tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkcs12t.h (11213B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef _PKCS12T_H_
      6 #define _PKCS12T_H_
      7 
      8 #include "seccomon.h"
      9 #include "secoid.h"
     10 #include "cert.h"
     11 #include "keythi.h"
     12 #include "plarena.h"
     13 #include "secpkcs7.h"
     14 #include "secdig.h" /* for SGNDigestInfo */
     15 
     16 typedef enum {
     17    SECPKCS12TargetTokenNoCAs,           /* CA get loaded intothe fixed token,
     18                                          * User certs go to target token */
     19    SECPKCS12TargetTokenIntermediateCAs, /* User certs and intermediates go to
     20                                          * target token, root certs got to
     21                                          * fixed token */
     22    SECPKCS12TargetTokenAllCAs           /* All certs go to target token */
     23 } SECPKCS12TargetTokenCAs;
     24 
     25 /* PKCS12 Structures */
     26 typedef struct SEC_PKCS12PFXItemStr SEC_PKCS12PFXItem;
     27 typedef struct SEC_PKCS12MacDataStr SEC_PKCS12MacData;
     28 typedef struct SEC_PKCS12AuthenticatedSafeStr SEC_PKCS12AuthenticatedSafe;
     29 typedef struct SEC_PKCS12BaggageItemStr SEC_PKCS12BaggageItem;
     30 typedef struct SEC_PKCS12BaggageStr SEC_PKCS12Baggage;
     31 typedef struct SEC_PKCS12Baggage_OLDStr SEC_PKCS12Baggage_OLD;
     32 typedef struct SEC_PKCS12ESPVKItemStr SEC_PKCS12ESPVKItem;
     33 typedef struct SEC_PKCS12PVKSupportingDataStr SEC_PKCS12PVKSupportingData;
     34 typedef struct SEC_PKCS12PVKAdditionalDataStr SEC_PKCS12PVKAdditionalData;
     35 typedef struct SEC_PKCS12SafeContentsStr SEC_PKCS12SafeContents;
     36 typedef struct SEC_PKCS12SafeBagStr SEC_PKCS12SafeBag;
     37 typedef struct SEC_PKCS12PrivateKeyStr SEC_PKCS12PrivateKey;
     38 typedef struct SEC_PKCS12PrivateKeyBagStr SEC_PKCS12PrivateKeyBag;
     39 typedef struct SEC_PKCS12CertAndCRLBagStr SEC_PKCS12CertAndCRLBag;
     40 typedef struct SEC_PKCS12CertAndCRLStr SEC_PKCS12CertAndCRL;
     41 typedef struct SEC_PKCS12X509CertCRLStr SEC_PKCS12X509CertCRL;
     42 typedef struct SEC_PKCS12SDSICertStr SEC_PKCS12SDSICert;
     43 typedef struct SEC_PKCS12SecretStr SEC_PKCS12Secret;
     44 typedef struct SEC_PKCS12SecretAdditionalStr SEC_PKCS12SecretAdditional;
     45 typedef struct SEC_PKCS12SecretItemStr SEC_PKCS12SecretItem;
     46 typedef struct SEC_PKCS12SecretBagStr SEC_PKCS12SecretBag;
     47 
     48 typedef SECItem *(*SEC_PKCS12PasswordFunc)(SECItem *args);
     49 
     50 /* PKCS12 types */
     51 
     52 /* stores shrouded keys */
     53 struct SEC_PKCS12BaggageStr {
     54    PLArenaPool *poolp;
     55    SEC_PKCS12BaggageItem **bags;
     56 
     57    int luggage_size; /* used locally */
     58 };
     59 
     60 /* additional data to be associated with keys.  currently there
     61 * is nothing defined to be stored here.  allows future expansion.
     62 */
     63 struct SEC_PKCS12PVKAdditionalDataStr {
     64    PLArenaPool *poolp;
     65    SECOidData *pvkAdditionalTypeTag; /* used locally */
     66    SECItem pvkAdditionalType;
     67    SECItem pvkAdditionalContent;
     68 };
     69 
     70 /* cert and other supporting data for private keys.  used
     71 * for both shrouded and non-shrouded keys.
     72 */
     73 struct SEC_PKCS12PVKSupportingDataStr {
     74    PLArenaPool *poolp;
     75    SGNDigestInfo **assocCerts;
     76    SECItem regenerable;
     77    SECItem nickname;
     78    SEC_PKCS12PVKAdditionalData pvkAdditional;
     79    SECItem pvkAdditionalDER;
     80 
     81    SECItem uniNickName;
     82    /* used locally */
     83    int nThumbs;
     84 };
     85 
     86 /* shrouded key structure.  supports only pkcs8 shrouding
     87 * currently.
