| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef _PKCS12T_H_ |
| #define _PKCS12T_H_ |
| |
| #include "seccomon.h" |
| #include "secoid.h" |
| #include "cert.h" |
| #include "keythi.h" |
| #include "plarena.h" |
| #include "secpkcs7.h" |
| #include "secdig.h" /* for SGNDigestInfo */ |
| |
| typedef enum { |
| SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token, |
| * User certs go to target token */ |
| SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to |
| * target token, root certs got to |
| * fixed token */ |
| SECPKCS12TargetTokenAllCAs /* All certs go to target token */ |
| } SECPKCS12TargetTokenCAs; |
| |
| /* PKCS12 Structures */ |
| typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem; |
| typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData; |
| typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe; |
| typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem; |
| typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage; |
| typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD; |
| typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem; |
| typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData; |
| typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData; |
| typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents; |
| typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag; |
| typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey; |
| typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag; |
| typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag; |
| typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL; |
| typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL; |
| typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert; |
| typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret; |
| typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional; |
| typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem; |
| typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag; |
| |
| typedef SECItem *(*SEC_PKCS12PasswordFunc)(SECItem *args); |
| |
| /* PKCS12 types */ |
| |
| /* stores shrouded keys */ |
| struct SEC_PKCS12BaggageStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12BaggageItem **bags; |
| |
| int luggage_size; /* used locally */ |
| }; |
| |
| /* additional data to be associated with keys. currently there |
| * is nothing defined to be stored here. allows future expansion. |
| */ |
| struct SEC_PKCS12PVKAdditionalDataStr { |
| PLArenaPool *poolp; |
| SECOidData *pvkAdditionalTypeTag; /* used locally */ |
| SECItem pvkAdditionalType; |
| SECItem pvkAdditionalContent; |
| }; |
| |
| /* cert and other supporting data for private keys. used |
| * for both shrouded and non-shrouded keys. |
| */ |
| struct SEC_PKCS12PVKSupportingDataStr { |
| PLArenaPool *poolp; |
| SGNDigestInfo **assocCerts; |
| SECItem regenerable; |
| SECItem nickname; |
| SEC_PKCS12PVKAdditionalData pvkAdditional; |
| SECItem pvkAdditionalDER; |
| |
| SECItem uniNickName; |
| /* used locally */ |
| int nThumbs; |
| }; |
| |
| /* shrouded key structure. supports only pkcs8 shrouding |
| * currently. |
| */ |
| struct SEC_PKCS12ESPVKItemStr { |
| PLArenaPool *poolp; /* used locally */ |
| SECOidData *espvkTag; /* used locally */ |
| SECItem espvkOID; |
| SEC_PKCS12PVKSupportingData espvkData; |
| union { |
| SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud; |
| } espvkCipherText; |
| |
| PRBool duplicate; /* used locally */ |
| PRBool problem_cert; /* used locally */ |
| PRBool single_cert; /* used locally */ |
| int nCerts; /* used locally */ |
| SECItem derCert; /* used locally */ |
| }; |
| |
| /* generic bag store for the safe. safeBagType identifies |
| * the type of bag stored. |
| */ |
| struct SEC_PKCS12SafeBagStr { |
| PLArenaPool *poolp; |
| SECOidData *safeBagTypeTag; /* used locally */ |
| SECItem safeBagType; |
| union { |
| SEC_PKCS12PrivateKeyBag *keyBag; |
| SEC_PKCS12CertAndCRLBag *certAndCRLBag; |
| SEC_PKCS12SecretBag *secretBag; |
| } safeContent; |
| |
| SECItem derSafeContent; |
| SECItem safeBagName; |
| |
| SECItem uniSafeBagName; |
| }; |
| |
| /* stores private keys and certificates in a list. each safebag |
| * has an ID identifying the type of content stored. |
| */ |
| struct SEC_PKCS12SafeContentsStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12SafeBag **contents; |
| |
| /* used for tracking purposes */ |
| int safe_size; |
| PRBool old; |
| PRBool swapUnicode; |
| PRBool possibleSwapUnicode; |
| }; |
| |
| /* private key structure which holds encrypted private key and |
| * supporting data including nickname and certificate thumbprint. |
| */ |
