1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
41
static const char NSSPKI_CVS_ID[] = "@(#) $RCSfile: nsspki.h,v $ $Revision: 1.10.28.1 $ $Date: 2006/08/22 17:12:04 $";
47
* This file prototypes the methods of the top-level PKI objects.
52
#endif /* NSSDEVT_H */
56
#endif /* NSSPKIT_H */
60
#endif /* NSSPKI1_H */
69
* A note about interfaces
71
* Although these APIs are specified in C, a language which does
72
* not have fancy support for abstract interfaces, this library
73
* was designed from an object-oriented perspective. It may be
74
* useful to consider the standard interfaces which went into
75
* the writing of these APIs.
77
* Basic operations on all objects:
78
* Destroy -- free a pointer to an object
79
* DeleteStoredObject -- delete an object permanently
81
* Public Key cryptographic operations:
88
* Private Key cryptographic operations:
96
* Symmetric Key cryptographic operations:
113
* These things can do crypto ops like public keys, except that the trust,
114
* usage, and other constraints are checked. These objects are "high-level,"
115
* so trust, usages, etc. are in the form we throw around (client auth,
116
* email signing, etc.). Remember that theoretically another implementation
117
* (think PGP) could be beneath this object.
121
* NSSCertificate_Destroy
123
* Free a pointer to a certificate object.
127
NSSCertificate_Destroy
133
* NSSCertificate_DeleteStoredObject
135
* Permanently remove this certificate from storage. If this is the
136
* only (remaining) certificate corresponding to a private key,
137
* public key, and/or other object; then that object (those objects)
142
NSSCertificate_DeleteStoredObject
149
* NSSCertificate_Validate
151
* Verify that this certificate is trusted, for the specified usage(s),
152
* at the specified time, {word word} the specified policies.
156
NSSCertificate_Validate
159
NSSTime *timeOpt, /* NULL for "now" */
161
NSSPolicies *policiesOpt /* NULL for none */
165
* NSSCertificate_ValidateCompletely
167
* Verify that this certificate is trusted. The difference between
168
* this and the previous call is that NSSCertificate_Validate merely
169
* returns success or failure with an appropriate error stack.
170
* However, there may be (and often are) multiple problems with a
171
* certificate. This routine returns an array of errors, specifying
176
* Return value must be an array of objects, each of which has
177
* an NSSError, and any corresponding certificate (in the chain)
181
NSS_EXTERN void ** /* void *[] */
182
NSSCertificate_ValidateCompletely
185
NSSTime *timeOpt, /* NULL for "now" */
187
NSSPolicies *policiesOpt, /* NULL for none */
188
void **rvOpt, /* NULL for allocate */
189
PRUint32 rvLimit, /* zero for no limit */
190
NSSArena *arenaOpt /* NULL for heap */
194
* NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
196
* Returns PR_SUCCESS if the certificate is valid for at least something.
200
NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
203
NSSTime **notBeforeOutOpt,
204
NSSTime **notAfterOutOpt,
206
void *disallowedUsages,
207
void *allowedPolicies,
208
void *disallowedPolicies,
209
/* more args.. work on this fgmr */
214
* NSSCertificate_Encode
219
NSSCertificate_Encode
227
* NSSCertificate_BuildChain
229
* This routine returns NSSCertificate *'s for each certificate
230
* in the "chain" starting from the specified one up to and
231
* including the root. The zeroth element in the array is the
232
* specified ("leaf") certificate.
234
* If statusOpt is supplied, and is returned as PR_FAILURE, possible
237
* NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete
241
extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
243
NSS_EXTERN NSSCertificate **
244
NSSCertificate_BuildChain
249
NSSPolicies *policiesOpt,
250
NSSCertificate **rvOpt,
251
PRUint32 rvLimit, /* zero for no limit */
259
* NSSCertificate_GetTrustDomain
263
NSS_EXTERN NSSTrustDomain *
264
NSSCertificate_GetTrustDomain
270
* NSSCertificate_GetToken
272
* There doesn't have to be one.
275
NSS_EXTERN NSSToken *
276
NSSCertificate_GetToken
283
* NSSCertificate_GetSlot
285
* There doesn't have to be one.
289
NSSCertificate_GetSlot
296
* NSSCertificate_GetModule
298
* There doesn't have to be one.
301
NSS_EXTERN NSSModule *
302
NSSCertificate_GetModule
309
* NSSCertificate_Encrypt
311
* Encrypt a single chunk of data with the public key corresponding to
316
NSSCertificate_Encrypt
319
NSSAlgorithmAndParameters *apOpt,
323
NSSPolicies *policiesOpt,
330
* NSSCertificate_Verify
335
NSSCertificate_Verify
338
NSSAlgorithmAndParameters *apOpt,
343
NSSPolicies *policiesOpt,
348
* NSSCertificate_VerifyRecover
353
NSSCertificate_VerifyRecover
356
NSSAlgorithmAndParameters *apOpt,
360
NSSPolicies *policiesOpt,
367
* NSSCertificate_WrapSymmetricKey
369
* This method tries very hard to to succeed, even in situations
370
* involving sensitive keys and multiple modules.
371
* { relyea: want to add verbiage? }
375
NSSCertificate_WrapSymmetricKey
378
NSSAlgorithmAndParameters *apOpt,
379
NSSSymmetricKey *keyToWrap,
382
NSSPolicies *policiesOpt,
389
* NSSCertificate_CreateCryptoContext
391
* Create a crypto context, in this certificate's trust domain, with this
392
* as the distinguished certificate.
395
NSS_EXTERN NSSCryptoContext *
396
NSSCertificate_CreateCryptoContext
399
NSSAlgorithmAndParameters *apOpt,
402
NSSPolicies *policiesOpt,
407
* NSSCertificate_GetPublicKey
409
* Returns the public key corresponding to this certificate.
412
NSS_EXTERN NSSPublicKey *
413
NSSCertificate_GetPublicKey
419
* NSSCertificate_FindPrivateKey
421
* Finds and returns the private key corresponding to this certificate,
422
* if it is available.
424
* { Should this hang off of NSSUserCertificate? }
427
NSS_EXTERN NSSPrivateKey *
428
NSSCertificate_FindPrivateKey
435
* NSSCertificate_IsPrivateKeyAvailable
437
* Returns success if the private key corresponding to this certificate
438
* is available to be used.
440
* { Should *this* hang off of NSSUserCertificate?? }
444
NSSCertificate_IsPrivateKeyAvailable
452
* If we make NSSUserCertificate not a typedef of NSSCertificate,
453
* then we'll need implementations of the following:
455
* NSSUserCertificate_Destroy
456
* NSSUserCertificate_DeleteStoredObject
457
* NSSUserCertificate_Validate
458
* NSSUserCertificate_ValidateCompletely
459
* NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies
460
* NSSUserCertificate_Encode
461
* NSSUserCertificate_BuildChain
462
* NSSUserCertificate_GetTrustDomain
463
* NSSUserCertificate_GetToken
464
* NSSUserCertificate_GetSlot
465
* NSSUserCertificate_GetModule
466
* NSSUserCertificate_GetCryptoContext
467
* NSSUserCertificate_GetPublicKey
471
* NSSUserCertificate_IsStillPresent
473
* Verify that if this certificate lives on a token, that the token
474
* is still present and the certificate still exists. This is a
475
* lightweight call which should be used whenever it should be
476
* verified that the user hasn't perhaps popped out his or her
477
* token and strolled away.
