| OLD | NEW |
|---|
| (Empty) | |
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 4 |
| 5 #ifndef _PKCS12T_H_ |
| 6 #define _PKCS12T_H_ |
| 7 |
| 8 #include "seccomon.h" |
| 9 #include "secoid.h" |
| 10 #include "cert.h" |
| 11 #include "key.h" |
| 12 #include "plarena.h" |
| 13 #include "secpkcs7.h" |
| 14 #include "secdig.h" /* for SGNDigestInfo */ |
| 15 |
| 16 typedef enum { |
| 17 SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token, |
| 18 * User certs go to target token */ |
| 19 SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to |
| 20 * target token, root certs got to |
| 21 * fixed token */ |
| 22 SECPKCS12TargetTokenAllCAs /* All certs go to target token */ |
| 23 } SECPKCS12TargetTokenCAs; |
| 24 |
| 25 /* PKCS12 Structures */ |
| 26 typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem; |
| 27 typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData; |
| 28 typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe; |
| 29 typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem; |
| 30 typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage; |
| 31 typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD; |
| 32 typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem; |
| 33 typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData; |
| 34 typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData; |
| 35 typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents; |
| 36 typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag; |
| 37 typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey; |
| 38 typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag; |
| 39 typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag; |
| 40 typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL; |
| 41 typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL; |
| 42 typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert; |
| 43 typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret; |
| 44 typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional; |
| 45 typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem; |
| 46 typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag; |
| 47 |
| 48 typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args); |
| 49 |
| 50 /* PKCS12 types */ |
| 51 |
| 52 /* stores shrouded keys */ |
| 53 struct SEC_PKCS12BaggageStr |
| 54 { |
| 55 PLArenaPool *poolp; |
| 56 SEC_PKCS12BaggageItem **bags; |
| 57 |
| 58 int luggage_size; /* used locally */ |
| 59 }; |
| 60 |
| 61 /* additional data to be associated with keys. currently there |
| 62 * is nothing defined to be stored here. allows future expansion. |
| 63 */ |
| 64 struct SEC_PKCS12PVKAdditionalDataStr |
| 65 { |
| 66 PLArenaPool *poolp; |
| 67 SECOidData *pvkAdditionalTypeTag; /* used locally */ |
| 68 SECItem pvkAdditionalType; |
| 69 SECItem pvkAdditionalContent; |
| 70 }; |
| 71 |
| 72 /* cert and other supporting data for private keys. used |
| 73 * for both shrouded and non-shrouded keys. |
| 74 */ |
| 75 struct SEC_PKCS12PVKSupportingDataStr |
| 76 { |
| 77 PLArenaPool *poolp; |
| 78 SGNDigestInfo **assocCerts; |
| 79 SECItem regenerable; |
| 80 SECItem nickname; |
| 81 SEC_PKCS12PVKAdditionalData pvkAdditional; |
| 82 SECItem pvkAdditionalDER; |
| 83 |
| 84 SECItem uniNickName; |
| 85 /* used locally */ |
| 86 int nThumbs; |
| 87 }; |
| 88 |
| 89 /* shrouded key structure. supports only pkcs8 shrouding |
| 90 * currently. |
| 91 */ |
| 92 struct SEC_PKCS12ESPVKItemStr |
| 93 { |
| 94 PLArenaPool *poolp; /* used locally */ |
| 95 SECOidData *espvkTag; /* used locally */ |
| 96 SECItem espvkOID; |
| 97 SEC_PKCS12PVKSupportingData espvkData; |
| 98 union |
| 99 { |
| 100 SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud; |
| 101 } espvkCipherText; |
| 102 |
| 103 PRBool duplicate; /* used locally */ |
| 104 PRBool problem_cert; /* used locally */ |
| 105 PRBool single_cert; /* used locally */ |
| 106 int nCerts; /* used locally */ |
| 107 SECItem derCert; /* used locally */ |
| 108 }; |
| 109 |
| 110 /* generic bag store for the safe. safeBagType identifies |
| 111 * the type of bag stored. |
| 112 */ |
| 113 struct SEC_PKCS12SafeBagStr |
| 114 { |
| 115 PLArenaPool *poolp; |
| 116 SECOidData *safeBagTypeTag; /* used locally */ |
| 117 SECItem safeBagType; |
| 118 union |
