Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Side by Side Diff: nss/lib/nss/nss.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c ('k') | nss/lib/nss/nssinit.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /*
2 * NSS utility functions
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
8 #ifndef __nss_h_
9 #define __nss_h_
10
11 /* The private macro _NSS_ECC_STRING is for NSS internal use only. */
12 #ifndef NSS_DISABLE_ECC
13 #ifdef NSS_ECC_MORE_THAN_SUITE_B
14 #define _NSS_ECC_STRING " Extended ECC"
15 #else
16 #define _NSS_ECC_STRING " Basic ECC"
17 #endif
18 #else
19 #define _NSS_ECC_STRING ""
20 #endif
21
22 /* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */
23 #if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
24 #define _NSS_CUSTOMIZED " (Customized build)"
25 #else
26 #define _NSS_CUSTOMIZED
27 #endif
28
29 /*
30 * NSS's major version, minor version, patch level, build number, and whether
31 * this is a beta release.
32 *
33 * The format of the version string should be
34 * "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>] [ <Beta>]"
35 */
36 #define NSS_VERSION "3.23" _NSS_ECC_STRING _NSS_CUSTOMIZED
37 #define NSS_VMAJOR 3
38 #define NSS_VMINOR 23
39 #define NSS_VPATCH 0
40 #define NSS_VBUILD 0
41 #define NSS_BETA PR_FALSE
42
43 #ifndef RC_INVOKED
44
45 #include "seccomon.h"
46
47 typedef struct NSSInitParametersStr NSSInitParameters;
48
49 /*
50 * parameters used to initialize softoken. Mostly strings used to
51 * internationalize softoken. Memory for the strings are owned by the caller,
52 * who is free to free them once NSS_ContextInit returns. If the string
53 * parameter is NULL (as opposed to empty, zero length), then the softoken
54 * default is used. These are equivalent to the parameters for
55 * PK11_ConfigurePKCS11().
56 *
57 * field names match their equivalent parameter names for softoken strings
58 * documented at https://developer.mozilla.org/en/PKCS11_Module_Specs.
59 *
60 * minPWLen
61 * Minimum password length in bytes.
62 * manufacturerID
63 * Override the default manufactureID value for the module returned in
64 * the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an
65 * internationalize string (UTF8). This value will be truncated at 32
66 * bytes (not including the trailing NULL, partial UTF8 characters will be
67 * dropped).
68 * libraryDescription
69 * Override the default libraryDescription value for the module returned in
70 * the CK_INFO structure with an internationalize string (UTF8). This value
71 * will be truncated at 32 bytes(not including the trailing NULL, partial
72 * UTF8 characters will be dropped).
73 * cryptoTokenDescription
74 * Override the default label value for the internal crypto token returned
75 * in the CK_TOKEN_INFO structure with an internationalize string (UTF8).
76 * This value will be truncated at 32 bytes (not including the trailing
77 * NULL, partial UTF8 characters will be dropped).
78 * dbTokenDescription
79 * Override the default label value for the internal DB token returned in
80 * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
81 * value will be truncated at 32 bytes (not including the trailing NULL,
82 * partial UTF8 characters will be dropped).
83 * FIPSTokenDescription
84 * Override the default label value for the internal FIPS token returned in
85 * the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
86 * value will be truncated at 32 bytes (not including the trailing NULL,
87 * partial UTF8 characters will be dropped).
88 * cryptoSlotDescription
89 * Override the default slotDescription value for the internal crypto token
90 * returned in the CK_SLOT_INFO structure with an internationalize string
91 * (UTF8). This value will be truncated at 64 bytes (not including the
92 * trailing NULL, partial UTF8 characters will be dropped).
93 * dbSlotDescription
94 * Override the default slotDescription value for the internal DB token
95 * returned in the CK_SLOT_INFO structure with an internationalize string
96 * (UTF8). This value will be truncated at 64 bytes (not including the
97 * trailing NULL, partial UTF8 characters will be dropped).
98 * FIPSSlotDescription
99 * Override the default slotDecription value for the internal FIPS token
100 * returned in the CK_SLOT_INFO structure with an internationalize string
101 * (UTF8). This value will be truncated at 64 bytes (not including the
102 * trailing NULL, partial UTF8 characters will be dropped).
