File pkcs12.h
PKCS#12 Personal Information Exchange Syntax.
Defines
-
MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA
Bad input parameters to function.
-
MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE
Feature not available, e.g. unsupported encryption scheme.
-
MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT
PBE ASN.1 data not as expected.
-
MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH
Given private key password does not allow for correct decryption.
-
MBEDTLS_PKCS12_DERIVE_KEY
encryption/decryption key
-
MBEDTLS_PKCS12_DERIVE_IV
initialization vector
-
MBEDTLS_PKCS12_DERIVE_MAC_KEY
integrity / MAC key
-
MBEDTLS_PKCS12_PBE_DECRYPT
-
MBEDTLS_PKCS12_PBE_ENCRYPT
Functions
-
int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t len, unsigned char *output, size_t output_size, size_t *output_len)
PKCS12 Password Based function (encryption / decryption) for cipher-based and mbedtls_md-based PBE’s.
Warning
When decrypting:
This function validates the CBC padding and returns MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
- Parameters:
pbe_params – an ASN1 buffer containing the pkcs-12 PbeParams structure
mode – either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
cipher_type – the cipher used
md_type – the mbedtls_md used
pwd – Latin1-encoded password used. This may only be
NULL
whenpwdlen
is 0. No null terminator should be used.pwdlen – length of the password (may be 0)
data – the input data
len – data length
output – Output buffer. On success, it contains the encrypted or decrypted data, possibly followed by the CBC padding. On failure, the content is indeterminate. For decryption, there must be enough room for
len
bytes. For encryption, there must be enough room forlen
+ 1 bytes, rounded up to the block size of the block cipher identified bypbe_params
.output_size – size of output buffer. This must be big enough to accommodate for output plus padding data.
output_len – On success, length of actual data written to the output buffer.
- Returns:
0 if successful, or a MBEDTLS_ERR_XXX code
-
int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations)
The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a particular “purpose”.
Depending on the given id, this function can produce an encryption/decryption key, an initialization vector or an integrity key.
- Parameters:
data – buffer to store the derived data in
datalen – length of buffer to fill
pwd – The password to use. For compliance with PKCS#12 §B.1, this should be a BMPString, i.e. a Unicode string where each character is encoded as 2 bytes in big-endian order, with no byte order mark and with a null terminator (i.e. the last two bytes should be 0x00 0x00).
pwdlen – length of the password (may be 0).
salt – Salt buffer to use. This may only be
NULL
whensaltlen
is 0.saltlen – length of the salt (may be zero)
mbedtls_md – mbedtls_md type to use during the derivation
id – id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
iterations – number of iterations
- Returns:
0 if successful, or a MD, BIGNUM type error.