OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 | 4 |
5 #ifndef NSSPKI_H | 5 #ifndef NSSPKI_H |
6 #define NSSPKI_H | 6 #define NSSPKI_H |
7 | 7 |
8 /* | 8 /* |
9 * nsspki.h | 9 * nsspki.h |
10 * | 10 * |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 * VerifyRecover | 63 * VerifyRecover |
64 * Wrap | 64 * Wrap |
65 * Unwrap | 65 * Unwrap |
66 * Derive | 66 * Derive |
67 * | 67 * |
68 */ | 68 */ |
69 | 69 |
70 /* | 70 /* |
71 * NSSCertificate | 71 * NSSCertificate |
72 * | 72 * |
73 * These things can do crypto ops like public keys, except that the trust, | 73 * These things can do crypto ops like public keys, except that the trust, |
74 * usage, and other constraints are checked. These objects are "high-level," | 74 * usage, and other constraints are checked. These objects are "high-level," |
75 * so trust, usages, etc. are in the form we throw around (client auth, | 75 * so trust, usages, etc. are in the form we throw around (client auth, |
76 * email signing, etc.). Remember that theoretically another implementation | 76 * email signing, etc.). Remember that theoretically another implementation |
77 * (think PGP) could be beneath this object. | 77 * (think PGP) could be beneath this object. |
78 */ | 78 */ |
79 | 79 |
80 /* | 80 /* |
81 * NSSCertificate_Destroy | 81 * NSSCertificate_Destroy |
82 * | 82 * |
83 * Free a pointer to a certificate object. | 83 * Free a pointer to a certificate object. |
84 */ | 84 */ |
85 | 85 |
86 NSS_EXTERN PRStatus | 86 NSS_EXTERN PRStatus NSSCertificate_Destroy(NSSCertificate *c); |
87 NSSCertificate_Destroy | |
88 ( | |
89 NSSCertificate *c | |
90 ); | |
91 | 87 |
92 /* | 88 /* |
93 * NSSCertificate_DeleteStoredObject | 89 * NSSCertificate_DeleteStoredObject |
94 * | 90 * |
95 * Permanently remove this certificate from storage. If this is the | 91 * Permanently remove this certificate from storage. If this is the |
96 * only (remaining) certificate corresponding to a private key, | 92 * only (remaining) certificate corresponding to a private key, |
97 * public key, and/or other object; then that object (those objects) | 93 * public key, and/or other object; then that object (those objects) |
98 * are deleted too. | 94 * are deleted too. |
99 */ | 95 */ |
100 | 96 |
101 NSS_EXTERN PRStatus | 97 NSS_EXTERN PRStatus |
102 NSSCertificate_DeleteStoredObject | 98 NSSCertificate_DeleteStoredObject(NSSCertificate *c, NSSCallback *uhh); |
103 ( | |
104 NSSCertificate *c, | |
105 NSSCallback *uhh | |
106 ); | |
107 | 99 |
108 /* | 100 /* |
109 * NSSCertificate_Validate | 101 * NSSCertificate_Validate |
110 * | 102 * |
111 * Verify that this certificate is trusted, for the specified usage(s), | 103 * Verify that this certificate is trusted, for the specified usage(s), |
112 * at the specified time, {word word} the specified policies. | 104 * at the specified time, {word word} the specified policies. |
113 */ | 105 */ |
114 | 106 |
115 NSS_EXTERN PRStatus | 107 NSS_EXTERN PRStatus |
116 NSSCertificate_Validate | 108 NSSCertificate_Validate(NSSCertificate *c, |
117 ( | 109 NSSTime *timeOpt, /* NULL for "now" */ |
118 NSSCertificate *c, | 110 NSSUsage *usage, |
119 NSSTime *timeOpt, /* NULL for "now" */ | 111 NSSPolicies *policiesOpt /* NULL for none */ |
120 NSSUsage *usage, | 112 ); |
121 NSSPolicies *policiesOpt /* NULL for none */ | |
122 ); | |
123 | 113 |
124 /* | 114 /* |
125 * NSSCertificate_ValidateCompletely | 115 * NSSCertificate_ValidateCompletely |
126 * | 116 * |
127 * Verify that this certificate is trusted. The difference between | 117 * Verify that this certificate is trusted. The difference between |
128 * this and the previous call is that NSSCertificate_Validate merely | 118 * this and the previous call is that NSSCertificate_Validate merely |
129 * returns success or failure with an appropriate error stack. | 119 * returns success or failure with an appropriate error stack. |
130 * However, there may be (and often are) multiple problems with a | 120 * However, there may be (and often are) multiple problems with a |
131 * certificate. This routine returns an array of errors, specifying | 121 * certificate. This routine returns an array of errors, specifying |
132 * every problem. | 122 * every problem. |
133 */ | 123 */ |
134 | 124 |
135 /* | 125 /* |
136 * Return value must be an array of objects, each of which has | 126 * Return value must be an array of objects, each of which has |
137 * an NSSError, and any corresponding certificate (in the chain) | 127 * an NSSError, and any corresponding certificate (in the chain) |
138 * and/or policy. | 128 * and/or policy. |
139 */ | 129 */ |
140 | 130 |
141 NSS_EXTERN void ** /* void *[] */ | 131 NSS_EXTERN void ** /* void *[] */ |
142 NSSCertificate_ValidateCompletely | 132 NSSCertificate_ValidateCompletely( |
143 ( | 133 NSSCertificate *c, NSSTime *timeOpt, /* NULL for "now" */ |
144 NSSCertificate *c, | 134 NSSUsage *usage, NSSPolicies *policiesOpt, /* NULL for none */ |
145 NSSTime *timeOpt, /* NULL for "now" */ | 135 void **rvOpt, /* NULL for allocate */ |
146 NSSUsage *usage, | 136 PRUint32 rvLimit, /* zero for no limit */ |
147 NSSPolicies *policiesOpt, /* NULL for none */ | 137 NSSArena *arenaOpt /* NULL for heap */ |
148 void **rvOpt, /* NULL for allocate */ | 138 ); |
149 PRUint32 rvLimit, /* zero for no limit */ | |
150 NSSArena *arenaOpt /* NULL for heap */ | |
151 ); | |
152 | 139 |
153 /* | 140 /* |
154 * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies | 141 * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies |
155 * | 142 * |
156 * Returns PR_SUCCESS if the certificate is valid for at least something. | 143 * Returns PR_SUCCESS if the certificate is valid for at least something. |
157 */ | 144 */ |
158 | 145 |
159 NSS_EXTERN PRStatus | 146 NSS_EXTERN PRStatus NSSCertificate_ValidateAndDiscoverUsagesAndPolicies( |
160 NSSCertificate_ValidateAndDiscoverUsagesAndPolicies | 147 NSSCertificate *c, NSSTime **notBeforeOutOpt, NSSTime **notAfterOutOpt, |
161 ( | 148 void *allowedUsages, void *disallowedUsages, void *allowedPolicies, |
162 NSSCertificate *c, | 149 void *disallowedPolicies, |
163 NSSTime **notBeforeOutOpt, | 150 /* more args.. work on this fgmr */ |
164 NSSTime **notAfterOutOpt, | 151 NSSArena *arenaOpt); |
165 void *allowedUsages, | |
166 void *disallowedUsages, | |
167 void *allowedPolicies, | |
168 void *disallowedPolicies, | |
169 /* more args.. work on this fgmr */ | |
170 NSSArena *arenaOpt | |
171 ); | |
172 | 152 |
173 /* | 153 /* |
174 * NSSCertificate_Encode | 154 * NSSCertificate_Encode |
175 * | 155 * |
176 */ | 156 */ |
177 | 157 |
178 NSS_EXTERN NSSDER * | 158 NSS_EXTERN NSSDER *NSSCertificate_Encode(NSSCertificate *c, NSSDER *rvOpt, |
179 NSSCertificate_Encode | 159 NSSArena *arenaOpt); |
180 ( | |
181 NSSCertificate *c, | |
182 NSSDER *rvOpt, | |
183 NSSArena *arenaOpt | |
184 ); | |
185 | 160 |
186 /* | 161 /* |
187 * NSSCertificate_BuildChain | 162 * NSSCertificate_BuildChain |
188 * | 163 * |
189 * This routine returns NSSCertificate *'s for each certificate | 164 * This routine returns NSSCertificate *'s for each certificate |
190 * in the "chain" starting from the specified one up to and | 165 * in the "chain" starting from the specified one up to and |
191 * including the root. The zeroth element in the array is the | 166 * including the root. The zeroth element in the array is the |
192 * specified ("leaf") certificate. | 167 * specified ("leaf") certificate. |
193 * | 168 * |
194 * If statusOpt is supplied, and is returned as PR_FAILURE, possible | 169 * If statusOpt is supplied, and is returned as PR_FAILURE, possible |
195 * error values are: | 170 * error values are: |
196 * | 171 * |
197 * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete | 172 * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete |
198 * | 173 * |
199 */ | 174 */ |
200 | 175 |
201 extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND; | 176 extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND; |
202 | 177 |
203 NSS_EXTERN NSSCertificate ** | 178 NSS_EXTERN NSSCertificate **NSSCertificate_BuildChain( |
204 NSSCertificate_BuildChain | 179 NSSCertificate *c, NSSTime *timeOpt, NSSUsage *usage, |
205 ( | 180 NSSPolicies *policiesOpt, NSSCertificate **rvOpt, |
206 NSSCertificate *c, | 181 PRUint32 rvLimit, /* zero for no limit */ |
207 NSSTime *timeOpt, | 182 NSSArena *arenaOpt, PRStatus *statusOpt, NSSTrustDomain *td, |
208 NSSUsage *usage, | 183 NSSCryptoContext *cc); |
209 NSSPolicies *policiesOpt, | |
210 NSSCertificate **rvOpt, | |
211 PRUint32 rvLimit, /* zero for no limit */ | |
212 NSSArena *arenaOpt, | |
213 PRStatus *statusOpt, | |
214 NSSTrustDomain *td, | |
215 NSSCryptoContext *cc· | |
216 ); | |
217 | 184 |
218 /* | 185 /* |
219 * NSSCertificate_GetTrustDomain | 186 * NSSCertificate_GetTrustDomain |
220 * | 187 * |
221 */ | 188 */ |
222 | 189 |
223 NSS_EXTERN NSSTrustDomain * | 190 NSS_EXTERN NSSTrustDomain *NSSCertificate_GetTrustDomain(NSSCertificate *c); |
224 NSSCertificate_GetTrustDomain | |
225 ( | |
226 NSSCertificate *c | |
227 ); | |
228 | 191 |
229 /* | 192 /* |
230 * NSSCertificate_GetToken | 193 * NSSCertificate_GetToken |
231 * | 194 * |
232 * There doesn't have to be one. | 195 * There doesn't have to be one. |
233 */ | 196 */ |
234 | 197 |
235 NSS_EXTERN NSSToken * | 198 NSS_EXTERN NSSToken *NSSCertificate_GetToken(NSSCertificate *c, |
236 NSSCertificate_GetToken | 199 PRStatus *statusOpt); |
237 ( | |
238 NSSCertificate *c, | |
239 PRStatus *statusOpt | |
240 ); | |
241 | 200 |
242 /* | 201 /* |
243 * NSSCertificate_GetSlot | 202 * NSSCertificate_GetSlot |
244 * | 203 * |
245 * There doesn't have to be one. | 204 * There doesn't have to be one. |
246 */ | 205 */ |
247 | 206 |
248 NSS_EXTERN NSSSlot * | 207 NSS_EXTERN NSSSlot *NSSCertificate_GetSlot(NSSCertificate *c, |
249 NSSCertificate_GetSlot | 208 PRStatus *statusOpt); |
250 ( | |
251 NSSCertificate *c, | |
252 PRStatus *statusOpt | |
253 ); | |
254 | 209 |
255 /* | 210 /* |
256 * NSSCertificate_GetModule | 211 * NSSCertificate_GetModule |
257 * | 212 * |
258 * There doesn't have to be one. | 213 * There doesn't have to be one. |
259 */ | 214 */ |
260 | 215 |
261 NSS_EXTERN NSSModule * | 216 NSS_EXTERN NSSModule *NSSCertificate_GetModule(NSSCertificate *c, |
262 NSSCertificate_GetModule | 217 PRStatus *statusOpt); |
263 ( | |
264 NSSCertificate *c, | |
265 PRStatus *statusOpt | |
266 ); | |
267 | 218 |
268 /* | 219 /* |
269 * NSSCertificate_Encrypt | 220 * NSSCertificate_Encrypt |
270 * | 221 * |
271 * Encrypt a single chunk of data with the public key corresponding to | 222 * Encrypt a single chunk of data with the public key corresponding to |
272 * this certificate. | 223 * this certificate. |
273 */ | 224 */ |
274 | 225 |
275 NSS_EXTERN NSSItem * | 226 NSS_EXTERN NSSItem *NSSCertificate_Encrypt( |
276 NSSCertificate_Encrypt | 227 NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
277 ( | 228 NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, |
278 NSSCertificate *c, | 229 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
279 NSSAlgorithmAndParameters *apOpt, | |
280 NSSItem *data, | |
281 NSSTime *timeOpt, | |
282 NSSUsage *usage, | |
283 NSSPolicies *policiesOpt, | |
284 NSSCallback *uhh, | |
285 NSSItem *rvOpt, | |
286 NSSArena *arenaOpt | |
287 ); | |
288 | 230 |
289 /* | 231 /* |
290 * NSSCertificate_Verify | 232 * NSSCertificate_Verify |
291 * | 233 * |
292 */ | 234 */ |
293 | 235 |
294 NSS_EXTERN PRStatus | 236 NSS_EXTERN PRStatus |
295 NSSCertificate_Verify | 237 NSSCertificate_Verify(NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, |
296 ( | 238 NSSItem *data, NSSItem *signature, NSSTime *timeOpt, |
297 NSSCertificate *c, | 239 NSSUsage *usage, NSSPolicies *policiesOpt, |
298 NSSAlgorithmAndParameters *apOpt, | 240 NSSCallback *uhh); |
299 NSSItem *data, | |
300 NSSItem *signature, | |
301 NSSTime *timeOpt, | |
302 NSSUsage *usage, | |
303 NSSPolicies *policiesOpt, | |
304 NSSCallback *uhh | |
305 ); | |
306 | 241 |
307 /* | 242 /* |
308 * NSSCertificate_VerifyRecover | 243 * NSSCertificate_VerifyRecover |
309 * | 244 * |
310 */ | 245 */ |
311 | 246 |
312 NSS_EXTERN NSSItem * | 247 NSS_EXTERN NSSItem *NSSCertificate_VerifyRecover( |
313 NSSCertificate_VerifyRecover | 248 NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSItem *signature, |
314 ( | 249 NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, |
315 NSSCertificate *c, | 250 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
316 NSSAlgorithmAndParameters *apOpt, | |
317 NSSItem *signature, | |
318 NSSTime *timeOpt, | |
319 NSSUsage *usage, | |
320 NSSPolicies *policiesOpt, | |
321 NSSCallback *uhh, | |
322 NSSItem *rvOpt, | |
323 NSSArena *arenaOpt | |
324 ); | |
325 | 251 |
326 /* | 252 /* |
327 * NSSCertificate_WrapSymmetricKey | 253 * NSSCertificate_WrapSymmetricKey |
328 * | 254 * |
329 * This method tries very hard to to succeed, even in situations | 255 * This method tries very hard to to succeed, even in situations |
330 * involving sensitive keys and multiple modules. | 256 * involving sensitive keys and multiple modules. |
331 * { relyea: want to add verbiage? } | 257 * { relyea: want to add verbiage? } |
332 */ | 258 */ |
333 | 259 |
334 NSS_EXTERN NSSItem * | 260 NSS_EXTERN NSSItem *NSSCertificate_WrapSymmetricKey( |
335 NSSCertificate_WrapSymmetricKey | 261 NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, |
336 ( | 262 NSSSymmetricKey *keyToWrap, NSSTime *timeOpt, NSSUsage *usage, |
337 NSSCertificate *c, | 263 NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, |
338 NSSAlgorithmAndParameters *apOpt, | 264 NSSArena *arenaOpt); |
339 NSSSymmetricKey *keyToWrap, | |
340 NSSTime *timeOpt, | |
341 NSSUsage *usage, | |
342 NSSPolicies *policiesOpt, | |
343 NSSCallback *uhh, | |
344 NSSItem *rvOpt, | |
345 NSSArena *arenaOpt | |
346 ); | |
347 | 265 |
348 /* | 266 /* |
349 * NSSCertificate_CreateCryptoContext | 267 * NSSCertificate_CreateCryptoContext |
350 * | 268 * |
351 * Create a crypto context, in this certificate's trust domain, with this | 269 * Create a crypto context, in this certificate's trust domain, with this |
352 * as the distinguished certificate. | 270 * as the distinguished certificate. |
353 */ | 271 */ |
354 | 272 |
355 NSS_EXTERN NSSCryptoContext * | 273 NSS_EXTERN NSSCryptoContext *NSSCertificate_CreateCryptoContext( |
356 NSSCertificate_CreateCryptoContext | 274 NSSCertificate *c, NSSAlgorithmAndParameters *apOpt, NSSTime *timeOpt, |
357 ( | 275 NSSUsage *usage, NSSPolicies *policiesOpt, NSSCallback *uhh); |
358 NSSCertificate *c, | |
359 NSSAlgorithmAndParameters *apOpt, | |
360 NSSTime *timeOpt, | |
361 NSSUsage *usage, | |
362 NSSPolicies *policiesOpt, | |
363 NSSCallback *uhh·· | |
364 ); | |
365 | 276 |
366 /* | 277 /* |
367 * NSSCertificate_GetPublicKey | 278 * NSSCertificate_GetPublicKey |
368 * | 279 * |
369 * Returns the public key corresponding to this certificate. | 280 * Returns the public key corresponding to this certificate. |
370 */ | 281 */ |
371 | 282 |
372 NSS_EXTERN NSSPublicKey * | 283 NSS_EXTERN NSSPublicKey *NSSCertificate_GetPublicKey(NSSCertificate *c); |
373 NSSCertificate_GetPublicKey | |
374 ( | |
375 NSSCertificate *c | |
376 ); | |
377 | 284 |
378 /* | 285 /* |
379 * NSSCertificate_FindPrivateKey | 286 * NSSCertificate_FindPrivateKey |
380 * | 287 * |
381 * Finds and returns the private key corresponding to this certificate, | 288 * Finds and returns the private key corresponding to this certificate, |
382 * if it is available. | 289 * if it is available. |
383 * | 290 * |
384 * { Should this hang off of NSSUserCertificate? } | 291 * { Should this hang off of NSSUserCertificate? } |
385 */ | 292 */ |
386 | 293 |
387 NSS_EXTERN NSSPrivateKey * | 294 NSS_EXTERN NSSPrivateKey *NSSCertificate_FindPrivateKey(NSSCertificate *c, |
388 NSSCertificate_FindPrivateKey | 295 NSSCallback *uhh); |
389 ( | |
390 NSSCertificate *c, | |
391 NSSCallback *uhh | |
392 ); | |
393 | 296 |
394 /* | 297 /* |
395 * NSSCertificate_IsPrivateKeyAvailable | 298 * NSSCertificate_IsPrivateKeyAvailable |
396 * | 299 * |
397 * Returns success if the private key corresponding to this certificate | 300 * Returns success if the private key corresponding to this certificate |
398 * is available to be used. | 301 * is available to be used. |
399 * | 302 * |
400 * { Should *this* hang off of NSSUserCertificate?? } | 303 * { Should *this* hang off of NSSUserCertificate?? } |
401 */ | 304 */ |
402 | 305 |
403 NSS_EXTERN PRBool | 306 NSS_EXTERN PRBool NSSCertificate_IsPrivateKeyAvailable(NSSCertificate *c, |
404 NSSCertificate_IsPrivateKeyAvailable | 307 NSSCallback *uhh, |
405 ( | 308 PRStatus *statusOpt); |
406 NSSCertificate *c, | |
407 NSSCallback *uhh, | |
408 PRStatus *statusOpt | |
409 ); | |
410 | 309 |
411 /* | 310 /* |
412 * If we make NSSUserCertificate not a typedef of NSSCertificate, | 311 * If we make NSSUserCertificate not a typedef of NSSCertificate, |
413 * then we'll need implementations of the following: | 312 * then we'll need implementations of the following: |
414 * | 313 * |
415 * NSSUserCertificate_Destroy | 314 * NSSUserCertificate_Destroy |
416 * NSSUserCertificate_DeleteStoredObject | 315 * NSSUserCertificate_DeleteStoredObject |
417 * NSSUserCertificate_Validate | 316 * NSSUserCertificate_Validate |
418 * NSSUserCertificate_ValidateCompletely | 317 * NSSUserCertificate_ValidateCompletely |
419 * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies | 318 * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies |
420 * NSSUserCertificate_Encode | 319 * NSSUserCertificate_Encode |
421 * NSSUserCertificate_BuildChain | 320 * NSSUserCertificate_BuildChain |
422 * NSSUserCertificate_GetTrustDomain | 321 * NSSUserCertificate_GetTrustDomain |
423 * NSSUserCertificate_GetToken | 322 * NSSUserCertificate_GetToken |
424 * NSSUserCertificate_GetSlot | 323 * NSSUserCertificate_GetSlot |
