1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
38
static const char CVS_ID[] = "@(#) $RCSfile: cryptocontext.c,v $ $Revision: 1.14.28.2 $ $Date: 2006/08/22 17:12:04 $";
51
#endif /* PKISTORE_H */
55
#ifdef PURE_STAN_BUILD
56
struct NSSCryptoContextStr
63
nssCertificateStore *certStore;
67
extern const NSSError NSS_ERROR_NOT_FOUND;
68
extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
70
NSS_IMPLEMENT NSSCryptoContext *
71
nssCryptoContext_Create (
77
NSSCryptoContext *rvCC;
78
arena = NSSArena_Create();
82
rvCC = nss_ZNEW(arena, NSSCryptoContext);
88
rvCC->certStore = nssCertificateStore_Create(rvCC->arena);
89
if (!rvCC->certStore) {
90
nssArena_Destroy(arena);
97
NSS_IMPLEMENT PRStatus
98
NSSCryptoContext_Destroy (
102
PRStatus status = PR_SUCCESS;
103
PORT_Assert(cc->certStore);
105
status = nssCertificateStore_Destroy(cc->certStore);
106
if (status == PR_FAILURE) {
112
nssArena_Destroy(cc->arena);
116
NSS_IMPLEMENT PRStatus
117
NSSCryptoContext_SetDefaultCallback (
118
NSSCryptoContext *td,
119
NSSCallback *newCallback,
120
NSSCallback **oldCallbackOpt
123
nss_SetError(NSS_ERROR_NOT_FOUND);
127
NSS_IMPLEMENT NSSCallback *
128
NSSCryptoContext_GetDefaultCallback (
129
NSSCryptoContext *td,
133
nss_SetError(NSS_ERROR_NOT_FOUND);
137
NSS_IMPLEMENT NSSTrustDomain *
138
NSSCryptoContext_GetTrustDomain (
142
nss_SetError(NSS_ERROR_NOT_FOUND);
147
NSS_IMPLEMENT NSSCertificate *
148
NSSCryptoContext_FindOrImportCertificate (
149
NSSCryptoContext *cc,
153
NSSCertificate *rvCert = NULL;
155
PORT_Assert(cc->certStore);
156
if (!cc->certStore) {
157
nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
160
rvCert = nssCertificateStore_FindOrAdd(cc->certStore, c);
161
if (rvCert == c && c->object.cryptoContext != cc) {
162
PORT_Assert(!c->object.cryptoContext);
163
c->object.cryptoContext = cc;
166
/* an NSSCertificate cannot be part of two crypto contexts
167
** simultaneously. If this assertion fails, then there is
168
** a serious Stan design flaw.
170
PORT_Assert(cc == c->object.cryptoContext);
175
NSS_IMPLEMENT NSSCertificate *
176
NSSCryptoContext_ImportPKIXCertificate (
177
NSSCryptoContext *cc,
178
struct NSSPKIXCertificateStr *pc
181
nss_SetError(NSS_ERROR_NOT_FOUND);
185
NSS_IMPLEMENT NSSCertificate *
186
NSSCryptoContext_ImportEncodedCertificate (
187
NSSCryptoContext *cc,
191
nss_SetError(NSS_ERROR_NOT_FOUND);
195
NSS_IMPLEMENT PRStatus
196
NSSCryptoContext_ImportEncodedPKIXCertificateChain (
197
NSSCryptoContext *cc,
201
nss_SetError(NSS_ERROR_NOT_FOUND);
205
NSS_IMPLEMENT PRStatus
206
nssCryptoContext_ImportTrust (
207
NSSCryptoContext *cc,
212
PORT_Assert(cc->certStore);
213
if (!cc->certStore) {
216
nssrv = nssCertificateStore_AddTrust(cc->certStore, trust);
218
if (nssrv == PR_SUCCESS) {
219
trust->object.cryptoContext = cc;
225
NSS_IMPLEMENT PRStatus
226
nssCryptoContext_ImportSMIMEProfile (
227
NSSCryptoContext *cc,
228
nssSMIMEProfile *profile
232
PORT_Assert(cc->certStore);
233
if (!cc->certStore) {
236
nssrv = nssCertificateStore_AddSMIMEProfile(cc->certStore, profile);
238
if (nssrv == PR_SUCCESS) {
239
