search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / lib / pkcs12 / p12local.c
bloba2221504b80c565e6cae6e67bf8593992cf9b135
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36
37 #include "nssrenam.h"
38 #include "pkcs12.h"
39 #include "secpkcs7.h"
40 #include "secasn1.h"
41 #include "seccomon.h"
42 #include "secoid.h"
43 #include "sechash.h"
44 #include "secitem.h"
45 #include "secerr.h"
46 #include "pk11func.h"
47 #include "p12local.h"
48 #include "p12.h"
49
50 #define SALT_LENGTH 16
51
52 SEC_ASN1_MKSUB(SECKEY_PrivateKeyInfoTemplate)
53 SEC_ASN1_MKSUB(sgn_DigestInfoTemplate)
54
55 CK_MECHANISM_TYPE
56 sec_pkcs12_algtag_to_mech(SECOidTag algtag)
57 {
58 switch (algtag) {
59 case SEC_OID_MD2:
60 return CKM_MD2_HMAC;
61 case SEC_OID_MD5:
62 return CKM_MD5_HMAC;
63 case SEC_OID_SHA1:
64 return CKM_SHA_1_HMAC;
65 case SEC_OID_SHA256:
66 return CKM_SHA256_HMAC;
67 case SEC_OID_SHA384:
68 return CKM_SHA384_HMAC;
69 case SEC_OID_SHA512:
70 return CKM_SHA512_HMAC;
71 default:
72 break;
73 }
74 return CKM_INVALID_MECHANISM;
75 }
76
77 /* helper functions */
78 /* returns proper bag type template based upon object type tag */
79 const SEC_ASN1Template *
80 sec_pkcs12_choose_bag_type_old(void *src_or_dest, PRBool encoding)
81 {
82 const SEC_ASN1Template *theTemplate;
83 SEC_PKCS12SafeBag *safebag;
84 SECOidData *oiddata;
85
86 if (src_or_dest == NULL) {
87 return NULL;
88 }
89
90 safebag = (SEC_PKCS12SafeBag*)src_or_dest;
91
92 oiddata = safebag->safeBagTypeTag;
93 if (oiddata == NULL) {
94 oiddata = SECOID_FindOID(&safebag->safeBagType);
95 safebag->safeBagTypeTag = oiddata;
96 }
97
98 switch (oiddata->offset) {
99 default:
100 theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
101 break;
102 case SEC_OID_PKCS12_KEY_BAG_ID:
103 theTemplate = SEC_PointerToPKCS12KeyBagTemplate;
104 break;
105 case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
106 theTemplate = SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD;
107 break;
108 case SEC_OID_PKCS12_SECRET_BAG_ID:
109 theTemplate = SEC_PointerToPKCS12SecretBagTemplate;
110 break;
111 }
112 return theTemplate;
113 }
114
115 const SEC_ASN1Template *
116 sec_pkcs12_choose_bag_type(void *src_or_dest, PRBool encoding)
117 {
118 const SEC_ASN1Template *theTemplate;
119 SEC_PKCS12SafeBag *safebag;
120 SECOidData *oiddata;
121
122 if (src_or_dest == NULL) {
123 return NULL;
124 }
125
126 safebag = (SEC_PKCS12SafeBag*)src_or_dest;
127
128 oiddata = safebag->safeBagTypeTag;
129 if (oiddata == NULL) {
130 oiddata = SECOID_FindOID(&safebag->safeBagType);
131 safebag->safeBagTypeTag = oiddata;
132 }
133
134 switch (oiddata->offset) {
135 default:
136 theTemplate = SEC_ASN1_GET(SEC_AnyTemplate);
137 break;
138 case SEC_OID_PKCS12_KEY_BAG_ID:
139 theTemplate = SEC_PKCS12PrivateKeyBagTemplate;
140 break;
141 case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
142 theTemplate = SEC_PKCS12CertAndCRLBagTemplate;
143 break;
144 case SEC_OID_PKCS12_SECRET_BAG_ID:
145 theTemplate = SEC_PKCS12SecretBagTemplate;
146 break;
147 }
148 return theTemplate;
149 }
150
151 /* returns proper cert crl template based upon type tag */
152 const SEC_ASN1Template *
153 sec_pkcs12_choose_cert_crl_type_old(void *src_or_dest, PRBool encoding)
154 {
155 const SEC_ASN1Template *theTemplate;
156 SEC_PKCS12CertAndCRL *certbag;
157 SECOidData *oiddata;
158
159 if (src_or_dest == NULL) {
160 return NULL;
161 }
162
163 certbag = (SEC_PKCS12CertAndCRL*)src_or_dest;
164 oiddata = certbag->BagTypeTag;
165 if (oiddata == NULL) {
166 oiddata = SECOID_FindOID(&certbag->BagID);
167 certbag->BagTypeTag = oiddata;
168 }
169
170 switch (oiddata->offset) {
171 default:
172 theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
173 break;
174 case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
175 theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate_OLD;
176 break;
177 case SEC_OID_PKCS12_SDSI_CERT_BAG:
178 theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
179 break;
180 }
181 return theTemplate;
182 }
183
184 const SEC_ASN1Template *
185 sec_pkcs12_choose_cert_crl_type(void *src_or_dest, PRBool encoding)
186 {
187 const SEC_ASN1Template *theTemplate;
188 SEC_PKCS12CertAndCRL *certbag;
189 SECOidData *oiddata;
190
191 if (src_or_dest == NULL) {
192 return NULL;
193 }
194
195 certbag = (SEC_PKCS12CertAndCRL*)src_or_dest;
196 oiddata = certbag->BagTypeTag;
197 if (oiddata == NULL) {
198 oiddata = SECOID_FindOID(&certbag->BagID);
199 certbag->BagTypeTag = oiddata;
200 }
201
202 switch (oiddata->offset) {
203 default:
204 theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
205 break;
206 case SEC_OID_PKCS12_X509_CERT_CRL_BAG:
207 theTemplate = SEC_PointerToPKCS12X509CertCRLTemplate;
208 break;
209 case SEC_OID_PKCS12_SDSI_CERT_BAG:
210 theTemplate = SEC_PointerToPKCS12SDSICertTemplate;
211 break;
212 }
213 return theTemplate;
214 }
215
216 /* returns appropriate shroud template based on object type tag */
217 const SEC_ASN1Template *
218 sec_pkcs12_choose_shroud_type(void *src_or_dest, PRBool encoding)
219 {
220 const SEC_ASN1Template *theTemplate;
221 SEC_PKCS12ESPVKItem *espvk;
222 SECOidData *oiddata;
223
224 if (src_or_dest == NULL) {
225 return NULL;
226 }
227
228 espvk = (SEC_PKCS12ESPVKItem*)src_or_dest;
229 oiddata = espvk->espvkTag;
230 if (oiddata == NULL) {
231 oiddata = SECOID_FindOID(&espvk->espvkOID);
232 espvk->espvkTag = oiddata;
233 }
234
235 switch (oiddata->offset) {
236 default:
237 theTemplate = SEC_ASN1_GET(SEC_PointerToAnyTemplate);
238 break;
239 case SEC_OID_PKCS12_PKCS8_KEY_SHROUDING:
240 theTemplate =
241 SEC_ASN1_GET(SECKEY_PointerToEncryptedPrivateKeyInfoTemplate);
242 break;
243 }
244 return theTemplate;
245 }
246
247 /* generate SALT placing it into the character array passed in.
