PageRenderTime 396ms CodeModel.GetById 161ms app.highlight 107ms RepoModel.GetById 124ms app.codeStats 1ms

/gecko_api/include/pkcs12t.h

http://firefox-mac-pdf.googlecode.com/
C++ Header | 398 lines | 259 code | 48 blank | 91 comment | 0 complexity | 82d9ebe406d75064835fcbb5b41ae9b5 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *
 23 * Alternatively, the contents of this file may be used under the terms of
 24 * either the GNU General Public License Version 2 or later (the "GPL"), or
 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 26 * in which case the provisions of the GPL or the LGPL are applicable instead
 27 * of those above. If you wish to allow use of your version of this file only
 28 * under the terms of either the GPL or the LGPL, and not to allow others to
 29 * use your version of this file under the terms of the MPL, indicate your
 30 * decision by deleting the provisions above and replace them with the notice
 31 * and other provisions required by the GPL or the LGPL. If you do not delete
 32 * the provisions above, a recipient may use your version of this file under
 33 * the terms of any one of the MPL, the GPL or the LGPL.
 34 *
 35 * ***** END LICENSE BLOCK ***** */
 36
 37#ifndef _PKCS12T_H_
 38#define _PKCS12T_H_
 39
 40#include "seccomon.h"
 41#include "secoid.h"
 42#include "cert.h"
 43#include "key.h"
 44#include "plarena.h"
 45#include "secpkcs7.h"
 46#include "secdig.h"	/* for SGNDigestInfo */
 47
 48typedef enum {
 49  SECPKCS12TargetTokenNoCAs,		/* CA get loaded intothe fixed token,
 50					 * User certs go to target token */
 51  SECPKCS12TargetTokenIntermediateCAs,  /* User certs and intermediates go to
 52					 * target token, root certs got to
 53					 * fixed token */
 54  SECPKCS12TargetTokenAllCAs		/* All certs go to target token */
 55} SECPKCS12TargetTokenCAs;
 56
 57/* PKCS12 Structures */
 58typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
 59typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
 60typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
 61typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
 62typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
 63typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
 64typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
 65typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
 66typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
 67typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
 68typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
 69typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
 70typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
 71typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
 72typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
 73typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
 74typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
 75typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
 76typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
 77typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
 78typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
 79
 80typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
 81
 82/* PKCS12 types */
 83
 84/* stores shrouded keys */
 85struct SEC_PKCS12BaggageStr
 86{
 87    PRArenaPool     *poolp;
 88    SEC_PKCS12BaggageItem **bags;
 89
 90    int luggage_size;		/* used locally */
 91};
 92
 93/* additional data to be associated with keys.	currently there
 94 * is nothing defined to be stored here.  allows future expansion.
 95 */
 96struct SEC_PKCS12PVKAdditionalDataStr
 97{
 98    PRArenaPool	*poolp;
 99    SECOidData	*pvkAdditionalTypeTag;	/* used locally */
100    SECItem     pvkAdditionalType;
101    SECItem     pvkAdditionalContent;
102};
103
104/* cert and other supporting data for private keys.  used
105 * for both shrouded and non-shrouded keys.
106 */
107struct SEC_PKCS12PVKSupportingDataStr
108{
109    PRArenaPool		*poolp;
110    SGNDigestInfo 	**assocCerts;
111    SECItem		regenerable;
112    SECItem         	nickname;
113    SEC_PKCS12PVKAdditionalData     pvkAdditional;
114    SECItem		pvkAdditionalDER;
115
116    SECItem		uniNickName;
117    /* used locally */
118    int			nThumbs;
119};
120
121/* shrouded key structure.  supports only pkcs8 shrouding
122 * currently.
