1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pkcs12/pkcs12t.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,366 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef _PKCS12T_H_
1.9 +#define _PKCS12T_H_
1.10 +
1.11 +#include "seccomon.h"
1.12 +#include "secoid.h"
1.13 +#include "cert.h"
1.14 +#include "key.h"
1.15 +#include "plarena.h"
1.16 +#include "secpkcs7.h"
1.17 +#include "secdig.h" /* for SGNDigestInfo */
1.18 +
1.19 +typedef enum {
1.20 + SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token,
1.21 + * User certs go to target token */
1.22 + SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
1.23 + * target token, root certs got to
1.24 + * fixed token */
1.25 + SECPKCS12TargetTokenAllCAs /* All certs go to target token */
1.26 +} SECPKCS12TargetTokenCAs;
1.27 +
1.28 +/* PKCS12 Structures */
1.29 +typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
1.30 +typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
1.31 +typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
1.32 +typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
1.33 +typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
1.34 +typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
1.35 +typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
1.36 +typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
1.37 +typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
1.38 +typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
1.39 +typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
1.40 +typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
1.41 +typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
1.42 +typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
1.43 +typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
1.44 +typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
1.45 +typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
1.46 +typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
1.47 +typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
1.48 +typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
1.49 +typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
1.50 +
1.51 +typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
1.52 +
1.53 +/* PKCS12 types */
1.54 +
1.55 +/* stores shrouded keys */
1.56 +struct SEC_PKCS12BaggageStr
1.57 +{
1.58 + PLArenaPool *poolp;
1.59 + SEC_PKCS12BaggageItem **bags;
1.60 +
1.61 + int luggage_size; /* used locally */
1.62 +};
1.63 +
1.64 +/* additional data to be associated with keys. currently there
1.65 + * is nothing defined to be stored here. allows future expansion.
1.66 + */
1.67 +struct SEC_PKCS12PVKAdditionalDataStr
1.68 +{
1.69 + PLArenaPool *poolp;
1.70 + SECOidData *pvkAdditionalTypeTag; /* used locally */
1.71 + SECItem pvkAdditionalType;
1.72 + SECItem pvkAdditionalContent;
1.73 +};
1.74 +
1.75 +/* cert and other supporting data for private keys. used
1.76 + * for both shrouded and non-shrouded keys.
1.77 + */
1.78 +struct SEC_PKCS12PVKSupportingDataStr
1.79 +{
1.80 + PLArenaPool *poolp;
1.81 + SGNDigestInfo **assocCerts;
1.82 + SECItem regenerable;
1.83 + SECItem nickname;
1.84 + SEC_PKCS12PVKAdditionalData pvkAdditional;
1.85 + SECItem pvkAdditionalDER;
1.86 +
1.87 + SECItem uniNickName;
1.88 + /* used locally */
1.89 + int nThumbs;
1.90 +};
1.91 +
1.92 +/* shrouded key structure. supports only pkcs8 shrouding
1.93 + * currently.
1.94 + */
1.95 +struct SEC_PKCS12ESPVKItemStr
1.96 +{
1.97 + PLArenaPool *poolp; /* used locally */
1.98 + SECOidData *espvkTag; /* used locally */
1.99 + SECItem espvkOID;
1.100 + SEC_PKCS12PVKSupportingData espvkData;
1.101 + union
1.102 + {
1.103 + SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
1.104 + } espvkCipherText;
1.105 +
1.106 + PRBool duplicate; /* used locally */
1.107 + PRBool problem_cert; /* used locally */
1.108 + PRBool single_cert; /* used locally */
1.109 + int nCerts; /* used locally */
1.110 + SECItem derCert; /* used locally */
1.111 +};
1.112 +
1.113 +/* generic bag store for the safe. safeBagType identifies
1.114 + * the type of bag stored.
1.115 + */
1.116 +struct SEC_PKCS12SafeBagStr
1.117 +{
1.118 + PLArenaPool *poolp;
1.119 + SECOidData *safeBagTypeTag; /* used locally */
1.120 + SECItem safeBagType;
1.121 + union
1.122 + {
1.123 + SEC_PKCS12PrivateKeyBag *keyBag;
1.124 + SEC_PKCS12CertAndCRLBag *certAndCRLBag;
1.125 + SEC_PKCS12SecretBag *secretBag;
1.126 + } safeContent;
1.127 +
1.128 + SECItem derSafeContent;
1.129 + SECItem safeBagName;
1.130 +
1.131 + SECItem uniSafeBagName;
1.132 +};
1.133 +
1.134 +/* stores private keys and certificates in a list. each safebag
1.135 + * has an ID identifying the type of content stored.
