Source code

Revision control

Copy as Markdown

Other Tools

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at */
#ifndef _PKCS12T_H_
#define _PKCS12T_H_
#include "seccomon.h"
#include "secoid.h"
#include "cert.h"
#include "keythi.h"
#include "plarena.h"
#include "secpkcs7.h"
#include "secdig.h" /* for SGNDigestInfo */
typedef enum {
SECPKCS12TargetTokenNoCAs, /* CA get loaded intothe fixed token,
* User certs go to target token */
SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
* target token, root certs got to
* fixed token */
SECPKCS12TargetTokenAllCAs /* All certs go to target token */
} SECPKCS12TargetTokenCAs;
/* PKCS12 Structures */
typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
typedef SECItem *(*SEC_PKCS12PasswordFunc)(SECItem *args);
/* PKCS12 types */
/* stores shrouded keys */
struct SEC_PKCS12BaggageStr {
PLArenaPool *poolp;
SEC_PKCS12BaggageItem **bags;
int luggage_size; /* used locally */
/* additional data to be associated with keys. currently there
* is nothing defined to be stored here. allows future expansion.
struct SEC_PKCS12PVKAdditionalDataStr {
PLArenaPool *poolp;
SECOidData *pvkAdditionalTypeTag; /* used locally */
SECItem pvkAdditionalType;
SECItem pvkAdditionalContent;
/* cert and other supporting data for private keys. used
* for both shrouded and non-shrouded keys.
struct SEC_PKCS12PVKSupportingDataStr {
PLArenaPool *poolp;
SGNDigestInfo **assocCerts;
SECItem regenerable;
SECItem nickname;
SEC_PKCS12PVKAdditionalData pvkAdditional;
SECItem pvkAdditionalDER;
SECItem uniNickName;
/* used locally */
int nThumbs;
/* shrouded key structure. supports only pkcs8 shrouding
* currently.
struct SEC_PKCS12ESPVKItemStr {
PLArenaPool *poolp; /* used locally */
SECOidData *espvkTag; /* used locally */
SECItem espvkOID;
SEC_PKCS12PVKSupportingData espvkData;
union {
SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
} espvkCipherText;
PRBool duplicate; /* used locally */
PRBool problem_cert; /* used locally */
PRBool single_cert; /* used locally */
int nCerts; /* used locally */
SECItem derCert; /* used locally */
/* generic bag store for the safe. safeBagType identifies
* the type of bag stored.
struct SEC_PKCS12SafeBagStr {
PLArenaPool *poolp;
SECOidData *safeBagTypeTag; /* used locally */
SECItem safeBagType;
union {
SEC_PKCS12PrivateKeyBag *keyBag;
SEC_PKCS12CertAndCRLBag *certAndCRLBag;
SEC_PKCS12SecretBag *secretBag;
} safeContent;
SECItem derSafeContent;
SECItem safeBagName;
SECItem uniSafeBagName;
/* stores private keys and certificates in a list. each safebag
* has an ID identifying the type of content stored.
struct SEC_PKCS12SafeContentsStr {
PLArenaPool *poolp;
SEC_PKCS12SafeBag **contents;
/* used for tracking purposes */
int safe_size;
PRBool old;
PRBool swapUnicode;
PRBool possibleSwapUnicode;
/* private key structure which holds encrypted private key and
* supporting data including nickname and certificate thumbprint.
struct SEC_PKCS12PrivateKeyStr {
PLArenaPool *poolp;
SEC_PKCS12PVKSupportingData pvkData;
SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
PRBool duplicate; /* used locally */
PRBool problem_cert; /* used locally */
PRBool single_cert; /* used locally */
int nCerts; /* used locally */
SECItem derCert; /* used locally */