425 * NSSUserCertificate_GetModule | 324 * NSSUserCertificate_GetModule |
426 * NSSUserCertificate_GetCryptoContext | 325 * NSSUserCertificate_GetCryptoContext |
427 * NSSUserCertificate_GetPublicKey | 326 * NSSUserCertificate_GetPublicKey |
428 */ | 327 */ |
429 | 328 |
430 /* | 329 /* |
431 * NSSUserCertificate_IsStillPresent | 330 * NSSUserCertificate_IsStillPresent |
432 * | 331 * |
433 * Verify that if this certificate lives on a token, that the token | 332 * Verify that if this certificate lives on a token, that the token |
434 * is still present and the certificate still exists. This is a | 333 * is still present and the certificate still exists. This is a |
435 * lightweight call which should be used whenever it should be | 334 * lightweight call which should be used whenever it should be |
436 * verified that the user hasn't perhaps popped out his or her | 335 * verified that the user hasn't perhaps popped out his or her |
437 * token and strolled away. | 336 * token and strolled away. |
438 */ | 337 */ |
439 | 338 |
440 NSS_EXTERN PRBool | 339 NSS_EXTERN PRBool NSSUserCertificate_IsStillPresent(NSSUserCertificate *uc, |
441 NSSUserCertificate_IsStillPresent | 340 PRStatus *statusOpt); |
442 ( | |
443 NSSUserCertificate *uc, | |
444 PRStatus *statusOpt | |
445 ); | |
446 | 341 |
447 /* | 342 /* |
448 * NSSUserCertificate_Decrypt | 343 * NSSUserCertificate_Decrypt |
449 * | 344 * |
450 * Decrypt a single chunk of data with the private key corresponding | 345 * Decrypt a single chunk of data with the private key corresponding |
451 * to this certificate. | 346 * to this certificate. |
452 */ | 347 */ |
453 | 348 |
454 NSS_EXTERN NSSItem * | 349 NSS_EXTERN NSSItem *NSSUserCertificate_Decrypt( |
455 NSSUserCertificate_Decrypt | 350 NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
456 ( | 351 NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, |
457 NSSUserCertificate *uc, | 352 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
458 NSSAlgorithmAndParameters *apOpt, | |
459 NSSItem *data, | |
460 NSSTime *timeOpt, | |
461 NSSUsage *usage, | |
462 NSSPolicies *policiesOpt, | |
463 NSSCallback *uhh, | |
464 NSSItem *rvOpt, | |
465 NSSArena *arenaOpt | |
466 ); | |
467 | 353 |
468 /* | 354 /* |
469 * NSSUserCertificate_Sign | 355 * NSSUserCertificate_Sign |
470 * | 356 * |
471 */ | 357 */ |
472 | 358 |
473 NSS_EXTERN NSSItem * | 359 NSS_EXTERN NSSItem *NSSUserCertificate_Sign( |
474 NSSUserCertificate_Sign | 360 NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
475 ( | 361 NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, |
476 NSSUserCertificate *uc, | 362 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
477 NSSAlgorithmAndParameters *apOpt, | |
478 NSSItem *data, | |
479 NSSTime *timeOpt, | |
480 NSSUsage *usage, | |
481 NSSPolicies *policiesOpt, | |
482 NSSCallback *uhh, | |
483 NSSItem *rvOpt, | |
484 NSSArena *arenaOpt | |
485 ); | |
486 | 363 |
487 /* | 364 /* |
488 * NSSUserCertificate_SignRecover | 365 * NSSUserCertificate_SignRecover |
489 * | 366 * |
490 */ | 367 */ |
491 | 368 |
492 NSS_EXTERN NSSItem * | 369 NSS_EXTERN NSSItem *NSSUserCertificate_SignRecover( |
493 NSSUserCertificate_SignRecover | 370 NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
494 ( | 371 NSSTime *timeOpt, NSSUsage *usage, NSSPolicies *policiesOpt, |
495 NSSUserCertificate *uc, | 372 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
496 NSSAlgorithmAndParameters *apOpt, | |
497 NSSItem *data, | |
498 NSSTime *timeOpt, | |
499 NSSUsage *usage, | |
500 NSSPolicies *policiesOpt, | |
501 NSSCallback *uhh, | |
502 NSSItem *rvOpt, | |
503 NSSArena *arenaOpt | |
504 ); | |
505 | 373 |
506 /* | 374 /* |
507 * NSSUserCertificate_UnwrapSymmetricKey | 375 * NSSUserCertificate_UnwrapSymmetricKey |
508 * | 376 * |
509 */ | 377 */ |
510 | 378 |
511 NSS_EXTERN NSSSymmetricKey * | 379 NSS_EXTERN NSSSymmetricKey *NSSUserCertificate_UnwrapSymmetricKey( |
512 NSSUserCertificate_UnwrapSymmetricKey | 380 NSSUserCertificate *uc, NSSAlgorithmAndParameters *apOpt, |
513 ( | 381 NSSItem *wrappedKey, NSSTime *timeOpt, NSSUsage *usage, |
514 NSSUserCertificate *uc, | 382 NSSPolicies *policiesOpt, NSSCallback *uhh, NSSItem *rvOpt, |
515 NSSAlgorithmAndParameters *apOpt, | 383 NSSArena *arenaOpt); |
516 NSSItem *wrappedKey, | |
517 NSSTime *timeOpt, | |
518 NSSUsage *usage, | |
519 NSSPolicies *policiesOpt, | |
520 NSSCallback *uhh, | |
521 NSSItem *rvOpt, | |
522 NSSArena *arenaOpt | |
523 ); | |
524 | 384 |
525 /* | 385 /* |
526 * NSSUserCertificate_DeriveSymmetricKey | 386 * NSSUserCertificate_DeriveSymmetricKey |
527 * | 387 * |
528 */ | 388 */ |
529 | 389 |
530 NSS_EXTERN NSSSymmetricKey * | 390 NSS_EXTERN NSSSymmetricKey *NSSUserCertificate_DeriveSymmetricKey( |
531 NSSUserCertificate_DeriveSymmetricKey | 391 NSSUserCertificate *uc, /* provides private key */ |
532 ( | 392 NSSCertificate *c, /* provides public key */ |
533 NSSUserCertificate *uc, /* provides private key */ | 393 NSSAlgorithmAndParameters *apOpt, NSSOID *target, |
534 NSSCertificate *c, /* provides public key */ | 394 PRUint32 keySizeOpt, /* zero for best allowed */ |
535 NSSAlgorithmAndParameters *apOpt, | 395 NSSOperations operations, NSSCallback *uhh); |
536 NSSOID *target, | |
537 PRUint32 keySizeOpt, /* zero for best allowed */ | |
538 NSSOperations operations, | |
539 NSSCallback *uhh | |
540 ); | |
541 | 396 |
542 /* filter-certs function(s) */ | 397 /* filter-certs function(s) */ |
543 | 398 |
544 /** | 399 /** |
545 ** fgmr -- trust objects | 400 ** fgmr -- trust objects |
546 **/ | 401 **/ |
547 | 402 |
548 /* | 403 /* |
549 * NSSPrivateKey | 404 * NSSPrivateKey |
550 * | 405 * |
551 */ | 406 */ |
552 | 407 |
553 /* | 408 /* |
554 * NSSPrivateKey_Destroy | 409 * NSSPrivateKey_Destroy |
555 * | 410 * |
556 * Free a pointer to a private key object. | 411 * Free a pointer to a private key object. |
557 */ | 412 */ |
558 | 413 |
559 NSS_EXTERN PRStatus | 414 NSS_EXTERN PRStatus NSSPrivateKey_Destroy(NSSPrivateKey *vk); |
560 NSSPrivateKey_Destroy | |
561 ( | |
562 NSSPrivateKey *vk | |
563 ); | |
564 | 415 |
565 /* | 416 /* |
566 * NSSPrivateKey_DeleteStoredObject | 417 * NSSPrivateKey_DeleteStoredObject |
567 * | 418 * |
568 * Permanently remove this object, and any related objects (such as the | 419 * Permanently remove this object, and any related objects (such as the |
569 * certificates corresponding to this key). | 420 * certificates corresponding to this key). |
570 */ | 421 */ |
571 | 422 |
572 NSS_EXTERN PRStatus | 423 NSS_EXTERN PRStatus |
573 NSSPrivateKey_DeleteStoredObject | 424 NSSPrivateKey_DeleteStoredObject(NSSPrivateKey *vk, NSSCallback *uhh); |
574 ( | |
575 NSSPrivateKey *vk, | |
576 NSSCallback *uhh | |
577 ); | |
578 | 425 |
579 /* | 426 /* |
580 * NSSPrivateKey_GetSignatureLength | 427 * NSSPrivateKey_GetSignatureLength |
581 * | 428 * |
582 */ | 429 */ |
583 | 430 |
584 NSS_EXTERN PRUint32 | 431 NSS_EXTERN PRUint32 NSSPrivateKey_GetSignatureLength(NSSPrivateKey *vk); |
585 NSSPrivateKey_GetSignatureLength | |
586 ( | |
587 NSSPrivateKey *vk | |
588 ); | |
589 | 432 |
590 /* | 433 /* |
591 * NSSPrivateKey_GetPrivateModulusLength | 434 * NSSPrivateKey_GetPrivateModulusLength |
592 * | 435 * |
593 */ | 436 */ |
594 | 437 |
595 NSS_EXTERN PRUint32 | 438 NSS_EXTERN PRUint32 NSSPrivateKey_GetPrivateModulusLength(NSSPrivateKey *vk); |
596 NSSPrivateKey_GetPrivateModulusLength | |
597 ( | |
598 NSSPrivateKey *vk | |
599 ); | |
600 | 439 |
601 /* | 440 /* |
602 * NSSPrivateKey_IsStillPresent | 441 * NSSPrivateKey_IsStillPresent |
603 * | 442 * |
604 */ | 443 */ |
605 | 444 |
606 NSS_EXTERN PRBool | 445 NSS_EXTERN PRBool |
607 NSSPrivateKey_IsStillPresent | 446 NSSPrivateKey_IsStillPresent(NSSPrivateKey *vk, PRStatus *statusOpt); |
608 ( | |
609 NSSPrivateKey *vk, | |
610 PRStatus *statusOpt | |
611 ); | |
612 | 447 |
613 /* | 448 /* |
614 * NSSPrivateKey_Encode | 449 * NSSPrivateKey_Encode |
615 * | 450 * |
616 */ | 451 */ |
617 | 452 |
618 NSS_EXTERN NSSItem * | 453 NSS_EXTERN NSSItem *NSSPrivateKey_Encode( |
619 NSSPrivateKey_Encode | 454 NSSPrivateKey *vk, NSSAlgorithmAndParameters *ap, |
620 ( | 455 NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ |
621 NSSPrivateKey *vk, | 456 NSSCallback *uhhOpt, NSSItem *rvOpt, NSSArena *arenaOpt); |
622 NSSAlgorithmAndParameters *ap, | |
623 NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ | |
624 NSSCallback *uhhOpt, | |
625 NSSItem *rvOpt, | |
626 NSSArena *arenaOpt | |
627 ); | |
628 | 457 |
629 /* | 458 /* |
630 * NSSPrivateKey_GetTrustDomain | 459 * NSSPrivateKey_GetTrustDomain |
631 * | 460 * |
632 * There doesn't have to be one. | 461 * There doesn't have to be one. |
633 */ | 462 */ |
634 | 463 |
635 NSS_EXTERN NSSTrustDomain * | 464 NSS_EXTERN NSSTrustDomain *NSSPrivateKey_GetTrustDomain(NSSPrivateKey *vk, |
636 NSSPrivateKey_GetTrustDomain | 465 PRStatus *statusOpt); |
637 ( | |
638 NSSPrivateKey *vk, | |
639 PRStatus *statusOpt | |
640 ); | |
641 | 466 |
642 /* | 467 /* |
643 * NSSPrivateKey_GetToken | 468 * NSSPrivateKey_GetToken |
644 * | 469 * |
645 */ | 470 */ |
646 | 471 |
647 NSS_EXTERN NSSToken * | 472 NSS_EXTERN NSSToken *NSSPrivateKey_GetToken(NSSPrivateKey *vk); |
648 NSSPrivateKey_GetToken | |
649 ( | |
650 NSSPrivateKey *vk | |
651 ); | |
652 | 473 |
653 /* | 474 /* |
654 * NSSPrivateKey_GetSlot | 475 * NSSPrivateKey_GetSlot |
655 * | 476 * |
656 */ | 477 */ |
657 | 478 |
658 NSS_EXTERN NSSSlot * | 479 NSS_EXTERN NSSSlot *NSSPrivateKey_GetSlot(NSSPrivateKey *vk); |
659 NSSPrivateKey_GetSlot | |
660 ( | |
661 NSSPrivateKey *vk | |
662 ); | |
663 | 480 |
664 /* | 481 /* |
665 * NSSPrivateKey_GetModule | 482 * NSSPrivateKey_GetModule |
666 * | 483 * |
667 */ | 484 */ |
668 | 485 |
669 NSS_EXTERN NSSModule * | 486 NSS_EXTERN NSSModule *NSSPrivateKey_GetModule(NSSPrivateKey *vk); |
670 NSSPrivateKey_GetModule | |
671 ( | |
672 NSSPrivateKey *vk | |
673 ); | |
674 | 487 |
675 /* | 488 /* |
676 * NSSPrivateKey_Decrypt | 489 * NSSPrivateKey_Decrypt |
677 * | 490 * |
678 */ | 491 */ |
679 | 492 |
680 NSS_EXTERN NSSItem * | 493 NSS_EXTERN NSSItem *NSSPrivateKey_Decrypt(NSSPrivateKey *vk, |
681 NSSPrivateKey_Decrypt | 494 NSSAlgorithmAndParameters *apOpt, |
682 ( | 495 NSSItem *encryptedData, |
683 NSSPrivateKey *vk, | 496 NSSCallback *uhh, NSSItem *rvOpt, |
684 NSSAlgorithmAndParameters *apOpt, | 497 NSSArena *arenaOpt); |
685 NSSItem *encryptedData, | |
686 NSSCallback *uhh, | |
687 NSSItem *rvOpt, | |
688 NSSArena *arenaOpt | |
689 ); | |
690 | 498 |
691 /* | 499 /* |
692 * NSSPrivateKey_Sign | 500 * NSSPrivateKey_Sign |
693 * | 501 * |
694 */ | 502 */ |
695 | 503 |
696 NSS_EXTERN NSSItem * | 504 NSS_EXTERN NSSItem *NSSPrivateKey_Sign(NSSPrivateKey *vk, |
697 NSSPrivateKey_Sign | 505 NSSAlgorithmAndParameters *apOpt, |
698 ( | 506 NSSItem *data, NSSCallback *uhh, |
699 NSSPrivateKey *vk, | 507 NSSItem *rvOpt, NSSArena *arenaOpt); |
700 NSSAlgorithmAndParameters *apOpt, | |
701 NSSItem *data, | |
702 NSSCallback *uhh, | |
703 NSSItem *rvOpt, | |
704 NSSArena *arenaOpt | |
705 ); | |
706 | 508 |
707 /* | 509 /* |
708 * NSSPrivateKey_SignRecover | 510 * NSSPrivateKey_SignRecover |
709 * | 511 * |
710 */ | 512 */ |
711 | 513 |
712 NSS_EXTERN NSSItem * | 514 NSS_EXTERN NSSItem *NSSPrivateKey_SignRecover(NSSPrivateKey *vk, |
713 NSSPrivateKey_SignRecover | 515 NSSAlgorithmAndParameters *apOpt, |
714 ( | 516 NSSItem *data, NSSCallback *uhh, |
715 NSSPrivateKey *vk, | 517 NSSItem *rvOpt, |
716 NSSAlgorithmAndParameters *apOpt, | 518 NSSArena *arenaOpt); |
717 NSSItem *data, | |
718 NSSCallback *uhh, | |
719 NSSItem *rvOpt, | |
720 NSSArena *arenaOpt | |
721 ); | |
722 | 519 |
723 /* | 520 /* |
724 * NSSPrivateKey_UnwrapSymmetricKey | 521 * NSSPrivateKey_UnwrapSymmetricKey |
725 * | 522 * |
726 */ | 523 */ |
727 | 524 |
728 NSS_EXTERN NSSSymmetricKey * | 525 NSS_EXTERN NSSSymmetricKey *NSSPrivateKey_UnwrapSymmetricKey( |
729 NSSPrivateKey_UnwrapSymmetricKey | 526 NSSPrivateKey *vk, NSSAlgorithmAndParameters *apOpt, NSSItem *wrappedKey, |
730 ( | 527 NSSCallback *uhh); |
731 NSSPrivateKey *vk, | |
732 NSSAlgorithmAndParameters *apOpt, | |
733 NSSItem *wrappedKey, | |
734 NSSCallback *uhh | |
735 ); | |
736 | 528 |
737 /* | 529 /* |
738 * NSSPrivateKey_DeriveSymmetricKey | 530 * NSSPrivateKey_DeriveSymmetricKey |
739 * | 531 * |
740 */ | 532 */ |
741 | 533 |
742 NSS_EXTERN NSSSymmetricKey * | 534 NSS_EXTERN NSSSymmetricKey *NSSPrivateKey_DeriveSymmetricKey( |
743 NSSPrivateKey_DeriveSymmetricKey | 535 NSSPrivateKey *vk, NSSPublicKey *bk, NSSAlgorithmAndParameters *apOpt, |
744 ( | 536 NSSOID *target, PRUint32 keySizeOpt, /* zero for best allowed */ |
745 NSSPrivateKey *vk, | 537 NSSOperations operations, NSSCallback *uhh); |
746 NSSPublicKey *bk, | |
747 NSSAlgorithmAndParameters *apOpt, | |
748 NSSOID *target, | |
749 PRUint32 keySizeOpt, /* zero for best allowed */ | |
750 NSSOperations operations, | |
751 NSSCallback *uhh | |
752 ); | |
753 | 538 |
754 /* | 539 /* |
755 * NSSPrivateKey_FindPublicKey | 540 * NSSPrivateKey_FindPublicKey |
756 * | 541 * |
757 */ | 542 */ |
758 | 543 |
759 NSS_EXTERN NSSPublicKey * | 544 NSS_EXTERN NSSPublicKey *NSSPrivateKey_FindPublicKey( |
760 NSSPrivateKey_FindPublicKey | 545 NSSPrivateKey *vk |
761 ( | 546 /* { don't need the callback here, right? } */ |
762 NSSPrivateKey *vk | 547 ); |
763 /* { don't need the callback here, right? } */ | |
764 ); | |
765 | 548 |
766 /* | 549 /* |
767 * NSSPrivateKey_CreateCryptoContext | 550 * NSSPrivateKey_CreateCryptoContext |
768 * | 551 * |
769 * Create a crypto context, in this key's trust domain, | 552 * Create a crypto context, in this key's trust domain, |
770 * with this as the distinguished private key. | 553 * with this as the distinguished private key. |
771 */ | 554 */ |
772 | 555 |
773 NSS_EXTERN NSSCryptoContext * | 556 NSS_EXTERN NSSCryptoContext *NSSPrivateKey_CreateCryptoContext( |
774 NSSPrivateKey_CreateCryptoContext | 557 NSSPrivateKey *vk, NSSAlgorithmAndParameters *apOpt, NSSCallback *uhh); |
775 ( | |
776 NSSPrivateKey *vk, | |
777 NSSAlgorithmAndParameters *apOpt, | |
778 NSSCallback *uhh | |
779 ); | |
780 | 558 |
781 /* | 559 /* |
782 * NSSPrivateKey_FindCertificates | 560 * NSSPrivateKey_FindCertificates |
783 * | 561 * |
784 * Note that there may be more than one certificate for this | 562 * Note that there may be more than one certificate for this |
785 * private key. { FilterCertificates function to further | 563 * private key. { FilterCertificates function to further |
786 * reduce the list. } | 564 * reduce the list. } |
787 */ | 565 */ |
788 | 566 |
789 NSS_EXTERN NSSCertificate ** | 567 NSS_EXTERN NSSCertificate **NSSPrivateKey_FindCertificates( |
790 NSSPrivateKey_FindCertificates | 568 NSSPrivateKey *vk, NSSCertificate *rvOpt[], |
791 ( | 569 PRUint32 maximumOpt, /* 0 for no max */ |
792 NSSPrivateKey *vk, | 570 NSSArena *arenaOpt); |
793 NSSCertificate *rvOpt[], | |
794 PRUint32 maximumOpt, /* 0 for no max */ | |
795 NSSArena *arenaOpt | |
796 ); | |
797 | 571 |
798 /* | 572 /* |
799 * NSSPrivateKey_FindBestCertificate | 573 * NSSPrivateKey_FindBestCertificate |
800 * | 574 * |
801 * The parameters for this function will depend on what the users | 575 * The parameters for this function will depend on what the users |
802 * need. This is just a starting point. | 576 * need. This is just a starting point. |
803 */ | 577 */ |
804 | 578 |
805 NSS_EXTERN NSSCertificate * | 579 NSS_EXTERN NSSCertificate *NSSPrivateKey_FindBestCertificate( |
806 NSSPrivateKey_FindBestCertificate | 580 NSSPrivateKey *vk, NSSTime *timeOpt, NSSUsage *usageOpt, |
807 ( | 581 NSSPolicies *policiesOpt); |
808 NSSPrivateKey *vk, | |
809 NSSTime *timeOpt, | |
810 NSSUsage *usageOpt, | |
811 NSSPolicies *policiesOpt | |
812 ); | |
813 | 582 |
814 /* | 583 /* |
815 * NSSPublicKey | 584 * NSSPublicKey |
816 * | 585 * |
817 * Once you generate, find, or derive one of these, you can use it | 586 * Once you generate, find, or derive one of these, you can use it |
818 * to perform (simple) cryptographic operations. Though there may | 587 * to perform (simple) cryptographic operations. Though there may |
819 * be certificates associated with these public keys, they are not | 588 * be certificates associated with these public keys, they are not |
820 * verified. | 589 * verified. |
821 */ | 590 */ |
822 | 591 |
823 /* | 592 /* |
824 * NSSPublicKey_Destroy | 593 * NSSPublicKey_Destroy |
825 * | 594 * |
826 * Free a pointer to a public key object. | 595 * Free a pointer to a public key object. |
827 */ | 596 */ |
828 | 597 |
829 NSS_EXTERN PRStatus | 598 NSS_EXTERN PRStatus NSSPublicKey_Destroy(NSSPublicKey *bk); |
830 NSSPublicKey_Destroy | |
831 ( | |
832 NSSPublicKey *bk | |
833 ); | |
834 | 599 |
835 /* | 600 /* |
836 * NSSPublicKey_DeleteStoredObject | 601 * NSSPublicKey_DeleteStoredObject |
837 * | 602 * |
838 * Permanently remove this object, and any related objects (such as the | 603 * Permanently remove this object, and any related objects (such as the |
839 * corresponding private keys and certificates). | 604 * corresponding private keys and certificates). |
840 */ | 605 */ |
841 | 606 |
842 NSS_EXTERN PRStatus | 607 NSS_EXTERN PRStatus |
843 NSSPublicKey_DeleteStoredObject | 608 NSSPublicKey_DeleteStoredObject(NSSPublicKey *bk, NSSCallback *uhh); |
844 ( | |
845 NSSPublicKey *bk, | |
846 NSSCallback *uhh | |
847 ); | |
848 | 609 |
849 /* | 610 /* |
850 * NSSPublicKey_Encode | 611 * NSSPublicKey_Encode |
851 * | 612 * |
852 */ | 613 */ |
853 | 614 |
854 NSS_EXTERN NSSItem * | 615 NSS_EXTERN NSSItem *NSSPublicKey_Encode(NSSPublicKey *bk, |
855 NSSPublicKey_Encode | 616 NSSAlgorithmAndParameters *ap, |
856 ( | 617 NSSCallback *uhhOpt, NSSItem *rvOpt, |
857 NSSPublicKey *bk, | 618 NSSArena *arenaOpt); |
858 NSSAlgorithmAndParameters *ap, | |
859 NSSCallback *uhhOpt, | |
860 NSSItem *rvOpt, | |
861 NSSArena *arenaOpt | |
862 ); | |
863 | 619 |
864 /* | 620 /* |