248 * it is assumed that salt_dest is an array of appropriate size
249 * XXX We might want to generate our own random context
250 */
251 SECItem *
252 sec_pkcs12_generate_salt(void)
253 {
254 SECItem *salt;
255
256 salt = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
257 if(salt == NULL) {
258 PORT_SetError(SEC_ERROR_NO_MEMORY);
259 return NULL;
260 }
261 salt->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char) *
262 SALT_LENGTH);
263 salt->len = SALT_LENGTH;
264 if(salt->data == NULL) {
265 PORT_SetError(SEC_ERROR_NO_MEMORY);
266 SECITEM_ZfreeItem(salt, PR_TRUE);
267 return NULL;
268 }
269
270 PK11_GenerateRandom(salt->data, salt->len);
271
272 return salt;
273 }
274
275 /* generate KEYS -- as per PKCS12 section 7.
276 * only used for MAC
277 */
278 SECItem *
279 sec_pkcs12_generate_key_from_password(SECOidTag algorithm,
280 SECItem *salt,
281 SECItem *password)
282 {
283 unsigned char *pre_hash=NULL;
284 unsigned char *hash_dest=NULL;
285 SECStatus res;
286 PRArenaPool *poolp;
287 SECItem *key = NULL;
288 int key_len = 0;
289
290 if((salt == NULL) || (password == NULL)) {
291 return NULL;
292 }
293
294 poolp = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
295 if(poolp == NULL) {
296 PORT_SetError(SEC_ERROR_NO_MEMORY);
297 return NULL;
298 }
299
300 pre_hash = (unsigned char *)PORT_ArenaZAlloc(poolp, sizeof(char) *
301 (salt->len+password->len));
302 if(pre_hash == NULL) {
303 PORT_SetError(SEC_ERROR_NO_MEMORY);
304 goto loser;
305 }
306
307 hash_dest = (unsigned char *)PORT_ArenaZAlloc(poolp,
308 sizeof(unsigned char) * SHA1_LENGTH);
309 if(hash_dest == NULL) {
310 PORT_SetError(SEC_ERROR_NO_MEMORY);
311 goto loser;
312 }
313
314 PORT_Memcpy(pre_hash, salt->data, salt->len);
315 /* handle password of 0 length case */
316 if(password->len > 0) {
317 PORT_Memcpy(&(pre_hash[salt->len]), password->data, password->len);
318 }
319
320 res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, pre_hash,
321 (salt->len+password->len));
322 if(res == SECFailure) {
323 PORT_SetError(SEC_ERROR_NO_MEMORY);
324 goto loser;
325 }
326
327 switch(algorithm) {
328 case SEC_OID_SHA1:
329 if(key_len == 0)
330 key_len = 16;
331 key = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
332 if(key == NULL) {
333 PORT_SetError(SEC_ERROR_NO_MEMORY);
334 goto loser;
335 }
336 key->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char)
337 * key_len);
338 if(key->data == NULL) {
339 PORT_SetError(SEC_ERROR_NO_MEMORY);
340 goto loser;
341 }
342 key->len = key_len;
343 PORT_Memcpy(key->data, &hash_dest[SHA1_LENGTH-key->len], key->len);
344 break;
345 default:
346 goto loser;
347 break;
348 }
349
350 PORT_FreeArena(poolp, PR_TRUE);
351 return key;
352
353 loser:
354 PORT_FreeArena(poolp, PR_TRUE);
355 if(key != NULL) {
356 SECITEM_ZfreeItem(key, PR_TRUE);
357 }
358 return NULL;
359 }
360
361 /* MAC is generated per PKCS 12 section 6. It is expected that key, msg
362 * and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
363 * because it is not known how long the message actually is. String
364 * manipulation routines will not necessarily work because msg may have
365 * imbedded NULLs
366 */
367 static SECItem *
368 sec_pkcs12_generate_old_mac(SECItem *key,
369 SECItem *msg)
370 {
371 SECStatus res;
372 PRArenaPool *temparena = NULL;
373 unsigned char *hash_dest=NULL, *hash_src1=NULL, *hash_src2 = NULL;
374 int i;
375 SECItem *mac = NULL;
376
377 if((key == NULL) || (msg == NULL))
378 goto loser;
379
380 /* allocate return item */
381 mac = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
382 if(mac == NULL)
383 return NULL;
384 mac->data = (unsigned char *)PORT_ZAlloc(sizeof(unsigned char)
385 * SHA1_LENGTH);
386 mac->len = SHA1_LENGTH;
387 if(mac->data == NULL)
388 goto loser;
389
390 /* allocate temporary items */
391 temparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
392 if(temparena == NULL)
393 goto loser;
394
395 hash_src1 = (unsigned char *)PORT_ArenaZAlloc(temparena,
396 sizeof(unsigned char) * (16+msg->len));
397 if(hash_src1 == NULL)
398 goto loser;
399
400 hash_src2 = (unsigned char *)PORT_ArenaZAlloc(temparena,
401 sizeof(unsigned char) * (SHA1_LENGTH+16));
402 if(hash_src2 == NULL)
403 goto loser;
404
405 hash_dest = (unsigned char *)PORT_ArenaZAlloc(temparena,
406 sizeof(unsigned char) * SHA1_LENGTH);
407 if(hash_dest == NULL)
408 goto loser;
409
410 /* perform mac'ing as per PKCS 12 */
411
412 /* first round of hashing */
413 for(i = 0; i < 16; i++)
414 hash_src1[i] = key->data[i] ^ 0x36;
415 PORT_Memcpy(&(hash_src1[16]), msg->data, msg->len);
416 res = PK11_HashBuf(SEC_OID_SHA1, hash_dest, hash_src1, (16+msg->len));
417 if(res == SECFailure)
418 goto loser;
419
420 /* second round of hashing */
421 for(i = 0; i < 16; i++)
422 hash_src2[i] = key->data[i] ^ 0x5c;
423 PORT_Memcpy(&(hash_src2[16]), hash_dest, SHA1_LENGTH);