1.136 + */
1.137 +struct SEC_PKCS12SafeContentsStr
1.138 +{
1.139 + PLArenaPool *poolp;
1.140 + SEC_PKCS12SafeBag **contents;
1.141 +
1.142 + /* used for tracking purposes */
1.143 + int safe_size;
1.144 + PRBool old;
1.145 + PRBool swapUnicode;
1.146 + PRBool possibleSwapUnicode;
1.147 +};
1.148 +
1.149 +/* private key structure which holds encrypted private key and
1.150 + * supporting data including nickname and certificate thumbprint.
1.151 + */
1.152 +struct SEC_PKCS12PrivateKeyStr
1.153 +{
1.154 + PLArenaPool *poolp;
1.155 + SEC_PKCS12PVKSupportingData pvkData;
1.156 + SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
1.157 +
1.158 + PRBool duplicate; /* used locally */
1.159 + PRBool problem_cert;/* used locally */
1.160 + PRBool single_cert; /* used locally */
1.161 + int nCerts; /* used locally */
1.162 + SECItem derCert; /* used locally */
1.163 +};
1.164 +
1.165 +/* private key bag, holds a (null terminated) list of private key
1.166 + * structures.
1.167 + */
1.168 +struct SEC_PKCS12PrivateKeyBagStr
1.169 +{
1.170 + PLArenaPool *poolp;
1.171 + SEC_PKCS12PrivateKey **privateKeys;
1.172 +
1.173 + int bag_size; /* used locally */
1.174 +};
1.175 +
1.176 +/* container to hold certificates. currently supports x509
1.177 + * and sdsi certificates
1.178 + */
1.179 +struct SEC_PKCS12CertAndCRLStr
1.180 +{
1.181 + PLArenaPool *poolp;
1.182 + SECOidData *BagTypeTag; /* used locally */
1.183 + SECItem BagID;
1.184 + union
1.185 + {
1.186 + SEC_PKCS12X509CertCRL *x509;
1.187 + SEC_PKCS12SDSICert *sdsi;
1.188 + } value;
1.189 +
1.190 + SECItem derValue;
1.191 + SECItem nickname; /* used locally */
1.192 + PRBool duplicate; /* used locally */
1.193 +};
1.194 +
1.195 +/* x509 certificate structure. typically holds the der encoding
1.196 + * of the x509 certificate. thumbprint contains a digest of the
1.197 + * certificate
1.198 + */
1.199 +struct SEC_PKCS12X509CertCRLStr
1.200 +{
1.201 + PLArenaPool *poolp;
1.202 + SEC_PKCS7ContentInfo certOrCRL;
1.203 + SGNDigestInfo thumbprint;
1.204 +
1.205 + SECItem *derLeafCert; /* used locally */
1.206 +};
1.207 +
1.208 +/* sdsi certificate structure. typically holds the der encoding
1.209 + * of the sdsi certificate. thumbprint contains a digest of the
1.210 + * certificate
1.211 + */
1.212 +struct SEC_PKCS12SDSICertStr
1.213 +{
1.214 + PLArenaPool *poolp;
1.215 + SECItem value;
1.216 + SGNDigestInfo thumbprint;
1.217 +};
1.218 +
1.219 +/* contains a null terminated list of certs and crls */
1.220 +struct SEC_PKCS12CertAndCRLBagStr
1.221 +{
1.222 + PLArenaPool *poolp;
1.223 + SEC_PKCS12CertAndCRL **certAndCRLs;
1.224 +
1.225 + int bag_size; /* used locally */
1.226 +};
1.227 +
1.228 +/* additional secret information. currently no information
1.229 + * stored in this structure.