865 * NSSPublicKey_GetTrustDomain | 621 * NSSPublicKey_GetTrustDomain |
866 * | 622 * |
867 * There doesn't have to be one. | 623 * There doesn't have to be one. |
868 */ | 624 */ |
869 | 625 |
870 NSS_EXTERN NSSTrustDomain * | 626 NSS_EXTERN NSSTrustDomain *NSSPublicKey_GetTrustDomain(NSSPublicKey *bk, |
871 NSSPublicKey_GetTrustDomain | 627 PRStatus *statusOpt); |
872 ( | |
873 NSSPublicKey *bk, | |
874 PRStatus *statusOpt | |
875 ); | |
876 | 628 |
877 /* | 629 /* |
878 * NSSPublicKey_GetToken | 630 * NSSPublicKey_GetToken |
879 * | 631 * |
880 * There doesn't have to be one. | 632 * There doesn't have to be one. |
881 */ | 633 */ |
882 | 634 |
883 NSS_EXTERN NSSToken * | 635 NSS_EXTERN NSSToken *NSSPublicKey_GetToken(NSSPublicKey *bk, |
884 NSSPublicKey_GetToken | 636 PRStatus *statusOpt); |
885 ( | |
886 NSSPublicKey *bk, | |
887 PRStatus *statusOpt | |
888 ); | |
889 | 637 |
890 /* | 638 /* |
891 * NSSPublicKey_GetSlot | 639 * NSSPublicKey_GetSlot |
892 * | 640 * |
893 * There doesn't have to be one. | 641 * There doesn't have to be one. |
894 */ | 642 */ |
895 | 643 |
896 NSS_EXTERN NSSSlot * | 644 NSS_EXTERN NSSSlot *NSSPublicKey_GetSlot(NSSPublicKey *bk, PRStatus *statusOpt); |
897 NSSPublicKey_GetSlot | |
898 ( | |
899 NSSPublicKey *bk, | |
900 PRStatus *statusOpt | |
901 ); | |
902 | 645 |
903 /* | 646 /* |
904 * NSSPublicKey_GetModule | 647 * NSSPublicKey_GetModule |
905 * | 648 * |
906 * There doesn't have to be one. | 649 * There doesn't have to be one. |
907 */ | 650 */ |
908 | 651 |
909 NSS_EXTERN NSSModule * | 652 NSS_EXTERN NSSModule *NSSPublicKey_GetModule(NSSPublicKey *bk, |
910 NSSPublicKey_GetModule | 653 PRStatus *statusOpt); |
911 ( | |
912 NSSPublicKey *bk, | |
913 PRStatus *statusOpt | |
914 ); | |
915 | 654 |
916 /* | 655 /* |
917 * NSSPublicKey_Encrypt | 656 * NSSPublicKey_Encrypt |
918 * | 657 * |
919 * Encrypt a single chunk of data with the public key corresponding to | 658 * Encrypt a single chunk of data with the public key corresponding to |
920 * this certificate. | 659 * this certificate. |
921 */ | 660 */ |
922 | 661 |
923 NSS_EXTERN NSSItem * | 662 NSS_EXTERN NSSItem *NSSPublicKey_Encrypt(NSSPublicKey *bk, |
924 NSSPublicKey_Encrypt | 663 NSSAlgorithmAndParameters *apOpt, |
925 ( | 664 NSSItem *data, NSSCallback *uhh, |
926 NSSPublicKey *bk, | 665 NSSItem *rvOpt, NSSArena *arenaOpt); |
927 NSSAlgorithmAndParameters *apOpt, | |
928 NSSItem *data, | |
929 NSSCallback *uhh, | |
930 NSSItem *rvOpt, | |
931 NSSArena *arenaOpt | |
932 ); | |
933 | 666 |
934 /* | 667 /* |
935 * NSSPublicKey_Verify | 668 * NSSPublicKey_Verify |
936 * | 669 * |
937 */ | 670 */ |
938 | 671 |
939 NSS_EXTERN PRStatus | 672 NSS_EXTERN PRStatus |
940 NSSPublicKey_Verify | 673 NSSPublicKey_Verify(NSSPublicKey *bk, NSSAlgorithmAndParameters *apOpt, |
941 ( | 674 NSSItem *data, NSSItem *signature, NSSCallback *uhh); |
942 NSSPublicKey *bk, | |
943 NSSAlgorithmAndParameters *apOpt, | |
944 NSSItem *data, | |
945 NSSItem *signature, | |
946 NSSCallback *uhh | |
947 ); | |
948 | 675 |
949 /* | 676 /* |
950 * NSSPublicKey_VerifyRecover | 677 * NSSPublicKey_VerifyRecover |
951 * | 678 * |
952 */ | 679 */ |
953 | 680 |
954 NSS_EXTERN NSSItem * | 681 NSS_EXTERN NSSItem *NSSPublicKey_VerifyRecover(NSSPublicKey *bk, |
955 NSSPublicKey_VerifyRecover | 682 NSSAlgorithmAndParameters *apOpt, |
956 ( | 683 NSSItem *signature, |
957 NSSPublicKey *bk, | 684 NSSCallback *uhh, NSSItem *rvOpt, |
958 NSSAlgorithmAndParameters *apOpt, | 685 NSSArena *arenaOpt); |
959 NSSItem *signature, | |
960 NSSCallback *uhh, | |
961 NSSItem *rvOpt, | |
962 NSSArena *arenaOpt | |
963 ); | |
964 | 686 |
965 /* | 687 /* |
966 * NSSPublicKey_WrapSymmetricKey | 688 * NSSPublicKey_WrapSymmetricKey |
967 * | 689 * |
968 */ | 690 */ |
969 | 691 |
970 NSS_EXTERN NSSItem * | 692 NSS_EXTERN NSSItem *NSSPublicKey_WrapSymmetricKey( |
971 NSSPublicKey_WrapSymmetricKey | 693 NSSPublicKey *bk, NSSAlgorithmAndParameters *apOpt, |
972 ( | 694 NSSSymmetricKey *keyToWrap, NSSCallback *uhh, NSSItem *rvOpt, |
973 NSSPublicKey *bk, | 695 NSSArena *arenaOpt); |
974 NSSAlgorithmAndParameters *apOpt, | |
975 NSSSymmetricKey *keyToWrap, | |
976 NSSCallback *uhh, | |
977 NSSItem *rvOpt, | |
978 NSSArena *arenaOpt | |
979 ); | |
980 | 696 |
981 /* | 697 /* |
982 * NSSPublicKey_CreateCryptoContext | 698 * NSSPublicKey_CreateCryptoContext |
983 * | 699 * |
984 * Create a crypto context, in this key's trust domain, with this | 700 * Create a crypto context, in this key's trust domain, with this |
985 * as the distinguished public key. | 701 * as the distinguished public key. |
986 */ | 702 */ |
987 | 703 |
988 NSS_EXTERN NSSCryptoContext * | 704 NSS_EXTERN NSSCryptoContext *NSSPublicKey_CreateCryptoContext( |
989 NSSPublicKey_CreateCryptoContext | 705 NSSPublicKey *bk, NSSAlgorithmAndParameters *apOpt, NSSCallback *uhh); |
990 ( | |
991 NSSPublicKey *bk, | |
992 NSSAlgorithmAndParameters *apOpt, | |
993 NSSCallback *uhh | |
994 ); | |
995 | 706 |
996 /* | 707 /* |
997 * NSSPublicKey_FindCertificates | 708 * NSSPublicKey_FindCertificates |
998 * | 709 * |
999 * Note that there may be more than one certificate for this | 710 * Note that there may be more than one certificate for this |
1000 * public key. The current implementation may not find every | 711 * public key. The current implementation may not find every |
1001 * last certificate available for this public key: that would | 712 * last certificate available for this public key: that would |
1002 * involve trolling e.g. huge ldap databases, which will be | 713 * involve trolling e.g. huge ldap databases, which will be |
1003 * grossly inefficient and not generally useful. | 714 * grossly inefficient and not generally useful. |
1004 * { FilterCertificates function to further reduce the list } | 715 * { FilterCertificates function to further reduce the list } |
1005 */ | 716 */ |
1006 | 717 |
1007 NSS_EXTERN NSSCertificate ** | 718 NSS_EXTERN NSSCertificate **NSSPublicKey_FindCertificates( |
1008 NSSPublicKey_FindCertificates | 719 NSSPublicKey *bk, NSSCertificate *rvOpt[], |
1009 ( | 720 PRUint32 maximumOpt, /* 0 for no max */ |
1010 NSSPublicKey *bk, | 721 NSSArena *arenaOpt); |
1011 NSSCertificate *rvOpt[], | |
1012 PRUint32 maximumOpt, /* 0 for no max */ | |
1013 NSSArena *arenaOpt | |
1014 ); | |
1015 | 722 |
1016 /* | 723 /* |
1017 * NSSPrivateKey_FindBestCertificate | 724 * NSSPrivateKey_FindBestCertificate |
1018 * | 725 * |
1019 * The parameters for this function will depend on what the users | 726 * The parameters for this function will depend on what the users |
1020 * need. This is just a starting point. | 727 * need. This is just a starting point. |
1021 */ | 728 */ |
1022 | 729 |
1023 NSS_EXTERN NSSCertificate * | 730 NSS_EXTERN NSSCertificate *NSSPublicKey_FindBestCertificate( |
1024 NSSPublicKey_FindBestCertificate | 731 NSSPublicKey *bk, NSSTime *timeOpt, NSSUsage *usageOpt, |
1025 ( | 732 NSSPolicies *policiesOpt); |
1026 NSSPublicKey *bk, | |
1027 NSSTime *timeOpt, | |
1028 NSSUsage *usageOpt, | |
1029 NSSPolicies *policiesOpt | |
1030 ); | |
1031 | 733 |
1032 /* | 734 /* |
1033 * NSSPublicKey_FindPrivateKey | 735 * NSSPublicKey_FindPrivateKey |
1034 * | 736 * |
1035 */ | 737 */ |
1036 | 738 |
1037 NSS_EXTERN NSSPrivateKey * | 739 NSS_EXTERN NSSPrivateKey *NSSPublicKey_FindPrivateKey(NSSPublicKey *bk, |
1038 NSSPublicKey_FindPrivateKey | 740 NSSCallback *uhh); |
1039 ( | |
1040 NSSPublicKey *bk, | |
1041 NSSCallback *uhh | |
1042 ); | |
1043 | 741 |
1044 /* | 742 /* |
1045 * NSSSymmetricKey | 743 * NSSSymmetricKey |
1046 * | 744 * |
1047 */ | 745 */ |
1048 | 746 |
1049 /* | 747 /* |
1050 * NSSSymmetricKey_Destroy | 748 * NSSSymmetricKey_Destroy |
1051 * | 749 * |
1052 * Free a pointer to a symmetric key object. | 750 * Free a pointer to a symmetric key object. |
1053 */ | 751 */ |
1054 | 752 |
| 753 NSS_EXTERN PRStatus NSSSymmetricKey_Destroy(NSSSymmetricKey *mk); |
| 754 |
| 755 /* |
| 756 * NSSSymmetricKey_DeleteStoredObject |
| 757 * |
| 758 * Permanently remove this object. |
| 759 */ |
| 760 |
1055 NSS_EXTERN PRStatus | 761 NSS_EXTERN PRStatus |
1056 NSSSymmetricKey_Destroy | 762 NSSSymmetricKey_DeleteStoredObject(NSSSymmetricKey *mk, NSSCallback *uhh); |
1057 ( | |
1058 NSSSymmetricKey *mk | |
1059 ); | |
1060 | |
1061 /* | |
1062 * NSSSymmetricKey_DeleteStoredObject | |
1063 * | |
1064 * Permanently remove this object. | |
1065 */ | |
1066 | |
1067 NSS_EXTERN PRStatus | |
1068 NSSSymmetricKey_DeleteStoredObject | |
1069 ( | |
1070 NSSSymmetricKey *mk, | |
1071 NSSCallback *uhh | |
1072 ); | |
1073 | 763 |
1074 /* | 764 /* |
1075 * NSSSymmetricKey_GetKeyLength | 765 * NSSSymmetricKey_GetKeyLength |
1076 * | 766 * |
1077 */ | 767 */ |
1078 | 768 |
1079 NSS_EXTERN PRUint32 | 769 NSS_EXTERN PRUint32 NSSSymmetricKey_GetKeyLength(NSSSymmetricKey *mk); |
1080 NSSSymmetricKey_GetKeyLength | |
1081 ( | |
1082 NSSSymmetricKey *mk | |
1083 ); | |
1084 | 770 |
1085 /* | 771 /* |
1086 * NSSSymmetricKey_GetKeyStrength | 772 * NSSSymmetricKey_GetKeyStrength |
1087 * | 773 * |
1088 */ | 774 */ |
1089 | 775 |
1090 NSS_EXTERN PRUint32 | 776 NSS_EXTERN PRUint32 NSSSymmetricKey_GetKeyStrength(NSSSymmetricKey *mk); |
1091 NSSSymmetricKey_GetKeyStrength | |
1092 ( | |
1093 NSSSymmetricKey *mk | |
1094 ); | |
1095 | 777 |
1096 /* | 778 /* |
1097 * NSSSymmetricKey_IsStillPresent | 779 * NSSSymmetricKey_IsStillPresent |
1098 * | 780 * |
1099 */ | 781 */ |
1100 | 782 |
1101 NSS_EXTERN PRStatus | 783 NSS_EXTERN PRStatus NSSSymmetricKey_IsStillPresent(NSSSymmetricKey *mk); |
1102 NSSSymmetricKey_IsStillPresent | |
1103 ( | |
1104 NSSSymmetricKey *mk | |
1105 ); | |
1106 | 784 |
1107 /* | 785 /* |
1108 * NSSSymmetricKey_GetTrustDomain | 786 * NSSSymmetricKey_GetTrustDomain |
1109 * | 787 * |
1110 * There doesn't have to be one. | 788 * There doesn't have to be one. |
1111 */ | 789 */ |
1112 | 790 |
1113 NSS_EXTERN NSSTrustDomain * | 791 NSS_EXTERN NSSTrustDomain *NSSSymmetricKey_GetTrustDomain(NSSSymmetricKey *mk, |
1114 NSSSymmetricKey_GetTrustDomain | 792 PRStatus *statusOpt); |
1115 ( | |
1116 NSSSymmetricKey *mk, | |
1117 PRStatus *statusOpt | |
1118 ); | |
1119 | 793 |
1120 /* | 794 /* |
1121 * NSSSymmetricKey_GetToken | 795 * NSSSymmetricKey_GetToken |
1122 * | 796 * |
1123 * There doesn't have to be one. | 797 * There doesn't have to be one. |
1124 */ | 798 */ |
1125 | 799 |
1126 NSS_EXTERN NSSToken * | 800 NSS_EXTERN NSSToken *NSSSymmetricKey_GetToken(NSSSymmetricKey *mk, |
1127 NSSSymmetricKey_GetToken | 801 PRStatus *statusOpt); |
1128 ( | |
1129 NSSSymmetricKey *mk, | |
1130 PRStatus *statusOpt | |
1131 ); | |
1132 | 802 |
1133 /* | 803 /* |
1134 * NSSSymmetricKey_GetSlot | 804 * NSSSymmetricKey_GetSlot |
1135 * | 805 * |
1136 * There doesn't have to be one. | 806 * There doesn't have to be one. |
1137 */ | 807 */ |
1138 | 808 |
1139 NSS_EXTERN NSSSlot * | 809 NSS_EXTERN NSSSlot *NSSSymmetricKey_GetSlot(NSSSymmetricKey *mk, |
1140 NSSSymmetricKey_GetSlot | 810 PRStatus *statusOpt); |
1141 ( | |
1142 NSSSymmetricKey *mk, | |
1143 PRStatus *statusOpt | |
1144 ); | |
1145 | 811 |
1146 /* | 812 /* |
1147 * NSSSymmetricKey_GetModule | 813 * NSSSymmetricKey_GetModule |
1148 * | 814 * |
1149 * There doesn't have to be one. | 815 * There doesn't have to be one. |
1150 */ | 816 */ |
1151 | 817 |
1152 NSS_EXTERN NSSModule * | 818 NSS_EXTERN NSSModule *NSSSymmetricKey_GetModule(NSSSymmetricKey *mk, |
1153 NSSSymmetricKey_GetModule | 819 PRStatus *statusOpt); |
1154 ( | |
1155 NSSSymmetricKey *mk, | |
1156 PRStatus *statusOpt | |
1157 ); | |
1158 | 820 |
1159 /* | 821 /* |
1160 * NSSSymmetricKey_Encrypt | 822 * NSSSymmetricKey_Encrypt |
1161 * | 823 * |
1162 */ | 824 */ |
1163 | 825 |
1164 NSS_EXTERN NSSItem * | 826 NSS_EXTERN NSSItem *NSSSymmetricKey_Encrypt(NSSSymmetricKey *mk, |
1165 NSSSymmetricKey_Encrypt | 827 NSSAlgorithmAndParameters *apOpt, |
1166 ( | 828 NSSItem *data, NSSCallback *uhh, |
1167 NSSSymmetricKey *mk, | 829 NSSItem *rvOpt, NSSArena *arenaOpt); |
1168 NSSAlgorithmAndParameters *apOpt, | |
1169 NSSItem *data, | |
1170 NSSCallback *uhh, | |
1171 NSSItem *rvOpt, | |
1172 NSSArena *arenaOpt | |
1173 ); | |
1174 | 830 |
1175 /* | 831 /* |
1176 * NSSSymmetricKey_Decrypt | 832 * NSSSymmetricKey_Decrypt |
1177 * | 833 * |
1178 */ | 834 */ |
1179 | 835 |
1180 NSS_EXTERN NSSItem * | 836 NSS_EXTERN NSSItem *NSSSymmetricKey_Decrypt(NSSSymmetricKey *mk, |
1181 NSSSymmetricKey_Decrypt | 837 NSSAlgorithmAndParameters *apOpt, |
1182 ( | 838 NSSItem *encryptedData, |
1183 NSSSymmetricKey *mk, | 839 NSSCallback *uhh, NSSItem *rvOpt, |
1184 NSSAlgorithmAndParameters *apOpt, | 840 NSSArena *arenaOpt); |
1185 NSSItem *encryptedData, | |
1186 NSSCallback *uhh, | |
1187 NSSItem *rvOpt, | |
1188 NSSArena *arenaOpt | |
1189 ); | |
1190 | 841 |
1191 /* | 842 /* |
1192 * NSSSymmetricKey_Sign | 843 * NSSSymmetricKey_Sign |
1193 * | 844 * |
1194 */ | 845 */ |
1195 | 846 |
1196 NSS_EXTERN NSSItem * | 847 NSS_EXTERN NSSItem *NSSSymmetricKey_Sign(NSSSymmetricKey *mk, |
1197 NSSSymmetricKey_Sign | 848 NSSAlgorithmAndParameters *apOpt, |
1198 ( | 849 NSSItem *data, NSSCallback *uhh, |
1199 NSSSymmetricKey *mk, | 850 NSSItem *rvOpt, NSSArena *arenaOpt); |
1200 NSSAlgorithmAndParameters *apOpt, | |
1201 NSSItem *data, | |
1202 NSSCallback *uhh, | |
1203 NSSItem *rvOpt, | |
1204 NSSArena *arenaOpt | |
1205 ); | |
1206 | 851 |
1207 /* | 852 /* |
1208 * NSSSymmetricKey_SignRecover | 853 * NSSSymmetricKey_SignRecover |
1209 * | 854 * |
1210 */ | 855 */ |
1211 | 856 |
1212 NSS_EXTERN NSSItem * | 857 NSS_EXTERN NSSItem *NSSSymmetricKey_SignRecover( |
1213 NSSSymmetricKey_SignRecover | 858 NSSSymmetricKey *mk, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
1214 ( | 859 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
1215 NSSSymmetricKey *mk, | |
1216 NSSAlgorithmAndParameters *apOpt, | |
1217 NSSItem *data, | |
1218 NSSCallback *uhh, | |
1219 NSSItem *rvOpt, | |
1220 NSSArena *arenaOpt | |
1221 ); | |
1222 | 860 |
1223 /* | 861 /* |
1224 * NSSSymmetricKey_Verify | 862 * NSSSymmetricKey_Verify |
1225 * | 863 * |
1226 */ | 864 */ |
1227 | 865 |
1228 NSS_EXTERN PRStatus | 866 NSS_EXTERN PRStatus NSSSymmetricKey_Verify(NSSSymmetricKey *mk, |
1229 NSSSymmetricKey_Verify | 867 NSSAlgorithmAndParameters *apOpt, |
1230 ( | 868 NSSItem *data, NSSItem *signature, |
1231 NSSSymmetricKey *mk, | 869 NSSCallback *uhh); |
1232 NSSAlgorithmAndParameters *apOpt, | |
1233 NSSItem *data, | |
1234 NSSItem *signature, | |
1235 NSSCallback *uhh | |
1236 ); | |
1237 | 870 |
1238 /* | 871 /* |
1239 * NSSSymmetricKey_VerifyRecover | 872 * NSSSymmetricKey_VerifyRecover |
1240 * | 873 * |
1241 */ | 874 */ |
1242 | 875 |
1243 NSS_EXTERN NSSItem * | 876 NSS_EXTERN NSSItem *NSSSymmetricKey_VerifyRecover( |
1244 NSSSymmetricKey_VerifyRecover | 877 NSSSymmetricKey *mk, NSSAlgorithmAndParameters *apOpt, NSSItem *signature, |
1245 ( | 878 NSSCallback *uhh, NSSItem *rvOpt, NSSArena *arenaOpt); |
1246 NSSSymmetricKey *mk, | |
1247 NSSAlgorithmAndParameters *apOpt, | |
1248 NSSItem *signature, | |
1249 NSSCallback *uhh, | |
1250 NSSItem *rvOpt, | |
1251 NSSArena *arenaOpt | |
1252 ); | |
1253 | 879 |
1254 /* | 880 /* |
1255 * NSSSymmetricKey_WrapSymmetricKey | 881 * NSSSymmetricKey_WrapSymmetricKey |
1256 * | 882 * |
1257 */ | 883 */ |
1258 | 884 |
1259 NSS_EXTERN NSSItem * | 885 NSS_EXTERN NSSItem *NSSSymmetricKey_WrapSymmetricKey( |
1260 NSSSymmetricKey_WrapSymmetricKey | 886 NSSSymmetricKey *wrappingKey, NSSAlgorithmAndParameters *apOpt, |
1261 ( | 887 NSSSymmetricKey *keyToWrap, NSSCallback *uhh, NSSItem *rvOpt, |
1262 NSSSymmetricKey *wrappingKey, | 888 NSSArena *arenaOpt); |
1263 NSSAlgorithmAndParameters *apOpt, | |
1264 NSSSymmetricKey *keyToWrap, | |
1265 NSSCallback *uhh, | |
1266 NSSItem *rvOpt, | |
1267 NSSArena *arenaOpt | |
1268 ); | |
1269 | 889 |
1270 /* | 890 /* |
1271 * NSSSymmetricKey_WrapPrivateKey | 891 * NSSSymmetricKey_WrapPrivateKey |
1272 * | 892 * |
1273 */ | 893 */ |
1274 | 894 |
1275 NSS_EXTERN NSSItem * | 895 NSS_EXTERN NSSItem *NSSSymmetricKey_WrapPrivateKey( |
1276 NSSSymmetricKey_WrapPrivateKey | 896 NSSSymmetricKey *wrappingKey, NSSAlgorithmAndParameters *apOpt, |
1277 ( | 897 NSSPrivateKey *keyToWrap, NSSCallback *uhh, NSSItem *rvOpt, |
1278 NSSSymmetricKey *wrappingKey, | 898 NSSArena *arenaOpt); |
1279 NSSAlgorithmAndParameters *apOpt, | |
1280 NSSPrivateKey *keyToWrap, | |
1281 NSSCallback *uhh, | |
1282 NSSItem *rvOpt, | |
1283 NSSArena *arenaOpt | |
1284 ); | |
1285 | 899 |
1286 /* | 900 /* |
1287 * NSSSymmetricKey_UnwrapSymmetricKey | 901 * NSSSymmetricKey_UnwrapSymmetricKey |
1288 * | 902 * |
1289 */ | 903 */ |
1290 | 904 |
1291 NSS_EXTERN NSSSymmetricKey * | 905 NSS_EXTERN NSSSymmetricKey *NSSSymmetricKey_UnwrapSymmetricKey( |
1292 NSSSymmetricKey_UnwrapSymmetricKey | 906 NSSSymmetricKey *wrappingKey, NSSAlgorithmAndParameters *apOpt, |
1293 ( | 907 NSSItem *wrappedKey, NSSOID *target, PRUint32 keySizeOpt, |
1294 NSSSymmetricKey *wrappingKey, | 908 NSSOperations operations, NSSCallback *uhh); |
1295 NSSAlgorithmAndParameters *apOpt, | |
1296 NSSItem *wrappedKey, | |
1297 NSSOID *target, | |
1298 PRUint32 keySizeOpt, | |
1299 NSSOperations operations, | |
1300 NSSCallback *uhh | |
1301 ); | |
1302 | 909 |
1303 /* | 910 /* |
1304 * NSSSymmetricKey_UnwrapPrivateKey | 911 * NSSSymmetricKey_UnwrapPrivateKey |
1305 * | 912 * |
1306 */ | 913 */ |
1307 | 914 |
1308 NSS_EXTERN NSSPrivateKey * | 915 NSS_EXTERN NSSPrivateKey *NSSSymmetricKey_UnwrapPrivateKey( |
1309 NSSSymmetricKey_UnwrapPrivateKey | 916 NSSSymmetricKey *wrappingKey, NSSAlgorithmAndParameters *apOpt, |
1310 ( | 917 NSSItem *wrappedKey, NSSUTF8 *labelOpt, NSSItem *keyIDOpt, |
1311 NSSSymmetricKey *wrappingKey, | 918 PRBool persistant, PRBool sensitive, NSSToken *destinationOpt, |
1312 NSSAlgorithmAndParameters *apOpt, | 919 NSSCallback *uhh); |
1313 NSSItem *wrappedKey, | |
1314 NSSUTF8 *labelOpt, | |
1315 NSSItem *keyIDOpt, | |