424 res = PK11_HashBuf(SEC_OID_SHA1, mac->data, hash_src2, SHA1_LENGTH+16);
425 if(res == SECFailure)
426 goto loser;
427
428 PORT_FreeArena(temparena, PR_TRUE);
429 return mac;
430
431 loser:
432 if(temparena != NULL)
433 PORT_FreeArena(temparena, PR_TRUE);
434 if(mac != NULL)
435 SECITEM_ZfreeItem(mac, PR_TRUE);
436 return NULL;
437 }
438
439 /* MAC is generated per PKCS 12 section 6. It is expected that key, msg
440 * and mac_dest are pre allocated, non-NULL arrays. msg_len is passed in
441 * because it is not known how long the message actually is. String
442 * manipulation routines will not necessarily work because msg may have
443 * imbedded NULLs
444 */
445 SECItem *
446 sec_pkcs12_generate_mac(SECItem *key,
447 SECItem *msg,
448 PRBool old_method)
449 {
450 SECStatus res = SECFailure;
451 SECItem *mac = NULL;
452 PK11Context *pk11cx = NULL;
453 SECItem ignore = {0};
454
455 if((key == NULL) || (msg == NULL)) {
456 return NULL;
457 }
458
459 if(old_method == PR_TRUE) {
460 return sec_pkcs12_generate_old_mac(key, msg);
461 }
462
463 /* allocate return item */
464 mac = SECITEM_AllocItem(NULL, NULL, SHA1_LENGTH);
465 if (mac == NULL) {
466 return NULL;
467 }
468
469 pk11cx = PK11_CreateContextByRawKey(NULL, CKM_SHA_1_HMAC, PK11_OriginDerive,
470 CKA_SIGN, key, &ignore, NULL);
471 if (pk11cx == NULL) {
472 goto loser;
473 }
474
475 res = PK11_DigestBegin(pk11cx);
476 if (res == SECFailure) {
477 goto loser;
478 }
479
480 res = PK11_DigestOp(pk11cx, msg->data, msg->len);
481 if (res == SECFailure) {
482 goto loser;
483 }
484
485 res = PK11_DigestFinal(pk11cx, mac->data, &mac->len, SHA1_LENGTH);
486 if (res == SECFailure) {
487 goto loser;
488 }
489
490 PK11_DestroyContext(pk11cx, PR_TRUE);
491 pk11cx = NULL;
492
493 loser:
494
495 if(res != SECSuccess) {
496 SECITEM_ZfreeItem(mac, PR_TRUE);
497 mac = NULL;
498 if (pk11cx) {
499 PK11_DestroyContext(pk11cx, PR_TRUE);
500 }
501 }
502
503 return mac;
504 }
505
506 /* compute the thumbprint of the DER cert and create a digest info
507 * to store it in and return the digest info.
508 * a return of NULL indicates an error.
509 */
510 SGNDigestInfo *
511 sec_pkcs12_compute_thumbprint(SECItem *der_cert)
512 {
513 SGNDigestInfo *thumb = NULL;
514 SECItem digest;
515 PRArenaPool *temparena = NULL;
516 SECStatus rv = SECFailure;
517
518 if(der_cert == NULL)
519 return NULL;
520
521 temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
522 if(temparena == NULL) {
523 return NULL;
524 }
525
526 digest.data = (unsigned char *)PORT_ArenaZAlloc(temparena,
527 sizeof(unsigned char) *
528 SHA1_LENGTH);
529 /* digest data and create digest info */
530 if(digest.data != NULL) {
531 digest.len = SHA1_LENGTH;
532 rv = PK11_HashBuf(SEC_OID_SHA1, digest.data, der_cert->data,
533 der_cert->len);
534 if(rv == SECSuccess) {
535 thumb = SGN_CreateDigestInfo(SEC_OID_SHA1,
536 digest.data,
537 digest.len);
538 } else {
539 PORT_SetError(SEC_ERROR_NO_MEMORY);
540 }
541 } else {
542 PORT_SetError(SEC_ERROR_NO_MEMORY);
543 }
544
545 PORT_FreeArena(temparena, PR_TRUE);
546
547 return thumb;
548 }
549
550 /* create a virtual password per PKCS 12, the password is converted
551 * to unicode, the salt is prepended to it, and then the whole thing
552 * is returned */
553 SECItem *
554 sec_pkcs12_create_virtual_password(SECItem *password, SECItem *salt,
555 PRBool swap)
556 {
557 SECItem uniPwd = {siBuffer, NULL,0}, *retPwd = NULL;
558
559 if((password == NULL) || (salt == NULL)) {
560 return NULL;
561 }
562
563 if(password->len == 0) {
564 uniPwd.data = (unsigned char*)PORT_ZAlloc(2);
565 uniPwd.len = 2;
566 if(!uniPwd.data) {
567 return NULL;
568 }
569 } else {
570 uniPwd.data = (unsigned char*)PORT_ZAlloc(password->len * 3);
571 uniPwd.len = password->len * 3;
572 if(!PORT_UCS2_ASCIIConversion(PR_TRUE, password->data, password->len,
573 uniPwd.data, uniPwd.len, &uniPwd.len, swap)) {
574 SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
575 return NULL;
576 }
577 }
578
579 retPwd = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
580 if(retPwd == NULL) {
581 goto loser;
582 }
583
584 /* allocate space and copy proper data */
585 retPwd->len = uniPwd.len + salt->len;
586 retPwd->data = (unsigned char *)PORT_Alloc(retPwd->len);
587 if(retPwd->data == NULL) {
588 PORT_Free(retPwd);
589 goto loser;
590 }
591
592 PORT_Memcpy(retPwd->data, salt->data, salt->len);
593 PORT_Memcpy((retPwd->data + salt->len), uniPwd.data, uniPwd.len);
594
595 SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
596
597 return retPwd;
598
599 loser:
600 PORT_SetError(SEC_ERROR_NO_MEMORY);
601 SECITEM_ZfreeItem(&uniPwd, PR_FALSE);
602 return NULL;
603 }
604
605 /* appends a shrouded key to a key bag. this is used for exporting
606 * to store externally wrapped keys. it is used when importing to convert
607 * old items to new
608 */
609 SECStatus
610 sec_pkcs12_append_shrouded_key(SEC_PKCS12BaggageItem *bag,