1.230 + */
1.231 +struct SEC_PKCS12SecretAdditionalStr
1.232 +{
1.233 + PLArenaPool *poolp;
1.234 + SECOidData *secretTypeTag; /* used locally */
1.235 + SECItem secretAdditionalType;
1.236 + SECItem secretAdditionalContent;
1.237 +};
1.238 +
1.239 +/* secrets container. this will be used to contain currently
1.240 + * unspecified secrets. (it's a secret)
1.241 + */
1.242 +struct SEC_PKCS12SecretStr
1.243 +{
1.244 + PLArenaPool *poolp;
1.245 + SECItem secretName;
1.246 + SECItem value;
1.247 + SEC_PKCS12SecretAdditional secretAdditional;
1.248 +
1.249 + SECItem uniSecretName;
1.250 +};
1.251 +
1.252 +struct SEC_PKCS12SecretItemStr
1.253 +{
1.254 + PLArenaPool *poolp;
1.255 + SEC_PKCS12Secret secret;
1.256 + SEC_PKCS12SafeBag subFolder;
1.257 +};
1.258 +
1.259 +/* a bag of secrets. holds a null terminated list of secrets.
1.260 + */
1.261 +struct SEC_PKCS12SecretBagStr
1.262 +{
1.263 + PLArenaPool *poolp;
1.264 + SEC_PKCS12SecretItem **secrets;
1.265 +
1.266 + int bag_size; /* used locally */
1.267 +};
1.268 +
1.269 +struct SEC_PKCS12MacDataStr
1.270 +{
1.271 + SGNDigestInfo safeMac;
1.272 + SECItem macSalt;
1.273 +};
1.274 +
1.275 +/* outer transfer unit */
1.276 +struct SEC_PKCS12PFXItemStr
1.277 +{
1.278 + PLArenaPool *poolp;
1.279 + SEC_PKCS12MacData macData;
1.280 + SEC_PKCS7ContentInfo authSafe;
1.281 +
1.282 + /* for compatibility with beta */
1.283 + PRBool old;
1.284 + SGNDigestInfo old_safeMac;
1.285 + SECItem old_macSalt;
1.286 +
1.287 + /* compatibility between platforms for unicode swapping */
1.288 + PRBool swapUnicode;
1.289 +};
1.290 +
1.291 +struct SEC_PKCS12BaggageItemStr {
1.292 + PLArenaPool *poolp;
1.293 + SEC_PKCS12ESPVKItem **espvks;
1.294 + SEC_PKCS12SafeBag **unencSecrets;
1.295 +
1.296 + int nEspvks;
1.297 + int nSecrets;
1.298 +};
1.299 +
1.300 +/* stores shrouded keys */
1.301 +struct SEC_PKCS12Baggage_OLDStr
1.302 +{
1.303 + PLArenaPool *poolp;
1.304 + SEC_PKCS12ESPVKItem **espvks;
1.305 +
1.306 + int luggage_size; /* used locally */
1.307 +};
1.308 +
1.309 +/* authenticated safe, stores certs, keys, and shrouded keys */
1.310 +struct SEC_PKCS12AuthenticatedSafeStr
1.311 +{
1.312 + PLArenaPool *poolp;
1.313 + SECItem version;
1.314 + SECOidData *transportTypeTag; /* local not part of encoding*/
1.315 + SECItem transportMode;
1.316 + SECItem privacySalt;
1.317 + SEC_PKCS12Baggage baggage;
1.318 + SEC_PKCS7ContentInfo *safe;
1.319 +
1.320 + /* used for beta compatibility */
1.321 + PRBool old;
1.322 + PRBool emptySafe;
1.323 + SEC_PKCS12Baggage_OLD old_baggage;
1.324 + SEC_PKCS7ContentInfo old_safe;
1.325 + PRBool swapUnicode;
1.326 +};
1.327 +#define SEC_PKCS12_PFX_VERSION 1 /* what we create */
1.328 +
1.329 +
1.330 +
1.331 +/* PKCS 12 Templates */
1.332 +extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
1.333 +extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
1.334 +extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
1.335 +extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
1.336 +extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
1.337 +extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
1.338 +extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
1.339 +extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
1.340 +extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
1.341 +extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
1.342 +extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
1.343 +extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
1.344 +extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
1.345 +extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
1.346 +extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
1.347 +extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
1.348 +extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
1.349 +extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
1.350 +extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
1.351 +extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
1.352 +extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
1.353 +extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
1.354 +extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
1.355 +extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
1.356 +extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
1.357 +extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
1.358 +extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
1.359 +extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
1.360 +extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
1.361 +extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
1.362 +extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
1.363 +extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
1.364 +extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
1.365 +extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
1.366 +extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
1.367 +extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
1.368 +extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
1.369 +#endif