481
NSSUserCertificate_IsStillPresent
483
NSSUserCertificate *uc,
488
* NSSUserCertificate_Decrypt
490
* Decrypt a single chunk of data with the private key corresponding
491
* to this certificate.
495
NSSUserCertificate_Decrypt
497
NSSUserCertificate *uc,
498
NSSAlgorithmAndParameters *apOpt,
502
NSSPolicies *policiesOpt,
509
* NSSUserCertificate_Sign
514
NSSUserCertificate_Sign
516
NSSUserCertificate *uc,
517
NSSAlgorithmAndParameters *apOpt,
521
NSSPolicies *policiesOpt,
528
* NSSUserCertificate_SignRecover
533
NSSUserCertificate_SignRecover
535
NSSUserCertificate *uc,
536
NSSAlgorithmAndParameters *apOpt,
540
NSSPolicies *policiesOpt,
547
* NSSUserCertificate_UnwrapSymmetricKey
551
NSS_EXTERN NSSSymmetricKey *
552
NSSUserCertificate_UnwrapSymmetricKey
554
NSSUserCertificate *uc,
555
NSSAlgorithmAndParameters *apOpt,
559
NSSPolicies *policiesOpt,
566
* NSSUserCertificate_DeriveSymmetricKey
570
NSS_EXTERN NSSSymmetricKey *
571
NSSUserCertificate_DeriveSymmetricKey
573
NSSUserCertificate *uc, /* provides private key */
574
NSSCertificate *c, /* provides public key */
575
NSSAlgorithmAndParameters *apOpt,
577
PRUint32 keySizeOpt, /* zero for best allowed */
578
NSSOperations operations,
582
/* filter-certs function(s) */
585
** fgmr -- trust objects
594
* NSSPrivateKey_Destroy
596
* Free a pointer to a private key object.
600
NSSPrivateKey_Destroy
606
* NSSPrivateKey_DeleteStoredObject
608
* Permanently remove this object, and any related objects (such as the
609
* certificates corresponding to this key).
613
NSSPrivateKey_DeleteStoredObject
620
* NSSPrivateKey_GetSignatureLength
625
NSSPrivateKey_GetSignatureLength
631
* NSSPrivateKey_GetPrivateModulusLength
636
NSSPrivateKey_GetPrivateModulusLength
642
* NSSPrivateKey_IsStillPresent
647
NSSPrivateKey_IsStillPresent
654
* NSSPrivateKey_Encode
662
NSSAlgorithmAndParameters *ap,
663
NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
670
* NSSPrivateKey_GetTrustDomain
672
* There doesn't have to be one.
675
NSS_EXTERN NSSTrustDomain *
676
NSSPrivateKey_GetTrustDomain
683
* NSSPrivateKey_GetToken
687
NSS_EXTERN NSSToken *
688
NSSPrivateKey_GetToken
694
* NSSPrivateKey_GetSlot
699
NSSPrivateKey_GetSlot
705
* NSSPrivateKey_GetModule
709
NSS_EXTERN NSSModule *
710
NSSPrivateKey_GetModule
716
* NSSPrivateKey_Decrypt
721
NSSPrivateKey_Decrypt
724
NSSAlgorithmAndParameters *apOpt,
725
NSSItem *encryptedData,
740
NSSAlgorithmAndParameters *apOpt,
748
* NSSPrivateKey_SignRecover
753
NSSPrivateKey_SignRecover
756
NSSAlgorithmAndParameters *apOpt,
764
* NSSPrivateKey_UnwrapSymmetricKey
768
NSS_EXTERN NSSSymmetricKey *
769
NSSPrivateKey_UnwrapSymmetricKey
772
NSSAlgorithmAndParameters *apOpt,
778
* NSSPrivateKey_DeriveSymmetricKey
782
NSS_EXTERN NSSSymmetricKey *
783
NSSPrivateKey_DeriveSymmetricKey
787
NSSAlgorithmAndParameters *apOpt,
789
PRUint32 keySizeOpt, /* zero for best allowed */
790
NSSOperations operations,
795
* NSSPrivateKey_FindPublicKey
799
NSS_EXTERN NSSPublicKey *
800
NSSPrivateKey_FindPublicKey
803
/* { don't need the callback here, right? } */
807
* NSSPrivateKey_CreateCryptoContext
809
* Create a crypto context, in this key's trust domain,
810
* with this as the distinguished private key.
813
NSS_EXTERN NSSCryptoContext *
814
NSSPrivateKey_CreateCryptoContext
817
NSSAlgorithmAndParameters *apOpt,
822
* NSSPrivateKey_FindCertificates
824
* Note that there may be more than one certificate for this
825
* private key. { FilterCertificates function to further
829
NSS_EXTERN NSSCertificate **
830
NSSPrivateKey_FindCertificates
833
NSSCertificate *rvOpt[],
834
PRUint32 maximumOpt, /* 0 for no max */
839
* NSSPrivateKey_FindBestCertificate
841
* The parameters for this function will depend on what the users
842
* need. This is just a starting point.
845
NSS_EXTERN NSSCertificate *
846
NSSPrivateKey_FindBestCertificate
851
NSSPolicies *policiesOpt
857
* Once you generate, find, or derive one of these, you can use it
858
* to perform (simple) cryptographic operations. Though there may
859
* be certificates associated with these public keys, they are not
864
* NSSPublicKey_Destroy
866
* Free a pointer to a public key object.
876
* NSSPublicKey_DeleteStoredObject
878
* Permanently remove this object, and any related objects (such as the
879
* corresponding private keys and certificates).
883
NSSPublicKey_DeleteStoredObject
890
* NSSPublicKey_Encode
898
NSSAlgorithmAndParameters *ap,
905
* NSSPublicKey_GetTrustDomain
907
* There doesn't have to be one.
910
NSS_EXTERN NSSTrustDomain *
911
NSSPublicKey_GetTrustDomain
918
* NSSPublicKey_GetToken
920
* There doesn't have to be one.
923
NSS_EXTERN NSSToken *
924
NSSPublicKey_GetToken
931
* NSSPublicKey_GetSlot
933
* There doesn't have to be one.
944
* NSSPublicKey_GetModule
946
* There doesn't have to be one.
949
NSS_EXTERN NSSModule *
950
NSSPublicKey_GetModule
957
* NSSPublicKey_Encrypt
959
* Encrypt a single chunk of data with the public key corresponding to
967
NSSAlgorithmAndParameters *apOpt,
975
* NSSPublicKey_Verify
983
NSSAlgorithmAndParameters *apOpt,
990
* NSSPublicKey_VerifyRecover
995
NSSPublicKey_VerifyRecover
998
NSSAlgorithmAndParameters *apOpt,
1006
* NSSPublicKey_WrapSymmetricKey
1010
NSS_EXTERN NSSItem *
1011
NSSPublicKey_WrapSymmetricKey
1014
NSSAlgorithmAndParameters *apOpt,
1015
NSSSymmetricKey *keyToWrap,
1022
* NSSPublicKey_CreateCryptoContext
1024
* Create a crypto context, in this key's trust domain, with this
1025
* as the distinguished public key.
