1 /* 2 * This file is part of the openHiTLS project. 3 * 4 * openHiTLS is licensed under the Mulan PSL v2. 5 * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 * You may obtain a copy of Mulan PSL v2 at: 7 * 8 * http://license.coscl.org.cn/MulanPSL2 9 * 10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, 11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, 12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 13 * See the Mulan PSL v2 for more details. 14 */ 15 16 #ifndef HITLS_PKCS12_LOCAL_H 17 #define HITLS_PKCS12_LOCAL_H 18 19 #include "hitls_build.h" 20 #ifdef HITLS_PKI_PKCS12 21 #include <stdint.h> 22 #include "bsl_asn1.h" 23 #include "bsl_obj.h" 24 #include "sal_atomic.h" 25 #include "hitls_x509_local.h" 26 #include "hitls_pki_cert.h" 27 #include "crypt_eal_codecs.h" 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 typedef struct { 34 BslCid contentType; 35 BSL_Buffer *contentValue; 36 } HITLS_PKCS12_ContentInfo; 37 38 typedef struct { 39 BslCid alg; 40 BSL_Buffer *mac; 41 BSL_Buffer *macSalt; 42 uint32_t iteration; 43 } HITLS_PKCS12_MacData; 44 45 /* This struct is provided for users to create related bags and add them to the p12-ctx. */ 46 typedef struct _HITLS_PKCS12_Bag { 47 uint32_t type; 48 union { 49 CRYPT_EAL_PkeyCtx *key; 50 HITLS_X509_Cert *cert; 51 } value; 52 HITLS_X509_Attrs *attributes; // localKeyId, friendlyName, ect. Item is HITLS_PKCS12_SafeBagAttr. 53 } HITLS_PKCS12_Bag; 54 55 /* 56 * The Top-Level p12-ctx, which can store certificates and pkey required by a .p12 file. 57 * Note that the entity-cert and entity-pkey are unique. 58 */ 59 typedef struct _HITLS_PKCS12 { 60 uint32_t version; 61 HITLS_PKCS12_Bag *key; 62 HITLS_PKCS12_Bag *entityCert; 63 BSL_ASN1_List *certList; 64 HITLS_PKCS12_MacData *macData; 65 HITLS_PKI_LibCtx *libCtx; 66 const char *attrName; 67 } HITLS_PKCS12; 68 69 /* A common bag, could store a crl-bag, or a cert-bag, or a secret-bag... */ 70 typedef struct { 71 BslCid bagId; 72 BSL_Buffer *bagValue; // encode data 73 } HITLS_PKCS12_CommonSafeBag; 74 75 /* SafeBag Attributes. */ 76 typedef struct { 77 BslCid attrId; 78 BSL_Buffer attrValue; 79 } HITLS_PKCS12_SafeBagAttr; 80 81 /* A safeBag defined in RFC 7292, which storing intermediate data in our decoding process. */ 82 typedef struct { 83 BslCid bagId; 84 BSL_Buffer *bag; // encode data 85 HITLS_X509_Attrs *attributes; // Currently, only support localKeyId, friendlyName. Item is HITLS_PKCS12_SafeBagAttr. 86 } HITLS_PKCS12_SafeBag; 87 88 void HITLS_PKCS12_SafeBagFree(HITLS_PKCS12_SafeBag *safeBag); 89 90 HITLS_PKCS12_MacData *HITLS_PKCS12_MacDataNew(void); 91 92 void HITLS_PKCS12_MacDataFree(HITLS_PKCS12_MacData *macData); 93 94 void HITLS_PKCS12_AttributesFree(void *attribute); 95 96 typedef enum { 97 HITLS_PKCS12_KDF_ENCKEY_ID = 1, 98 HITLS_PKCS12_KDF_ENCIV_ID = 2, 99 HITLS_PKCS12_KDF_MACKEY_ID = 3, 100 } HITLS_PKCS12_KDF_IDX; 101 102 /* 103 * A method of obtaining the mac key in key-integrity protection mode. 104 * The method implementation