SecPkcs12.cpp
1 /* 2 * Copyright (c) 2003-2004,2011-2014 Apple Inc. All Rights Reserved. 3 * 4 * @APPLE_LICENSE_HEADER_START@ 5 * 6 * This file contains Original Code and/or Modifications of Original Code 7 * as defined in and that are subject to the Apple Public Source License 8 * Version 2.0 (the 'License'). You may not use this file except in 9 * compliance with the License. Please obtain a copy of the License at 10 * http://www.opensource.apple.com/apsl/ and read it before using this 11 * file. 12 * 13 * The Original Code and all software distributed under the License are 14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER 15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, 16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, 17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. 18 * Please see the License for the specific language governing rights and 19 * limitations under the License. 20 * 21 * @APPLE_LICENSE_HEADER_END@ 22 */ 23 /* 24 * SecPkcs12.cpp 25 */ 26 27 #include "SecPkcs12.h" 28 #include "pkcs12Coder.h" 29 #include "pkcs12BagAttrs.h" 30 #include "pkcs12SafeBag.h" 31 #include "pkcs12Utils.h" 32 #include <security_cdsa_utilities/cssmerrors.h> 33 #include <Security/SecBasePriv.h> 34 35 /* 36 * API function call wrappers, impermeable to C++ exceptions 37 */ 38 #define BEGIN_P12API \ 39 try { 40 41 #define END_P12API \ 42 } \ 43 catch (const MacOSError &err) { return err.osStatus(); } \ 44 catch (const CommonError &err) { return SecKeychainErrFromOSStatus(err.osStatus()); } \ 45 catch (const std::bad_alloc &) { return errSecAllocate; } \ 46 catch (...) { return errSecInternalComponent; } \ 47 return errSecSuccess; 48 49 /* catch incoming NULL parameters */ 50 static inline void required( 51 const void *param) 52 { 53 if(param == NULL) { 54 MacOSError::throwMe(errSecParam); 55 } 56 } 57 58 /* 59 * Standard means of casting a SecPkcs12CoderRef to a P12Coder * 60 */ 61 static inline P12Coder *P12CoderCast( 62 SecPkcs12CoderRef coder) 63 { 64 required(coder); 65 return reinterpret_cast<P12Coder *>(coder); 66 } 67 68 /* 69 * Standard means of casting a SecPkcs12AttrsRef to a P12BagAttrs * 70 * This one uses the P12BagAttrsStandAlone version, not tied to 71 * a specific P12Coder (actually, to a P12Coder's SecNssCoder). 72 */ 73 static inline P12BagAttrsStandAlone *P12AttrsCast( 74 SecPkcs12AttrsRef attrs) 75 { 76 if(attrs == NULL) { 77 MacOSError::throwMe(errSecParam); 78 } 79 return reinterpret_cast<P12BagAttrsStandAlone *>(attrs); 80 } 81 82 /* optional flavor used in SecPkcs12Add*() */ 83 static inline P12BagAttrs *P12AttrsCastOpt( 84 SecPkcs12AttrsRef attrs) 85 { 86 return reinterpret_cast<P12BagAttrs *>(attrs); 87 } 88 89 #pragma mark --- SecPkcs12CoderRef create/destroy --- 90 91 /* 92 * Basic SecPkcs12CoderRef create/destroy. 93 */ 94 OSStatus SecPkcs12CoderCreate( 95 SecPkcs12CoderRef *coder) // RETURNED 96 { 97 BEGIN_P12API 98 99 required(coder); 100 P12Coder *p12coder = new P12Coder; 101 *coder = p12coder; 102 103 END_P12API 104 } 105 106 /* 107 * Destroy object created in SecPkcs12CoderCreate. 