mozilla/security/nss/lib/pki/nsspki.h - Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be

Side by Side Diff: mozilla/security/nss/lib/pki/nsspki.h

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/

Patch Set: Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public

2 * License, v. 2.0. If a copy of the MPL was not distributed with this

3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

4

5 #ifndef NSSPKI_H

6 #define NSSPKI_H

7

8 #ifdef DEBUG

9 static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile: nsspki.h,v $ $Revision: 1.14 $ $Date: 2012/04/25 14:50:07 $";

10 #endif /* DEBUG */

11

12 /*

13 * nsspki.h

14 *

15 * This file prototypes the methods of the top-level PKI objects.

16 */

17

18 #ifndef NSSDEVT_H

19 #include "nssdevt.h"

20 #endif /* NSSDEVT_H */

21

22 #ifndef NSSPKIT_H

23 #include "nsspkit.h"

24 #endif /* NSSPKIT_H */

25

26 #ifndef BASE_H

27 #include "base.h"

28 #endif /* BASE_H */

29

30 PR_BEGIN_EXTERN_C

31

32 /*

33 * A note about interfaces

34 *

35 * Although these APIs are specified in C, a language which does

36 * not have fancy support for abstract interfaces, this library

37 * was designed from an object-oriented perspective. It may be

38 * useful to consider the standard interfaces which went into

39 * the writing of these APIs.

40 *

41 * Basic operations on all objects:

42 * Destroy -- free a pointer to an object

43 * DeleteStoredObject -- delete an object permanently

44 *

45 * Public Key cryptographic operations:

46 * Encrypt

47 * Verify

48 * VerifyRecover

49 * Wrap

50 * Derive

51 *

52 * Private Key cryptographic operations:

53 * IsStillPresent

54 * Decrypt

55 * Sign

56 * SignRecover

57 * Unwrap

58 * Derive

59 *

60 * Symmetric Key cryptographic operations:

61 * IsStillPresent

62 * Encrypt

63 * Decrypt

64 * Sign

65 * SignRecover

66 * Verify

67 * VerifyRecover

68 * Wrap

69 * Unwrap

70 * Derive

71 *

72 */

73

74 /*

75 * NSSCertificate

76 *

77 * These things can do crypto ops like public keys, except that the trust,

78 * usage, and other constraints are checked. These objects are "high-level,"

79 * so trust, usages, etc. are in the form we throw around (client auth,

80 * email signing, etc.). Remember that theoretically another implementation

81 * (think PGP) could be beneath this object.

82 */

83

84 /*

85 * NSSCertificate_Destroy

86 *

87 * Free a pointer to a certificate object.

88 */

89

90 NSS_EXTERN PRStatus

91 NSSCertificate_Destroy

92 (

93 NSSCertificate *c

94 );

95

96 /*

97 * NSSCertificate_DeleteStoredObject

98 *

99 * Permanently remove this certificate from storage. If this is the

100 * only (remaining) certificate corresponding to a private key,

101 * public key, and/or other object; then that object (those objects)

102 * are deleted too.

103 */

104

105 NSS_EXTERN PRStatus

106 NSSCertificate_DeleteStoredObject

107 (

108 NSSCertificate *c,

109 NSSCallback *uhh

110 );

111

112 /*

113 * NSSCertificate_Validate

114 *

115 * Verify that this certificate is trusted, for the specified usage(s),

116 * at the specified time, {word word} the specified policies.

117 */

118

119 NSS_EXTERN PRStatus

120 NSSCertificate_Validate

121 (

122 NSSCertificate *c,

123 NSSTime timeOpt, / NULL for "now" */

124 NSSUsage *usage,

125 NSSPolicies policiesOpt / NULL for none */

126 );

127

128 /*

129 * NSSCertificate_ValidateCompletely

130 *

131 * Verify that this certificate is trusted. The difference between

132 * this and the previous call is that NSSCertificate_Validate merely

133 * returns success or failure with an appropriate error stack.

134 * However, there may be (and often are) multiple problems with a

135 * certificate. This routine returns an array of errors, specifying

136 * every problem.

137 */

138

139 /*

140 * Return value must be an array of objects, each of which has

141 * an NSSError, and any corresponding certificate (in the chain)

142 * and/or policy.

143 */

144

145 NSS_EXTERN void ** /* void [] /

146 NSSCertificate_ValidateCompletely

147 (

148 NSSCertificate *c,

149 NSSTime timeOpt, / NULL for "now" */

150 NSSUsage *usage,

151 NSSPolicies policiesOpt, / NULL for none */

152 void *rvOpt, / NULL for allocate */

153 PRUint32 rvLimit, /* zero for no limit */

154 NSSArena arenaOpt / NULL for heap */

155 );

156

157 /*

158 * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies

159 *

160 * Returns PR_SUCCESS if the certificate is valid for at least something.

161 */

162

163 NSS_EXTERN PRStatus

164 NSSCertificate_ValidateAndDiscoverUsagesAndPolicies

165 (

166 NSSCertificate *c,

167 NSSTime **notBeforeOutOpt,

168 NSSTime **notAfterOutOpt,

169 void *allowedUsages,

170 void *disallowedUsages,

171 void *allowedPolicies,

172 void *disallowedPolicies,

173 /* more args.. work on this fgmr */

174 NSSArena *arenaOpt

175 );

176

177 /*

178 * NSSCertificate_Encode

179 *

180 */

181

182 NSS_EXTERN NSSDER *

183 NSSCertificate_Encode

184 (

185 NSSCertificate *c,

186 NSSDER *rvOpt,

187 NSSArena *arenaOpt

188 );

189

190 /*

191 * NSSCertificate_BuildChain

192 *

193 * This routine returns NSSCertificate *'s for each certificate

194 * in the "chain" starting from the specified one up to and

195 * including the root. The zeroth element in the array is the

196 * specified ("leaf") certificate.

197 *

198 * If statusOpt is supplied, and is returned as PR_FAILURE, possible

199 * error values are:

200 *

201 * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete

202 *

203 */

204

205 extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;

206

207 NSS_EXTERN NSSCertificate **

208 NSSCertificate_BuildChain

209 (

210 NSSCertificate *c,

211 NSSTime *timeOpt,

212 NSSUsage *usage,

213 NSSPolicies *policiesOpt,

214 NSSCertificate **rvOpt,

215 PRUint32 rvLimit, /* zero for no limit */

216 NSSArena *arenaOpt,

217 PRStatus *statusOpt,

218 NSSTrustDomain *td,

219 NSSCryptoContext *cc

220 );

221

222 /*

223 * NSSCertificate_GetTrustDomain

224 *

225 */

226

227 NSS_EXTERN NSSTrustDomain *

228 NSSCertificate_GetTrustDomain

229 (

230 NSSCertificate *c

231 );

232

233 /*

234 * NSSCertificate_GetToken

235 *

236 * There doesn't have to be one.

237 */

238

239 NSS_EXTERN NSSToken *

240 NSSCertificate_GetToken

241 (

242 NSSCertificate *c,

243 PRStatus *statusOpt

244 );

245

246 /*

247 * NSSCertificate_GetSlot

248 *

249 * There doesn't have to be one.

250 */

251

252 NSS_EXTERN NSSSlot *

253 NSSCertificate_GetSlot

254 (

255 NSSCertificate *c,

256 PRStatus *statusOpt

257 );

258

259 /*

260 * NSSCertificate_GetModule

261 *

262 * There doesn't have to be one.

263 */

264

265 NSS_EXTERN NSSModule *

266 NSSCertificate_GetModule

267 (

268 NSSCertificate *c,

269 PRStatus *statusOpt

270 );

271

272 /*

273 * NSSCertificate_Encrypt

274 *

275 * Encrypt a single chunk of data with the public key corresponding to

276 * this certificate.

277 */

278

279 NSS_EXTERN NSSItem *

280 NSSCertificate_Encrypt

281 (

282 NSSCertificate *c,

283 NSSAlgorithmAndParameters *apOpt,

284 NSSItem *data,

285 NSSTime *timeOpt,

286 NSSUsage *usage,

287 NSSPolicies *policiesOpt,

288 NSSCallback *uhh,

289 NSSItem *rvOpt,

290 NSSArena *arenaOpt

291 );

292

293 /*

294 * NSSCertificate_Verify

295 *

296 */

297

298 NSS_EXTERN PRStatus

299 NSSCertificate_Verify

300 (

301 NSSCertificate *c,

302 NSSAlgorithmAndParameters *apOpt,

303 NSSItem *data,

304 NSSItem *signature,

305 NSSTime *timeOpt,

306 NSSUsage *usage,

307 NSSPolicies *policiesOpt,

308 NSSCallback *uhh

309 );

310

311 /*

312 * NSSCertificate_VerifyRecover

313 *

314 */

315

316 NSS_EXTERN NSSItem *

317 NSSCertificate_VerifyRecover

318 (

319 NSSCertificate *c,

320 NSSAlgorithmAndParameters *apOpt,

321 NSSItem *signature,

322 NSSTime *timeOpt,

323 NSSUsage *usage,

324 NSSPolicies *policiesOpt,

325 NSSCallback *uhh,

326 NSSItem *rvOpt,

327 NSSArena *arenaOpt

328 );

329

330 /*

331 * NSSCertificate_WrapSymmetricKey

332 *

333 * This method tries very hard to to succeed, even in situations

334 * involving sensitive keys and multiple modules.

335 * { relyea: want to add verbiage? }

336 */

337

338 NSS_EXTERN NSSItem *

339 NSSCertificate_WrapSymmetricKey

340 (

341 NSSCertificate *c,

342 NSSAlgorithmAndParameters *apOpt,

343 NSSSymmetricKey *keyToWrap,

344 NSSTime *timeOpt,

345 NSSUsage *usage,

346 NSSPolicies *policiesOpt,

347 NSSCallback *uhh,

348 NSSItem *rvOpt,

349 NSSArena *arenaOpt

350 );

351

352 /*

353 * NSSCertificate_CreateCryptoContext

354 *

355 * Create a crypto context, in this certificate's trust domain, with this

356 * as the distinguished certificate.

357 */

358

359 NSS_EXTERN NSSCryptoContext *

360 NSSCertificate_CreateCryptoContext

361 (

362 NSSCertificate *c,

363 NSSAlgorithmAndParameters *apOpt,

364 NSSTime *timeOpt,

365 NSSUsage *usage,

366 NSSPolicies *policiesOpt,

367 NSSCallback *uhh

368 );

369

370 /*

371 * NSSCertificate_GetPublicKey

372 *

373 * Returns the public key corresponding to this certificate.

374 */

375

376 NSS_EXTERN NSSPublicKey *

377 NSSCertificate_GetPublicKey

378 (

379 NSSCertificate *c

380 );

381

382 /*

383 * NSSCertificate_FindPrivateKey

384 *

385 * Finds and returns the private key corresponding to this certificate,

386 * if it is available.

387 *

388 * { Should this hang off of NSSUserCertificate? }

389 */

390

391 NSS_EXTERN NSSPrivateKey *

392 NSSCertificate_FindPrivateKey

393 (

394 NSSCertificate *c,

395 NSSCallback *uhh

396 );

397

398 /*

399 * NSSCertificate_IsPrivateKeyAvailable

400 *

401 * Returns success if the private key corresponding to this certificate

402 * is available to be used.

