--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/pkiutilities/PKCS12/CrPkcs12/Inc/crpkcs12.h Tue Jan 26 15:20:08 2010 +0200
@@ -0,0 +1,326 @@
+/*
+* Copyright (c) 2004 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: This file contains the header of a CCrPKCS12 Class.
+*
+*/
+
+
+
+#ifndef CRPKCS12
+#define CRPKCS12
+
+
+// INCLUDES
+#include "CX509CertificateSet.h" // X509CertificateSet
+#include "crcrypto.h" // Crypto library
+#include <crber.h> // CCrBer
+#include <e32base.h>
+#include <secdlg.h>
+
+
+// EXTERNAL DATA STRUCTURES
+// FUNCTION PROTOTYPES
+// FORWARD DECLARATIONS
+// CLASS DEFINITIONS
+
+// DATA TYPES
+
+// Object Identifiers
+// They are used to identify different objects
+enum TCrPkcs12Algorithm
+ {
+ // Pkcs12 algorithms.
+ ECrpbeWithSHAAnd128BitRC4,
+ ECrpbeWithSHAAnd40BitRC4,
+ ECrpbeWithSHAAnd3_KeyTripleDES_CBC,
+ ECrpbeWithSHAAnd2_KeyTripleDES_CBC,
+ ECrKpbeWithSHAAnd128BitRC2_CBC,
+ ECrKpbeWithSHAAnd40BitRC2_CBC
+ };
+
+// CONSTANTS
+const TInt K40BitRC2KeySize = 5;
+const TInt K128BitRC2KeySize = 16;
+const TInt KDesKeySize = 8;
+
+// Digest algorithm identifiers
+_LIT(KCrSha1,"1.3.14.3.2.26"); // Digest algorithm Sha1.
+_LIT(KCrMD5, "1.2.840.113549.2.5"); // Digest algorithm Sha1.
+
+// Used pkcs12 encryption algorithms
+_LIT(KpbeWithSHAAnd128BitRC4,"1.2.840.113549.1.12.1.1"); // These are algorith
+_LIT(KpbeWithSHAAnd40BitRC4,"1.2.840.113549.1.12.1.2"); // identifiers for deriving
+_LIT(KpbeWithSHAAnd3_KeyTripleDES_CBC,"1.2.840.113549.1.12.1.3"); // keys and IVs.
+_LIT(KpbeWithSHAAnd2_KeyTripleDES_CBC,"1.2.840.113549.1.12.1.4"); // As implied by their
+_LIT(KpbeWithSHAAnd128BitRC2_CBC,"1.2.840.113549.1.12.1.5"); // names, all of the object
+_LIT(KpbeWithSHAAnd40BitRC2_CBC,"1.2.840.113549.1.12.1.6"); // identifiers here use the hash
+ // function SHA-1.
+
+// Pkcs12 SafeBags-types
+_LIT(KkeyBag,"1.2.840.113549.1.12.10.1.1"); // SafeBag types. Each SafeBag holds one piece
+_LIT(Kpkcs8ShroudedKeyBag,"1.2.840.113549.1.12.10.1.2"); // of information -a key,
+_LIT(KcertBag,"1.2.840.113549.1.12.10.1.3"); // a certificate, etc.- which is identified
+_LIT(KcrlBag,"1.2.840.113549.1.12.10.1.4"); // by an object identifier.
+_LIT(KsecretBag,"1.2.840.113549.1.12.10.1.5");
+_LIT(KsafeContentsBag,"1.2.840.113549.1.12.10.1.6");
+
+// Pkcs7 datatypes used in this library
+_LIT(Kpkcs7Data,"1.2.840.113549.1.7.1"); // Pkcs7 Data-type
+_LIT(Kpkcs7EncryptedData,"1.2.840.113549.1.7.6"); // Pkcs7 encryptedData-type
+
+// Pkcs9 object identifiers
+_LIT(Kpkcs9LocalKeyId,"1.2.840.113549.1.9.21"); // LocalKeyId. This is used to identify
+ // what certificate belongs to what
+ // PrivateKey
+
+_LIT(Kx509certificate,"1.2.840.113549.1.9.22.1"); // X509Certificate
+
+// pkcs1 object identifier for rsaEncryption
+_LIT(Kpkcs1rsaEncryption,"1.2.840.113549.1.1.1"); // For PrivateKey
+
+_LIT(KdsaSignatureKey,"1.2.840.10040.4.1"); // DSA signature key
+
+
+const TInt KVersion3 = 0x3; // Version number for PFX
+const TInt KVersion1 = 0x0; // PrivateKey version
+const TInt KFirstObject = 0; // First object
+const TInt KEdVer0 = 0x0; // PKCS #7 Encrypted-data content type
+ // version number
+
+const TInt KId1 = 1; // If ID = 1, then pseudo-random bits being produced are
+ // used as key material for performing encryption / decryption
+
+const TInt KId2 = 2; // If ID = 2, then pseudo-random bits produced are to be used as
+ // an IV (Initial Value) for encryption / decryption
+
+const TInt KId3 = 3; // If ID = 3, then pseudo-random bits being produced are to be
+ // used as an integrity key for MAC-ing.
