File pkcs12.h

PKCS#12 Personal Information Exchange Syntax.

Defines

MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA

Bad input parameters to function.

MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE

Feature not available, e.g. unsupported encryption scheme.

MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT

PBE ASN.1 data not as expected.

MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH

Given private key password does not allow for correct decryption.

MBEDTLS_PKCS12_DERIVE_KEY

encryption/decryption key

MBEDTLS_PKCS12_DERIVE_IV

initialization vector

MBEDTLS_PKCS12_DERIVE_MAC_KEY

integrity / MAC key

MBEDTLS_PKCS12_PBE_DECRYPT
MBEDTLS_PKCS12_PBE_ENCRYPT

Functions

int mbedtls_pkcs12_pbe_ext(mbedtls_asn1_buf *pbe_params, int mode, mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t len, unsigned char *output, size_t output_size, size_t *output_len)

PKCS12 Password Based function (encryption / decryption) for cipher-based and mbedtls_md-based PBE’s.

Warning

When decrypting:

  • This function validates the CBC padding and returns MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).

Parameters

  • pbe_params – an ASN1 buffer containing the pkcs-12 PbeParams structure

  • mode – either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT

  • cipher_type – the cipher used

  • md_type – the mbedtls_md used

  • pwd – Latin1-encoded password used. This may only be NULL when pwdlen is 0. No null terminator should be used.

  • pwdlen – length of the password (may be 0)

  • data – the input data

  • len – data length

  • output – Output buffer. On success, it contains the encrypted or decrypted data, possibly followed by the CBC padding. On failure, the content is indeterminate. For decryption, there must be enough room for len bytes. For encryption, there must be enough room for len + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params.

  • output_size – size of output buffer. This must be big enough to accommodate for output plus padding data.

  • output_len – On success, length of actual data written to the output buffer.

Returns

0 if successful, or a MBEDTLS_ERR_XXX code

int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations)

The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a particular “purpose”.

Depending on the given id, this function can produce an encryption/decryption key, an initialization vector or an integrity key.

Parameters

  • data – buffer to store the derived data in

  • datalen – length of buffer to fill

  • pwd – The password to use. For compliance with PKCS#12 §B.1, this should be a BMPString, i.e. a Unicode string where each character is encoded as 2 bytes in big-endian order, with no byte order mark and with a null terminator (i.e. the last two bytes should be 0x00 0x00).

  • pwdlen – length of the password (may be 0).

  • salt – Salt buffer to use. This may only be NULL when saltlen is 0.

  • saltlen – length of the salt (may be zero)

  • mbedtls_md – mbedtls_md type to use during the derivation

  • id – id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)

  • iterations – number of iterations

Returns

0 if successful, or a MD, BIGNUM type error.