403 *

404 * { Should this hang off of NSSUserCertificate?? }

405 */

406

407 NSS_EXTERN PRBool

408 NSSCertificate_IsPrivateKeyAvailable

409 (

410 NSSCertificate *c,

411 NSSCallback *uhh,

412 PRStatus *statusOpt

413 );

414

415 /*

416 * If we make NSSUserCertificate not a typedef of NSSCertificate,

417 * then we'll need implementations of the following:

418 *

419 * NSSUserCertificate_Destroy

420 * NSSUserCertificate_DeleteStoredObject

421 * NSSUserCertificate_Validate

422 * NSSUserCertificate_ValidateCompletely

423 * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies

424 * NSSUserCertificate_Encode

425 * NSSUserCertificate_BuildChain

426 * NSSUserCertificate_GetTrustDomain

427 * NSSUserCertificate_GetToken

428 * NSSUserCertificate_GetSlot

429 * NSSUserCertificate_GetModule

430 * NSSUserCertificate_GetCryptoContext

431 * NSSUserCertificate_GetPublicKey

432 */

433

434 /*

435 * NSSUserCertificate_IsStillPresent

436 *

437 * Verify that if this certificate lives on a token, that the token

438 * is still present and the certificate still exists. This is a

439 * lightweight call which should be used whenever it should be

440 * verified that the user hasn't perhaps popped out his or her

441 * token and strolled away.

442 */

443

444 NSS_EXTERN PRBool

445 NSSUserCertificate_IsStillPresent

446 (

447 NSSUserCertificate *uc,

448 PRStatus *statusOpt

449 );

450

451 /*

452 * NSSUserCertificate_Decrypt

453 *

454 * Decrypt a single chunk of data with the private key corresponding

455 * to this certificate.

456 */

457

458 NSS_EXTERN NSSItem *

459 NSSUserCertificate_Decrypt

460 (

461 NSSUserCertificate *uc,

462 NSSAlgorithmAndParameters *apOpt,

463 NSSItem *data,

464 NSSTime *timeOpt,

465 NSSUsage *usage,

466 NSSPolicies *policiesOpt,

467 NSSCallback *uhh,

468 NSSItem *rvOpt,

469 NSSArena *arenaOpt

470 );

471

472 /*

473 * NSSUserCertificate_Sign

474 *

475 */

476

477 NSS_EXTERN NSSItem *

478 NSSUserCertificate_Sign

479 (

480 NSSUserCertificate *uc,

481 NSSAlgorithmAndParameters *apOpt,

482 NSSItem *data,

483 NSSTime *timeOpt,

484 NSSUsage *usage,

485 NSSPolicies *policiesOpt,

486 NSSCallback *uhh,

487 NSSItem *rvOpt,

488 NSSArena *arenaOpt

489 );

490

491 /*

492 * NSSUserCertificate_SignRecover

493 *

494 */

495

496 NSS_EXTERN NSSItem *

497 NSSUserCertificate_SignRecover

498 (

499 NSSUserCertificate *uc,

500 NSSAlgorithmAndParameters *apOpt,

501 NSSItem *data,

502 NSSTime *timeOpt,

503 NSSUsage *usage,

504 NSSPolicies *policiesOpt,

505 NSSCallback *uhh,

506 NSSItem *rvOpt,

507 NSSArena *arenaOpt

508 );

509

510 /*

511 * NSSUserCertificate_UnwrapSymmetricKey

512 *

513 */

514

515 NSS_EXTERN NSSSymmetricKey *

516 NSSUserCertificate_UnwrapSymmetricKey

517 (

518 NSSUserCertificate *uc,

519 NSSAlgorithmAndParameters *apOpt,

520 NSSItem *wrappedKey,

521 NSSTime *timeOpt,

522 NSSUsage *usage,

523 NSSPolicies *policiesOpt,

524 NSSCallback *uhh,

525 NSSItem *rvOpt,

526 NSSArena *arenaOpt

527 );

528

529 /*

530 * NSSUserCertificate_DeriveSymmetricKey

531 *

532 */

533

534 NSS_EXTERN NSSSymmetricKey *

535 NSSUserCertificate_DeriveSymmetricKey

536 (

537 NSSUserCertificate uc, / provides private key */

538 NSSCertificate c, / provides public key */

539 NSSAlgorithmAndParameters *apOpt,

540 NSSOID *target,

541 PRUint32 keySizeOpt, /* zero for best allowed */

542 NSSOperations operations,

543 NSSCallback *uhh

544 );

545

546 /* filter-certs function(s) */

547

548 /**

549 ** fgmr -- trust objects

550 **/

551

552 /*

553 * NSSPrivateKey

554 *

555 */

556

557 /*

558 * NSSPrivateKey_Destroy

559 *

560 * Free a pointer to a private key object.

561 */

562

563 NSS_EXTERN PRStatus

564 NSSPrivateKey_Destroy

565 (

566 NSSPrivateKey *vk

567 );

568

569 /*

570 * NSSPrivateKey_DeleteStoredObject

571 *

572 * Permanently remove this object, and any related objects (such as the

573 * certificates corresponding to this key).

574 */

575

576 NSS_EXTERN PRStatus

577 NSSPrivateKey_DeleteStoredObject

578 (

579 NSSPrivateKey *vk,

580 NSSCallback *uhh

581 );

582

583 /*

584 * NSSPrivateKey_GetSignatureLength

585 *

586 */

587

588 NSS_EXTERN PRUint32

589 NSSPrivateKey_GetSignatureLength

590 (

591 NSSPrivateKey *vk

592 );

593

594 /*

595 * NSSPrivateKey_GetPrivateModulusLength

596 *

597 */

598

599 NSS_EXTERN PRUint32

600 NSSPrivateKey_GetPrivateModulusLength

601 (

602 NSSPrivateKey *vk

603 );

604

605 /*

606 * NSSPrivateKey_IsStillPresent

607 *

608 */

609

610 NSS_EXTERN PRBool

611 NSSPrivateKey_IsStillPresent

612 (

613 NSSPrivateKey *vk,

614 PRStatus *statusOpt

615 );

616

617 /*

618 * NSSPrivateKey_Encode

619 *

620 */

621

622 NSS_EXTERN NSSItem *

623 NSSPrivateKey_Encode

624 (

625 NSSPrivateKey *vk,

626 NSSAlgorithmAndParameters *ap,

627 NSSItem passwordOpt, / NULL will cause a callback; "" for no password */

628 NSSCallback *uhhOpt,

629 NSSItem *rvOpt,

630 NSSArena *arenaOpt

631 );

632

633 /*

634 * NSSPrivateKey_GetTrustDomain

635 *

636 * There doesn't have to be one.

637 */

638

639 NSS_EXTERN NSSTrustDomain *

640 NSSPrivateKey_GetTrustDomain

641 (

642 NSSPrivateKey *vk,

643 PRStatus *statusOpt

644 );

645

646 /*

647 * NSSPrivateKey_GetToken

648 *

649 */

650

651 NSS_EXTERN NSSToken *

652 NSSPrivateKey_GetToken

653 (

654 NSSPrivateKey *vk

655 );

656

657 /*

658 * NSSPrivateKey_GetSlot

659 *

660 */

661

662 NSS_EXTERN NSSSlot *

663 NSSPrivateKey_GetSlot

664 (

665 NSSPrivateKey *vk

666 );

667

668 /*

669 * NSSPrivateKey_GetModule

670 *

671 */

672

673 NSS_EXTERN NSSModule *

674 NSSPrivateKey_GetModule

675 (

676 NSSPrivateKey *vk

677 );

678

679 /*

680 * NSSPrivateKey_Decrypt

681 *

682 */

683

684 NSS_EXTERN NSSItem *

685 NSSPrivateKey_Decrypt

686 (

687 NSSPrivateKey *vk,

688 NSSAlgorithmAndParameters *apOpt,

689 NSSItem *encryptedData,

690 NSSCallback *uhh,

691 NSSItem *rvOpt,

692 NSSArena *arenaOpt

693 );

694

695 /*

696 * NSSPrivateKey_Sign

697 *

698 */

699

700 NSS_EXTERN NSSItem *

701 NSSPrivateKey_Sign

702 (

703 NSSPrivateKey *vk,

704 NSSAlgorithmAndParameters *apOpt,

705 NSSItem *data,

706 NSSCallback *uhh,

707 NSSItem *rvOpt,

708 NSSArena *arenaOpt

709 );

710

711 /*

712 * NSSPrivateKey_SignRecover

713 *

714 */

715

716 NSS_EXTERN NSSItem *

717 NSSPrivateKey_SignRecover

718 (

719 NSSPrivateKey *vk,

720 NSSAlgorithmAndParameters *apOpt,

721 NSSItem *data,

722 NSSCallback *uhh,

723 NSSItem *rvOpt,

724 NSSArena *arenaOpt

725 );

726

727 /*

728 * NSSPrivateKey_UnwrapSymmetricKey

729 *

730 */

731

732 NSS_EXTERN NSSSymmetricKey *

733 NSSPrivateKey_UnwrapSymmetricKey

734 (

735 NSSPrivateKey *vk,

736 NSSAlgorithmAndParameters *apOpt,

737 NSSItem *wrappedKey,

738 NSSCallback *uhh

739 );

740

741 /*

742 * NSSPrivateKey_DeriveSymmetricKey

743 *

744 */

745

746 NSS_EXTERN NSSSymmetricKey *

747 NSSPrivateKey_DeriveSymmetricKey

748 (

749 NSSPrivateKey *vk,

750 NSSPublicKey *bk,

751 NSSAlgorithmAndParameters *apOpt,

752 NSSOID *target,

753 PRUint32 keySizeOpt, /* zero for best allowed */

754 NSSOperations operations,

755 NSSCallback *uhh

756 );

757

758 /*

759 * NSSPrivateKey_FindPublicKey

760 *

761 */

762

763 NSS_EXTERN NSSPublicKey *

764 NSSPrivateKey_FindPublicKey

765 (

766 NSSPrivateKey *vk

767 /* { don't need the callback here, right? } */

768 );

769

770 /*

771 * NSSPrivateKey_CreateCryptoContext

772 *

773 * Create a crypto context, in this key's trust domain,

774 * with this as the distinguished private key.

775 */

776

777 NSS_EXTERN NSSCryptoContext *

778 NSSPrivateKey_CreateCryptoContext

779 (

780 NSSPrivateKey *vk,

781 NSSAlgorithmAndParameters *apOpt,

782 NSSCallback *uhh

783 );

784

785 /*

786 * NSSPrivateKey_FindCertificates

787 *

788 * Note that there may be more than one certificate for this

789 * private key. { FilterCertificates function to further

790 * reduce the list. }

791 */

792

793 NSS_EXTERN NSSCertificate **

794 NSSPrivateKey_FindCertificates

795 (

796 NSSPrivateKey *vk,

797 NSSCertificate *rvOpt[],

798 PRUint32 maximumOpt, /* 0 for no max */

799 NSSArena *arenaOpt

800 );

801

802 /*

803 * NSSPrivateKey_FindBestCertificate

804 *

805 * The parameters for this function will depend on what the users

806 * need. This is just a starting point.

807 */

808

809 NSS_EXTERN NSSCertificate *

810 NSSPrivateKey_FindBestCertificate

811 (

812 NSSPrivateKey *vk,

813 NSSTime *timeOpt,

814 NSSUsage *usageOpt,

815 NSSPolicies *policiesOpt

816 );

817

818 /*

819 * NSSPublicKey

820 *

821 * Once you generate, find, or derive one of these, you can use it

822 * to perform (simple) cryptographic operations. Though there may

823 * be certificates associated with these public keys, they are not

824 * verified.

825 */

826

827 /*

828 * NSSPublicKey_Destroy

829 *

830 * Free a pointer to a public key object.

831 */

832

833 NSS_EXTERN PRStatus

834 NSSPublicKey_Destroy

835 (

836 NSSPublicKey *bk

837 );

838

839 /*

840 * NSSPublicKey_DeleteStoredObject

841 *

842 * Permanently remove this object, and any related objects (such as the

843 * corresponding private keys and certificates).