profile->object.cryptoContext = cc;
245
NSS_IMPLEMENT NSSCertificate *
246
NSSCryptoContext_FindBestCertificateByNickname (
247
NSSCryptoContext *cc,
249
NSSTime *timeOpt, /* NULL for "now" */
251
NSSPolicies *policiesOpt /* NULL for none */
254
NSSCertificate **certs;
255
NSSCertificate *rvCert = NULL;
256
PORT_Assert(cc->certStore);
257
if (!cc->certStore) {
260
certs = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
264
rvCert = nssCertificateArray_FindBestCertificate(certs,
268
nssCertificateArray_Destroy(certs);
273
NSS_IMPLEMENT NSSCertificate **
274
NSSCryptoContext_FindCertificatesByNickname (
275
NSSCryptoContext *cc,
277
NSSCertificate *rvOpt[],
278
PRUint32 maximumOpt, /* 0 for no max */
282
NSSCertificate **rvCerts;
283
PORT_Assert(cc->certStore);
284
if (!cc->certStore) {
287
rvCerts = nssCertificateStore_FindCertificatesByNickname(cc->certStore,
295
NSS_IMPLEMENT NSSCertificate *
296
NSSCryptoContext_FindCertificateByIssuerAndSerialNumber (
297
NSSCryptoContext *cc,
302
PORT_Assert(cc->certStore);
303
if (!cc->certStore) {
306
return nssCertificateStore_FindCertificateByIssuerAndSerialNumber(
312
NSS_IMPLEMENT NSSCertificate *
313
NSSCryptoContext_FindBestCertificateBySubject (
314
NSSCryptoContext *cc,
318
NSSPolicies *policiesOpt
321
NSSCertificate **certs;
322
NSSCertificate *rvCert = NULL;
323
PORT_Assert(cc->certStore);
324
if (!cc->certStore) {
327
certs = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
331
rvCert = nssCertificateArray_FindBestCertificate(certs,
335
nssCertificateArray_Destroy(certs);
340
NSS_IMPLEMENT NSSCertificate **
341
nssCryptoContext_FindCertificatesBySubject (
342
NSSCryptoContext *cc,
344
NSSCertificate *rvOpt[],
345
PRUint32 maximumOpt, /* 0 for no max */
349
NSSCertificate **rvCerts;
350
PORT_Assert(cc->certStore);
351
if (!cc->certStore) {
354
rvCerts = nssCertificateStore_FindCertificatesBySubject(cc->certStore,
362
NSS_IMPLEMENT NSSCertificate **
363
NSSCryptoContext_FindCertificatesBySubject (
364
NSSCryptoContext *cc,
366
NSSCertificate *rvOpt[],
367
PRUint32 maximumOpt, /* 0 for no max */
371
return nssCryptoContext_FindCertificatesBySubject(cc, subject,
376
NSS_IMPLEMENT NSSCertificate *
377
NSSCryptoContext_FindBestCertificateByNameComponents (
378
NSSCryptoContext *cc,
379
NSSUTF8 *nameComponents,
382
NSSPolicies *policiesOpt
385
nss_SetError(NSS_ERROR_NOT_FOUND);
389
NSS_IMPLEMENT NSSCertificate **
390
NSSCryptoContext_FindCertificatesByNameComponents (
391
NSSCryptoContext *cc,
392
NSSUTF8 *nameComponents,
393
NSSCertificate *rvOpt[],
394
PRUint32 maximumOpt, /* 0 for no max */
398
nss_SetError(NSS_ERROR_NOT_FOUND);
402
NSS_IMPLEMENT NSSCertificate *
403
NSSCryptoContext_FindCertificateByEncodedCertificate (
404
NSSCryptoContext *cc,
405
NSSBER *encodedCertificate
408
PORT_Assert(cc->certStore);
409
if (!cc->certStore) {
412
return nssCertificateStore_FindCertificateByEncodedCertificate(
417
NSS_IMPLEMENT NSSCertificate *
418
NSSCryptoContext_FindBestCertificateByEmail (
419
NSSCryptoContext *cc,
423
NSSPolicies *policiesOpt
426
NSSCertificate **certs;
427
NSSCertificate *rvCert = NULL;
429