     88 */
     89 struct SEC_PKCS12ESPVKItemStr {
     90    PLArenaPool *poolp;   /* used locally */
     91    SECOidData *espvkTag; /* used locally */
     92    SECItem espvkOID;
     93    SEC_PKCS12PVKSupportingData espvkData;
     94    union {
     95        SECKEYEncryptedPrivateKeyInfo *pkcs8KeyShroud;
     96    } espvkCipherText;
     97 
     98    PRBool duplicate;    /* used locally */
     99    PRBool problem_cert; /* used locally */
    100    PRBool single_cert;  /* used locally */
    101    int nCerts;          /* used locally */
    102    SECItem derCert;     /* used locally */
    103 };
    104 
    105 /* generic bag store for the safe.  safeBagType identifies
    106 * the type of bag stored.
    107 */
    108 struct SEC_PKCS12SafeBagStr {
    109    PLArenaPool *poolp;
    110    SECOidData *safeBagTypeTag; /* used locally */
    111    SECItem safeBagType;
    112    union {
    113        SEC_PKCS12PrivateKeyBag *keyBag;
    114        SEC_PKCS12CertAndCRLBag *certAndCRLBag;
    115        SEC_PKCS12SecretBag *secretBag;
    116    } safeContent;
    117 
    118    SECItem derSafeContent;
    119    SECItem safeBagName;
    120 
    121    SECItem uniSafeBagName;
    122 };
    123 
    124 /* stores private keys and certificates in a list.  each safebag
    125 * has an ID identifying the type of content stored.
    126 */
    127 struct SEC_PKCS12SafeContentsStr {
    128    PLArenaPool *poolp;
    129    SEC_PKCS12SafeBag **contents;
    130 
    131    /* used for tracking purposes */
    132    int safe_size;
    133    PRBool old;
    134    PRBool swapUnicode;
    135    PRBool possibleSwapUnicode;
    136 };
    137 
    138 /* private key structure which holds encrypted private key and
    139 * supporting data including nickname and certificate thumbprint.
    140 */
    141 struct SEC_PKCS12PrivateKeyStr {
    142    PLArenaPool *poolp;
    143    SEC_PKCS12PVKSupportingData pvkData;
    144    SECKEYPrivateKeyInfo pkcs8data; /* borrowed from PKCS 8 */
    145 
    146    PRBool duplicate;    /* used locally */
    147    PRBool problem_cert; /* used locally */
    148    PRBool single_cert;  /* used locally */
    149    int nCerts;          /* used locally */
    150    SECItem derCert;     /* used locally */
    151 };
    152 
    153 /* private key bag, holds a (null terminated) list of private key
    154 * structures.
    155 */
    156 struct SEC_PKCS12PrivateKeyBagStr {
    157    PLArenaPool *poolp;
    158    SEC_PKCS12PrivateKey **privateKeys;
    159 
    160    int bag_size; /* used locally */
    161 };
    162 
    163 /* container to hold certificates.  currently supports x509
    164 * and sdsi certificates
    165 */
    166 struct SEC_PKCS12CertAndCRLStr {
    167    PLArenaPool *poolp;
    168    SECOidData *BagTypeTag; /* used locally */
    169    SECItem BagID;
    170    union {
    171        SEC_PKCS12X509CertCRL *x509;
    172        SEC_PKCS12SDSICert *sdsi;
    173    } value;
    174 
    175    SECItem derValue;
    176    SECItem nickname; /* used locally */
    177    PRBool duplicate; /* used locally */
    178 };
    179 
    180 /* x509 certificate structure.  typically holds the der encoding
    181 * of the x509 certificate.  thumbprint contains a digest of the
    182 * certificate
    183 */
    184 struct SEC_PKCS12X509CertCRLStr {
    185    PLArenaPool *poolp;
    186    SEC_PKCS7ContentInfo certOrCRL;
    187    SGNDigestInfo thumbprint;
    188 
    189    SECItem *derLeafCert; /* used locally */
    190 };
    191 
    192 /* sdsi certificate structure.  typically holds the der encoding
    193 * of the sdsi certificate.  thumbprint contains a digest of the
    194 * certificate
    195 */
    196 struct SEC_PKCS12SDSICertStr {
    197    PLArenaPool *poolp;
    198    SECItem value;
    199    SGNDigestInfo thumbprint;
    200 };
    201 
    202 /* contains a null terminated list of certs and crls */
    203 struct SEC_PKCS12CertAndCRLBagStr {
    204    PLArenaPool *poolp;
    205    SEC_PKCS12CertAndCRL **certAndCRLs;
    206 
    207    int bag_size; /* used locally */
    208 };
    209 
    210 /* additional secret information.  currently no information
    211 * stored in this structure.