108 * This will go away if we make this object a CoreFoundation type. 109 */ 110 OSStatus SecPkcs12CoderRelease( 111 SecPkcs12CoderRef coder) 112 { 113 BEGIN_P12API 114 115 P12Coder *p12coder = P12CoderCast(coder); 116 delete p12coder; 117 118 END_P12API 119 } 120 121 OSStatus SecPkcs12SetMACPassphrase( 122 SecPkcs12CoderRef coder, 123 CFStringRef passphrase) 124 { 125 BEGIN_P12API 126 127 P12Coder *p12coder = P12CoderCast(coder); 128 required(passphrase); 129 p12coder->setMacPassPhrase(passphrase); 130 131 END_P12API 132 } 133 134 OSStatus SecPkcs12SetMACPassKey( 135 SecPkcs12CoderRef coder, 136 const CSSM_KEY *passKey) 137 { 138 BEGIN_P12API 139 140 P12Coder *p12coder = P12CoderCast(coder); 141 required(passKey); 142 p12coder->setMacPassKey(passKey); 143 144 END_P12API 145 } 146 147 /* 148 * Specify separate passphrase for encrypt/decrypt. 149 */ 150 OSStatus SecPkcs12SetCryptPassphrase( 151 SecPkcs12CoderRef coder, 152 CFStringRef passphrase) 153 { 154 BEGIN_P12API 155 156 P12Coder *p12coder = P12CoderCast(coder); 157 required(passphrase); 158 p12coder->setEncrPassPhrase(passphrase); 159 160 END_P12API 161 } 162 163 OSStatus SecPkcs12SetCryptPassKey( 164 SecPkcs12CoderRef coder, 165 const CSSM_KEY *passKey) 166 { 167 BEGIN_P12API 168 169 P12Coder *p12coder = P12CoderCast(coder); 170 required(passKey); 171 p12coder->setEncrPassKey(passKey); 172 173 END_P12API 174 } 175 176 177 /* 178 * Target location of decoded keys and certs. 179 */ 180 OSStatus SecPkcs12SetKeychain( 181 SecPkcs12CoderRef coder, 182 SecKeychainRef keychain) 183 { 184 BEGIN_P12API 185 186 P12Coder *p12coder = P12CoderCast(coder); 187 required(keychain); 188 p12coder->setKeychain(keychain); 189 190 END_P12API 191 } 192 193 /* 194 * Required iff SecPkcs12SetKeychain() not called. 195 */ 196 OSStatus SecPkcs12SetCspHandle( 197 SecPkcs12CoderRef coder, 198 CSSM_CSP_HANDLE cspHandle) 199 { 200 BEGIN_P12API 201 202 P12Coder *p12coder = P12CoderCast(coder); 203 p12coder->setCsp(cspHandle); 204 205 END_P12API 206 } 207 208 OSStatus SecPkcs12SetImportToKeychain( 209 SecPkcs12CoderRef coder, 210 SecPkcs12ImportFlags flags) 211 { 212 BEGIN_P12API 213 214 P12Coder *p12coder = P12CoderCast(coder); 215 p12coder->importFlags(flags); 216 217 END_P12API 218 } 219 220 OSStatus SecPkcs12GetImportToKeychain( 221 SecPkcs12CoderRef coder, 222 SecPkcs12ImportFlags *flags) // RETURNED 223 { 224 BEGIN_P12API 225 226 P12Coder *p12coder = P12CoderCast(coder); 227 required(flags); 228 *flags = p12coder->importFlags(); 229 230 END_P12API 231 } 232 233 OSStatus SecPkcs12ExportKeychainItems( 234 SecPkcs12CoderRef coder, 235 CFArrayRef items) 236 { 237 BEGIN_P12API 238 239 P12Coder *p12coder = P12CoderCast(coder); 240 required(items); 241 p12coder->exportKeychainItems(items); 242 243 END_P12API 244 } 245 246 OSStatus SecPkcs12SetAccess( 247 SecPkcs12CoderRef coder, 248 SecAccessRef access) 249 { 250 BEGIN_P12API 251 252 P12Coder *p12coder = P12CoderCast(coder); 253 p12coder->setAccess(access); 254 255 END_P12API 256 } 257 258 OSStatus SecPkcs12SetKeyUsage( 259 SecPkcs12CoderRef coder, 260 CSSM_KEYUSE keyUsage) 261 { 262 BEGIN_P12API 263 264 P12Coder *p12coder = P12CoderCast(coder); 265 p12coder->setKeyUsage(keyUsage); 266 267 END_P12API 268 } 269 270 OSStatus SecPkcs12SetKeyAttrs( 271 SecPkcs12CoderRef coder, 272 CSSM_KEYATTR_FLAGS keyAttrs) 273 { 274 BEGIN_P12API 275 276 P12Coder *p12coder = P12CoderCast(coder); 277 p12coder->setKeyAttrs(keyAttrs); 278 279 END_P12API 280 } 281 282 #pragma mark --- Decoder Functions --- 283 284 /* 285 * Parse and decode. 