1028
NSS_EXTERN NSSCryptoContext *
1029
NSSPublicKey_CreateCryptoContext
1032
NSSAlgorithmAndParameters *apOpt,
1037
* NSSPublicKey_FindCertificates
1039
* Note that there may be more than one certificate for this
1040
* public key. The current implementation may not find every
1041
* last certificate available for this public key: that would
1042
* involve trolling e.g. huge ldap databases, which will be
1043
* grossly inefficient and not generally useful.
1044
* { FilterCertificates function to further reduce the list }
1047
NSS_EXTERN NSSCertificate **
1048
NSSPublicKey_FindCertificates
1051
NSSCertificate *rvOpt[],
1052
PRUint32 maximumOpt, /* 0 for no max */
1057
* NSSPrivateKey_FindBestCertificate
1059
* The parameters for this function will depend on what the users
1060
* need. This is just a starting point.
1063
NSS_EXTERN NSSCertificate *
1064
NSSPublicKey_FindBestCertificate
1069
NSSPolicies *policiesOpt
1073
* NSSPublicKey_FindPrivateKey
1077
NSS_EXTERN NSSPrivateKey *
1078
NSSPublicKey_FindPrivateKey
1090
* NSSSymmetricKey_Destroy
1092
* Free a pointer to a symmetric key object.
1096
NSSSymmetricKey_Destroy
1102
* NSSSymmetricKey_DeleteStoredObject
1104
* Permanently remove this object.
1108
NSSSymmetricKey_DeleteStoredObject
1110
NSSSymmetricKey *mk,
1115
* NSSSymmetricKey_GetKeyLength
1120
NSSSymmetricKey_GetKeyLength
1126
* NSSSymmetricKey_GetKeyStrength
1131
NSSSymmetricKey_GetKeyStrength
1137
* NSSSymmetricKey_IsStillPresent
1142
NSSSymmetricKey_IsStillPresent
1148
* NSSSymmetricKey_GetTrustDomain
1150
* There doesn't have to be one.
1153
NSS_EXTERN NSSTrustDomain *
1154
NSSSymmetricKey_GetTrustDomain
1156
NSSSymmetricKey *mk,
1161
* NSSSymmetricKey_GetToken
1163
* There doesn't have to be one.
1166
NSS_EXTERN NSSToken *
1167
NSSSymmetricKey_GetToken
1169
NSSSymmetricKey *mk,
1174
* NSSSymmetricKey_GetSlot
1176
* There doesn't have to be one.
1179
NSS_EXTERN NSSSlot *
1180
NSSSymmetricKey_GetSlot
1182
NSSSymmetricKey *mk,
1187
* NSSSymmetricKey_GetModule
1189
* There doesn't have to be one.
1192
NSS_EXTERN NSSModule *
1193
NSSSymmetricKey_GetModule
1195
NSSSymmetricKey *mk,
1200
* NSSSymmetricKey_Encrypt
1204
NSS_EXTERN NSSItem *
1205
NSSSymmetricKey_Encrypt
1207
NSSSymmetricKey *mk,
1208
NSSAlgorithmAndParameters *apOpt,
1216
* NSSSymmetricKey_Decrypt
1220
NSS_EXTERN NSSItem *
1221
NSSSymmetricKey_Decrypt
1223
NSSSymmetricKey *mk,
1224
NSSAlgorithmAndParameters *apOpt,
1225
NSSItem *encryptedData,
1232
* NSSSymmetricKey_Sign
1236
NSS_EXTERN NSSItem *
1237
NSSSymmetricKey_Sign
1239
NSSSymmetricKey *mk,
1240
NSSAlgorithmAndParameters *apOpt,
1248
* NSSSymmetricKey_SignRecover
1252
NSS_EXTERN NSSItem *
1253
NSSSymmetricKey_SignRecover
1255
NSSSymmetricKey *mk,
1256
NSSAlgorithmAndParameters *apOpt,
1264
* NSSSymmetricKey_Verify
1269
NSSSymmetricKey_Verify
1271
NSSSymmetricKey *mk,
1272
NSSAlgorithmAndParameters *apOpt,
1279
* NSSSymmetricKey_VerifyRecover
1283
NSS_EXTERN NSSItem *
1284
NSSSymmetricKey_VerifyRecover
1286
NSSSymmetricKey *mk,
1287
NSSAlgorithmAndParameters *apOpt,
1295
* NSSSymmetricKey_WrapSymmetricKey
1299
NSS_EXTERN NSSItem *
1300
NSSSymmetricKey_WrapSymmetricKey
1302
NSSSymmetricKey *wrappingKey,
1303
NSSAlgorithmAndParameters *apOpt,
1304
NSSSymmetricKey *keyToWrap,
1311
* NSSSymmetricKey_WrapPrivateKey
1315
NSS_EXTERN NSSItem *
1316
NSSSymmetricKey_WrapPrivateKey
1318
NSSSymmetricKey *wrappingKey,
1319
NSSAlgorithmAndParameters *apOpt,
1320
NSSPrivateKey *keyToWrap,
1327
* NSSSymmetricKey_UnwrapSymmetricKey
1331
NSS_EXTERN NSSSymmetricKey *
1332
NSSSymmetricKey_UnwrapSymmetricKey
1334
NSSSymmetricKey *wrappingKey,
1335
NSSAlgorithmAndParameters *apOpt,
1336
NSSItem *wrappedKey,
1338
PRUint32 keySizeOpt,
1339
NSSOperations operations,
1344
* NSSSymmetricKey_UnwrapPrivateKey
1348
NSS_EXTERN NSSPrivateKey *
1349
NSSSymmetricKey_UnwrapPrivateKey
1351
NSSSymmetricKey *wrappingKey,
1352
NSSAlgorithmAndParameters *apOpt,
1353
NSSItem *wrappedKey,
1358
NSSToken *destinationOpt,
1363
* NSSSymmetricKey_DeriveSymmetricKey
1367
NSS_EXTERN NSSSymmetricKey *
1368
NSSSymmetricKey_DeriveSymmetricKey
1370
NSSSymmetricKey *originalKey,
1371
NSSAlgorithmAndParameters *apOpt,
1373
PRUint32 keySizeOpt,
1374
NSSOperations operations,
1379
* NSSSymmetricKey_CreateCryptoContext
1381
* Create a crypto context, in this key's trust domain,
1382
* with this as the distinguished symmetric key.
1385
NSS_EXTERN NSSCryptoContext *
1386
NSSSymmetricKey_CreateCryptoContext
1388
NSSSymmetricKey *mk,
1389
NSSAlgorithmAndParameters *apOpt,
1399
* NSSTrustDomain_Create
1401
* This creates a trust domain, optionally with an initial cryptoki
1402
* module. If the module name is not null, the module is loaded if
1403
* needed (using the uriOpt argument), and initialized with the
1404
* opaqueOpt argument. If mumble mumble priority settings, then
1405
* module-specification objects in the module can cause the loading
1406
* and initialization of further modules.
1408
* The uriOpt is defined to take a URI. At present, we only
1409
* support file: URLs pointing to platform-native shared libraries.