/* private key bag, holds a (null terminated) list of private key
* structures.
struct SEC_PKCS12PrivateKeyBagStr {
PLArenaPool *poolp;
SEC_PKCS12PrivateKey **privateKeys;
int bag_size; /* used locally */
/* container to hold certificates. currently supports x509
* and sdsi certificates
struct SEC_PKCS12CertAndCRLStr {
PLArenaPool *poolp;
SECOidData *BagTypeTag; /* used locally */
SECItem BagID;
union {
SEC_PKCS12X509CertCRL *x509;
SEC_PKCS12SDSICert *sdsi;
} value;
SECItem derValue;
SECItem nickname; /* used locally */
PRBool duplicate; /* used locally */
/* x509 certificate structure. typically holds the der encoding
* of the x509 certificate. thumbprint contains a digest of the
* certificate
struct SEC_PKCS12X509CertCRLStr {
PLArenaPool *poolp;
SEC_PKCS7ContentInfo certOrCRL;
SGNDigestInfo thumbprint;
SECItem *derLeafCert; /* used locally */
/* sdsi certificate structure. typically holds the der encoding
* of the sdsi certificate. thumbprint contains a digest of the
* certificate
struct SEC_PKCS12SDSICertStr {
PLArenaPool *poolp;
SECItem value;
SGNDigestInfo thumbprint;
/* contains a null terminated list of certs and crls */
struct SEC_PKCS12CertAndCRLBagStr {
PLArenaPool *poolp;
SEC_PKCS12CertAndCRL **certAndCRLs;
int bag_size; /* used locally */
/* additional secret information. currently no information
* stored in this structure.
struct SEC_PKCS12SecretAdditionalStr {
PLArenaPool *poolp;
SECOidData *secretTypeTag; /* used locally */
SECItem secretAdditionalType;
SECItem secretAdditionalContent;
/* secrets container. this will be used to contain currently
* unspecified secrets. (it's a secret)
struct SEC_PKCS12SecretStr {
PLArenaPool *poolp;
SECItem secretName;
SECItem value;
SEC_PKCS12SecretAdditional secretAdditional;
SECItem uniSecretName;
struct SEC_PKCS12SecretItemStr {
PLArenaPool *poolp;
SEC_PKCS12Secret secret;
SEC_PKCS12SafeBag subFolder;
/* a bag of secrets. holds a null terminated list of secrets.
struct SEC_PKCS12SecretBagStr {
PLArenaPool *poolp;
SEC_PKCS12SecretItem **secrets;
int bag_size; /* used locally */
struct SEC_PKCS12MacDataStr {
SGNDigestInfo safeMac;
SECItem macSalt;
/* outer transfer unit */
struct SEC_PKCS12PFXItemStr {
PLArenaPool *poolp;
SEC_PKCS12MacData macData;
SEC_PKCS7ContentInfo authSafe;
/* for compatibility with beta */
PRBool old;
SGNDigestInfo old_safeMac;
SECItem old_macSalt;
/* compatibility between platforms for unicode swapping */
PRBool swapUnicode;
struct SEC_PKCS12BaggageItemStr {
PLArenaPool *poolp;
SEC_PKCS12ESPVKItem **espvks;
SEC_PKCS12SafeBag **unencSecrets;
int nEspvks;
int nSecrets;
/* stores shrouded keys */
struct SEC_PKCS12Baggage_OLDStr {
PLArenaPool *poolp;
SEC_PKCS12ESPVKItem **espvks;
int luggage_size; /* used locally */
/* authenticated safe, stores certs, keys, and shrouded keys */
struct SEC_PKCS12AuthenticatedSafeStr {
PLArenaPool *poolp;
SECItem version;
SECOidData *transportTypeTag; /* local not part of encoding*/
SECItem transportMode;
SECItem privacySalt;
SEC_PKCS12Baggage baggage;
SEC_PKCS7ContentInfo *safe;
/* used for beta compatibility */
PRBool old;
PRBool emptySafe;
SEC_PKCS12Baggage_OLD old_baggage;
SEC_PKCS7ContentInfo old_safe;
PRBool swapUnicode;
#define SEC_PKCS12_PFX_VERSION 1 /* what we create */
/* PKCS 12 Templates */
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];