286 */ 287 OSStatus SecPkcs12Decode( 288 SecPkcs12CoderRef coder, 289 CFDataRef pfx) 290 { 291 BEGIN_P12API 292 293 P12Coder *p12coder = P12CoderCast(coder); 294 required(pfx); 295 try { 296 p12coder->decode(pfx); 297 } 298 catch(...) { 299 /* abort - clean up - delete stored keys */ 300 p12coder->deleteDecodedItems(); 301 throw; 302 } 303 END_P12API 304 } 305 306 /* 307 * Subsequent to decoding, obtain the components. 308 * These functions can also be used as "getter" functions while encoding. 309 * 310 * Certificates: 311 */ 312 OSStatus SecPkcs12CertificateCount( 313 SecPkcs12CoderRef coder, 314 CFIndex *numCerts) // RETURNED 315 { 316 BEGIN_P12API 317 318 P12Coder *p12coder = P12CoderCast(coder); 319 required(numCerts); 320 *numCerts = p12coder->numCerts(); 321 322 END_P12API 323 } 324 325 OSStatus SecPkcs12CopyCertificate( 326 SecPkcs12CoderRef coder, 327 CFIndex certNum, 328 SecCertificateRef *secCert, // RETURNED 329 CFStringRef *friendlyName, // RETURNED 330 CFDataRef *localKeyId, // RETURNED 331 SecPkcs12AttrsRef *attrs) // RETURNED 332 { 333 BEGIN_P12API 334 335 P12Coder *p12coder = P12CoderCast(coder); 336 required(secCert); 337 /* others are optional - if NULL, we don't return that param */ 338 P12CertBag *bag = p12coder->getCert((unsigned)certNum); 339 *secCert = bag->getSecCert(); 340 341 /* now the optional attrs */ 342 P12BagAttrs *p12Attrs = NULL; 343 bag->copyAllAttrs(friendlyName, localKeyId, 344 attrs ? &p12Attrs : NULL); 345 if(p12Attrs) { 346 *attrs = p12Attrs; 347 } 348 END_P12API 349 } 350 351 /* 352 * CRLs. The might change if a SecCrl type is defined elsewhere. 353 * We'll typedef it here to preserve the semantics of this function. 354 */ 355 OSStatus SecPkcs12CrlCount( 356 SecPkcs12CoderRef coder, 357 CFIndex *numCrls) // RETURNED 358 { 359 BEGIN_P12API 360 361 P12Coder *p12coder = P12CoderCast(coder); 362 required(numCrls); 363 *numCrls = p12coder->numCrls(); 364 365 END_P12API 366 } 367 368 OSStatus SecPkcs12CopyCrl( 369 SecPkcs12CoderRef coder, 370 CFIndex crlNum, 371 SecCrlRef *crl, // RETURNED 372 CFStringRef *friendlyName, // RETURNED 373 CFDataRef *localKeyId, // RETURNED 374 SecPkcs12AttrsRef *attrs) // RETURNED 375 { 376 BEGIN_P12API 377 378 P12Coder *p12coder = P12CoderCast(coder); 379 required(crl); 380 /* others are optional - if NULL, we don't return that param */ 381 P12CrlBag *bag = p12coder->getCrl((unsigned)crlNum); 382 *crl = p12CssmDataToCf(bag->crlData()); 383 384 /* now the optional attrs */ 385 P12BagAttrs *p12Attrs = NULL; 386 bag->copyAllAttrs(friendlyName, localKeyId, 387 attrs ? &p12Attrs : NULL); 388 if(p12Attrs) { 389 *attrs = p12Attrs; 390 } 391 392 END_P12API 393 } 394 395 /* 396 * Private keys. 397 */ 398 OSStatus SecPkcs12PrivateKeyCount( 399 SecPkcs12CoderRef coder, 400 CFIndex *numKeys) // RETURNED 401 { 402 BEGIN_P12API 403 404 P12Coder *p12coder = P12CoderCast(coder); 405 required(numKeys); 406 *numKeys = p12coder->numKeys(); 407 408 END_P12API 409 } 410 411 OSStatus SecPkcs12CopyPrivateKey( 412 SecPkcs12CoderRef coder, 413 CFIndex keyNum, 414 SecKeyRef *privateKey, // RETURNED 415 CFStringRef *friendlyName, // RETURNED 416 CFDataRef *localKeyId, // RETURNED 417 SecPkcs12AttrsRef *attrs) // RETURNED 418 { 419 BEGIN_P12API 420 /*P12Coder *p12coder = P12CoderCast(coder); */ 421 return errSecUnimplemented; 422 END_P12API 423 } 424 425 OSStatus SecPkcs12GetCssmPrivateKey( 426 SecPkcs12CoderRef coder, 427 CFIndex keyNum, 428 CSSM_KEY_PTR *privateKey, // RETURNED 429 CFStringRef *friendlyName, // RETURNED 430 CFDataRef *localKeyId, // RETURNED 431 SecPkcs12AttrsRef *attrs) // RETURNED 432 { 433 BEGIN_P12API 434 P12Coder *p12coder = P12CoderCast(coder); 435 required(privateKey); 436 /* others are optional - if NULL, we don't return that param */ 437 P12KeyBag *bag = p12coder->getKey((unsigned)keyNum); 438 *privateKey = bag->key(); 439 440 /* now the optional attrs */ 441 P12BagAttrs *p12Attrs = NULL; 442 bag->copyAllAttrs(friendlyName, localKeyId, 443 attrs ? &p12Attrs : NULL); 444 if(p12Attrs) { 445 *attrs = p12Attrs; 446 } 447 448 END_P12API 449 } 450 451 /* 452 * Catch-all for other components not currently understood 453 * or supported by this library. An "opaque blob" component 454 * is identified by an OID and is obtained as an opaque data 455 * blob. 456 */ 457 OSStatus SecPkcs12OpaqueBlobCount( 458 SecPkcs12CoderRef coder, 459 CFIndex *numBlobs) // RETURNED 460 { 461 BEGIN_P12API 462 463 P12Coder *p12coder = P12CoderCast(coder); 464 required(numBlobs); 465 *numBlobs = p12coder->numOpaqueBlobs(); 466 467 END_P12API 468 } 469 470 OSStatus SecPkcs12CopyOpaqueBlob( 471 SecPkcs12CoderRef coder, 472 CFIndex blobNum, 473 CFDataRef *blobOid, // RETURNED 474 CFDataRef *opaqueBlob, // RETURNED 475 CFStringRef *friendlyName, // RETURNED 476 CFDataRef *localKeyId, // RETURNED 477 SecPkcs12AttrsRef *attrs) // RETURNED 478 { 479 BEGIN_P12API 480 481 P12Coder *p12coder = P12CoderCast(coder); 482 required(blobOid); 483 required(opaqueBlob); 484 485 /* others are optional - if NULL, we don't return that param */ 486 P12OpaqueBag *bag = p12coder->getOpaque((unsigned)blobNum); 487 *opaqueBlob = p12CssmDataToCf(bag->blob()); 488 *blobOid = p12CssmDataToCf(bag->oid()); 489 490 /* now the optional attrs */ 491 P12BagAttrs *p12Attrs = NULL; 492 bag->copyAllAttrs(friendlyName, localKeyId, 493 attrs ? &p12Attrs : NULL); 494 if(p12Attrs) { 495 *attrs = p12Attrs; 496 } 497 498 END_P12API 499 } 500 501 #pragma mark --- Encoder Functions --- 502 503 /* 504 * This the final step to create an encoded PKCS12 PFX blob, 505 * after calling some number of SecPkcs12Set* functions below. 506 * The result is a DER_encoded PFX in PKCS12 lingo. 