1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pki/nsspki.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,3164 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef NSSPKI_H
1.9 +#define NSSPKI_H
1.10 +
1.11 +/*
1.12 + * nsspki.h
1.13 + *
1.14 + * This file prototypes the methods of the top-level PKI objects.
1.15 + */
1.16 +
1.17 +#ifndef NSSDEVT_H
1.18 +#include "nssdevt.h"
1.19 +#endif /* NSSDEVT_H */
1.20 +
1.21 +#ifndef NSSPKIT_H
1.22 +#include "nsspkit.h"
1.23 +#endif /* NSSPKIT_H */
1.24 +
1.25 +#ifndef BASE_H
1.26 +#include "base.h"
1.27 +#endif /* BASE_H */
1.28 +
1.29 +PR_BEGIN_EXTERN_C
1.30 +
1.31 +/*
1.32 + * A note about interfaces
1.33 + *
1.34 + * Although these APIs are specified in C, a language which does
1.35 + * not have fancy support for abstract interfaces, this library
1.36 + * was designed from an object-oriented perspective. It may be
1.37 + * useful to consider the standard interfaces which went into
1.38 + * the writing of these APIs.
1.39 + *
1.40 + * Basic operations on all objects:
1.41 + * Destroy -- free a pointer to an object
1.42 + * DeleteStoredObject -- delete an object permanently
1.43 + *
1.44 + * Public Key cryptographic operations:
1.45 + * Encrypt
1.46 + * Verify
1.47 + * VerifyRecover
1.48 + * Wrap
1.49 + * Derive
1.50 + *
1.51 + * Private Key cryptographic operations:
1.52 + * IsStillPresent
1.53 + * Decrypt
1.54 + * Sign
1.55 + * SignRecover
1.56 + * Unwrap
1.57 + * Derive
1.58 + *
1.59 + * Symmetric Key cryptographic operations:
1.60 + * IsStillPresent
1.61 + * Encrypt
1.62 + * Decrypt
1.63 + * Sign
1.64 + * SignRecover
1.65 + * Verify
1.66 + * VerifyRecover
1.67 + * Wrap
1.68 + * Unwrap
1.69 + * Derive
1.70 + *
1.71 + */
1.72 +
1.73 +/*
1.74 + * NSSCertificate
1.75 + *
1.76 + * These things can do crypto ops like public keys, except that the trust,
1.77 + * usage, and other constraints are checked. These objects are "high-level,"
1.78 + * so trust, usages, etc. are in the form we throw around (client auth,
1.79 + * email signing, etc.). Remember that theoretically another implementation
1.80 + * (think PGP) could be beneath this object.
1.81 + */
1.82 +
1.83 +/*
1.84 + * NSSCertificate_Destroy
1.85 + *
1.86 + * Free a pointer to a certificate object.
1.87 + */
1.88 +
1.89 +NSS_EXTERN PRStatus
1.90 +NSSCertificate_Destroy
1.91 +(
1.92 + NSSCertificate *c
1.93 +);
1.94 +
1.95 +/*
1.96 + * NSSCertificate_DeleteStoredObject
1.97 + *
1.98 + * Permanently remove this certificate from storage. If this is the
1.99 + * only (remaining) certificate corresponding to a private key,
1.100 + * public key, and/or other object; then that object (those objects)
1.101 + * are deleted too.
1.102 + */
1.103 +
1.104 +NSS_EXTERN PRStatus
1.105 +NSSCertificate_DeleteStoredObject
1.106 +(
1.107 + NSSCertificate *c,
1.108 + NSSCallback *uhh
1.109 +);
1.110 +
1.111 +/*
1.112 + * NSSCertificate_Validate
1.113 + *
1.114 + * Verify that this certificate is trusted, for the specified usage(s),
1.115 + * at the specified time, {word word} the specified policies.
1.116 + */
1.117 +
1.118 +NSS_EXTERN PRStatus
1.119 +NSSCertificate_Validate
1.120 +(
1.121 + NSSCertificate *c,
1.122 + NSSTime *timeOpt, /* NULL for "now" */
1.123 + NSSUsage *usage,
1.124 + NSSPolicies *policiesOpt /* NULL for none */
1.125 +);
1.126 +
1.127 +/*
1.128 + * NSSCertificate_ValidateCompletely
1.129 + *
1.130 + * Verify that this certificate is trusted. The difference between
1.131 + * this and the previous call is that NSSCertificate_Validate merely
1.132 + * returns success or failure with an appropriate error stack.
1.133 + * However, there may be (and often are) multiple problems with a
1.134 + * certificate. This routine returns an array of errors, specifying
1.135 + * every problem.
1.136 + */
1.137 +
1.138 +/*
1.139 + * Return value must be an array of objects, each of which has
1.140 + * an NSSError, and any corresponding certificate (in the chain)
1.141 + * and/or policy.
1.142 + */
1.143 +
1.144 +NSS_EXTERN void ** /* void *[] */
1.145 +NSSCertificate_ValidateCompletely
1.146 +(
1.147 + NSSCertificate *c,
1.148 + NSSTime *timeOpt, /* NULL for "now" */
1.149 + NSSUsage *usage,
1.150 + NSSPolicies *policiesOpt, /* NULL for none */
1.151 + void **rvOpt, /* NULL for allocate */
1.152 + PRUint32 rvLimit, /* zero for no limit */
1.153 + NSSArena *arenaOpt /* NULL for heap */
1.154 +);
1.155 +
1.156 +/*
1.157 + * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
1.158 + *
1.159 + * Returns PR_SUCCESS if the certificate is valid for at least something.