611 SEC_PKCS12ESPVKItem *espvk)
612 {
613 int size;
614 void *mark = NULL, *dummy = NULL;
615
616 if((bag == NULL) || (espvk == NULL))
617 return SECFailure;
618
619 mark = PORT_ArenaMark(bag->poolp);
620
621 /* grow the list */
622 size = (bag->nEspvks + 1) * sizeof(SEC_PKCS12ESPVKItem *);
623 dummy = (SEC_PKCS12ESPVKItem **)PORT_ArenaGrow(bag->poolp,
624 bag->espvks, size,
625 size + sizeof(SEC_PKCS12ESPVKItem *));
626 bag->espvks = (SEC_PKCS12ESPVKItem**)dummy;
627 if(dummy == NULL) {
628 PORT_SetError(SEC_ERROR_NO_MEMORY);
629 goto loser;
630 }
631
632 bag->espvks[bag->nEspvks] = espvk;
633 bag->nEspvks++;
634 bag->espvks[bag->nEspvks] = NULL;
635
636 PORT_ArenaUnmark(bag->poolp, mark);
637 return SECSuccess;
638
639 loser:
640 PORT_ArenaRelease(bag->poolp, mark);
641 return SECFailure;
642 }
643
644 /* search a certificate list for a nickname, a thumbprint, or both
645 * within a certificate bag. if the certificate could not be
646 * found or an error occurs, NULL is returned;
647 */
648 static SEC_PKCS12CertAndCRL *
649 sec_pkcs12_find_cert_in_certbag(SEC_PKCS12CertAndCRLBag *certbag,
650 SECItem *nickname, SGNDigestInfo *thumbprint)
651 {
652 PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
653 int i, j;
654
655 if((certbag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
656 return NULL;
657 }
658
659 if(thumbprint && nickname) {
660 search_both = PR_TRUE;
661 }
662
663 if(nickname) {
664 search_nickname = PR_TRUE;
665 }
666
667 search_again:
668 i = 0;
669 while(certbag->certAndCRLs[i] != NULL) {
670 SEC_PKCS12CertAndCRL *cert = certbag->certAndCRLs[i];
671
672 if(SECOID_FindOIDTag(&cert->BagID) == SEC_OID_PKCS12_X509_CERT_CRL_BAG) {
673
674 /* check nicknames */
675 if(search_nickname) {
676 if(SECITEM_CompareItem(nickname, &cert->nickname) == SECEqual) {
677 return cert;
678 }
679 } else {
680 /* check thumbprints */
681 SECItem **derCertList;
682
683 /* get pointer to certificate list, does not need to
684 * be freed since it is within the arena which will
685 * be freed later.
686 */
687 derCertList = SEC_PKCS7GetCertificateList(&cert->value.x509->certOrCRL);
688 j = 0;
689 if(derCertList != NULL) {
690 while(derCertList[j] != NULL) {
691 SECComparison eq;
692 SGNDigestInfo *di;
693 di = sec_pkcs12_compute_thumbprint(derCertList[j]);
694 if(di) {
695 eq = SGN_CompareDigestInfo(thumbprint, di);
696 SGN_DestroyDigestInfo(di);
697 if(eq == SECEqual) {
698 /* copy the derCert for later reference */
699 cert->value.x509->derLeafCert = derCertList[j];
700 return cert;
701 }
702 } else {
703 /* an error occurred */
704 return NULL;
705 }
706 j++;
707 }
708 }
709 }
710 }
711
712 i++;
713 }
714
715 if(search_both) {
716 search_both = PR_FALSE;
717 search_nickname = PR_FALSE;
718 goto search_again;
719 }
720
721 return NULL;
722 }
723
724 /* search a key list for a nickname, a thumbprint, or both
725 * within a key bag. if the key could not be
726 * found or an error occurs, NULL is returned;
727 */
728 static SEC_PKCS12PrivateKey *
729 sec_pkcs12_find_key_in_keybag(SEC_PKCS12PrivateKeyBag *keybag,
730 SECItem *nickname, SGNDigestInfo *thumbprint)
731 {
732 PRBool search_both = PR_FALSE, search_nickname = PR_FALSE;
733 int i, j;
734
735 if((keybag == NULL) || ((nickname == NULL) && (thumbprint == NULL))) {
736 return NULL;
737 }
738
739 if(keybag->privateKeys == NULL) {
740 return NULL;
741 }
742
743 if(thumbprint && nickname) {
744 search_both = PR_TRUE;
745 }
746
747 if(nickname) {
748 search_nickname = PR_TRUE;
749 }
750
751 search_again:
752 i = 0;
753 while(keybag->privateKeys[i] != NULL) {
754 SEC_PKCS12PrivateKey *key = keybag->privateKeys[i];
755
756 /* check nicknames */
757 if(search_nickname) {
758 if(SECITEM_CompareItem(nickname, &key->pvkData.nickname) == SECEqual) {
759 return key;
760 }
761 } else {
762 /* check digests */
763 SGNDigestInfo **assocCerts = key->pvkData.assocCerts;
764 if((assocCerts == NULL) || (assocCerts[0] == NULL)) {
765 return NULL;
766 }
767
768 j = 0;
769 while(assocCerts[j] != NULL) {
770 SECComparison eq;
771 eq = SGN_CompareDigestInfo(thumbprint, assocCerts[j]);
772 if(eq == SECEqual) {
773 return key;
774 }
775 j++;
776 }
777 }
778 i++;
779 }
780
781 if(search_both) {
782 search_both = PR_FALSE;
783 search_nickname = PR_FALSE;
784 goto search_again;
785 }
786
787 return NULL;
788 }
789
790 /* seach the safe first then try the baggage bag
791 * safe and bag contain certs and keys to search
792 * objType is the object type to look for
793 * bagType is the type of bag that was found by sec_pkcs12_find_object
794 * index is the entity in safe->safeContents or bag->unencSecrets which
795 * is being searched
796 * nickname and thumbprint are the search criteria
797 *
798 * a return of null indicates no match
799 */
800 static void *
801 sec_pkcs12_try_find(SEC_PKCS12SafeContents *safe,