1316 PRBool persistant, | |
1317 PRBool sensitive, | |
1318 NSSToken *destinationOpt, | |
1319 NSSCallback *uhh | |
1320 ); | |
1321 | 920 |
1322 /* | 921 /* |
1323 * NSSSymmetricKey_DeriveSymmetricKey | 922 * NSSSymmetricKey_DeriveSymmetricKey |
1324 * | 923 * |
1325 */ | 924 */ |
1326 | 925 |
1327 NSS_EXTERN NSSSymmetricKey * | 926 NSS_EXTERN NSSSymmetricKey *NSSSymmetricKey_DeriveSymmetricKey( |
1328 NSSSymmetricKey_DeriveSymmetricKey | 927 NSSSymmetricKey *originalKey, NSSAlgorithmAndParameters *apOpt, |
1329 ( | 928 NSSOID *target, PRUint32 keySizeOpt, NSSOperations operations, |
1330 NSSSymmetricKey *originalKey, | 929 NSSCallback *uhh); |
1331 NSSAlgorithmAndParameters *apOpt, | |
1332 NSSOID *target, | |
1333 PRUint32 keySizeOpt, | |
1334 NSSOperations operations, | |
1335 NSSCallback *uhh | |
1336 ); | |
1337 | 930 |
1338 /* | 931 /* |
1339 * NSSSymmetricKey_CreateCryptoContext | 932 * NSSSymmetricKey_CreateCryptoContext |
1340 * | 933 * |
1341 * Create a crypto context, in this key's trust domain, | 934 * Create a crypto context, in this key's trust domain, |
1342 * with this as the distinguished symmetric key. | 935 * with this as the distinguished symmetric key. |
1343 */ | 936 */ |
1344 | 937 |
1345 NSS_EXTERN NSSCryptoContext * | 938 NSS_EXTERN NSSCryptoContext *NSSSymmetricKey_CreateCryptoContext( |
1346 NSSSymmetricKey_CreateCryptoContext | 939 NSSSymmetricKey *mk, NSSAlgorithmAndParameters *apOpt, NSSCallback *uhh); |
1347 ( | |
1348 NSSSymmetricKey *mk, | |
1349 NSSAlgorithmAndParameters *apOpt, | |
1350 NSSCallback *uhh | |
1351 ); | |
1352 | 940 |
1353 /* | 941 /* |
1354 * NSSTrustDomain | 942 * NSSTrustDomain |
1355 * | 943 * |
1356 */ | 944 */ |
1357 | 945 |
1358 /* | 946 /* |
1359 * NSSTrustDomain_Create | 947 * NSSTrustDomain_Create |
1360 * | 948 * |
1361 * This creates a trust domain, optionally with an initial cryptoki | 949 * This creates a trust domain, optionally with an initial cryptoki |
1362 * module. If the module name is not null, the module is loaded if | 950 * module. If the module name is not null, the module is loaded if |
1363 * needed (using the uriOpt argument), and initialized with the | 951 * needed (using the uriOpt argument), and initialized with the |
1364 * opaqueOpt argument. If mumble mumble priority settings, then | 952 * opaqueOpt argument. If mumble mumble priority settings, then |
1365 * module-specification objects in the module can cause the loading | 953 * module-specification objects in the module can cause the loading |
1366 * and initialization of further modules. | 954 * and initialization of further modules. |
1367 * | 955 * |
1368 * The uriOpt is defined to take a URI. At present, we only | 956 * The uriOpt is defined to take a URI. At present, we only |
1369 * support file: URLs pointing to platform-native shared libraries. | 957 * support file: URLs pointing to platform-native shared libraries. |
1370 * However, by specifying this as a URI, this keeps open the | 958 * However, by specifying this as a URI, this keeps open the |
1371 * possibility of supporting other, possibly remote, resources. | 959 * possibility of supporting other, possibly remote, resources. |
1372 * | 960 * |
1373 * The "reserved" arguments is held for when we figure out the | 961 * The "reserved" arguments is held for when we figure out the |
1374 * module priority stuff. | 962 * module priority stuff. |
1375 */ | 963 */ |
1376 | 964 |
1377 NSS_EXTERN NSSTrustDomain * | 965 NSS_EXTERN NSSTrustDomain *NSSTrustDomain_Create(NSSUTF8 *moduleOpt, |
1378 NSSTrustDomain_Create | 966 NSSUTF8 *uriOpt, |
1379 ( | 967 NSSUTF8 *opaqueOpt, |
1380 NSSUTF8 *moduleOpt, | 968 void *reserved); |
1381 NSSUTF8 *uriOpt, | |
1382 NSSUTF8 *opaqueOpt, | |
1383 void *reserved | |
1384 ); | |
1385 | 969 |
1386 /* | 970 /* |
1387 * NSSTrustDomain_Destroy | 971 * NSSTrustDomain_Destroy |
1388 * | 972 * |
1389 */ | 973 */ |
1390 | 974 |
| 975 NSS_EXTERN PRStatus NSSTrustDomain_Destroy(NSSTrustDomain *td); |
| 976 |
| 977 /* |
| 978 * NSSTrustDomain_SetDefaultCallback |
| 979 * |
| 980 */ |
| 981 |
1391 NSS_EXTERN PRStatus | 982 NSS_EXTERN PRStatus |
1392 NSSTrustDomain_Destroy | 983 NSSTrustDomain_SetDefaultCallback(NSSTrustDomain *td, |
1393 ( | 984 NSSCallback *newCallback, |
1394 NSSTrustDomain *td | 985 NSSCallback **oldCallbackOpt); |
1395 ); | |
1396 | |
1397 /* | |
1398 * NSSTrustDomain_SetDefaultCallback | |
1399 * | |
1400 */ | |
1401 | |
1402 NSS_EXTERN PRStatus | |
1403 NSSTrustDomain_SetDefaultCallback | |
1404 ( | |
1405 NSSTrustDomain *td, | |
1406 NSSCallback *newCallback, | |
1407 NSSCallback **oldCallbackOpt | |
1408 ); | |
1409 | 986 |
1410 /* | 987 /* |
1411 * NSSTrustDomain_GetDefaultCallback | 988 * NSSTrustDomain_GetDefaultCallback |
1412 * | 989 * |
1413 */ | 990 */ |
1414 | 991 |
1415 NSS_EXTERN NSSCallback * | 992 NSS_EXTERN NSSCallback *NSSTrustDomain_GetDefaultCallback(NSSTrustDomain *td, |
1416 NSSTrustDomain_GetDefaultCallback | 993 PRStatus *statusOpt); |
1417 ( | |
1418 NSSTrustDomain *td, | |
1419 PRStatus *statusOpt | |
1420 ); | |
1421 | 994 |
1422 /* | 995 /* |
1423 * Default policies? | 996 * Default policies? |
1424 * Default usage? | 997 * Default usage? |
1425 * Default time, for completeness? | 998 * Default time, for completeness? |
1426 */ | 999 */ |
1427 | 1000 |
1428 /* | 1001 /* |
1429 * NSSTrustDomain_LoadModule | 1002 * NSSTrustDomain_LoadModule |
1430 * | 1003 * |
1431 */ | 1004 */ |
1432 | 1005 |
1433 NSS_EXTERN PRStatus | 1006 NSS_EXTERN PRStatus |
1434 NSSTrustDomain_LoadModule | 1007 NSSTrustDomain_LoadModule(NSSTrustDomain *td, NSSUTF8 *moduleOpt, |
1435 ( | 1008 NSSUTF8 *uriOpt, NSSUTF8 *opaqueOpt, |
1436 NSSTrustDomain *td, | 1009 void *reserved); |
1437 NSSUTF8 *moduleOpt, | |
1438 NSSUTF8 *uriOpt, | |
1439 NSSUTF8 *opaqueOpt, | |
1440 void *reserved | |
1441 ); | |
1442 | 1010 |
1443 /* | 1011 /* |
1444 * NSSTrustDomain_AddModule | 1012 * NSSTrustDomain_AddModule |
1445 * NSSTrustDomain_AddSlot | 1013 * NSSTrustDomain_AddSlot |
1446 * NSSTrustDomain_UnloadModule | 1014 * NSSTrustDomain_UnloadModule |
1447 * Managing modules, slots, tokens; priorities; | 1015 * Managing modules, slots, tokens; priorities; |
1448 * Traversing all of the above | 1016 * Traversing all of the above |
1449 * this needs more work | 1017 * this needs more work |
1450 */ | 1018 */ |
1451 | 1019 |
1452 /* | 1020 /* |
1453 * NSSTrustDomain_DisableToken | 1021 * NSSTrustDomain_DisableToken |
1454 * | 1022 * |
1455 */ | 1023 */ |
1456 | 1024 |
| 1025 NSS_EXTERN PRStatus NSSTrustDomain_DisableToken(NSSTrustDomain *td, |
| 1026 NSSToken *token, NSSError why); |
| 1027 |
| 1028 /* |
| 1029 * NSSTrustDomain_EnableToken |
| 1030 * |
| 1031 */ |
| 1032 |
1457 NSS_EXTERN PRStatus | 1033 NSS_EXTERN PRStatus |
1458 NSSTrustDomain_DisableToken | 1034 NSSTrustDomain_EnableToken(NSSTrustDomain *td, NSSToken *token); |
1459 ( | |
1460 NSSTrustDomain *td, | |
1461 NSSToken *token, | |
1462 NSSError why | |
1463 ); | |
1464 | |
1465 /* | |
1466 * NSSTrustDomain_EnableToken | |
1467 * | |
1468 */ | |
1469 | |
1470 NSS_EXTERN PRStatus | |
1471 NSSTrustDomain_EnableToken | |
1472 ( | |
1473 NSSTrustDomain *td, | |
1474 NSSToken *token | |
1475 ); | |
1476 | 1035 |
1477 /* | 1036 /* |
1478 * NSSTrustDomain_IsTokenEnabled | 1037 * NSSTrustDomain_IsTokenEnabled |
1479 * | 1038 * |
1480 * If disabled, "why" is always on the error stack. | 1039 * If disabled, "why" is always on the error stack. |
1481 * The optional argument is just for convenience. | 1040 * The optional argument is just for convenience. |
1482 */ | 1041 */ |
1483 | 1042 |
| 1043 NSS_EXTERN PRStatus NSSTrustDomain_IsTokenEnabled(NSSTrustDomain *td, |
| 1044 NSSToken *token, |
| 1045 NSSError *whyOpt); |
| 1046 |
| 1047 /* |
| 1048 * NSSTrustDomain_FindSlotByName |
| 1049 * |
| 1050 */ |
| 1051 |
| 1052 NSS_EXTERN NSSSlot *NSSTrustDomain_FindSlotByName(NSSTrustDomain *td, |
| 1053 NSSUTF8 *slotName); |
| 1054 |
| 1055 /* |
| 1056 * NSSTrustDomain_FindTokenByName |
| 1057 * |
| 1058 */ |
| 1059 |
| 1060 NSS_EXTERN NSSToken *NSSTrustDomain_FindTokenByName(NSSTrustDomain *td, |
| 1061 NSSUTF8 *tokenName); |
| 1062 |
| 1063 /* |
| 1064 * NSSTrustDomain_FindTokenBySlotName |
| 1065 * |
| 1066 */ |
| 1067 |
| 1068 NSS_EXTERN NSSToken *NSSTrustDomain_FindTokenBySlotName(NSSTrustDomain *td, |
| 1069 NSSUTF8 *slotName); |
| 1070 |
| 1071 /* |
| 1072 * NSSTrustDomain_FindBestTokenForAlgorithm |
| 1073 * |
| 1074 */ |
| 1075 |
| 1076 NSS_EXTERN NSSToken *NSSTrustDomain_FindTokenForAlgorithm(NSSTrustDomain *td, |
| 1077 NSSOID *algorithm); |
| 1078 |
| 1079 /* |
| 1080 * NSSTrustDomain_FindBestTokenForAlgorithms |
| 1081 * |
| 1082 */ |
| 1083 |
| 1084 NSS_EXTERN NSSToken *NSSTrustDomain_FindBestTokenForAlgorithms( |
| 1085 NSSTrustDomain *td, NSSOID *algorithms[], /* may be null-terminated */ |
| 1086 PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ |
| 1087 ); |
| 1088 |
| 1089 /* |
| 1090 * NSSTrustDomain_Login |
| 1091 * |
| 1092 */ |
| 1093 |
1484 NSS_EXTERN PRStatus | 1094 NSS_EXTERN PRStatus |
1485 NSSTrustDomain_IsTokenEnabled | 1095 NSSTrustDomain_Login(NSSTrustDomain *td, NSSCallback *uhhOpt); |
1486 ( | |
1487 NSSTrustDomain *td, | |
1488 NSSToken *token, | |
1489 NSSError *whyOpt | |
1490 ); | |
1491 | |
1492 /* | |
1493 * NSSTrustDomain_FindSlotByName | |
1494 * | |
1495 */ | |
1496 | |
1497 NSS_EXTERN NSSSlot * | |
1498 NSSTrustDomain_FindSlotByName | |
1499 ( | |
1500 NSSTrustDomain *td, | |
1501 NSSUTF8 *slotName | |
1502 ); | |
1503 | |
1504 /* | |
1505 * NSSTrustDomain_FindTokenByName | |
1506 * | |
1507 */ | |
1508 | |
1509 NSS_EXTERN NSSToken * | |
1510 NSSTrustDomain_FindTokenByName | |
1511 ( | |
1512 NSSTrustDomain *td, | |
1513 NSSUTF8 *tokenName | |
1514 ); | |
1515 | |
1516 /* | |
1517 * NSSTrustDomain_FindTokenBySlotName | |
1518 * | |
1519 */ | |
1520 | |
1521 NSS_EXTERN NSSToken * | |
1522 NSSTrustDomain_FindTokenBySlotName | |
1523 ( | |
1524 NSSTrustDomain *td, | |
1525 NSSUTF8 *slotName | |
1526 ); | |
1527 | |
1528 /* | |
1529 * NSSTrustDomain_FindBestTokenForAlgorithm | |
1530 * | |
1531 */ | |
1532 | |
1533 NSS_EXTERN NSSToken * | |
1534 NSSTrustDomain_FindTokenForAlgorithm | |
1535 ( | |
1536 NSSTrustDomain *td, | |
1537 NSSOID *algorithm | |
1538 ); | |
1539 | |
1540 /* | |
1541 * NSSTrustDomain_FindBestTokenForAlgorithms | |
1542 * | |
1543 */ | |
1544 | |
1545 NSS_EXTERN NSSToken * | |
1546 NSSTrustDomain_FindBestTokenForAlgorithms | |
1547 ( | |
1548 NSSTrustDomain *td, | |
1549 NSSOID *algorithms[], /* may be null-terminated */ | |
1550 PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ | |
1551 ); | |
1552 | |
1553 /* | |
1554 * NSSTrustDomain_Login | |
1555 * | |
1556 */ | |
1557 | |
1558 NSS_EXTERN PRStatus | |
1559 NSSTrustDomain_Login | |
1560 ( | |
1561 NSSTrustDomain *td, | |
1562 NSSCallback *uhhOpt | |
1563 ); | |
1564 | 1096 |
1565 /* | 1097 /* |
1566 * NSSTrustDomain_Logout | 1098 * NSSTrustDomain_Logout |
1567 * | 1099 * |
1568 */ | 1100 */ |
1569 | 1101 |
1570 NSS_EXTERN PRStatus | 1102 NSS_EXTERN PRStatus NSSTrustDomain_Logout(NSSTrustDomain *td); |
1571 NSSTrustDomain_Logout | |
1572 ( | |
1573 NSSTrustDomain *td | |
1574 ); | |
1575 | 1103 |
1576 /* Importing things */ | 1104 /* Importing things */ |
1577 | 1105 |
1578 /* | 1106 /* |
1579 * NSSTrustDomain_ImportCertificate | 1107 * NSSTrustDomain_ImportCertificate |
1580 * | 1108 * |
1581 * The implementation will pull some data out of the certificate | 1109 * The implementation will pull some data out of the certificate |
1582 * (e.g. e-mail address) for use in pkcs#11 object attributes. | 1110 * (e.g. e-mail address) for use in pkcs#11 object attributes. |
1583 */ | 1111 */ |
1584 | 1112 |
| 1113 NSS_EXTERN NSSCertificate *NSSTrustDomain_ImportCertificate(NSSTrustDomain *td, |
| 1114 NSSCertificate *c); |
| 1115 |
| 1116 /* |
| 1117 * NSSTrustDomain_ImportPKIXCertificate |
| 1118 * |
| 1119 */ |
| 1120 |
| 1121 NSS_EXTERN NSSCertificate *NSSTrustDomain_ImportPKIXCertificate( |
| 1122 NSSTrustDomain *td, |
| 1123 /* declared as a struct until these "data types" are defined */ |
| 1124 struct NSSPKIXCertificateStr *pc); |
| 1125 |
| 1126 /* |
| 1127 * NSSTrustDomain_ImportEncodedCertificate |
| 1128 * |
| 1129 * Imports any type of certificate we support. |
| 1130 */ |
| 1131 |
| 1132 NSS_EXTERN NSSCertificate *NSSTrustDomain_ImportEncodedCertificate( |
| 1133 NSSTrustDomain *td, NSSBER *ber); |
| 1134 |
| 1135 /* |
| 1136 * NSSTrustDomain_ImportEncodedCertificateChain |
| 1137 * |
| 1138 * If you just want the leaf, pass in a maximum of one. |
| 1139 */ |
| 1140 |
| 1141 NSS_EXTERN NSSCertificate **NSSTrustDomain_ImportEncodedCertificateChain( |
| 1142 NSSTrustDomain *td, NSSBER *ber, NSSCertificate *rvOpt[], |
| 1143 PRUint32 maximumOpt, /* 0 for no max */ |
| 1144 NSSArena *arenaOpt); |
| 1145 |
| 1146 /* |
| 1147 * NSSTrustDomain_ImportEncodedPrivateKey |
| 1148 * |
| 1149 */ |
| 1150 |
| 1151 NSS_EXTERN NSSPrivateKey *NSSTrustDomain_ImportEncodedPrivateKey( |
| 1152 NSSTrustDomain *td, NSSBER *ber, |
| 1153 NSSItem *passwordOpt, /* NULL will cause a callback */ |
| 1154 NSSCallback *uhhOpt, NSSToken *destination); |
| 1155 |
| 1156 /* |
| 1157 * NSSTrustDomain_ImportEncodedPublicKey |
| 1158 * |
| 1159 */ |
| 1160 |
| 1161 NSS_EXTERN NSSPublicKey *NSSTrustDomain_ImportEncodedPublicKey( |
| 1162 NSSTrustDomain *td, NSSBER *ber); |
| 1163 |
| 1164 /* Other importations: S/MIME capabilities */ |
| 1165 |
| 1166 /* |
| 1167 * NSSTrustDomain_FindBestCertificateByNickname |
| 1168 * |
| 1169 */ |
| 1170 |
| 1171 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindBestCertificateByNickname( |
| 1172 NSSTrustDomain *td, const NSSUTF8 *name, |
| 1173 NSSTime *timeOpt, /* NULL for "now" */ |
| 1174 NSSUsage *usage, NSSPolicies *policiesOpt /* NULL for none */ |
| 1175 ); |
| 1176 |
| 1177 /* |
| 1178 * NSSTrustDomain_FindCertificatesByNickname |
| 1179 * |
| 1180 */ |
| 1181 |
| 1182 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindCertificatesByNickname( |
| 1183 NSSTrustDomain *td, NSSUTF8 *name, NSSCertificate *rvOpt[], |
| 1184 PRUint32 maximumOpt, /* 0 for no max */ |
| 1185 NSSArena *arenaOpt); |
| 1186 |
| 1187 /* |
| 1188 * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber |
| 1189 * |
| 1190 */ |
| 1191 |
1585 NSS_EXTERN NSSCertificate * | 1192 NSS_EXTERN NSSCertificate * |
1586 NSSTrustDomain_ImportCertificate | 1193 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber(NSSTrustDomain *td, |
1587 ( | 1194 NSSDER *issuer, |
1588 NSSTrustDomain *td, | 1195 NSSDER *serialNumber); |
1589 NSSCertificate *c | |
1590 ); | |
1591 | |
1592 /* | |
1593 * NSSTrustDomain_ImportPKIXCertificate | |
1594 * | |
1595 */ | |
1596 | |
1597 NSS_EXTERN NSSCertificate * | |
1598 NSSTrustDomain_ImportPKIXCertificate | |
1599 ( | |
1600 NSSTrustDomain *td, | |
1601 /* declared as a struct until these "data types" are defined */ | |
1602 struct NSSPKIXCertificateStr *pc | |
1603 ); | |
1604 | |
1605 /* | |
1606 * NSSTrustDomain_ImportEncodedCertificate | |
1607 * | |
1608 * Imports any type of certificate we support. | |
1609 */ | |
1610 | |
1611 NSS_EXTERN NSSCertificate * | |
1612 NSSTrustDomain_ImportEncodedCertificate | |
1613 ( | |
1614 NSSTrustDomain *td, | |
1615 NSSBER *ber | |
1616 ); | |
1617 | |
1618 /* | |
1619 * NSSTrustDomain_ImportEncodedCertificateChain | |
1620 * | |
1621 * If you just want the leaf, pass in a maximum of one. | |
1622 */ | |
1623 | |
1624 NSS_EXTERN NSSCertificate ** | |
1625 NSSTrustDomain_ImportEncodedCertificateChain | |
1626 ( | |
1627 NSSTrustDomain *td, | |
1628 NSSBER *ber, | |
1629 NSSCertificate *rvOpt[], | |
1630 PRUint32 maximumOpt, /* 0 for no max */ | |
1631 NSSArena *arenaOpt | |
1632 ); | |
1633 | |
1634 /* | |
1635 * NSSTrustDomain_ImportEncodedPrivateKey | |
1636 * | |
1637 */ | |
1638 | |
1639 NSS_EXTERN NSSPrivateKey * | |
1640 NSSTrustDomain_ImportEncodedPrivateKey | |
1641 ( | |
1642 NSSTrustDomain *td, | |
1643 NSSBER *ber, | |
1644 NSSItem *passwordOpt, /* NULL will cause a callback */ | |
1645 NSSCallback *uhhOpt, | |
1646 NSSToken *destination | |
1647 ); | |
1648 | |
1649 /* | |
1650 * NSSTrustDomain_ImportEncodedPublicKey | |
1651 * | |
1652 */ | |
1653 | |
1654 NSS_EXTERN NSSPublicKey * | |
1655 NSSTrustDomain_ImportEncodedPublicKey | |
1656 ( | |
1657 NSSTrustDomain *td, | |
1658 NSSBER *ber | |
1659 ); | |
1660 | |
1661 /* Other importations: S/MIME capabilities */ | |
1662 | |
1663 /* | |
1664 * NSSTrustDomain_FindBestCertificateByNickname | |
1665 * | |
1666 */ | |
1667 | |
1668 NSS_EXTERN NSSCertificate * | |
1669 NSSTrustDomain_FindBestCertificateByNickname | |
1670 ( | |
1671 NSSTrustDomain *td, | |
1672 const NSSUTF8 *name, | |
1673 NSSTime *timeOpt, /* NULL for "now" */ | |
1674 NSSUsage *usage, | |
1675 NSSPolicies *policiesOpt /* NULL for none */ | |
1676 ); | |
1677 | |
1678 /* | |
1679 * NSSTrustDomain_FindCertificatesByNickname | |
1680 * | |
1681 */ | |
1682 | |
1683 NSS_EXTERN NSSCertificate ** | |
1684 NSSTrustDomain_FindCertificatesByNickname | |
1685 ( | |
1686 NSSTrustDomain *td, | |
1687 NSSUTF8 *name, | |
1688 NSSCertificate *rvOpt[], | |
1689 PRUint32 maximumOpt, /* 0 for no max */ | |
1690 NSSArena *arenaOpt | |
1691 ); | |
1692 | |
1693 /* | |
1694 * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber | |
1695 * | |
1696 */ | |
1697 | |
1698 NSS_EXTERN NSSCertificate * | |
1699 NSSTrustDomain_FindCertificateByIssuerAndSerialNumber | |
1700 ( | |
1701 NSSTrustDomain *td, | |
1702 NSSDER *issuer, | |
1703 NSSDER *serialNumber | |
1704 ); | |
1705 | 1196 |
1706 /* | 1197 /* |
1707 * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber | 1198 * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber |
1708 * | 1199 * |
1709 * Theoretically, this should never happen. However, some companies | 1200 * Theoretically, this should never happen. However, some companies |