1.160 + */
1.161 +
1.162 +NSS_EXTERN PRStatus
1.163 +NSSCertificate_ValidateAndDiscoverUsagesAndPolicies
1.164 +(
1.165 + NSSCertificate *c,
1.166 + NSSTime **notBeforeOutOpt,
1.167 + NSSTime **notAfterOutOpt,
1.168 + void *allowedUsages,
1.169 + void *disallowedUsages,
1.170 + void *allowedPolicies,
1.171 + void *disallowedPolicies,
1.172 + /* more args.. work on this fgmr */
1.173 + NSSArena *arenaOpt
1.174 +);
1.175 +
1.176 +/*
1.177 + * NSSCertificate_Encode
1.178 + *
1.179 + */
1.180 +
1.181 +NSS_EXTERN NSSDER *
1.182 +NSSCertificate_Encode
1.183 +(
1.184 + NSSCertificate *c,
1.185 + NSSDER *rvOpt,
1.186 + NSSArena *arenaOpt
1.187 +);
1.188 +
1.189 +/*
1.190 + * NSSCertificate_BuildChain
1.191 + *
1.192 + * This routine returns NSSCertificate *'s for each certificate
1.193 + * in the "chain" starting from the specified one up to and
1.194 + * including the root. The zeroth element in the array is the
1.195 + * specified ("leaf") certificate.
1.196 + *
1.197 + * If statusOpt is supplied, and is returned as PR_FAILURE, possible
1.198 + * error values are:
1.199 + *
1.200 + * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete
1.201 + *
1.202 + */
1.203 +
1.204 +extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND;
1.205 +
1.206 +NSS_EXTERN NSSCertificate **
1.207 +NSSCertificate_BuildChain
1.208 +(
1.209 + NSSCertificate *c,
1.210 + NSSTime *timeOpt,
1.211 + NSSUsage *usage,
1.212 + NSSPolicies *policiesOpt,
1.213 + NSSCertificate **rvOpt,
1.214 + PRUint32 rvLimit, /* zero for no limit */
1.215 + NSSArena *arenaOpt,
1.216 + PRStatus *statusOpt,
1.217 + NSSTrustDomain *td,
1.218 + NSSCryptoContext *cc
1.219 +);
1.220 +
1.221 +/*
1.222 + * NSSCertificate_GetTrustDomain
1.223 + *
1.224 + */
1.225 +
1.226 +NSS_EXTERN NSSTrustDomain *
1.227 +NSSCertificate_GetTrustDomain
1.228 +(
1.229 + NSSCertificate *c
1.230 +);
1.231 +
1.232 +/*
1.233 + * NSSCertificate_GetToken
1.234 + *
1.235 + * There doesn't have to be one.
1.236 + */
1.237 +
1.238 +NSS_EXTERN NSSToken *
1.239 +NSSCertificate_GetToken
1.240 +(
1.241 + NSSCertificate *c,
1.242 + PRStatus *statusOpt
1.243 +);
1.244 +
1.245 +/*
1.246 + * NSSCertificate_GetSlot
1.247 + *
1.248 + * There doesn't have to be one.
1.249 + */
1.250 +
1.251 +NSS_EXTERN NSSSlot *
1.252 +NSSCertificate_GetSlot
1.253 +(
1.254 + NSSCertificate *c,
1.255 + PRStatus *statusOpt
1.256 +);
1.257 +
1.258 +/*
1.259 + * NSSCertificate_GetModule
1.260 + *
1.261 + * There doesn't have to be one.
1.262 + */
1.263 +
1.264 +NSS_EXTERN NSSModule *
1.265 +NSSCertificate_GetModule
1.266 +(
1.267 + NSSCertificate *c,
1.268 + PRStatus *statusOpt
1.269 +);
1.270 +
1.271 +/*
1.272 + * NSSCertificate_Encrypt
1.273 + *
1.274 + * Encrypt a single chunk of data with the public key corresponding to
1.275 + * this certificate.
1.276 + */
1.277 +
1.278 +NSS_EXTERN NSSItem *
1.279 +NSSCertificate_Encrypt
1.280 +(
1.281 + NSSCertificate *c,
1.282 + NSSAlgorithmAndParameters *apOpt,
1.283 + NSSItem *data,
1.284 + NSSTime *timeOpt,
1.285 + NSSUsage *usage,
1.286 + NSSPolicies *policiesOpt,
1.287 + NSSCallback *uhh,
1.288 + NSSItem *rvOpt,
1.289 + NSSArena *arenaOpt
1.290 +);
1.291 +
1.292 +/*
1.293 + * NSSCertificate_Verify
1.294 + *
1.295 + */
1.296 +
1.297 +NSS_EXTERN PRStatus
1.298 +NSSCertificate_Verify
1.299 +(
1.300 + NSSCertificate *c,
1.301 + NSSAlgorithmAndParameters *apOpt,
1.302 + NSSItem *data,
1.303 + NSSItem *signature,
1.304 + NSSTime *timeOpt,
1.305 + NSSUsage *usage,
1.306 + NSSPolicies *policiesOpt,
1.307 + NSSCallback *uhh
1.308 +);
1.309 +
1.310 +/*
1.311 + * NSSCertificate_VerifyRecover
1.312 + *
1.313 + */
1.314 +
1.315 +NSS_EXTERN NSSItem *
1.316 +NSSCertificate_VerifyRecover
1.317 +(
1.318 + NSSCertificate *c,
1.319 + NSSAlgorithmAndParameters *apOpt,
1.320 + NSSItem *signature,
1.321 + NSSTime *timeOpt,
1.322 + NSSUsage *usage,
1.323 + NSSPolicies *policiesOpt,
1.324 + NSSCallback *uhh,
1.325 + NSSItem *rvOpt,
1.326 + NSSArena *arenaOpt
1.327 +);
1.328 +
1.329 +/*
1.330 + * NSSCertificate_WrapSymmetricKey
1.331 + *
1.332 + * This method tries very hard to to succeed, even in situations
1.333 + * involving sensitive keys and multiple modules.
1.334 + * { relyea: want to add verbiage? }
1.335 + */
1.336 +
1.337 +NSS_EXTERN NSSItem *
1.338 +NSSCertificate_WrapSymmetricKey
1.339 +(
1.340 + NSSCertificate *c,
1.341 + NSSAlgorithmAndParameters *apOpt,
1.342 + NSSSymmetricKey *keyToWrap,
1.343 + NSSTime *timeOpt,
1.344 + NSSUsage *usage,
1.345 + NSSPolicies *policiesOpt,
1.346 + NSSCallback *uhh,
1.347 + NSSItem *rvOpt,
1.348 + NSSArena *arenaOpt
1.349 +);
1.350 +
1.351 +/*
1.352 + * NSSCertificate_CreateCryptoContext
1.353 + *
1.354 + * Create a crypto context, in this certificate's trust domain, with this
1.355 + * as the distinguished certificate.