802 SEC_PKCS12BaggageItem *bag,
803 SECOidTag objType, SECOidTag bagType, int index,
804 SECItem *nickname, SGNDigestInfo *thumbprint)
805 {
806 PRBool searchSafe;
807 int i = index;
808
809 if((safe == NULL) && (bag == NULL)) {
810 return NULL;
811 }
812
813 searchSafe = (safe == NULL ? PR_FALSE : PR_TRUE);
814 switch(objType) {
815 case SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID:
816 if(objType == bagType) {
817 SEC_PKCS12CertAndCRLBag *certBag;
818
819 if(searchSafe) {
820 certBag = safe->contents[i]->safeContent.certAndCRLBag;
821 } else {
822 certBag = bag->unencSecrets[i]->safeContent.certAndCRLBag;
823 }
824 return sec_pkcs12_find_cert_in_certbag(certBag, nickname,
825 thumbprint);
826 }
827 break;
828 case SEC_OID_PKCS12_KEY_BAG_ID:
829 if(objType == bagType) {
830 SEC_PKCS12PrivateKeyBag *keyBag;
831
832 if(searchSafe) {
833 keyBag = safe->contents[i]->safeContent.keyBag;
834 } else {
835 keyBag = bag->unencSecrets[i]->safeContent.keyBag;
836 }
837 return sec_pkcs12_find_key_in_keybag(keyBag, nickname,
838 thumbprint);
839 }
840 break;
841 default:
842 break;
843 }
844
845 return NULL;
846 }
847
848 /* searches both the baggage and the safe areas looking for
849 * object of specified type matching either the nickname or the
850 * thumbprint specified.
851 *
852 * safe and baggage store certs and keys
853 * objType is the OID for the bag type to be searched:
854 * SEC_OID_PKCS12_KEY_BAG_ID, or
855 * SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID
856 * nickname and thumbprint are the search criteria
857 *
858 * if no match found, NULL returned and error set
859 */
860 void *
861 sec_pkcs12_find_object(SEC_PKCS12SafeContents *safe,
862 SEC_PKCS12Baggage *baggage,
863 SECOidTag objType,
864 SECItem *nickname,
865 SGNDigestInfo *thumbprint)
866 {
867 int i, j;
868 void *retItem;
869
870 if(((safe == NULL) && (thumbprint == NULL)) ||
871 ((nickname == NULL) && (thumbprint == NULL))) {
872 return NULL;
873 }
874
875 i = 0;
876 if((safe != NULL) && (safe->contents != NULL)) {
877 while(safe->contents[i] != NULL) {
878 SECOidTag bagType = SECOID_FindOIDTag(&safe->contents[i]->safeBagType);
879 retItem = sec_pkcs12_try_find(safe, NULL, objType, bagType, i,
880 nickname, thumbprint);
881 if(retItem != NULL) {
882 return retItem;
883 }
884 i++;
885 }
886 }
887
888 if((baggage != NULL) && (baggage->bags != NULL)) {
889 i = 0;
890 while(baggage->bags[i] != NULL) {
891 SEC_PKCS12BaggageItem *xbag = baggage->bags[i];
892 j = 0;
893 if(xbag->unencSecrets != NULL) {
894 while(xbag->unencSecrets[j] != NULL) {
895 SECOidTag bagType;
896 bagType = SECOID_FindOIDTag(&xbag->unencSecrets[j]->safeBagType);
897 retItem = sec_pkcs12_try_find(NULL, xbag, objType, bagType,
898 j, nickname, thumbprint);
899 if(retItem != NULL) {
900 return retItem;
901 }
902 j++;
903 }
904 }
905 i++;
906 }
907 }
908
909 PORT_SetError(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME);
910 return NULL;
911 }
912
913 /* this function converts a password to unicode and encures that the
914 * required double 0 byte be placed at the end of the string
915 */
916 PRBool
917 sec_pkcs12_convert_item_to_unicode(PRArenaPool *arena, SECItem *dest,
918 SECItem *src, PRBool zeroTerm,
919 PRBool asciiConvert, PRBool toUnicode)
920 {
921 PRBool success = PR_FALSE;
922 if(!src || !dest) {
923 PORT_SetError(SEC_ERROR_INVALID_ARGS);
924 return PR_FALSE;
925 }
926
927 dest->len = src->len * 3 + 2;
928 if(arena) {
929 dest->data = (unsigned char*)PORT_ArenaZAlloc(arena, dest->len);
930 } else {
931 dest->data = (unsigned char*)PORT_ZAlloc(dest->len);
932 }
933
934 if(!dest->data) {
935 dest->len = 0;
936 return PR_FALSE;
937 }
938
939 if(!asciiConvert) {
940 success = PORT_UCS2_UTF8Conversion(toUnicode, src->data, src->len, dest->data,
941 dest->len, &dest->len);
942 } else {
943 #ifndef IS_LITTLE_ENDIAN
944 PRBool swapUnicode = PR_FALSE;
945 #else
946 PRBool swapUnicode = PR_TRUE;
947 #endif
948 success = PORT_UCS2_ASCIIConversion(toUnicode, src->data, src->len, dest->data,
949 dest->len, &dest->len, swapUnicode);
950 }
951
952 if(!success) {
953 if(!arena) {
954 PORT_Free(dest->data);
955 dest->data = NULL;
956 dest->len = 0;
957 }
958 return PR_FALSE;
959 }
960
961 if((dest->data[dest->len-1] || dest->data[dest->len-2]) && zeroTerm) {
962 if(dest->len + 2 > 3 * src->len) {
963 if(arena) {
964 dest->data = (unsigned char*)PORT_ArenaGrow(arena,
965 dest->data, dest->len,
966 dest->len + 2);
967 } else {
968 dest->data = (unsigned char*)PORT_Realloc(dest->data,
969 dest->len + 2);
970 }
971
972 if(!dest->data) {
973 return PR_FALSE;
974 }
975 }
976 dest->len += 2;
977 dest->data[dest->len-1] = dest->data[dest->len-2] = 0;
978 }
979
980 return PR_TRUE;
981 }
982
983 /* pkcs 12 templates */
984 static const SEC_ASN1TemplateChooserPtr sec_pkcs12_shroud_chooser =
985 sec_pkcs12_choose_shroud_type;