844 */

845

846 NSS_EXTERN PRStatus

847 NSSPublicKey_DeleteStoredObject

848 (

849 NSSPublicKey *bk,

850 NSSCallback *uhh

851 );

852

853 /*

854 * NSSPublicKey_Encode

855 *

856 */

857

858 NSS_EXTERN NSSItem *

859 NSSPublicKey_Encode

860 (

861 NSSPublicKey *bk,

862 NSSAlgorithmAndParameters *ap,

863 NSSCallback *uhhOpt,

864 NSSItem *rvOpt,

865 NSSArena *arenaOpt

866 );

867

868 /*

869 * NSSPublicKey_GetTrustDomain

870 *

871 * There doesn't have to be one.

872 */

873

874 NSS_EXTERN NSSTrustDomain *

875 NSSPublicKey_GetTrustDomain

876 (

877 NSSPublicKey *bk,

878 PRStatus *statusOpt

879 );

880

881 /*

882 * NSSPublicKey_GetToken

883 *

884 * There doesn't have to be one.

885 */

886

887 NSS_EXTERN NSSToken *

888 NSSPublicKey_GetToken

889 (

890 NSSPublicKey *bk,

891 PRStatus *statusOpt

892 );

893

894 /*

895 * NSSPublicKey_GetSlot

896 *

897 * There doesn't have to be one.

898 */

899

900 NSS_EXTERN NSSSlot *

901 NSSPublicKey_GetSlot

902 (

903 NSSPublicKey *bk,

904 PRStatus *statusOpt

905 );

906

907 /*

908 * NSSPublicKey_GetModule

909 *

910 * There doesn't have to be one.

911 */

912

913 NSS_EXTERN NSSModule *

914 NSSPublicKey_GetModule

915 (

916 NSSPublicKey *bk,

917 PRStatus *statusOpt

918 );

919

920 /*

921 * NSSPublicKey_Encrypt

922 *

923 * Encrypt a single chunk of data with the public key corresponding to

924 * this certificate.

925 */

926

927 NSS_EXTERN NSSItem *

928 NSSPublicKey_Encrypt

929 (

930 NSSPublicKey *bk,

931 NSSAlgorithmAndParameters *apOpt,

932 NSSItem *data,

933 NSSCallback *uhh,

934 NSSItem *rvOpt,

935 NSSArena *arenaOpt

936 );

937

938 /*

939 * NSSPublicKey_Verify

940 *

941 */

942

943 NSS_EXTERN PRStatus

944 NSSPublicKey_Verify

945 (

946 NSSPublicKey *bk,

947 NSSAlgorithmAndParameters *apOpt,

948 NSSItem *data,

949 NSSItem *signature,

950 NSSCallback *uhh

951 );

952

953 /*

954 * NSSPublicKey_VerifyRecover

955 *

956 */

957

958 NSS_EXTERN NSSItem *

959 NSSPublicKey_VerifyRecover

960 (

961 NSSPublicKey *bk,

962 NSSAlgorithmAndParameters *apOpt,

963 NSSItem *signature,

964 NSSCallback *uhh,

965 NSSItem *rvOpt,

966 NSSArena *arenaOpt

967 );

968

969 /*

970 * NSSPublicKey_WrapSymmetricKey

971 *

972 */

973

974 NSS_EXTERN NSSItem *

975 NSSPublicKey_WrapSymmetricKey

976 (

977 NSSPublicKey *bk,

978 NSSAlgorithmAndParameters *apOpt,

979 NSSSymmetricKey *keyToWrap,

980 NSSCallback *uhh,

981 NSSItem *rvOpt,

982 NSSArena *arenaOpt

983 );

984

985 /*

986 * NSSPublicKey_CreateCryptoContext

987 *

988 * Create a crypto context, in this key's trust domain, with this

989 * as the distinguished public key.

990 */

991

992 NSS_EXTERN NSSCryptoContext *

993 NSSPublicKey_CreateCryptoContext

994 (

995 NSSPublicKey *bk,

996 NSSAlgorithmAndParameters *apOpt,

997 NSSCallback *uhh

998 );

999

1000 /*

1001 * NSSPublicKey_FindCertificates

1002 *

1003 * Note that there may be more than one certificate for this

1004 * public key. The current implementation may not find every

1005 * last certificate available for this public key: that would

1006 * involve trolling e.g. huge ldap databases, which will be

1007 * grossly inefficient and not generally useful.

1008 * { FilterCertificates function to further reduce the list }

1009 */

1010

1011 NSS_EXTERN NSSCertificate **

1012 NSSPublicKey_FindCertificates

1013 (

1014 NSSPublicKey *bk,

1015 NSSCertificate *rvOpt[],

1016 PRUint32 maximumOpt, /* 0 for no max */

1017 NSSArena *arenaOpt

1018 );

1019

1020 /*

1021 * NSSPrivateKey_FindBestCertificate

1022 *

1023 * The parameters for this function will depend on what the users

1024 * need. This is just a starting point.

1025 */

1026

1027 NSS_EXTERN NSSCertificate *

1028 NSSPublicKey_FindBestCertificate

1029 (

1030 NSSPublicKey *bk,

1031 NSSTime *timeOpt,

1032 NSSUsage *usageOpt,

1033 NSSPolicies *policiesOpt

1034 );

1035

1036 /*

1037 * NSSPublicKey_FindPrivateKey

1038 *

1039 */

1040

1041 NSS_EXTERN NSSPrivateKey *

1042 NSSPublicKey_FindPrivateKey

1043 (

1044 NSSPublicKey *bk,

1045 NSSCallback *uhh

1046 );

1047

1048 /*

1049 * NSSSymmetricKey

1050 *

1051 */

1052

1053 /*

1054 * NSSSymmetricKey_Destroy

1055 *

1056 * Free a pointer to a symmetric key object.

1057 */

1058

1059 NSS_EXTERN PRStatus

1060 NSSSymmetricKey_Destroy

1061 (

1062 NSSSymmetricKey *mk

1063 );

1064

1065 /*

1066 * NSSSymmetricKey_DeleteStoredObject

1067 *

1068 * Permanently remove this object.

1069 */

1070

1071 NSS_EXTERN PRStatus

1072 NSSSymmetricKey_DeleteStoredObject

1073 (

1074 NSSSymmetricKey *mk,

1075 NSSCallback *uhh

1076 );

1077

1078 /*

1079 * NSSSymmetricKey_GetKeyLength

1080 *

1081 */

1082

1083 NSS_EXTERN PRUint32

1084 NSSSymmetricKey_GetKeyLength

1085 (

1086 NSSSymmetricKey *mk

1087 );

1088

1089 /*

1090 * NSSSymmetricKey_GetKeyStrength

1091 *

1092 */

1093

1094 NSS_EXTERN PRUint32

1095 NSSSymmetricKey_GetKeyStrength

1096 (

1097 NSSSymmetricKey *mk

1098 );

1099

1100 /*

1101 * NSSSymmetricKey_IsStillPresent

1102 *

1103 */

1104

1105 NSS_EXTERN PRStatus

1106 NSSSymmetricKey_IsStillPresent

1107 (

1108 NSSSymmetricKey *mk

1109 );

1110

1111 /*

1112 * NSSSymmetricKey_GetTrustDomain

1113 *

1114 * There doesn't have to be one.

1115 */

1116

1117 NSS_EXTERN NSSTrustDomain *

1118 NSSSymmetricKey_GetTrustDomain

1119 (

1120 NSSSymmetricKey *mk,

1121 PRStatus *statusOpt

1122 );

1123

1124 /*

1125 * NSSSymmetricKey_GetToken

1126 *

1127 * There doesn't have to be one.

1128 */

1129

1130 NSS_EXTERN NSSToken *

1131 NSSSymmetricKey_GetToken

1132 (

1133 NSSSymmetricKey *mk,

1134 PRStatus *statusOpt

1135 );

1136

1137 /*

1138 * NSSSymmetricKey_GetSlot

1139 *

1140 * There doesn't have to be one.

1141 */

1142

1143 NSS_EXTERN NSSSlot *

1144 NSSSymmetricKey_GetSlot

1145 (

1146 NSSSymmetricKey *mk,

1147 PRStatus *statusOpt

1148 );

1149

1150 /*

1151 * NSSSymmetricKey_GetModule

1152 *

1153 * There doesn't have to be one.

1154 */

1155

1156 NSS_EXTERN NSSModule *

1157 NSSSymmetricKey_GetModule

1158 (

1159 NSSSymmetricKey *mk,

1160 PRStatus *statusOpt

1161 );

1162

1163 /*

1164 * NSSSymmetricKey_Encrypt

1165 *

1166 */

1167

1168 NSS_EXTERN NSSItem *

1169 NSSSymmetricKey_Encrypt

1170 (

1171 NSSSymmetricKey *mk,

1172 NSSAlgorithmAndParameters *apOpt,

1173 NSSItem *data,

1174 NSSCallback *uhh,

1175 NSSItem *rvOpt,

1176 NSSArena *arenaOpt

1177 );

1178

1179 /*

1180 * NSSSymmetricKey_Decrypt

1181 *

1182 */

1183

1184 NSS_EXTERN NSSItem *

1185 NSSSymmetricKey_Decrypt

1186 (

1187 NSSSymmetricKey *mk,

1188 NSSAlgorithmAndParameters *apOpt,

1189 NSSItem *encryptedData,

1190 NSSCallback *uhh,

1191 NSSItem *rvOpt,

1192 NSSArena *arenaOpt

1193 );

1194

1195 /*

1196 * NSSSymmetricKey_Sign

1197 *

1198 */

1199

1200 NSS_EXTERN NSSItem *

1201 NSSSymmetricKey_Sign

1202 (

1203 NSSSymmetricKey *mk,

1204 NSSAlgorithmAndParameters *apOpt,

1205 NSSItem *data,

1206 NSSCallback *uhh,

1207 NSSItem *rvOpt,

1208 NSSArena *arenaOpt

1209 );

1210

1211 /*

1212 * NSSSymmetricKey_SignRecover

1213 *

1214 */

1215

1216 NSS_EXTERN NSSItem *

1217 NSSSymmetricKey_SignRecover

1218 (

1219 NSSSymmetricKey *mk,

1220 NSSAlgorithmAndParameters *apOpt,

1221 NSSItem *data,

1222 NSSCallback *uhh,

1223 NSSItem *rvOpt,

1224 NSSArena *arenaOpt

1225 );

1226

1227 /*

1228 * NSSSymmetricKey_Verify

1229 *

1230 */

1231

1232 NSS_EXTERN PRStatus

1233 NSSSymmetricKey_Verify

1234 (

1235 NSSSymmetricKey *mk,

1236 NSSAlgorithmAndParameters *apOpt,

1237 NSSItem *data,

1238 NSSItem *signature,

1239 NSSCallback *uhh

1240 );

1241

1242 /*

1243 * NSSSymmetricKey_VerifyRecover

1244 *

1245 */

1246

1247 NSS_EXTERN NSSItem *

1248 NSSSymmetricKey_VerifyRecover

1249 (

1250 NSSSymmetricKey *mk,

1251 NSSAlgorithmAndParameters *apOpt,

1252 NSSItem *signature,

1253 NSSCallback *uhh,

1254 NSSItem *rvOpt,

1255 NSSArena *arenaOpt

1256 );

1257

1258 /*

1259 * NSSSymmetricKey_WrapSymmetricKey

1260 *

1261 */

1262

1263 NSS_EXTERN NSSItem *

1264 NSSSymmetricKey_WrapSymmetricKey

1265 (

1266 NSSSymmetricKey *wrappingKey,

1267 NSSAlgorithmAndParameters *apOpt,

1268 NSSSymmetricKey *keyToWrap,

1269 NSSCallback *uhh,

1270 NSSItem *rvOpt,

1271 NSSArena *arenaOpt

1272 );