1.356 + */
1.357 +
1.358 +NSS_EXTERN NSSCryptoContext *
1.359 +NSSCertificate_CreateCryptoContext
1.360 +(
1.361 + NSSCertificate *c,
1.362 + NSSAlgorithmAndParameters *apOpt,
1.363 + NSSTime *timeOpt,
1.364 + NSSUsage *usage,
1.365 + NSSPolicies *policiesOpt,
1.366 + NSSCallback *uhh
1.367 +);
1.368 +
1.369 +/*
1.370 + * NSSCertificate_GetPublicKey
1.371 + *
1.372 + * Returns the public key corresponding to this certificate.
1.373 + */
1.374 +
1.375 +NSS_EXTERN NSSPublicKey *
1.376 +NSSCertificate_GetPublicKey
1.377 +(
1.378 + NSSCertificate *c
1.379 +);
1.380 +
1.381 +/*
1.382 + * NSSCertificate_FindPrivateKey
1.383 + *
1.384 + * Finds and returns the private key corresponding to this certificate,
1.385 + * if it is available.
1.386 + *
1.387 + * { Should this hang off of NSSUserCertificate? }
1.388 + */
1.389 +
1.390 +NSS_EXTERN NSSPrivateKey *
1.391 +NSSCertificate_FindPrivateKey
1.392 +(
1.393 + NSSCertificate *c,
1.394 + NSSCallback *uhh
1.395 +);
1.396 +
1.397 +/*
1.398 + * NSSCertificate_IsPrivateKeyAvailable
1.399 + *
1.400 + * Returns success if the private key corresponding to this certificate
1.401 + * is available to be used.
1.402 + *
1.403 + * { Should *this* hang off of NSSUserCertificate?? }
1.404 + */
1.405 +
1.406 +NSS_EXTERN PRBool
1.407 +NSSCertificate_IsPrivateKeyAvailable
1.408 +(
1.409 + NSSCertificate *c,
1.410 + NSSCallback *uhh,
1.411 + PRStatus *statusOpt
1.412 +);
1.413 +
1.414 +/*
1.415 + * If we make NSSUserCertificate not a typedef of NSSCertificate,
1.416 + * then we'll need implementations of the following:
1.417 + *
1.418 + * NSSUserCertificate_Destroy
1.419 + * NSSUserCertificate_DeleteStoredObject
1.420 + * NSSUserCertificate_Validate
1.421 + * NSSUserCertificate_ValidateCompletely
1.422 + * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies
1.423 + * NSSUserCertificate_Encode
1.424 + * NSSUserCertificate_BuildChain
1.425 + * NSSUserCertificate_GetTrustDomain
1.426 + * NSSUserCertificate_GetToken
1.427 + * NSSUserCertificate_GetSlot
1.428 + * NSSUserCertificate_GetModule
1.429 + * NSSUserCertificate_GetCryptoContext
1.430 + * NSSUserCertificate_GetPublicKey
1.431 + */
1.432 +
1.433 +/*
1.434 + * NSSUserCertificate_IsStillPresent
1.435 + *
1.436 + * Verify that if this certificate lives on a token, that the token
1.437 + * is still present and the certificate still exists. This is a
1.438 + * lightweight call which should be used whenever it should be
1.439 + * verified that the user hasn't perhaps popped out his or her
1.440 + * token and strolled away.
1.441 + */
1.442 +
1.443 +NSS_EXTERN PRBool
1.444 +NSSUserCertificate_IsStillPresent
1.445 +(
1.446 + NSSUserCertificate *uc,
1.447 + PRStatus *statusOpt
1.448 +);
1.449 +
1.450 +/*
1.451 + * NSSUserCertificate_Decrypt
1.452 + *
1.453 + * Decrypt a single chunk of data with the private key corresponding
1.454 + * to this certificate.
1.455 + */
1.456 +
1.457 +NSS_EXTERN NSSItem *
1.458 +NSSUserCertificate_Decrypt
1.459 +(
1.460 + NSSUserCertificate *uc,
1.461 + NSSAlgorithmAndParameters *apOpt,
1.462 + NSSItem *data,
1.463 + NSSTime *timeOpt,
1.464 + NSSUsage *usage,
1.465 + NSSPolicies *policiesOpt,
1.466 + NSSCallback *uhh,
1.467 + NSSItem *rvOpt,
1.468 + NSSArena *arenaOpt
1.469 +);
1.470 +
1.471 +/*
1.472 + * NSSUserCertificate_Sign
1.473 + *
1.474 + */
1.475 +
1.476 +NSS_EXTERN NSSItem *
1.477 +NSSUserCertificate_Sign
1.478 +(
1.479 + NSSUserCertificate *uc,
1.480 + NSSAlgorithmAndParameters *apOpt,
1.481 + NSSItem *data,
1.482 + NSSTime *timeOpt,
1.483 + NSSUsage *usage,
1.484 + NSSPolicies *policiesOpt,
1.485 + NSSCallback *uhh,
1.486 + NSSItem *rvOpt,
1.487 + NSSArena *arenaOpt
1.488 +);
1.489 +
1.490 +/*
1.491 + * NSSUserCertificate_SignRecover
1.492 + *
1.493 + */
1.494 +
1.495 +NSS_EXTERN NSSItem *
1.496 +NSSUserCertificate_SignRecover
1.497 +(
1.498 + NSSUserCertificate *uc,
1.499 + NSSAlgorithmAndParameters *apOpt,
1.500 + NSSItem *data,
1.501 + NSSTime *timeOpt,
1.502 + NSSUsage *usage,
1.503 + NSSPolicies *policiesOpt,
1.504 + NSSCallback *uhh,
1.505 + NSSItem *rvOpt,
1.506 + NSSArena *arenaOpt
1.507 +);
1.508 +
1.509 +/*
1.510 + * NSSUserCertificate_UnwrapSymmetricKey
1.511 + *
1.512 + */
1.513 +
1.514 +NSS_EXTERN NSSSymmetricKey *
1.515 +NSSUserCertificate_UnwrapSymmetricKey
1.516 +(
1.517 + NSSUserCertificate *uc,
1.518 + NSSAlgorithmAndParameters *apOpt,
1.519 + NSSItem *wrappedKey,
1.520 + NSSTime *timeOpt,
1.521 + NSSUsage *usage,
1.522 + NSSPolicies *policiesOpt,
1.523 + NSSCallback *uhh,
1.524 + NSSItem *rvOpt,
1.525 + NSSArena *arenaOpt
1.526 +);
1.527 +
1.528 +/*
1.529 + * NSSUserCertificate_DeriveSymmetricKey
1.530 + *
1.531 + */
1.532 +
1.533 +NSS_EXTERN NSSSymmetricKey *
1.534 +NSSUserCertificate_DeriveSymmetricKey
1.535 +(
1.536 + NSSUserCertificate *uc, /* provides private key */
1.537 + NSSCertificate *c, /* provides public key */
1.538 + NSSAlgorithmAndParameters *apOpt,
1.539 + NSSOID *target,
1.540 + PRUint32 keySizeOpt, /* zero for best allowed */
1.541 + NSSOperations operations,
1.542 + NSSCallback *uhh
1.543 +);
1.544 +
1.545 +/* filter-certs function(s) */
1.546 +
1.547 +/**
1.548 + ** fgmr -- trust objects
1.549 + **/
1.550 +
1.551 +/*
1.552 + * NSSPrivateKey
1.553 + *
1.554 + */
1.555 +
1.556 +/*
1.557 + * NSSPrivateKey_Destroy
1.558 + *
1.559 + * Free a pointer to a private key object.