follows standards RFC 7292 105 */ 106 int32_t HITLS_PKCS12_KDF(BSL_Buffer *output, const uint8_t *pwd, uint32_t pwdLen, HITLS_PKCS12_KDF_IDX type, 107 HITLS_PKCS12_MacData *macData); 108 109 /* 110 * To cal mac data in key-integrity protection mode, we use the way of Hmac + PKCS12_KDF. 111 */ 112 int32_t HITLS_PKCS12_CalMac(BSL_Buffer *output, BSL_Buffer *pwd, BSL_Buffer *initData, HITLS_PKCS12_MacData *macData); 113 114 #ifdef HITLS_PKI_PKCS12_PARSE 115 /* 116 * Parse the outermost layer of contentInfo, provide two functions 117 * 1. AuthSafe -> pkcs7 package format 118 * 2. contentInfo_i -> safeContents 119 */ 120 int32_t HITLS_PKCS12_ParseContentInfo(HITLS_PKI_LibCtx *libCtx, const char *attrName, BSL_Buffer *encode, 121 const uint8_t *password, uint32_t passLen, BSL_Buffer *data); 122 123 /* 124 * Parse the 'sequences of' of p12, provide two functions 125 * 1. contentInfo -> contentInfo_i 126 * 2. safeContent -> safeBag_i 127 * Both of the above parsing only resolves to BER encoding format, and requiring further conversion. 128 */ 129 int32_t HITLS_PKCS12_ParseAsn1AddList(BSL_Buffer *encode, BSL_ASN1_List *list, uint32_t parseType); 130 131 /* 132 * Parse each safeBag of list, and convert decode data to the cert or key. 133 */ 134 int32_t HITLS_PKCS12_ParseSafeBagList(BSL_ASN1_List *bagList, const uint8_t *password, uint32_t passLen, 135 HITLS_PKCS12 *p12); 136 137 /* 138 * Parse attributes of a safeBag, and convert decode data to the real data. 139 */ 140 int32_t HITLS_PKCS12_ParseSafeBagAttr(BSL_ASN1_Buffer *attrBuff, HITLS_X509_Attrs *attrList); 141 142 /* 143 * Parse AuthSafeData of a p12, and convert decode data to the real data. 144 */ 145 int32_t HITLS_PKCS12_ParseAuthSafeData(BSL_Buffer *encode, const uint8_t *password, uint32_t passLen, 146 HITLS_PKCS12 *p12); 147 148 /* 149 * Parse MacData of a p12, and convert decode data to the real data. 150 */ 151 int32_t HITLS_PKCS12_ParseMacData(BSL_Buffer *encode, HITLS_PKCS12_MacData *macData); 152 #endif 153 154 #ifdef HITLS_PKI_PKCS12_GEN 155 /* 156 * Encode MacData of a p12. 157 */ 158 int32_t HITLS_PKCS12_EncodeMacData(BSL_Buffer *initData, const HITLS_PKCS12_MacParam *macParam, 159 HITLS_PKCS12_MacData *p12Mac, BSL_Buffer *encode); 160 161 /* 162 * Encode contentInfo. 163 */ 164 int32_t HITLS_PKCS12_EncodeContentInfo(HITLS_PKI_LibCtx *libCtx, const char *attrName, BSL_Buffer *input, 165 uint32_t encodeType, const CRYPT_EncodeParam *encryptParam, BSL_Buffer *encode); 166 167 /* 168 * Encode list, including contentInfo-list, safeContent-list. 169 */ 170 int32_t HITLS_PKCS12_EncodeAsn1List(BSL_ASN1_List *list, uint32_t encodeType, const CRYPT_EncodeParam *encryptParam, 171 BSL_Buffer *encode); 172 #endif 173 174 /** 175 * @ingroup pkcs12 176 * @brief Add attributes to a bag. 177 */ 178 int32_t HITLS_PKCS12_BagAddAttr(HITLS_PKCS12_Bag *bag, uint32_t type, const BSL_Buffer *attrValue); 179 180 #ifdef __cplusplus 181 } 182 #endif 183 184 #endif // HITLS_PKI_PKCS12 185 186 #endif // HITLS_CRL_LOCAL_H