123 */
124struct SEC_PKCS12ESPVKItemStr
125{
126    PRArenaPool *poolp;		/* used locally */
127    SECOidData	*espvkTag;	/* used locally */
128    SECItem	espvkOID;
129    SEC_PKCS12PVKSupportingData espvkData;
130    union
131    {
132	SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
133    } espvkCipherText;
134
135    PRBool duplicate;	/* used locally */
136    PRBool problem_cert; 	/* used locally */
137    PRBool single_cert;		/* used locally */
138    int nCerts;			/* used locally */
139    SECItem derCert;		/* used locally */
140};
141
142/* generic bag store for the safe.  safeBagType identifies
143 * the type of bag stored.
144 */
145struct SEC_PKCS12SafeBagStr
146{
147    PRArenaPool *poolp;
148    SECOidData	*safeBagTypeTag;	/* used locally */
149    SECItem     safeBagType;
150    union
151    {
152	SEC_PKCS12PrivateKeyBag	*keyBag;
153	SEC_PKCS12CertAndCRLBag *certAndCRLBag;
154	SEC_PKCS12SecretBag     *secretBag;
155    } safeContent;
156
157    SECItem	derSafeContent;
158    SECItem 	safeBagName;
159
160    SECItem	uniSafeBagName;
161};
162
163/* stores private keys and certificates in a list.  each safebag
164 * has an ID identifying the type of content stored.
165 */
166struct SEC_PKCS12SafeContentsStr
167{
168    PRArenaPool     	*poolp;
169    SEC_PKCS12SafeBag	**contents;
170
171    /* used for tracking purposes */
172    int safe_size;
173    PRBool old;
174    PRBool swapUnicode;
175    PRBool possibleSwapUnicode;
176};
177
178/* private key structure which holds encrypted private key and
179 * supporting data including nickname and certificate thumbprint.
180 */
181struct SEC_PKCS12PrivateKeyStr
182{
183    PRArenaPool *poolp;
184    SEC_PKCS12PVKSupportingData pvkData;
185    SECKEYPrivateKeyInfo	pkcs8data;   /* borrowed from PKCS 8 */
186
187    PRBool duplicate;	/* used locally */
188    PRBool problem_cert;/* used locally */
189    PRBool single_cert;	/* used locally */
190    int nCerts;		/* used locally */
191    SECItem derCert;	/* used locally */
192};
193
194/* private key bag, holds a (null terminated) list of private key
195 * structures.
196 */
197struct SEC_PKCS12PrivateKeyBagStr
198{
199    PRArenaPool     *poolp;
200    SEC_PKCS12PrivateKey 	**privateKeys;
201
202    int bag_size;	/* used locally */
203};
204
205/* container to hold certificates.  currently supports x509
206 * and sdsi certificates
207 */
208struct SEC_PKCS12CertAndCRLStr
209{
210    PRArenaPool     *poolp;
211    SECOidData	    *BagTypeTag;    /* used locally */
212    SECItem         BagID;
213    union
214    {
215    	SEC_PKCS12X509CertCRL	*x509;
216    	SEC_PKCS12SDSICert	*sdsi;
217    } value;
218
219    SECItem derValue;
220    SECItem nickname;		/* used locally */
221    PRBool duplicate;		/* used locally */
222};
223
224/* x509 certificate structure.	typically holds the der encoding
225 * of the x509 certificate.  thumbprint contains a digest of the
226 * certificate
227 */
228struct SEC_PKCS12X509CertCRLStr
229{
230    PRArenaPool     		*poolp;
231    SEC_PKCS7ContentInfo	certOrCRL;
232    SGNDigestInfo		thumbprint;
233
234    SECItem *derLeafCert;	/* used locally */
235};
236
237/* sdsi certificate structure.	typically holds the der encoding
238 * of the sdsi certificate.  thumbprint contains a digest of the
239 * certificate
240 */
241struct SEC_PKCS12SDSICertStr
242{
243    PRArenaPool     *poolp;
244    SECItem         value;
245    SGNDigestInfo   thumbprint;
246};
247
248/* contains a null terminated list of certs and crls */
249struct SEC_PKCS12CertAndCRLBagStr
250{
251    PRArenaPool     		*poolp;
252    SEC_PKCS12CertAndCRL	**certAndCRLs;
253
254    int bag_size;	/* used locally */
255};
256
257/* additional secret information.  currently no information
258 * stored in this structure.