1.560 + */
1.561 +
1.562 +NSS_EXTERN PRStatus
1.563 +NSSPrivateKey_Destroy
1.564 +(
1.565 + NSSPrivateKey *vk
1.566 +);
1.567 +
1.568 +/*
1.569 + * NSSPrivateKey_DeleteStoredObject
1.570 + *
1.571 + * Permanently remove this object, and any related objects (such as the
1.572 + * certificates corresponding to this key).
1.573 + */
1.574 +
1.575 +NSS_EXTERN PRStatus
1.576 +NSSPrivateKey_DeleteStoredObject
1.577 +(
1.578 + NSSPrivateKey *vk,
1.579 + NSSCallback *uhh
1.580 +);
1.581 +
1.582 +/*
1.583 + * NSSPrivateKey_GetSignatureLength
1.584 + *
1.585 + */
1.586 +
1.587 +NSS_EXTERN PRUint32
1.588 +NSSPrivateKey_GetSignatureLength
1.589 +(
1.590 + NSSPrivateKey *vk
1.591 +);
1.592 +
1.593 +/*
1.594 + * NSSPrivateKey_GetPrivateModulusLength
1.595 + *
1.596 + */
1.597 +
1.598 +NSS_EXTERN PRUint32
1.599 +NSSPrivateKey_GetPrivateModulusLength
1.600 +(
1.601 + NSSPrivateKey *vk
1.602 +);
1.603 +
1.604 +/*
1.605 + * NSSPrivateKey_IsStillPresent
1.606 + *
1.607 + */
1.608 +
1.609 +NSS_EXTERN PRBool
1.610 +NSSPrivateKey_IsStillPresent
1.611 +(
1.612 + NSSPrivateKey *vk,
1.613 + PRStatus *statusOpt
1.614 +);
1.615 +
1.616 +/*
1.617 + * NSSPrivateKey_Encode
1.618 + *
1.619 + */
1.620 +
1.621 +NSS_EXTERN NSSItem *
1.622 +NSSPrivateKey_Encode
1.623 +(
1.624 + NSSPrivateKey *vk,
1.625 + NSSAlgorithmAndParameters *ap,
1.626 + NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */
1.627 + NSSCallback *uhhOpt,
1.628 + NSSItem *rvOpt,
1.629 + NSSArena *arenaOpt
1.630 +);
1.631 +
1.632 +/*
1.633 + * NSSPrivateKey_GetTrustDomain
1.634 + *
1.635 + * There doesn't have to be one.