1710 * we know have issued duplicate certificates with the same issuer | 1201 * we know have issued duplicate certificates with the same issuer |
1711 * and serial number. Do we just ignore them? I'm thinking yes. | 1202 * and serial number. Do we just ignore them? I'm thinking yes. |
1712 */ | 1203 */ |
1713 | 1204 |
1714 /* | 1205 /* |
1715 * NSSTrustDomain_FindBestCertificateBySubject | 1206 * NSSTrustDomain_FindBestCertificateBySubject |
1716 * | 1207 * |
1717 * This does not search through alternate names hidden in extensions. | 1208 * This does not search through alternate names hidden in extensions. |
1718 */ | 1209 */ |
1719 | 1210 |
1720 NSS_EXTERN NSSCertificate * | 1211 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindBestCertificateBySubject( |
1721 NSSTrustDomain_FindBestCertificateBySubject | 1212 NSSTrustDomain *td, NSSDER /*NSSUTF8*/ *subject, NSSTime *timeOpt, |
1722 ( | 1213 NSSUsage *usage, NSSPolicies *policiesOpt); |
1723 NSSTrustDomain *td, | |
1724 NSSDER /*NSSUTF8*/ *subject, | |
1725 NSSTime *timeOpt, | |
1726 NSSUsage *usage, | |
1727 NSSPolicies *policiesOpt | |
1728 ); | |
1729 | 1214 |
1730 /* | 1215 /* |
1731 * NSSTrustDomain_FindCertificatesBySubject | 1216 * NSSTrustDomain_FindCertificatesBySubject |
1732 * | 1217 * |
1733 * This does not search through alternate names hidden in extensions. | 1218 * This does not search through alternate names hidden in extensions. |
1734 */ | 1219 */ |
1735 | 1220 |
1736 NSS_EXTERN NSSCertificate ** | 1221 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindCertificatesBySubject( |
1737 NSSTrustDomain_FindCertificatesBySubject | 1222 NSSTrustDomain *td, NSSDER /*NSSUTF8*/ *subject, NSSCertificate *rvOpt[], |
1738 ( | 1223 PRUint32 maximumOpt, /* 0 for no max */ |
1739 NSSTrustDomain *td, | 1224 NSSArena *arenaOpt); |
1740 NSSDER /*NSSUTF8*/ *subject, | |
1741 NSSCertificate *rvOpt[], | |
1742 PRUint32 maximumOpt, /* 0 for no max */ | |
1743 NSSArena *arenaOpt | |
1744 ); | |
1745 | 1225 |
1746 /* | 1226 /* |
1747 * NSSTrustDomain_FindBestCertificateByNameComponents | 1227 * NSSTrustDomain_FindBestCertificateByNameComponents |
1748 * | 1228 * |
1749 * This call does try several tricks, including a pseudo pkcs#11 | 1229 * This call does try several tricks, including a pseudo pkcs#11 |
1750 * attribute for the ldap module to try as a query. Eventually | 1230 * attribute for the ldap module to try as a query. Eventually |
1751 * this call falls back to a traversal if that's what's required. | 1231 * this call falls back to a traversal if that's what's required. |
1752 * It will search through alternate names hidden in extensions. | 1232 * It will search through alternate names hidden in extensions. |
1753 */ | 1233 */ |
1754 | 1234 |
1755 NSS_EXTERN NSSCertificate * | 1235 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindBestCertificateByNameComponents( |
1756 NSSTrustDomain_FindBestCertificateByNameComponents | 1236 NSSTrustDomain *td, NSSUTF8 *nameComponents, NSSTime *timeOpt, |
1757 ( | 1237 NSSUsage *usage, NSSPolicies *policiesOpt); |
1758 NSSTrustDomain *td, | |
1759 NSSUTF8 *nameComponents, | |
1760 NSSTime *timeOpt, | |
1761 NSSUsage *usage, | |
1762 NSSPolicies *policiesOpt | |
1763 ); | |
1764 | 1238 |
1765 /* | 1239 /* |
1766 * NSSTrustDomain_FindCertificatesByNameComponents | 1240 * NSSTrustDomain_FindCertificatesByNameComponents |
1767 * | 1241 * |
1768 * This call, too, tries several tricks. It will stop on the first | 1242 * This call, too, tries several tricks. It will stop on the first |
1769 * attempt that generates results, so it won't e.g. traverse the | 1243 * attempt that generates results, so it won't e.g. traverse the |
1770 * entire ldap database. | 1244 * entire ldap database. |
1771 */ | 1245 */ |
1772 | 1246 |
1773 NSS_EXTERN NSSCertificate ** | 1247 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindCertificatesByNameComponents( |
1774 NSSTrustDomain_FindCertificatesByNameComponents | 1248 NSSTrustDomain *td, NSSUTF8 *nameComponents, NSSCertificate *rvOpt[], |
1775 ( | 1249 PRUint32 maximumOpt, /* 0 for no max */ |
1776 NSSTrustDomain *td, | 1250 NSSArena *arenaOpt); |
1777 NSSUTF8 *nameComponents, | |
1778 NSSCertificate *rvOpt[], | |
1779 PRUint32 maximumOpt, /* 0 for no max */ | |
1780 NSSArena *arenaOpt | |
1781 ); | |
1782 | 1251 |
1783 /* | 1252 /* |
1784 * NSSTrustDomain_FindCertificateByEncodedCertificate | 1253 * NSSTrustDomain_FindCertificateByEncodedCertificate |
1785 * | 1254 * |
1786 */ | 1255 */ |
1787 | 1256 |
1788 NSS_EXTERN NSSCertificate * | 1257 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindCertificateByEncodedCertificate( |
1789 NSSTrustDomain_FindCertificateByEncodedCertificate | 1258 NSSTrustDomain *td, NSSBER *encodedCertificate); |
1790 ( | |
1791 NSSTrustDomain *td, | |
1792 NSSBER *encodedCertificate | |
1793 ); | |
1794 | 1259 |
1795 /* | 1260 /* |
1796 * NSSTrustDomain_FindBestCertificateByEmail | 1261 * NSSTrustDomain_FindBestCertificateByEmail |
1797 * | 1262 * |
1798 */ | 1263 */ |
1799 | 1264 |
1800 NSS_EXTERN NSSCertificate * | 1265 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindCertificateByEmail( |
1801 NSSTrustDomain_FindCertificateByEmail | 1266 NSSTrustDomain *td, NSSASCII7 *email, NSSTime *timeOpt, NSSUsage *usage, |
1802 ( | 1267 NSSPolicies *policiesOpt); |
1803 NSSTrustDomain *td, | |
1804 NSSASCII7 *email, | |
1805 NSSTime *timeOpt, | |
1806 NSSUsage *usage, | |
1807 NSSPolicies *policiesOpt | |
1808 ); | |
1809 | 1268 |
1810 /* | 1269 /* |
1811 * NSSTrustDomain_FindCertificatesByEmail | 1270 * NSSTrustDomain_FindCertificatesByEmail |
1812 * | 1271 * |
1813 */ | 1272 */ |
1814 | 1273 |
1815 NSS_EXTERN NSSCertificate ** | 1274 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindCertificatesByEmail( |
1816 NSSTrustDomain_FindCertificatesByEmail | 1275 NSSTrustDomain *td, NSSASCII7 *email, NSSCertificate *rvOpt[], |
1817 ( | 1276 PRUint32 maximumOpt, /* 0 for no max */ |
1818 NSSTrustDomain *td, | 1277 NSSArena *arenaOpt); |
1819 NSSASCII7 *email, | |
1820 NSSCertificate *rvOpt[], | |
1821 PRUint32 maximumOpt, /* 0 for no max */ | |
1822 NSSArena *arenaOpt | |
1823 ); | |
1824 | 1278 |
1825 /* | 1279 /* |
1826 * NSSTrustDomain_FindCertificateByOCSPHash | 1280 * NSSTrustDomain_FindCertificateByOCSPHash |
1827 * | 1281 * |
1828 * There can be only one. | 1282 * There can be only one. |
1829 */ | 1283 */ |
1830 | 1284 |
1831 NSS_EXTERN NSSCertificate * | 1285 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindCertificateByOCSPHash( |
1832 NSSTrustDomain_FindCertificateByOCSPHash | 1286 NSSTrustDomain *td, NSSItem *hash); |
1833 ( | |
1834 NSSTrustDomain *td, | |
1835 NSSItem *hash | |
1836 ); | |
1837 | 1287 |
1838 /* | 1288 /* |
1839 * NSSTrustDomain_TraverseCertificates | 1289 * NSSTrustDomain_TraverseCertificates |
1840 * | 1290 * |
1841 * This function descends from one in older versions of NSS which | 1291 * This function descends from one in older versions of NSS which |
1842 * traverses the certs in the permanent database. That function | 1292 * traverses the certs in the permanent database. That function |
1843 * was used to implement selection routines, but was directly | 1293 * was used to implement selection routines, but was directly |
1844 * available too. Trust domains are going to contain a lot more | 1294 * available too. Trust domains are going to contain a lot more |
1845 * certs now (e.g., an ldap server), so we'd really like to | 1295 * certs now (e.g., an ldap server), so we'd really like to |
1846 * discourage traversal. Thus for now, this is commented out. | 1296 * discourage traversal. Thus for now, this is commented out. |
1847 * If it's needed, let's look at the situation more closely to | 1297 * If it's needed, let's look at the situation more closely to |
1848 * find out what the actual requirements are. | 1298 * find out what the actual requirements are. |
1849 */ | 1299 */ |
1850 | 1300 |
1851 /* For now, adding this function. This may only be for debugging | 1301 /* For now, adding this function. This may only be for debugging |
1852 * purposes. | 1302 * purposes. |
1853 * Perhaps some equivalent function, on a specified token, will be | 1303 * Perhaps some equivalent function, on a specified token, will be |
1854 * needed in a "friend" header file? | 1304 * needed in a "friend" header file? |
1855 */ | 1305 */ |
1856 NSS_EXTERN PRStatus * | 1306 NSS_EXTERN PRStatus *NSSTrustDomain_TraverseCertificates( |
1857 NSSTrustDomain_TraverseCertificates | 1307 NSSTrustDomain *td, PRStatus (*callback)(NSSCertificate *c, void *arg), |
1858 ( | 1308 void *arg); |
1859 NSSTrustDomain *td, | |
1860 PRStatus (*callback)(NSSCertificate *c, void *arg), | |
1861 void *arg | |
1862 ); | |
1863 | 1309 |
1864 /* | 1310 /* |
1865 * NSSTrustDomain_FindBestUserCertificate | 1311 * NSSTrustDomain_FindBestUserCertificate |
1866 * | 1312 * |
1867 */ | 1313 */ |
1868 | 1314 |
| 1315 NSS_EXTERN NSSCertificate *NSSTrustDomain_FindBestUserCertificate( |
| 1316 NSSTrustDomain *td, NSSTime *timeOpt, NSSUsage *usage, |
| 1317 NSSPolicies *policiesOpt); |
| 1318 |
| 1319 /* |
| 1320 * NSSTrustDomain_FindUserCertificates |
| 1321 * |
| 1322 */ |
| 1323 |
| 1324 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindUserCertificates( |
| 1325 NSSTrustDomain *td, NSSTime *timeOpt, NSSUsage *usageOpt, |
| 1326 NSSPolicies *policiesOpt, NSSCertificate **rvOpt, |
| 1327 PRUint32 rvLimit, /* zero for no limit */ |
| 1328 NSSArena *arenaOpt); |
| 1329 |
| 1330 /* |
| 1331 * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth |
| 1332 * |
| 1333 */ |
| 1334 |
1869 NSS_EXTERN NSSCertificate * | 1335 NSS_EXTERN NSSCertificate * |
1870 NSSTrustDomain_FindBestUserCertificate | 1336 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth( |
1871 ( | 1337 NSSTrustDomain *td, NSSUTF8 *sslHostOpt, |
1872 NSSTrustDomain *td, | 1338 NSSDER *rootCAsOpt[], /* null pointer for none */ |
1873 NSSTime *timeOpt, | 1339 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
1874 NSSUsage *usage, | 1340 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt); |
1875 NSSPolicies *policiesOpt | 1341 |
1876 ); | 1342 /* |
1877 | 1343 * NSSTrustDomain_FindUserCertificatesForSSLClientAuth |
1878 /* | 1344 * |
1879 * NSSTrustDomain_FindUserCertificates | 1345 */ |
1880 * | 1346 |
1881 */ | 1347 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindUserCertificatesForSSLClientAuth( |
1882 | 1348 NSSTrustDomain *td, NSSUTF8 *sslHostOpt, |
1883 NSS_EXTERN NSSCertificate ** | 1349 NSSDER *rootCAsOpt[], /* null pointer for none */ |
1884 NSSTrustDomain_FindUserCertificates | 1350 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
1885 ( | 1351 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt, |
1886 NSSTrustDomain *td, | 1352 NSSCertificate **rvOpt, PRUint32 rvLimit, /* zero for no limit */ |
1887 NSSTime *timeOpt, | 1353 NSSArena *arenaOpt); |
1888 NSSUsage *usageOpt, | 1354 |
1889 NSSPolicies *policiesOpt, | 1355 /* |
1890 NSSCertificate **rvOpt, | 1356 * NSSTrustDomain_FindBestUserCertificateForEmailSigning |
1891 PRUint32 rvLimit, /* zero for no limit */ | |
1892 NSSArena *arenaOpt | |
1893 ); | |
1894 | |
1895 /* | |
1896 * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth | |
1897 * | 1357 * |
1898 */ | 1358 */ |
1899 | 1359 |
1900 NSS_EXTERN NSSCertificate * | 1360 NSS_EXTERN NSSCertificate * |
1901 NSSTrustDomain_FindBestUserCertificateForSSLClientAuth | 1361 NSSTrustDomain_FindBestUserCertificateForEmailSigning( |
1902 ( | 1362 NSSTrustDomain *td, NSSASCII7 *signerOpt, NSSASCII7 *recipientOpt, |
1903 NSSTrustDomain *td, | 1363 /* anything more here? */ |
1904 NSSUTF8 *sslHostOpt, | 1364 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt); |
1905 NSSDER *rootCAsOpt[], /* null pointer for none */ | |
1906 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ | |
1907 NSSAlgorithmAndParameters *apOpt, | |
1908 NSSPolicies *policiesOpt | |
1909 ); | |
1910 | |
1911 /* | |
1912 * NSSTrustDomain_FindUserCertificatesForSSLClientAuth | |
1913 * | |
1914 */ | |
1915 | |
1916 NSS_EXTERN NSSCertificate ** | |
1917 NSSTrustDomain_FindUserCertificatesForSSLClientAuth | |
1918 ( | |
1919 NSSTrustDomain *td, | |
1920 NSSUTF8 *sslHostOpt, | |
1921 NSSDER *rootCAsOpt[], /* null pointer for none */ | |
1922 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ | |
1923 NSSAlgorithmAndParameters *apOpt, | |
1924 NSSPolicies *policiesOpt, | |
1925 NSSCertificate **rvOpt, | |
1926 PRUint32 rvLimit, /* zero for no limit */ | |
1927 NSSArena *arenaOpt | |
1928 ); | |
1929 | |
1930 /* | |
1931 * NSSTrustDomain_FindBestUserCertificateForEmailSigning | |
1932 * | |
1933 */ | |
1934 | |
1935 NSS_EXTERN NSSCertificate * | |
1936 NSSTrustDomain_FindBestUserCertificateForEmailSigning | |
1937 ( | |
1938 NSSTrustDomain *td, | |
1939 NSSASCII7 *signerOpt, | |
1940 NSSASCII7 *recipientOpt, | |
1941 /* anything more here? */ | |
1942 NSSAlgorithmAndParameters *apOpt, | |
1943 NSSPolicies *policiesOpt | |
1944 ); | |
1945 | 1365 |
1946 /* | 1366 /* |
1947 * NSSTrustDomain_FindUserCertificatesForEmailSigning | 1367 * NSSTrustDomain_FindUserCertificatesForEmailSigning |
1948 * | 1368 * |
1949 */ | 1369 */ |
1950 | 1370 |
1951 NSS_EXTERN NSSCertificate ** | 1371 NSS_EXTERN NSSCertificate **NSSTrustDomain_FindUserCertificatesForEmailSigning( |
1952 NSSTrustDomain_FindUserCertificatesForEmailSigning | 1372 NSSTrustDomain *td, NSSASCII7 *signerOpt, NSSASCII7 *recipientOpt, |
1953 ( | 1373 /* anything more here? */ |
1954 NSSTrustDomain *td, | 1374 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt, |
1955 NSSASCII7 *signerOpt, | 1375 NSSCertificate **rvOpt, PRUint32 rvLimit, /* zero for no limit */ |
1956 NSSASCII7 *recipientOpt, | 1376 NSSArena *arenaOpt); |
1957 /* anything more here? */ | |
1958 NSSAlgorithmAndParameters *apOpt, | |
1959 NSSPolicies *policiesOpt, | |
1960 NSSCertificate **rvOpt, | |
1961 PRUint32 rvLimit, /* zero for no limit */ | |
1962 NSSArena *arenaOpt | |
1963 ); | |
1964 | 1377 |
1965 /* | 1378 /* |
1966 * Here is where we'd add more Find[Best]UserCertificate[s]For<usage> | 1379 * Here is where we'd add more Find[Best]UserCertificate[s]For<usage> |
1967 * routines. | 1380 * routines. |
1968 */ | 1381 */ |
1969 | 1382 |
1970 /* Private Keys */ | 1383 /* Private Keys */ |
1971 | 1384 |
1972 /* | 1385 /* |
1973 * NSSTrustDomain_GenerateKeyPair | 1386 * NSSTrustDomain_GenerateKeyPair |
1974 * | 1387 * |
1975 * Creates persistant objects. If you want session objects, use | 1388 * Creates persistant objects. If you want session objects, use |
1976 * NSSCryptoContext_GenerateKeyPair. The destination token is where | 1389 * NSSCryptoContext_GenerateKeyPair. The destination token is where |
1977 * the keys are stored. If that token can do the required math, then | 1390 * the keys are stored. If that token can do the required math, then |
1978 * that's where the keys are generated too. Otherwise, the keys are | 1391 * that's where the keys are generated too. Otherwise, the keys are |
1979 * generated elsewhere and moved to that token. | 1392 * generated elsewhere and moved to that token. |
1980 */ | 1393 */ |
1981 | 1394 |
1982 NSS_EXTERN PRStatus | 1395 NSS_EXTERN PRStatus NSSTrustDomain_GenerateKeyPair( |
1983 NSSTrustDomain_GenerateKeyPair | 1396 NSSTrustDomain *td, NSSAlgorithmAndParameters *ap, NSSPrivateKey **pvkOpt, |
1984 ( | 1397 NSSPublicKey **pbkOpt, PRBool privateKeyIsSensitive, NSSToken *destination, |
1985 NSSTrustDomain *td, | 1398 NSSCallback *uhhOpt); |
1986 NSSAlgorithmAndParameters *ap, | |
1987 NSSPrivateKey **pvkOpt, | |
1988 NSSPublicKey **pbkOpt, | |
1989 PRBool privateKeyIsSensitive, | |
1990 NSSToken *destination, | |
1991 NSSCallback *uhhOpt | |
1992 ); | |
1993 | 1399 |
1994 /* | 1400 /* |
1995 * NSSTrustDomain_TraversePrivateKeys | 1401 * NSSTrustDomain_TraversePrivateKeys |
1996 * | 1402 * |
1997 * | 1403 * |
1998 * NSS_EXTERN PRStatus * | 1404 * NSS_EXTERN PRStatus * |
1999 * NSSTrustDomain_TraversePrivateKeys | 1405 * NSSTrustDomain_TraversePrivateKeys |
2000 * ( | 1406 * ( |
2001 * NSSTrustDomain *td, | 1407 * NSSTrustDomain *td, |
2002 * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), | 1408 * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), |
2003 * void *arg | 1409 * void *arg |
2004 * ); | 1410 * ); |
2005 */ | 1411 */ |
2006 | 1412 |
2007 /* Symmetric Keys */ | 1413 /* Symmetric Keys */ |
2008 | 1414 |
2009 /* | 1415 /* |
2010 * NSSTrustDomain_GenerateSymmetricKey | 1416 * NSSTrustDomain_GenerateSymmetricKey |
2011 * | 1417 * |
2012 */ | 1418 */ |
2013 | 1419 |
2014 NSS_EXTERN NSSSymmetricKey * | 1420 NSS_EXTERN NSSSymmetricKey *NSSTrustDomain_GenerateSymmetricKey( |
2015 NSSTrustDomain_GenerateSymmetricKey | 1421 NSSTrustDomain *td, NSSAlgorithmAndParameters *ap, PRUint32 keysize, |
2016 ( | 1422 NSSToken *destination, NSSCallback *uhhOpt); |
2017 NSSTrustDomain *td, | |
2018 NSSAlgorithmAndParameters *ap, | |
2019 PRUint32 keysize, | |
2020 NSSToken *destination, | |
2021 NSSCallback *uhhOpt | |
2022 ); | |
2023 | 1423 |
2024 /* | 1424 /* |
2025 * NSSTrustDomain_GenerateSymmetricKeyFromPassword | 1425 * NSSTrustDomain_GenerateSymmetricKeyFromPassword |
2026 * | 1426 * |
2027 */ | 1427 */ |
2028 | 1428 |
2029 NSS_EXTERN NSSSymmetricKey * | 1429 NSS_EXTERN NSSSymmetricKey *NSSTrustDomain_GenerateSymmetricKeyFromPassword( |
2030 NSSTrustDomain_GenerateSymmetricKeyFromPassword | 1430 NSSTrustDomain *td, NSSAlgorithmAndParameters *ap, |
2031 ( | 1431 NSSUTF8 *passwordOpt, /* if null, prompt */ |
2032 NSSTrustDomain *td, | 1432 NSSToken *destinationOpt, NSSCallback *uhhOpt); |
2033 NSSAlgorithmAndParameters *ap, | |
2034 NSSUTF8 *passwordOpt, /* if null, prompt */ | |
2035 NSSToken *destinationOpt, | |
2036 NSSCallback *uhhOpt | |
2037 ); | |
2038 | 1433 |
2039 /* | 1434 /* |
2040 * NSSTrustDomain_FindSymmetricKeyByAlgorithm | 1435 * NSSTrustDomain_FindSymmetricKeyByAlgorithm |
2041 * | 1436 * |
2042 * Is this still needed? | 1437 * Is this still needed? |
