security/nss/lib/pkcs12/pkcs12t.h@b8a032363ba2
security/nss/lib/pkcs12/pkcs12t.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef _PKCS12T_H_
6 #define _PKCS12T_H_
8 #include "seccomon.h"
9 #include "secoid.h"
10 #include "cert.h"
11 #include "key.h"
12 #include "plarena.h"
13 #include "secpkcs7.h"
14 #include "secdig.h" /* for SGNDigestInfo */
16 typedef enum {
17 SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token,
18 * User certs go to target token */
19 SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
20 * target token, root certs got to
21 * fixed token */
22 SECPKCS12TargetTokenAllCAs /* All certs go to target token */
23 } SECPKCS12TargetTokenCAs;
25 /* PKCS12 Structures */
26 typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
27 typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
28 typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
29 typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
30 typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
31 typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
32 typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
33 typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
34 typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
35 typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
36 typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
37 typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
38 typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
39 typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
40 typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
41 typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
42 typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
43 typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
44 typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
45 typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
46 typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
48 typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
50 /* PKCS12 types */
52 /* stores shrouded keys */
53 struct SEC_PKCS12BaggageStr
54 {
55 PLArenaPool *poolp;
56 SEC_PKCS12BaggageItem **bags;
58 int luggage_size; /* used locally */
59 };
61 /* additional data to be associated with keys. currently there
62 * is nothing defined to be stored here. allows future expansion.
63 */
64 struct SEC_PKCS12PVKAdditionalDataStr
65 {
66 PLArenaPool *poolp;
67 SECOidData *pvkAdditionalTypeTag; /* used locally */
68 SECItem pvkAdditionalType;
69 SECItem pvkAdditionalContent;
70 };
72 /* cert and other supporting data for private keys. used
73 * for both shrouded and non-shrouded keys.
74 */
75 struct SEC_PKCS12PVKSupportingDataStr
76 {
77 PLArenaPool *poolp;
78 SGNDigestInfo **assocCerts;
79 SECItem regenerable;
80 SECItem nickname;
81 SEC_PKCS12PVKAdditionalData pvkAdditional;
82 SECItem pvkAdditionalDER;
84 SECItem uniNickName;
85 /* used locally */
86 int nThumbs;
87 };
89 /* shrouded key structure. supports only pkcs8 shrouding
90 * currently.
91 */
92 struct SEC_PKCS12ESPVKItemStr
93 {
94 PLArenaPool *poolp; /* used locally */
95 SECOidData *espvkTag; /* used locally */
96 SECItem espvkOID;
97 SEC_PKCS12PVKSupportingData espvkData;
98 union
99 {
100 SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
101 } espvkCipherText;
103 PRBool duplicate; /* used locally */
104 PRBool problem_cert; /* used locally */
105 PRBool single_cert; /* used locally */
106 int nCerts; /* used locally */
107 SECItem derCert; /* used locally */
108 };
110 /* generic bag store for the safe. safeBagType identifies
111 * the type of bag stored.
112 */
113 struct SEC_PKCS12SafeBagStr
114 {
115 PLArenaPool *poolp;
116 SECOidData *safeBagTypeTag; /* used locally */
117 SECItem safeBagType;
118 union
119 {
120 SEC_PKCS12PrivateKeyBag *keyBag;
121 SEC_PKCS12CertAndCRLBag *certAndCRLBag;
122 SEC_PKCS12SecretBag *secretBag;
123 } safeContent;
125 SECItem derSafeContent;
126 SECItem safeBagName;
128 SECItem uniSafeBagName;
129 };
131 /* stores private keys and certificates in a list. each safebag
132 * has an ID identifying the type of content stored.
133 */
134 struct SEC_PKCS12SafeContentsStr
135 {
136 PLArenaPool *poolp;
137 SEC_PKCS12SafeBag **contents;
139 /* used for tracking purposes */
140 int safe_size;
141 PRBool old;
142 PRBool swapUnicode;
143 PRBool possibleSwapUnicode;
144 };
146 /* private key structure which holds encrypted private key and
147 * supporting data including nickname and certificate thumbprint.
148 */
149 struct SEC_PKCS12PrivateKeyStr
150 {
151 PLArenaPool *poolp;
152 SEC_PKCS12PVKSupportingData pvkData;
153 SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
155 PRBool duplicate; /* used locally */
156 PRBool problem_cert;/* used locally */
157 PRBool single_cert; /* used locally */
158 int nCerts; /* used locally */
159 SECItem derCert; /* used locally */
160 };
162 /* private key bag, holds a (null terminated) list of private key
163 * structures.