1.636 + */
1.637 +
1.638 +NSS_EXTERN NSSTrustDomain *
1.639 +NSSPrivateKey_GetTrustDomain
1.640 +(
1.641 + NSSPrivateKey *vk,
1.642 + PRStatus *statusOpt
1.643 +);
1.644 +
1.645 +/*
1.646 + * NSSPrivateKey_GetToken
1.647 + *
1.648 + */
1.649 +
1.650 +NSS_EXTERN NSSToken *
1.651 +NSSPrivateKey_GetToken
1.652 +(
1.653 + NSSPrivateKey *vk
1.654 +);
1.655 +
1.656 +/*
1.657 + * NSSPrivateKey_GetSlot
1.658 + *
1.659 + */
1.660 +
1.661 +NSS_EXTERN NSSSlot *
1.662 +NSSPrivateKey_GetSlot
1.663 +(
1.664 + NSSPrivateKey *vk
1.665 +);
1.666 +
1.667 +/*
1.668 + * NSSPrivateKey_GetModule
1.669 + *
1.670 + */
1.671 +
1.672 +NSS_EXTERN NSSModule *
1.673 +NSSPrivateKey_GetModule
1.674 +(
1.675 + NSSPrivateKey *vk
1.676 +);
1.677 +
1.678 +/*
1.679 + * NSSPrivateKey_Decrypt
1.680 + *
1.681 + */
1.682 +
1.683 +NSS_EXTERN NSSItem *
1.684 +NSSPrivateKey_Decrypt
1.685 +(
1.686 + NSSPrivateKey *vk,
1.687 + NSSAlgorithmAndParameters *apOpt,
1.688 + NSSItem *encryptedData,
1.689 + NSSCallback *uhh,
1.690 + NSSItem *rvOpt,
1.691 + NSSArena *arenaOpt
1.692 +);
1.693 +
1.694 +/*
1.695 + * NSSPrivateKey_Sign
1.696 + *
1.697 + */
1.698 +
1.699 +NSS_EXTERN NSSItem *
1.700 +NSSPrivateKey_Sign
1.701 +(
1.702 + NSSPrivateKey *vk,
1.703 + NSSAlgorithmAndParameters *apOpt,
1.704 + NSSItem *data,
1.705 + NSSCallback *uhh,
1.706 + NSSItem *rvOpt,
1.707 + NSSArena *arenaOpt
1.708 +);
1.709 +
1.710 +/*
1.711 + * NSSPrivateKey_SignRecover
1.712 + *
1.713 + */
1.714 +
1.715 +NSS_EXTERN NSSItem *
1.716 +NSSPrivateKey_SignRecover
1.717 +(
1.718 + NSSPrivateKey *vk,
1.719 + NSSAlgorithmAndParameters *apOpt,
1.720 + NSSItem *data,
1.721 + NSSCallback *uhh,
1.722 + NSSItem *rvOpt,
1.723 + NSSArena *arenaOpt
1.724 +);
1.725 +
1.726 +/*
1.727 + * NSSPrivateKey_UnwrapSymmetricKey
1.728 + *
1.729 + */
1.730 +
1.731 +NSS_EXTERN NSSSymmetricKey *
1.732 +NSSPrivateKey_UnwrapSymmetricKey
1.733 +(
1.734 + NSSPrivateKey *vk,
1.735 + NSSAlgorithmAndParameters *apOpt,
1.736 + NSSItem *wrappedKey,
1.737 + NSSCallback *uhh
1.738 +);
1.739 +
1.740 +/*
1.741 + * NSSPrivateKey_DeriveSymmetricKey
1.742 + *
1.743 + */
1.744 +
1.745 +NSS_EXTERN NSSSymmetricKey *
1.746 +NSSPrivateKey_DeriveSymmetricKey
1.747 +(
1.748 + NSSPrivateKey *vk,
1.749 + NSSPublicKey *bk,
1.750 + NSSAlgorithmAndParameters *apOpt,
1.751 + NSSOID *target,
1.752 + PRUint32 keySizeOpt, /* zero for best allowed */
1.753 + NSSOperations operations,
1.754 + NSSCallback *uhh
1.755 +);
1.756 +
1.757 +/*
1.758 + * NSSPrivateKey_FindPublicKey
1.759 + *
1.760 + */
1.761 +
1.762 +NSS_EXTERN NSSPublicKey *
1.763 +NSSPrivateKey_FindPublicKey
1.764 +(
1.765 + NSSPrivateKey *vk
1.766 + /* { don't need the callback here, right? } */
1.767 +);
1.768 +
1.769 +/*
1.770 + * NSSPrivateKey_CreateCryptoContext
1.771 + *
1.772 + * Create a crypto context, in this key's trust domain,
1.773 + * with this as the distinguished private key.
1.774 + */
1.775 +
1.776 +NSS_EXTERN NSSCryptoContext *
1.777 +NSSPrivateKey_CreateCryptoContext
1.778 +(
1.779 + NSSPrivateKey *vk,
1.780 + NSSAlgorithmAndParameters *apOpt,
1.781 + NSSCallback *uhh
1.782 +);
1.783 +
1.784 +/*
1.785 + * NSSPrivateKey_FindCertificates
1.786 + *
1.787 + * Note that there may be more than one certificate for this
1.788 + * private key. { FilterCertificates function to further
1.789 + * reduce the list. }
1.790 + */
1.791 +
1.792 +NSS_EXTERN NSSCertificate **
1.793 +NSSPrivateKey_FindCertificates
1.794 +(
1.795 + NSSPrivateKey *vk,
1.796 + NSSCertificate *rvOpt[],
1.797 + PRUint32 maximumOpt, /* 0 for no max */
1.798 + NSSArena *arenaOpt
1.799 +);
1.800 +
1.801 +/*
1.802 + * NSSPrivateKey_FindBestCertificate
1.803 + *
1.804 + * The parameters for this function will depend on what the users
1.805 + * need. This is just a starting point.
1.806 + */
1.807 +
1.808 +NSS_EXTERN NSSCertificate *
1.809 +NSSPrivateKey_FindBestCertificate
1.810 +(
1.811 + NSSPrivateKey *vk,
1.812 + NSSTime *timeOpt,
1.813 + NSSUsage *usageOpt,
1.814 + NSSPolicies *policiesOpt
1.815 +);
1.816 +
1.817 +/*
1.818 + * NSSPublicKey
1.819 + *
1.820 + * Once you generate, find, or derive one of these, you can use it
1.821 + * to perform (simple) cryptographic operations. Though there may
1.822 + * be certificates associated with these public keys, they are not
1.823 + * verified.
1.824 + */
1.825 +
1.826 +/*
1.827 + * NSSPublicKey_Destroy
1.828 + *
1.829 + * Free a pointer to a public key object.
1.830 + */
1.831 +
1.832 +NSS_EXTERN PRStatus
1.833 +NSSPublicKey_Destroy
1.834 +(
1.835 + NSSPublicKey *bk
1.836 +);
1.837 +
1.838 +/*
1.839 + * NSSPublicKey_DeleteStoredObject
1.840 + *
1.841 + * Permanently remove this object, and any related objects (such as the
1.842 + * corresponding private keys and certificates).
1.843 + */
1.844 +
1.845 +NSS_EXTERN PRStatus
1.846 +NSSPublicKey_DeleteStoredObject
1.847 +(
1.848 + NSSPublicKey *bk,
1.849 + NSSCallback *uhh
1.850 +);
1.851 +
1.852 +/*
1.853 + * NSSPublicKey_Encode
1.854 + *
1.855 + */
1.856 +
1.857 +NSS_EXTERN NSSItem *
1.858 +NSSPublicKey_Encode
1.859 +(
1.860 + NSSPublicKey *bk,
1.861 + NSSAlgorithmAndParameters *ap,
1.862 + NSSCallback *uhhOpt,
1.863 + NSSItem *rvOpt,
1.864 + NSSArena *arenaOpt
1.865 +);
1.866 +
1.867 +/*
1.868 + * NSSPublicKey_GetTrustDomain
1.869 + *
1.870 + * There doesn't have to be one.
