| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * NSS utility functions | |
| 3 * | |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 7 | |
| 8 #ifndef __nss_h_ | |
| 9 #define __nss_h_ | |
| 10 | |
| 11 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */ | |
| 12 #ifndef NSS_DISABLE_ECC | |
| 13 #ifdef NSS_ECC_MORE_THAN_SUITE_B | |
| 14 #define _NSS_ECC_STRING " Extended ECC" | |
| 15 #else | |
| 16 #define _NSS_ECC_STRING " Basic ECC" | |
| 17 #endif | |
| 18 #else | |
| 19 #define _NSS_ECC_STRING "" | |
| 20 #endif | |
| 21 | |
| 22 /* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */ | |
| 23 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL) | |
| 24 #define _NSS_CUSTOMIZED " (Customized build)" | |
| 25 #else | |
| 26 #define _NSS_CUSTOMIZED | |
| 27 #endif | |
| 28 | |
| 29 /* | |
| 30 * NSS's major version, minor version, patch level, build number, and whether | |
| 31 * this is a beta release. | |
| 32 * | |
| 33 * The format of the version string should be | |
| 34 * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>]
[ <Beta>]" | |
| 35 */ | |
| 36 #define NSS_VERSION "3.23" _NSS_ECC_STRING _NSS_CUSTOMIZED | |
| 37 #define NSS_VMAJOR 3 | |
| 38 #define NSS_VMINOR 23 | |
| 39 #define NSS_VPATCH 0 | |
| 40 #define NSS_VBUILD 0 | |
| 41 #define NSS_BETA PR_FALSE | |
| 42 | |
| 43 #ifndef RC_INVOKED | |
| 44 | |
| 45 #include "seccomon.h" | |
| 46 | |
| 47 typedef struct NSSInitParametersStr NSSInitParameters; | |
| 48 | |
| 49 /* | |
| 50 * parameters used to initialize softoken. Mostly strings used to | |
| 51 * internationalize softoken. Memory for the strings are owned by the caller, | |
| 52 * who is free to free them once NSS_ContextInit returns. If the string | |
| 53 * parameter is NULL (as opposed to empty, zero length), then the softoken | |
| 54 * default is used. These are equivalent to the parameters for | |
| 55 * PK11_ConfigurePKCS11(). | |
| 56 * | |
| 57 * field names match their equivalent parameter names for softoken strings | |
| 58 * documented at https://developer.mozilla.org/en/PKCS11_Module_Specs. | |
| 59 * | |
| 60 * minPWLen | |
| 61 * Minimum password length in bytes. | |
| 62 * manufacturerID | |
| 63 * Override the default manufactureID value for the module returned in | |
| 64 * the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an | |
| 65 * internationalize string (UTF8). This value will be truncated at 32 | |
| 66 * bytes (not including the trailing NULL, partial UTF8 characters will be | |
| 67 * dropped). | |
| 68 * libraryDescription | |
| 69 * Override the default libraryDescription value for the module returned in | |
| 70 * the CK_INFO structure with an internationalize string (UTF8). This value | |
| 71 * will be truncated at 32 bytes(not including the trailing NULL, partial | |
| 72 * UTF8 characters will be dropped). | |
| 73 * cryptoTokenDescription | |
| 74 * Override the default label value for the internal crypto token returned | |
| 75 * in the CK_TOKEN_INFO structure with an internationalize string (UTF8). | |
| 76 * This value will be truncated at 32 bytes (not including the trailing | |
| 77 * NULL, partial UTF8 characters will be dropped). | |
| 78 * dbTokenDescription | |
| 79 * Override the default label value for the internal DB token returned in | |
| 80 * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This | |
| 81 * value will be truncated at 32 bytes (not including the trailing NULL, | |
| 82 * partial UTF8 characters will be dropped). | |
| 83 * FIPSTokenDescription | |
| 84 * Override the default label value for the internal FIPS token returned in | |
| 85 * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This | |
| 86 * value will be truncated at 32 bytes (not including the trailing NULL, | |
| 87 * partial UTF8 characters will be dropped). | |
| 88 * cryptoSlotDescription | |
| 89 * Override the default slotDescription value for the internal crypto token | |
