tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

p12.h (9464B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef _P12_H_
      6 #define _P12_H_
      7 
      8 #include "secoid.h"
      9 #include "keyhi.h"
     10 #include "secpkcs7.h"
     11 #include "p12t.h"
     12 
     13 typedef int(PR_CALLBACK *PKCS12OpenFunction)(void *arg);
     14 typedef int(PR_CALLBACK *PKCS12ReadFunction)(void *arg,
     15                                             unsigned char *buffer,
     16                                             unsigned int *lenRead,
     17                                             unsigned int maxLen);
     18 typedef int(PR_CALLBACK *PKCS12WriteFunction)(void *arg,
     19                                              unsigned char *buffer,
     20                                              unsigned int *bufLen,
     21                                              unsigned int *lenWritten);
     22 typedef int(PR_CALLBACK *PKCS12CloseFunction)(void *arg);
     23 typedef SECStatus(PR_CALLBACK *PKCS12UnicodeConvertFunction)(
     24    PLArenaPool *arena,
     25    SECItem *dest, SECItem *src,
     26    PRBool toUnicode,
     27    PRBool swapBytes);
     28 typedef void(PR_CALLBACK *SEC_PKCS12EncoderOutputCallback)(
     29    void *arg, const char *buf,
     30    unsigned long len);
     31 typedef void(PR_CALLBACK *SEC_PKCS12DecoderOutputCallback)(
     32    void *arg, const char *buf,
     33    unsigned long len);
     34 /*
     35 * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate,
     36 * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c.
     37 * See r1.35 of p12d.c ("Patch 2" in bug 321584).
     38 *
     39 * This callback might be called by SEC_PKCS12DecoderValidateBags each time
     40 * a nickname collission is detected. The callback must return a new
     41 * nickname. The returned SECItem should be of type siAsciiString,
     42 * it should be allocated using:
     43 *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
     44 * and data must contain the new nickname as a zero terminated string.
     45 */
     46 typedef SECItem *(PR_CALLBACK *SEC_PKCS12NicknameCollisionCallback)(
     47    SECItem *old_nickname,
     48    PRBool *cancel,
     49    void *arg);
     50 /*
     51 * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each
     52 * certificate found in the p12 source data.
     53 *
     54 * cert: A decoded certificate.
     55 * default_nickname: The nickname as found in the source data.
     56 *                   Will be NULL if source data doesn't have nickname.
     57 * new_nickname: Output parameter that may contain the renamed nickname.
     58 * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames.
     59 *
     60 * If the callback accept that NSS will use a nickname based on the
     61 * default_nickname (potentially resolving conflicts), then the callback
     62 * must set *new_nickname to NULL.
     63 *
     64 * If the callback wishes to override the nickname, it must set *new_nickname
     65 * to a new SECItem which should be allocated using
     66 *     SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1)
     67 * new_nickname->type should be set to siAsciiString, and new_nickname->data
     68 * must contain the new nickname as a zero terminated string.
     69 *
     70 * A return value of SECFailure indicates that the renaming operation failed,
     71 * and callback should release new_nickname before returning if it's already
     72 * being allocated.
     73 * Otherwise, the callback function must return SECSuccess, including use
     74 * default nickname as mentioned above.
