Blame - include/openssl/pkcs8.h - boringssl.git

blob: 6feb7f13eb9387df01a62f807badfca7baf0fa63 [file] [log] [blame]

Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	1	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
				2	* project 1999.
				3	*/
				4	/* ====================================================================
				5	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
				6	*
				7	* Redistribution and use in source and binary forms, with or without
				8	* modification, are permitted provided that the following conditions
				9	* are met:
				10	*
				11	* 1. Redistributions of source code must retain the above copyright
				12	* notice, this list of conditions and the following disclaimer.
				13	*
				14	* 2. Redistributions in binary form must reproduce the above copyright
				15	* notice, this list of conditions and the following disclaimer in
				16	* the documentation and/or other materials provided with the
				17	* distribution.
				18	*
				19	* 3. All advertising materials mentioning features or use of this
				20	* software must display the following acknowledgment:
				21	* "This product includes software developed by the OpenSSL Project
				22	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
				23	*
				24	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
				25	* endorse or promote products derived from this software without
				26	* prior written permission. For written permission, please contact
				27	* licensing@OpenSSL.org.
				28	*
				29	* 5. Products derived from this software may not be called "OpenSSL"
				30	* nor may "OpenSSL" appear in their names without prior written
				31	* permission of the OpenSSL Project.
				32	*
				33	* 6. Redistributions of any form whatsoever must retain the following
				34	* acknowledgment:
				35	* "This product includes software developed by the OpenSSL Project
				36	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
				37	*
				38	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
				39	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
				40	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
				41	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
				42	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
				43	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
				44	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
				45	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
				46	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
				47	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
				48	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
				49	* OF THE POSSIBILITY OF SUCH DAMAGE.
				50	* ====================================================================
				51	*
				52	* This product includes cryptographic software written by Eric Young
				53	* (eay@cryptsoft.com). This product includes software written by Tim
				54	* Hudson (tjh@cryptsoft.com). */
				55
				56
				57	#ifndef OPENSSL_HEADER_PKCS8_H
				58	#define OPENSSL_HEADER_PKCS8_H
				59
				60	#include <openssl/base.h>
				61
				62	#include <openssl/x509.h>
				63
				64	#if defined(__cplusplus)
				65	extern "C" {
				66	#endif
				67
David Benjamin	e216d6b	2014-07-31 13:59:47 -0400	[diff] [blame]	68
				69	/* PKCS8_encrypt_pbe serializes and encrypts a PKCS8_PRIV_KEY_INFO with PBES1 as
Adam Langley	8e16b6e	2014-08-21 14:11:39 -0700	[diff] [blame]	70	* defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
				71	* pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
				72	* #12, are supported. The \|pass_raw_len\| bytes pointed to by \|pass_raw\| are
				73	* used as the password. Note that any conversions from the password as
				74	* supplied in a text string (such as those specified in B.1 of PKCS #12) must
				75	* be performed by the caller.
David Benjamin	e216d6b	2014-07-31 13:59:47 -0400	[diff] [blame]	76	*
				77	* If \|salt\| is NULL, a random salt of \|salt_len\| bytes is generated. If
				78	* \|salt_len\| is zero, a default salt length is used instead.
				79	*
				80	* The resulting structure is stored in an X509_SIG which must be freed by the
				81	* caller.
				82	*
				83	* TODO(davidben): Really? An X509_SIG? OpenSSL probably did that because it has
				84	* the same structure as EncryptedPrivateKeyInfo. */
				85	OPENSSL_EXPORT X509_SIG *PKCS8_encrypt_pbe(int pbe_nid,
				86	const uint8_t *pass_raw,
				87	size_t pass_raw_len,
				88	uint8_t *salt, size_t salt_len,
				89	int iterations,
				90	PKCS8_PRIV_KEY_INFO *p8inf);
				91
				92	/* PKCS8_decrypt_pbe decrypts and decodes a PKCS8_PRIV_KEY_INFO with PBES1 as
Adam Langley	8e16b6e	2014-08-21 14:11:39 -0700	[diff] [blame]	93	* defined in PKCS #5. Only pbeWithSHAAnd128BitRC4,
				94	* pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHA1And40BitRC2, defined in PKCS
				95	* #12, are supported. The \|pass_raw_len\| bytes pointed to by \|pass_raw\| are
				96	* used as the password. Note that any conversions from the password as
				97	* supplied in a text string (such as those specified in B.1 of PKCS #12) must
				98	* be performed by the caller.