| 90 * returned in the CK_SLOT_INFO structure with an internationalize string | |
| 91 * (UTF8). This value will be truncated at 64 bytes (not including the | |
| 92 * trailing NULL, partial UTF8 characters will be dropped). | |
| 93 * dbSlotDescription | |
| 94 * Override the default slotDescription value for the internal DB token | |
| 95 * returned in the CK_SLOT_INFO structure with an internationalize string | |
| 96 * (UTF8). This value will be truncated at 64 bytes (not including the | |
| 97 * trailing NULL, partial UTF8 characters will be dropped). | |
| 98 * FIPSSlotDescription | |
| 99 * Override the default slotDecription value for the internal FIPS token | |
| 100 * returned in the CK_SLOT_INFO structure with an internationalize string | |
| 101 * (UTF8). This value will be truncated at 64 bytes (not including the | |
| 102 * trailing NULL, partial UTF8 characters will be dropped). | |
| 103 * | |
| 104 */ | |
| 105 struct NSSInitParametersStr { | |
| 106 unsigned int length; /* allow this structure to grow in the future, | |
| 107 * must be set */ | |
| 108 PRBool passwordRequired; | |
| 109 int minPWLen; | |
| 110 char * manufactureID; /* variable names for strings match the */ | |
| 111 char * libraryDescription; /* parameter name in softoken */ | |
| 112 char * cryptoTokenDescription; | |
| 113 char * dbTokenDescription; | |
| 114 char * FIPSTokenDescription; | |
| 115 char * cryptoSlotDescription; | |
| 116 char * dbSlotDescription; | |
| 117 char * FIPSSlotDescription; | |
| 118 }; | |
| 119 | |
| 120 | |
| 121 SEC_BEGIN_PROTOS | |
| 122 | |
| 123 /* | |
| 124 * Return a boolean that indicates whether the underlying library | |
| 125 * will perform as the caller expects. | |
| 126 * | |
| 127 * The only argument is a string, which should be the version | |
| 128 * identifier of the NSS library. That string will be compared | |
| 129 * against a string that represents the actual build version of | |
| 130 * the NSS library. | |
| 131 */ | |
| 132 extern PRBool NSS_VersionCheck(const char *importedVersion); | |
| 133 | |
| 134 /* | |
| 135 * Returns a const string of the NSS library version. | |
| 136 */ | |
| 137 extern const char *NSS_GetVersion(void); | |
| 138 | |
| 139 /* | |
| 140 * Open the Cert, Key, and Security Module databases, read only. | |
| 141 * Initialize the Random Number Generator. | |
| 142 * Does not initialize the cipher policies or enables. | |
| 143 * Default policy settings disallow all ciphers. | |
| 144 */ | |
| 145 extern SECStatus NSS_Init(const char *configdir); | |
| 146 | |
| 147 /* | |
| 148 * Returns whether NSS has already been initialized or not. | |
| 149 */ | |
| 150 extern PRBool NSS_IsInitialized(void); | |
| 151 | |
| 152 /* | |
| 153 * Open the Cert, Key, and Security Module databases, read/write. | |
| 154 * Initialize the Random Number Generator. | |
| 155 * Does not initialize the cipher policies or enables. | |
| 156 * Default policy settings disallow all ciphers. | |
| 157 */ | |
| 158 extern SECStatus NSS_InitReadWrite(const char *configdir); | |
| 159 | |
| 160 /* | |
| 161 * Open the Cert, Key, and Security Module databases, read/write. | |
| 162 * Initialize the Random Number Generator. | |
| 163 * Does not initialize the cipher policies or enables. | |
| 164 * Default policy settings disallow all ciphers. | |
| 165 * | |
| 166 * This allows using application defined prefixes for the cert and key db's | |
| 167 * and an alternate name for the secmod database. NOTE: In future releases, | |
| 168 * the database prefixes my not necessarily map to database names. | |
| 169 * | |
| 170 * configdir - base directory where all the cert, key, and module datbases live. | |
| 171 * certPrefix - prefix added to the beginning of the cert database example: " | |
| 172 * "https-server1-" | |
| 173 * keyPrefix - prefix added to the beginning of the key database example: " | |