1273

1274 /*

1275 * NSSSymmetricKey_WrapPrivateKey

1276 *

1277 */

1278

1279 NSS_EXTERN NSSItem *

1280 NSSSymmetricKey_WrapPrivateKey

1281 (

1282 NSSSymmetricKey *wrappingKey,

1283 NSSAlgorithmAndParameters *apOpt,

1284 NSSPrivateKey *keyToWrap,

1285 NSSCallback *uhh,

1286 NSSItem *rvOpt,

1287 NSSArena *arenaOpt

1288 );

1289

1290 /*

1291 * NSSSymmetricKey_UnwrapSymmetricKey

1292 *

1293 */

1294

1295 NSS_EXTERN NSSSymmetricKey *

1296 NSSSymmetricKey_UnwrapSymmetricKey

1297 (

1298 NSSSymmetricKey *wrappingKey,

1299 NSSAlgorithmAndParameters *apOpt,

1300 NSSItem *wrappedKey,

1301 NSSOID *target,

1302 PRUint32 keySizeOpt,

1303 NSSOperations operations,

1304 NSSCallback *uhh

1305 );

1306

1307 /*

1308 * NSSSymmetricKey_UnwrapPrivateKey

1309 *

1310 */

1311

1312 NSS_EXTERN NSSPrivateKey *

1313 NSSSymmetricKey_UnwrapPrivateKey

1314 (

1315 NSSSymmetricKey *wrappingKey,

1316 NSSAlgorithmAndParameters *apOpt,

1317 NSSItem *wrappedKey,

1318 NSSUTF8 *labelOpt,

1319 NSSItem *keyIDOpt,

1320 PRBool persistant,

1321 PRBool sensitive,

1322 NSSToken *destinationOpt,

1323 NSSCallback *uhh

1324 );

1325

1326 /*

1327 * NSSSymmetricKey_DeriveSymmetricKey

1328 *

1329 */

1330

1331 NSS_EXTERN NSSSymmetricKey *

1332 NSSSymmetricKey_DeriveSymmetricKey

1333 (

1334 NSSSymmetricKey *originalKey,

1335 NSSAlgorithmAndParameters *apOpt,

1336 NSSOID *target,

1337 PRUint32 keySizeOpt,

1338 NSSOperations operations,

1339 NSSCallback *uhh

1340 );

1341

1342 /*

1343 * NSSSymmetricKey_CreateCryptoContext

1344 *

1345 * Create a crypto context, in this key's trust domain,

1346 * with this as the distinguished symmetric key.

1347 */

1348

1349 NSS_EXTERN NSSCryptoContext *

1350 NSSSymmetricKey_CreateCryptoContext

1351 (

1352 NSSSymmetricKey *mk,

1353 NSSAlgorithmAndParameters *apOpt,

1354 NSSCallback *uhh

1355 );

1356

1357 /*

1358 * NSSTrustDomain

1359 *

1360 */

1361

1362 /*

1363 * NSSTrustDomain_Create

1364 *

1365 * This creates a trust domain, optionally with an initial cryptoki

1366 * module. If the module name is not null, the module is loaded if

1367 * needed (using the uriOpt argument), and initialized with the

1368 * opaqueOpt argument. If mumble mumble priority settings, then

1369 * module-specification objects in the module can cause the loading

1370 * and initialization of further modules.

1371 *

1372 * The uriOpt is defined to take a URI. At present, we only

1373 * support file: URLs pointing to platform-native shared libraries.

1374 * However, by specifying this as a URI, this keeps open the

1375 * possibility of supporting other, possibly remote, resources.

1376 *

1377 * The "reserved" arguments is held for when we figure out the

1378 * module priority stuff.

1379 */

1380

1381 NSS_EXTERN NSSTrustDomain *

1382 NSSTrustDomain_Create

1383 (

1384 NSSUTF8 *moduleOpt,

1385 NSSUTF8 *uriOpt,

1386 NSSUTF8 *opaqueOpt,

1387 void *reserved

1388 );

1389

1390 /*

1391 * NSSTrustDomain_Destroy

1392 *

1393 */

1394

1395 NSS_EXTERN PRStatus

1396 NSSTrustDomain_Destroy

1397 (

1398 NSSTrustDomain *td

1399 );

1400

1401 /*

1402 * NSSTrustDomain_SetDefaultCallback

1403 *

1404 */

1405

1406 NSS_EXTERN PRStatus

1407 NSSTrustDomain_SetDefaultCallback

1408 (

1409 NSSTrustDomain *td,

1410 NSSCallback *newCallback,

1411 NSSCallback **oldCallbackOpt

1412 );

1413

1414 /*

1415 * NSSTrustDomain_GetDefaultCallback

1416 *

1417 */

1418

1419 NSS_EXTERN NSSCallback *

1420 NSSTrustDomain_GetDefaultCallback

1421 (

1422 NSSTrustDomain *td,

1423 PRStatus *statusOpt

1424 );

1425

1426 /*

1427 * Default policies?

1428 * Default usage?

1429 * Default time, for completeness?

1430 */

1431

1432 /*

1433 * NSSTrustDomain_LoadModule

1434 *

1435 */

1436

1437 NSS_EXTERN PRStatus

1438 NSSTrustDomain_LoadModule

1439 (

1440 NSSTrustDomain *td,

1441 NSSUTF8 *moduleOpt,

1442 NSSUTF8 *uriOpt,

1443 NSSUTF8 *opaqueOpt,

1444 void *reserved

1445 );

1446

1447 /*

1448 * NSSTrustDomain_AddModule

1449 * NSSTrustDomain_AddSlot

1450 * NSSTrustDomain_UnloadModule

1451 * Managing modules, slots, tokens; priorities;

1452 * Traversing all of the above

1453 * this needs more work

1454 */

1455

1456 /*

1457 * NSSTrustDomain_DisableToken

1458 *

1459 */

1460

1461 NSS_EXTERN PRStatus

1462 NSSTrustDomain_DisableToken

1463 (

1464 NSSTrustDomain *td,

1465 NSSToken *token,

1466 NSSError why

1467 );

1468

1469 /*

1470 * NSSTrustDomain_EnableToken

1471 *

1472 */

1473

1474 NSS_EXTERN PRStatus

1475 NSSTrustDomain_EnableToken

1476 (

1477 NSSTrustDomain *td,

1478 NSSToken *token

1479 );

1480

1481 /*

1482 * NSSTrustDomain_IsTokenEnabled

1483 *

1484 * If disabled, "why" is always on the error stack.

1485 * The optional argument is just for convenience.

1486 */

1487

1488 NSS_EXTERN PRStatus

1489 NSSTrustDomain_IsTokenEnabled

1490 (

1491 NSSTrustDomain *td,

1492 NSSToken *token,

1493 NSSError *whyOpt

1494 );

1495

1496 /*

1497 * NSSTrustDomain_FindSlotByName

1498 *

1499 */

1500

1501 NSS_EXTERN NSSSlot *

1502 NSSTrustDomain_FindSlotByName

1503 (

1504 NSSTrustDomain *td,

1505 NSSUTF8 *slotName

1506 );

1507

1508 /*

1509 * NSSTrustDomain_FindTokenByName

1510 *

1511 */

1512

1513 NSS_EXTERN NSSToken *

1514 NSSTrustDomain_FindTokenByName

1515 (

1516 NSSTrustDomain *td,

1517 NSSUTF8 *tokenName

1518 );

1519

1520 /*

1521 * NSSTrustDomain_FindTokenBySlotName

1522 *

1523 */

1524

1525 NSS_EXTERN NSSToken *

1526 NSSTrustDomain_FindTokenBySlotName

1527 (

1528 NSSTrustDomain *td,

1529 NSSUTF8 *slotName

1530 );

1531

1532 /*

1533 * NSSTrustDomain_FindBestTokenForAlgorithm

1534 *

1535 */

1536

1537 NSS_EXTERN NSSToken *

1538 NSSTrustDomain_FindTokenForAlgorithm

1539 (

1540 NSSTrustDomain *td,

1541 NSSOID *algorithm

1542 );

1543

1544 /*

1545 * NSSTrustDomain_FindBestTokenForAlgorithms

1546 *

1547 */

1548

1549 NSS_EXTERN NSSToken *

1550 NSSTrustDomain_FindBestTokenForAlgorithms

1551 (

1552 NSSTrustDomain *td,

1553 NSSOID algorithms[], / may be null-terminated */

1554 PRUint32 nAlgorithmsOpt /* limits the array if nonzero */

1555 );

1556

1557 /*

1558 * NSSTrustDomain_Login

1559 *

1560 */

1561

1562 NSS_EXTERN PRStatus

1563 NSSTrustDomain_Login

1564 (

1565 NSSTrustDomain *td,

1566 NSSCallback *uhhOpt

1567 );

1568

1569 /*

1570 * NSSTrustDomain_Logout

1571 *

1572 */

1573

1574 NSS_EXTERN PRStatus

1575 NSSTrustDomain_Logout

1576 (

1577 NSSTrustDomain *td

1578 );

1579

1580 /* Importing things */

1581

1582 /*

1583 * NSSTrustDomain_ImportCertificate

1584 *

1585 * The implementation will pull some data out of the certificate

1586 * (e.g. e-mail address) for use in pkcs#11 object attributes.

1587 */

1588

1589 NSS_EXTERN NSSCertificate *

1590 NSSTrustDomain_ImportCertificate

1591 (

1592 NSSTrustDomain *td,

1593 NSSCertificate *c

1594 );

1595

1596 /*

1597 * NSSTrustDomain_ImportPKIXCertificate

1598 *

1599 */

1600

1601 NSS_EXTERN NSSCertificate *

1602 NSSTrustDomain_ImportPKIXCertificate

1603 (

1604 NSSTrustDomain *td,

1605 /* declared as a struct until these "data types" are defined */

1606 struct NSSPKIXCertificateStr *pc

1607 );

1608

1609 /*

1610 * NSSTrustDomain_ImportEncodedCertificate

1611 *

1612 * Imports any type of certificate we support.

1613 */

1614

1615 NSS_EXTERN NSSCertificate *

1616 NSSTrustDomain_ImportEncodedCertificate

1617 (

1618 NSSTrustDomain *td,

1619 NSSBER *ber

1620 );

1621

1622 /*

1623 * NSSTrustDomain_ImportEncodedCertificateChain

1624 *

1625 * If you just want the leaf, pass in a maximum of one.

1626 */

1627

1628 NSS_EXTERN NSSCertificate **

1629 NSSTrustDomain_ImportEncodedCertificateChain

1630 (

1631 NSSTrustDomain *td,

1632 NSSBER *ber,

1633 NSSCertificate *rvOpt[],

1634 PRUint32 maximumOpt, /* 0 for no max */

1635 NSSArena *arenaOpt

1636 );

1637

1638 /*

1639 * NSSTrustDomain_ImportEncodedPrivateKey

1640 *

1641 */

1642

1643 NSS_EXTERN NSSPrivateKey *

1644 NSSTrustDomain_ImportEncodedPrivateKey

1645 (

1646 NSSTrustDomain *td,

1647 NSSBER *ber,

1648 NSSItem passwordOpt, / NULL will cause a callback */

1649 NSSCallback *uhhOpt,

1650 NSSToken *destination

1651 );

1652

1653 /*

1654 * NSSTrustDomain_ImportEncodedPublicKey

1655 *

1656 */

1657

1658 NSS_EXTERN NSSPublicKey *

1659 NSSTrustDomain_ImportEncodedPublicKey

1660 (

1661 NSSTrustDomain *td,

1662 NSSBER *ber

1663 );

1664

1665 /* Other importations: S/MIME capabilities */

1666

1667 /*

1668 * NSSTrustDomain_FindBestCertificateByNickname

1669 *

1670 */

1671

1672 NSS_EXTERN NSSCertificate *

1673 NSSTrustDomain_FindBestCertificateByNickname

1674 (

1675 NSSTrustDomain *td,

1676 const NSSUTF8 *name,

1677 NSSTime timeOpt, / NULL for "now" */

1678 NSSUsage *usage,

1679 NSSPolicies policiesOpt / NULL for none */

1680 );

1681

1682 /*

1683 * NSSTrustDomain_FindCertificatesByNickname

1684 *

1685 */

1686

1687 NSS_EXTERN NSSCertificate **

1688 NSSTrustDomain_FindCertificatesByNickname

1689 (

1690 NSSTrustDomain *td,

1691 NSSUTF8 *name,

1692 NSSCertificate *rvOpt[],

1693 PRUint32 maximumOpt, /* 0 for no max */

1694 NSSArena *arenaOpt

1695 );

1696

1697 /*

1698 * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber

1699 *

1700 */

1701

1702 NSS_EXTERN NSSCertificate *

1703 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber

1704 (

1705 NSSTrustDomain *td,

1706 NSSDER *issuer,

1707 NSSDER *serialNumber

1708 );

1709

1710 /*

1711 * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber

1712 *

1713 * Theoretically, this should never happen. However, some companies

1714 * we know have issued duplicate certificates with the same issuer

1715 * and serial number. Do we just ignore them? I'm thinking yes.