PORT_Assert(cc->certStore);
430
if (!cc->certStore) {
433
certs = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
437
rvCert = nssCertificateArray_FindBestCertificate(certs,
441
nssCertificateArray_Destroy(certs);
446
NSS_IMPLEMENT NSSCertificate **
447
NSSCryptoContext_FindCertificatesByEmail (
448
NSSCryptoContext *cc,
450
NSSCertificate *rvOpt[],
451
PRUint32 maximumOpt, /* 0 for no max */
455
NSSCertificate **rvCerts;
456
PORT_Assert(cc->certStore);
457
if (!cc->certStore) {
460
rvCerts = nssCertificateStore_FindCertificatesByEmail(cc->certStore,
468
NSS_IMPLEMENT NSSCertificate *
469
NSSCryptoContext_FindCertificateByOCSPHash (
470
NSSCryptoContext *cc,
474
nss_SetError(NSS_ERROR_NOT_FOUND);
478
NSS_IMPLEMENT NSSCertificate *
479
NSSCryptoContext_FindBestUserCertificate (
480
NSSCryptoContext *cc,
483
NSSPolicies *policiesOpt
486
nss_SetError(NSS_ERROR_NOT_FOUND);
490
NSS_IMPLEMENT NSSCertificate **
491
NSSCryptoContext_FindUserCertificates (
492
NSSCryptoContext *cc,
495
NSSPolicies *policiesOpt,
496
NSSCertificate **rvOpt,
497
PRUint32 rvLimit, /* zero for no limit */
501
nss_SetError(NSS_ERROR_NOT_FOUND);
505
NSS_IMPLEMENT NSSCertificate *
506
NSSCryptoContext_FindBestUserCertificateForSSLClientAuth (
507
NSSCryptoContext *cc,
509
NSSDER *rootCAsOpt[], /* null pointer for none */
510
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
511
NSSAlgorithmAndParameters *apOpt,
512
NSSPolicies *policiesOpt
515
nss_SetError(NSS_ERROR_NOT_FOUND);
519
NSS_IMPLEMENT NSSCertificate **
520
NSSCryptoContext_FindUserCertificatesForSSLClientAuth (
521
NSSCryptoContext *cc,
523
NSSDER *rootCAsOpt[], /* null pointer for none */
524
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
525
NSSAlgorithmAndParameters *apOpt,
526
NSSPolicies *policiesOpt,
527
NSSCertificate **rvOpt,
528
PRUint32 rvLimit, /* zero for no limit */
532
nss_SetError(NSS_ERROR_NOT_FOUND);
536
NSS_IMPLEMENT NSSCertificate *
537
NSSCryptoContext_FindBestUserCertificateForEmailSigning (
538
NSSCryptoContext *cc,
539
NSSASCII7 *signerOpt,
540
NSSASCII7 *recipientOpt,
541
/* anything more here? */
542
NSSAlgorithmAndParameters *apOpt,
543
NSSPolicies *policiesOpt
546
nss_SetError(NSS_ERROR_NOT_FOUND);
550
NSS_IMPLEMENT NSSCertificate *
551
NSSCryptoContext_FindUserCertificatesForEmailSigning (
552
NSSCryptoContext *cc,
553
NSSASCII7 *signerOpt, /* fgmr or a more general name? */
554
NSSASCII7 *recipientOpt,
555
/* anything more here? */
556
NSSAlgorithmAndParameters *apOpt,
557
NSSPolicies *policiesOpt,
558
NSSCertificate **rvOpt,
559
PRUint32 rvLimit, /* zero for no limit */
563
nss_SetError(NSS_ERROR_NOT_FOUND);
567
NSS_IMPLEMENT NSSTrust *
568
nssCryptoContext_FindTrustForCertificate (
569
NSSCryptoContext *cc,
573
PORT_Assert(cc->certStore);
574
if (!cc->certStore) {
577
return nssCertificateStore_FindTrustForCertificate(cc->certStore, cert);
580
NSS_IMPLEMENT nssSMIMEProfile *
581
nssCryptoContext_FindSMIMEProfileForCertificate (
582
NSSCryptoContext *cc,
586
PORT_Assert(cc->certStore);
587
if (!cc->certStore) {
590
return nssCertificateStore_FindSMIMEProfileForCertificate(cc->certStore,
