The Tor Browser: comparison security/nss/lib/ckfw/capi/ckcapi.h

--1:000000000000
+:e2af2867ee65
+/* This Source Code Form is subject to the terms of the Mozilla Public
+* License, v. 2.0. If a copy of the MPL was not distributed with this
+* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#ifndef CKCAPI_H
+#define CKCAPI_H 1
+#include "nssckmdt.h"
+#include "nssckfw.h"
+/*
+* I'm including this for access to the arena functions.
+* Looks like we should publish that API.
+*/
+#ifndef BASE_H
+#include "base.h"
+#endif /* BASE_H */
+/*
+* This is where the Netscape extensions live, at least for now.
+*/
+#ifndef CKT_H
+#include "ckt.h"
+#endif /* CKT_H */
+#include "wtypes.h"
+#include "wincrypt.h"
+/*
+* statically defined raw objects. Allows us to data description objects
+* to this PKCS #11 module.
+*/
+struct ckcapiRawObjectStr {
+CK_ULONG n;
+const CK_ATTRIBUTE_TYPE *types;
+const NSSItem *items;
+};
+typedef struct ckcapiRawObjectStr ckcapiRawObject;
+/*
+* common values needed for both bare keys and cert referenced keys.
+*/
+struct ckcapiKeyParamsStr {
+NSSItem	  modulus;
+NSSItem	  exponent;
+NSSItem	  privateExponent;
+NSSItem	  prime1;
+NSSItem	  prime2;
+NSSItem	  exponent1;
+NSSItem	  exponent2;
+NSSItem	  coefficient;
+unsigned char   publicExponentData[sizeof(CK_ULONG)];
+void		  *privateKey;
+void		  *pubKey;
+};
+typedef struct ckcapiKeyParamsStr ckcapiKeyParams;
+/*
+* Key objects. Handles bare keys which do not yet have certs associated
+* with them. These are usually short lived, but may exist for several days
+* while the CA is issuing the certificate.
+*/
+struct ckcapiKeyObjectStr {
+CRYPT_KEY_PROV_INFO provInfo;
+char            *provName;
+char            *containerName;
+HCRYPTPROV      hProv;
+ckcapiKeyParams key;
+};
+typedef struct ckcapiKeyObjectStr ckcapiKeyObject;
+/*
+* Certificate and certificate referenced keys.
+*/
+struct ckcapiCertObjectStr {
+PCCERT_CONTEXT  certContext;
+PRBool          hasID;
+const char	  *certStore;
+NSSItem	  label;
+NSSItem	  subject;
+NSSItem	  issuer;
+NSSItem	  serial;
+NSSItem	  derCert;
+ckcapiKeyParams key;
+unsigned char   *labelData;
+/* static data: to do, make this dynamic like labelData */
+unsigned char   derSerial[128];
+};
+typedef struct ckcapiCertObjectStr ckcapiCertObject;
+typedef enum {
+ckcapiRaw,
+ckcapiCert,
+ckcapiBareKey
+} ckcapiObjectType;
+/*
+* all the various types of objects are abstracted away in cobject and
+* cfind as ckcapiInternalObjects.
+*/
+struct ckcapiInternalObjectStr {
+ckcapiObjectType type;
+union {
+ckcapiRawObject  raw;
+ckcapiCertObject cert;
+ckcapiKeyObject  key;
+} u;
+CK_OBJECT_CLASS objClass;
+NSSItem	  hashKey;
+NSSItem	  id;
+void		  *idData;
+unsigned char   hashKeyData[128];
+NSSCKMDObject mdObject;
+};
+typedef struct ckcapiInternalObjectStr ckcapiInternalObject;
+/* our raw object data array */
+NSS_EXTERN_DATA ckcapiInternalObject nss_ckcapi_data[];
+NSS_EXTERN_DATA const PRUint32               nss_ckcapi_nObjects;
+NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_CryptokiVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_ManufacturerID;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_LibraryDescription;
+NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_LibraryVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_SlotDescription;
+NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_HardwareVersion;
+NSS_EXTERN_DATA const CK_VERSION   nss_ckcapi_FirmwareVersion;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenLabel;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenModel;
+NSS_EXTERN_DATA const NSSUTF8 *    nss_ckcapi_TokenSerialNumber;
+NSS_EXTERN_DATA const NSSCKMDInstance  nss_ckcapi_mdInstance;
+NSS_EXTERN_DATA const NSSCKMDSlot      nss_ckcapi_mdSlot;
+NSS_EXTERN_DATA const NSSCKMDToken     nss_ckcapi_mdToken;
+NSS_EXTERN_DATA const NSSCKMDMechanism nss_ckcapi_mdMechanismRSA;
+NSS_EXTERN NSSCKMDSession *
+nss_ckcapi_CreateSession
+(
+NSSCKFWSession *fwSession,
+CK_RV *pError
+);
+NSS_EXTERN NSSCKMDFindObjects *
+nss_ckcapi_FindObjectsInit
+(
+NSSCKFWSession *fwSession,
+CK_ATTRIBUTE_PTR pTemplate,
+CK_ULONG ulAttributeCount,
+CK_RV *pError
+);
+/*
+* Object Utilities
+*/
+NSS_EXTERN NSSCKMDObject *
+nss_ckcapi_CreateMDObject
+(
+NSSArena *arena,
+ckcapiInternalObject *io,
+CK_RV *pError
+);
+NSS_EXTERN NSSCKMDObject *
+nss_ckcapi_CreateObject
+(
+NSSCKFWSession *fwSession,
+CK_ATTRIBUTE_PTR pTemplate,
+CK_ULONG ulAttributeCount,
+CK_RV *pError
+);
+NSS_EXTERN const NSSItem *
+nss_ckcapi_FetchAttribute
+(
+ckcapiInternalObject *io,
+CK_ATTRIBUTE_TYPE type
+);
+NSS_EXTERN void
+nss_ckcapi_DestroyInternalObject
+(
+ckcapiInternalObject *io
+);
+NSS_EXTERN CK_RV
+nss_ckcapi_FetchKeyContainer
+(
+ckcapiInternalObject *iKey,
+HCRYPTPROV  *hProv,
+DWORD       *keySpec,
+HCRYPTKEY   *hKey
+);
+/*
+* generic utilities
+*/
+/*
+* So everyone else in the worlds stores their bignum data MSB first, but not
+* Microsoft, we need to byte swap everything coming into and out of CAPI.
+*/
+void
+ckcapi_ReverseData
+(
+NSSItem *item
+);
+/*
+* unwrap a single DER value
+*/
+unsigned char *
+nss_ckcapi_DERUnwrap
+(
+unsigned char *src,
+unsigned int size,
+unsigned int *outSize,
+unsigned char **next
+);
+/*
+* Return the size in bytes of a wide string
+*/
+int
+nss_ckcapi_WideSize
+(
+LPCWSTR wide
+);
+/*
+* Covert a Unicode wide character string to a UTF8 string
+*/
+char *
+nss_ckcapi_WideToUTF8
+(
+LPCWSTR wide
+);
+/*
+* Return a Wide String duplicated with nss allocated memory.
+*/
+LPWSTR
+nss_ckcapi_WideDup
+(
+LPCWSTR wide
+);
+/*
+* Covert a UTF8 string to Unicode wide character
+*/
+LPWSTR
+nss_ckcapi_UTF8ToWide
+(
+char *buf
+);
+NSS_EXTERN PRUint32
+nss_ckcapi_collect_all_certs(
+CK_ATTRIBUTE_PTR pTemplate,
+CK_ULONG ulAttributeCount,
+ckcapiInternalObject ***listp,
+PRUint32 *sizep,
+PRUint32 count,
+CK_RV *pError
+);
+#define NSS_CKCAPI_ARRAY_SIZE(x) ((sizeof (x))/(sizeof ((x)[0])))
+#endif

The Tor Browser / file comparison

comparison: security/nss/lib/ckfw/capi/ckcapi.h

security/nss/lib/ckfw/capi/ckcapi.h