EncryptionType
ubyte4 pkcs12EncryptionType
For password privacy, encryption to apply; default = PCKS8_EncryptionType_pkcs12_sha_rc2_40.
Definition: pkcs12.h:286
PKCS7_Callbacks
Pointers to PKCS #7 callback functions required by PKCS #12 functions.
Definition: pkcs7.h:352
PKCS12_EncryptPFXPduCertMode
MOC_EXTERN MSTATUS PKCS12_EncryptPFXPduCertMode(randomContext *pRandomContext, SizedBuffer *pCerts, ubyte4 certCount, ubyte *pKeyBlob, ubyte4 keyBlobLen, ubyte *pCA, ubyte4 caLen, ubyte *pEncPw, ubyte4 encPwLen, ubyte4 pkcs12EncryptionType, ubyte *pEncKeyCert, ubyte4 encKeyCertLen, const ubyte *pEncAlgoId, ubyte *pIntegrityKeyblob, ubyte4 integrityKeyblobLen, ubyte *pIntegrityCert, ubyte4 integrityCertLen, const ubyte *pDigestAlgoOID, ubyte **ppRetPkcs12CertDer, ubyte4 *pRetPkcs12CertDerLen)
Create a key integrity mode encrypted PFX PDU.
PKCS12_EncryptPFXPdu
MOC_EXTERN MSTATUS PKCS12_EncryptPFXPdu(MOC_HW(hwAccelDescr hwAccelCtx) randomContext *pRandomContext, ubyte4 integrityMode, const ubyte *pIntegrityPswd, ubyte4 integrityPswdLen, AsymmetricKey *pVsrcSigK, const ubyte *pDigestAlgoOID, CStream csSignerCertificate[], ubyte4 numSignerCerts, const PKCS12PrivacyModeConfig *pPkcs12PrivacyModeConfig, PKCS12DataObject pkcs12DataObject[], ubyte4 numPKCS12DataObj, ubyte **ppRetPkcs12CertDer, ubyte4 *pRetPkcs12CertDerLen)
Create an encrypted PFX PDU.
PKCS12PrivacyModeConfig::numPubKeyStream
ubyte4 numPubKeyStream
Number of elements in the ppCSDestPubKeyStream CStream array.
Definition: pkcs12.h:309
PKCS12_DecryptPFXPduPwMode
MOC_EXTERN MSTATUS PKCS12_DecryptPFXPduPwMode(ubyte *pPkcs12Data, ubyte4 pkcs12DataLen, ubyte *pEncPw, ubyte4 encPwLen, ubyte *pPrivacyPswd, ubyte4 privacyPswdLen, ubyte *pIntegrityPswd, ubyte4 integrityPswdLen, SizedBuffer **ppCerts, ubyte4 *pCertCount, ubyte **ppKeyBlob, ubyte4 *pKeyBlobLen)
Decrypt a password integrity mode encrypted PFX PDU.
PKCS12DataObject::keyPasswordLen
ubyte4 keyPasswordLen
Length of the password (in bytes).
Definition: pkcs12.h:176
PKCS12AttributeUserValue::eAttrType
ePKCS12AttributeType eAttrType
Attribute type; any of the ePKCS12AttributeType enum values defined in pkcs12.h.
Definition: pkcs12.h:108
PKCS12_GetEncryptionAlgo
MOC_EXTERN const BulkEncryptionAlgo * PKCS12_GetEncryptionAlgo(ubyte pbeSubType)
Return function pointers for create, delete, and decrypt/encrypt operations for the specified PBE sub...
PKCS12AttributeUserValue::pValue
ubyte * pValue
Pointer to attribute value.
Definition: pkcs12.h:113
PKCS12_ExtractInfo
MOC_EXTERN MSTATUS PKCS12_ExtractInfo(MOC_HW(hwAccelDescr hwAccelCtx) ASN1_ITEM *pRootItem, CStream s, const ubyte *uniPassword, sbyte4 uniPassLen, void *pkcs7CBArg, PKCS7_Callbacks *pkcs7CBs, void *handlerContext, PKCS12_contentHandler handler)
Extract and decrypt information from a PFX PDU, and submit the information to the given callback...
contentTypes
contentTypes
Enumeration of content types for PKCS #12.
Definition: pkcs12.h:38
BulkEncryptionAlgo
Structure to hold function pointers to symmetric key cipher methods.
Definition: crypto.h:48
PKCS12DataObject::pPrivateKey
AsymmetricKey * pPrivateKey
Private key to publish in PKCS #12.
Definition: pkcs12.h:181
PKCS12DataObject::pKeyPassword
const ubyte * pKeyPassword
Password for key encryption.
Definition: pkcs12.h:168