103 *
104 */
105 struct NSSInitParametersStr {
106 unsigned int length; /* allow this structure to grow in the future,
107 * must be set */
108 PRBool passwordRequired;
109 int minPWLen;
110 char * manufactureID; /* variable names for strings match the */
111 char * libraryDescription; /* parameter name in softoken */
112 char * cryptoTokenDescription;
113 char * dbTokenDescription;
114 char * FIPSTokenDescription;
115 char * cryptoSlotDescription;
116 char * dbSlotDescription;
117 char * FIPSSlotDescription;
118 };
119
120
121 SEC_BEGIN_PROTOS
122
123 /*
124 * Return a boolean that indicates whether the underlying library
125 * will perform as the caller expects.
126 *
127 * The only argument is a string, which should be the version
128 * identifier of the NSS library. That string will be compared
129 * against a string that represents the actual build version of
130 * the NSS library.
131 */
132 extern PRBool NSS_VersionCheck(const char *importedVersion);
133
134 /*
135 * Returns a const string of the NSS library version.
136 */
137 extern const char *NSS_GetVersion(void);
138
139 /*
140 * Open the Cert, Key, and Security Module databases, read only.
141 * Initialize the Random Number Generator.
142 * Does not initialize the cipher policies or enables.
143 * Default policy settings disallow all ciphers.
144 */
145 extern SECStatus NSS_Init(const char *configdir);
146
147 /*
148 * Returns whether NSS has already been initialized or not.
149 */
150 extern PRBool NSS_IsInitialized(void);
151
152 /*
153 * Open the Cert, Key, and Security Module databases, read/write.
154 * Initialize the Random Number Generator.
155 * Does not initialize the cipher policies or enables.
156 * Default policy settings disallow all ciphers.
157 */
158 extern SECStatus NSS_InitReadWrite(const char *configdir);
159
160 /*
161 * Open the Cert, Key, and Security Module databases, read/write.
162 * Initialize the Random Number Generator.
163 * Does not initialize the cipher policies or enables.
164 * Default policy settings disallow all ciphers.
165 *
166 * This allows using application defined prefixes for the cert and key db's
167 * and an alternate name for the secmod database. NOTE: In future releases,
168 * the database prefixes my not necessarily map to database names.
169 *
170 * configdir - base directory where all the cert, key, and module datbases live.
171 * certPrefix - prefix added to the beginning of the cert database example: "
172 * "https-server1-"
173 * keyPrefix - prefix added to the beginning of the key database example: "
174 * "https-server1-"
175 * secmodName - name of the security module database (usually "secmod.db").
176 * flags - change the open options of NSS_Initialize as follows:
177 * NSS_INIT_READONLY - Open the databases read only.
178 * NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
179 * initialize the volatile certdb.
180 * NSS_INIT_NOMODDB - Don't open the security module DB, just
181 * initialize the PKCS #11 module.
182 * NSS_INIT_FORCEOPEN - Continue to force initializations even if the
183 * databases cannot be opened.
184 * NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
185 * automatically.
186 * NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
187 * NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
188 * thread-safe, ie. that support locking - either OS
189 * locking or NSS-provided locks . If a PKCS#11
190 * module isn't thread-safe, don't serialize its
191 * calls; just don't load it instead. This is necessary
192 * if another piece of code is using the same PKCS#11
193 * modules that NSS is accessing without going through
194 * NSS, for example the Java SunPKCS11 provider.
195 * NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
196 * error when loading PKCS#11 modules. This is necessary
197 * if another piece of code is using the same PKCS#11
198 * modules that NSS is accessing without going through
199 * NSS, for example Java SunPKCS11 provider.
200 * NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
201 * PKCS#11 module. This may be necessary in order to
202 * ensure continuous operation and proper shutdown
203 * sequence if another piece of code is using the same
204 * PKCS#11 modules that NSS is accessing without going
205 * through NSS, for example Java SunPKCS11 provider.
206 * The following limitation applies when this is set :
207 * SECMOD_WaitForAnyTokenEvent will not use
208 * C_WaitForSlotEvent, in order to prevent the need for
209 * C_Finalize. This call will be emulated instead.
210 * NSS_INIT_RESERVED - Currently has no effect, but may be used in the
211 * future to trigger better cooperation between PKCS#11
212 * modules used by both NSS and the Java SunPKCS11
213 * provider. This should occur after a new flag is defined
214 * for C_Initialize by the PKCS#11 working group.
215 * NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
216 * use both NSS and the Java SunPKCS11 provider.
217 *
218 * Also NOTE: This is not the recommended method for initializing NSS.
219 * The preferred method is NSS_init().