| 119 { |
| 120 SEC_PKCS12PrivateKeyBag *keyBag; |
| 121 SEC_PKCS12CertAndCRLBag *certAndCRLBag; |
| 122 SEC_PKCS12SecretBag *secretBag; |
| 123 } safeContent; |
| 124 |
| 125 SECItem derSafeContent; |
| 126 SECItem safeBagName; |
| 127 |
| 128 SECItem uniSafeBagName; |
| 129 }; |
| 130 |
| 131 /* stores private keys and certificates in a list. each safebag |
| 132 * has an ID identifying the type of content stored. |
| 133 */ |
| 134 struct SEC_PKCS12SafeContentsStr |
| 135 { |
| 136 PLArenaPool *poolp; |
| 137 SEC_PKCS12SafeBag **contents; |
| 138 |
| 139 /* used for tracking purposes */ |
| 140 int safe_size; |
| 141 PRBool old; |
| 142 PRBool swapUnicode; |
| 143 PRBool possibleSwapUnicode; |
| 144 }; |
| 145 |
| 146 /* private key structure which holds encrypted private key and |
| 147 * supporting data including nickname and certificate thumbprint. |
| 148 */ |
| 149 struct SEC_PKCS12PrivateKeyStr |
| 150 { |
| 151 PLArenaPool *poolp; |
| 152 SEC_PKCS12PVKSupportingData pvkData; |
| 153 SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */ |
| 154 |
| 155 PRBool duplicate; /* used locally */ |
| 156 PRBool problem_cert;/* used locally */ |
| 157 PRBool single_cert; /* used locally */ |
| 158 int nCerts; /* used locally */ |
| 159 SECItem derCert; /* used locally */ |
| 160 }; |
| 161 |
| 162 /* private key bag, holds a (null terminated) list of private key |
| 163 * structures. |
| 164 */ |
| 165 struct SEC_PKCS12PrivateKeyBagStr |
| 166 { |
| 167 PLArenaPool *poolp; |
| 168 SEC_PKCS12PrivateKey **privateKeys; |
| 169 |
| 170 int bag_size; /* used locally */ |
| 171 }; |
| 172 |
| 173 /* container to hold certificates. currently supports x509 |
| 174 * and sdsi certificates |
| 175 */ |
| 176 struct SEC_PKCS12CertAndCRLStr |
| 177 { |
| 178 PLArenaPool *poolp; |
| 179 SECOidData *BagTypeTag; /* used locally */ |
| 180 SECItem BagID; |
| 181 union |
| 182 { |
| 183 SEC_PKCS12X509CertCRL *x509; |
| 184 SEC_PKCS12SDSICert *sdsi; |
| 185 } value; |
| 186 |
| 187 SECItem derValue; |
| 188 SECItem nickname; /* used locally */ |
| 189 PRBool duplicate; /* used locally */ |
| 190 }; |
| 191 |
| 192 /* x509 certificate structure. typically holds the der encoding |
| 193 * of the x509 certificate. thumbprint contains a digest of the |
| 194 * certificate |
| 195 */ |
| 196 struct SEC_PKCS12X509CertCRLStr |
| 197 { |
| 198 PLArenaPool *poolp; |
| 199 SEC_PKCS7ContentInfo certOrCRL; |
| 200 SGNDigestInfo thumbprint; |
| 201 |
| 202 SECItem *derLeafCert; /* used locally */ |
| 203 }; |
| 204 |
| 205 /* sdsi certificate structure. typically holds the der encoding |
| 206 * of the sdsi certificate. thumbprint contains a digest of the |
| 207 * certificate |
| 208 */ |
| 209 struct SEC_PKCS12SDSICertStr |
| 210 { |
| 211 PLArenaPool *poolp; |
| 212 SECItem value; |
| 213 SGNDigestInfo thumbprint; |
| 214 }; |
| 215 |
| 216 /* contains a null terminated list of certs and crls */ |
| 217 struct SEC_PKCS12CertAndCRLBagStr |
| 218 { |
| 219 PLArenaPool *poolp; |
| 220 SEC_PKCS12CertAndCRL **certAndCRLs; |
| 221 |
| 222 int bag_size; /* used locally */ |
| 223 }; |
| 224 |
| 225 /* additional secret information. currently no information |
| 226 * stored in this structure. |
| 227 */ |
| 228 struct SEC_PKCS12SecretAdditionalStr |
| 229 { |
| 230 PLArenaPool *poolp; |
| 231 SECOidData *secretTypeTag; /* used locally */ |
| 232 SECItem secretAdditionalType; |
| 233 SECItem secretAdditionalContent; |
| 234 }; |
| 235 |
| 236 /* secrets container. this will be used to contain currently |
| 237 * unspecified secrets. (it's a secret) |
| 238 */ |
| 239 struct SEC_PKCS12SecretStr |
| 240 { |
| 241 PLArenaPool *poolp; |
| 242 SECItem secretName; |
| 243 SECItem value; |
| 244 SEC_PKCS12SecretAdditional secretAdditional; |
| 245 |
| 246 SECItem uniSecretName; |
| 247 }; |
| 248 |
| 249 struct SEC_PKCS12SecretItemStr |
| 250 { |
| 251 PLArenaPool *poolp; |
| 252 SEC_PKCS12Secret secret; |
| 253 SEC_PKCS12SafeBag subFolder; |
| 254 }; |
| 255 |
| 256 /* a bag of secrets. holds a null terminated list of secrets. |
| 257 */ |
| 258 struct SEC_PKCS12SecretBagStr |
| 259 { |
| 260 PLArenaPool *poolp; |
| 261 SEC_PKCS12SecretItem **secrets; |
| 262 |
| 263 int bag_size; /* used locally */ |
| 264 }; |
| 265 |
| 266 struct SEC_PKCS12MacDataStr |
| 267 { |
| 268 SGNDigestInfo safeMac; |