2043 * | 1438 * |
2044 * NSS_EXTERN NSSSymmetricKey * | 1439 * NSS_EXTERN NSSSymmetricKey * |
2045 * NSSTrustDomain_FindSymmetricKeyByAlgorithm | 1440 * NSSTrustDomain_FindSymmetricKeyByAlgorithm |
2046 * ( | 1441 * ( |
2047 * NSSTrustDomain *td, | 1442 * NSSTrustDomain *td, |
2048 * NSSOID *algorithm, | 1443 * NSSOID *algorithm, |
2049 * NSSCallback *uhhOpt | 1444 * NSSCallback *uhhOpt |
2050 * ); | 1445 * ); |
2051 */ | 1446 */ |
2052 | 1447 |
2053 /* | 1448 /* |
2054 * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID | 1449 * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID |
2055 * | 1450 * |
2056 */ | 1451 */ |
2057 | 1452 |
2058 NSS_EXTERN NSSSymmetricKey * | 1453 NSS_EXTERN NSSSymmetricKey *NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID( |
2059 NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID | 1454 NSSTrustDomain *td, NSSOID *algorithm, NSSItem *keyID, NSSCallback *uhhOpt); |
2060 ( | |
2061 NSSTrustDomain *td, | |
2062 NSSOID *algorithm, | |
2063 NSSItem *keyID, | |
2064 NSSCallback *uhhOpt | |
2065 ); | |
2066 | 1455 |
2067 /* | 1456 /* |
2068 * NSSTrustDomain_TraverseSymmetricKeys | 1457 * NSSTrustDomain_TraverseSymmetricKeys |
2069 * | 1458 * |
2070 * | 1459 * |
2071 * NSS_EXTERN PRStatus * | 1460 * NSS_EXTERN PRStatus * |
2072 * NSSTrustDomain_TraverseSymmetricKeys | 1461 * NSSTrustDomain_TraverseSymmetricKeys |
2073 * ( | 1462 * ( |
2074 * NSSTrustDomain *td, | 1463 * NSSTrustDomain *td, |
2075 * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), | 1464 * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), |
2076 * void *arg | 1465 * void *arg |
2077 * ); | 1466 * ); |
2078 */ | 1467 */ |
2079 | 1468 |
2080 /* | 1469 /* |
2081 * NSSTrustDomain_CreateCryptoContext | 1470 * NSSTrustDomain_CreateCryptoContext |
2082 * | 1471 * |
2083 * If a callback object is specified, it becomes the for the crypto | 1472 * If a callback object is specified, it becomes the for the crypto |
2084 * context; otherwise, this trust domain's default (if any) is | 1473 * context; otherwise, this trust domain's default (if any) is |
2085 * inherited. | 1474 * inherited. |
2086 */ | 1475 */ |
2087 | 1476 |
| 1477 NSS_EXTERN NSSCryptoContext *NSSTrustDomain_CreateCryptoContext( |
| 1478 NSSTrustDomain *td, NSSCallback *uhhOpt); |
| 1479 |
| 1480 /* |
| 1481 * NSSTrustDomain_CreateCryptoContextForAlgorithm |
| 1482 * |
| 1483 */ |
| 1484 |
| 1485 NSS_EXTERN NSSCryptoContext *NSSTrustDomain_CreateCryptoContextForAlgorithm( |
| 1486 NSSTrustDomain *td, NSSOID *algorithm); |
| 1487 |
| 1488 /* |
| 1489 * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters |
| 1490 * |
| 1491 */ |
| 1492 |
2088 NSS_EXTERN NSSCryptoContext * | 1493 NSS_EXTERN NSSCryptoContext * |
2089 NSSTrustDomain_CreateCryptoContext | 1494 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters( |
2090 ( | 1495 NSSTrustDomain *td, NSSAlgorithmAndParameters *ap); |
2091 NSSTrustDomain *td, | |
2092 NSSCallback *uhhOpt | |
2093 ); | |
2094 | |
2095 /* | |
2096 * NSSTrustDomain_CreateCryptoContextForAlgorithm | |
2097 * | |
2098 */ | |
2099 | |
2100 NSS_EXTERN NSSCryptoContext * | |
2101 NSSTrustDomain_CreateCryptoContextForAlgorithm | |
2102 ( | |
2103 NSSTrustDomain *td, | |
2104 NSSOID *algorithm | |
2105 ); | |
2106 | |
2107 /* | |
2108 * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters | |
2109 * | |
2110 */ | |
2111 | |
2112 NSS_EXTERN NSSCryptoContext * | |
2113 NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters | |
2114 ( | |
2115 NSSTrustDomain *td, | |
2116 NSSAlgorithmAndParameters *ap | |
2117 ); | |
2118 | 1496 |
2119 /* find/traverse other objects, e.g. s/mime profiles */ | 1497 /* find/traverse other objects, e.g. s/mime profiles */ |
2120 | 1498 |
2121 /* | 1499 /* |
2122 * NSSCryptoContext | 1500 * NSSCryptoContext |
2123 * | 1501 * |
2124 * A crypto context is sort of a short-term snapshot of a trust domain, | 1502 * A crypto context is sort of a short-term snapshot of a trust domain, |
2125 * used for the life of "one crypto operation." You can also think of | 1503 * used for the life of "one crypto operation." You can also think of |
2126 * it as a "temporary database." | 1504 * it as a "temporary database." |
2127 * | 1505 * |
2128 * Just about all of the things you can do with a trust domain -- importing | 1506 * Just about all of the things you can do with a trust domain -- importing |
2129 * or creating certs, keys, etc. -- can be done with a crypto context. | 1507 * or creating certs, keys, etc. -- can be done with a crypto context. |
2130 * The difference is that the objects will be temporary ("session") objects. | 1508 * The difference is that the objects will be temporary ("session") objects. |
2131 * | 1509 * |
2132 * Also, if the context was created for a key, cert, and/or algorithm; or | 1510 * Also, if the context was created for a key, cert, and/or algorithm; or |
2133 * if such objects have been "associated" with the context, then the context | 1511 * if such objects have been "associated" with the context, then the context |
2134 * can do everything the keys can, like crypto operations. | 1512 * can do everything the keys can, like crypto operations. |
2135 * | 1513 * |
2136 * And finally, because it keeps the state of the crypto operations, it | 1514 * And finally, because it keeps the state of the crypto operations, it |
2137 * can do streaming crypto ops. | 1515 * can do streaming crypto ops. |
2138 */ | 1516 */ |
2139 | 1517 |
2140 /* | 1518 /* |
2141 * NSSTrustDomain_Destroy | 1519 * NSSTrustDomain_Destroy |
2142 * | 1520 * |
2143 */ | 1521 */ |
2144 | 1522 |
| 1523 NSS_EXTERN PRStatus NSSCryptoContext_Destroy(NSSCryptoContext *cc); |
| 1524 |
| 1525 /* establishing a default callback */ |
| 1526 |
| 1527 /* |
| 1528 * NSSCryptoContext_SetDefaultCallback |
| 1529 * |
| 1530 */ |
| 1531 |
2145 NSS_EXTERN PRStatus | 1532 NSS_EXTERN PRStatus |
2146 NSSCryptoContext_Destroy | 1533 NSSCryptoContext_SetDefaultCallback(NSSCryptoContext *cc, |
2147 ( | 1534 NSSCallback *newCallback, |
2148 NSSCryptoContext *cc | 1535 NSSCallback **oldCallbackOpt); |
2149 ); | |
2150 | |
2151 /* establishing a default callback */ | |
2152 | |
2153 /* | |
2154 * NSSCryptoContext_SetDefaultCallback | |
2155 * | |
2156 */ | |
2157 | |
2158 NSS_EXTERN PRStatus | |
2159 NSSCryptoContext_SetDefaultCallback | |
2160 ( | |
2161 NSSCryptoContext *cc, | |
2162 NSSCallback *newCallback, | |
2163 NSSCallback **oldCallbackOpt | |
2164 ); | |
2165 | 1536 |
2166 /* | 1537 /* |
2167 * NSSCryptoContext_GetDefaultCallback | 1538 * NSSCryptoContext_GetDefaultCallback |
2168 * | 1539 * |
2169 */ | 1540 */ |
2170 | 1541 |
2171 NSS_EXTERN NSSCallback * | 1542 NSS_EXTERN NSSCallback *NSSCryptoContext_GetDefaultCallback( |
2172 NSSCryptoContext_GetDefaultCallback | 1543 NSSCryptoContext *cc, PRStatus *statusOpt); |
2173 ( | |
2174 NSSCryptoContext *cc, | |
2175 PRStatus *statusOpt | |
2176 ); | |
2177 | 1544 |
2178 /* | 1545 /* |
2179 * NSSCryptoContext_GetTrustDomain | 1546 * NSSCryptoContext_GetTrustDomain |
2180 * | 1547 * |
2181 */ | 1548 */ |
2182 | 1549 |
2183 NSS_EXTERN NSSTrustDomain * | 1550 NSS_EXTERN NSSTrustDomain *NSSCryptoContext_GetTrustDomain( |
2184 NSSCryptoContext_GetTrustDomain | 1551 NSSCryptoContext *cc); |
2185 ( | |
2186 NSSCryptoContext *cc | |
2187 ); | |
2188 | 1552 |
2189 /* AddModule, etc: should we allow "temporary" changes here? */ | 1553 /* AddModule, etc: should we allow "temporary" changes here? */ |
2190 /* DisableToken, etc: ditto */ | 1554 /* DisableToken, etc: ditto */ |
2191 /* Ordering of tokens? */ | 1555 /* Ordering of tokens? */ |
2192 /* Finding slots+token etc. */ | 1556 /* Finding slots+token etc. */ |
2193 /* login+logout */ | 1557 /* login+logout */ |
2194 | 1558 |
2195 /* Importing things */ | 1559 /* Importing things */ |
2196 | 1560 |
2197 /* | 1561 /* |
2198 * NSSCryptoContext_FindOrImportCertificate | 1562 * NSSCryptoContext_FindOrImportCertificate |
2199 * | 1563 * |
2200 * If the certificate store already contains this DER cert, return the | 1564 * If the certificate store already contains this DER cert, return the |
2201 * address of the matching NSSCertificate that is already in the store, | 1565 * address of the matching NSSCertificate that is already in the store, |
2202 * and bump its reference count. | 1566 * and bump its reference count. |
2203 * | 1567 * |
2204 * If this DER cert is NOT already in the store, then add the new | 1568 * If this DER cert is NOT already in the store, then add the new |
2205 * NSSCertificate to the store and bump its reference count, | 1569 * NSSCertificate to the store and bump its reference count, |
2206 * then return its address. | 1570 * then return its address. |
2207 * | 1571 * |
2208 * if this DER cert is not in the store and cannot be added to it, | 1572 * if this DER cert is not in the store and cannot be added to it, |
2209 * return NULL; | 1573 * return NULL; |
2210 * | 1574 * |
2211 * Record the associated crypto context in the certificate. | 1575 * Record the associated crypto context in the certificate. |
2212 */ | 1576 */ |
2213 | 1577 |
| 1578 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindOrImportCertificate( |
| 1579 NSSCryptoContext *cc, NSSCertificate *c); |
| 1580 |
| 1581 /* |
| 1582 * NSSCryptoContext_ImportPKIXCertificate |
| 1583 * |
| 1584 */ |
| 1585 |
| 1586 NSS_EXTERN NSSCertificate *NSSCryptoContext_ImportPKIXCertificate( |
| 1587 NSSCryptoContext *cc, struct NSSPKIXCertificateStr *pc); |
| 1588 |
| 1589 /* |
| 1590 * NSSCryptoContext_ImportEncodedCertificate |
| 1591 * |
| 1592 */ |
| 1593 |
| 1594 NSS_EXTERN NSSCertificate *NSSCryptoContext_ImportEncodedCertificate( |
| 1595 NSSCryptoContext *cc, NSSBER *ber); |
| 1596 |
| 1597 /* |
| 1598 * NSSCryptoContext_ImportEncodedPKIXCertificateChain |
| 1599 * |
| 1600 */ |
| 1601 |
| 1602 NSS_EXTERN PRStatus |
| 1603 NSSCryptoContext_ImportEncodedPKIXCertificateChain(NSSCryptoContext *cc, |
| 1604 NSSBER *ber); |
| 1605 |
| 1606 /* Other importations: S/MIME capabilities |
| 1607 */ |
| 1608 |
| 1609 /* |
| 1610 * NSSCryptoContext_FindBestCertificateByNickname |
| 1611 * |
| 1612 */ |
| 1613 |
| 1614 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindBestCertificateByNickname( |
| 1615 NSSCryptoContext *cc, const NSSUTF8 *name, |
| 1616 NSSTime *timeOpt, /* NULL for "now" */ |
| 1617 NSSUsage *usage, NSSPolicies *policiesOpt /* NULL for none */ |
| 1618 ); |
| 1619 |
| 1620 /* |
| 1621 * NSSCryptoContext_FindCertificatesByNickname |
| 1622 * |
| 1623 */ |
| 1624 |
| 1625 NSS_EXTERN NSSCertificate **NSSCryptoContext_FindCertificatesByNickname( |
| 1626 NSSCryptoContext *cc, NSSUTF8 *name, NSSCertificate *rvOpt[], |
| 1627 PRUint32 maximumOpt, /* 0 for no max */ |
| 1628 NSSArena *arenaOpt); |
| 1629 |
| 1630 /* |
| 1631 * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber |
| 1632 * |
| 1633 */ |
| 1634 |
2214 NSS_EXTERN NSSCertificate * | 1635 NSS_EXTERN NSSCertificate * |
2215 NSSCryptoContext_FindOrImportCertificate ( | 1636 NSSCryptoContext_FindCertificateByIssuerAndSerialNumber( |
2216 NSSCryptoContext *cc, | 1637 NSSCryptoContext *cc, NSSDER *issuer, NSSDER *serialNumber); |
2217 NSSCertificate *c | |
2218 ); | |
2219 | |
2220 /* | |
2221 * NSSCryptoContext_ImportPKIXCertificate | |
2222 * | |
2223 */ | |
2224 | |
2225 NSS_EXTERN NSSCertificate * | |
2226 NSSCryptoContext_ImportPKIXCertificate | |
2227 ( | |
2228 NSSCryptoContext *cc, | |
2229 struct NSSPKIXCertificateStr *pc | |
2230 ); | |
2231 | |
2232 /* | |
2233 * NSSCryptoContext_ImportEncodedCertificate | |
2234 * | |
2235 */ | |
2236 | |
2237 NSS_EXTERN NSSCertificate * | |
2238 NSSCryptoContext_ImportEncodedCertificate | |
2239 ( | |
2240 NSSCryptoContext *cc, | |
2241 NSSBER *ber | |
2242 ); | |
2243 | |
2244 /* | |
2245 * NSSCryptoContext_ImportEncodedPKIXCertificateChain | |
2246 * | |
2247 */ | |
2248 | |
2249 NSS_EXTERN PRStatus | |
2250 NSSCryptoContext_ImportEncodedPKIXCertificateChain | |
2251 ( | |
2252 NSSCryptoContext *cc, | |
2253 NSSBER *ber | |
2254 ); | |
2255 | |
2256 /* Other importations: S/MIME capabilities | |
2257 */ | |
2258 | |
2259 /* | |
2260 * NSSCryptoContext_FindBestCertificateByNickname | |
2261 * | |
2262 */ | |
2263 | |
2264 NSS_EXTERN NSSCertificate * | |
2265 NSSCryptoContext_FindBestCertificateByNickname | |
2266 ( | |
2267 NSSCryptoContext *cc, | |
2268 const NSSUTF8 *name, | |
2269 NSSTime *timeOpt, /* NULL for "now" */ | |
2270 NSSUsage *usage, | |
2271 NSSPolicies *policiesOpt /* NULL for none */ | |
2272 ); | |
2273 | |
2274 /* | |
2275 * NSSCryptoContext_FindCertificatesByNickname | |
2276 * | |
2277 */ | |
2278 | |
2279 NSS_EXTERN NSSCertificate ** | |
2280 NSSCryptoContext_FindCertificatesByNickname | |
2281 ( | |
2282 NSSCryptoContext *cc, | |
2283 NSSUTF8 *name, | |
2284 NSSCertificate *rvOpt[], | |
2285 PRUint32 maximumOpt, /* 0 for no max */ | |
2286 NSSArena *arenaOpt | |
2287 ); | |
2288 | |
2289 /* | |
2290 * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber | |
2291 * | |
2292 */ | |
2293 | |
2294 NSS_EXTERN NSSCertificate * | |
2295 NSSCryptoContext_FindCertificateByIssuerAndSerialNumber | |
2296 ( | |
2297 NSSCryptoContext *cc, | |
2298 NSSDER *issuer, | |
2299 NSSDER *serialNumber | |
2300 ); | |
2301 | 1638 |
2302 /* | 1639 /* |
2303 * NSSCryptoContext_FindBestCertificateBySubject | 1640 * NSSCryptoContext_FindBestCertificateBySubject |
2304 * | 1641 * |
2305 * This does not search through alternate names hidden in extensions. | 1642 * This does not search through alternate names hidden in extensions. |
2306 */ | 1643 */ |
2307 | 1644 |
2308 NSS_EXTERN NSSCertificate * | 1645 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindBestCertificateBySubject( |
2309 NSSCryptoContext_FindBestCertificateBySubject | 1646 NSSCryptoContext *cc, NSSDER /*NSSUTF8*/ *subject, NSSTime *timeOpt, |
2310 ( | 1647 NSSUsage *usage, NSSPolicies *policiesOpt); |
2311 NSSCryptoContext *cc, | |
2312 NSSDER /*NSSUTF8*/ *subject, | |
2313 NSSTime *timeOpt, | |
2314 NSSUsage *usage, | |
2315 NSSPolicies *policiesOpt | |
2316 ); | |
2317 | 1648 |
2318 /* | 1649 /* |
2319 * NSSCryptoContext_FindCertificatesBySubject | 1650 * NSSCryptoContext_FindCertificatesBySubject |
2320 * | 1651 * |
2321 * This does not search through alternate names hidden in extensions. | 1652 * This does not search through alternate names hidden in extensions. |
2322 */ | 1653 */ |
2323 | 1654 |
2324 NSS_EXTERN NSSCertificate ** | 1655 NSS_EXTERN NSSCertificate **NSSCryptoContext_FindCertificatesBySubject( |
2325 NSSCryptoContext_FindCertificatesBySubject | 1656 NSSCryptoContext *cc, NSSDER /*NSSUTF8*/ *subject, NSSCertificate *rvOpt[], |
2326 ( | 1657 PRUint32 maximumOpt, /* 0 for no max */ |
2327 NSSCryptoContext *cc, | 1658 NSSArena *arenaOpt); |
2328 NSSDER /*NSSUTF8*/ *subject, | |
2329 NSSCertificate *rvOpt[], | |
2330 PRUint32 maximumOpt, /* 0 for no max */ | |
2331 NSSArena *arenaOpt | |
2332 ); | |
2333 | 1659 |
2334 /* | 1660 /* |
2335 * NSSCryptoContext_FindBestCertificateByNameComponents | 1661 * NSSCryptoContext_FindBestCertificateByNameComponents |
2336 * | 1662 * |
2337 * This call does try several tricks, including a pseudo pkcs#11 | 1663 * This call does try several tricks, including a pseudo pkcs#11 |
2338 * attribute for the ldap module to try as a query. Eventually | 1664 * attribute for the ldap module to try as a query. Eventually |
2339 * this call falls back to a traversal if that's what's required. | 1665 * this call falls back to a traversal if that's what's required. |
2340 * It will search through alternate names hidden in extensions. | 1666 * It will search through alternate names hidden in extensions. |
2341 */ | 1667 */ |
2342 | 1668 |
2343 NSS_EXTERN NSSCertificate * | 1669 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindBestCertificateByNameComponents( |
2344 NSSCryptoContext_FindBestCertificateByNameComponents | 1670 NSSCryptoContext *cc, NSSUTF8 *nameComponents, NSSTime *timeOpt, |
2345 ( | 1671 NSSUsage *usage, NSSPolicies *policiesOpt); |
2346 NSSCryptoContext *cc, | |
2347 NSSUTF8 *nameComponents, | |
2348 NSSTime *timeOpt, | |
2349 NSSUsage *usage, | |
2350 NSSPolicies *policiesOpt | |
2351 ); | |
2352 | 1672 |
2353 /* | 1673 /* |
2354 * NSSCryptoContext_FindCertificatesByNameComponents | 1674 * NSSCryptoContext_FindCertificatesByNameComponents |
2355 * | 1675 * |
2356 * This call, too, tries several tricks. It will stop on the first | 1676 * This call, too, tries several tricks. It will stop on the first |
2357 * attempt that generates results, so it won't e.g. traverse the | 1677 * attempt that generates results, so it won't e.g. traverse the |
2358 * entire ldap database. | 1678 * entire ldap database. |
2359 */ | 1679 */ |
2360 | 1680 |
2361 NSS_EXTERN NSSCertificate ** | 1681 NSS_EXTERN NSSCertificate **NSSCryptoContext_FindCertificatesByNameComponents( |
2362 NSSCryptoContext_FindCertificatesByNameComponents | 1682 NSSCryptoContext *cc, NSSUTF8 *nameComponents, NSSCertificate *rvOpt[], |
2363 ( | 1683 PRUint32 maximumOpt, /* 0 for no max */ |
2364 NSSCryptoContext *cc, | 1684 NSSArena *arenaOpt); |
2365 NSSUTF8 *nameComponents, | |
2366 NSSCertificate *rvOpt[], | |
2367 PRUint32 maximumOpt, /* 0 for no max */ | |
2368 NSSArena *arenaOpt | |
2369 ); | |
2370 | 1685 |
2371 /* | 1686 /* |
2372 * NSSCryptoContext_FindCertificateByEncodedCertificate | 1687 * NSSCryptoContext_FindCertificateByEncodedCertificate |
2373 * | 1688 * |
2374 */ | 1689 */ |
2375 | 1690 |
2376 NSS_EXTERN NSSCertificate * | 1691 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindCertificateByEncodedCertificate( |
2377 NSSCryptoContext_FindCertificateByEncodedCertificate | 1692 NSSCryptoContext *cc, NSSBER *encodedCertificate); |
2378 ( | |
2379 NSSCryptoContext *cc, | |
2380 NSSBER *encodedCertificate | |
2381 ); | |
2382 | 1693 |
2383 /* | 1694 /* |