164 */
165 struct SEC_PKCS12PrivateKeyBagStr
166 {
167 PLArenaPool *poolp;
168 SEC_PKCS12PrivateKey **privateKeys;
170 int bag_size; /* used locally */
171 };
173 /* container to hold certificates. currently supports x509
174 * and sdsi certificates
175 */
176 struct SEC_PKCS12CertAndCRLStr
177 {
178 PLArenaPool *poolp;
179 SECOidData *BagTypeTag; /* used locally */
180 SECItem BagID;
181 union
182 {
183 SEC_PKCS12X509CertCRL *x509;
184 SEC_PKCS12SDSICert *sdsi;
185 } value;
187 SECItem derValue;
188 SECItem nickname; /* used locally */
189 PRBool duplicate; /* used locally */
190 };
192 /* x509 certificate structure. typically holds the der encoding
193 * of the x509 certificate. thumbprint contains a digest of the
194 * certificate
195 */
196 struct SEC_PKCS12X509CertCRLStr
197 {
198 PLArenaPool *poolp;
199 SEC_PKCS7ContentInfo certOrCRL;
200 SGNDigestInfo thumbprint;
202 SECItem *derLeafCert; /* used locally */
203 };
205 /* sdsi certificate structure. typically holds the der encoding
206 * of the sdsi certificate. thumbprint contains a digest of the
207 * certificate
208 */
209 struct SEC_PKCS12SDSICertStr
210 {
211 PLArenaPool *poolp;
212 SECItem value;
213 SGNDigestInfo thumbprint;
214 };
216 /* contains a null terminated list of certs and crls */
217 struct SEC_PKCS12CertAndCRLBagStr
218 {
219 PLArenaPool *poolp;
220 SEC_PKCS12CertAndCRL **certAndCRLs;
222 int bag_size; /* used locally */
223 };
225 /* additional secret information. currently no information
226 * stored in this structure.
227 */
228 struct SEC_PKCS12SecretAdditionalStr
229 {
230 PLArenaPool *poolp;
231 SECOidData *secretTypeTag; /* used locally */
232 SECItem secretAdditionalType;
233 SECItem secretAdditionalContent;
234 };
236 /* secrets container. this will be used to contain currently
237 * unspecified secrets. (it's a secret)
238 */
239 struct SEC_PKCS12SecretStr
240 {
241 PLArenaPool *poolp;
242 SECItem secretName;
243 SECItem value;
244 SEC_PKCS12SecretAdditional secretAdditional;
246 SECItem uniSecretName;
247 };
249 struct SEC_PKCS12SecretItemStr
250 {
251 PLArenaPool *poolp;
252 SEC_PKCS12Secret secret;
253 SEC_PKCS12SafeBag subFolder;
254 };
256 /* a bag of secrets. holds a null terminated list of secrets.
257 */
258 struct SEC_PKCS12SecretBagStr
259 {
260 PLArenaPool *poolp;
261 SEC_PKCS12SecretItem **secrets;
263 int bag_size; /* used locally */
264 };
266 struct SEC_PKCS12MacDataStr
267 {
268 SGNDigestInfo safeMac;
269 SECItem macSalt;
270 };
272 /* outer transfer unit */
273 struct SEC_PKCS12PFXItemStr
274 {
275 PLArenaPool *poolp;
276 SEC_PKCS12MacData macData;
277 SEC_PKCS7ContentInfo authSafe;
279 /* for compatibility with beta */
280 PRBool old;
281 SGNDigestInfo old_safeMac;
282 SECItem old_macSalt;
284 /* compatibility between platforms for unicode swapping */
285 PRBool swapUnicode;
286 };
288 struct SEC_PKCS12BaggageItemStr {
289 PLArenaPool *poolp;
290 SEC_PKCS12ESPVKItem **espvks;
291 SEC_PKCS12SafeBag **unencSecrets;
293 int nEspvks;
294 int nSecrets;
295 };
297 /* stores shrouded keys */
298 struct SEC_PKCS12Baggage_OLDStr
299 {
300 PLArenaPool *poolp;
301 SEC_PKCS12ESPVKItem **espvks;
303 int luggage_size; /* used locally */
304 };
306 /* authenticated safe, stores certs, keys, and shrouded keys */
307 struct SEC_PKCS12AuthenticatedSafeStr
308 {
309 PLArenaPool *poolp;
310 SECItem version;
311 SECOidData *transportTypeTag; /* local not part of encoding*/
312 SECItem transportMode;
313 SECItem privacySalt;
314 SEC_PKCS12Baggage baggage;
315 SEC_PKCS7ContentInfo *safe;
317 /* used for beta compatibility */
318 PRBool old;
319 PRBool emptySafe;
320 SEC_PKCS12Baggage_OLD old_baggage;
321 SEC_PKCS7ContentInfo old_safe;
322 PRBool swapUnicode;
323 };
324 #define SEC_PKCS12_PFX_VERSION 1 /* what we create */
328 /* PKCS 12 Templates */
329 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
330 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
331 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
332 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
333 extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
334 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
335 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
336 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
337 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
338 extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
339 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
340 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
341 extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
342 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
343 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
344 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
345 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
346 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
347 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
348 extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
349 extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
350 extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
351 extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
352 extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
353 extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
354 extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
355 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
356 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
357 extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
358 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
359 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
360 extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
361 extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
362 extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
363 extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
364 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
365 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
366 #endif
