OPTIGA Trust M  1.1.0
C++ library for Optiga Trust M Chip Security Controller
pkcs12.h File Reference

PKCS#12 Personal Information Exchange Syntax. More...

#include "md.h"
#include "cipher.h"
#include "asn1.h"
#include <stddef.h>
Include dependency graph for pkcs12.h:

Go to the source code of this file.

Macros

#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA   -0x1F80
 
#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE   -0x1F00
 
#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT   -0x1E80
 
#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH   -0x1E00
 
#define MBEDTLS_PKCS12_DERIVE_KEY   1
 
#define MBEDTLS_PKCS12_DERIVE_IV   2
 
#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3
 
#define MBEDTLS_PKCS12_PBE_DECRYPT   0
 
#define MBEDTLS_PKCS12_PBE_ENCRYPT   1
 

Functions

int mbedtls_pkcs12_derivation (unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations)
 The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a particular "purpose". More...
 

Detailed Description

PKCS#12 Personal Information Exchange Syntax.

Macro Definition Documentation

◆ MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA

#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA   -0x1F80

Bad input parameters to function.

◆ MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE   -0x1F00

Feature not available, e.g. unsupported encryption scheme.

◆ MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH

#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH   -0x1E00

Given private key password does not allow for correct decryption.

◆ MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT

#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT   -0x1E80

PBE ASN.1 data not as expected.

◆ MBEDTLS_PKCS12_DERIVE_IV

#define MBEDTLS_PKCS12_DERIVE_IV   2

initialization vector

◆ MBEDTLS_PKCS12_DERIVE_KEY

#define MBEDTLS_PKCS12_DERIVE_KEY   1

encryption/decryption key

◆ MBEDTLS_PKCS12_DERIVE_MAC_KEY

#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3

integrity / MAC key

◆ MBEDTLS_PKCS12_PBE_DECRYPT

#define MBEDTLS_PKCS12_PBE_DECRYPT   0

◆ MBEDTLS_PKCS12_PBE_ENCRYPT

#define MBEDTLS_PKCS12_PBE_ENCRYPT   1

Function Documentation

◆ mbedtls_pkcs12_derivation()

int mbedtls_pkcs12_derivation ( unsigned char *  data,
size_t  datalen,
const unsigned char *  pwd,
size_t  pwdlen,
const unsigned char *  salt,
size_t  saltlen,
mbedtls_md_type_t  mbedtls_md,
int  id,
int  iterations 
)

The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a particular "purpose".

Depending on the given id, this function can produce an encryption/decryption key, an nitialization vector or an integrity key.

Parameters
databuffer to store the derived data in
datalenlength to fill
pwdpassword to use (may be NULL if no password is used)
pwdlenlength of the password (may be 0)
saltsalt buffer to use
saltlenlength of the salt
mbedtls_mdmbedtls_md type to use during the derivation
idid that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY, MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
iterationsnumber of iterations
Returns
0 if successful, or a MD, BIGNUM type error.