1410
* However, by specifying this as a URI, this keeps open the
1411
* possibility of supporting other, possibly remote, resources.
1413
* The "reserved" arguments is held for when we figure out the
1414
* module priority stuff.
1417
NSS_EXTERN NSSTrustDomain *
1418
NSSTrustDomain_Create
1427
* NSSTrustDomain_Destroy
1432
NSSTrustDomain_Destroy
1438
* NSSTrustDomain_SetDefaultCallback
1443
NSSTrustDomain_SetDefaultCallback
1446
NSSCallback *newCallback,
1447
NSSCallback **oldCallbackOpt
1451
* NSSTrustDomain_GetDefaultCallback
1455
NSS_EXTERN NSSCallback *
1456
NSSTrustDomain_GetDefaultCallback
1465
* Default time, for completeness?
1469
* NSSTrustDomain_LoadModule
1474
NSSTrustDomain_LoadModule
1484
* NSSTrustDomain_AddModule
1485
* NSSTrustDomain_AddSlot
1486
* NSSTrustDomain_UnloadModule
1487
* Managing modules, slots, tokens; priorities;
1488
* Traversing all of the above
1489
* this needs more work
1493
* NSSTrustDomain_DisableToken
1498
NSSTrustDomain_DisableToken
1506
* NSSTrustDomain_EnableToken
1511
NSSTrustDomain_EnableToken
1518
* NSSTrustDomain_IsTokenEnabled
1520
* If disabled, "why" is always on the error stack.
1521
* The optional argument is just for convenience.
1525
NSSTrustDomain_IsTokenEnabled
1533
* NSSTrustDomain_FindSlotByName
1537
NSS_EXTERN NSSSlot *
1538
NSSTrustDomain_FindSlotByName
1545
* NSSTrustDomain_FindTokenByName
1549
NSS_EXTERN NSSToken *
1550
NSSTrustDomain_FindTokenByName
1557
* NSSTrustDomain_FindTokenBySlotName
1561
NSS_EXTERN NSSToken *
1562
NSSTrustDomain_FindTokenBySlotName
1569
* NSSTrustDomain_FindBestTokenForAlgorithm
1573
NSS_EXTERN NSSToken *
1574
NSSTrustDomain_FindTokenForAlgorithm
1581
* NSSTrustDomain_FindBestTokenForAlgorithms
1585
NSS_EXTERN NSSToken *
1586
NSSTrustDomain_FindBestTokenForAlgorithms
1589
NSSOID *algorithms[], /* may be null-terminated */
1590
PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
1594
* NSSTrustDomain_Login
1599
NSSTrustDomain_Login
1606
* NSSTrustDomain_Logout
1611
NSSTrustDomain_Logout
1616
/* Importing things */
1619
* NSSTrustDomain_ImportCertificate
1621
* The implementation will pull some data out of the certificate
1622
* (e.g. e-mail address) for use in pkcs#11 object attributes.
1625
NSS_EXTERN NSSCertificate *
1626
NSSTrustDomain_ImportCertificate
1633
* NSSTrustDomain_ImportPKIXCertificate
1637
NSS_EXTERN NSSCertificate *
1638
NSSTrustDomain_ImportPKIXCertificate
1641
/* declared as a struct until these "data types" are defined */
1642
struct NSSPKIXCertificateStr *pc
1646
* NSSTrustDomain_ImportEncodedCertificate
1648
* Imports any type of certificate we support.
1651
NSS_EXTERN NSSCertificate *
1652
NSSTrustDomain_ImportEncodedCertificate
1659
* NSSTrustDomain_ImportEncodedCertificateChain
1661
* If you just want the leaf, pass in a maximum of one.
1664
NSS_EXTERN NSSCertificate **
1665
NSSTrustDomain_ImportEncodedCertificateChain
1669
NSSCertificate *rvOpt[],
1670
PRUint32 maximumOpt, /* 0 for no max */
1675
* NSSTrustDomain_ImportEncodedPrivateKey
1679
NSS_EXTERN NSSPrivateKey *
1680
NSSTrustDomain_ImportEncodedPrivateKey
1684
NSSItem *passwordOpt, /* NULL will cause a callback */
1685
NSSCallback *uhhOpt,
1686
NSSToken *destination
1690
* NSSTrustDomain_ImportEncodedPublicKey
1694
NSS_EXTERN NSSPublicKey *
1695
NSSTrustDomain_ImportEncodedPublicKey
1701
/* Other importations: S/MIME capabilities */
1704
* NSSTrustDomain_FindBestCertificateByNickname
1708
NSS_EXTERN NSSCertificate *
1709
NSSTrustDomain_FindBestCertificateByNickname
1713
NSSTime *timeOpt, /* NULL for "now" */
1715
NSSPolicies *policiesOpt /* NULL for none */
1719
* NSSTrustDomain_FindCertificatesByNickname
1723
NSS_EXTERN NSSCertificate **
1724
NSSTrustDomain_FindCertificatesByNickname
1728
NSSCertificate *rvOpt[],
1729
PRUint32 maximumOpt, /* 0 for no max */
1734
* NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
1738
NSS_EXTERN NSSCertificate *
1739
NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
1743
NSSDER *serialNumber
1747
* NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber
1749
* Theoretically, this should never happen. However, some companies
1750
* we know have issued duplicate certificates with the same issuer
1751
* and serial number. Do we just ignore them? I'm thinking yes.
1755
* NSSTrustDomain_FindBestCertificateBySubject
1757
* This does not search through alternate names hidden in extensions.
1760
NSS_EXTERN NSSCertificate *
1761
NSSTrustDomain_FindBestCertificateBySubject
1764
NSSDER /*NSSUTF8*/ *subject,
1767
NSSPolicies *policiesOpt
1771
* NSSTrustDomain_FindCertificatesBySubject
1773
* This does not search through alternate names hidden in extensions.
1776
NSS_EXTERN NSSCertificate **
1777
NSSTrustDomain_FindCertificatesBySubject
1780
NSSDER /*NSSUTF8*/ *subject,
1781
NSSCertificate *rvOpt[],
1782
PRUint32 maximumOpt, /* 0 for no max */
1787
* NSSTrustDomain_FindBestCertificateByNameComponents
1789
* This call does try several tricks, including a pseudo pkcs#11
1790
* attribute for the ldap module to try as a query. Eventually
1791
* this call falls back to a traversal if that's what's required.
1792
* It will search through alternate names hidden in extensions.
1795
NSS_EXTERN NSSCertificate *
1796
NSSTrustDomain_FindBestCertificateByNameComponents
1799
NSSUTF8 *nameComponents,
1802
NSSPolicies *policiesOpt
1806
* NSSTrustDomain_FindCertificatesByNameComponents
1808
* This call, too, tries several tricks. It will stop on the first
1809
* attempt that generates results, so it won't e.g. traverse the
1810
* entire ldap database.