| struct SEC_PKCS12PrivateKeyStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12PVKSupportingData pvkData; |
| SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */ |
| |
| PRBool duplicate; /* used locally */ |
| PRBool problem_cert; /* used locally */ |
| PRBool single_cert; /* used locally */ |
| int nCerts; /* used locally */ |
| SECItem derCert; /* used locally */ |
| }; |
| |
| /* private key bag, holds a (null terminated) list of private key |
| * structures. |
| */ |
| struct SEC_PKCS12PrivateKeyBagStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12PrivateKey **privateKeys; |
| |
| int bag_size; /* used locally */ |
| }; |
| |
| /* container to hold certificates. currently supports x509 |
| * and sdsi certificates |
| */ |
| struct SEC_PKCS12CertAndCRLStr { |
| PLArenaPool *poolp; |
| SECOidData *BagTypeTag; /* used locally */ |
| SECItem BagID; |
| union { |
| SEC_PKCS12X509CertCRL *x509; |
| SEC_PKCS12SDSICert *sdsi; |
| } value; |
| |
| SECItem derValue; |
| SECItem nickname; /* used locally */ |
| PRBool duplicate; /* used locally */ |
| }; |
| |
| /* x509 certificate structure. typically holds the der encoding |
| * of the x509 certificate. thumbprint contains a digest of the |
| * certificate |
| */ |
| struct SEC_PKCS12X509CertCRLStr { |
| PLArenaPool *poolp; |
| SEC_PKCS7ContentInfo certOrCRL; |
| SGNDigestInfo thumbprint; |
| |
| SECItem *derLeafCert; /* used locally */ |
| }; |
| |
| /* sdsi certificate structure. typically holds the der encoding |
| * of the sdsi certificate. thumbprint contains a digest of the |
| * certificate |
| */ |
| struct SEC_PKCS12SDSICertStr { |
| PLArenaPool *poolp; |
| SECItem value; |
| SGNDigestInfo thumbprint; |
| }; |
| |
| /* contains a null terminated list of certs and crls */ |
| struct SEC_PKCS12CertAndCRLBagStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12CertAndCRL **certAndCRLs; |
| |
| int bag_size; /* used locally */ |
| }; |
| |
| /* additional secret information. currently no information |
| * stored in this structure. |
| */ |
| struct SEC_PKCS12SecretAdditionalStr { |
| PLArenaPool *poolp; |
| SECOidData *secretTypeTag; /* used locally */ |
| SECItem secretAdditionalType; |
| SECItem secretAdditionalContent; |
| }; |
| |
| /* secrets container. this will be used to contain currently |
| * unspecified secrets. (it's a secret) |
| */ |
| struct SEC_PKCS12SecretStr { |
| PLArenaPool *poolp; |
| SECItem secretName; |
| SECItem value; |
| SEC_PKCS12SecretAdditional secretAdditional; |
| |
| SECItem uniSecretName; |
| }; |
| |
| struct SEC_PKCS12SecretItemStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12Secret secret; |
| SEC_PKCS12SafeBag subFolder; |
| }; |
| |
| /* a bag of secrets. holds a null terminated list of secrets. |
| */ |
| struct SEC_PKCS12SecretBagStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12SecretItem **secrets; |
| |
| int bag_size; /* used locally */ |
| }; |
| |
| struct SEC_PKCS12MacDataStr { |
| SGNDigestInfo safeMac; |
| SECItem macSalt; |
| }; |
| |
| /* outer transfer unit */ |
| struct SEC_PKCS12PFXItemStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12MacData macData; |
| SEC_PKCS7ContentInfo authSafe; |
| |
| /* for compatibility with beta */ |
| PRBool old; |
| SGNDigestInfo old_safeMac; |
| SECItem old_macSalt; |
| |
| /* compatibility between platforms for unicode swapping */ |
| PRBool swapUnicode; |
| }; |
| |
| struct SEC_PKCS12BaggageItemStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12ESPVKItem **espvks; |
| SEC_PKCS12SafeBag **unencSecrets; |
| |
| int nEspvks; |
| int nSecrets; |
| }; |
| |
| /* stores shrouded keys */ |
| struct SEC_PKCS12Baggage_OLDStr { |
| PLArenaPool *poolp; |
| SEC_PKCS12ESPVKItem **espvks; |
| |
| int luggage_size; /* used locally */ |
| }; |
| |
| /* authenticated safe, stores certs, keys, and shrouded keys */ |
| struct SEC_PKCS12AuthenticatedSafeStr { |
| PLArenaPool *poolp; |
| SECItem version; |
| SECOidData *transportTypeTag; /* local not part of encoding*/ |
| SECItem transportMode; |
| SECItem privacySalt; |
| SEC_PKCS12Baggage baggage; |
| SEC_PKCS7ContentInfo *safe; |
| |
| /* used for beta compatibility */ |
| PRBool old; |
| PRBool emptySafe; |
| SEC_PKCS12Baggage_OLD old_baggage; |
| SEC_PKCS7ContentInfo old_safe; |
| PRBool swapUnicode; |
| }; |
| #define SEC_PKCS12_PFX_VERSION 1 /* what we create */ |
| |
| /* PKCS 12 Templates */ |
| extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[]; |
| extern const SEC_ASN1Template SGN_DigestInfoTemplate[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[]; |
| extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[]; |
| extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[]; |
| extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[]; |
| #endif |