Back to index

lightning-sunbird  0.9+nobinonly
pkcs12t.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 
00037 #ifndef _PKCS12T_H_
00038 #define _PKCS12T_H_
00039 
00040 #include "seccomon.h"
00041 #include "secoid.h"
00042 #include "cert.h"
00043 #include "key.h"
00044 #include "plarena.h"
00045 #include "secpkcs7.h"
00046 #include "secdig.h"  /* for SGNDigestInfo */
00047 
00048 typedef enum {
00049   SECPKCS12TargetTokenNoCAs,              /* CA get loaded intothe fixed token,
00050                                     * User certs go to target token */
00051   SECPKCS12TargetTokenIntermediateCAs,  /* User certs and intermediates go to
00052                                     * target token, root certs got to
00053                                     * fixed token */
00054   SECPKCS12TargetTokenAllCAs              /* All certs go to target token */
00055 } SECPKCS12TargetTokenCAs;
00056 
00057 /* PKCS12 Structures */
00058 typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
00059 typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
00060 typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
00061 typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
00062 typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
00063 typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
00064 typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
00065 typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
00066 typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
00067 typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
00068 typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
00069 typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
00070 typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
00071 typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
00072 typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
00073 typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
00074 typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
00075 typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
00076 typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
00077 typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
00078 typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
00079 
00080 typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
00081 
00082 /* PKCS12 types */
00083 
00084 /* stores shrouded keys */
00085 struct SEC_PKCS12BaggageStr
00086 {
00087     PRArenaPool     *poolp;
00088     SEC_PKCS12BaggageItem **bags;
00089 
00090     int luggage_size;              /* used locally */
00091 };
00092 
00093 /* additional data to be associated with keys.   currently there
00094  * is nothing defined to be stored here.  allows future expansion.
00095  */
00096 struct SEC_PKCS12PVKAdditionalDataStr
00097 {
00098     PRArenaPool      *poolp;
00099     SECOidData       *pvkAdditionalTypeTag;      /* used locally */
00100     SECItem     pvkAdditionalType;
00101     SECItem     pvkAdditionalContent;
00102 };
00103 
00104 /* cert and other supporting data for private keys.  used
00105  * for both shrouded and non-shrouded keys.
00106  */
00107 struct SEC_PKCS12PVKSupportingDataStr
00108 {
00109     PRArenaPool             *poolp;
00110     SGNDigestInfo    **assocCerts;
00111     SECItem          regenerable;
00112     SECItem          nickname;
00113     SEC_PKCS12PVKAdditionalData     pvkAdditional;
00114     SECItem          pvkAdditionalDER;
00115 
00116     SECItem          uniNickName;
00117     /* used locally */
00118     int                     nThumbs;
00119 };
00120 
00121 /* shrouded key structure.  supports only pkcs8 shrouding
00122  * currently.
00123  */
00124 struct SEC_PKCS12ESPVKItemStr
00125 {
00126     PRArenaPool *poolp;            /* used locally */
00127     SECOidData       *espvkTag;    /* used locally */
00128     SECItem   espvkOID;
00129     SEC_PKCS12PVKSupportingData espvkData;
00130     union
00131     {
00132        SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
00133     } espvkCipherText;
00134 
00135     PRBool duplicate;       /* used locally */
00136     PRBool problem_cert;    /* used locally */
00137     PRBool single_cert;            /* used locally */
00138     int nCerts;                    /* used locally */
00139     SECItem derCert;        /* used locally */
00140 };
00141 
00142 /* generic bag store for the safe.  safeBagType identifies
00143  * the type of bag stored.