1716 */

1717

1718 /*

1719 * NSSTrustDomain_FindBestCertificateBySubject

1720 *

1721 * This does not search through alternate names hidden in extensions.

1722 */

1723

1724 NSS_EXTERN NSSCertificate *

1725 NSSTrustDomain_FindBestCertificateBySubject

1726 (

1727 NSSTrustDomain *td,

1728 NSSDER /NSSUTF8/ *subject,

1729 NSSTime *timeOpt,

1730 NSSUsage *usage,

1731 NSSPolicies *policiesOpt

1732 );

1733

1734 /*

1735 * NSSTrustDomain_FindCertificatesBySubject

1736 *

1737 * This does not search through alternate names hidden in extensions.

1738 */

1739

1740 NSS_EXTERN NSSCertificate **

1741 NSSTrustDomain_FindCertificatesBySubject

1742 (

1743 NSSTrustDomain *td,

1744 NSSDER /NSSUTF8/ *subject,

1745 NSSCertificate *rvOpt[],

1746 PRUint32 maximumOpt, /* 0 for no max */

1747 NSSArena *arenaOpt

1748 );

1749

1750 /*

1751 * NSSTrustDomain_FindBestCertificateByNameComponents

1752 *

1753 * This call does try several tricks, including a pseudo pkcs#11

1754 * attribute for the ldap module to try as a query. Eventually

1755 * this call falls back to a traversal if that's what's required.

1756 * It will search through alternate names hidden in extensions.

1757 */

1758

1759 NSS_EXTERN NSSCertificate *

1760 NSSTrustDomain_FindBestCertificateByNameComponents

1761 (

1762 NSSTrustDomain *td,

1763 NSSUTF8 *nameComponents,

1764 NSSTime *timeOpt,

1765 NSSUsage *usage,

1766 NSSPolicies *policiesOpt

1767 );

1768

1769 /*

1770 * NSSTrustDomain_FindCertificatesByNameComponents

1771 *

1772 * This call, too, tries several tricks. It will stop on the first

1773 * attempt that generates results, so it won't e.g. traverse the

1774 * entire ldap database.

1775 */

1776

1777 NSS_EXTERN NSSCertificate **

1778 NSSTrustDomain_FindCertificatesByNameComponents

1779 (

1780 NSSTrustDomain *td,

1781 NSSUTF8 *nameComponents,

1782 NSSCertificate *rvOpt[],

1783 PRUint32 maximumOpt, /* 0 for no max */

1784 NSSArena *arenaOpt

1785 );

1786

1787 /*

1788 * NSSTrustDomain_FindCertificateByEncodedCertificate

1789 *

1790 */

1791

1792 NSS_EXTERN NSSCertificate *

1793 NSSTrustDomain_FindCertificateByEncodedCertificate

1794 (

1795 NSSTrustDomain *td,

1796 NSSBER *encodedCertificate

1797 );

1798

1799 /*

1800 * NSSTrustDomain_FindBestCertificateByEmail

1801 *

1802 */

1803

1804 NSS_EXTERN NSSCertificate *

1805 NSSTrustDomain_FindCertificateByEmail

1806 (

1807 NSSTrustDomain *td,

1808 NSSASCII7 *email,

1809 NSSTime *timeOpt,

1810 NSSUsage *usage,

1811 NSSPolicies *policiesOpt

1812 );

1813

1814 /*

1815 * NSSTrustDomain_FindCertificatesByEmail

1816 *

1817 */

1818

1819 NSS_EXTERN NSSCertificate **

1820 NSSTrustDomain_FindCertificatesByEmail

1821 (

1822 NSSTrustDomain *td,

1823 NSSASCII7 *email,

1824 NSSCertificate *rvOpt[],

1825 PRUint32 maximumOpt, /* 0 for no max */

1826 NSSArena *arenaOpt

1827 );

1828

1829 /*

1830 * NSSTrustDomain_FindCertificateByOCSPHash

1831 *

1832 * There can be only one.

1833 */

1834

1835 NSS_EXTERN NSSCertificate *

1836 NSSTrustDomain_FindCertificateByOCSPHash

1837 (

1838 NSSTrustDomain *td,

1839 NSSItem *hash

1840 );

1841

1842 /*

1843 * NSSTrustDomain_TraverseCertificates

1844 *

1845 * This function descends from one in older versions of NSS which

1846 * traverses the certs in the permanent database. That function

1847 * was used to implement selection routines, but was directly

1848 * available too. Trust domains are going to contain a lot more

1849 * certs now (e.g., an ldap server), so we'd really like to

1850 * discourage traversal. Thus for now, this is commented out.

1851 * If it's needed, let's look at the situation more closely to

1852 * find out what the actual requirements are.

1853 */

1854

1855 /* For now, adding this function. This may only be for debugging

1856 * purposes.

1857 * Perhaps some equivalent function, on a specified token, will be

1858 * needed in a "friend" header file?

1859 */

1860 NSS_EXTERN PRStatus *

1861 NSSTrustDomain_TraverseCertificates

1862 (

1863 NSSTrustDomain *td,

1864 PRStatus (callback)(NSSCertificate c, void *arg),

1865 void *arg

1866 );

1867

1868 /*

1869 * NSSTrustDomain_FindBestUserCertificate

1870 *

1871 */

1872

1873 NSS_EXTERN NSSCertificate *

1874 NSSTrustDomain_FindBestUserCertificate

1875 (

1876 NSSTrustDomain *td,

1877 NSSTime *timeOpt,

1878 NSSUsage *usage,

1879 NSSPolicies *policiesOpt

1880 );

1881

1882 /*

1883 * NSSTrustDomain_FindUserCertificates

1884 *

1885 */

1886

1887 NSS_EXTERN NSSCertificate **

1888 NSSTrustDomain_FindUserCertificates

1889 (

1890 NSSTrustDomain *td,

1891 NSSTime *timeOpt,

1892 NSSUsage *usageOpt,

1893 NSSPolicies *policiesOpt,

1894 NSSCertificate **rvOpt,

1895 PRUint32 rvLimit, /* zero for no limit */

1896 NSSArena *arenaOpt

1897 );

1898

1899 /*

1900 * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth

1901 *

1902 */

1903

1904 NSS_EXTERN NSSCertificate *

1905 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth

1906 (

1907 NSSTrustDomain *td,

1908 NSSUTF8 *sslHostOpt,

1909 NSSDER rootCAsOpt[], / null pointer for none */

1910 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */

1911 NSSAlgorithmAndParameters *apOpt,

1912 NSSPolicies *policiesOpt

1913 );

1914

1915 /*

1916 * NSSTrustDomain_FindUserCertificatesForSSLClientAuth

1917 *

1918 */

1919

1920 NSS_EXTERN NSSCertificate **

1921 NSSTrustDomain_FindUserCertificatesForSSLClientAuth

1922 (

1923 NSSTrustDomain *td,

1924 NSSUTF8 *sslHostOpt,

1925 NSSDER rootCAsOpt[], / null pointer for none */

1926 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */

1927 NSSAlgorithmAndParameters *apOpt,

1928 NSSPolicies *policiesOpt,

1929 NSSCertificate **rvOpt,

1930 PRUint32 rvLimit, /* zero for no limit */

1931 NSSArena *arenaOpt

1932 );

1933

1934 /*

1935 * NSSTrustDomain_FindBestUserCertificateForEmailSigning

1936 *

1937 */

1938

1939 NSS_EXTERN NSSCertificate *

1940 NSSTrustDomain_FindBestUserCertificateForEmailSigning

1941 (

1942 NSSTrustDomain *td,

1943 NSSASCII7 *signerOpt,

1944 NSSASCII7 *recipientOpt,

1945 /* anything more here? */

1946 NSSAlgorithmAndParameters *apOpt,

1947 NSSPolicies *policiesOpt

1948 );

1949

1950 /*

1951 * NSSTrustDomain_FindUserCertificatesForEmailSigning

1952 *

1953 */

1954

1955 NSS_EXTERN NSSCertificate **

1956 NSSTrustDomain_FindUserCertificatesForEmailSigning

1957 (

1958 NSSTrustDomain *td,

1959 NSSASCII7 *signerOpt,

1960 NSSASCII7 *recipientOpt,

1961 /* anything more here? */

1962 NSSAlgorithmAndParameters *apOpt,

1963 NSSPolicies *policiesOpt,

1964 NSSCertificate **rvOpt,

1965 PRUint32 rvLimit, /* zero for no limit */

1966 NSSArena *arenaOpt

1967 );

1968

1969 /*

1970 * Here is where we'd add more Find[Best]UserCertificate[s]For<usage>

1971 * routines.

1972 */

1973

1974 /* Private Keys */

1975

1976 /*

1977 * NSSTrustDomain_GenerateKeyPair

1978 *

1979 * Creates persistant objects. If you want session objects, use

1980 * NSSCryptoContext_GenerateKeyPair. The destination token is where

1981 * the keys are stored. If that token can do the required math, then

1982 * that's where the keys are generated too. Otherwise, the keys are

1983 * generated elsewhere and moved to that token.

1984 */

1985

1986 NSS_EXTERN PRStatus

1987 NSSTrustDomain_GenerateKeyPair

1988 (

1989 NSSTrustDomain *td,

1990 NSSAlgorithmAndParameters *ap,

1991 NSSPrivateKey **pvkOpt,

1992 NSSPublicKey **pbkOpt,

1993 PRBool privateKeyIsSensitive,

1994 NSSToken *destination,

1995 NSSCallback *uhhOpt

1996 );

1997

1998 /*

1999 * NSSTrustDomain_TraversePrivateKeys

2000 *

2001 *

2002 * NSS_EXTERN PRStatus *

2003 * NSSTrustDomain_TraversePrivateKeys

2004 * (

2005 * NSSTrustDomain *td,

2006 * PRStatus (callback)(NSSPrivateKey vk, void *arg),

2007 * void *arg

2008 * );

2009 */

2010

2011 /* Symmetric Keys */

2012

2013 /*

2014 * NSSTrustDomain_GenerateSymmetricKey

2015 *

2016 */

2017

2018 NSS_EXTERN NSSSymmetricKey *

2019 NSSTrustDomain_GenerateSymmetricKey

2020 (

2021 NSSTrustDomain *td,

2022 NSSAlgorithmAndParameters *ap,

2023 PRUint32 keysize,

2024 NSSToken *destination,

2025 NSSCallback *uhhOpt

2026 );

2027

2028 /*

2029 * NSSTrustDomain_GenerateSymmetricKeyFromPassword

2030 *

2031 */

2032

2033 NSS_EXTERN NSSSymmetricKey *

2034 NSSTrustDomain_GenerateSymmetricKeyFromPassword

2035 (

2036 NSSTrustDomain *td,

2037 NSSAlgorithmAndParameters *ap,

2038 NSSUTF8 passwordOpt, / if null, prompt */

2039 NSSToken *destinationOpt,

2040 NSSCallback *uhhOpt

2041 );

2042

2043 /*

2044 * NSSTrustDomain_FindSymmetricKeyByAlgorithm

2045 *

2046 * Is this still needed?