| 174 * "https-server1-" | |
| 175 * secmodName - name of the security module database (usually "secmod.db"). | |
| 176 * flags - change the open options of NSS_Initialize as follows: | |
| 177 * NSS_INIT_READONLY - Open the databases read only. | |
| 178 * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just | |
| 179 * initialize the volatile certdb. | |
| 180 * NSS_INIT_NOMODDB - Don't open the security module DB, just | |
| 181 * initialize the PKCS #11 module. | |
| 182 * NSS_INIT_FORCEOPEN - Continue to force initializations even if the | |
| 183 * databases cannot be opened. | |
| 184 * NSS_INIT_NOROOTINIT - Don't try to look for the root certs module | |
| 185 * automatically. | |
| 186 * NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches. | |
| 187 * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are | |
| 188 * thread-safe, ie. that support locking - either OS | |
| 189 * locking or NSS-provided locks . If a PKCS#11 | |
| 190 * module isn't thread-safe, don't serialize its | |
| 191 * calls; just don't load it instead. This is necessary | |
| 192 * if another piece of code is using the same PKCS#11 | |
| 193 * modules that NSS is accessing without going through | |
| 194 * NSS, for example the Java SunPKCS11 provider. | |
| 195 * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED | |
| 196 * error when loading PKCS#11 modules. This is necessary | |
| 197 * if another piece of code is using the same PKCS#11 | |
| 198 * modules that NSS is accessing without going through | |
| 199 * NSS, for example Java SunPKCS11 provider. | |
| 200 * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any | |
| 201 * PKCS#11 module. This may be necessary in order to | |
| 202 * ensure continuous operation and proper shutdown | |
| 203 * sequence if another piece of code is using the same | |
| 204 * PKCS#11 modules that NSS is accessing without going | |
| 205 * through NSS, for example Java SunPKCS11 provider. | |
| 206 * The following limitation applies when this is set : | |
| 207 * SECMOD_WaitForAnyTokenEvent will not use | |
| 208 * C_WaitForSlotEvent, in order to prevent the need for | |
| 209 * C_Finalize. This call will be emulated instead. | |
| 210 * NSS_INIT_RESERVED - Currently has no effect, but may be used in the | |
| 211 * future to trigger better cooperation between PKCS#11 | |
| 212 * modules used by both NSS and the Java SunPKCS11 | |
| 213 * provider. This should occur after a new flag is defined | |
| 214 * for C_Initialize by the PKCS#11 working group. | |
| 215 * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that | |
| 216 * use both NSS and the Java SunPKCS11 provider. | |
| 217 * | |
| 218 * Also NOTE: This is not the recommended method for initializing NSS. | |
| 219 * The preferred method is NSS_init(). | |
| 220 */ | |
| 221 #define NSS_INIT_READONLY 0x1 | |
| 222 #define NSS_INIT_NOCERTDB 0x2 | |
| 223 #define NSS_INIT_NOMODDB 0x4 | |
| 224 #define NSS_INIT_FORCEOPEN 0x8 | |
| 225 #define NSS_INIT_NOROOTINIT 0x10 | |
| 226 #define NSS_INIT_OPTIMIZESPACE 0x20 | |
| 227 #define NSS_INIT_PK11THREADSAFE 0x40 | |
| 228 #define NSS_INIT_PK11RELOAD 0x80 | |
| 229 #define NSS_INIT_NOPK11FINALIZE 0x100 | |
| 230 #define NSS_INIT_RESERVED 0x200 | |
| 231 | |
| 232 #define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \ | |
| 233 NSS_INIT_PK11RELOAD | \ | |
| 234 NSS_INIT_NOPK11FINALIZE | \ | |
| 235 NSS_INIT_RESERVED | |
| 236 | |
| 237 #define SECMOD_DB "secmod.db" | |
| 238 | |
| 239 typedef struct NSSInitContextStr NSSInitContext; | |
| 240 | |
| 241 | |
| 242 extern SECStatus NSS_Initialize(const char *configdir, | |
| 243 const char *certPrefix, const char *keyPrefix, | |
| 244 const char *secmodName, PRUint32 flags); | |
| 245 | |
| 246 extern NSSInitContext *NSS_InitContext(const char *configdir, | |
| 247 const char *certPrefix, const char *keyPrefix, | |
