2
* NSS utility functions
4
* This Source Code Form is subject to the terms of the Mozilla Public
5
* License, v. 2.0. If a copy of the MPL was not distributed with this
6
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7
/* $Id: nss.h,v 1.104 2013/02/14 19:16:13 kaie%kuix.de Exp $ */
12
/* The private macro _NSS_ECC_STRING is for NSS internal use only. */
14
#ifdef NSS_ECC_MORE_THAN_SUITE_B
15
#define _NSS_ECC_STRING " Extended ECC"
17
#define _NSS_ECC_STRING " Basic ECC"
20
#define _NSS_ECC_STRING ""
23
/* The private macro _NSS_CUSTOMIZED is for NSS internal use only. */
24
#if defined(NSS_ALLOW_UNSUPPORTED_CRITICAL)
25
#define _NSS_CUSTOMIZED " (Customized build)"
27
#define _NSS_CUSTOMIZED
31
* NSS's major version, minor version, patch level, build number, and whether
32
* this is a beta release.
34
* The format of the version string should be
35
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
37
#define NSS_VERSION "3.14.3.0" _NSS_ECC_STRING _NSS_CUSTOMIZED
42
#define NSS_BETA PR_FALSE
48
typedef struct NSSInitParametersStr NSSInitParameters;
51
* parameters used to initialize softoken. Mostly strings used to
52
* internationalize softoken. Memory for the strings are owned by the caller,
53
* who is free to free them once NSS_ContextInit returns. If the string
54
* parameter is NULL (as opposed to empty, zero length), then the softoken
55
* default is used. These are equivalent to the parameters for
56
* PK11_ConfigurePKCS11().
58
* field names match their equivalent parameter names for softoken strings
59
* documented at https://developer.mozilla.org/en/PKCS11_Module_Specs.
62
* Minimum password length in bytes.
64
* Override the default manufactureID value for the module returned in
65
* the CK_INFO, CK_SLOT_INFO, and CK_TOKEN_INFO structures with an
66
* internationalize string (UTF8). This value will be truncated at 32
67
* bytes (not including the trailing NULL, partial UTF8 characters will be
70
* Override the default libraryDescription value for the module returned in
71
* the CK_INFO structure with an internationalize string (UTF8). This value
72
* will be truncated at 32 bytes(not including the trailing NULL, partial
73
* UTF8 characters will be dropped).
74
* cryptoTokenDescription
75
* Override the default label value for the internal crypto token returned
76
* in the CK_TOKEN_INFO structure with an internationalize string (UTF8).
77
* This value will be truncated at 32 bytes (not including the trailing
78
* NULL, partial UTF8 characters will be dropped).
80
* Override the default label value for the internal DB token returned in
81
* the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
82
* value will be truncated at 32 bytes (not including the trailing NULL,
83
* partial UTF8 characters will be dropped).
84
* FIPSTokenDescription
85
* Override the default label value for the internal FIPS token returned in
86
* the CK_TOKEN_INFO structure with an internationalize string (UTF8). This
87
* value will be truncated at 32 bytes (not including the trailing NULL,
88
* partial UTF8 characters will be dropped).
89
* cryptoSlotDescription
90
* Override the default slotDescription value for the internal crypto token
91
* returned in the CK_SLOT_INFO structure with an internationalize string
92
* (UTF8). This value will be truncated at 64 bytes (not including the
93
* trailing NULL, partial UTF8 characters will be dropped).
95
* Override the default slotDescription value for the internal DB token
96
* returned in the CK_SLOT_INFO structure with an internationalize string
97
* (UTF8). This value will be truncated at 64 bytes (not including the
98
* trailing NULL, partial UTF8 characters will be dropped).
100
* Override the default slotDecription value for the internal FIPS token
101
* returned in the CK_SLOT_INFO structure with an internationalize string
102
* (UTF8). This value will be truncated at 64 bytes (not including the
103
* trailing NULL, partial UTF8 characters will be dropped).