| 269 SECItem macSalt; |
| 270 }; |
| 271 |
| 272 /* outer transfer unit */ |
| 273 struct SEC_PKCS12PFXItemStr |
| 274 { |
| 275 PLArenaPool *poolp; |
| 276 SEC_PKCS12MacData macData; |
| 277 SEC_PKCS7ContentInfo authSafe; |
| 278 |
| 279 /* for compatibility with beta */ |
| 280 PRBool old; |
| 281 SGNDigestInfo old_safeMac; |
| 282 SECItem old_macSalt; |
| 283 |
| 284 /* compatibility between platforms for unicode swapping */ |
| 285 PRBool swapUnicode; |
| 286 }; |
| 287 |
| 288 struct SEC_PKCS12BaggageItemStr { |
| 289 PLArenaPool *poolp; |
| 290 SEC_PKCS12ESPVKItem **espvks; |
| 291 SEC_PKCS12SafeBag **unencSecrets; |
| 292 |
| 293 int nEspvks; |
| 294 int nSecrets; |
| 295 }; |
| 296 |
| 297 /* stores shrouded keys */ |
| 298 struct SEC_PKCS12Baggage_OLDStr |
| 299 { |
| 300 PLArenaPool *poolp; |
| 301 SEC_PKCS12ESPVKItem **espvks; |
| 302 |
| 303 int luggage_size; /* used locally */ |
| 304 }; |
| 305 |
| 306 /* authenticated safe, stores certs, keys, and shrouded keys */ |
| 307 struct SEC_PKCS12AuthenticatedSafeStr |
| 308 { |
| 309 PLArenaPool *poolp; |
| 310 SECItem version; |
| 311 SECOidData *transportTypeTag; /* local not part of encoding*/ |
| 312 SECItem transportMode; |
| 313 SECItem privacySalt; |
| 314 SEC_PKCS12Baggage baggage; |
| 315 SEC_PKCS7ContentInfo *safe; |
| 316 |
| 317 /* used for beta compatibility */ |
| 318 PRBool old; |
| 319 PRBool emptySafe; |
| 320 SEC_PKCS12Baggage_OLD old_baggage; |
| 321 SEC_PKCS7ContentInfo old_safe; |
| 322 PRBool swapUnicode; |
| 323 }; |
| 324 #define SEC_PKCS12_PFX_VERSION 1 /* what we create */ |
| 325 |
| 326 |
| 327 |
| 328 /* PKCS 12 Templates */ |
| 329 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[]; |
| 330 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[]; |
| 331 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[]; |
| 332 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[]; |
| 333 extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[]; |
| 334 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[]; |
| 335 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[]; |
| 336 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[]; |
| 337 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[]; |
| 338 extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[]; |
| 339 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[]; |
| 340 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[]; |
| 341 extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[]; |
| 342 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[]; |
| 343 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[]; |
| 344 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[]; |
| 345 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[]; |
| 346 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[]; |
| 347 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[]; |
| 348 extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[]; |
| 349 extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[]; |
| 350 extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[]; |
| 351 extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[]; |
| 352 extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[]; |
| 353 extern const SEC_ASN1Template SGN_DigestInfoTemplate[]; |
| 354 extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[]; |
| 355 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[]; |
| 356 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[]; |
| 357 extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[]; |
| 358 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[]; |
| 359 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[]; |
| 360 extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[]; |
| 361 extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[]; |
| 362 extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[]; |
| 363 extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[]; |
| 364 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[]; |
| 365 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[]; |
| 366 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 22732005:
Add the nss/lib/pkcs12 directory from NSS (Mozilla's Network Security Services) to third_party. Th… (Closed)
Base URL: http://dart.googlecode.com/svn/third_party/