986
987 const SEC_ASN1Template SEC_PKCS12CodedSafeBagTemplate[] =
988 {
989 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
990 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
991 { SEC_ASN1_ANY, offsetof(SEC_PKCS12SafeBag, derSafeContent) },
992 { 0 }
993 };
994
995 const SEC_ASN1Template SEC_PKCS12CodedCertBagTemplate[] =
996 {
997 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
998 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
999 { SEC_ASN1_ANY, offsetof(SEC_PKCS12CertAndCRL, derValue) },
1000 { 0 }
1001 };
1002
1003 const SEC_ASN1Template SEC_PKCS12CodedCertAndCRLBagTemplate[] =
1004 {
1005 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
1006 SEC_PKCS12CodedCertBagTemplate },
1007 };
1008
1009 const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate_OLD[] =
1010 {
1011 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
1012 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
1013 { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
1014 SEC_PKCS12PVKSupportingDataTemplate_OLD },
1015 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
1016 SEC_ASN1_DYNAMIC | 0, offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
1017 &sec_pkcs12_shroud_chooser },
1018 { 0 }
1019 };
1020
1021 const SEC_ASN1Template SEC_PKCS12ESPVKItemTemplate[] =
1022 {
1023 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12ESPVKItem) },
1024 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12ESPVKItem, espvkOID) },
1025 { SEC_ASN1_INLINE, offsetof(SEC_PKCS12ESPVKItem, espvkData),
1026 SEC_PKCS12PVKSupportingDataTemplate },
1027 { SEC_ASN1_EXPLICIT | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
1028 SEC_ASN1_DYNAMIC | 0, offsetof(SEC_PKCS12ESPVKItem, espvkCipherText),
1029 &sec_pkcs12_shroud_chooser },
1030 { 0 }
1031 };
1032
1033 const SEC_ASN1Template SEC_PKCS12PVKAdditionalDataTemplate[] =
1034 {
1035 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKAdditionalData) },
1036 { SEC_ASN1_OBJECT_ID,
1037 offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalType) },
1038 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
1039 offsetof(SEC_PKCS12PVKAdditionalData, pvkAdditionalContent) },
1040 { 0 }
1041 };
1042
1043 const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate_OLD[] =
1044 {
1045 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
1046 { SEC_ASN1_SET_OF | SEC_ASN1_XTRN ,
1047 offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
1048 SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
1049 { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
1050 offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
1051 { SEC_ASN1_PRINTABLE_STRING,
1052 offsetof(SEC_PKCS12PVKSupportingData, nickname) },
1053 { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
1054 offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
1055 { 0 }
1056 };
1057
1058 const SEC_ASN1Template SEC_PKCS12PVKSupportingDataTemplate[] =
1059 {
1060 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PVKSupportingData) },
1061 { SEC_ASN1_SET_OF | SEC_ASN1_XTRN ,
1062 offsetof(SEC_PKCS12PVKSupportingData, assocCerts),
1063 SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
1064 { SEC_ASN1_OPTIONAL | SEC_ASN1_BOOLEAN,
1065 offsetof(SEC_PKCS12PVKSupportingData, regenerable) },
1066 { SEC_ASN1_BMP_STRING,
1067 offsetof(SEC_PKCS12PVKSupportingData, uniNickName) },
1068 { SEC_ASN1_ANY | SEC_ASN1_OPTIONAL,
1069 offsetof(SEC_PKCS12PVKSupportingData, pvkAdditionalDER) },
1070 { 0 }
1071 };
1072
1073 const SEC_ASN1Template SEC_PKCS12BaggageItemTemplate[] =
1074 {
1075 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12BaggageItem) },
1076 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, espvks),
1077 SEC_PKCS12ESPVKItemTemplate },
1078 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
1079 SEC_PKCS12SafeBagTemplate },
1080 /*{ SEC_ASN1_SET_OF, offsetof(SEC_PKCS12BaggageItem, unencSecrets),
1081 SEC_PKCS12CodedSafeBagTemplate }, */
1082 { 0 }
1083 };
1084
1085 const SEC_ASN1Template SEC_PKCS12BaggageTemplate[] =
1086 {
1087 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage, bags),
1088 SEC_PKCS12BaggageItemTemplate },
1089 };
1090
1091 const SEC_ASN1Template SEC_PKCS12BaggageTemplate_OLD[] =
1092 {
1093 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12Baggage_OLD, espvks),
1094 SEC_PKCS12ESPVKItemTemplate_OLD },
1095 };
1096
1097 static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser =
1098 sec_pkcs12_choose_bag_type;
1099
1100 static const SEC_ASN1TemplateChooserPtr sec_pkcs12_bag_chooser_old =
1101 sec_pkcs12_choose_bag_type_old;
1102
1103 const SEC_ASN1Template SEC_PKCS12SafeBagTemplate_OLD[] =
1104 {
1105 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
1106 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
1107 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
1108 SEC_ASN1_CONTEXT_SPECIFIC | 0,