     75 */
     76 typedef SECStatus(PR_CALLBACK *SEC_PKCS12NicknameRenameCallback)(
     77    const CERTCertificate *cert,
     78    const SECItem *default_nickname,
     79    SECItem **new_nickname,
     80    void *arg);
     81 
     82 typedef SECStatus(PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData);
     83 typedef SECStatus(PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile);
     84 typedef int(PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf,
     85                                     unsigned long len);
     86 
     87 typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext;
     88 typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo;
     89 typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext;
     90 typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem;
     91 
     92 struct sec_PKCS12PasswordModeInfo {
     93    SECItem *password;
     94    SECOidTag algorithm;
     95 };
     96 
     97 struct sec_PKCS12PublicKeyModeInfo {
     98    CERTCertificate *cert;
     99    CERTCertDBHandle *certDb;
    100    SECOidTag algorithm;
    101    int keySize;
    102 };
    103 
    104 struct SEC_PKCS12DecoderItemStr {
    105    SECItem *der;
    106    SECOidTag type;
    107    PRBool hasKey;
    108    SECItem *friendlyName; /* UTF-8 string */
    109    SECAlgorithmID *shroudAlg;
    110 };
    111 
    112 SEC_BEGIN_PROTOS
    113 
    114 SEC_PKCS12SafeInfo *
    115 SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt,
    116                                    CERTCertDBHandle *certDb,
    117                                    CERTCertificate *signer,
    118                                    CERTCertificate **recipients,
    119                                    SECOidTag algorithm, int keysize);
    120 
    121 extern SEC_PKCS12SafeInfo *
    122 SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt,
    123                                 SECItem *pwitem, SECOidTag privAlg);
    124 
    125 extern SEC_PKCS12SafeInfo *
    126 SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt);
    127 
    128 extern SECStatus
    129 SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt,
    130                               SECItem *pwitem, SECOidTag integAlg);
    131 extern SECStatus
    132 SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt,
    133                                CERTCertificate *cert, CERTCertDBHandle *certDb,
    134                                SECOidTag algorithm, int keySize);
    135 
    136 extern SEC_PKCS12ExportContext *
    137 SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg,
    138                              PK11SlotInfo *slot, void *wincx);
    139 
    140 extern SECStatus
    141 SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt,
    142                  SEC_PKCS12SafeInfo *safe, void *nestedDest,
    143                  CERTCertificate *cert, CERTCertDBHandle *certDb,
    144                  SECItem *keyId, PRBool includeCertChain);
    145 
    146 extern SECStatus
    147 SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt,
    148                        SEC_PKCS12SafeInfo *safe,
    149                        void *nestedDest, CERTCertificate *cert,
    150                        PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem,
    151                        SECItem *keyId, SECItem *nickName);
    152 
    153 extern SECStatus
    154 SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt,
    155                               void *certSafe, void *certNestedDest,
    156                               CERTCertificate *cert, CERTCertDBHandle *certDb,
    157                               void *keySafe, void *keyNestedDest, PRBool shroudKey,
    158                               SECItem *pwitem, SECOidTag algorithm,
    159                               PRBool includeCertChain);
    160 
    161 extern SECStatus
    162 SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt,
    163                        void *certSafe, void *certNestedDest,
    164                        CERTCertificate *cert, CERTCertDBHandle *certDb,
    165                        void *keySafe, void *keyNestedDest,
    166                        PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm);
    167 
    168 extern void *
    169 SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt,
    170                                   void *baseSafe, void *nestedDest);
    171 
    172 extern SECStatus
    173 SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp,
    174                 SEC_PKCS12EncoderOutputCallback output, void *outputarg);
    175 
    176 extern void
    177 SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp);
    178 
    179 extern SEC_PKCS12DecoderContext *
    180 SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx,
    181                       digestOpenFn dOpen, digestCloseFn dClose,
    182                       digestIOFn dRead, digestIOFn dWrite, void *dArg);
    183 
    184 extern SECStatus
    185 SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx,
    186                                   SECPKCS12TargetTokenCAs tokenCAs);
    187 
    188 extern SECStatus
    189 SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data,
    190                        unsigned long len);
    191 
    192 extern void
    193 SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx);
    194 
    195 extern SECStatus
    196 SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx);
    197 
    198 extern SECStatus
    199 SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx,
    200                              SEC_PKCS12NicknameCollisionCallback nicknameCb);
    201 
    202 /*
    203 * SEC_PKCS12DecoderRenameCertNicknames() can be used to change
    204 * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling
    205 * SEC_PKCS12DecoderImportBags.
    206 *
    207 * arg: User-defined data that will be passed to nicknameCb.
    208 *
    209 * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling
    210 * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname
    211 * will be changed.
    212 * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling
    213 * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags()
    214 * will change the nickname of the corresponding private key, too.
    215 */
    216 extern SECStatus
    217 SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx,
    218                                     SEC_PKCS12NicknameRenameCallback nicknameCb,
    219                                     void *arg);
    220 
    221 extern SECStatus
    222 SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx);
    223 
    224 CERTCertList *
    225 SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx);
    226 
    227 SECStatus
    228 SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx);
    229 
    230 SECStatus
    231 SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx,
    232                             const SEC_PKCS12DecoderItem **ipp);
    233 
    234 SEC_END_PROTOS
    235 
    236 #endif