1813
NSS_EXTERN NSSCertificate **
1814
NSSTrustDomain_FindCertificatesByNameComponents
1817
NSSUTF8 *nameComponents,
1818
NSSCertificate *rvOpt[],
1819
PRUint32 maximumOpt, /* 0 for no max */
1824
* NSSTrustDomain_FindCertificateByEncodedCertificate
1828
NSS_EXTERN NSSCertificate *
1829
NSSTrustDomain_FindCertificateByEncodedCertificate
1832
NSSBER *encodedCertificate
1836
* NSSTrustDomain_FindBestCertificateByEmail
1840
NSS_EXTERN NSSCertificate *
1841
NSSTrustDomain_FindCertificateByEmail
1847
NSSPolicies *policiesOpt
1851
* NSSTrustDomain_FindCertificatesByEmail
1855
NSS_EXTERN NSSCertificate **
1856
NSSTrustDomain_FindCertificatesByEmail
1860
NSSCertificate *rvOpt[],
1861
PRUint32 maximumOpt, /* 0 for no max */
1866
* NSSTrustDomain_FindCertificateByOCSPHash
1868
* There can be only one.
1871
NSS_EXTERN NSSCertificate *
1872
NSSTrustDomain_FindCertificateByOCSPHash
1879
* NSSTrustDomain_TraverseCertificates
1881
* This function descends from one in older versions of NSS which
1882
* traverses the certs in the permanent database. That function
1883
* was used to implement selection routines, but was directly
1884
* available too. Trust domains are going to contain a lot more
1885
* certs now (e.g., an ldap server), so we'd really like to
1886
* discourage traversal. Thus for now, this is commented out.
1887
* If it's needed, let's look at the situation more closely to
1888
* find out what the actual requirements are.
1891
/* For now, adding this function. This may only be for debugging
1893
* Perhaps some equivalent function, on a specified token, will be
1894
* needed in a "friend" header file?
1896
NSS_EXTERN PRStatus *
1897
NSSTrustDomain_TraverseCertificates
1900
PRStatus (*callback)(NSSCertificate *c, void *arg),
1905
* NSSTrustDomain_FindBestUserCertificate
1909
NSS_EXTERN NSSCertificate *
1910
NSSTrustDomain_FindBestUserCertificate
1915
NSSPolicies *policiesOpt
1919
* NSSTrustDomain_FindUserCertificates
1923
NSS_EXTERN NSSCertificate **
1924
NSSTrustDomain_FindUserCertificates
1929
NSSPolicies *policiesOpt,
1930
NSSCertificate **rvOpt,
1931
PRUint32 rvLimit, /* zero for no limit */
1936
* NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
1940
NSS_EXTERN NSSCertificate *
1941
NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
1944
NSSUTF8 *sslHostOpt,
1945
NSSDER *rootCAsOpt[], /* null pointer for none */
1946
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1947
NSSAlgorithmAndParameters *apOpt,
1948
NSSPolicies *policiesOpt
1952
* NSSTrustDomain_FindUserCertificatesForSSLClientAuth
1956
NSS_EXTERN NSSCertificate **
1957
NSSTrustDomain_FindUserCertificatesForSSLClientAuth
1960
NSSUTF8 *sslHostOpt,
1961
NSSDER *rootCAsOpt[], /* null pointer for none */
1962
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1963
NSSAlgorithmAndParameters *apOpt,
1964
NSSPolicies *policiesOpt,
1965
NSSCertificate **rvOpt,
1966
PRUint32 rvLimit, /* zero for no limit */
1971
* NSSTrustDomain_FindBestUserCertificateForEmailSigning
1975
NSS_EXTERN NSSCertificate *
1976
NSSTrustDomain_FindBestUserCertificateForEmailSigning
1979
NSSASCII7 *signerOpt,
1980
NSSASCII7 *recipientOpt,
1981
/* anything more here? */
1982
NSSAlgorithmAndParameters *apOpt,
1983
NSSPolicies *policiesOpt
1987
* NSSTrustDomain_FindUserCertificatesForEmailSigning
1991
NSS_EXTERN NSSCertificate **
1992
NSSTrustDomain_FindUserCertificatesForEmailSigning
1995
NSSASCII7 *signerOpt,
1996
NSSASCII7 *recipientOpt,
1997
/* anything more here? */
1998
NSSAlgorithmAndParameters *apOpt,
1999
NSSPolicies *policiesOpt,
2000
NSSCertificate **rvOpt,
2001
PRUint32 rvLimit, /* zero for no limit */
2006
* Here is where we'd add more Find[Best]UserCertificate[s]For<usage>
2013
* NSSTrustDomain_GenerateKeyPair
2015
* Creates persistant objects. If you want session objects, use
2016
* NSSCryptoContext_GenerateKeyPair. The destination token is where
2017
* the keys are stored. If that token can do the required math, then
2018
* that's where the keys are generated too. Otherwise, the keys are
2019
* generated elsewhere and moved to that token.
2023
NSSTrustDomain_GenerateKeyPair
2026
NSSAlgorithmAndParameters *ap,
2027
NSSPrivateKey **pvkOpt,
2028
NSSPublicKey **pbkOpt,
2029
PRBool privateKeyIsSensitive,
2030
NSSToken *destination,
2035
* NSSTrustDomain_TraversePrivateKeys
2038
* NSS_EXTERN PRStatus *
2039
* NSSTrustDomain_TraversePrivateKeys
2041
* NSSTrustDomain *td,
2042
* PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
2047
/* Symmetric Keys */
2050
* NSSTrustDomain_GenerateSymmetricKey
2054
NSS_EXTERN NSSSymmetricKey *
2055
NSSTrustDomain_GenerateSymmetricKey
2058
NSSAlgorithmAndParameters *ap,
2060
NSSToken *destination,
2065
* NSSTrustDomain_GenerateSymmetricKeyFromPassword
2069
NSS_EXTERN NSSSymmetricKey *
2070
NSSTrustDomain_GenerateSymmetricKeyFromPassword
2073
NSSAlgorithmAndParameters *ap,
2074
NSSUTF8 *passwordOpt, /* if null, prompt */
2075
NSSToken *destinationOpt,
2080
* NSSTrustDomain_FindSymmetricKeyByAlgorithm
2082
* Is this still needed?
2084
* NSS_EXTERN NSSSymmetricKey *
2085
* NSSTrustDomain_FindSymmetricKeyByAlgorithm
2087
* NSSTrustDomain *td,
2088
* NSSOID *algorithm,
2089
* NSSCallback *uhhOpt
2094
* NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
2098
NSS_EXTERN NSSSymmetricKey *
2099
NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
2108
* NSSTrustDomain_TraverseSymmetricKeys
2111
* NSS_EXTERN PRStatus *
2112
* NSSTrustDomain_TraverseSymmetricKeys
2114
* NSSTrustDomain *td,
2115
* PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
2121
* NSSTrustDomain_CreateCryptoContext
2123
* If a callback object is specified, it becomes the for the crypto
2124
* context; otherwise, this trust domain's default (if any) is
2128
NSS_EXTERN NSSCryptoContext *
2129
NSSTrustDomain_CreateCryptoContext
2136
* NSSTrustDomain_CreateCryptoContextForAlgorithm
2140
NSS_EXTERN NSSCryptoContext *
2141
NSSTrustDomain_CreateCryptoContextForAlgorithm
2148
* NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
2152
NSS_EXTERN NSSCryptoContext *
2153
NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
2156
NSSAlgorithmAndParameters *ap
2159
/* find/traverse other objects, e.g. s/mime profiles */
2164
* A crypto context is sort of a short-term snapshot of a trust domain,
2165
* used for the life of "one crypto operation." You can also think of
2166
* it as a "temporary database."
