/gecko_api/include/pkcs12t.h

/* ***** BEGIN LICENSE BLOCK *****
 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
 *
 * The contents of this file are subject to the Mozilla Public License Version
 * 1.1 (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 * http://www.mozilla.org/MPL/
 *
 * Software distributed under the License is distributed on an "AS IS" basis,
 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 * for the specific language governing rights and limitations under the
 * License.
 *
 * The Original Code is the Netscape security libraries.
 *
 * The Initial Developer of the Original Code is
 * Netscape Communications Corporation.
 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 * the Initial Developer. All Rights Reserved.
 *
 * Contributor(s):
 *
 * Alternatively, the contents of this file may be used under the terms of
 * either the GNU General Public License Version 2 or later (the "GPL"), or
 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 * in which case the provisions of the GPL or the LGPL are applicable instead
 * of those above. If you wish to allow use of your version of this file only
 * under the terms of either the GPL or the LGPL, and not to allow others to
 * use your version of this file under the terms of the MPL, indicate your
 * decision by deleting the provisions above and replace them with the notice
 * and other provisions required by the GPL or the LGPL. If you do not delete
 * the provisions above, a recipient may use your version of this file under
 * the terms of any one of the MPL, the GPL or the LGPL.
 *
 * ***** END LICENSE BLOCK ***** */

#ifndef _PKCS12T_H_
#define _PKCS12T_H_

#include "seccomon.h"
#include "secoid.h"
#include "cert.h"
#include "key.h"
#include "plarena.h"
#include "secpkcs7.h"
#include "secdig.h"	/* for SGNDigestInfo */

typedef enum {
  SECPKCS12TargetTokenNoCAs,		/* CA get loaded intothe fixed token,
					 * User certs go to target token */
  SECPKCS12TargetTokenIntermediateCAs,  /* User certs and intermediates go to
					 * target token, root certs got to
					 * fixed token */
  SECPKCS12TargetTokenAllCAs		/* All certs go to target token */
} SECPKCS12TargetTokenCAs;

/* PKCS12 Structures */
typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;

typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);

/* PKCS12 types */

/* stores shrouded keys */
struct SEC_PKCS12BaggageStr
{
    PRArenaPool     *poolp;
    SEC_PKCS12BaggageItem **bags;

    int luggage_size;		/* used locally */
};

/* additional data to be associated with keys.	currently there
 * is nothing defined to be stored here.  allows future expansion.
 */
struct SEC_PKCS12PVKAdditionalDataStr
{
    PRArenaPool	*poolp;
    SECOidData	*pvkAdditionalTypeTag;	/* used locally */
    SECItem     pvkAdditionalType;
    SECItem     pvkAdditionalContent;
};

/* cert and other supporting data for private keys.  used
 * for both shrouded and non-shrouded keys.
 */
struct SEC_PKCS12PVKSupportingDataStr
{
    PRArenaPool		*poolp;
    SGNDigestInfo 	**assocCerts;
    SECItem		regenerable;
    SECItem         	nickname;
    SEC_PKCS12PVKAdditionalData     pvkAdditional;
    SECItem		pvkAdditionalDER;

    SECItem		uniNickName;
    /* used locally */
    int			nThumbs;
};

/* shrouded key structure.  supports only pkcs8 shrouding
 * currently.
 */
struct SEC_PKCS12ESPVKItemStr
{
    PRArenaPool *poolp;		/* used locally */
    SECOidData	*espvkTag;	/* used locally */
    SECItem	espvkOID;
    SEC_PKCS12PVKSupportingData espvkData;
    union
    {
	SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
    } espvkCipherText;

    PRBool duplicate;	/* used locally */
    PRBool problem_cert; 	/* used locally */
    PRBool single_cert;		/* used locally */
    int nCerts;			/* used locally */
    SECItem derCert;		/* used locally */
};

/* generic bag store for the safe.  safeBagType identifies
 * the type of bag stored.
 */
struct SEC_PKCS12SafeBagStr
{
    PRArenaPool *poolp;
    SECOidData	*safeBagTypeTag;	/* used locally */
    SECItem     safeBagType;
    union
    {
	SEC_PKCS12PrivateKeyBag	*keyBag;
	SEC_PKCS12CertAndCRLBag *certAndCRLBag;
	SEC_PKCS12SecretBag     *secretBag;
    } safeContent;

    SECItem	derSafeContent;
    SECItem 	safeBagName;

    SECItem	uniSafeBagName;
};

/* stores private keys and certificates in a list.  each safebag
 * has an ID identifying the type of content stored.
 */
struct SEC_PKCS12SafeContentsStr
{
    PRArenaPool     	*poolp;
    SEC_PKCS12SafeBag	**contents;

    /* used for tracking purposes */
    int safe_size;
    PRBool old;
    PRBool swapUnicode;
    PRBool possibleSwapUnicode;
};

/* private key structure which holds encrypted private key and
 * supporting data including nickname and certificate thumbprint.
 */
struct SEC_PKCS12PrivateKeyStr
{
    PRArenaPool *poolp;
    SEC_PKCS12PVKSupportingData pvkData;
    SECKEYPrivateKeyInfo	pkcs8data;   /* borrowed from PKCS 8 */

