1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef _P12_H_ 6 #define _P12_H_ 7 8 #include "secoid.h" 9 #include "keyhi.h" 10 #include "secpkcs7.h" 11 #include "p12t.h" 12 13 typedef int(PR_CALLBACK *PKCS12OpenFunction)(void *arg); 14 typedef int(PR_CALLBACK *PKCS12ReadFunction)(void *arg, 15 unsigned char *buffer, 16 unsigned int *lenRead, 17 unsigned int maxLen); 18 typedef int(PR_CALLBACK *PKCS12WriteFunction)(void *arg, 19 unsigned char *buffer, 20 unsigned int *bufLen, 21 unsigned int *lenWritten); 22 typedef int(PR_CALLBACK *PKCS12CloseFunction)(void *arg); 23 typedef SECStatus(PR_CALLBACK *PKCS12UnicodeConvertFunction)( 24 PLArenaPool *arena, 25 SECItem *dest, SECItem *src, 26 PRBool toUnicode, 27 PRBool swapBytes); 28 typedef void(PR_CALLBACK *SEC_PKCS12EncoderOutputCallback)( 29 void *arg, const char *buf, 30 unsigned long len); 31 typedef void(PR_CALLBACK *SEC_PKCS12DecoderOutputCallback)( 32 void *arg, const char *buf, 33 unsigned long len); 34 /* 35 * In NSS 3.12 or later, 'arg' actually points to a CERTCertificate, 36 * the 'leafCert' variable in sec_pkcs12_validate_cert in p12d.c. 37 * See r1.35 of p12d.c ("Patch 2" in bug 321584). 38 * 39 * This callback might be called by SEC_PKCS12DecoderValidateBags each time 40 * a nickname collission is detected. The callback must return a new 41 * nickname. The returned SECItem should be of type siAsciiString, 42 * it should be allocated using: 43 * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) 44 * and data must contain the new nickname as a zero terminated string. 45 */ 46 typedef SECItem *(PR_CALLBACK *SEC_PKCS12NicknameCollisionCallback)( 47 SECItem *old_nickname, 48 PRBool *cancel, 49 void *arg); 50 /* 51 * This callback is called by SEC_PKCS12DecoderRenameCertNicknames for each 52 * certificate found in the p12 source data. 53 * 54 * cert: A decoded certificate. 55 * default_nickname: The nickname as found in the source data. 56 * Will be NULL if source data doesn't have nickname. 57 * new_nickname: Output parameter that may contain the renamed nickname. 58 * arg: The user data that was passed to SEC_PKCS12DecoderRenameCertNicknames. 59 * 60 * If the callback accept that NSS will use a nickname based on the 61 * default_nickname (potentially resolving conflicts), then the callback 62 * must set *new_nickname to NULL. 63 * 64 * If the callback wishes to override the nickname, it must set *new_nickname 65 * to a new SECItem which should be allocated using 66 * SECITEM_AllocItem(NULL, NULL, LENGTH_OF_NEW_NICKNAME + 1) 67 * new_nickname->type should be set to siAsciiString, and new_nickname->data 68 * must contain the new nickname as a zero terminated string. 69 * 70 * A return value of SECFailure indicates that the renaming operation failed, 71 * and callback should release new_nickname before returning if it's already 72 * being allocated. 73 * Otherwise, the callback function must return SECSuccess, including use 74 * default nickname as mentioned above. 75 */ 76 typedef SECStatus(PR_CALLBACK *SEC_PKCS12NicknameRenameCallback)( 77 const CERTCertificate *cert, 78 const SECItem *default_nickname, 79 SECItem **new_nickname, 80 void *arg); 81 82 typedef SECStatus(PR_CALLBACK *digestOpenFn)(void *arg, PRBool readData); 83 typedef SECStatus(PR_CALLBACK *digestCloseFn)(void *arg, PRBool removeFile); 84 typedef int(PR_CALLBACK *digestIOFn)(void *arg, unsigned char *buf, 85 unsigned long len); 86 87 typedef struct SEC_PKCS12ExportContextStr SEC_PKCS12ExportContext; 88 typedef struct SEC_PKCS12SafeInfoStr SEC_PKCS12SafeInfo; 89 typedef struct SEC_PKCS12DecoderContextStr SEC_PKCS12DecoderContext; 90 typedef struct SEC_PKCS12DecoderItemStr SEC_PKCS12DecoderItem; 91 92 struct sec_PKCS12PasswordModeInfo { 93 SECItem *password; 94 SECOidTag algorithm; 95 }; 96 97 struct sec_PKCS12PublicKeyModeInfo { 98 CERTCertificate *cert; 99 CERTCertDBHandle *certDb; 100 SECOidTag algorithm; 101 int keySize; 102 }; 103 104 struct SEC_PKCS12DecoderItemStr { 105 SECItem *der; 106 SECOidTag type; 107 PRBool hasKey; 108 SECItem *friendlyName; /* UTF-8 string */ 109 SECAlgorithmID *shroudAlg; 110 }; 111 112 SEC_BEGIN_PROTOS 113 114 SEC_PKCS12SafeInfo * 115 SEC_PKCS12CreatePubKeyEncryptedSafe(SEC_PKCS12ExportContext *p12ctxt, 116 CERTCertDBHandle *certDb, 117 CERTCertificate *signer, 118 