2384 * NSSCryptoContext_FindBestCertificateByEmail | 1695 * NSSCryptoContext_FindBestCertificateByEmail |
2385 * | 1696 * |
2386 */ | 1697 */ |
2387 | 1698 |
2388 NSS_EXTERN NSSCertificate * | 1699 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindBestCertificateByEmail( |
2389 NSSCryptoContext_FindBestCertificateByEmail | 1700 NSSCryptoContext *cc, NSSASCII7 *email, NSSTime *timeOpt, NSSUsage *usage, |
2390 ( | 1701 NSSPolicies *policiesOpt); |
2391 NSSCryptoContext *cc, | |
2392 NSSASCII7 *email, | |
2393 NSSTime *timeOpt, | |
2394 NSSUsage *usage, | |
2395 NSSPolicies *policiesOpt | |
2396 ); | |
2397 | 1702 |
2398 /* | 1703 /* |
2399 * NSSCryptoContext_FindCertificatesByEmail | 1704 * NSSCryptoContext_FindCertificatesByEmail |
2400 * | 1705 * |
2401 */ | 1706 */ |
2402 | 1707 |
2403 NSS_EXTERN NSSCertificate ** | 1708 NSS_EXTERN NSSCertificate **NSSCryptoContext_FindCertificatesByEmail( |
2404 NSSCryptoContext_FindCertificatesByEmail | 1709 NSSCryptoContext *cc, NSSASCII7 *email, NSSCertificate *rvOpt[], |
2405 ( | 1710 PRUint32 maximumOpt, /* 0 for no max */ |
2406 NSSCryptoContext *cc, | 1711 NSSArena *arenaOpt); |
2407 NSSASCII7 *email, | |
2408 NSSCertificate *rvOpt[], | |
2409 PRUint32 maximumOpt, /* 0 for no max */ | |
2410 NSSArena *arenaOpt | |
2411 ); | |
2412 | 1712 |
2413 /* | 1713 /* |
2414 * NSSCryptoContext_FindCertificateByOCSPHash | 1714 * NSSCryptoContext_FindCertificateByOCSPHash |
2415 * | 1715 * |
2416 */ | 1716 */ |
2417 | 1717 |
2418 NSS_EXTERN NSSCertificate * | 1718 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindCertificateByOCSPHash( |
2419 NSSCryptoContext_FindCertificateByOCSPHash | 1719 NSSCryptoContext *cc, NSSItem *hash); |
2420 ( | |
2421 NSSCryptoContext *cc, | |
2422 NSSItem *hash | |
2423 ); | |
2424 | 1720 |
2425 /* | 1721 /* |
2426 * NSSCryptoContext_TraverseCertificates | 1722 * NSSCryptoContext_TraverseCertificates |
2427 * | 1723 * |
2428 * | 1724 * |
2429 * NSS_EXTERN PRStatus * | 1725 * NSS_EXTERN PRStatus * |
2430 * NSSCryptoContext_TraverseCertificates | 1726 * NSSCryptoContext_TraverseCertificates |
2431 * ( | 1727 * ( |
2432 * NSSCryptoContext *cc, | 1728 * NSSCryptoContext *cc, |
2433 * PRStatus (*callback)(NSSCertificate *c, void *arg), | 1729 * PRStatus (*callback)(NSSCertificate *c, void *arg), |
2434 * void *arg | 1730 * void *arg |
2435 * ); | 1731 * ); |
2436 */ | 1732 */ |
2437 | 1733 |
2438 /* | 1734 /* |
2439 * NSSCryptoContext_FindBestUserCertificate | 1735 * NSSCryptoContext_FindBestUserCertificate |
2440 * | 1736 * |
2441 */ | 1737 */ |
2442 | 1738 |
| 1739 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindBestUserCertificate( |
| 1740 NSSCryptoContext *cc, NSSTime *timeOpt, NSSUsage *usage, |
| 1741 NSSPolicies *policiesOpt); |
| 1742 |
| 1743 /* |
| 1744 * NSSCryptoContext_FindUserCertificates |
| 1745 * |
| 1746 */ |
| 1747 |
| 1748 NSS_EXTERN NSSCertificate **NSSCryptoContext_FindUserCertificates( |
| 1749 NSSCryptoContext *cc, NSSTime *timeOpt, NSSUsage *usageOpt, |
| 1750 NSSPolicies *policiesOpt, NSSCertificate **rvOpt, |
| 1751 PRUint32 rvLimit, /* zero for no limit */ |
| 1752 NSSArena *arenaOpt); |
| 1753 |
| 1754 /* |
| 1755 * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth |
| 1756 * |
| 1757 */ |
| 1758 |
2443 NSS_EXTERN NSSCertificate * | 1759 NSS_EXTERN NSSCertificate * |
2444 NSSCryptoContext_FindBestUserCertificate | 1760 NSSCryptoContext_FindBestUserCertificateForSSLClientAuth( |
2445 ( | 1761 NSSCryptoContext *cc, NSSUTF8 *sslHostOpt, |
2446 NSSCryptoContext *cc, | 1762 NSSDER *rootCAsOpt[], /* null pointer for none */ |
2447 NSSTime *timeOpt, | 1763 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
2448 NSSUsage *usage, | 1764 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt); |
2449 NSSPolicies *policiesOpt | 1765 |
2450 ); | 1766 /* |
2451 | 1767 * NSSCryptoContext_FindUserCertificatesForSSLClientAuth |
2452 /* | |
2453 * NSSCryptoContext_FindUserCertificates | |
2454 * | 1768 * |
2455 */ | 1769 */ |
2456 | 1770 |
2457 NSS_EXTERN NSSCertificate ** | 1771 NSS_EXTERN NSSCertificate ** |
2458 NSSCryptoContext_FindUserCertificates | 1772 NSSCryptoContext_FindUserCertificatesForSSLClientAuth( |
2459 ( | 1773 NSSCryptoContext *cc, NSSUTF8 *sslHostOpt, |
2460 NSSCryptoContext *cc, | 1774 NSSDER *rootCAsOpt[], /* null pointer for none */ |
2461 NSSTime *timeOpt, | 1775 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ |
2462 NSSUsage *usageOpt, | 1776 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt, |
2463 NSSPolicies *policiesOpt, | 1777 NSSCertificate **rvOpt, PRUint32 rvLimit, /* zero for no limit */ |
2464 NSSCertificate **rvOpt, | 1778 NSSArena *arenaOpt); |
2465 PRUint32 rvLimit, /* zero for no limit */ | 1779 |
2466 NSSArena *arenaOpt | 1780 /* |
2467 ); | 1781 * NSSCryptoContext_FindBestUserCertificateForEmailSigning |
2468 | |
2469 /* | |
2470 * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth | |
2471 * | 1782 * |
2472 */ | 1783 */ |
2473 | 1784 |
2474 NSS_EXTERN NSSCertificate * | 1785 NSS_EXTERN NSSCertificate * |
2475 NSSCryptoContext_FindBestUserCertificateForSSLClientAuth | 1786 NSSCryptoContext_FindBestUserCertificateForEmailSigning( |
2476 ( | 1787 NSSCryptoContext *cc, NSSASCII7 *signerOpt, NSSASCII7 *recipientOpt, |
2477 NSSCryptoContext *cc, | 1788 /* anything more here? */ |
2478 NSSUTF8 *sslHostOpt, | 1789 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt); |
2479 NSSDER *rootCAsOpt[], /* null pointer for none */ | |
2480 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ | |
2481 NSSAlgorithmAndParameters *apOpt, | |
2482 NSSPolicies *policiesOpt | |
2483 ); | |
2484 | |
2485 /* | |
2486 * NSSCryptoContext_FindUserCertificatesForSSLClientAuth | |
2487 * | |
2488 */ | |
2489 | |
2490 NSS_EXTERN NSSCertificate ** | |
2491 NSSCryptoContext_FindUserCertificatesForSSLClientAuth | |
2492 ( | |
2493 NSSCryptoContext *cc, | |
2494 NSSUTF8 *sslHostOpt, | |
2495 NSSDER *rootCAsOpt[], /* null pointer for none */ | |
2496 PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ | |
2497 NSSAlgorithmAndParameters *apOpt, | |
2498 NSSPolicies *policiesOpt, | |
2499 NSSCertificate **rvOpt, | |
2500 PRUint32 rvLimit, /* zero for no limit */ | |
2501 NSSArena *arenaOpt | |
2502 ); | |
2503 | |
2504 /* | |
2505 * NSSCryptoContext_FindBestUserCertificateForEmailSigning | |
2506 * | |
2507 */ | |
2508 | |
2509 NSS_EXTERN NSSCertificate * | |
2510 NSSCryptoContext_FindBestUserCertificateForEmailSigning | |
2511 ( | |
2512 NSSCryptoContext *cc, | |
2513 NSSASCII7 *signerOpt, | |
2514 NSSASCII7 *recipientOpt, | |
2515 /* anything more here? */ | |
2516 NSSAlgorithmAndParameters *apOpt, | |
2517 NSSPolicies *policiesOpt | |
2518 ); | |
2519 | 1790 |
2520 /* | 1791 /* |
2521 * NSSCryptoContext_FindUserCertificatesForEmailSigning | 1792 * NSSCryptoContext_FindUserCertificatesForEmailSigning |
2522 * | 1793 * |
2523 */ | 1794 */ |
2524 | 1795 |
2525 NSS_EXTERN NSSCertificate * | 1796 NSS_EXTERN NSSCertificate *NSSCryptoContext_FindUserCertificatesForEmailSigning( |
2526 NSSCryptoContext_FindUserCertificatesForEmailSigning | 1797 NSSCryptoContext *cc, |
2527 ( | 1798 NSSASCII7 *signerOpt, /* fgmr or a more general name? */ |
2528 NSSCryptoContext *cc, | 1799 NSSASCII7 *recipientOpt, |
2529 NSSASCII7 *signerOpt, /* fgmr or a more general name? */ | 1800 /* anything more here? */ |
2530 NSSASCII7 *recipientOpt, | 1801 NSSAlgorithmAndParameters *apOpt, NSSPolicies *policiesOpt, |
2531 /* anything more here? */ | 1802 NSSCertificate **rvOpt, PRUint32 rvLimit, /* zero for no limit */ |
2532 NSSAlgorithmAndParameters *apOpt, | 1803 NSSArena *arenaOpt); |
2533 NSSPolicies *policiesOpt, | |
2534 NSSCertificate **rvOpt, | |
2535 PRUint32 rvLimit, /* zero for no limit */ | |
2536 NSSArena *arenaOpt | |
2537 ); | |
2538 | 1804 |
2539 /* Private Keys */ | 1805 /* Private Keys */ |
2540 | 1806 |
2541 /* | 1807 /* |
2542 * NSSCryptoContext_GenerateKeyPair | 1808 * NSSCryptoContext_GenerateKeyPair |
2543 * | 1809 * |
2544 * Creates session objects. If you want persistant objects, use | 1810 * Creates session objects. If you want persistant objects, use |
2545 * NSSTrustDomain_GenerateKeyPair. The destination token is where | 1811 * NSSTrustDomain_GenerateKeyPair. The destination token is where |
2546 * the keys are stored. If that token can do the required math, then | 1812 * the keys are stored. If that token can do the required math, then |
2547 * that's where the keys are generated too. Otherwise, the keys are | 1813 * that's where the keys are generated too. Otherwise, the keys are |
2548 * generated elsewhere and moved to that token. | 1814 * generated elsewhere and moved to that token. |
2549 */ | 1815 */ |
2550 | 1816 |
2551 NSS_EXTERN PRStatus | 1817 NSS_EXTERN PRStatus NSSCryptoContext_GenerateKeyPair( |
2552 NSSCryptoContext_GenerateKeyPair | 1818 NSSCryptoContext *cc, NSSAlgorithmAndParameters *ap, NSSPrivateKey **pvkOpt, |
2553 ( | 1819 NSSPublicKey **pbkOpt, PRBool privateKeyIsSensitive, NSSToken *destination, |
2554 NSSCryptoContext *cc, | 1820 NSSCallback *uhhOpt); |
2555 NSSAlgorithmAndParameters *ap, | |
2556 NSSPrivateKey **pvkOpt, | |
2557 NSSPublicKey **pbkOpt, | |
2558 PRBool privateKeyIsSensitive, | |
2559 NSSToken *destination, | |
2560 NSSCallback *uhhOpt | |
2561 ); | |
2562 | 1821 |
2563 /* | 1822 /* |
2564 * NSSCryptoContext_TraversePrivateKeys | 1823 * NSSCryptoContext_TraversePrivateKeys |
2565 * | 1824 * |
2566 * | 1825 * |
2567 * NSS_EXTERN PRStatus * | 1826 * NSS_EXTERN PRStatus * |
2568 * NSSCryptoContext_TraversePrivateKeys | 1827 * NSSCryptoContext_TraversePrivateKeys |
2569 * ( | 1828 * ( |
2570 * NSSCryptoContext *cc, | 1829 * NSSCryptoContext *cc, |
2571 * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), | 1830 * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), |
2572 * void *arg | 1831 * void *arg |
2573 * ); | 1832 * ); |
2574 */ | 1833 */ |
2575 | 1834 |
2576 /* Symmetric Keys */ | 1835 /* Symmetric Keys */ |
2577 | 1836 |
2578 /* | 1837 /* |
2579 * NSSCryptoContext_GenerateSymmetricKey | 1838 * NSSCryptoContext_GenerateSymmetricKey |
2580 * | 1839 * |
2581 */ | 1840 */ |
2582 | 1841 |
2583 NSS_EXTERN NSSSymmetricKey * | 1842 NSS_EXTERN NSSSymmetricKey *NSSCryptoContext_GenerateSymmetricKey( |
2584 NSSCryptoContext_GenerateSymmetricKey | 1843 NSSCryptoContext *cc, NSSAlgorithmAndParameters *ap, PRUint32 keysize, |
2585 ( | 1844 NSSToken *destination, NSSCallback *uhhOpt); |
2586 NSSCryptoContext *cc, | |
2587 NSSAlgorithmAndParameters *ap, | |
2588 PRUint32 keysize, | |
2589 NSSToken *destination, | |
2590 NSSCallback *uhhOpt | |
2591 ); | |
2592 | 1845 |
2593 /* | 1846 /* |
2594 * NSSCryptoContext_GenerateSymmetricKeyFromPassword | 1847 * NSSCryptoContext_GenerateSymmetricKeyFromPassword |
2595 * | 1848 * |
2596 */ | 1849 */ |
2597 | 1850 |
2598 NSS_EXTERN NSSSymmetricKey * | 1851 NSS_EXTERN NSSSymmetricKey *NSSCryptoContext_GenerateSymmetricKeyFromPassword( |
2599 NSSCryptoContext_GenerateSymmetricKeyFromPassword | 1852 NSSCryptoContext *cc, NSSAlgorithmAndParameters *ap, |
2600 ( | 1853 NSSUTF8 *passwordOpt, /* if null, prompt */ |
2601 NSSCryptoContext *cc, | 1854 NSSToken *destinationOpt, NSSCallback *uhhOpt); |
2602 NSSAlgorithmAndParameters *ap, | |
2603 NSSUTF8 *passwordOpt, /* if null, prompt */ | |
2604 NSSToken *destinationOpt, | |
2605 NSSCallback *uhhOpt | |
2606 ); | |
2607 | 1855 |
2608 /* | 1856 /* |
2609 * NSSCryptoContext_FindSymmetricKeyByAlgorithm | 1857 * NSSCryptoContext_FindSymmetricKeyByAlgorithm |
2610 * | 1858 * |
2611 * | 1859 * |
2612 * NSS_EXTERN NSSSymmetricKey * | 1860 * NSS_EXTERN NSSSymmetricKey * |
2613 * NSSCryptoContext_FindSymmetricKeyByType | 1861 * NSSCryptoContext_FindSymmetricKeyByType |
2614 * ( | 1862 * ( |
2615 * NSSCryptoContext *cc, | 1863 * NSSCryptoContext *cc, |
2616 * NSSOID *type, | 1864 * NSSOID *type, |
2617 * NSSCallback *uhhOpt | 1865 * NSSCallback *uhhOpt |
2618 * ); | 1866 * ); |
2619 */ | 1867 */ |
2620 | 1868 |
2621 /* | 1869 /* |
2622 * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID | 1870 * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID |
2623 * | 1871 * |
2624 */ | 1872 */ |
2625 | 1873 |
2626 NSS_EXTERN NSSSymmetricKey * | 1874 NSS_EXTERN NSSSymmetricKey * |
2627 NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID | 1875 NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID(NSSCryptoContext *cc, |
2628 ( | 1876 NSSOID *algorithm, |
2629 NSSCryptoContext *cc, | 1877 NSSItem *keyID, |
2630 NSSOID *algorithm, | 1878 NSSCallback *uhhOpt); |
2631 NSSItem *keyID, | |
2632 NSSCallback *uhhOpt | |
2633 ); | |
2634 | 1879 |
2635 /* | 1880 /* |
2636 * NSSCryptoContext_TraverseSymmetricKeys | 1881 * NSSCryptoContext_TraverseSymmetricKeys |
2637 * | 1882 * |
2638 * | 1883 * |
2639 * NSS_EXTERN PRStatus * | 1884 * NSS_EXTERN PRStatus * |
2640 * NSSCryptoContext_TraverseSymmetricKeys | 1885 * NSSCryptoContext_TraverseSymmetricKeys |
2641 * ( | 1886 * ( |
2642 * NSSCryptoContext *cc, | 1887 * NSSCryptoContext *cc, |
2643 * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), | 1888 * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), |
2644 * void *arg | 1889 * void *arg |
2645 * ); | 1890 * ); |
2646 */ | 1891 */ |
2647 | 1892 |
2648 /* Crypto ops on distinguished keys */ | 1893 /* Crypto ops on distinguished keys */ |
2649 | 1894 |
2650 /* | 1895 /* |
2651 * NSSCryptoContext_Decrypt | 1896 * NSSCryptoContext_Decrypt |
2652 * | 1897 * |
2653 */ | 1898 */ |
2654 | 1899 |
2655 NSS_EXTERN NSSItem * | 1900 NSS_EXTERN NSSItem *NSSCryptoContext_Decrypt(NSSCryptoContext *cc, |
2656 NSSCryptoContext_Decrypt | 1901 NSSAlgorithmAndParameters *apOpt, |
2657 ( | 1902 NSSItem *encryptedData, |
2658 NSSCryptoContext *cc, | 1903 NSSCallback *uhhOpt, |
2659 NSSAlgorithmAndParameters *apOpt, | 1904 NSSItem *rvOpt, |
2660 NSSItem *encryptedData, | 1905 NSSArena *arenaOpt); |
2661 NSSCallback *uhhOpt, | |
2662 NSSItem *rvOpt, | |
2663 NSSArena *arenaOpt | |
2664 ); | |
2665 | 1906 |
2666 /* | 1907 /* |
2667 * NSSCryptoContext_BeginDecrypt | 1908 * NSSCryptoContext_BeginDecrypt |
2668 * | 1909 * |
2669 */ | 1910 */ |
2670 | 1911 |
2671 NSS_EXTERN PRStatus | 1912 NSS_EXTERN PRStatus |
2672 NSSCryptoContext_BeginDecrypt | 1913 NSSCryptoContext_BeginDecrypt(NSSCryptoContext *cc, |
2673 ( | 1914 NSSAlgorithmAndParameters *apOpt, |
2674 NSSCryptoContext *cc, | 1915 NSSCallback *uhhOpt); |
2675 NSSAlgorithmAndParameters *apOpt, | |
2676 NSSCallback *uhhOpt | |
2677 ); | |
2678 | 1916 |
2679 /* | 1917 /* |
2680 * NSSCryptoContext_ContinueDecrypt | 1918 * NSSCryptoContext_ContinueDecrypt |
2681 * | 1919 * |
2682 */ | 1920 */ |
2683 | 1921 |
2684 /* | 1922 /* |
2685 * NSSItem semantics: | 1923 * NSSItem semantics: |
2686 * | 1924 * |
2687 * If rvOpt is NULL, a new NSSItem and buffer are allocated. | 1925 * If rvOpt is NULL, a new NSSItem and buffer are allocated. |
2688 * If rvOpt is not null, but the buffer pointer is null, | 1926 * If rvOpt is not null, but the buffer pointer is null, |
2689 * then rvOpt is returned but a new buffer is allocated. | 1927 * then rvOpt is returned but a new buffer is allocated. |
2690 * In this case, if the length value is not zero, then | 1928 * In this case, if the length value is not zero, then |
2691 * no more than that much space will be allocated. | 1929 * no more than that much space will be allocated. |
2692 * If rvOpt is not null and the buffer pointer is not null, | 1930 * If rvOpt is not null and the buffer pointer is not null, |
2693 * then that buffer is re-used. No more than the buffer | 1931 * then that buffer is re-used. No more than the buffer |
2694 * length value will be used; if it's not enough, an | 1932 * length value will be used; if it's not enough, an |
2695 * error is returned. If less is used, the number is | 1933 * error is returned. If less is used, the number is |
2696 * adjusted downwards. | 1934 * adjusted downwards. |
2697 * | 1935 * |
2698 * Note that although this is short of some ideal "Item" | 1936 * Note that although this is short of some ideal "Item" |
2699 * definition, we can usually tell how big these buffers | 1937 * definition, we can usually tell how big these buffers |
2700 * have to be. | 1938 * have to be. |
2701 * | 1939 * |
2702 * Feedback is requested; and earlier is better than later. | 1940 * Feedback is requested; and earlier is better than later. |
2703 */ | 1941 */ |
2704 | 1942 |
2705 NSS_EXTERN NSSItem * | 1943 NSS_EXTERN NSSItem *NSSCryptoContext_ContinueDecrypt(NSSCryptoContext *cc, |
2706 NSSCryptoContext_ContinueDecrypt | 1944 NSSItem *data, |
2707 ( | 1945 NSSItem *rvOpt, |
2708 NSSCryptoContext *cc, | 1946 NSSArena *arenaOpt); |
2709 NSSItem *data, | |
2710 NSSItem *rvOpt, | |
2711 NSSArena *arenaOpt | |
2712 ); | |
2713 | 1947 |
2714 /* | 1948 /* |
2715 * NSSCryptoContext_FinishDecrypt | 1949 * NSSCryptoContext_FinishDecrypt |
2716 * | 1950 * |
2717 */ | 1951 */ |
2718 | 1952 |
2719 NSS_EXTERN NSSItem * | 1953 NSS_EXTERN NSSItem *NSSCryptoContext_FinishDecrypt(NSSCryptoContext *cc, |
2720 NSSCryptoContext_FinishDecrypt | 1954 NSSItem *rvOpt, |
2721 ( | 1955 NSSArena *arenaOpt); |
2722 NSSCryptoContext *cc, | |
2723 NSSItem *rvOpt, | |
2724 NSSArena *arenaOpt | |
2725 ); | |
2726 | 1956 |
2727 /* | 1957 /* |
2728 * NSSCryptoContext_Sign | 1958 * NSSCryptoContext_Sign |
2729 * | 1959 * |
2730 */ | 1960 */ |
2731 | 1961 |
2732 NSS_EXTERN NSSItem * | 1962 NSS_EXTERN NSSItem *NSSCryptoContext_Sign(NSSCryptoContext *cc, |
2733 NSSCryptoContext_Sign | 1963 NSSAlgorithmAndParameters *apOpt, |
2734 ( | 1964 NSSItem *data, NSSCallback *uhhOpt, |
2735 NSSCryptoContext *cc, | 1965 NSSItem *rvOpt, NSSArena *arenaOpt); |
2736 NSSAlgorithmAndParameters *apOpt, | |
2737 NSSItem *data, | |
2738 NSSCallback *uhhOpt, | |
2739 NSSItem *rvOpt, | |
2740 NSSArena *arenaOpt | |
2741 ); | |
2742 | 1966 |
2743 /* | 1967 /* |
2744 * NSSCryptoContext_BeginSign | 1968 * NSSCryptoContext_BeginSign |
2745 * | 1969 * |