2168
* Just about all of the things you can do with a trust domain -- importing
2169
* or creating certs, keys, etc. -- can be done with a crypto context.
2170
* The difference is that the objects will be temporary ("session") objects.
2172
* Also, if the context was created for a key, cert, and/or algorithm; or
2173
* if such objects have been "associated" with the context, then the context
2174
* can do everything the keys can, like crypto operations.
2176
* And finally, because it keeps the state of the crypto operations, it
2177
* can do streaming crypto ops.
2181
* NSSTrustDomain_Destroy
2186
NSSCryptoContext_Destroy
2188
NSSCryptoContext *cc
2191
/* establishing a default callback */
2194
* NSSCryptoContext_SetDefaultCallback
2199
NSSCryptoContext_SetDefaultCallback
2201
NSSCryptoContext *cc,
2202
NSSCallback *newCallback,
2203
NSSCallback **oldCallbackOpt
2207
* NSSCryptoContext_GetDefaultCallback
2211
NSS_EXTERN NSSCallback *
2212
NSSCryptoContext_GetDefaultCallback
2214
NSSCryptoContext *cc,
2219
* NSSCryptoContext_GetTrustDomain
2223
NSS_EXTERN NSSTrustDomain *
2224
NSSCryptoContext_GetTrustDomain
2226
NSSCryptoContext *cc
2229
/* AddModule, etc: should we allow "temporary" changes here? */
2230
/* DisableToken, etc: ditto */
2231
/* Ordering of tokens? */
2232
/* Finding slots+token etc. */
2235
/* Importing things */
2238
* NSSCryptoContext_FindOrImportCertificate
2240
* If the certificate store already contains this DER cert, return the
2241
* address of the matching NSSCertificate that is already in the store,
2242
* and bump its reference count.
2244
* If this DER cert is NOT already in the store, then add the new
2245
* NSSCertificate to the store and bump its reference count,
2246
* then return its address.
2248
* if this DER cert is not in the store and cannot be added to it,
2251
* Record the associated crypto context in the certificate.
2254
NSS_EXTERN NSSCertificate *
2255
NSSCryptoContext_FindOrImportCertificate (
2256
NSSCryptoContext *cc,
2261
* NSSCryptoContext_ImportPKIXCertificate
2265
NSS_EXTERN NSSCertificate *
2266
NSSCryptoContext_ImportPKIXCertificate
2268
NSSCryptoContext *cc,
2269
struct NSSPKIXCertificateStr *pc
2273
* NSSCryptoContext_ImportEncodedCertificate
2277
NSS_EXTERN NSSCertificate *
2278
NSSCryptoContext_ImportEncodedCertificate
2280
NSSCryptoContext *cc,
2285
* NSSCryptoContext_ImportEncodedPKIXCertificateChain
2290
NSSCryptoContext_ImportEncodedPKIXCertificateChain
2292
NSSCryptoContext *cc,
2296
/* Other importations: S/MIME capabilities
2300
* NSSCryptoContext_FindBestCertificateByNickname
2304
NSS_EXTERN NSSCertificate *
2305
NSSCryptoContext_FindBestCertificateByNickname
2307
NSSCryptoContext *cc,
2309
NSSTime *timeOpt, /* NULL for "now" */
2311
NSSPolicies *policiesOpt /* NULL for none */
2315
* NSSCryptoContext_FindCertificatesByNickname
2319
NSS_EXTERN NSSCertificate **
2320
NSSCryptoContext_FindCertificatesByNickname
2322
NSSCryptoContext *cc,
2324
NSSCertificate *rvOpt[],
2325
PRUint32 maximumOpt, /* 0 for no max */
2330
* NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
2334
NSS_EXTERN NSSCertificate *
2335
NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
2337
NSSCryptoContext *cc,
2339
NSSDER *serialNumber
2343
* NSSCryptoContext_FindBestCertificateBySubject
2345
* This does not search through alternate names hidden in extensions.
2348
NSS_EXTERN NSSCertificate *
2349
NSSCryptoContext_FindBestCertificateBySubject
2351
NSSCryptoContext *cc,
2352
NSSDER /*NSSUTF8*/ *subject,
2355
NSSPolicies *policiesOpt
2359
* NSSCryptoContext_FindCertificatesBySubject
2361
* This does not search through alternate names hidden in extensions.
2364
NSS_EXTERN NSSCertificate **
2365
NSSCryptoContext_FindCertificatesBySubject
2367
NSSCryptoContext *cc,
2368
NSSDER /*NSSUTF8*/ *subject,
2369
NSSCertificate *rvOpt[],
2370
PRUint32 maximumOpt, /* 0 for no max */
2375
* NSSCryptoContext_FindBestCertificateByNameComponents
2377
* This call does try several tricks, including a pseudo pkcs#11
2378
* attribute for the ldap module to try as a query. Eventually
2379
* this call falls back to a traversal if that's what's required.
2380
* It will search through alternate names hidden in extensions.
2383
NSS_EXTERN NSSCertificate *
2384
NSSCryptoContext_FindBestCertificateByNameComponents
2386
NSSCryptoContext *cc,
2387
NSSUTF8 *nameComponents,
2390
NSSPolicies *policiesOpt
2394
* NSSCryptoContext_FindCertificatesByNameComponents
2396
* This call, too, tries several tricks. It will stop on the first
2397
* attempt that generates results, so it won't e.g. traverse the
2398
* entire ldap database.