    PRBool duplicate;	/* used locally */
    PRBool problem_cert;/* used locally */
    PRBool single_cert;	/* used locally */
    int nCerts;		/* used locally */
    SECItem derCert;	/* used locally */
};

/* private key bag, holds a (null terminated) list of private key
 * structures.
 */
struct SEC_PKCS12PrivateKeyBagStr
{
    PRArenaPool     *poolp;
    SEC_PKCS12PrivateKey 	**privateKeys;

    int bag_size;	/* used locally */
};

/* container to hold certificates.  currently supports x509
 * and sdsi certificates
 */
struct SEC_PKCS12CertAndCRLStr
{
    PRArenaPool     *poolp;
    SECOidData	    *BagTypeTag;    /* used locally */
    SECItem         BagID;
    union
    {
    	SEC_PKCS12X509CertCRL	*x509;
    	SEC_PKCS12SDSICert	*sdsi;
    } value;

    SECItem derValue;
    SECItem nickname;		/* used locally */
    PRBool duplicate;		/* used locally */
};

/* x509 certificate structure.	typically holds the der encoding
 * of the x509 certificate.  thumbprint contains a digest of the
 * certificate
 */
struct SEC_PKCS12X509CertCRLStr
{
    PRArenaPool     		*poolp;
    SEC_PKCS7ContentInfo	certOrCRL;
    SGNDigestInfo		thumbprint;

    SECItem *derLeafCert;	/* used locally */
};

/* sdsi certificate structure.	typically holds the der encoding
 * of the sdsi certificate.  thumbprint contains a digest of the
 * certificate
 */
struct SEC_PKCS12SDSICertStr
{
    PRArenaPool     *poolp;
    SECItem         value;
    SGNDigestInfo   thumbprint;
};

/* contains a null terminated list of certs and crls */
struct SEC_PKCS12CertAndCRLBagStr
{
    PRArenaPool     		*poolp;
    SEC_PKCS12CertAndCRL	**certAndCRLs;

    int bag_size;	/* used locally */
};

/* additional secret information.  currently no information
 * stored in this structure.
 */
struct SEC_PKCS12SecretAdditionalStr
{
    PRArenaPool     *poolp;
    SECOidData	    *secretTypeTag;         /* used locally */
    SECItem         secretAdditionalType;
    SECItem         secretAdditionalContent;
};

/* secrets container.  this will be used to contain currently
 * unspecified secrets.  (it's a secret)
 */
struct SEC_PKCS12SecretStr
{
    PRArenaPool     *poolp;
    SECItem	secretName;
    SECItem	value;
    SEC_PKCS12SecretAdditional	secretAdditional;

    SECItem	uniSecretName;
};

struct SEC_PKCS12SecretItemStr
{
    PRArenaPool     *poolp;
    SEC_PKCS12Secret	secret;
    SEC_PKCS12SafeBag	subFolder;
};    

/* a bag of secrets.  holds a null terminated list of secrets.
 */
struct SEC_PKCS12SecretBagStr
{
    PRArenaPool     	*poolp;
    SEC_PKCS12SecretItem	**secrets;

    int bag_size;	/* used locally */
};

struct SEC_PKCS12MacDataStr
{
    SGNDigestInfo	safeMac;
    SECItem		macSalt;
};

/* outer transfer unit */
struct SEC_PKCS12PFXItemStr
{
    PRArenaPool		*poolp;
    SEC_PKCS12MacData	macData;
    SEC_PKCS7ContentInfo	authSafe; 

    /* for compatibility with beta */
    PRBool		old;
    SGNDigestInfo 	old_safeMac;
    SECItem		old_macSalt;

    /* compatibility between platforms for unicode swapping */
    PRBool		swapUnicode;
};

struct SEC_PKCS12BaggageItemStr {
    PRArenaPool	    *poolp;
    SEC_PKCS12ESPVKItem	**espvks;
    SEC_PKCS12SafeBag	**unencSecrets;

    int nEspvks;
    int nSecrets; 
};
    
/* stores shrouded keys */
struct SEC_PKCS12Baggage_OLDStr
{
    PRArenaPool     *poolp;
    SEC_PKCS12ESPVKItem **espvks;

    int luggage_size;		/* used locally */
};

/* authenticated safe, stores certs, keys, and shrouded keys */
struct SEC_PKCS12AuthenticatedSafeStr
{
    PRArenaPool     *poolp;
    SECItem         version;
    SECOidData	    *transportTypeTag;	/* local not part of encoding*/
    SECItem         transportMode;
    SECItem         privacySalt;
    SEC_PKCS12Baggage	  baggage;
    SEC_PKCS7ContentInfo  *safe;

    /* used for beta compatibility */
    PRBool old;
    PRBool emptySafe;
    SEC_PKCS12Baggage_OLD old_baggage;
    SEC_PKCS7ContentInfo old_safe;
    PRBool swapUnicode;
};
#define SEC_PKCS12_PFX_VERSION		1		/* what we create */



/* PKCS 12 Templates */
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
#endif