00144  */
00145 struct SEC_PKCS12SafeBagStr
00146 {
00147     PRArenaPool *poolp;
00148     SECOidData       *safeBagTypeTag;     /* used locally */
00149     SECItem     safeBagType;
00150     union
00151     {
00152        SEC_PKCS12PrivateKeyBag     *keyBag;
00153        SEC_PKCS12CertAndCRLBag *certAndCRLBag;
00154        SEC_PKCS12SecretBag     *secretBag;
00155     } safeContent;
00156 
00157     SECItem   derSafeContent;
00158     SECItem   safeBagName;
00159 
00160     SECItem   uniSafeBagName;
00161 };
00162 
00163 /* stores private keys and certificates in a list.  each safebag
00164  * has an ID identifying the type of content stored.
00165  */
00166 struct SEC_PKCS12SafeContentsStr
00167 {
00168     PRArenaPool      *poolp;
00169     SEC_PKCS12SafeBag       **contents;
00170 
00171     /* used for tracking purposes */
00172     int safe_size;
00173     PRBool old;
00174     PRBool swapUnicode;
00175     PRBool possibleSwapUnicode;
00176 };
00177 
00178 /* private key structure which holds encrypted private key and
00179  * supporting data including nickname and certificate thumbprint.
00180  */
00181 struct SEC_PKCS12PrivateKeyStr
00182 {
00183     PRArenaPool *poolp;
00184     SEC_PKCS12PVKSupportingData pvkData;
00185     SECKEYPrivateKeyInfo    pkcs8data;   /* borrowed from PKCS 8 */
00186 
00187     PRBool duplicate;       /* used locally */
00188     PRBool problem_cert;/* used locally */
00189     PRBool single_cert;     /* used locally */
00190     int nCerts;             /* used locally */
00191     SECItem derCert; /* used locally */
00192 };
00193 
00194 /* private key bag, holds a (null terminated) list of private key
00195  * structures.
00196  */
00197 struct SEC_PKCS12PrivateKeyBagStr
00198 {
00199     PRArenaPool     *poolp;
00200     SEC_PKCS12PrivateKey    **privateKeys;
00201 
00202     int bag_size;    /* used locally */
00203 };
00204 
00205 /* container to hold certificates.  currently supports x509
00206  * and sdsi certificates
00207  */
00208 struct SEC_PKCS12CertAndCRLStr
00209 {
00210     PRArenaPool     *poolp;
00211     SECOidData           *BagTypeTag;    /* used locally */
00212     SECItem         BagID;
00213     union
00214     {
00215        SEC_PKCS12X509CertCRL       *x509;
00216        SEC_PKCS12SDSICert   *sdsi;
00217     } value;
00218 
00219     SECItem derValue;
00220     SECItem nickname;              /* used locally */
00221     PRBool duplicate;              /* used locally */
00222 };
00223 
00224 /* x509 certificate structure.     typically holds the der encoding
00225  * of the x509 certificate.  thumbprint contains a digest of the
00226  * certificate
00227  */
00228 struct SEC_PKCS12X509CertCRLStr
00229 {
00230     PRArenaPool             *poolp;
00231     SEC_PKCS7ContentInfo    certOrCRL;
00232     SGNDigestInfo           thumbprint;
00233 
00234     SECItem *derLeafCert;   /* used locally */
00235 };
00236 
00237 /* sdsi certificate structure.     typically holds the der encoding
00238  * of the sdsi certificate.  thumbprint contains a digest of the
00239  * certificate
00240  */
00241 struct SEC_PKCS12SDSICertStr
00242 {
00243     PRArenaPool     *poolp;
00244     SECItem         value;
00245     SGNDigestInfo   thumbprint;
00246 };
00247 
00248 /* contains a null terminated list of certs and crls */
00249 struct SEC_PKCS12CertAndCRLBagStr
00250 {
00251     PRArenaPool             *poolp;
00252     SEC_PKCS12CertAndCRL    **certAndCRLs;
00253 
00254     int bag_size;    /* used locally */
00255 };
00256 
00257 /* additional secret information.  currently no information
00258  * stored in this structure.