| 248 const char *secmodName, NSSInitParameters *initParams, PRUint32 flags); | |
| 249 | |
| 250 extern SECStatus NSS_ShutdownContext(NSSInitContext *); | |
| 251 | |
| 252 /* | |
| 253 * same as NSS_Init, but checks to see if we need to merge an | |
| 254 * old database in. | |
| 255 * updatedir is the directory where the old database lives. | |
| 256 * updCertPrefix is the certPrefix for the old database. | |
| 257 * updKeyPrefix is the keyPrefix for the old database. | |
| 258 * updateID is a unique identifier chosen by the application for | |
| 259 * the specific database. | |
| 260 * updatName is the name the user will be prompted for when | |
| 261 * asking to authenticate to the old database */ | |
| 262 extern SECStatus NSS_InitWithMerge(const char *configdir, | |
| 263 const char *certPrefix, const char *keyPrefix, const char *secmodName, | |
| 264 const char *updatedir, const char *updCertPrefix, | |
| 265 const char *updKeyPrefix, const char *updateID, | |
| 266 const char *updateName, PRUint32 flags); | |
| 267 /* | |
| 268 * initialize NSS without a creating cert db's, key db's, or secmod db's. | |
| 269 */ | |
| 270 SECStatus NSS_NoDB_Init(const char *configdir); | |
| 271 | |
| 272 /* | |
| 273 * Allow applications and libraries to register with NSS so that they are called | |
| 274 * when NSS shuts down. | |
| 275 * | |
| 276 * void *appData application specific data passed in by the application at | |
| 277 * NSS_RegisterShutdown() time. | |
| 278 * void *nssData is NULL in this release, but is reserved for future versions of
| |
| 279 * NSS to pass some future status information * back to the shutdown function. | |
| 280 * | |
| 281 * If the shutdown function returns SECFailure, | |
| 282 * Shutdown will still complete, but NSS_Shutdown() will return SECFailure. | |
| 283 */ | |
| 284 typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData); | |
| 285 | |
| 286 /* | |
| 287 * Register a shutdown function. | |
| 288 */ | |
| 289 SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData); | |
| 290 | |
| 291 /* | |
| 292 * Remove an existing shutdown function (you may do this if your library is | |
| 293 * complete and going away, but NSS is still running). | |
| 294 */ | |
| 295 SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData); | |
| 296 | |
| 297 /* Available options for NSS_OptionSet() and NSS_OptionGet(). | |
| 298 */ | |
| 299 #define NSS_RSA_MIN_KEY_SIZE 0x001 | |
| 300 #define NSS_DH_MIN_KEY_SIZE 0x002 | |
| 301 #define NSS_DSA_MIN_KEY_SIZE 0x004 | |
| 302 #define NSS_TLS_VERSION_MIN_POLICY 0x008 | |
| 303 #define NSS_TLS_VERSION_MAX_POLICY 0x009 | |
| 304 #define NSS_DTLS_VERSION_MIN_POLICY 0x00a | |
| 305 #define NSS_DTLS_VERSION_MAX_POLICY 0x00b | |
| 306 | |
| 307 /* | |
| 308 * Set and get global options for the NSS library. | |
| 309 */ | |
| 310 SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value); | |
| 311 SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value); | |
| 312 | |
| 313 | |
| 314 /* | |
| 315 * Close the Cert, Key databases. | |
| 316 */ | |
| 317 extern SECStatus NSS_Shutdown(void); | |
| 318 | |
| 319 /* | |
| 320 * set the PKCS #11 strings for the internal token. | |
| 321 */ | |
| 322 void PK11_ConfigurePKCS11(const char *man, const char *libdesc, | |
| 323 const char *tokdesc, const char *ptokdesc, const char *slotdesc, | |
| 324 const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc, | |
| 325 int minPwd, int pwRequired); | |
| 326 | |
| 327 /* | |
| 328 * Dump the contents of the certificate cache and the temporary cert store. | |
| 329 * Use to detect leaked references of certs at shutdown time. | |
| 330 */ | |
| 331 void nss_DumpCertificateCacheInfo(void); | |
| 332 | |
| 333 SEC_END_PROTOS | |
| 334 | |
| 335 #endif /* RC_INVOKED */ | |
| 336 #endif /* __nss_h_ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master