220 */
221 #define NSS_INIT_READONLY 0x1
222 #define NSS_INIT_NOCERTDB 0x2
223 #define NSS_INIT_NOMODDB 0x4
224 #define NSS_INIT_FORCEOPEN 0x8
225 #define NSS_INIT_NOROOTINIT 0x10
226 #define NSS_INIT_OPTIMIZESPACE 0x20
227 #define NSS_INIT_PK11THREADSAFE 0x40
228 #define NSS_INIT_PK11RELOAD 0x80
229 #define NSS_INIT_NOPK11FINALIZE 0x100
230 #define NSS_INIT_RESERVED 0x200
231
232 #define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
233 NSS_INIT_PK11RELOAD | \
234 NSS_INIT_NOPK11FINALIZE | \
235 NSS_INIT_RESERVED
236
237 #define SECMOD_DB "secmod.db"
238
239 typedef struct NSSInitContextStr NSSInitContext;
240
241
242 extern SECStatus NSS_Initialize(const char *configdir,
243 const char *certPrefix, const char *keyPrefix,
244 const char *secmodName, PRUint32 flags);
245
246 extern NSSInitContext *NSS_InitContext(const char *configdir,
247 const char *certPrefix, const char *keyPrefix,
248 const char *secmodName, NSSInitParameters *initParams, PRUint32 flags);
249
250 extern SECStatus NSS_ShutdownContext(NSSInitContext *);
251
252 /*
253 * same as NSS_Init, but checks to see if we need to merge an
254 * old database in.
255 * updatedir is the directory where the old database lives.
256 * updCertPrefix is the certPrefix for the old database.
257 * updKeyPrefix is the keyPrefix for the old database.
258 * updateID is a unique identifier chosen by the application for
259 * the specific database.
260 * updatName is the name the user will be prompted for when
261 * asking to authenticate to the old database */
262 extern SECStatus NSS_InitWithMerge(const char *configdir,
263 const char *certPrefix, const char *keyPrefix, const char *secmodName,
264 const char *updatedir, const char *updCertPrefix,
265 const char *updKeyPrefix, const char *updateID,
266 const char *updateName, PRUint32 flags);
267 /*
268 * initialize NSS without a creating cert db's, key db's, or secmod db's.
269 */
270 SECStatus NSS_NoDB_Init(const char *configdir);
271
272 /*
273 * Allow applications and libraries to register with NSS so that they are called
274 * when NSS shuts down.
275 *
276 * void *appData application specific data passed in by the application at
277 * NSS_RegisterShutdown() time.
278 * void *nssData is NULL in this release, but is reserved for future versions of
279 * NSS to pass some future status information * back to the shutdown function.
280 *
281 * If the shutdown function returns SECFailure,
282 * Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
283 */
284 typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
285
286 /*
287 * Register a shutdown function.
288 */
289 SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
290
291 /*
292 * Remove an existing shutdown function (you may do this if your library is
293 * complete and going away, but NSS is still running).
294 */
295 SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
296
297 /* Available options for NSS_OptionSet() and NSS_OptionGet().
298 */
299 #define NSS_RSA_MIN_KEY_SIZE 0x001
300 #define NSS_DH_MIN_KEY_SIZE 0x002
301 #define NSS_DSA_MIN_KEY_SIZE 0x004
302 #define NSS_TLS_VERSION_MIN_POLICY 0x008
303 #define NSS_TLS_VERSION_MAX_POLICY 0x009
304 #define NSS_DTLS_VERSION_MIN_POLICY 0x00a
305 #define NSS_DTLS_VERSION_MAX_POLICY 0x00b
306
307 /*
308 * Set and get global options for the NSS library.
309 */
310 SECStatus NSS_OptionSet(PRInt32 which, PRInt32 value);
311 SECStatus NSS_OptionGet(PRInt32 which, PRInt32 *value);
312
313
314 /*
315 * Close the Cert, Key databases.
316 */
317 extern SECStatus NSS_Shutdown(void);
318
319 /*
320 * set the PKCS #11 strings for the internal token.
321 */
322 void PK11_ConfigurePKCS11(const char *man, const char *libdesc,
323 const char *tokdesc, const char *ptokdesc, const char *slotdesc,
324 const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc,
325 int minPwd, int pwRequired);
326
327 /*
328 * Dump the contents of the certificate cache and the temporary cert store.
329 * Use to detect leaked references of certs at shutdown time.
330 */
331 void nss_DumpCertificateCacheInfo(void);
332
333 SEC_END_PROTOS
334
335 #endif /* RC_INVOKED */
336 #endif /* __nss_h_ */
OLDNEW
« no previous file with comments | « nss/lib/libpkix/pkix_pl_nss/system/pkix_pl_string.c ('k') | nss/lib/nss/nssinit.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698