+
+
+/**
+* Class CCrPKCS12
+* Class CCrPKCS12 opens pkcs12-file with help of CCrBer-library.
+*
+* @lib crpkcs12.lib
+* @since Series 60 3.0
+*/
+NONSHARABLE_CLASS( CCrPKCS12): public CBase
+ {
+ // Constructors and destructors.
+ private:
+
+ CCrPKCS12();
+ void ConstructL();
+
+ public:
+ static CCrPKCS12* NewLC();
+ static CCrPKCS12* NewL();
+ ~CCrPKCS12();
+
+ public: // Functions
+
+ // This is the main function of this library. It validates PKCS #12 file,
+ // checks integrity of file, checks password, opens and decrypts ContentInfo,
+ // decrypts certificates and private keys. If this function returns
+ // ValidFile, other exported functions can be called.
+ TCrStatus OpenL(
+ CCrData& aPkcs12File,
+ const TDesC16& aPassword );
+
+ // Returns set of CX509Certificate objects defined in certman.
+ // These are CACertificates.
+ const CX509CertificateSet& CACertificates() const;
+
+ // Returns set of TDesC8 objects defined in certman.
+ // These are CACertificates.
+ const CArrayPtrFlat<TDesC8>& CACertificateBuffer() const;
+
+ // Returns set of CX509Certificate objects defined in certman.
+ // These are UserCertificates.
+ const CX509CertificateSet& UserCertificates() const;
+
+ // Returns set of TDesC8 objects defined in certman.
+ // These are UserCertificates.
+ const CArrayPtrFlat<TDesC8>& UserCertificateBuffer() const;
+
+ const CArrayPtrFlat<HBufC8>& PrivateKeys() const;
+
+ // Returns the number of iterations.
+ TUint Iter();
+
+ // Returns mac.
+ HBufC8* Mac();
+
+ // Returns salt.
+ HBufC8* Salt();
+
+ // Returns number of SafeBags in PKCS #12 file.
+ TUint SafeBagsCount();
+
+ private:
+
+ // Private helper class for asynchronous calls.
+ NONSHARABLE_CLASS( CPKCS12SyncWrapper ): public CActive
+ {
+ public:
+ CPKCS12SyncWrapper();
+ ~CPKCS12SyncWrapper();
+ TInt EnterPasswordL(const TPINParams& aPINParams, TBool aRetry, TPINValue& aPINValue);
+ protected: // Functions from base classes
+ /**
+ * From CActive
+ */
+ void DoCancel();
+ void RunL();
+ private:
+ TInt SetActiveAndWait();
+ private:
+ MSecurityDialog* iSecDlg;
+ CActiveSchedulerWait iWait;
+ };
+
+ private:
+ // Jumps next object at same level, used in Open-function.
+ TUint JumpNextObjectAtSameLevel();
+
+ // Returns what's the algorithm (via OID).
+ // Returns 0, if it isn't algorithm at all.
+ TUint GetAlgorithmL( HBufC* aBuf );
+
+ // This function adds given certificate to given set.
+ void PutCertsIntoSetL(CX509CertificateSet* aSet,
+ CArrayPtrFlat<TDesC8>* aBufSet,
+ HBufC8* aX509certificate );
+
+ // This function generates double byte pasword from given eight
+ // byte password and calls VerifyMac.
+ TBool VerifyMacFromEightBytePassword(const TDesC8& aPassWord);
+
+ // Verifies mac (integrity of file and if password is correct).
+ // Used in Open-function.