David Benjamin	e216d6b	2014-07-31 13:59:47 -0400	[diff] [blame]	99	*
				100	* The resulting structure must be freed by the caller. */
				101	OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO PKCS8_decrypt_pbe(X509_SIG pkcs8,
				102	const uint8_t *pass_raw,
				103	size_t pass_raw_len);
				104
				105
				106	/* Deprecated functions. */
				107
				108	/* PKCS8_encrypt calls PKCS8_encrypt_pbe after treating \|pass\| as an ASCII
				109	* string, appending U+0000, and converting to UCS-2. (So the empty password
				110	* encodes as two NUL bytes.) The \|cipher\| argument is ignored. */
Adam Langley	eb7d2ed	2014-07-30 16:02:14 -0700	[diff] [blame]	111	OPENSSL_EXPORT X509_SIG PKCS8_encrypt(int pbe_nid, const EVP_CIPHER cipher,
				112	const char *pass, int pass_len,
				113	uint8_t *salt, size_t salt_len,
				114	int iterations,
				115	PKCS8_PRIV_KEY_INFO *p8inf);
Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	116
David Benjamin	e216d6b	2014-07-31 13:59:47 -0400	[diff] [blame]	117	/* PKCS8_decrypt calls PKCS8_decrypt_pbe after treating \|pass\| as an ASCII
				118	* string, appending U+0000, and converting to UCS-2. (So the empty password
				119	* encodes as two NUL bytes.) */
Adam Langley	eb7d2ed	2014-07-30 16:02:14 -0700	[diff] [blame]	120	OPENSSL_EXPORT PKCS8_PRIV_KEY_INFO PKCS8_decrypt(X509_SIG pkcs8,
				121	const char *pass,
				122	int pass_len);
Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	123
Adam Langley	8e16b6e	2014-08-21 14:11:39 -0700	[diff] [blame]	124	/* PKCS12_get_key_and_certs parses a PKCS#12 structure from \|in\|, authenticates
				125	* and decrypts it using \|password\|, sets \|*out_key\| to the included private
				126	* key and appends the included certificates to \|out_certs\|. It returns one on
				127	* success and zero on error. The caller takes ownership of the outputs. */
				128	OPENSSL_EXPORT int PKCS12_get_key_and_certs(EVP_PKEY **out_key,
				129	STACK_OF(X509) *out_certs,
				130	CBS in, const char password);
Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	131
				132	#if defined(__cplusplus)
				133	} /* extern C */
				134	#endif
				135
				136	#define PKCS8_F_PKCS8_encrypt 100
				137	#define PKCS8_F_EVP_PKEY2PKCS8 101
				138	#define PKCS8_F_EVP_PKCS82PKEY 102
				139	#define PKCS8_F_PKCS5_pbe_set0_algor 103
				140	#define PKCS8_F_pbe_crypt 104
				141	#define PKCS8_F_pkcs12_item_decrypt_d2i 105
				142	#define PKCS8_F_PKCS5_pbe_set 106
				143	#define PKCS8_F_pkcs12_key_gen_uni 107
				144	#define PKCS8_F_pkcs12_key_gen_asc 108
				145	#define PKCS8_F_pkcs12_pbe_keyivgen 109
				146	#define PKCS8_F_pbe_cipher_init 110
				147	#define PKCS8_F_pkcs12_item_i2d_encrypt 111
				148	#define PKCS8_F_PKCS5_pbe2_set_iv 112
				149	#define PKCS8_F_PKCS5_pbkdf2_set 113
David Benjamin	e216d6b	2014-07-31 13:59:47 -0400	[diff] [blame]	150	#define PKCS8_F_pkcs12_key_gen_raw 114
				151	#define PKCS8_F_PKCS8_decrypt 115
				152	#define PKCS8_F_PKCS8_encrypt_pbe 116
Adam Langley	8e16b6e	2014-08-21 14:11:39 -0700	[diff] [blame]	153	#define PKCS8_F_PKCS12_parse 117
				154	#define PKCS8_F_PKCS12_handle_content_info 118
				155	#define PKCS8_F_PKCS12_handle_content_infos 119
				156	#define PKCS8_F_PKCS12_get_key_and_certs 120
Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	157	#define PKCS8_R_ERROR_SETTING_CIPHER_PARAMS 100
				158	#define PKCS8_R_PRIVATE_KEY_ENCODE_ERROR 101
				159	#define PKCS8_R_UNKNOWN_ALGORITHM 102
				160	#define PKCS8_R_UNKNOWN_CIPHER 103
				161	#define PKCS8_R_UNKNOWN_DIGEST 104
				162	#define PKCS8_R_ENCODE_ERROR 105
				163	#define PKCS8_R_DECODE_ERROR 106
				164	#define PKCS8_R_ENCRYPT_ERROR 107
				165	#define PKCS8_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 108
				166	#define PKCS8_R_PRIVATE_KEY_DECODE_ERROR 109
				167	#define PKCS8_R_UNKNOWN_CIPHER_ALGORITHM 110
				168	#define PKCS8_R_KEYGEN_FAILURE 111
				169	#define PKCS8_R_TOO_LONG 112
				170	#define PKCS8_R_CRYPT_ERROR 113
				171	#define PKCS8_R_METHOD_NOT_SUPPORTED 114
				172	#define PKCS8_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 115
				173	#define PKCS8_R_KEY_GEN_ERROR 116
Adam Langley	8e16b6e	2014-08-21 14:11:39 -0700	[diff] [blame]	174	#define PKCS8_R_BAD_PKCS12_DATA 117
				175	#define PKCS8_R_PKCS12_PUBLIC_KEY_INTEGRITY_NOT_SUPPORTED 118
				176	#define PKCS8_R_BAD_PKCS12_VERSION 119
				177	#define PKCS8_R_PKCS12_TOO_DEEPLY_NESTED 120
				178	#define PKCS8_R_MULTIPLE_PRIVATE_KEYS_IN_PKCS12 121
				179	#define PKCS8_R_UNKNOWN_HASH 122
				180	#define PKCS8_R_BAD_MAC 123
				181	#define PKCS8_R_MISSING_MAC 124
				182	#define PKCS8_R_INCORRECT_PASSWORD 125
Adam Langley	95c29f3	2014-06-20 12:00:00 -0700	[diff] [blame]	183
				184	#endif /* OPENSSL_HEADER_PKCS8_H */