michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef _PKCS12T_H_ michael@0: #define _PKCS12T_H_ michael@0: michael@0: #include "seccomon.h" michael@0: #include "secoid.h" michael@0: #include "cert.h" michael@0: #include "key.h" michael@0: #include "plarena.h" michael@0: #include "secpkcs7.h" michael@0: #include "secdig.h" /* for SGNDigestInfo */ michael@0: michael@0: typedef enum { michael@0: SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token, michael@0: * User certs go to target token */ michael@0: SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to michael@0: * target token, root certs got to michael@0: * fixed token */ michael@0: SECPKCS12TargetTokenAllCAs /* All certs go to target token */ michael@0: } SECPKCS12TargetTokenCAs; michael@0: michael@0: /* PKCS12 Structures */ michael@0: typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem; michael@0: typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData; michael@0: typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe; michael@0: typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem; michael@0: typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage; michael@0: typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD; michael@0: typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem; michael@0: typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData; michael@0: typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData; michael@0: typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents; michael@0: typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag; michael@0: typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey; michael@0: typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag; michael@0: typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag; michael@0: typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL; michael@0: typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL; michael@0: typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert; michael@0: typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret; michael@0: typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional; michael@0: typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem; michael@0: typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag; michael@0: michael@0: typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args); michael@0: michael@0: /* PKCS12 types */ michael@0: michael@0: /* stores shrouded keys */ michael@0: struct SEC_PKCS12BaggageStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12BaggageItem **bags; michael@0: michael@0: int luggage_size; /* used locally */ michael@0: }; michael@0: michael@0: /* additional data to be associated with keys. currently there michael@0: * is nothing defined to be stored here. allows future expansion. michael@0: */ michael@0: struct SEC_PKCS12PVKAdditionalDataStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECOidData *pvkAdditionalTypeTag; /* used locally */ michael@0: SECItem pvkAdditionalType; michael@0: SECItem pvkAdditionalContent; michael@0: }; michael@0: michael@0: /* cert and other supporting data for private keys. used michael@0: * for both shrouded and non-shrouded keys. michael@0: */ michael@0: struct SEC_PKCS12PVKSupportingDataStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SGNDigestInfo **assocCerts; michael@0: SECItem regenerable; michael@0: SECItem nickname; michael@0: SEC_PKCS12PVKAdditionalData pvkAdditional; michael@0: SECItem pvkAdditionalDER; michael@0: michael@0: SECItem uniNickName; michael@0: /* used locally */ michael@0: int nThumbs; michael@0: }; michael@0: michael@0: /* shrouded key structure. supports only pkcs8 shrouding michael@0: * currently. michael@0: */ michael@0: struct SEC_PKCS12ESPVKItemStr michael@0: { michael@0: PLArenaPool *poolp; /* used locally */ michael@0: SECOidData *espvkTag; /* used locally */ michael@0: SECItem espvkOID; michael@0: SEC_PKCS12PVKSupportingData espvkData; michael@0: union michael@0: { michael@0: SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud; michael@0: } espvkCipherText; michael@0: michael@0: PRBool duplicate; /* used locally */ michael@0: PRBool problem_cert; /* used locally */ michael@0: PRBool single_cert; /* used locally */ michael@0: int nCerts; /* used locally */ michael@0: SECItem derCert; /* used locally */ michael@0: }; michael@0: michael@0: /* generic bag store for the safe. safeBagType identifies michael@0: * the type of bag stored. michael@0: */ michael@0: struct SEC_PKCS12SafeBagStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECOidData *safeBagTypeTag; /* used locally */ michael@0: SECItem safeBagType; michael@0: union michael@0: { michael@0: SEC_PKCS12PrivateKeyBag *keyBag; michael@0: SEC_PKCS12CertAndCRLBag *certAndCRLBag; michael@0: SEC_PKCS12SecretBag *secretBag; michael@0: } safeContent; michael@0: michael@0: SECItem derSafeContent; michael@0: SECItem safeBagName; michael@0: michael@0: SECItem uniSafeBagName; michael@0: }; michael@0: michael@0: /* stores private keys and certificates in a list. each safebag michael@0: * has an ID identifying the type of content stored. michael@0: */ michael@0: struct SEC_PKCS12SafeContentsStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12SafeBag **contents; michael@0: michael@0: /* used for tracking purposes */ michael@0: int safe_size; michael@0: PRBool old; michael@0: PRBool swapUnicode; michael@0: PRBool possibleSwapUnicode; michael@0: }; michael@0: michael@0: /* private key structure which holds encrypted private key and michael@0: * supporting data including nickname and certificate thumbprint. michael@0: */ michael@0: struct SEC_PKCS12PrivateKeyStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12PVKSupportingData