2401
NSS_EXTERN NSSCertificate **
2402
NSSCryptoContext_FindCertificatesByNameComponents
2404
NSSCryptoContext *cc,
2405
NSSUTF8 *nameComponents,
2406
NSSCertificate *rvOpt[],
2407
PRUint32 maximumOpt, /* 0 for no max */
2412
* NSSCryptoContext_FindCertificateByEncodedCertificate
2416
NSS_EXTERN NSSCertificate *
2417
NSSCryptoContext_FindCertificateByEncodedCertificate
2419
NSSCryptoContext *cc,
2420
NSSBER *encodedCertificate
2424
* NSSCryptoContext_FindBestCertificateByEmail
2428
NSS_EXTERN NSSCertificate *
2429
NSSCryptoContext_FindBestCertificateByEmail
2431
NSSCryptoContext *cc,
2435
NSSPolicies *policiesOpt
2439
* NSSCryptoContext_FindCertificatesByEmail
2443
NSS_EXTERN NSSCertificate **
2444
NSSCryptoContext_FindCertificatesByEmail
2446
NSSCryptoContext *cc,
2448
NSSCertificate *rvOpt[],
2449
PRUint32 maximumOpt, /* 0 for no max */
2454
* NSSCryptoContext_FindCertificateByOCSPHash
2458
NSS_EXTERN NSSCertificate *
2459
NSSCryptoContext_FindCertificateByOCSPHash
2461
NSSCryptoContext *cc,
2466
* NSSCryptoContext_TraverseCertificates
2469
* NSS_EXTERN PRStatus *
2470
* NSSCryptoContext_TraverseCertificates
2472
* NSSCryptoContext *cc,
2473
* PRStatus (*callback)(NSSCertificate *c, void *arg),
2479
* NSSCryptoContext_FindBestUserCertificate
2483
NSS_EXTERN NSSCertificate *
2484
NSSCryptoContext_FindBestUserCertificate
2486
NSSCryptoContext *cc,
2489
NSSPolicies *policiesOpt
2493
* NSSCryptoContext_FindUserCertificates
2497
NSS_EXTERN NSSCertificate **
2498
NSSCryptoContext_FindUserCertificates
2500
NSSCryptoContext *cc,
2503
NSSPolicies *policiesOpt,
2504
NSSCertificate **rvOpt,
2505
PRUint32 rvLimit, /* zero for no limit */
2510
* NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
2514
NSS_EXTERN NSSCertificate *
2515
NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
2517
NSSCryptoContext *cc,
2518
NSSUTF8 *sslHostOpt,
2519
NSSDER *rootCAsOpt[], /* null pointer for none */
2520
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
2521
NSSAlgorithmAndParameters *apOpt,
2522
NSSPolicies *policiesOpt
2526
* NSSCryptoContext_FindUserCertificatesForSSLClientAuth
2530
NSS_EXTERN NSSCertificate **
2531
NSSCryptoContext_FindUserCertificatesForSSLClientAuth
2533
NSSCryptoContext *cc,
2534
NSSUTF8 *sslHostOpt,
2535
NSSDER *rootCAsOpt[], /* null pointer for none */
2536
PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
2537
NSSAlgorithmAndParameters *apOpt,
2538
NSSPolicies *policiesOpt,
2539
NSSCertificate **rvOpt,
2540
PRUint32 rvLimit, /* zero for no limit */
2545
* NSSCryptoContext_FindBestUserCertificateForEmailSigning
2549
NSS_EXTERN NSSCertificate *
2550
NSSCryptoContext_FindBestUserCertificateForEmailSigning
2552
NSSCryptoContext *cc,
2553
NSSASCII7 *signerOpt,
2554
NSSASCII7 *recipientOpt,
2555
/* anything more here? */
2556
NSSAlgorithmAndParameters *apOpt,
2557
NSSPolicies *policiesOpt
2561
* NSSCryptoContext_FindUserCertificatesForEmailSigning
2565
NSS_EXTERN NSSCertificate *
2566
NSSCryptoContext_FindUserCertificatesForEmailSigning
2568
NSSCryptoContext *cc,
2569
NSSASCII7 *signerOpt, /* fgmr or a more general name? */
2570
NSSASCII7 *recipientOpt,
2571
/* anything more here? */
2572
NSSAlgorithmAndParameters *apOpt,
2573
NSSPolicies *policiesOpt,
2574
NSSCertificate **rvOpt,
2575
PRUint32 rvLimit, /* zero for no limit */
2582
* NSSCryptoContext_GenerateKeyPair
2584
* Creates session objects. If you want persistant objects, use
2585
* NSSTrustDomain_GenerateKeyPair. The destination token is where
2586
* the keys are stored. If that token can do the required math, then
2587
* that's where the keys are generated too. Otherwise, the keys are
2588
* generated elsewhere and moved to that token.
2592
NSSCryptoContext_GenerateKeyPair
2594
NSSCryptoContext *cc,
2595
NSSAlgorithmAndParameters *ap,
2596
NSSPrivateKey **pvkOpt,
2597
NSSPublicKey **pbkOpt,
2598
PRBool privateKeyIsSensitive,
2599
NSSToken *destination,
2604
* NSSCryptoContext_TraversePrivateKeys
2607
* NSS_EXTERN PRStatus *
2608
* NSSCryptoContext_TraversePrivateKeys
2610
* NSSCryptoContext *cc,
2611
* PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
2616
/* Symmetric Keys */
2619
* NSSCryptoContext_GenerateSymmetricKey
2623
NSS_EXTERN NSSSymmetricKey *
2624
NSSCryptoContext_GenerateSymmetricKey
2626
NSSCryptoContext *cc,
2627
NSSAlgorithmAndParameters *ap,
2629
NSSToken *destination,
2634
* NSSCryptoContext_GenerateSymmetricKeyFromPassword
2638
NSS_EXTERN NSSSymmetricKey *
2639
NSSCryptoContext_GenerateSymmetricKeyFromPassword
2641
NSSCryptoContext *cc,
2642
NSSAlgorithmAndParameters *ap,
2643
NSSUTF8 *passwordOpt, /* if null, prompt */
2644
NSSToken *destinationOpt,
2649
* NSSCryptoContext_FindSymmetricKeyByAlgorithm
2652
* NSS_EXTERN NSSSymmetricKey *
2653
* NSSCryptoContext_FindSymmetricKeyByType
2655
* NSSCryptoContext *cc,
2657
* NSSCallback *uhhOpt
2662
* NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
2666
NSS_EXTERN NSSSymmetricKey *
2667
NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
2669
NSSCryptoContext *cc,
2676
* NSSCryptoContext_TraverseSymmetricKeys
2679
* NSS_EXTERN PRStatus *
2680
* NSSCryptoContext_TraverseSymmetricKeys
2682
* NSSCryptoContext *cc,
2683
* PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
2688
/* Crypto ops on distinguished keys */
2691
* NSSCryptoContext_Decrypt
2695
NSS_EXTERN NSSItem *
2696
NSSCryptoContext_Decrypt
2698
NSSCryptoContext *cc,
2699
NSSAlgorithmAndParameters *apOpt,
2700
NSSItem *encryptedData,
2701
NSSCallback *uhhOpt,
2707
* NSSCryptoContext_BeginDecrypt
2712
NSSCryptoContext_BeginDecrypt
2714
NSSCryptoContext *cc,
2715
NSSAlgorithmAndParameters *apOpt,
2720
* NSSCryptoContext_ContinueDecrypt
2725
* NSSItem semantics:
2727
* If rvOpt is NULL, a new NSSItem and buffer are allocated.
2728
* If rvOpt is not null, but the buffer pointer is null,
2729
* then rvOpt is returned but a new buffer is allocated.
2730
* In this case, if the length value is not zero, then
2731
* no more than that much space will be allocated.
2732
* If rvOpt is not null and the buffer pointer is not null,
2733
* then that buffer is re-used. No more than the buffer
2734
* length value will be used; if it's not enough, an
2735
* error is returned. If less is used, the number is
2736
* adjusted downwards.
2738
* Note that although this is short of some ideal "Item"
2739
* definition, we can usually tell how big these buffers
2742
* Feedback is requested; and earlier is better than later.