+ TBool VerifyMacL(const TDesC8& aPassWord);
+ TBool VerifyMacL(const TDesC16& aPassWord);
+
+ // Opens ContentInfo, used in Open-function.
+ TBool ReadContentInfo( CCrData& aContentInfo );
+
+ // Decodes SafeBags. Used in Open function.
+ TInt DecodeSafeBagsL();
+
+ // Decrypts ContentInfo, used in OpenContentInfo-function.
+ TBool UnpackContentInfo( CCrData& aContentData );
+
+ // Decrypts pkcs7Data, used in DecryptContentInfo-function.
+ TBool UnpackPkcs7DataL( CCrData& aPkcs7Data );
+
+ // Unpacks pkcs7EncryptedData, used in DecryptContentInfo-
+ // function.
+ TBool UnpackPkcs7EncryptedDataL( CCrData& aPkcs7EncryptedData );
+
+ // Decrypts pkcs7EncryptesData, used in UnpackPkcs7EncryptedData
+ // function.
+ TBool DecryptPkcs7EncryptedDataL(HBufC8* aPkcs7EncryptedData,
+ HBufC8* aSalt,
+ TInt aIter,
+ TInt aAlgorithm );
+
+
+ // Extracts contents of keybag, used in DecodeSafeBags function.
+ void CCrPKCS12::ExtractKeybagL( CCrData& aSafeBag );
+
+ // Decrypts pkcs8-shroudedkeybag, used in DecodeSafeBags function.
+ void DecryptShroudedKeybagL( CCrData& aSafeBag );
+
+ // Decodes certificate bag, used in DecodeSafeBags function.
+ void DecodeCertBagL( CCrData& aSafeBags );
+
+ // Decrypts private key, used in DecryptShroudedKeybag.
+ TBool DecryptPrivateKeyL( HBufC8* aEncryptedPrivateKey,
+ HBufC8* aSalt,
+ TInt aIter,
+ TInt aAlgorithm );
+
+ // Gets SafeBags LocalKeyId. This is used to identidy what certificate
+ // belongs to private key. Used in DecryptPrivateKey function.
+ HBufC8* GetLocalKeyId( CCrData& aBagData );
+
+ void DecryptDataL( const TDesC8& aEncryptedData,
+ const TDesC8& aSalt,
+ TInt aIter,
+ TInt aAlgorithm,
+ TDes8& aDecryptedData );
+
+
+ private: // Data.
+
+ // Iterations
+ TUint iIter;
+
+ // CCrBerSet, set of CCrBer-objects, from crber.lib.
+ CCrBerSet* iberSet;
+
+ // CCrBer-object, from crber.lib.
+ CCrBer* iberObject;
+
+ // UserCertificates, contains set of CX509Certificate Objects,
+ // defined in certman. These certificates are user certificates.
+ // Usually there are just one user certificate in PKCS #12 file.
+ CX509CertificateSet* iUserCertificates;
+
+
+ // CACertificates, contains set of CX509Certificate Objects,
+ // defined in certman. These certificates are CA certificates.
+ CX509CertificateSet* iCACertificates;
+
+ CArrayPtrFlat<TDesC8>* iUserCertificateBuffer;
+ CArrayPtrFlat<TDesC8>* iCACertificateBuffer;
+
+ // Decrypted PKCS#8 encoded private keys.
+ CArrayPtrFlat<HBufC8>* iPKCS8PrivateKeyArray;
+
+ // This is private keys' LocalKeyIds. With these we can identify
+ // a corresponding certificate.
+ RPointerArray<HBufC8> iPrivateKeyIdArray;
+
+ // For storing mac.
+ HBufC8* iMac;
+
+ // For storing salt.
+ HBufC8* iSalt;
+
+ // index number of berObject.
+ TInt iObjectNum;
+
+ // Password given to Open function. Must be available to other
+ // functions also, so it is declared here.
+ HBufC8* iPassWord;
+
+ // Number of SafeBags.
+ TInt iSafeBagsCount;
+
+ // Used HMAC-algorithm.
+ TInt iHMACalgorithm;
+
+ // PKCS #7 data.
+ HBufC8* iContentInfo;
+
+ // SafeBags.
+ HBufC8* iBags;
+
+ HBufC8* iDecryptionKey;
+
+ TFileName iFileName;
+ };
+
+#endif
\ No newline at end of file