00259  */
00260 struct SEC_PKCS12SecretAdditionalStr
00261 {
00262     PRArenaPool     *poolp;
00263     SECOidData           *secretTypeTag;         /* used locally */
00264     SECItem         secretAdditionalType;
00265     SECItem         secretAdditionalContent;
00266 };
00267 
00268 /* secrets container.  this will be used to contain currently
00269  * unspecified secrets.  (it's a secret)
00270  */
00271 struct SEC_PKCS12SecretStr
00272 {
00273     PRArenaPool     *poolp;
00274     SECItem   secretName;
00275     SECItem   value;
00276     SEC_PKCS12SecretAdditional     secretAdditional;
00277 
00278     SECItem   uniSecretName;
00279 };
00280 
00281 struct SEC_PKCS12SecretItemStr
00282 {
00283     PRArenaPool     *poolp;
00284     SEC_PKCS12Secret secret;
00285     SEC_PKCS12SafeBag       subFolder;
00286 };    
00287 
00288 /* a bag of secrets.  holds a null terminated list of secrets.
00289  */
00290 struct SEC_PKCS12SecretBagStr
00291 {
00292     PRArenaPool      *poolp;
00293     SEC_PKCS12SecretItem    **secrets;
00294 
00295     int bag_size;    /* used locally */
00296 };
00297 
00298 struct SEC_PKCS12MacDataStr
00299 {
00300     SGNDigestInfo    safeMac;
00301     SECItem          macSalt;
00302 };
00303 
00304 /* outer transfer unit */
00305 struct SEC_PKCS12PFXItemStr
00306 {
00307     PRArenaPool             *poolp;
00308     SEC_PKCS12MacData       macData;
00309     SEC_PKCS7ContentInfo    authSafe; 
00310 
00311     /* for compatibility with beta */
00312     PRBool           old;
00313     SGNDigestInfo    old_safeMac;
00314     SECItem          old_macSalt;
00315 
00316     /* compatibility between platforms for unicode swapping */
00317     PRBool           swapUnicode;
00318 };
00319 
00320 struct SEC_PKCS12BaggageItemStr {
00321     PRArenaPool          *poolp;
00322     SEC_PKCS12ESPVKItem     **espvks;
00323     SEC_PKCS12SafeBag       **unencSecrets;
00324 
00325     int nEspvks;
00326     int nSecrets; 
00327 };
00328     
00329 /* stores shrouded keys */
00330 struct SEC_PKCS12Baggage_OLDStr
00331 {
00332     PRArenaPool     *poolp;
00333     SEC_PKCS12ESPVKItem **espvks;
00334 
00335     int luggage_size;              /* used locally */
00336 };
00337 
00338 /* authenticated safe, stores certs, keys, and shrouded keys */
00339 struct SEC_PKCS12AuthenticatedSafeStr
00340 {
00341     PRArenaPool     *poolp;
00342     SECItem         version;
00343     SECOidData           *transportTypeTag;      /* local not part of encoding*/
00344     SECItem         transportMode;
00345     SECItem         privacySalt;
00346     SEC_PKCS12Baggage         baggage;
00347     SEC_PKCS7ContentInfo  *safe;
00348 
00349     /* used for beta compatibility */
00350     PRBool old;
00351     PRBool emptySafe;
00352     SEC_PKCS12Baggage_OLD old_baggage;
00353     SEC_PKCS7ContentInfo old_safe;
00354     PRBool swapUnicode;
00355 };
00356 #define SEC_PKCS12_PFX_VERSION            1             /* what we create */
00357 
00358 
00359 
00360 /* PKCS 12 Templates */
00361 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
00362 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
00363 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
00364 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
00365 extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
00366 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
00367 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
00368 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
00369 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
00370 extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
00371 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
00372 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
00373 extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
00374 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
00375 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
00376 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
00377 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
00378 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
00379 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
00380 extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
00381 extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
00382 extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
00383 extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
00384 extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
00385 extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
00386 extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
00387 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
00388 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
00389 extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
00390 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
00391 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
00392 extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
00393 extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
00394 extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
00395 extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
00396 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
00397 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
00398 #endif