2047 *

2048 * NSS_EXTERN NSSSymmetricKey *

2049 * NSSTrustDomain_FindSymmetricKeyByAlgorithm

2050 * (

2051 * NSSTrustDomain *td,

2052 * NSSOID *algorithm,

2053 * NSSCallback *uhhOpt

2054 * );

2055 */

2056

2057 /*

2058 * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID

2059 *

2060 */

2061

2062 NSS_EXTERN NSSSymmetricKey *

2063 NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID

2064 (

2065 NSSTrustDomain *td,

2066 NSSOID *algorithm,

2067 NSSItem *keyID,

2068 NSSCallback *uhhOpt

2069 );

2070

2071 /*

2072 * NSSTrustDomain_TraverseSymmetricKeys

2073 *

2074 *

2075 * NSS_EXTERN PRStatus *

2076 * NSSTrustDomain_TraverseSymmetricKeys

2077 * (

2078 * NSSTrustDomain *td,

2079 * PRStatus (callback)(NSSSymmetricKey mk, void *arg),

2080 * void *arg

2081 * );

2082 */

2083

2084 /*

2085 * NSSTrustDomain_CreateCryptoContext

2086 *

2087 * If a callback object is specified, it becomes the for the crypto

2088 * context; otherwise, this trust domain's default (if any) is

2089 * inherited.

2090 */

2091

2092 NSS_EXTERN NSSCryptoContext *

2093 NSSTrustDomain_CreateCryptoContext

2094 (

2095 NSSTrustDomain *td,

2096 NSSCallback *uhhOpt

2097 );

2098

2099 /*

2100 * NSSTrustDomain_CreateCryptoContextForAlgorithm

2101 *

2102 */

2103

2104 NSS_EXTERN NSSCryptoContext *

2105 NSSTrustDomain_CreateCryptoContextForAlgorithm

2106 (

2107 NSSTrustDomain *td,

2108 NSSOID *algorithm

2109 );

2110

2111 /*

2112 * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters

2113 *

2114 */

2115

2116 NSS_EXTERN NSSCryptoContext *

2117 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters

2118 (

2119 NSSTrustDomain *td,

2120 NSSAlgorithmAndParameters *ap

2121 );

2122

2123 /* find/traverse other objects, e.g. s/mime profiles */

2124

2125 /*

2126 * NSSCryptoContext

2127 *

2128 * A crypto context is sort of a short-term snapshot of a trust domain,

2129 * used for the life of "one crypto operation." You can also think of

2130 * it as a "temporary database."

2131 *

2132 * Just about all of the things you can do with a trust domain -- importing

2133 * or creating certs, keys, etc. -- can be done with a crypto context.

2134 * The difference is that the objects will be temporary ("session") objects.

2135 *

2136 * Also, if the context was created for a key, cert, and/or algorithm; or

2137 * if such objects have been "associated" with the context, then the context

2138 * can do everything the keys can, like crypto operations.

2139 *

2140 * And finally, because it keeps the state of the crypto operations, it

2141 * can do streaming crypto ops.

2142 */

2143

2144 /*

2145 * NSSTrustDomain_Destroy

2146 *

2147 */

2148

2149 NSS_EXTERN PRStatus

2150 NSSCryptoContext_Destroy

2151 (

2152 NSSCryptoContext *cc

2153 );

2154

2155 /* establishing a default callback */

2156

2157 /*

2158 * NSSCryptoContext_SetDefaultCallback

2159 *

2160 */

2161

2162 NSS_EXTERN PRStatus

2163 NSSCryptoContext_SetDefaultCallback

2164 (

2165 NSSCryptoContext *cc,

2166 NSSCallback *newCallback,

2167 NSSCallback **oldCallbackOpt

2168 );

2169

2170 /*

2171 * NSSCryptoContext_GetDefaultCallback

2172 *

2173 */

2174

2175 NSS_EXTERN NSSCallback *

2176 NSSCryptoContext_GetDefaultCallback

2177 (

2178 NSSCryptoContext *cc,

2179 PRStatus *statusOpt

2180 );

2181

2182 /*

2183 * NSSCryptoContext_GetTrustDomain

2184 *

2185 */

2186

2187 NSS_EXTERN NSSTrustDomain *

2188 NSSCryptoContext_GetTrustDomain

2189 (

2190 NSSCryptoContext *cc

2191 );

2192

2193 /* AddModule, etc: should we allow "temporary" changes here? */

2194 /* DisableToken, etc: ditto */

2195 /* Ordering of tokens? */

2196 /* Finding slots+token etc. */

2197 /* login+logout */

2198

2199 /* Importing things */

2200

2201 /*

2202 * NSSCryptoContext_FindOrImportCertificate

2203 *

2204 * If the certificate store already contains this DER cert, return the

2205 * address of the matching NSSCertificate that is already in the store,

2206 * and bump its reference count.

2207 *

2208 * If this DER cert is NOT already in the store, then add the new

2209 * NSSCertificate to the store and bump its reference count,

2210 * then return its address.

2211 *

2212 * if this DER cert is not in the store and cannot be added to it,

2213 * return NULL;

2214 *

2215 * Record the associated crypto context in the certificate.

2216 */

2217

2218 NSS_EXTERN NSSCertificate *

2219 NSSCryptoContext_FindOrImportCertificate (

2220 NSSCryptoContext *cc,

2221 NSSCertificate *c

2222 );

2223

2224 /*

2225 * NSSCryptoContext_ImportPKIXCertificate

2226 *

2227 */

2228

2229 NSS_EXTERN NSSCertificate *

2230 NSSCryptoContext_ImportPKIXCertificate

2231 (

2232 NSSCryptoContext *cc,

2233 struct NSSPKIXCertificateStr *pc

2234 );

2235

2236 /*

2237 * NSSCryptoContext_ImportEncodedCertificate

2238 *

2239 */

2240

2241 NSS_EXTERN NSSCertificate *

2242 NSSCryptoContext_ImportEncodedCertificate

2243 (

2244 NSSCryptoContext *cc,

2245 NSSBER *ber

2246 );

2247

2248 /*

2249 * NSSCryptoContext_ImportEncodedPKIXCertificateChain

2250 *

2251 */

2252

2253 NSS_EXTERN PRStatus

2254 NSSCryptoContext_ImportEncodedPKIXCertificateChain

2255 (

2256 NSSCryptoContext *cc,

2257 NSSBER *ber

2258 );

2259

2260 /* Other importations: S/MIME capabilities

2261 */

2262

2263 /*

2264 * NSSCryptoContext_FindBestCertificateByNickname

2265 *

2266 */

2267

2268 NSS_EXTERN NSSCertificate *

2269 NSSCryptoContext_FindBestCertificateByNickname

2270 (

2271 NSSCryptoContext *cc,

2272 const NSSUTF8 *name,

2273 NSSTime timeOpt, / NULL for "now" */

2274 NSSUsage *usage,

2275 NSSPolicies policiesOpt / NULL for none */

2276 );

2277

2278 /*

2279 * NSSCryptoContext_FindCertificatesByNickname

2280 *

2281 */

2282

2283 NSS_EXTERN NSSCertificate **

2284 NSSCryptoContext_FindCertificatesByNickname

2285 (

2286 NSSCryptoContext *cc,

2287 NSSUTF8 *name,

2288 NSSCertificate *rvOpt[],

2289 PRUint32 maximumOpt, /* 0 for no max */

2290 NSSArena *arenaOpt

2291 );

2292

2293 /*

2294 * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber

2295 *

2296 */

2297

2298 NSS_EXTERN NSSCertificate *

2299 NSSCryptoContext_FindCertificateByIssuerAndSerialNumber

2300 (

2301 NSSCryptoContext *cc,

2302 NSSDER *issuer,

2303 NSSDER *serialNumber

2304 );

2305

2306 /*

2307 * NSSCryptoContext_FindBestCertificateBySubject

2308 *

2309 * This does not search through alternate names hidden in extensions.

2310 */

2311

2312 NSS_EXTERN NSSCertificate *

2313 NSSCryptoContext_FindBestCertificateBySubject

2314 (

2315 NSSCryptoContext *cc,

2316 NSSDER /NSSUTF8/ *subject,

2317 NSSTime *timeOpt,

2318 NSSUsage *usage,

2319 NSSPolicies *policiesOpt

2320 );

2321

2322 /*

2323 * NSSCryptoContext_FindCertificatesBySubject

2324 *

2325 * This does not search through alternate names hidden in extensions.

2326 */

2327

2328 NSS_EXTERN NSSCertificate **

2329 NSSCryptoContext_FindCertificatesBySubject

2330 (

2331 NSSCryptoContext *cc,

2332 NSSDER /NSSUTF8/ *subject,

2333 NSSCertificate *rvOpt[],

2334 PRUint32 maximumOpt, /* 0 for no max */

2335 NSSArena *arenaOpt

2336 );

2337

2338 /*

2339 * NSSCryptoContext_FindBestCertificateByNameComponents

2340 *

2341 * This call does try several tricks, including a pseudo pkcs#11

2342 * attribute for the ldap module to try as a query. Eventually

2343 * this call falls back to a traversal if that's what's required.

2344 * It will search through alternate names hidden in extensions.

2345 */

2346

2347 NSS_EXTERN NSSCertificate *

2348 NSSCryptoContext_FindBestCertificateByNameComponents

2349 (

2350 NSSCryptoContext *cc,

2351 NSSUTF8 *nameComponents,

2352 NSSTime *timeOpt,

2353 NSSUsage *usage,

2354 NSSPolicies *policiesOpt

2355 );

2356

2357 /*

2358 * NSSCryptoContext_FindCertificatesByNameComponents

2359 *

2360 * This call, too, tries several tricks. It will stop on the first

2361 * attempt that generates results, so it won't e.g. traverse the

2362 * entire ldap database.