1109 offsetof(SEC_PKCS12SafeBag, safeContent),
1110 &sec_pkcs12_bag_chooser_old },
1111 { 0 }
1112 };
1113
1114 const SEC_ASN1Template SEC_PKCS12SafeBagTemplate[] =
1115 {
1116 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SafeBag) },
1117 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12SafeBag, safeBagType) },
1118 { SEC_ASN1_DYNAMIC | SEC_ASN1_POINTER,
1119 offsetof(SEC_PKCS12SafeBag, safeContent),
1120 &sec_pkcs12_bag_chooser },
1121 { SEC_ASN1_OPTIONAL | SEC_ASN1_BMP_STRING,
1122 offsetof(SEC_PKCS12SafeBag, uniSafeBagName) },
1123 { 0 }
1124 };
1125
1126 const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate_OLD[] =
1127 {
1128 { SEC_ASN1_SET_OF,
1129 offsetof(SEC_PKCS12SafeContents, contents),
1130 SEC_PKCS12SafeBagTemplate_OLD }
1131 };
1132
1133 const SEC_ASN1Template SEC_PKCS12SafeContentsTemplate[] =
1134 {
1135 { SEC_ASN1_SET_OF,
1136 offsetof(SEC_PKCS12SafeContents, contents),
1137 SEC_PKCS12SafeBagTemplate } /* here */
1138 };
1139
1140 const SEC_ASN1Template SEC_PKCS12PrivateKeyTemplate[] =
1141 {
1142 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKey) },
1143 { SEC_ASN1_INLINE, offsetof(SEC_PKCS12PrivateKey, pvkData),
1144 SEC_PKCS12PVKSupportingDataTemplate },
1145 { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
1146 offsetof(SEC_PKCS12PrivateKey, pkcs8data),
1147 SEC_ASN1_SUB(SECKEY_PrivateKeyInfoTemplate) },
1148 { 0 }
1149 };
1150
1151 const SEC_ASN1Template SEC_PKCS12PrivateKeyBagTemplate[] =
1152 {
1153 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PrivateKeyBag) },
1154 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12PrivateKeyBag, privateKeys),
1155 SEC_PKCS12PrivateKeyTemplate },
1156 { 0 }
1157 };
1158
1159 const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate_OLD[] =
1160 {
1161 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
1162 { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
1163 sec_PKCS7ContentInfoTemplate },
1164 { SEC_ASN1_INLINE | SEC_ASN1_XTRN ,
1165 offsetof(SEC_PKCS12X509CertCRL, thumbprint),
1166 SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
1167 { 0 }
1168 };
1169
1170 const SEC_ASN1Template SEC_PKCS12X509CertCRLTemplate[] =
1171 {
1172 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
1173 { SEC_ASN1_INLINE, offsetof(SEC_PKCS12X509CertCRL, certOrCRL),
1174 sec_PKCS7ContentInfoTemplate },
1175 { 0 }
1176 };
1177
1178 const SEC_ASN1Template SEC_PKCS12SDSICertTemplate[] =
1179 {
1180 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12X509CertCRL) },
1181 { SEC_ASN1_IA5_STRING, offsetof(SEC_PKCS12SDSICert, value) },
1182 { 0 }
1183 };
1184
1185 static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser_old =
1186 sec_pkcs12_choose_cert_crl_type_old;
1187
1188 static const SEC_ASN1TemplateChooserPtr sec_pkcs12_cert_crl_chooser =
1189 sec_pkcs12_choose_cert_crl_type;
1190
1191 const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate_OLD[] =
1192 {
1193 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
1194 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
1195 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT |
1196 SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | 0,
1197 offsetof(SEC_PKCS12CertAndCRL, value),
1198 &sec_pkcs12_cert_crl_chooser_old },
1199 { 0 }
1200 };
1201
1202 const SEC_ASN1Template SEC_PKCS12CertAndCRLTemplate[] =
1203 {
1204 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRL) },
1205 { SEC_ASN1_OBJECT_ID, offsetof(SEC_PKCS12CertAndCRL, BagID) },
1206 { SEC_ASN1_DYNAMIC | SEC_ASN1_CONSTRUCTED | SEC_ASN1_EXPLICIT |
1207 SEC_ASN1_CONTEXT_SPECIFIC | 0,
1208 offsetof(SEC_PKCS12CertAndCRL, value),
1209 &sec_pkcs12_cert_crl_chooser },
1210 { 0 }
1211 };
1212
1213 const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate[] =
1214 {
1215 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
1216 SEC_PKCS12CertAndCRLTemplate },
1217 };
1218
1219 const SEC_ASN1Template SEC_PKCS12CertAndCRLBagTemplate_OLD[] =
1220 {
1221 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12CertAndCRLBag) },
1222 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12CertAndCRLBag, certAndCRLs),
1223 SEC_PKCS12CertAndCRLTemplate_OLD },
1224 { 0 }
1225 };
1226
1227 const SEC_ASN1Template SEC_PKCS12SecretAdditionalTemplate[] =
1228 {
1229 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12SecretAdditional) },
1230 { SEC_ASN1_OBJECT_ID,
1231 offsetof(SEC_PKCS12SecretAdditional, secretAdditionalType) },
1232 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT,
1233 offsetof(SEC_PKCS12SecretAdditional, secretAdditionalContent) },
1234 { 0 }
1235 };
1236
1237 const SEC_ASN1Template SEC_PKCS12SecretTemplate[] =
1238 {
1239 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
1240 { SEC_ASN1_BMP_STRING, offsetof(SEC_PKCS12Secret, uniSecretName) },
1241 { SEC_ASN1_ANY, offsetof(SEC_PKCS12Secret, value) },