507 */ 508 OSStatus SecPkcs12Encode( 509 SecPkcs12CoderRef coder, 510 CFDataRef *pfx) // RETURNED 511 { 512 BEGIN_P12API 513 P12Coder *p12coder = P12CoderCast(coder); 514 required(pfx); 515 p12coder->encode(pfx); 516 END_P12API 517 } 518 519 /* 520 * Add individual components. "Getter" functions are available 521 * as described above (under "Functions used for decoding"). 522 */ 523 OSStatus SecPkcs12AddCertificate( 524 SecPkcs12CoderRef coder, 525 SecCertificateRef cert, 526 CFStringRef friendlyName, // optional 527 CFDataRef localKeyId, // optional 528 SecPkcs12AttrsRef attrs) // optional 529 { 530 BEGIN_P12API 531 P12Coder *p12coder = P12CoderCast(coder); 532 required(cert); 533 CSSM_DATA certData; 534 OSStatus ortn = SecCertificateGetData(cert, &certData); 535 if(ortn) { 536 return ortn; 537 } 538 CSSM_CERT_TYPE certType; 539 ortn = SecCertificateGetType(cert, &certType); 540 if(ortn) { 541 return ortn; 542 } 543 NSS_P12_CertBagType type; 544 switch(certType) { 545 case CSSM_CERT_X_509v1: 546 case CSSM_CERT_X_509v2: 547 case CSSM_CERT_X_509v3: 548 type = CT_X509; 549 break; 550 case CSSM_CERT_SDSIv1: 551 type = CT_SDSI; 552 break; 553 default: 554 type = CT_Unknown; 555 break; 556 } 557 P12CertBag *bag = new P12CertBag(type, certData, friendlyName, 558 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder()); 559 p12coder->addCert(bag); 560 END_P12API 561 } 562 563 OSStatus SecPkcs12AddCrl( 564 SecPkcs12CoderRef coder, 565 SecCrlRef crl, 566 CFStringRef friendlyName, // optional 567 CFDataRef localKeyId, // optional 568 SecPkcs12AttrsRef attrs) // optional 569 { 570 BEGIN_P12API 571 P12Coder *p12coder = P12CoderCast(coder); 572 required(crl); 573 P12CrlBag *bag = new P12CrlBag(CRT_X509, crl, friendlyName, 574 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder()); 575 p12coder->addCrl(bag); 576 END_P12API 577 } 578 579 OSStatus SecPkcs12AddPrivateKey( 580 SecPkcs12CoderRef coder, 581 SecKeyRef privateKey, 582 CFStringRef friendlyName, // optional 583 CFDataRef localKeyId, // optional 584 SecPkcs12AttrsRef attrs) // optional 585 { 586 BEGIN_P12API 587 588 P12Coder *p12coder = P12CoderCast(coder); 589 required(privateKey); 590 const CSSM_KEY *cssmKey; 591 OSStatus ortn = SecKeyGetCSSMKey(privateKey, &cssmKey); 592 if(ortn) { 593 return ortn; 594 } 595 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(), 596 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder()); 597 p12coder->addKey(bag); 598 599 END_P12API 600 } 601 602 #if 0 /* Unused */ 603 OSStatus SecPkcs12AddCssmPrivateKey( 604 SecPkcs12CoderRef coder, 605 CSSM_KEY_PTR cssmKey, 606 CFStringRef friendlyName, // optional 607 CFDataRef localKeyId, // optional 608 SecPkcs12AttrsRef attrs) // optional 609 { 610 BEGIN_P12API 611 612 P12Coder *p12coder = P12CoderCast(coder); 613 required(cssmKey); 614 P12KeyBag *bag = new P12KeyBag(cssmKey, p12coder->cspHand(), 615 friendlyName, localKeyId, P12AttrsCastOpt(attrs), p12coder->coder()); 616 p12coder->addKey(bag); 617 618 END_P12API 619 } 620 #endif 621 622 OSStatus SecPkcs12AddOpaqueBlob( 623 SecPkcs12CoderRef coder, 624 CFDataRef blobOid, 625 CFDataRef opaqueBlob, 626 CFStringRef friendlyName, // optional 627 CFDataRef localKeyId, // optional 628 SecPkcs12AttrsRef