pvkData; michael@0: SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */ michael@0: michael@0: PRBool duplicate; /* used locally */ michael@0: PRBool problem_cert;/* used locally */ michael@0: PRBool single_cert; /* used locally */ michael@0: int nCerts; /* used locally */ michael@0: SECItem derCert; /* used locally */ michael@0: }; michael@0: michael@0: /* private key bag, holds a (null terminated) list of private key michael@0: * structures. michael@0: */ michael@0: struct SEC_PKCS12PrivateKeyBagStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12PrivateKey **privateKeys; michael@0: michael@0: int bag_size; /* used locally */ michael@0: }; michael@0: michael@0: /* container to hold certificates. currently supports x509 michael@0: * and sdsi certificates michael@0: */ michael@0: struct SEC_PKCS12CertAndCRLStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECOidData *BagTypeTag; /* used locally */ michael@0: SECItem BagID; michael@0: union michael@0: { michael@0: SEC_PKCS12X509CertCRL *x509; michael@0: SEC_PKCS12SDSICert *sdsi; michael@0: } value; michael@0: michael@0: SECItem derValue; michael@0: SECItem nickname; /* used locally */ michael@0: PRBool duplicate; /* used locally */ michael@0: }; michael@0: michael@0: /* x509 certificate structure. typically holds the der encoding michael@0: * of the x509 certificate. thumbprint contains a digest of the michael@0: * certificate michael@0: */ michael@0: struct SEC_PKCS12X509CertCRLStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS7ContentInfo certOrCRL; michael@0: SGNDigestInfo thumbprint; michael@0: michael@0: SECItem *derLeafCert; /* used locally */ michael@0: }; michael@0: michael@0: /* sdsi certificate structure. typically holds the der encoding michael@0: * of the sdsi certificate. thumbprint contains a digest of the michael@0: * certificate michael@0: */ michael@0: struct SEC_PKCS12SDSICertStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECItem value; michael@0: SGNDigestInfo thumbprint; michael@0: }; michael@0: michael@0: /* contains a null terminated list of certs and crls */ michael@0: struct SEC_PKCS12CertAndCRLBagStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12CertAndCRL **certAndCRLs; michael@0: michael@0: int bag_size; /* used locally */ michael@0: }; michael@0: michael@0: /* additional secret information. currently no information michael@0: * stored in this structure. michael@0: */ michael@0: struct SEC_PKCS12SecretAdditionalStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECOidData *secretTypeTag; /* used locally */ michael@0: SECItem secretAdditionalType; michael@0: SECItem secretAdditionalContent; michael@0: }; michael@0: michael@0: /* secrets container. this will be used to contain currently michael@0: * unspecified secrets. (it's a secret) michael@0: */ michael@0: struct SEC_PKCS12SecretStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECItem secretName; michael@0: SECItem value; michael@0: SEC_PKCS12SecretAdditional secretAdditional; michael@0: michael@0: SECItem uniSecretName; michael@0: }; michael@0: michael@0: struct SEC_PKCS12SecretItemStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12Secret secret; michael@0: SEC_PKCS12SafeBag subFolder; michael@0: }; michael@0: michael@0: /* a bag of secrets. holds a null terminated list of secrets. michael@0: */ michael@0: struct SEC_PKCS12SecretBagStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12SecretItem **secrets; michael@0: michael@0: int bag_size; /* used locally */ michael@0: }; michael@0: michael@0: struct SEC_PKCS12MacDataStr michael@0: { michael@0: SGNDigestInfo safeMac; michael@0: SECItem macSalt; michael@0: }; michael@0: michael@0: /* outer transfer unit */ michael@0: struct SEC_PKCS12PFXItemStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12MacData macData; michael@0: SEC_PKCS7ContentInfo authSafe; michael@0: michael@0: /* for compatibility with beta */ michael@0: PRBool old; michael@0: SGNDigestInfo old_safeMac; michael@0: SECItem old_macSalt; michael@0: michael@0: /* compatibility between platforms for unicode swapping */ michael@0: PRBool swapUnicode; michael@0: }; michael@0: michael@0: struct SEC_PKCS12BaggageItemStr { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12ESPVKItem **espvks; michael@0: SEC_PKCS12SafeBag **unencSecrets; michael@0: michael@0: int nEspvks; michael@0: int nSecrets; michael@0: }; michael@0: michael@0: /* stores shrouded keys */ michael@0: struct SEC_PKCS12Baggage_OLDStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SEC_PKCS12ESPVKItem **espvks; michael@0: michael@0: int luggage_size; /* used locally */ michael@0: }; michael@0: michael@0: /* authenticated safe, stores certs, keys, and shrouded keys */ michael@0: struct SEC_PKCS12AuthenticatedSafeStr michael@0: { michael@0: PLArenaPool *poolp; michael@0: SECItem version; michael@0: SECOidData *transportTypeTag; /* local not part of encoding*/ michael@0: SECItem transportMode; michael@0: SECItem privacySalt; michael@0: SEC_PKCS12Baggage baggage; michael@0: SEC_PKCS7ContentInfo *safe; michael@0: michael@0: /* used for beta compatibility */ michael@0: PRBool old; michael@0: PRBool emptySafe; michael@0: SEC_PKCS12Baggage_OLD old_baggage; michael@0: SEC_PKCS7ContentInfo old_safe; michael@0: PRBool swapUnicode; michael@0: }; michael@0: #define SEC_PKCS12_PFX_VERSION 1 /* what we create */ michael@0: michael@0: michael@0: michael@0: /* PKCS 12 Templates */ michael@0: extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[]; michael@0: extern const SEC_ASN1Template SGN_DigestInfoTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[]; michael@0: extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[]; michael@0: #endif