1.871 + */
1.872 +
1.873 +NSS_EXTERN NSSTrustDomain *
1.874 +NSSPublicKey_GetTrustDomain
1.875 +(
1.876 + NSSPublicKey *bk,
1.877 + PRStatus *statusOpt
1.878 +);
1.879 +
1.880 +/*
1.881 + * NSSPublicKey_GetToken
1.882 + *
1.883 + * There doesn't have to be one.
1.884 + */
1.885 +
1.886 +NSS_EXTERN NSSToken *
1.887 +NSSPublicKey_GetToken
1.888 +(
1.889 + NSSPublicKey *bk,
1.890 + PRStatus *statusOpt
1.891 +);
1.892 +
1.893 +/*
1.894 + * NSSPublicKey_GetSlot
1.895 + *
1.896 + * There doesn't have to be one.
1.897 + */
1.898 +
1.899 +NSS_EXTERN NSSSlot *
1.900 +NSSPublicKey_GetSlot
1.901 +(
1.902 + NSSPublicKey *bk,
1.903 + PRStatus *statusOpt
1.904 +);
1.905 +
1.906 +/*
1.907 + * NSSPublicKey_GetModule
1.908 + *
1.909 + * There doesn't have to be one.
1.910 + */
1.911 +
1.912 +NSS_EXTERN NSSModule *
1.913 +NSSPublicKey_GetModule
1.914 +(
1.915 + NSSPublicKey *bk,
1.916 + PRStatus *statusOpt
1.917 +);
1.918 +
1.919 +/*
1.920 + * NSSPublicKey_Encrypt
1.921 + *
1.922 + * Encrypt a single chunk of data with the public key corresponding to
1.923 + * this certificate.
1.924 + */
1.925 +
1.926 +NSS_EXTERN NSSItem *
1.927 +NSSPublicKey_Encrypt
1.928 +(
1.929 + NSSPublicKey *bk,
1.930 + NSSAlgorithmAndParameters *apOpt,
1.931 + NSSItem *data,
1.932 + NSSCallback *uhh,
1.933 + NSSItem *rvOpt,
1.934 + NSSArena *arenaOpt
1.935 +);
1.936 +
1.937 +/*
1.938 + * NSSPublicKey_Verify
1.939 + *
1.940 + */
1.941 +
1.942 +NSS_EXTERN PRStatus
1.943 +NSSPublicKey_Verify
1.944 +(
1.945 + NSSPublicKey *bk,
1.946 + NSSAlgorithmAndParameters *apOpt,
1.947 + NSSItem *data,
1.948 + NSSItem *signature,
1.949 + NSSCallback *uhh
1.950 +);
1.951 +
1.952 +/*
1.953 + * NSSPublicKey_VerifyRecover
1.954 + *
1.955 + */
1.956 +
1.957 +NSS_EXTERN NSSItem *
1.958 +NSSPublicKey_VerifyRecover
1.959 +(
1.960 + NSSPublicKey *bk,
1.961 + NSSAlgorithmAndParameters *apOpt,
1.962 + NSSItem *signature,
1.963 + NSSCallback *uhh,
1.964 + NSSItem *rvOpt,
1.965 + NSSArena *arenaOpt
1.966 +);
1.967 +
1.968 +/*
1.969 + * NSSPublicKey_WrapSymmetricKey
1.970 + *
1.971 + */
1.972 +
1.973 +NSS_EXTERN NSSItem *
1.974 +NSSPublicKey_WrapSymmetricKey
1.975 +(
1.976 + NSSPublicKey *bk,
1.977 + NSSAlgorithmAndParameters *apOpt,
1.978 + NSSSymmetricKey *keyToWrap,
1.979 + NSSCallback *uhh,
1.980 + NSSItem *rvOpt,
1.981 + NSSArena *arenaOpt
1.982 +);
1.983 +
1.984 +/*
1.985 + * NSSPublicKey_CreateCryptoContext
1.986 + *
1.987 + * Create a crypto context, in this key's trust domain, with this
1.988 + * as the distinguished public key.
1.989 + */
1.990 +
1.991 +NSS_EXTERN NSSCryptoContext *
1.992 +NSSPublicKey_CreateCryptoContext
1.993 +(
1.994 + NSSPublicKey *bk,
1.995 + NSSAlgorithmAndParameters *apOpt,
1.996 + NSSCallback *uhh
1.997 +);
1.998 +
1.999 +/*
1.1000 + * NSSPublicKey_FindCertificates
1.1001 + *
1.1002 + * Note that there may be more than one certificate for this
1.1003 + * public key. The current implementation may not find every
1.1004 + * last certificate available for this public key: that would
1.1005 + * involve trolling e.g. huge ldap databases, which will be
1.1006 + * grossly inefficient and not generally useful.
1.1007 + * { FilterCertificates function to further reduce the list }
1.1008 + */
1.1009 +
1.1010 +NSS_EXTERN NSSCertificate **
1.1011 +NSSPublicKey_FindCertificates
1.1012 +(
1.1013 + NSSPublicKey *bk,
1.1014 + NSSCertificate *rvOpt[],
1.1015 + PRUint32 maximumOpt, /* 0 for no max */
1.1016 + NSSArena *arenaOpt
1.1017 +);
1.1018 +
1.1019 +/*
1.1020 + * NSSPrivateKey_FindBestCertificate
1.1021 + *
1.1022 + * The parameters for this function will depend on what the users
1.1023 + * need. This is just a starting point.