attrs) // optional 629 { 630 BEGIN_P12API 631 632 P12Coder *p12coder = P12CoderCast(coder); 633 required(blobOid); 634 required(opaqueBlob); 635 P12OpaqueBag *bag = new P12OpaqueBag(blobOid, opaqueBlob, friendlyName, 636 localKeyId, P12AttrsCastOpt(attrs), p12coder->coder()); 637 p12coder->addOpaque(bag); 638 639 END_P12API 640 } 641 642 #pragma mark --- Optional Functions --- 643 644 /*** 645 *** SecPkcs12AttrsRef manipulation. Optional and in fact expected to 646 *** be rarely used, if ever. 647 ***/ 648 649 /* 650 * Create/destroy. 651 */ 652 OSStatus SecPkcs12AttrsCreate( 653 SecPkcs12AttrsRef *attrs) // RETURNED 654 { 655 BEGIN_P12API 656 657 required(attrs); 658 P12BagAttrsStandAlone *bagAttrs = new P12BagAttrsStandAlone; 659 *attrs = (SecPkcs12AttrsRef)bagAttrs; 660 661 END_P12API 662 } 663 664 OSStatus SecPkcs12AttrsRelease( 665 SecPkcs12AttrsRef attrs) 666 { 667 BEGIN_P12API 668 669 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs); 670 delete bagAttrs; 671 672 END_P12API 673 } 674 675 /* 676 * Add an OID/value set to an existing SecPkcs12AttrsRef. 677 * Values are a CFArray containing an arbitrary number of 678 * CFDataRefs. 679 */ 680 OSStatus SecPkcs12AttrsAddAttr( 681 SecPkcs12AttrsRef attrs, 682 CFDataRef attrOid, 683 CFArrayRef attrValues) 684 { 685 BEGIN_P12API 686 687 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs); 688 bagAttrs->addAttr(attrOid, attrValues); 689 690 END_P12API 691 } 692 693 OSStatus SecPkcs12AttrCount( 694 SecPkcs12AttrsRef attrs, 695 CFIndex *numAttrs) // RETURNED 696 { 697 BEGIN_P12API 698 699 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs); 700 required(numAttrs); 701 *numAttrs = bagAttrs->numAttrs(); 702 703 END_P12API 704 } 705 706 /* 707 * Obtain n'th oid/value set from an existing SecPkcs12AttrsRef. 708 */ 709 OSStatus SecPkcs12AttrsGetAttr( 710 SecPkcs12AttrsRef attrs, 711 CFIndex attrNum, 712 CFDataRef *attrOid, // RETURNED 713 CFArrayRef *attrValues) // RETURNED 714 { 715 BEGIN_P12API 716 717 P12BagAttrsStandAlone *bagAttrs = P12AttrsCast(attrs); 718 required(attrOid); 719 required(attrValues); 720 bagAttrs->getAttr((unsigned)attrNum, attrOid, attrValues); 721 END_P12API 722 } 723 724 OSStatus SecPkcs12SetIntegrityMode( 725 SecPkcs12CoderRef coder, 726 SecPkcs12Mode mode) 727 { 728 BEGIN_P12API 729 730 P12Coder *p12coder = P12CoderCast(coder); 731 p12coder->integrityMode(mode); 732 733 END_P12API 734 } 735 736 OSStatus SecPkcs12GetIntegrityMode( 737 SecPkcs12CoderRef coder, 738 SecPkcs12Mode *mode) // RETURNED 739 { 740 BEGIN_P12API 741 742 P12Coder *p12coder = P12CoderCast(coder); 743 required(mode); 744 *mode = p12coder->integrityMode(); 745 746 END_P12API 747 } 748 749 OSStatus SecPkcs12SetPrivacyMode( 750 SecPkcs12CoderRef coder, 751 SecPkcs12Mode mode) 752 { 753 BEGIN_P12API 754 755 P12Coder *p12coder = P12CoderCast(coder); 756 p12coder->privacyMode(mode); 757 758 END_P12API 759 } 760 761 OSStatus SecPkcs12GetPrivacyMode( 762 SecPkcs12CoderRef coder, 763 SecPkcs12Mode *mode) // RETURNED 764 { 765 BEGIN_P12API 766 767 P12Coder *p12coder = P12CoderCast(coder); 768 required(mode); 