1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
46
#include "secdig.h" /* for SGNDigestInfo */
49
SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token,
50
* User certs go to target token */
51
SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
52
* target token, root certs got to
54
SECPKCS12TargetTokenAllCAs /* All certs go to target token */
55
} SECPKCS12TargetTokenCAs;
57
/* PKCS12 Structures */
58
typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
59
typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
60
typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
61
typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
62
typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
63
typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
64
typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
65
typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
66
typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
67
typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
68
typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
69
typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
70
typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
71
typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
72
typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
73
typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
74
typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
75
typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
76
typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
77
typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
78
typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
80
typedef SECItem *(* SEC_PKCS12PasswordFunc)(SECItem *args);
84
/* stores shrouded keys */
85
struct SEC_PKCS12BaggageStr
88
SEC_PKCS12BaggageItem **bags;
90
int luggage_size; /* used locally */
93
/* additional data to be associated with keys. currently there
94
* is nothing defined to be stored here. allows future expansion.
96
struct SEC_PKCS12PVKAdditionalDataStr
99
SECOidData *pvkAdditionalTypeTag; /* used locally */
100
SECItem pvkAdditionalType;
101
SECItem pvkAdditionalContent;
104
/* cert and other supporting data for private keys. used
105
* for both shrouded and non-shrouded keys.
107
struct SEC_PKCS12PVKSupportingDataStr
110
SGNDigestInfo **assocCerts;
113
SEC_PKCS12PVKAdditionalData pvkAdditional;
114
SECItem pvkAdditionalDER;
121
/* shrouded key structure. supports only pkcs8 shrouding
124
struct SEC_PKCS12ESPVKItemStr
126
PRArenaPool *poolp; /* used locally */
127
SECOidData *espvkTag; /* used locally */
129
SEC_PKCS12PVKSupportingData espvkData;
132
SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
135
PRBool duplicate; /* used locally */
136
PRBool problem_cert; /* used locally */
137
PRBool single_cert; /* used locally */
138
int nCerts; /* used locally */
139
SECItem derCert; /* used locally */
142
/* generic bag store for the safe. safeBagType identifies
143
* the type of bag stored.
145
struct SEC_PKCS12SafeBagStr
148
SECOidData *safeBagTypeTag; /* used locally */
152
SEC_PKCS12PrivateKeyBag *keyBag;
153
SEC_PKCS12CertAndCRLBag *certAndCRLBag;
154
SEC_PKCS12SecretBag *secretBag;
157
SECItem derSafeContent;
160
SECItem uniSafeBagName;
163
/* stores private keys and certificates in a list. each safebag
164
* has an ID identifying the type of content stored.
166
struct SEC_PKCS12SafeContentsStr
169
SEC_PKCS12SafeBag **contents;
171
/* used for tracking purposes */
175
PRBool possibleSwapUnicode;
178
/* private key structure which holds encrypted private key and
179
* supporting data including nickname and certificate thumbprint.
181
struct SEC_PKCS12PrivateKeyStr
184
SEC_PKCS12PVKSupportingData pvkData;
185
SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
187
PRBool duplicate; /* used locally */
188
PRBool problem_cert;/* used locally */
189
PRBool single_cert; /* used locally */
190
int nCerts; /* used locally */
191
SECItem derCert; /* used locally */
194
/* private key bag, holds a (null terminated) list of private key
197
struct SEC_PKCS12PrivateKeyBagStr
200
SEC_PKCS12PrivateKey **privateKeys;
202
int bag_size; /* used locally */
205
/* container to hold certificates. currently supports x509
206
* and sdsi certificates
208
struct SEC_PKCS12CertAndCRLStr
211
SECOidData *BagTypeTag; /* used locally */
215
SEC_PKCS12X509CertCRL *x509;
216
SEC_PKCS12SDSICert *sdsi;
220
SECItem nickname; /* used locally */
221
PRBool duplicate; /* used locally */
224
/* x509 certificate structure. typically holds the der encoding
225
* of the x509 certificate. thumbprint contains a digest of the
228
struct SEC_PKCS12X509CertCRLStr
231
SEC_PKCS7ContentInfo certOrCRL;
232
SGNDigestInfo thumbprint;
234
SECItem *derLeafCert; /* used locally */
237
/* sdsi certificate structure. typically holds the der encoding
238
* of the sdsi certificate. thumbprint contains a digest of the
241
struct SEC_PKCS12SDSICertStr
245
SGNDigestInfo thumbprint;
248
/* contains a null terminated list of certs and crls */
249
struct SEC_PKCS12CertAndCRLBagStr
252
SEC_PKCS12CertAndCRL **certAndCRLs;
254
int bag_size; /* used locally */
257
/* additional secret information. currently no information
258
* stored in this structure.
260
struct SEC_PKCS12SecretAdditionalStr
263
SECOidData *secretTypeTag; /* used locally */
264
SECItem secretAdditionalType;
265
SECItem secretAdditionalContent;
268
/* secrets container. this will be used to contain currently
269
* unspecified secrets. (it's a secret)
271
struct SEC_PKCS12SecretStr
276
SEC_PKCS12SecretAdditional secretAdditional;
278
SECItem uniSecretName;
281
struct SEC_PKCS12SecretItemStr
284
SEC_PKCS12Secret secret;
285
SEC_PKCS12SafeBag subFolder;
288
/* a bag of secrets. holds a null terminated list of secrets.
290
struct SEC_PKCS12SecretBagStr
293
SEC_PKCS12SecretItem **secrets;
295
int bag_size; /* used locally */
298
struct SEC_PKCS12MacDataStr
300
SGNDigestInfo safeMac;
304
/* outer transfer unit */
305
struct SEC_PKCS12PFXItemStr
308
SEC_PKCS12MacData macData;
309
SEC_PKCS7ContentInfo authSafe;
311
/* for compatibility with beta */
313
SGNDigestInfo old_safeMac;
316
/* compatibility between platforms for unicode swapping */
320
struct SEC_PKCS12BaggageItemStr {
322
SEC_PKCS12ESPVKItem **espvks;
323
SEC_PKCS12SafeBag **unencSecrets;
329
/* stores shrouded keys */
330
struct SEC_PKCS12Baggage_OLDStr
333
SEC_PKCS12ESPVKItem **espvks;
335
int luggage_size; /* used locally */
338
/* authenticated safe, stores certs, keys, and shrouded keys */
339
struct SEC_PKCS12AuthenticatedSafeStr
343
SECOidData *transportTypeTag; /* local not part of encoding*/
344
SECItem transportMode;
346
SEC_PKCS12Baggage baggage;
347
SEC_PKCS7ContentInfo *safe;
349
/* used for beta compatibility */
352
SEC_PKCS12Baggage_OLD old_baggage;
353
SEC_PKCS7ContentInfo old_safe;
356
#define SEC_PKCS12_PFX_VERSION 1 /* what we create */
360
/* PKCS 12 Templates */
361
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
362
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
363
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
364
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
365
extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
366
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
367
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
368
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
369
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
370
extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
371
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
372
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
373
extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
374
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
375
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
376
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
377
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
378
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
379
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
380
extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
381
extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
382
extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
383
extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
384
extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
385
extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
386
extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
387
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
388
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
389
extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
390
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
391
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
392
extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
393
extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
394
extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
395
extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
396
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
397
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];