2746 */ | 1970 */ |
2747 | 1971 |
2748 NSS_EXTERN PRStatus | 1972 NSS_EXTERN PRStatus NSSCryptoContext_BeginSign(NSSCryptoContext *cc, |
2749 NSSCryptoContext_BeginSign | 1973 NSSAlgorithmAndParameters *apOpt, |
2750 ( | 1974 NSSCallback *uhhOpt); |
2751 NSSCryptoContext *cc, | |
2752 NSSAlgorithmAndParameters *apOpt, | |
2753 NSSCallback *uhhOpt | |
2754 ); | |
2755 | 1975 |
2756 /* | 1976 /* |
2757 * NSSCryptoContext_ContinueSign | 1977 * NSSCryptoContext_ContinueSign |
2758 * | 1978 * |
2759 */ | 1979 */ |
2760 | 1980 |
2761 NSS_EXTERN PRStatus | 1981 NSS_EXTERN PRStatus |
2762 NSSCryptoContext_ContinueSign | 1982 NSSCryptoContext_ContinueSign(NSSCryptoContext *cc, NSSItem *data); |
2763 ( | |
2764 NSSCryptoContext *cc, | |
2765 NSSItem *data | |
2766 ); | |
2767 | 1983 |
2768 /* | 1984 /* |
2769 * NSSCryptoContext_FinishSign | 1985 * NSSCryptoContext_FinishSign |
2770 * | 1986 * |
2771 */ | 1987 */ |
2772 | 1988 |
2773 NSS_EXTERN NSSItem * | 1989 NSS_EXTERN NSSItem *NSSCryptoContext_FinishSign(NSSCryptoContext *cc, |
2774 NSSCryptoContext_FinishSign | 1990 NSSItem *rvOpt, |
2775 ( | 1991 NSSArena *arenaOpt); |
2776 NSSCryptoContext *cc, | |
2777 NSSItem *rvOpt, | |
2778 NSSArena *arenaOpt | |
2779 ); | |
2780 | 1992 |
2781 /* | 1993 /* |
2782 * NSSCryptoContext_SignRecover | 1994 * NSSCryptoContext_SignRecover |
2783 * | 1995 * |
2784 */ | 1996 */ |
2785 | 1997 |
2786 NSS_EXTERN NSSItem * | 1998 NSS_EXTERN NSSItem *NSSCryptoContext_SignRecover( |
2787 NSSCryptoContext_SignRecover | 1999 NSSCryptoContext *cc, NSSAlgorithmAndParameters *apOpt, NSSItem *data, |
2788 ( | 2000 NSSCallback *uhhOpt, NSSItem *rvOpt, NSSArena *arenaOpt); |
2789 NSSCryptoContext *cc, | |
2790 NSSAlgorithmAndParameters *apOpt, | |
2791 NSSItem *data, | |
2792 NSSCallback *uhhOpt, | |
2793 NSSItem *rvOpt, | |
2794 NSSArena *arenaOpt | |
2795 ); | |
2796 | 2001 |
2797 /* | 2002 /* |
2798 * NSSCryptoContext_BeginSignRecover | 2003 * NSSCryptoContext_BeginSignRecover |
2799 * | 2004 * |
2800 */ | 2005 */ |
2801 | 2006 |
2802 NSS_EXTERN PRStatus | 2007 NSS_EXTERN PRStatus |
2803 NSSCryptoContext_BeginSignRecover | 2008 NSSCryptoContext_BeginSignRecover(NSSCryptoContext *cc, |
2804 ( | 2009 NSSAlgorithmAndParameters *apOpt, |
2805 NSSCryptoContext *cc, | 2010 NSSCallback *uhhOpt); |
2806 NSSAlgorithmAndParameters *apOpt, | |
2807 NSSCallback *uhhOpt | |
2808 ); | |
2809 | 2011 |
2810 /* | 2012 /* |
2811 * NSSCryptoContext_ContinueSignRecover | 2013 * NSSCryptoContext_ContinueSignRecover |
2812 * | 2014 * |
2813 */ | 2015 */ |
2814 | 2016 |
2815 NSS_EXTERN NSSItem * | 2017 NSS_EXTERN NSSItem *NSSCryptoContext_ContinueSignRecover(NSSCryptoContext *cc, |
2816 NSSCryptoContext_ContinueSignRecover | 2018 NSSItem *data, |
2817 ( | 2019 NSSItem *rvOpt, |
2818 NSSCryptoContext *cc, | 2020 NSSArena *arenaOpt); |
2819 NSSItem *data, | |
2820 NSSItem *rvOpt, | |
2821 NSSArena *arenaOpt | |
2822 ); | |
2823 | 2021 |
2824 /* | 2022 /* |
2825 * NSSCryptoContext_FinishSignRecover | 2023 * NSSCryptoContext_FinishSignRecover |
2826 * | 2024 * |
2827 */ | 2025 */ |
2828 | 2026 |
2829 NSS_EXTERN NSSItem * | 2027 NSS_EXTERN NSSItem *NSSCryptoContext_FinishSignRecover(NSSCryptoContext *cc, |
2830 NSSCryptoContext_FinishSignRecover | 2028 NSSItem *rvOpt, |
2831 ( | 2029 NSSArena *arenaOpt); |
2832 NSSCryptoContext *cc, | |
2833 NSSItem *rvOpt, | |
2834 NSSArena *arenaOpt | |
2835 ); | |
2836 | 2030 |
2837 /* | 2031 /* |
2838 * NSSCryptoContext_UnwrapSymmetricKey | 2032 * NSSCryptoContext_UnwrapSymmetricKey |
2839 * | 2033 * |
2840 */ | 2034 */ |
2841 | 2035 |
2842 NSS_EXTERN NSSSymmetricKey * | 2036 NSS_EXTERN NSSSymmetricKey *NSSCryptoContext_UnwrapSymmetricKey( |
2843 NSSCryptoContext_UnwrapSymmetricKey | 2037 NSSCryptoContext *cc, NSSAlgorithmAndParameters *apOpt, NSSItem *wrappedKey, |
2844 ( | 2038 NSSCallback *uhhOpt); |
2845 NSSCryptoContext *cc, | |
2846 NSSAlgorithmAndParameters *apOpt, | |
2847 NSSItem *wrappedKey, | |
2848 NSSCallback *uhhOpt | |
2849 ); | |
2850 | 2039 |
2851 /* | 2040 /* |
2852 * NSSCryptoContext_DeriveSymmetricKey | 2041 * NSSCryptoContext_DeriveSymmetricKey |
2853 * | 2042 * |
2854 */ | 2043 */ |
2855 | 2044 |
2856 NSS_EXTERN NSSSymmetricKey * | 2045 NSS_EXTERN NSSSymmetricKey *NSSCryptoContext_DeriveSymmetricKey( |
2857 NSSCryptoContext_DeriveSymmetricKey | 2046 NSSCryptoContext *cc, NSSPublicKey *bk, NSSAlgorithmAndParameters *apOpt, |
2858 ( | 2047 NSSOID *target, PRUint32 keySizeOpt, /* zero for best allowed */ |
2859 NSSCryptoContext *cc, | 2048 NSSOperations operations, NSSCallback *uhhOpt); |
2860 NSSPublicKey *bk, | |
2861 NSSAlgorithmAndParameters *apOpt, | |
2862 NSSOID *target, | |
2863 PRUint32 keySizeOpt, /* zero for best allowed */ | |
2864 NSSOperations operations, | |
2865 NSSCallback *uhhOpt | |
2866 ); | |
2867 | 2049 |
2868 /* | 2050 /* |
2869 * NSSCryptoContext_Encrypt | 2051 * NSSCryptoContext_Encrypt |
2870 * | 2052 * |
2871 * Encrypt a single chunk of data with the distinguished public key | 2053 * Encrypt a single chunk of data with the distinguished public key |
2872 * of this crypto context. | 2054 * of this crypto context. |
2873 */ | 2055 */ |
2874 | 2056 |
2875 NSS_EXTERN NSSItem * | 2057 NSS_EXTERN NSSItem *NSSCryptoContext_Encrypt(NSSCryptoContext *cc, |
2876 NSSCryptoContext_Encrypt | 2058 NSSAlgorithmAndParameters *apOpt, |
2877 ( | 2059 NSSItem *data, NSSCallback *uhhOpt, |
2878 NSSCryptoContext *cc, | 2060 NSSItem *rvOpt, |
2879 NSSAlgorithmAndParameters *apOpt, | 2061 NSSArena *arenaOpt); |
2880 NSSItem *data, | |
2881 NSSCallback *uhhOpt, | |
2882 NSSItem *rvOpt, | |
2883 NSSArena *arenaOpt | |
2884 ); | |
2885 | 2062 |
2886 /* | 2063 /* |
2887 * NSSCryptoContext_BeginEncrypt | 2064 * NSSCryptoContext_BeginEncrypt |
2888 * | 2065 * |
2889 */ | 2066 */ |
2890 | 2067 |
2891 NSS_EXTERN PRStatus | 2068 NSS_EXTERN PRStatus |
2892 NSSCryptoContext_BeginEncrypt | 2069 NSSCryptoContext_BeginEncrypt(NSSCryptoContext *cc, |
2893 ( | 2070 NSSAlgorithmAndParameters *apOpt, |
2894 NSSCryptoContext *cc, | 2071 NSSCallback *uhhOpt); |
2895 NSSAlgorithmAndParameters *apOpt, | |
2896 NSSCallback *uhhOpt | |
2897 ); | |
2898 | 2072 |
2899 /* | 2073 /* |
2900 * NSSCryptoContext_ContinueEncrypt | 2074 * NSSCryptoContext_ContinueEncrypt |
2901 * | 2075 * |
2902 */ | 2076 */ |
2903 | 2077 |
2904 NSS_EXTERN NSSItem * | 2078 NSS_EXTERN NSSItem *NSSCryptoContext_ContinueEncrypt(NSSCryptoContext *cc, |
2905 NSSCryptoContext_ContinueEncrypt | 2079 NSSItem *data, |
2906 ( | 2080 NSSItem *rvOpt, |
2907 NSSCryptoContext *cc, | 2081 NSSArena *arenaOpt); |
2908 NSSItem *data, | |
2909 NSSItem *rvOpt, | |
2910 NSSArena *arenaOpt | |
2911 ); | |
2912 | 2082 |
2913 /* | 2083 /* |
2914 * NSSCryptoContext_FinishEncrypt | 2084 * NSSCryptoContext_FinishEncrypt |
2915 * | 2085 * |
2916 */ | 2086 */ |
2917 | 2087 |
2918 NSS_EXTERN NSSItem * | 2088 NSS_EXTERN NSSItem *NSSCryptoContext_FinishEncrypt(NSSCryptoContext *cc, |
2919 NSSCryptoContext_FinishEncrypt | 2089 NSSItem *rvOpt, |
2920 ( | 2090 NSSArena *arenaOpt); |
2921 NSSCryptoContext *cc, | |
2922 NSSItem *rvOpt, | |
2923 NSSArena *arenaOpt | |
2924 ); | |
2925 | 2091 |
2926 /* | 2092 /* |
2927 * NSSCryptoContext_Verify | 2093 * NSSCryptoContext_Verify |
2928 * | 2094 * |
2929 */ | 2095 */ |
2930 | 2096 |
2931 NSS_EXTERN PRStatus | 2097 NSS_EXTERN PRStatus NSSCryptoContext_Verify(NSSCryptoContext *cc, |
2932 NSSCryptoContext_Verify | 2098 NSSAlgorithmAndParameters *apOpt, |
2933 ( | 2099 NSSItem *data, NSSItem *signature, |
2934 NSSCryptoContext *cc, | 2100 NSSCallback *uhhOpt); |
2935 NSSAlgorithmAndParameters *apOpt, | |
2936 NSSItem *data, | |
2937 NSSItem *signature, | |
2938 NSSCallback *uhhOpt | |
2939 ); | |
2940 | 2101 |
2941 /* | 2102 /* |
2942 * NSSCryptoContext_BeginVerify | 2103 * NSSCryptoContext_BeginVerify |
2943 * | 2104 * |
2944 */ | 2105 */ |
2945 | 2106 |
2946 NSS_EXTERN PRStatus | 2107 NSS_EXTERN PRStatus |
2947 NSSCryptoContext_BeginVerify | 2108 NSSCryptoContext_BeginVerify(NSSCryptoContext *cc, |
2948 ( | 2109 NSSAlgorithmAndParameters *apOpt, |
2949 NSSCryptoContext *cc, | 2110 NSSItem *signature, NSSCallback *uhhOpt); |
2950 NSSAlgorithmAndParameters *apOpt, | |
2951 NSSItem *signature, | |
2952 NSSCallback *uhhOpt | |
2953 ); | |
2954 | 2111 |
2955 /* | 2112 /* |
2956 * NSSCryptoContext_ContinueVerify | 2113 * NSSCryptoContext_ContinueVerify |
2957 * | 2114 * |
2958 */ | 2115 */ |
2959 | 2116 |
2960 NSS_EXTERN PRStatus | 2117 NSS_EXTERN PRStatus |
2961 NSSCryptoContext_ContinueVerify | 2118 NSSCryptoContext_ContinueVerify(NSSCryptoContext *cc, NSSItem *data); |
2962 ( | |
2963 NSSCryptoContext *cc, | |
2964 NSSItem *data | |
2965 ); | |
2966 | 2119 |
2967 /* | 2120 /* |
2968 * NSSCryptoContext_FinishVerify | 2121 * NSSCryptoContext_FinishVerify |
2969 * | 2122 * |
2970 */ | 2123 */ |
2971 | 2124 |
2972 NSS_EXTERN PRStatus | 2125 NSS_EXTERN PRStatus NSSCryptoContext_FinishVerify(NSSCryptoContext *cc); |
2973 NSSCryptoContext_FinishVerify | |
2974 ( | |
2975 NSSCryptoContext *cc | |
2976 ); | |
2977 | 2126 |
2978 /* | 2127 /* |
2979 * NSSCryptoContext_VerifyRecover | 2128 * NSSCryptoContext_VerifyRecover |
2980 * | 2129 * |
2981 */ | 2130 */ |
2982 | 2131 |
2983 NSS_EXTERN NSSItem * | 2132 NSS_EXTERN NSSItem *NSSCryptoContext_VerifyRecover( |
2984 NSSCryptoContext_VerifyRecover | 2133 NSSCryptoContext *cc, NSSAlgorithmAndParameters *apOpt, NSSItem *signature, |
2985 ( | 2134 NSSCallback *uhhOpt, NSSItem *rvOpt, NSSArena *arenaOpt); |
2986 NSSCryptoContext *cc, | |
2987 NSSAlgorithmAndParameters *apOpt, | |
2988 NSSItem *signature, | |
2989 NSSCallback *uhhOpt, | |
2990 NSSItem *rvOpt, | |
2991 NSSArena *arenaOpt | |
2992 ); | |
2993 | 2135 |
2994 /* | 2136 /* |
2995 * NSSCryptoContext_BeginVerifyRecover | 2137 * NSSCryptoContext_BeginVerifyRecover |
2996 * | 2138 * |
2997 */ | 2139 */ |
2998 | 2140 |
2999 NSS_EXTERN PRStatus | 2141 NSS_EXTERN PRStatus |
3000 NSSCryptoContext_BeginVerifyRecover | 2142 NSSCryptoContext_BeginVerifyRecover(NSSCryptoContext *cc, |
3001 ( | 2143 NSSAlgorithmAndParameters *apOpt, |
3002 NSSCryptoContext *cc, | 2144 NSSCallback *uhhOpt); |
3003 NSSAlgorithmAndParameters *apOpt, | |
3004 NSSCallback *uhhOpt | |
3005 ); | |
3006 | 2145 |
3007 /* | 2146 /* |
3008 * NSSCryptoContext_ContinueVerifyRecover | 2147 * NSSCryptoContext_ContinueVerifyRecover |
3009 * | 2148 * |
3010 */ | 2149 */ |
3011 | 2150 |
3012 NSS_EXTERN NSSItem * | 2151 NSS_EXTERN NSSItem *NSSCryptoContext_ContinueVerifyRecover(NSSCryptoContext *cc, |
3013 NSSCryptoContext_ContinueVerifyRecover | 2152 NSSItem *data, |
3014 ( | 2153 NSSItem *rvOpt, |
3015 NSSCryptoContext *cc, | 2154 NSSArena *arenaOpt); |
3016 NSSItem *data, | |
3017 NSSItem *rvOpt, | |
3018 NSSArena *arenaOpt | |
3019 ); | |
3020 | 2155 |
3021 /* | 2156 /* |
3022 * NSSCryptoContext_FinishVerifyRecover | 2157 * NSSCryptoContext_FinishVerifyRecover |
3023 * | 2158 * |
3024 */ | 2159 */ |
3025 | 2160 |
3026 NSS_EXTERN NSSItem * | 2161 NSS_EXTERN NSSItem *NSSCryptoContext_FinishVerifyRecover(NSSCryptoContext *cc, |
3027 NSSCryptoContext_FinishVerifyRecover | 2162 NSSItem *rvOpt, |
3028 ( | 2163 NSSArena *arenaOpt); |
3029 NSSCryptoContext *cc, | |
3030 NSSItem *rvOpt, | |
3031 NSSArena *arenaOpt | |
3032 ); | |
3033 | 2164 |
3034 /* | 2165 /* |
3035 * NSSCryptoContext_WrapSymmetricKey | 2166 * NSSCryptoContext_WrapSymmetricKey |
3036 * | 2167 * |
3037 */ | 2168 */ |
3038 | 2169 |
3039 NSS_EXTERN NSSItem * | 2170 NSS_EXTERN NSSItem *NSSCryptoContext_WrapSymmetricKey( |
3040 NSSCryptoContext_WrapSymmetricKey | 2171 NSSCryptoContext *cc, NSSAlgorithmAndParameters *apOpt, |
3041 ( | 2172 NSSSymmetricKey *keyToWrap, NSSCallback *uhhOpt, NSSItem *rvOpt, |
3042 NSSCryptoContext *cc, | 2173 NSSArena *arenaOpt); |
3043 NSSAlgorithmAndParameters *apOpt, | |
3044 NSSSymmetricKey *keyToWrap, | |
3045 NSSCallback *uhhOpt, | |
3046 NSSItem *rvOpt, | |
3047 NSSArena *arenaOpt | |
3048 ); | |
3049 | 2174 |
3050 /* | 2175 /* |
3051 * NSSCryptoContext_Digest | 2176 * NSSCryptoContext_Digest |
3052 * | 2177 * |
3053 * Digest a single chunk of data with the distinguished digest key | 2178 * Digest a single chunk of data with the distinguished digest key |
3054 * of this crypto context. | 2179 * of this crypto context. |
3055 */ | 2180 */ |
3056 | 2181 |
3057 NSS_EXTERN NSSItem * | 2182 NSS_EXTERN NSSItem *NSSCryptoContext_Digest(NSSCryptoContext *cc, |
3058 NSSCryptoContext_Digest | 2183 NSSAlgorithmAndParameters *apOpt, |
3059 ( | 2184 NSSItem *data, NSSCallback *uhhOpt, |
3060 NSSCryptoContext *cc, | 2185 NSSItem *rvOpt, NSSArena *arenaOpt); |
3061 NSSAlgorithmAndParameters *apOpt, | |
3062 NSSItem *data, | |
3063 NSSCallback *uhhOpt, | |
3064 NSSItem *rvOpt, | |
3065 NSSArena *arenaOpt | |
3066 ); | |
3067 | 2186 |
3068 /* | 2187 /* |
3069 * NSSCryptoContext_BeginDigest | 2188 * NSSCryptoContext_BeginDigest |
3070 * | 2189 * |
3071 */ | 2190 */ |
3072 | 2191 |
3073 NSS_EXTERN PRStatus | 2192 NSS_EXTERN PRStatus |
3074 NSSCryptoContext_BeginDigest | 2193 NSSCryptoContext_BeginDigest(NSSCryptoContext *cc, |
3075 ( | 2194 NSSAlgorithmAndParameters *apOpt, |
3076 NSSCryptoContext *cc, | 2195 NSSCallback *uhhOpt); |
3077 NSSAlgorithmAndParameters *apOpt, | |
3078 NSSCallback *uhhOpt | |
3079 ); | |
3080 | 2196 |
3081 /* | 2197 /* |
3082 * NSSCryptoContext_ContinueDigest | 2198 * NSSCryptoContext_ContinueDigest |
3083 * | 2199 * |
3084 */ | 2200 */ |
3085 | 2201 |
3086 NSS_EXTERN PRStatus | 2202 NSS_EXTERN PRStatus |
3087 NSSCryptoContext_ContinueDigest | 2203 NSSCryptoContext_ContinueDigest(NSSCryptoContext *cc, |
3088 ( | 2204 NSSAlgorithmAndParameters *apOpt, |
3089 NSSCryptoContext *cc, | 2205 NSSItem *item); |
3090 NSSAlgorithmAndParameters *apOpt, | |
3091 NSSItem *item | |
3092 ); | |
3093 | 2206 |
3094 /* | 2207 /* |
3095 * NSSCryptoContext_FinishDigest | 2208 * NSSCryptoContext_FinishDigest |
3096 * | 2209 * |
3097 */ | 2210 */ |
3098 | 2211 |
3099 NSS_EXTERN NSSItem * | 2212 NSS_EXTERN NSSItem *NSSCryptoContext_FinishDigest(NSSCryptoContext *cc, |
3100 NSSCryptoContext_FinishDigest | 2213 NSSItem *rvOpt, |
3101 ( | 2214 NSSArena *arenaOpt); |
3102 NSSCryptoContext *cc, | |
3103 NSSItem *rvOpt, | |
3104 NSSArena *arenaOpt | |
3105 ); | |
3106 | 2215 |
3107 /* | 2216 /* |
3108 * tbd: Combination ops | 2217 * tbd: Combination ops |
3109 */ | 2218 */ |
3110 | 2219 |
3111 /* | 2220 /* |
3112 * NSSCryptoContext_Clone | 2221 * NSSCryptoContext_Clone |
3113 * | 2222 * |
3114 */ | 2223 */ |
3115 | 2224 |
3116 NSS_EXTERN NSSCryptoContext * | 2225 NSS_EXTERN NSSCryptoContext *NSSCryptoContext_Clone(NSSCryptoContext *cc); |
3117 NSSCryptoContext_Clone | |
3118 ( | |
3119 NSSCryptoContext *cc | |
3120 ); | |
3121 | 2226 |
3122 /* | 2227 /* |
3123 * NSSCryptoContext_Save | 2228 * NSSCryptoContext_Save |
3124 * NSSCryptoContext_Restore | 2229 * NSSCryptoContext_Restore |
3125 * | 2230 * |
3126 * We need to be able to save and restore the state of contexts. | 2231 * We need to be able to save and restore the state of contexts. |
3127 * Perhaps a mark-and-release mechanism would be better? | 2232 * Perhaps a mark-and-release mechanism would be better? |
3128 */ | 2233 */ |
3129 | 2234 |
3130 /* | 2235 /* |
3131 * ..._SignTBSCertificate | 2236 * ..._SignTBSCertificate |
3132 * | 2237 * |
3133 * This requires feedback from the cert server team. | 2238 * This requires feedback from the cert server team. |
3134 */ | 2239 */ |
3135 | 2240 |
3136 /* | 2241 /* |
3137 * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c); | 2242 * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c); |
3138 * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool truste
d); | 2243 * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool |
| 2244 *trusted); |
3139 * | 2245 * |
3140 * These will be helper functions which get the trust object for a cert, | 2246 * These will be helper functions which get the trust object for a cert, |
3141 * and then call the corresponding function(s) on it. | 2247 * and then call the corresponding function(s) on it. |
3142 * | 2248 * |
3143 * PKIX trust objects will have methods to manipulate the low-level trust | 2249 * PKIX trust objects will have methods to manipulate the low-level trust |
3144 * bits (which are based on key usage and extended key usage), and also the | 2250 * bits (which are based on key usage and extended key usage), and also the |
3145 * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.) | 2251 * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.) |
3146 * | 2252 * |
3147 * Other types of trust objects (if any) might have different low-level | 2253 * Other types of trust objects (if any) might have different low-level |
3148 * representations, but hopefully high-level concepts would map. | 2254 * representations, but hopefully high-level concepts would map. |
3149 * | 2255 * |
3150 * Only these high-level general routines would be promoted to the | 2256 * Only these high-level general routines would be promoted to the |
3151 * general certificate level here. Hence the {xxx} above would be things | 2257 * general certificate level here. Hence the {xxx} above would be things |
3152 * like "EmailSigning." | 2258 * like "EmailSigning." |
3153 * | 2259 * |
3154 * | 2260 * |
3155 * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c); | 2261 * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c); |
3156 * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t)
; | 2262 * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust |
| 2263 **t); |
3157 * | 2264 * |
3158 * I want to hold off on any general trust object until we've investigated | 2265 * I want to hold off on any general trust object until we've investigated |
3159 * other models more thoroughly. | 2266 * other models more thoroughly. |
3160 */ | 2267 */ |
3161 | 2268 |
3162 PR_END_EXTERN_C | 2269 PR_END_EXTERN_C |
3163 | 2270 |
3164 #endif /* NSSPKI_H */ | 2271 #endif /* NSSPKI_H */ |
OLD | NEW |