594
NSS_IMPLEMENT PRStatus
595
NSSCryptoContext_GenerateKeyPair (
596
NSSCryptoContext *cc,
597
NSSAlgorithmAndParameters *ap,
598
NSSPrivateKey **pvkOpt,
599
NSSPublicKey **pbkOpt,
600
PRBool privateKeyIsSensitive,
601
NSSToken *destination,
605
nss_SetError(NSS_ERROR_NOT_FOUND);
609
NSS_IMPLEMENT NSSSymmetricKey *
610
NSSCryptoContext_GenerateSymmetricKey (
611
NSSCryptoContext *cc,
612
NSSAlgorithmAndParameters *ap,
614
NSSToken *destination,
618
nss_SetError(NSS_ERROR_NOT_FOUND);
622
NSS_IMPLEMENT NSSSymmetricKey *
623
NSSCryptoContext_GenerateSymmetricKeyFromPassword (
624
NSSCryptoContext *cc,
625
NSSAlgorithmAndParameters *ap,
626
NSSUTF8 *passwordOpt, /* if null, prompt */
627
NSSToken *destinationOpt,
631
nss_SetError(NSS_ERROR_NOT_FOUND);
635
NSS_IMPLEMENT NSSSymmetricKey *
636
NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID (
637
NSSCryptoContext *cc,
643
nss_SetError(NSS_ERROR_NOT_FOUND);
647
struct token_session_str {
652
NSS_IMPLEMENT NSSItem *
653
NSSCryptoContext_Decrypt (
654
NSSCryptoContext *cc,
655
NSSAlgorithmAndParameters *apOpt,
656
NSSItem *encryptedData,
662
nss_SetError(NSS_ERROR_NOT_FOUND);
666
NSS_IMPLEMENT PRStatus
667
NSSCryptoContext_BeginDecrypt (
668
NSSCryptoContext *cc,
669
NSSAlgorithmAndParameters *apOpt,
673
nss_SetError(NSS_ERROR_NOT_FOUND);
677
NSS_IMPLEMENT NSSItem *
678
NSSCryptoContext_ContinueDecrypt (
679
NSSCryptoContext *cc,
685
nss_SetError(NSS_ERROR_NOT_FOUND);
689
NSS_IMPLEMENT NSSItem *
690
NSSCryptoContext_FinishDecrypt (
691
NSSCryptoContext *cc,
696
nss_SetError(NSS_ERROR_NOT_FOUND);
700
NSS_IMPLEMENT NSSItem *
701
NSSCryptoContext_Sign (
702
NSSCryptoContext *cc,
703
NSSAlgorithmAndParameters *apOpt,
710
nss_SetError(NSS_ERROR_NOT_FOUND);
714
NSS_IMPLEMENT PRStatus
715
NSSCryptoContext_BeginSign (
716
NSSCryptoContext *cc,
717
NSSAlgorithmAndParameters *apOpt,
721
nss_SetError(NSS_ERROR_NOT_FOUND);
725
NSS_IMPLEMENT PRStatus
726
NSSCryptoContext_ContinueSign (
727
NSSCryptoContext *cc,
731
nss_SetError(NSS_ERROR_NOT_FOUND);
735
NSS_IMPLEMENT NSSItem *
736
NSSCryptoContext_FinishSign (
737
NSSCryptoContext *cc,
742
nss_SetError(NSS_ERROR_NOT_FOUND);
746
NSS_IMPLEMENT NSSItem *
747
NSSCryptoContext_SignRecover (
748
NSSCryptoContext *cc,
749
NSSAlgorithmAndParameters *apOpt,
756
nss_SetError(NSS_ERROR_NOT_FOUND);
760
NSS_IMPLEMENT PRStatus
761
NSSCryptoContext_BeginSignRecover (
762
NSSCryptoContext *cc,
763
NSSAlgorithmAndParameters *apOpt,
767
nss_SetError(NSS_ERROR_NOT_FOUND);
771
NSS_IMPLEMENT NSSItem *
772
NSSCryptoContext_ContinueSignRecover (
773
NSSCryptoContext *cc,
779
nss_SetError(NSS_ERROR_NOT_FOUND);
783
NSS_IMPLEMENT NSSItem *
784
NSSCryptoContext_FinishSignRecover (
785
NSSCryptoContext *cc,
790
nss_SetError(NSS_ERROR_NOT_FOUND);
794
NSS_IMPLEMENT NSSSymmetricKey *
795
NSSCryptoContext_UnwrapSymmetricKey (
796
NSSCryptoContext *cc,
797
NSSAlgorithmAndParameters *apOpt,
802
nss_SetError(NSS_ERROR_NOT_FOUND);
806
NSS_IMPLEMENT NSSSymmetricKey *
807
NSSCryptoContext_DeriveSymmetricKey (
808
NSSCryptoContext *cc,
810
NSSAlgorithmAndParameters *apOpt,
812