1.1024 + */
1.1025 +
1.1026 +NSS_EXTERN NSSCertificate *
1.1027 +NSSPublicKey_FindBestCertificate
1.1028 +(
1.1029 + NSSPublicKey *bk,
1.1030 + NSSTime *timeOpt,
1.1031 + NSSUsage *usageOpt,
1.1032 + NSSPolicies *policiesOpt
1.1033 +);
1.1034 +
1.1035 +/*
1.1036 + * NSSPublicKey_FindPrivateKey
1.1037 + *
1.1038 + */
1.1039 +
1.1040 +NSS_EXTERN NSSPrivateKey *
1.1041 +NSSPublicKey_FindPrivateKey
1.1042 +(
1.1043 + NSSPublicKey *bk,
1.1044 + NSSCallback *uhh
1.1045 +);
1.1046 +
1.1047 +/*
1.1048 + * NSSSymmetricKey
1.1049 + *
1.1050 + */
1.1051 +
1.1052 +/*
1.1053 + * NSSSymmetricKey_Destroy
1.1054 + *
1.1055 + * Free a pointer to a symmetric key object.
1.1056 + */
1.1057 +
1.1058 +NSS_EXTERN PRStatus
1.1059 +NSSSymmetricKey_Destroy
1.1060 +(
1.1061 + NSSSymmetricKey *mk
1.1062 +);
1.1063 +
1.1064 +/*
1.1065 + * NSSSymmetricKey_DeleteStoredObject
1.1066 + *
1.1067 + * Permanently remove this object.
1.1068 + */
1.1069 +
1.1070 +NSS_EXTERN PRStatus
1.1071 +NSSSymmetricKey_DeleteStoredObject
1.1072 +(
1.1073 + NSSSymmetricKey *mk,
1.1074 + NSSCallback *uhh
1.1075 +);
1.1076 +
1.1077 +/*
1.1078 + * NSSSymmetricKey_GetKeyLength
1.1079 + *
1.1080 + */
1.1081 +
1.1082 +NSS_EXTERN PRUint32
1.1083 +NSSSymmetricKey_GetKeyLength
1.1084 +(
1.1085 + NSSSymmetricKey *mk
1.1086 +);
1.1087 +
1.1088 +/*
1.1089 + * NSSSymmetricKey_GetKeyStrength
1.1090 + *
1.1091 + */
1.1092 +
1.1093 +NSS_EXTERN PRUint32
1.1094 +NSSSymmetricKey_GetKeyStrength
1.1095 +(
1.1096 + NSSSymmetricKey *mk
1.1097 +);
1.1098 +
1.1099 +/*
1.1100 + * NSSSymmetricKey_IsStillPresent
1.1101 + *
1.1102 + */
1.1103 +
1.1104 +NSS_EXTERN PRStatus
1.1105 +NSSSymmetricKey_IsStillPresent
1.1106 +(
1.1107 + NSSSymmetricKey *mk
1.1108 +);
1.1109 +
1.1110 +/*
1.1111 + * NSSSymmetricKey_GetTrustDomain
1.1112 + *
1.1113 + * There doesn't have to be one.
1.1114 + */
1.1115 +
1.1116 +NSS_EXTERN NSSTrustDomain *
1.1117 +NSSSymmetricKey_GetTrustDomain
1.1118 +(
1.1119 + NSSSymmetricKey *mk,
1.1120 + PRStatus *statusOpt
1.1121 +);
1.1122 +
1.1123 +/*
1.1124 + * NSSSymmetricKey_GetToken
1.1125 + *
1.1126 + * There doesn't have to be one.
1.1127 + */
1.1128 +
1.1129 +NSS_EXTERN NSSToken *
1.1130 +NSSSymmetricKey_GetToken
1.1131 +(
1.1132 + NSSSymmetricKey *mk,
1.1133 + PRStatus *statusOpt
1.1134 +);
1.1135 +
1.1136 +/*
1.1137 + * NSSSymmetricKey_GetSlot
1.1138 + *
1.1139 + * There doesn't have to be one.
1.1140 + */
1.1141 +
1.1142 +NSS_EXTERN NSSSlot *
1.1143 +NSSSymmetricKey_GetSlot
1.1144 +(
1.1145 + NSSSymmetricKey *mk,
1.1146 + PRStatus *statusOpt
1.1147 +);
1.1148 +
1.1149 +/*
1.1150 + * NSSSymmetricKey_GetModule
1.1151 + *
1.1152 + * There doesn't have to be one.
1.1153 + */
1.1154 +
1.1155 +NSS_EXTERN NSSModule *
1.1156 +NSSSymmetricKey_GetModule
1.1157 +(
1.1158 + NSSSymmetricKey *mk,
1.1159 + PRStatus *statusOpt
1.1160 +);
1.1161 +
1.1162 +/*
1.1163 + * NSSSymmetricKey_Encrypt
1.1164 + *
1.1165 + */
1.1166 +
1.1167 +NSS_EXTERN NSSItem *
1.1168 +NSSSymmetricKey_Encrypt
1.1169 +(
1.1170 + NSSSymmetricKey *mk,
1.1171 + NSSAlgorithmAndParameters *apOpt,
1.1172 + NSSItem *data,
1.1173 + NSSCallback *uhh,
1.1174 + NSSItem *rvOpt,
1.1175 + NSSArena *arenaOpt
1.1176 +);
1.1177 +
1.1178 +/*
1.1179 + * NSSSymmetricKey_Decrypt
1.1180 + *
1.1181 + */
1.1182 +
1.1183 +NSS_EXTERN NSSItem *
1.1184 +NSSSymmetricKey_Decrypt
1.1185 +(
1.1186 + NSSSymmetricKey *mk,
1.1187 + NSSAlgorithmAndParameters *apOpt,
1.1188 + NSSItem *encryptedData,
1.1189 + NSSCallback *uhh,
1.1190 + NSSItem *rvOpt,
1.1191 + NSSArena *arenaOpt
1.1192 +);
1.1193 +
1.1194 +/*
1.1195 + * NSSSymmetricKey_Sign
1.1196 + *
1.1197 + */
1.1198 +
1.1199 +NSS_EXTERN NSSItem *
1.1200 +NSSSymmetricKey_Sign
1.1201 +(
1.1202 + NSSSymmetricKey *mk,
1.1203 + NSSAlgorithmAndParameters *apOpt,
1.1204 + NSSItem *data,