106
struct NSSInitParametersStr {
107
unsigned int length; /* allow this structure to grow in the future,
109
PRBool passwordRequired;
111
char * manufactureID; /* variable names for strings match the */
112
char * libraryDescription; /* parameter name in softoken */
113
char * cryptoTokenDescription;
114
char * dbTokenDescription;
115
char * FIPSTokenDescription;
116
char * cryptoSlotDescription;
117
char * dbSlotDescription;
118
char * FIPSSlotDescription;
125
* Return a boolean that indicates whether the underlying library
126
* will perform as the caller expects.
128
* The only argument is a string, which should be the version
129
* identifier of the NSS library. That string will be compared
130
* against a string that represents the actual build version of
133
extern PRBool NSS_VersionCheck(const char *importedVersion);
136
* Returns a const string of the NSS library version.
138
extern const char *NSS_GetVersion(void);
141
* Open the Cert, Key, and Security Module databases, read only.
142
* Initialize the Random Number Generator.
143
* Does not initialize the cipher policies or enables.
144
* Default policy settings disallow all ciphers.
146
extern SECStatus NSS_Init(const char *configdir);
149
* Returns whether NSS has already been initialized or not.
151
extern PRBool NSS_IsInitialized(void);
154
* Open the Cert, Key, and Security Module databases, read/write.
155
* Initialize the Random Number Generator.
156
* Does not initialize the cipher policies or enables.
157
* Default policy settings disallow all ciphers.
159
extern SECStatus NSS_InitReadWrite(const char *configdir);
162
* Open the Cert, Key, and Security Module databases, read/write.
163
* Initialize the Random Number Generator.
164
* Does not initialize the cipher policies or enables.
165
* Default policy settings disallow all ciphers.
167
* This allows using application defined prefixes for the cert and key db's
168
* and an alternate name for the secmod database. NOTE: In future releases,
169
* the database prefixes my not necessarily map to database names.
171
* configdir - base directory where all the cert, key, and module datbases live.
172
* certPrefix - prefix added to the beginning of the cert database example: "
174
* keyPrefix - prefix added to the beginning of the key database example: "
176
* secmodName - name of the security module database (usually "secmod.db").
177
* flags - change the open options of NSS_Initialize as follows:
178
* NSS_INIT_READONLY - Open the databases read only.
179
* NSS_INIT_NOCERTDB - Don't open the cert DB and key DB's, just
180
* initialize the volatile certdb.
181
* NSS_INIT_NOMODDB - Don't open the security module DB, just
182
* initialize the PKCS #11 module.
183
* NSS_INIT_FORCEOPEN - Continue to force initializations even if the
184
* databases cannot be opened.
185
* NSS_INIT_NOROOTINIT - Don't try to look for the root certs module
187
* NSS_INIT_OPTIMIZESPACE - Use smaller tables and caches.
188
* NSS_INIT_PK11THREADSAFE - only load PKCS#11 modules that are
189
* thread-safe, ie. that support locking - either OS
190
* locking or NSS-provided locks . If a PKCS#11
191
* module isn't thread-safe, don't serialize its
192
* calls; just don't load it instead. This is necessary
193
* if another piece of code is using the same PKCS#11
194
* modules that NSS is accessing without going through
195
* NSS, for example the Java SunPKCS11 provider.
196
* NSS_INIT_PK11RELOAD - ignore the CKR_CRYPTOKI_ALREADY_INITIALIZED
197
* error when loading PKCS#11 modules. This is necessary
198
* if another piece of code is using the same PKCS#11
199
* modules that NSS is accessing without going through
200
* NSS, for example Java SunPKCS11 provider.
201
* NSS_INIT_NOPK11FINALIZE - never call C_Finalize on any
202
* PKCS#11 module. This may be necessary in order to
203
* ensure continuous operation and proper shutdown
204
* sequence if another piece of code is using the same
205
* PKCS#11 modules that NSS is accessing without going
206
* through NSS, for example Java SunPKCS11 provider.
207
* The following limitation applies when this is set :
208
* SECMOD_WaitForAnyTokenEvent will not use
209
* C_WaitForSlotEvent, in order to prevent the need for
210
* C_Finalize. This call will be emulated instead.
211
* NSS_INIT_RESERVED - Currently has no effect, but may be used in the
212
* future to trigger better cooperation between PKCS#11
213
* modules used by both NSS and the Java SunPKCS11
214
* provider. This should occur after a new flag is defined
215
* for C_Initialize by the PKCS#11 working group.