769 *mode = p12coder->privacyMode(); 770 771 END_P12API 772 } 773 774 /*** 775 *** Encryption algorithms 776 ***/ 777 OSStatus SecPkcs12SetKeyEncryptionAlg( 778 SecPkcs12CoderRef coder, 779 CFDataRef encryptionAlg) 780 { 781 BEGIN_P12API 782 783 P12Coder *p12coder = P12CoderCast(coder); 784 required(encryptionAlg); 785 p12coder->strongEncrAlg(encryptionAlg); 786 787 END_P12API 788 } 789 790 OSStatus SecPkcs12SetCertCrlEncryptionAlg( 791 SecPkcs12CoderRef coder, 792 CFDataRef encryptionAlg) 793 { 794 BEGIN_P12API 795 796 P12Coder *p12coder = P12CoderCast(coder); 797 required(encryptionAlg); 798 p12coder->weakEncrAlg(encryptionAlg); 799 800 END_P12API 801 } 802 803 OSStatus SecPkcs12SetKeyEncryptionIterCount( 804 SecPkcs12CoderRef coder, 805 unsigned iterCount) 806 { 807 BEGIN_P12API 808 809 P12Coder *p12coder = P12CoderCast(coder); 810 p12coder->strongEncrIterCount(iterCount); 811 812 END_P12API 813 } 814 815 OSStatus SecPkcs12SetCertCrlEncryptionIterCount( 816 SecPkcs12CoderRef coder, 817 unsigned iterCount) 818 { 819 BEGIN_P12API 820 821 P12Coder *p12coder = P12CoderCast(coder); 822 p12coder->weakEncrIterCount(iterCount); 823 824 END_P12API 825 } 826 827 OSStatus SecPkcs12SetMacIterCount( 828 SecPkcs12CoderRef coder, 829 unsigned iterCount) 830 { 831 BEGIN_P12API 832 833 P12Coder *p12coder = P12CoderCast(coder); 834 p12coder->macEncrIterCount(iterCount); 835 836 END_P12API 837 } 838 839 OSStatus SecPkcs12CopyKeyEncryptionAlg( 840 SecPkcs12CoderRef coder, 841 CFDataRef *encryptionAlg) // RETURNED 842 { 843 BEGIN_P12API 844 845 P12Coder *p12coder = P12CoderCast(coder); 846 required(encryptionAlg); 847 *encryptionAlg = p12coder->strongEncrAlg(); 848 849 END_P12API 850 } 851 852 OSStatus SecPkcs12CopyCertCrlEncryptionAlg( 853 SecPkcs12CoderRef coder, 854 CFDataRef *encryptionAlg) // RETURNED 855 { 856 BEGIN_P12API 857 858 P12Coder *p12coder = P12CoderCast(coder); 859 required(encryptionAlg); 860 *encryptionAlg = p12coder->weakEncrAlg(); 861 862 END_P12API 863 } 864 865 OSStatus SecPkcs12CopyKeyEncryptionIterCount( 866 SecPkcs12CoderRef coder, 867 unsigned *iterCount) // RETURNED 868 { 869 BEGIN_P12API 870 871 P12Coder *p12coder = P12CoderCast(coder); 872 required(iterCount); 873 *iterCount = p12coder->strongEncrIterCount(); 874 875 END_P12API 876 } 877 878 OSStatus SecPkcs12CopyCertCrlEncryptionIterCount( 879 SecPkcs12CoderRef coder, 880 unsigned *iterCount) // RETURNED 881 { 882 BEGIN_P12API 883 884 P12Coder *p12coder = P12CoderCast(coder); 885 required(iterCount); 886 *iterCount = p12coder->weakEncrIterCount(); 887 888 END_P12API 889 } 890 891 OSStatus SecPkcs12CopyMacIterCount( 892 SecPkcs12CoderRef coder, 893 unsigned *iterCount) // RETURNED 894 { 895 BEGIN_P12API 896 897 P12Coder *p12coder = P12CoderCast(coder); 898 required(iterCount); 899 *iterCount = p12coder->macEncrIterCount(); 900 901 END_P12API 902 } 903 904 OSStatus SecPkcs12LimitPrivateKeyImport( 905 SecPkcs12CoderRef coder, 906 bool foundOneKey) 907 { 908 BEGIN_P12API 909 910 P12Coder *p12coder = P12CoderCast(coder); 911 p12coder->limitPrivKeyImport(foundOneKey); 912 913 END_P12API 914 }