    212 */
    213 struct SEC_PKCS12SecretAdditionalStr {
    214    PLArenaPool *poolp;
    215    SECOidData *secretTypeTag; /* used locally */
    216    SECItem secretAdditionalType;
    217    SECItem secretAdditionalContent;
    218 };
    219 
    220 /* secrets container.  this will be used to contain currently
    221 * unspecified secrets.  (it's a secret)
    222 */
    223 struct SEC_PKCS12SecretStr {
    224    PLArenaPool *poolp;
    225    SECItem secretName;
    226    SECItem value;
    227    SEC_PKCS12SecretAdditional secretAdditional;
    228 
    229    SECItem uniSecretName;
    230 };
    231 
    232 struct SEC_PKCS12SecretItemStr {
    233    PLArenaPool *poolp;
    234    SEC_PKCS12Secret secret;
    235    SEC_PKCS12SafeBag subFolder;
    236 };
    237 
    238 /* a bag of secrets.  holds a null terminated list of secrets.
    239 */
    240 struct SEC_PKCS12SecretBagStr {
    241    PLArenaPool *poolp;
    242    SEC_PKCS12SecretItem **secrets;
    243 
    244    int bag_size; /* used locally */
    245 };
    246 
    247 struct SEC_PKCS12MacDataStr {
    248    SGNDigestInfo safeMac;
    249    SECItem macSalt;
    250 };
    251 
    252 /* outer transfer unit */
    253 struct SEC_PKCS12PFXItemStr {
    254    PLArenaPool *poolp;
    255    SEC_PKCS12MacData macData;
    256    SEC_PKCS7ContentInfo authSafe;
    257 
    258    /* for compatibility with beta */
    259    PRBool old;
    260    SGNDigestInfo old_safeMac;
    261    SECItem old_macSalt;
    262 
    263    /* compatibility between platforms for unicode swapping */
    264    PRBool swapUnicode;
    265 };
    266 
    267 struct SEC_PKCS12BaggageItemStr {
    268    PLArenaPool *poolp;
    269    SEC_PKCS12ESPVKItem **espvks;
    270    SEC_PKCS12SafeBag **unencSecrets;
    271 
    272    int nEspvks;
    273    int nSecrets;
    274 };
    275 
    276 /* stores shrouded keys */
    277 struct SEC_PKCS12Baggage_OLDStr {
    278    PLArenaPool *poolp;
    279    SEC_PKCS12ESPVKItem **espvks;
    280 
    281    int luggage_size; /* used locally */
    282 };
    283 
    284 /* authenticated safe, stores certs, keys, and shrouded keys */
    285 struct SEC_PKCS12AuthenticatedSafeStr {
    286    PLArenaPool *poolp;
    287    SECItem version;
    288    SECOidData *transportTypeTag; /* local not part of encoding*/
    289    SECItem transportMode;
    290    SECItem privacySalt;
    291    SEC_PKCS12Baggage baggage;
    292    SEC_PKCS7ContentInfo *safe;
    293 
    294    /* used for beta compatibility */
    295    PRBool old;
    296    PRBool emptySafe;
    297    SEC_PKCS12Baggage_OLD old_baggage;
    298    SEC_PKCS7ContentInfo old_safe;
    299    PRBool swapUnicode;
    300 };
    301 #define SEC_PKCS12_PFX_VERSION 1 /* what we create */
    302 
    303 /* PKCS 12 Templates */
    304 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[];
    305 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[];
    306 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[];
    307 extern const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[];
    308 extern const SEC_ASN1Template SEC_PKCS12MacDataTemplate[];
    309 extern const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[];
    310 extern const SEC_ASN1Template SEC_PKCS12BaggageTemplate[];
    311 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[];
    312 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[];
    313 extern const SEC_ASN1Template SEC_PKCS12PVKAdditionalTemplate[];
    314 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[];
    315 extern const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[];
    316 extern const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[];
    317 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[];
    318 extern const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[];
    319 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[];
    320 extern const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[];
    321 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[];
    322 extern const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[];
    323 extern const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[];
    324 extern const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[];
    325 extern const SEC_ASN1Template SEC_PKCS12SecretTemplate[];
    326 extern const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[];
    327 extern const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[];
    328 extern const SEC_ASN1Template SGN_DigestInfoTemplate[];
    329 extern const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[];
    330 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[];
    331 extern const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[];
    332 extern const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[];
    333 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[];
    334 extern const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[];
    335 extern const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[];
    336 extern const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[];
    337 extern const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[];
    338 extern const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[];
    339 extern const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[];
    340 extern const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[];
    341 #endif