216
* NSS_INIT_COOPERATE - Sets 4 recommended options for applications that
217
* use both NSS and the Java SunPKCS11 provider.
219
* Also NOTE: This is not the recommended method for initializing NSS.
220
* The preferred method is NSS_init().
222
#define NSS_INIT_READONLY 0x1
223
#define NSS_INIT_NOCERTDB 0x2
224
#define NSS_INIT_NOMODDB 0x4
225
#define NSS_INIT_FORCEOPEN 0x8
226
#define NSS_INIT_NOROOTINIT 0x10
227
#define NSS_INIT_OPTIMIZESPACE 0x20
228
#define NSS_INIT_PK11THREADSAFE 0x40
229
#define NSS_INIT_PK11RELOAD 0x80
230
#define NSS_INIT_NOPK11FINALIZE 0x100
231
#define NSS_INIT_RESERVED 0x200
233
#define NSS_INIT_COOPERATE NSS_INIT_PK11THREADSAFE | \
234
NSS_INIT_PK11RELOAD | \
235
NSS_INIT_NOPK11FINALIZE | \
238
#define SECMOD_DB "secmod.db"
240
typedef struct NSSInitContextStr NSSInitContext;
243
extern SECStatus NSS_Initialize(const char *configdir,
244
const char *certPrefix, const char *keyPrefix,
245
const char *secmodName, PRUint32 flags);
247
extern NSSInitContext *NSS_InitContext(const char *configdir,
248
const char *certPrefix, const char *keyPrefix,
249
const char *secmodName, NSSInitParameters *initParams, PRUint32 flags);
251
extern SECStatus NSS_ShutdownContext(NSSInitContext *);
254
* same as NSS_Init, but checks to see if we need to merge an
256
* updatedir is the directory where the old database lives.
257
* updCertPrefix is the certPrefix for the old database.
258
* updKeyPrefix is the keyPrefix for the old database.
259
* updateID is a unique identifier chosen by the application for
260
* the specific database.
261
* updatName is the name the user will be prompted for when
262
* asking to authenticate to the old database */
263
extern SECStatus NSS_InitWithMerge(const char *configdir,
264
const char *certPrefix, const char *keyPrefix, const char *secmodName,
265
const char *updatedir, const char *updCertPrefix,
266
const char *updKeyPrefix, const char *updateID,
267
const char *updateName, PRUint32 flags);
269
* initialize NSS without a creating cert db's, key db's, or secmod db's.
271
SECStatus NSS_NoDB_Init(const char *configdir);
274
* Allow applications and libraries to register with NSS so that they are called
275
* when NSS shuts down.
277
* void *appData application specific data passed in by the application at
278
* NSS_RegisterShutdown() time.
279
* void *nssData is NULL in this release, but is reserved for future versions of
280
* NSS to pass some future status information * back to the shutdown function.
282
* If the shutdown function returns SECFailure,
283
* Shutdown will still complete, but NSS_Shutdown() will return SECFailure.
285
typedef SECStatus (*NSS_ShutdownFunc)(void *appData, void *nssData);
288
* Register a shutdown function.
290
SECStatus NSS_RegisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
293
* Remove an existing shutdown function (you may do this if your library is
294
* complete and going away, but NSS is still running).
296
SECStatus NSS_UnregisterShutdown(NSS_ShutdownFunc sFunc, void *appData);
299
* Close the Cert, Key databases.
301
extern SECStatus NSS_Shutdown(void);
304
* set the PKCS #11 strings for the internal token.
306
void PK11_ConfigurePKCS11(const char *man, const char *libdesc,
307
const char *tokdesc, const char *ptokdesc, const char *slotdesc,
308
const char *pslotdesc, const char *fslotdesc, const char *fpslotdesc,
309
int minPwd, int pwRequired);
312
* Dump the contents of the certificate cache and the temporary cert store.
313
* Use to detect leaked references of certs at shutdown time.
315
void nss_DumpCertificateCacheInfo(void);
319
#endif /* RC_INVOKED */
320
#endif /* __nss_h_ */