259 */
260struct SEC_PKCS12SecretAdditionalStr
261{
262    PRArenaPool     *poolp;
263    SECOidData	    *secretTypeTag;         /* used locally */
264    SECItem         secretAdditionalType;
265    SECItem         secretAdditionalContent;
266};
267
268/* secrets container.  this will be used to contain currently
269 * unspecified secrets.  (it's a secret)
270 */
271struct SEC_PKCS12SecretStr
272{
273    PRArenaPool     *poolp;
274    SECItem	secretName;
275    SECItem	value;
276    SEC_PKCS12SecretAdditional	secretAdditional;
277
278    SECItem	uniSecretName;
279};
280
281struct SEC_PKCS12SecretItemStr
282{
283    PRArenaPool     *poolp;
284    SEC_PKCS12Secret	secret;
285    SEC_PKCS12SafeBag	subFolder;
286};    
287
288/* a bag of secrets.  holds a null terminated list of secrets.
289 */
290struct SEC_PKCS12SecretBagStr
291{
292    PRArenaPool     	*poolp;
293    SEC_PKCS12SecretItem	**secrets;
294
295    int bag_size;	/* used locally */
296};
297
298struct SEC_PKCS12MacDataStr
299{
300    SGNDigestInfo	safeMac;
301    SECItem		macSalt;
302};
303
304/* outer transfer unit */
305struct SEC_PKCS12PFXItemStr
306{
307    PRArenaPool		*poolp;
308    SEC_PKCS12MacData	macData;
309    SEC_PKCS7ContentInfo	authSafe; 
310
311    /* for compatibility with beta */
312    PRBool		old;
313    SGNDigestInfo 	old_safeMac;
314    SECItem		old_macSalt;
315
316    /* compatibility between platforms for unicode swapping */
317    PRBool		swapUnicode;
318};
319
320struct SEC_PKCS12BaggageItemStr {
321    PRArenaPool	    *poolp;
322    SEC_PKCS12ESPVKItem	**espvks;
323    SEC_PKCS12SafeBag	**unencSecrets;
324
325    int nEspvks;
326    int nSecrets; 
327};
328    
329/* stores shrouded keys */
330struct SEC_PKCS12Baggage_OLDStr
331{
332    PRArenaPool     *poolp;
333    SEC_PKCS12ESPVKItem **espvks;
334
335    int luggage_size;		/* used locally */
336};
337
338/* authenticated safe, stores certs, keys, and shrouded keys */
339struct SEC_PKCS12AuthenticatedSafeStr
340{
341    PRArenaPool     *poolp;
342    SECItem         version;
343    SECOidData	    *transportTypeTag;	/* local not part of encoding*/
344    SECItem         transportMode;
345    SECItem         privacySalt;
346    SEC_PKCS12Baggage	  baggage;
347    SEC_PKCS7ContentInfo  *safe;
348
349    /* used for beta compatibility */
350    PRBool old;
351    PRBool emptySafe;
352    SEC_PKCS12Baggage_OLD old_baggage;
353    SEC_PKCS7ContentInfo old_safe;
354    PRBool swapUnicode;
355};
356#define SEC_PKCS12_PFX_VERSION		1		/* what we create */
357
358
359
360/* PKCS 12 Templates */
361extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
362extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
363extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
364extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
365extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
366extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
367extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
368extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
369extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
370extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
371extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
372extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
373extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
374extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
375extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
376extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
377extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
378extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
379extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
380extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
381extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
382extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
383extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
384extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
385extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
386extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
387extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
388extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
389extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
390extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
391extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
392extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
393extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
394extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
395extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
396extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
397extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
398#endif