CERTCertificate **recipients, 119 SECOidTag algorithm, int keysize); 120 121 extern SEC_PKCS12SafeInfo * 122 SEC_PKCS12CreatePasswordPrivSafe(SEC_PKCS12ExportContext *p12ctxt, 123 SECItem *pwitem, SECOidTag privAlg); 124 125 extern SEC_PKCS12SafeInfo * 126 SEC_PKCS12CreateUnencryptedSafe(SEC_PKCS12ExportContext *p12ctxt); 127 128 extern SECStatus 129 SEC_PKCS12AddPasswordIntegrity(SEC_PKCS12ExportContext *p12ctxt, 130 SECItem *pwitem, SECOidTag integAlg); 131 extern SECStatus 132 SEC_PKCS12AddPublicKeyIntegrity(SEC_PKCS12ExportContext *p12ctxt, 133 CERTCertificate *cert, CERTCertDBHandle *certDb, 134 SECOidTag algorithm, int keySize); 135 136 extern SEC_PKCS12ExportContext * 137 SEC_PKCS12CreateExportContext(SECKEYGetPasswordKey pwfn, void *pwfnarg, 138 PK11SlotInfo *slot, void *wincx); 139 140 extern SECStatus 141 SEC_PKCS12AddCert(SEC_PKCS12ExportContext *p12ctxt, 142 SEC_PKCS12SafeInfo *safe, void *nestedDest, 143 CERTCertificate *cert, CERTCertDBHandle *certDb, 144 SECItem *keyId, PRBool includeCertChain); 145 146 extern SECStatus 147 SEC_PKCS12AddKeyForCert(SEC_PKCS12ExportContext *p12ctxt, 148 SEC_PKCS12SafeInfo *safe, 149 void *nestedDest, CERTCertificate *cert, 150 PRBool shroudKey, SECOidTag algorithm, SECItem *pwitem, 151 SECItem *keyId, SECItem *nickName); 152 153 extern SECStatus 154 SEC_PKCS12AddCertOrChainAndKey(SEC_PKCS12ExportContext *p12ctxt, 155 void *certSafe, void *certNestedDest, 156 CERTCertificate *cert, CERTCertDBHandle *certDb, 157 void *keySafe, void *keyNestedDest, PRBool shroudKey, 158 SECItem *pwitem, SECOidTag algorithm, 159 PRBool includeCertChain); 160 161 extern SECStatus 162 SEC_PKCS12AddCertAndKey(SEC_PKCS12ExportContext *p12ctxt, 163 void *certSafe, void *certNestedDest, 164 CERTCertificate *cert, CERTCertDBHandle *certDb, 165 void *keySafe, void *keyNestedDest, 166 PRBool shroudKey, SECItem *pwitem, SECOidTag algorithm); 167 168 extern void * 169 SEC_PKCS12CreateNestedSafeContents(SEC_PKCS12ExportContext *p12ctxt, 170 void *baseSafe, void *nestedDest); 171 172 extern SECStatus 173 SEC_PKCS12Encode(SEC_PKCS12ExportContext *p12exp, 174 SEC_PKCS12EncoderOutputCallback output, void *outputarg); 175 176 extern void 177 SEC_PKCS12DestroyExportContext(SEC_PKCS12ExportContext *p12exp); 178 179 extern SEC_PKCS12DecoderContext * 180 SEC_PKCS12DecoderStart(SECItem *pwitem, PK11SlotInfo *slot, void *wincx, 181 digestOpenFn dOpen, digestCloseFn dClose, 182 digestIOFn dRead, digestIOFn dWrite, void *dArg); 183 184 extern SECStatus 185 SEC_PKCS12DecoderSetTargetTokenCAs(SEC_PKCS12DecoderContext *p12dcx, 186 SECPKCS12TargetTokenCAs tokenCAs); 187 188 extern SECStatus 189 SEC_PKCS12DecoderUpdate(SEC_PKCS12DecoderContext *p12dcx, unsigned char *data, 190 unsigned long len); 191 192 extern void 193 SEC_PKCS12DecoderFinish(SEC_PKCS12DecoderContext *p12dcx); 194 195 extern SECStatus 196 SEC_PKCS12DecoderVerify(SEC_PKCS12DecoderContext *p12dcx); 197 198 extern SECStatus 199 SEC_PKCS12DecoderValidateBags(SEC_PKCS12DecoderContext *p12dcx, 200 SEC_PKCS12NicknameCollisionCallback nicknameCb); 201 202 /* 203 * SEC_PKCS12DecoderRenameCertNicknames() can be used to change 204 * certificate nicknames in SEC_PKCS12DecoderContext, prior to calling 205 * SEC_PKCS12DecoderImportBags. 206 * 207 * arg: User-defined data that will be passed to nicknameCb. 208 * 209 * If SEC_PKCS12DecoderRenameCertNicknames() is called after calling 210 * SEC_PKCS12DecoderValidateBags(), then only the certificate nickname 211 * will be changed. 212 * If SEC_PKCS12DecoderRenameCertNicknames() is called prior to calling 213 * SEC_PKCS12DecoderValidateBags(), then SEC_PKCS12DecoderValidateBags() 214 * will change the nickname of the corresponding private key, too. 215 */ 216 extern SECStatus 217 SEC_PKCS12DecoderRenameCertNicknames(SEC_PKCS12DecoderContext *p12dcx, 218 SEC_PKCS12NicknameRenameCallback nicknameCb, 219 void *arg); 220 221 extern SECStatus 222 SEC_PKCS12DecoderImportBags(SEC_PKCS12DecoderContext *p12dcx); 223 224 CERTCertList * 225 SEC_PKCS12DecoderGetCerts(SEC_PKCS12DecoderContext *p12dcx); 226 227 SECStatus 228 SEC_PKCS12DecoderIterateInit(SEC_PKCS12DecoderContext *p12dcx); 229 230 SECStatus 231 SEC_PKCS12DecoderIterateNext(SEC_PKCS12DecoderContext *p12dcx, 232 const SEC_PKCS12DecoderItem **ipp); 233 234 SEC_END_PROTOS 235 236 #endif 237