PRUint32 keySizeOpt, /* zero for best allowed */
813
NSSOperations operations,
817
nss_SetError(NSS_ERROR_NOT_FOUND);
821
NSS_IMPLEMENT NSSItem *
822
NSSCryptoContext_Encrypt (
823
NSSCryptoContext *cc,
824
NSSAlgorithmAndParameters *apOpt,
831
nss_SetError(NSS_ERROR_NOT_FOUND);
835
NSS_IMPLEMENT PRStatus
836
NSSCryptoContext_BeginEncrypt (
837
NSSCryptoContext *cc,
838
NSSAlgorithmAndParameters *apOpt,
842
nss_SetError(NSS_ERROR_NOT_FOUND);
846
NSS_IMPLEMENT NSSItem *
847
NSSCryptoContext_ContinueEncrypt (
848
NSSCryptoContext *cc,
854
nss_SetError(NSS_ERROR_NOT_FOUND);
858
NSS_IMPLEMENT NSSItem *
859
NSSCryptoContext_FinishEncrypt (
860
NSSCryptoContext *cc,
865
nss_SetError(NSS_ERROR_NOT_FOUND);
869
NSS_IMPLEMENT PRStatus
870
NSSCryptoContext_Verify (
871
NSSCryptoContext *cc,
872
NSSAlgorithmAndParameters *apOpt,
878
nss_SetError(NSS_ERROR_NOT_FOUND);
882
NSS_IMPLEMENT PRStatus
883
NSSCryptoContext_BeginVerify (
884
NSSCryptoContext *cc,
885
NSSAlgorithmAndParameters *apOpt,
890
nss_SetError(NSS_ERROR_NOT_FOUND);
894
NSS_IMPLEMENT PRStatus
895
NSSCryptoContext_ContinueVerify (
896
NSSCryptoContext *cc,
900
nss_SetError(NSS_ERROR_NOT_FOUND);
904
NSS_IMPLEMENT PRStatus
905
NSSCryptoContext_FinishVerify (
909
nss_SetError(NSS_ERROR_NOT_FOUND);
913
NSS_IMPLEMENT NSSItem *
914
NSSCryptoContext_VerifyRecover (
915
NSSCryptoContext *cc,
916
NSSAlgorithmAndParameters *apOpt,
923
nss_SetError(NSS_ERROR_NOT_FOUND);
927
NSS_IMPLEMENT PRStatus
928
NSSCryptoContext_BeginVerifyRecover (
929
NSSCryptoContext *cc,
930
NSSAlgorithmAndParameters *apOpt,
934
nss_SetError(NSS_ERROR_NOT_FOUND);
938
NSS_IMPLEMENT NSSItem *
939
NSSCryptoContext_ContinueVerifyRecover (
940
NSSCryptoContext *cc,
946
nss_SetError(NSS_ERROR_NOT_FOUND);
950
NSS_IMPLEMENT NSSItem *
951
NSSCryptoContext_FinishVerifyRecover (
952
NSSCryptoContext *cc,
957
nss_SetError(NSS_ERROR_NOT_FOUND);
961
NSS_IMPLEMENT NSSItem *
962
NSSCryptoContext_WrapSymmetricKey (
963
NSSCryptoContext *cc,
964
NSSAlgorithmAndParameters *apOpt,
965
NSSSymmetricKey *keyToWrap,
971
nss_SetError(NSS_ERROR_NOT_FOUND);
975
NSS_IMPLEMENT NSSItem *
976
NSSCryptoContext_Digest (
977
NSSCryptoContext *cc,
978
NSSAlgorithmAndParameters *apOpt,
985
return nssToken_Digest(cc->token, cc->session, apOpt,
986
data, rvOpt, arenaOpt);
989
NSS_IMPLEMENT PRStatus
990
NSSCryptoContext_BeginDigest (
991
NSSCryptoContext *cc,
992
NSSAlgorithmAndParameters *apOpt,
996
return nssToken_BeginDigest(cc->token, cc->session, apOpt);
999
NSS_IMPLEMENT PRStatus
1000
NSSCryptoContext_ContinueDigest (
1001
NSSCryptoContext *cc,
1002
NSSAlgorithmAndParameters *apOpt,
1007
NSSAlgorithmAndParameters *ap;
1008
ap = (apOpt) ? apOpt : cc->ap;
1010
/* why apOpt? can't change it at this point... */
1011
return nssToken_ContinueDigest(cc->token, cc->session, item);
1014
NSS_IMPLEMENT NSSItem *
1015
NSSCryptoContext_FinishDigest (
1016
NSSCryptoContext *cc,
1021
return nssToken_FinishDigest(cc->token, cc->session, rvOpt, arenaOpt);
1024
NSS_IMPLEMENT NSSCryptoContext *
1025
NSSCryptoContext_Clone (
1026
NSSCryptoContext *cc
1029
nss_SetError(NSS_ERROR_NOT_FOUND);