2363 */

2364

2365 NSS_EXTERN NSSCertificate **

2366 NSSCryptoContext_FindCertificatesByNameComponents

2367 (

2368 NSSCryptoContext *cc,

2369 NSSUTF8 *nameComponents,

2370 NSSCertificate *rvOpt[],

2371 PRUint32 maximumOpt, /* 0 for no max */

2372 NSSArena *arenaOpt

2373 );

2374

2375 /*

2376 * NSSCryptoContext_FindCertificateByEncodedCertificate

2377 *

2378 */

2379

2380 NSS_EXTERN NSSCertificate *

2381 NSSCryptoContext_FindCertificateByEncodedCertificate

2382 (

2383 NSSCryptoContext *cc,

2384 NSSBER *encodedCertificate

2385 );

2386

2387 /*

2388 * NSSCryptoContext_FindBestCertificateByEmail

2389 *

2390 */

2391

2392 NSS_EXTERN NSSCertificate *

2393 NSSCryptoContext_FindBestCertificateByEmail

2394 (

2395 NSSCryptoContext *cc,

2396 NSSASCII7 *email,

2397 NSSTime *timeOpt,

2398 NSSUsage *usage,

2399 NSSPolicies *policiesOpt

2400 );

2401

2402 /*

2403 * NSSCryptoContext_FindCertificatesByEmail

2404 *

2405 */

2406

2407 NSS_EXTERN NSSCertificate **

2408 NSSCryptoContext_FindCertificatesByEmail

2409 (

2410 NSSCryptoContext *cc,

2411 NSSASCII7 *email,

2412 NSSCertificate *rvOpt[],

2413 PRUint32 maximumOpt, /* 0 for no max */

2414 NSSArena *arenaOpt

2415 );

2416

2417 /*

2418 * NSSCryptoContext_FindCertificateByOCSPHash

2419 *

2420 */

2421

2422 NSS_EXTERN NSSCertificate *

2423 NSSCryptoContext_FindCertificateByOCSPHash

2424 (

2425 NSSCryptoContext *cc,

2426 NSSItem *hash

2427 );

2428

2429 /*

2430 * NSSCryptoContext_TraverseCertificates

2431 *

2432 *

2433 * NSS_EXTERN PRStatus *

2434 * NSSCryptoContext_TraverseCertificates

2435 * (

2436 * NSSCryptoContext *cc,

2437 * PRStatus (callback)(NSSCertificate c, void *arg),

2438 * void *arg

2439 * );

2440 */

2441

2442 /*

2443 * NSSCryptoContext_FindBestUserCertificate

2444 *

2445 */

2446

2447 NSS_EXTERN NSSCertificate *

2448 NSSCryptoContext_FindBestUserCertificate

2449 (

2450 NSSCryptoContext *cc,

2451 NSSTime *timeOpt,

2452 NSSUsage *usage,

2453 NSSPolicies *policiesOpt

2454 );

2455

2456 /*

2457 * NSSCryptoContext_FindUserCertificates

2458 *

2459 */

2460

2461 NSS_EXTERN NSSCertificate **

2462 NSSCryptoContext_FindUserCertificates

2463 (

2464 NSSCryptoContext *cc,

2465 NSSTime *timeOpt,

2466 NSSUsage *usageOpt,

2467 NSSPolicies *policiesOpt,

2468 NSSCertificate **rvOpt,

2469 PRUint32 rvLimit, /* zero for no limit */

2470 NSSArena *arenaOpt

2471 );

2472

2473 /*

2474 * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth

2475 *

2476 */

2477

2478 NSS_EXTERN NSSCertificate *

2479 NSSCryptoContext_FindBestUserCertificateForSSLClientAuth

2480 (

2481 NSSCryptoContext *cc,

2482 NSSUTF8 *sslHostOpt,

2483 NSSDER rootCAsOpt[], / null pointer for none */

2484 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */

2485 NSSAlgorithmAndParameters *apOpt,

2486 NSSPolicies *policiesOpt

2487 );

2488

2489 /*

2490 * NSSCryptoContext_FindUserCertificatesForSSLClientAuth

2491 *

2492 */

2493

2494 NSS_EXTERN NSSCertificate **

2495 NSSCryptoContext_FindUserCertificatesForSSLClientAuth

2496 (

2497 NSSCryptoContext *cc,

2498 NSSUTF8 *sslHostOpt,

2499 NSSDER rootCAsOpt[], / null pointer for none */

2500 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */

2501 NSSAlgorithmAndParameters *apOpt,

2502 NSSPolicies *policiesOpt,

2503 NSSCertificate **rvOpt,

2504 PRUint32 rvLimit, /* zero for no limit */

2505 NSSArena *arenaOpt

2506 );

2507

2508 /*

2509 * NSSCryptoContext_FindBestUserCertificateForEmailSigning

2510 *

2511 */

2512

2513 NSS_EXTERN NSSCertificate *

2514 NSSCryptoContext_FindBestUserCertificateForEmailSigning

2515 (

2516 NSSCryptoContext *cc,

2517 NSSASCII7 *signerOpt,

2518 NSSASCII7 *recipientOpt,

2519 /* anything more here? */

2520 NSSAlgorithmAndParameters *apOpt,

2521 NSSPolicies *policiesOpt

2522 );

2523

2524 /*

2525 * NSSCryptoContext_FindUserCertificatesForEmailSigning

2526 *

2527 */

2528

2529 NSS_EXTERN NSSCertificate *

2530 NSSCryptoContext_FindUserCertificatesForEmailSigning

2531 (

2532 NSSCryptoContext *cc,

2533 NSSASCII7 signerOpt, / fgmr or a more general name? */

2534 NSSASCII7 *recipientOpt,

2535 /* anything more here? */

2536 NSSAlgorithmAndParameters *apOpt,

2537 NSSPolicies *policiesOpt,

2538 NSSCertificate **rvOpt,

2539 PRUint32 rvLimit, /* zero for no limit */

2540 NSSArena *arenaOpt

2541 );

2542

2543 /* Private Keys */

2544

2545 /*

2546 * NSSCryptoContext_GenerateKeyPair

2547 *

2548 * Creates session objects. If you want persistant objects, use

2549 * NSSTrustDomain_GenerateKeyPair. The destination token is where

2550 * the keys are stored. If that token can do the required math, then

2551 * that's where the keys are generated too. Otherwise, the keys are

2552 * generated elsewhere and moved to that token.

2553 */

2554

2555 NSS_EXTERN PRStatus

2556 NSSCryptoContext_GenerateKeyPair

2557 (

2558 NSSCryptoContext *cc,

2559 NSSAlgorithmAndParameters *ap,

2560 NSSPrivateKey **pvkOpt,

2561 NSSPublicKey **pbkOpt,

2562 PRBool privateKeyIsSensitive,

2563 NSSToken *destination,

2564 NSSCallback *uhhOpt

2565 );

2566

2567 /*

2568 * NSSCryptoContext_TraversePrivateKeys

2569 *

2570 *

2571 * NSS_EXTERN PRStatus *

2572 * NSSCryptoContext_TraversePrivateKeys

2573 * (

2574 * NSSCryptoContext *cc,

2575 * PRStatus (callback)(NSSPrivateKey vk, void *arg),

2576 * void *arg

2577 * );

2578 */

2579

2580 /* Symmetric Keys */

2581

2582 /*

2583 * NSSCryptoContext_GenerateSymmetricKey

2584 *

2585 */

2586

2587 NSS_EXTERN NSSSymmetricKey *

2588 NSSCryptoContext_GenerateSymmetricKey

2589 (

2590 NSSCryptoContext *cc,

2591 NSSAlgorithmAndParameters *ap,

2592 PRUint32 keysize,

2593 NSSToken *destination,

2594 NSSCallback *uhhOpt

2595 );

2596

2597 /*

2598 * NSSCryptoContext_GenerateSymmetricKeyFromPassword

2599 *

2600 */

2601

2602 NSS_EXTERN NSSSymmetricKey *

2603 NSSCryptoContext_GenerateSymmetricKeyFromPassword

2604 (

2605 NSSCryptoContext *cc,

2606 NSSAlgorithmAndParameters *ap,

2607 NSSUTF8 passwordOpt, / if null, prompt */

2608 NSSToken *destinationOpt,

2609 NSSCallback *uhhOpt

2610 );

2611

2612 /*

2613 * NSSCryptoContext_FindSymmetricKeyByAlgorithm

2614 *

2615 *

2616 * NSS_EXTERN NSSSymmetricKey *

2617 * NSSCryptoContext_FindSymmetricKeyByType

2618 * (

2619 * NSSCryptoContext *cc,

2620 * NSSOID *type,

2621 * NSSCallback *uhhOpt

2622 * );

2623 */

2624

2625 /*

2626 * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID

2627 *

2628 */

2629

2630 NSS_EXTERN NSSSymmetricKey *

2631 NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID

2632 (

2633 NSSCryptoContext *cc,

2634 NSSOID *algorithm,

2635 NSSItem *keyID,

2636 NSSCallback *uhhOpt

2637 );

2638

2639 /*

2640 * NSSCryptoContext_TraverseSymmetricKeys

2641 *

2642 *

2643 * NSS_EXTERN PRStatus *

2644 * NSSCryptoContext_TraverseSymmetricKeys

2645 * (

2646 * NSSCryptoContext *cc,

2647 * PRStatus (callback)(NSSSymmetricKey mk, void *arg),

2648 * void *arg

2649 * );

2650 */

2651

2652 /* Crypto ops on distinguished keys */

2653

2654 /*

2655 * NSSCryptoContext_Decrypt

2656 *

2657 */

2658

2659 NSS_EXTERN NSSItem *

2660 NSSCryptoContext_Decrypt

2661 (

2662 NSSCryptoContext *cc,

2663 NSSAlgorithmAndParameters *apOpt,

2664 NSSItem *encryptedData,

2665 NSSCallback *uhhOpt,

2666 NSSItem *rvOpt,

2667 NSSArena *arenaOpt

2668 );

2669

2670 /*

2671 * NSSCryptoContext_BeginDecrypt

2672 *

2673 */

2674

2675 NSS_EXTERN PRStatus

2676 NSSCryptoContext_BeginDecrypt

2677 (

2678 NSSCryptoContext *cc,

2679 NSSAlgorithmAndParameters *apOpt,

2680 NSSCallback *uhhOpt

2681 );

2682

2683 /*

2684 * NSSCryptoContext_ContinueDecrypt

2685 *

2686 */

2687

2688 /*

2689 * NSSItem semantics:

2690 *

2691 * If rvOpt is NULL, a new NSSItem and buffer are allocated.

2692 * If rvOpt is not null, but the buffer pointer is null,

2693 * then rvOpt is returned but a new buffer is allocated.

2694 * In this case, if the length value is not zero, then

2695 * no more than that much space will be allocated.

2696 * If rvOpt is not null and the buffer pointer is not null,

2697 * then that buffer is re-used. No more than the buffer

2698 * length value will be used; if it's not enough, an

2699 * error is returned. If less is used, the number is

2700 * adjusted downwards.

2701 *

2702 * Note that although this is short of some ideal "Item"

2703 * definition, we can usually tell how big these buffers

2704 * have to be.

2705 *

2706 * Feedback is requested; and earlier is better than later.

2707 */

2708

2709 NSS_EXTERN NSSItem *

2710 NSSCryptoContext_ContinueDecrypt

2711 (

2712 NSSCryptoContext *cc,

2713 NSSItem *data,

2714 NSSItem *rvOpt,

2715 NSSArena *arenaOpt

2716 );

2717

2718 /*

2719 * NSSCryptoContext_FinishDecrypt

2720 *

2721 */

2722

2723 NSS_EXTERN NSSItem *

2724 NSSCryptoContext_FinishDecrypt

2725 (

2726 NSSCryptoContext *cc,

2727 NSSItem *rvOpt,

2728 NSSArena *arenaOpt

2729 );

2730

2731 /*

2732 * NSSCryptoContext_Sign

2733 *

2734 */

2735

2736 NSS_EXTERN NSSItem *

2737 NSSCryptoContext_Sign

2738 (

2739 NSSCryptoContext *cc,

2740 NSSAlgorithmAndParameters *apOpt,

2741 NSSItem *data,

2742 NSSCallback *uhhOpt,

2743 NSSItem *rvOpt,

2744 NSSArena *arenaOpt

2745 );

2746

2747 /*

2748 * NSSCryptoContext_BeginSign

2749 *

2750 */

2751

2752 NSS_EXTERN PRStatus

2753 NSSCryptoContext_BeginSign

2754 (

2755 NSSCryptoContext *cc,

2756 NSSAlgorithmAndParameters *apOpt,

2757 NSSCallback *uhhOpt

2758 );

2759

2760 /*

2761 * NSSCryptoContext_ContinueSign

2762 *

2763 */

2764

2765 NSS_EXTERN PRStatus

2766 NSSCryptoContext_ContinueSign

2767 (

2768 NSSCryptoContext *cc,

2769 NSSItem *data

2770 );