1242 { SEC_ASN1_INLINE | SEC_ASN1_OPTIONAL,
1243 offsetof(SEC_PKCS12Secret, secretAdditional),
1244 SEC_PKCS12SecretAdditionalTemplate },
1245 { 0 }
1246 };
1247
1248 const SEC_ASN1Template SEC_PKCS12SecretItemTemplate[] =
1249 {
1250 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12Secret) },
1251 { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 0,
1252 offsetof(SEC_PKCS12SecretItem, secret), SEC_PKCS12SecretTemplate },
1253 { SEC_ASN1_INLINE | SEC_ASN1_CONTEXT_SPECIFIC | 1,
1254 offsetof(SEC_PKCS12SecretItem, subFolder), SEC_PKCS12SafeBagTemplate },
1255 { 0 }
1256 };
1257
1258 const SEC_ASN1Template SEC_PKCS12SecretBagTemplate[] =
1259 {
1260 { SEC_ASN1_SET_OF, offsetof(SEC_PKCS12SecretBag, secrets),
1261 SEC_PKCS12SecretItemTemplate },
1262 };
1263
1264 const SEC_ASN1Template SEC_PKCS12MacDataTemplate[] =
1265 {
1266 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
1267 { SEC_ASN1_INLINE | SEC_ASN1_XTRN , offsetof(SEC_PKCS12MacData, safeMac),
1268 SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
1269 { SEC_ASN1_BIT_STRING, offsetof(SEC_PKCS12MacData, macSalt) },
1270 { 0 }
1271 };
1272
1273 const SEC_ASN1Template SEC_PKCS12PFXItemTemplate[] =
1274 {
1275 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
1276 { SEC_ASN1_OPTIONAL |
1277 SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 0,
1278 offsetof(SEC_PKCS12PFXItem, macData), SEC_PKCS12MacDataTemplate },
1279 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
1280 offsetof(SEC_PKCS12PFXItem, authSafe),
1281 sec_PKCS7ContentInfoTemplate },
1282 { 0 }
1283 };
1284
1285 const SEC_ASN1Template SEC_PKCS12PFXItemTemplate_OLD[] =
1286 {
1287 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12PFXItem) },
1288 { SEC_ASN1_OPTIONAL |
1289 SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
1290 offsetof(SEC_PKCS12PFXItem, old_safeMac),
1291 SEC_ASN1_SUB(sgn_DigestInfoTemplate) },
1292 { SEC_ASN1_OPTIONAL | SEC_ASN1_BIT_STRING,
1293 offsetof(SEC_PKCS12PFXItem, old_macSalt) },
1294 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
1295 offsetof(SEC_PKCS12PFXItem, authSafe),
1296 sec_PKCS7ContentInfoTemplate },
1297 { 0 }
1298 };
1299
1300 const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate[] =
1301 {
1302 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
1303 { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
1304 offsetof(SEC_PKCS12AuthenticatedSafe, version) },
1305 { SEC_ASN1_OPTIONAL | SEC_ASN1_OBJECT_ID,
1306 offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
1307 { SEC_ASN1_BIT_STRING | SEC_ASN1_OPTIONAL,
1308 offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
1309 { SEC_ASN1_OPTIONAL | SEC_ASN1_SET_OF,
1310 offsetof(SEC_PKCS12AuthenticatedSafe, baggage.bags),
1311 SEC_PKCS12BaggageItemTemplate },
1312 { SEC_ASN1_POINTER,
1313 offsetof(SEC_PKCS12AuthenticatedSafe, safe),
1314 sec_PKCS7ContentInfoTemplate },
1315 { 0 }
1316 };
1317
1318 const SEC_ASN1Template SEC_PKCS12AuthenticatedSafeTemplate_OLD[] =
1319 {
1320 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SEC_PKCS12AuthenticatedSafe) },
1321 { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
1322 offsetof(SEC_PKCS12AuthenticatedSafe, version) },
1323 { SEC_ASN1_OPTIONAL | SEC_ASN1_INTEGER,
1324 offsetof(SEC_PKCS12AuthenticatedSafe, transportMode) },
1325 { SEC_ASN1_BIT_STRING,
1326 offsetof(SEC_PKCS12AuthenticatedSafe, privacySalt) },
1327 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED |
1328 SEC_ASN1_CONTEXT_SPECIFIC | 0,
1329 offsetof(SEC_PKCS12AuthenticatedSafe, old_baggage),
1330 SEC_PKCS12BaggageTemplate_OLD },
1331 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 1,
1332 offsetof(SEC_PKCS12AuthenticatedSafe, old_safe),
1333 sec_PKCS7ContentInfoTemplate },
1334 { 0 }
1335 };
1336
1337 const SEC_ASN1Template SEC_PointerToPKCS12KeyBagTemplate[] =
1338 {
1339 { SEC_ASN1_POINTER, 0, SEC_PKCS12PrivateKeyBagTemplate }
1340 };
1341
1342 const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate_OLD[] =
1343 {
1344 { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate_OLD }
1345 };
1346
1347 const SEC_ASN1Template SEC_PointerToPKCS12CertAndCRLBagTemplate[] =
1348 {
1349 { SEC_ASN1_POINTER, 0, SEC_PKCS12CertAndCRLBagTemplate }
1350 };
1351
1352 const SEC_ASN1Template SEC_PointerToPKCS12SecretBagTemplate[] =
1353 {
1354 { SEC_ASN1_POINTER, 0, SEC_PKCS12SecretBagTemplate }
1355 };
1356
1357 const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate_OLD[] =
1358 {
1359 { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate_OLD }
1360 };
1361
1362 const SEC_ASN1Template SEC_PointerToPKCS12X509CertCRLTemplate[] =
1363 {
1364 { SEC_ASN1_POINTER, 0, SEC_PKCS12X509CertCRLTemplate }
1365 };
1366
1367 const SEC_ASN1Template SEC_PointerToPKCS12SDSICertTemplate[] =
1368 {
1369 { SEC_ASN1_POINTER, 0, SEC_PKCS12SDSICertTemplate }
1370 };
1371
1372
Mozilla NSS module