2745
NSS_EXTERN NSSItem *
2746
NSSCryptoContext_ContinueDecrypt
2748
NSSCryptoContext *cc,
2755
* NSSCryptoContext_FinishDecrypt
2759
NSS_EXTERN NSSItem *
2760
NSSCryptoContext_FinishDecrypt
2762
NSSCryptoContext *cc,
2768
* NSSCryptoContext_Sign
2772
NSS_EXTERN NSSItem *
2773
NSSCryptoContext_Sign
2775
NSSCryptoContext *cc,
2776
NSSAlgorithmAndParameters *apOpt,
2778
NSSCallback *uhhOpt,
2784
* NSSCryptoContext_BeginSign
2789
NSSCryptoContext_BeginSign
2791
NSSCryptoContext *cc,
2792
NSSAlgorithmAndParameters *apOpt,
2797
* NSSCryptoContext_ContinueSign
2802
NSSCryptoContext_ContinueSign
2804
NSSCryptoContext *cc,
2809
* NSSCryptoContext_FinishSign
2813
NSS_EXTERN NSSItem *
2814
NSSCryptoContext_FinishSign
2816
NSSCryptoContext *cc,
2822
* NSSCryptoContext_SignRecover
2826
NSS_EXTERN NSSItem *
2827
NSSCryptoContext_SignRecover
2829
NSSCryptoContext *cc,
2830
NSSAlgorithmAndParameters *apOpt,
2832
NSSCallback *uhhOpt,
2838
* NSSCryptoContext_BeginSignRecover
2843
NSSCryptoContext_BeginSignRecover
2845
NSSCryptoContext *cc,
2846
NSSAlgorithmAndParameters *apOpt,
2851
* NSSCryptoContext_ContinueSignRecover
2855
NSS_EXTERN NSSItem *
2856
NSSCryptoContext_ContinueSignRecover
2858
NSSCryptoContext *cc,
2865
* NSSCryptoContext_FinishSignRecover
2869
NSS_EXTERN NSSItem *
2870
NSSCryptoContext_FinishSignRecover
2872
NSSCryptoContext *cc,
2878
* NSSCryptoContext_UnwrapSymmetricKey
2882
NSS_EXTERN NSSSymmetricKey *
2883
NSSCryptoContext_UnwrapSymmetricKey
2885
NSSCryptoContext *cc,
2886
NSSAlgorithmAndParameters *apOpt,
2887
NSSItem *wrappedKey,
2892
* NSSCryptoContext_DeriveSymmetricKey
2896
NSS_EXTERN NSSSymmetricKey *
2897
NSSCryptoContext_DeriveSymmetricKey
2899
NSSCryptoContext *cc,
2901
NSSAlgorithmAndParameters *apOpt,
2903
PRUint32 keySizeOpt, /* zero for best allowed */
2904
NSSOperations operations,
2909
* NSSCryptoContext_Encrypt
2911
* Encrypt a single chunk of data with the distinguished public key
2912
* of this crypto context.
2915
NSS_EXTERN NSSItem *
2916
NSSCryptoContext_Encrypt
2918
NSSCryptoContext *cc,
2919
NSSAlgorithmAndParameters *apOpt,
2921
NSSCallback *uhhOpt,
2927
* NSSCryptoContext_BeginEncrypt
2932
NSSCryptoContext_BeginEncrypt
2934
NSSCryptoContext *cc,
2935
NSSAlgorithmAndParameters *apOpt,
2940
* NSSCryptoContext_ContinueEncrypt
2944
NSS_EXTERN NSSItem *
2945
NSSCryptoContext_ContinueEncrypt
2947
NSSCryptoContext *cc,
2954
* NSSCryptoContext_FinishEncrypt
2958
NSS_EXTERN NSSItem *
2959
NSSCryptoContext_FinishEncrypt
2961
NSSCryptoContext *cc,
2967
* NSSCryptoContext_Verify
2972
NSSCryptoContext_Verify
2974
NSSCryptoContext *cc,
2975
NSSAlgorithmAndParameters *apOpt,
2982
* NSSCryptoContext_BeginVerify
2987
NSSCryptoContext_BeginVerify
2989
NSSCryptoContext *cc,
2990
NSSAlgorithmAndParameters *apOpt,
2996
* NSSCryptoContext_ContinueVerify
3001
NSSCryptoContext_ContinueVerify
3003
NSSCryptoContext *cc,
3008
* NSSCryptoContext_FinishVerify
3013
NSSCryptoContext_FinishVerify
3015
NSSCryptoContext *cc
3019
* NSSCryptoContext_VerifyRecover
3023
NSS_EXTERN NSSItem *
3024
NSSCryptoContext_VerifyRecover
3026
NSSCryptoContext *cc,
3027
NSSAlgorithmAndParameters *apOpt,
3029
NSSCallback *uhhOpt,
3035
* NSSCryptoContext_BeginVerifyRecover
3040
NSSCryptoContext_BeginVerifyRecover
3042
NSSCryptoContext *cc,
3043
NSSAlgorithmAndParameters *apOpt,
3048
* NSSCryptoContext_ContinueVerifyRecover
3052
NSS_EXTERN NSSItem *
3053
NSSCryptoContext_ContinueVerifyRecover
3055
NSSCryptoContext *cc,
3062
* NSSCryptoContext_FinishVerifyRecover
3066
NSS_EXTERN NSSItem *
3067
NSSCryptoContext_FinishVerifyRecover
3069
NSSCryptoContext *cc,
3075
* NSSCryptoContext_WrapSymmetricKey
3079
NSS_EXTERN NSSItem *
3080
NSSCryptoContext_WrapSymmetricKey
3082
NSSCryptoContext *cc,
3083
NSSAlgorithmAndParameters *apOpt,
3084
NSSSymmetricKey *keyToWrap,
3085
NSSCallback *uhhOpt,
3091
* NSSCryptoContext_Digest
3093
* Digest a single chunk of data with the distinguished digest key
3094
* of this crypto context.
3097
NSS_EXTERN NSSItem *
3098
NSSCryptoContext_Digest
3100
NSSCryptoContext *cc,
3101
NSSAlgorithmAndParameters *apOpt,
3103
NSSCallback *uhhOpt,
3109
* NSSCryptoContext_BeginDigest
3114
NSSCryptoContext_BeginDigest
3116
NSSCryptoContext *cc,
3117
NSSAlgorithmAndParameters *apOpt,
3122
* NSSCryptoContext_ContinueDigest
3127
NSSCryptoContext_ContinueDigest
3129
NSSCryptoContext *cc,
3130
NSSAlgorithmAndParameters *apOpt,
3135
* NSSCryptoContext_FinishDigest
3139
NSS_EXTERN NSSItem *
3140
NSSCryptoContext_FinishDigest
3142
NSSCryptoContext *cc,
3148
* tbd: Combination ops
3152
* NSSCryptoContext_Clone
3156
NSS_EXTERN NSSCryptoContext *
3157
NSSCryptoContext_Clone
3159
NSSCryptoContext *cc
3163
* NSSCryptoContext_Save
3164
* NSSCryptoContext_Restore
3166
* We need to be able to save and restore the state of contexts.
3167
* Perhaps a mark-and-release mechanism would be better?
3171
* ..._SignTBSCertificate
3173
* This requires feedback from the cert server team.
3177
* PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);
3178
* PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted);
3180
* These will be helper functions which get the trust object for a cert,
3181
* and then call the corresponding function(s) on it.
3183
* PKIX trust objects will have methods to manipulate the low-level trust
3184
* bits (which are based on key usage and extended key usage), and also the
3185
* conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)
3187
* Other types of trust objects (if any) might have different low-level
3188
* representations, but hopefully high-level concepts would map.
3190
* Only these high-level general routines would be promoted to the
3191
* general certificate level here. Hence the {xxx} above would be things
3192
* like "EmailSigning."
3195
* NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c);
3196
* PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t);
3198
* I want to hold off on any general trust object until we've investigated
3199
* other models more thoroughly.
3204
#endif /* NSSPKI_H */