2771

2772 /*

2773 * NSSCryptoContext_FinishSign

2774 *

2775 */

2776

2777 NSS_EXTERN NSSItem *

2778 NSSCryptoContext_FinishSign

2779 (

2780 NSSCryptoContext *cc,

2781 NSSItem *rvOpt,

2782 NSSArena *arenaOpt

2783 );

2784

2785 /*

2786 * NSSCryptoContext_SignRecover

2787 *

2788 */

2789

2790 NSS_EXTERN NSSItem *

2791 NSSCryptoContext_SignRecover

2792 (

2793 NSSCryptoContext *cc,

2794 NSSAlgorithmAndParameters *apOpt,

2795 NSSItem *data,

2796 NSSCallback *uhhOpt,

2797 NSSItem *rvOpt,

2798 NSSArena *arenaOpt

2799 );

2800

2801 /*

2802 * NSSCryptoContext_BeginSignRecover

2803 *

2804 */

2805

2806 NSS_EXTERN PRStatus

2807 NSSCryptoContext_BeginSignRecover

2808 (

2809 NSSCryptoContext *cc,

2810 NSSAlgorithmAndParameters *apOpt,

2811 NSSCallback *uhhOpt

2812 );

2813

2814 /*

2815 * NSSCryptoContext_ContinueSignRecover

2816 *

2817 */

2818

2819 NSS_EXTERN NSSItem *

2820 NSSCryptoContext_ContinueSignRecover

2821 (

2822 NSSCryptoContext *cc,

2823 NSSItem *data,

2824 NSSItem *rvOpt,

2825 NSSArena *arenaOpt

2826 );

2827

2828 /*

2829 * NSSCryptoContext_FinishSignRecover

2830 *

2831 */

2832

2833 NSS_EXTERN NSSItem *

2834 NSSCryptoContext_FinishSignRecover

2835 (

2836 NSSCryptoContext *cc,

2837 NSSItem *rvOpt,

2838 NSSArena *arenaOpt

2839 );

2840

2841 /*

2842 * NSSCryptoContext_UnwrapSymmetricKey

2843 *

2844 */

2845

2846 NSS_EXTERN NSSSymmetricKey *

2847 NSSCryptoContext_UnwrapSymmetricKey

2848 (

2849 NSSCryptoContext *cc,

2850 NSSAlgorithmAndParameters *apOpt,

2851 NSSItem *wrappedKey,

2852 NSSCallback *uhhOpt

2853 );

2854

2855 /*

2856 * NSSCryptoContext_DeriveSymmetricKey

2857 *

2858 */

2859

2860 NSS_EXTERN NSSSymmetricKey *

2861 NSSCryptoContext_DeriveSymmetricKey

2862 (

2863 NSSCryptoContext *cc,

2864 NSSPublicKey *bk,

2865 NSSAlgorithmAndParameters *apOpt,

2866 NSSOID *target,

2867 PRUint32 keySizeOpt, /* zero for best allowed */

2868 NSSOperations operations,

2869 NSSCallback *uhhOpt

2870 );

2871

2872 /*

2873 * NSSCryptoContext_Encrypt

2874 *

2875 * Encrypt a single chunk of data with the distinguished public key

2876 * of this crypto context.

2877 */

2878

2879 NSS_EXTERN NSSItem *

2880 NSSCryptoContext_Encrypt

2881 (

2882 NSSCryptoContext *cc,

2883 NSSAlgorithmAndParameters *apOpt,

2884 NSSItem *data,

2885 NSSCallback *uhhOpt,

2886 NSSItem *rvOpt,

2887 NSSArena *arenaOpt

2888 );

2889

2890 /*

2891 * NSSCryptoContext_BeginEncrypt

2892 *

2893 */

2894

2895 NSS_EXTERN PRStatus

2896 NSSCryptoContext_BeginEncrypt

2897 (

2898 NSSCryptoContext *cc,

2899 NSSAlgorithmAndParameters *apOpt,

2900 NSSCallback *uhhOpt

2901 );

2902

2903 /*

2904 * NSSCryptoContext_ContinueEncrypt

2905 *

2906 */

2907

2908 NSS_EXTERN NSSItem *

2909 NSSCryptoContext_ContinueEncrypt

2910 (

2911 NSSCryptoContext *cc,

2912 NSSItem *data,

2913 NSSItem *rvOpt,

2914 NSSArena *arenaOpt

2915 );

2916

2917 /*

2918 * NSSCryptoContext_FinishEncrypt

2919 *

2920 */

2921

2922 NSS_EXTERN NSSItem *

2923 NSSCryptoContext_FinishEncrypt

2924 (

2925 NSSCryptoContext *cc,

2926 NSSItem *rvOpt,

2927 NSSArena *arenaOpt

2928 );

2929

2930 /*

2931 * NSSCryptoContext_Verify

2932 *

2933 */

2934

2935 NSS_EXTERN PRStatus

2936 NSSCryptoContext_Verify

2937 (

2938 NSSCryptoContext *cc,

2939 NSSAlgorithmAndParameters *apOpt,

2940 NSSItem *data,

2941 NSSItem *signature,

2942 NSSCallback *uhhOpt

2943 );

2944

2945 /*

2946 * NSSCryptoContext_BeginVerify

2947 *

2948 */

2949

2950 NSS_EXTERN PRStatus

2951 NSSCryptoContext_BeginVerify

2952 (

2953 NSSCryptoContext *cc,

2954 NSSAlgorithmAndParameters *apOpt,

2955 NSSItem *signature,

2956 NSSCallback *uhhOpt

2957 );

2958

2959 /*

2960 * NSSCryptoContext_ContinueVerify

2961 *

2962 */

2963

2964 NSS_EXTERN PRStatus

2965 NSSCryptoContext_ContinueVerify

2966 (

2967 NSSCryptoContext *cc,

2968 NSSItem *data

2969 );

2970

2971 /*

2972 * NSSCryptoContext_FinishVerify

2973 *

2974 */

2975

2976 NSS_EXTERN PRStatus

2977 NSSCryptoContext_FinishVerify

2978 (

2979 NSSCryptoContext *cc

2980 );

2981

2982 /*

2983 * NSSCryptoContext_VerifyRecover

2984 *

2985 */

2986

2987 NSS_EXTERN NSSItem *

2988 NSSCryptoContext_VerifyRecover

2989 (

2990 NSSCryptoContext *cc,

2991 NSSAlgorithmAndParameters *apOpt,

2992 NSSItem *signature,

2993 NSSCallback *uhhOpt,

2994 NSSItem *rvOpt,

2995 NSSArena *arenaOpt

2996 );

2997

2998 /*

2999 * NSSCryptoContext_BeginVerifyRecover

3000 *

3001 */

3002

3003 NSS_EXTERN PRStatus

3004 NSSCryptoContext_BeginVerifyRecover

3005 (

3006 NSSCryptoContext *cc,

3007 NSSAlgorithmAndParameters *apOpt,

3008 NSSCallback *uhhOpt

3009 );

3010

3011 /*

3012 * NSSCryptoContext_ContinueVerifyRecover

3013 *

3014 */

3015

3016 NSS_EXTERN NSSItem *

3017 NSSCryptoContext_ContinueVerifyRecover

3018 (

3019 NSSCryptoContext *cc,

3020 NSSItem *data,

3021 NSSItem *rvOpt,

3022 NSSArena *arenaOpt

3023 );

3024

3025 /*

3026 * NSSCryptoContext_FinishVerifyRecover

3027 *

3028 */

3029

3030 NSS_EXTERN NSSItem *

3031 NSSCryptoContext_FinishVerifyRecover

3032 (

3033 NSSCryptoContext *cc,

3034 NSSItem *rvOpt,

3035 NSSArena *arenaOpt

3036 );

3037

3038 /*

3039 * NSSCryptoContext_WrapSymmetricKey

3040 *

3041 */

3042

3043 NSS_EXTERN NSSItem *

3044 NSSCryptoContext_WrapSymmetricKey

3045 (

3046 NSSCryptoContext *cc,

3047 NSSAlgorithmAndParameters *apOpt,

3048 NSSSymmetricKey *keyToWrap,

3049 NSSCallback *uhhOpt,

3050 NSSItem *rvOpt,

3051 NSSArena *arenaOpt

3052 );

3053

3054 /*

3055 * NSSCryptoContext_Digest

3056 *

3057 * Digest a single chunk of data with the distinguished digest key

3058 * of this crypto context.

3059 */

3060

3061 NSS_EXTERN NSSItem *

3062 NSSCryptoContext_Digest

3063 (

3064 NSSCryptoContext *cc,

3065 NSSAlgorithmAndParameters *apOpt,

3066 NSSItem *data,

3067 NSSCallback *uhhOpt,

3068 NSSItem *rvOpt,

3069 NSSArena *arenaOpt

3070 );

3071

3072 /*

3073 * NSSCryptoContext_BeginDigest

3074 *

3075 */

3076

3077 NSS_EXTERN PRStatus

3078 NSSCryptoContext_BeginDigest

3079 (

3080 NSSCryptoContext *cc,

3081 NSSAlgorithmAndParameters *apOpt,

3082 NSSCallback *uhhOpt

3083 );

3084

3085 /*

3086 * NSSCryptoContext_ContinueDigest

3087 *

3088 */

3089

3090 NSS_EXTERN PRStatus

3091 NSSCryptoContext_ContinueDigest

3092 (

3093 NSSCryptoContext *cc,

3094 NSSAlgorithmAndParameters *apOpt,

3095 NSSItem *item

3096 );

3097

3098 /*

3099 * NSSCryptoContext_FinishDigest

3100 *

3101 */

3102

3103 NSS_EXTERN NSSItem *

3104 NSSCryptoContext_FinishDigest

3105 (

3106 NSSCryptoContext *cc,

3107 NSSItem *rvOpt,

3108 NSSArena *arenaOpt

3109 );

3110

3111 /*

3112 * tbd: Combination ops

3113 */

3114

3115 /*

3116 * NSSCryptoContext_Clone

3117 *

3118 */

3119

3120 NSS_EXTERN NSSCryptoContext *

3121 NSSCryptoContext_Clone

3122 (

3123 NSSCryptoContext *cc

3124 );

3125

3126 /*

3127 * NSSCryptoContext_Save

3128 * NSSCryptoContext_Restore

3129 *

3130 * We need to be able to save and restore the state of contexts.

3131 * Perhaps a mark-and-release mechanism would be better?

3132 */

3133

3134 /*

3135 * ..._SignTBSCertificate

3136 *

3137 * This requires feedback from the cert server team.

3138 */

3139

3140 /*

3141 * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);

3142 * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool truste d);

3143 *

3144 * These will be helper functions which get the trust object for a cert,

3145 * and then call the corresponding function(s) on it.

3146 *

3147 * PKIX trust objects will have methods to manipulate the low-level trust

3148 * bits (which are based on key usage and extended key usage), and also the

3149 * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)

3150 *

3151 * Other types of trust objects (if any) might have different low-level

3152 * representations, but hopefully high-level concepts would map.

3153 *

3154 * Only these high-level general routines would be promoted to the

3155 * general certificate level here. Hence the {xxx} above would be things

3156 * like "EmailSigning."

3157 *

3158 *

3159 * NSSPKIXTrust NSSCertificate_GetPKIXTrustObject(NSSCertificate c);

3160 * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate c, NSPKIXTrust t) ;

3161 *

3162 * I want to hold off on any general trust object until we've investigated

3163 * other models more thoroughly.

3164 */

3165

3166 PR_END_EXTERN_C

3167

3168 #endif /* NSSPKI_H */

OLD	NEW

« no previous file with comments | « mozilla/security/nss/lib/pki/cryptocontext.c ('k') | mozilla/security/nss/lib/pki/nsspkit.h » ('j') | no next file with comments »