1.1205 + NSSCallback *uhh,
1.1206 + NSSItem *rvOpt,
1.1207 + NSSArena *arenaOpt
1.1208 +);
1.1209 +
1.1210 +/*
1.1211 + * NSSSymmetricKey_SignRecover
1.1212 + *
1.1213 + */
1.1214 +
1.1215 +NSS_EXTERN NSSItem *
1.1216 +NSSSymmetricKey_SignRecover
1.1217 +(
1.1218 + NSSSymmetricKey *mk,
1.1219 + NSSAlgorithmAndParameters *apOpt,
1.1220 + NSSItem *data,
1.1221 + NSSCallback *uhh,
1.1222 + NSSItem *rvOpt,
1.1223 + NSSArena *arenaOpt
1.1224 +);
1.1225 +
1.1226 +/*
1.1227 + * NSSSymmetricKey_Verify
1.1228 + *
1.1229 + */
1.1230 +
1.1231 +NSS_EXTERN PRStatus
1.1232 +NSSSymmetricKey_Verify
1.1233 +(
1.1234 + NSSSymmetricKey *mk,
1.1235 + NSSAlgorithmAndParameters *apOpt,
1.1236 + NSSItem *data,
1.1237 + NSSItem *signature,
1.1238 + NSSCallback *uhh
1.1239 +);
1.1240 +
1.1241 +/*
1.1242 + * NSSSymmetricKey_VerifyRecover
1.1243 + *
1.1244 + */
1.1245 +
1.1246 +NSS_EXTERN NSSItem *
1.1247 +NSSSymmetricKey_VerifyRecover
1.1248 +(
1.1249 + NSSSymmetricKey *mk,
1.1250 + NSSAlgorithmAndParameters *apOpt,
1.1251 + NSSItem *signature,
1.1252 + NSSCallback *uhh,
1.1253 + NSSItem *rvOpt,
1.1254 + NSSArena *arenaOpt
1.1255 +);
1.1256 +
1.1257 +/*
1.1258 + * NSSSymmetricKey_WrapSymmetricKey
1.1259 + *
1.1260 + */
1.1261 +
1.1262 +NSS_EXTERN NSSItem *
1.1263 +NSSSymmetricKey_WrapSymmetricKey
1.1264 +(
1.1265 + NSSSymmetricKey *wrappingKey,
1.1266 + NSSAlgorithmAndParameters *apOpt,
1.1267 + NSSSymmetricKey *keyToWrap,
1.1268 + NSSCallback *uhh,
1.1269 + NSSItem *rvOpt,
1.1270 + NSSArena *arenaOpt
1.1271 +);
1.1272 +
1.1273 +/*
1.1274 + * NSSSymmetricKey_WrapPrivateKey
1.1275 + *
1.1276 + */
1.1277 +
1.1278 +NSS_EXTERN NSSItem *
1.1279 +NSSSymmetricKey_WrapPrivateKey
1.1280 +(
1.1281 + NSSSymmetricKey *wrappingKey,
1.1282 + NSSAlgorithmAndParameters *apOpt,
1.1283 + NSSPrivateKey *keyToWrap,
1.1284 + NSSCallback *uhh,
1.1285 + NSSItem *rvOpt,
1.1286 + NSSArena *arenaOpt
1.1287 +);
1.1288 +
1.1289 +/*
1.1290 + * NSSSymmetricKey_UnwrapSymmetricKey
1.1291 + *
1.1292 + */
1.1293 +
1.1294 +NSS_EXTERN NSSSymmetricKey *
1.1295 +NSSSymmetricKey_UnwrapSymmetricKey
1.1296 +(
1.1297 + NSSSymmetricKey *wrappingKey,
1.1298 + NSSAlgorithmAndParameters *apOpt,
1.1299 + NSSItem *wrappedKey,
1.1300 + NSSOID *target,
1.1301 + PRUint32 keySizeOpt,
1.1302 + NSSOperations operations,
1.1303 + NSSCallback *uhh
1.1304 +);
1.1305 +
1.1306 +/*
1.1307 + * NSSSymmetricKey_UnwrapPrivateKey
1.1308 + *
1.1309 + */
1.1310 +
1.1311 +NSS_EXTERN NSSPrivateKey *
1.1312 +NSSSymmetricKey_UnwrapPrivateKey
1.1313 +(
1.1314 + NSSSymmetricKey *wrappingKey,
1.1315 + NSSAlgorithmAndParameters *apOpt,
1.1316 + NSSItem *wrappedKey,
1.1317 + NSSUTF8 *labelOpt,
1.1318 + NSSItem *keyIDOpt,
1.1319 + PRBool persistant,
1.1320 + PRBool sensitive,
1.1321 + NSSToken *destinationOpt,
1.1322 + NSSCallback *uhh
1.1323 +);
1.1324 +
1.1325 +/*
1.1326 + * NSSSymmetricKey_DeriveSymmetricKey
1.1327 + *
1.1328 + */
1.1329 +
1.1330 +NSS_EXTERN NSSSymmetricKey *
1.1331 +NSSSymmetricKey_DeriveSymmetricKey
1.1332 +(
1.1333 + NSSSymmetricKey *originalKey,
1.1334 + NSSAlgorithmAndParameters *apOpt,
1.1335 + NSSOID *target,
1.1336 + PRUint32 keySizeOpt,
1.1337 + NSSOperations operations,
1.1338 + NSSCallback *uhh
1.1339 +);
1.1340 +
1.1341 +/*
1.1342 + * NSSSymmetricKey_CreateCryptoContext
1.1343 + *
1.1344 + * Create a crypto context, in this key's trust domain,
1.1345 + * with this as the distinguished symmetric key.
1.1346 + */
1.1347 +
1.1348 +NSS_EXTERN NSSCryptoContext *
1.1349 +NSSSymmetricKey_CreateCryptoContext
1.1350 +(
1.1351 + NSSSymmetricKey *mk,
1.1352 + NSSAlgorithmAndParameters *apOpt,
1.1353 + NSSCallback *uhh
1.1354 +);
1.1355 +
1.1356 +/*
1.1357 + * NSSTrustDomain
1.1358 + *
1.1359 + */
1.1360 +
1.1361 +/*
1.1362 + * NSSTrustDomain_Create
1.1363 + *
1.1364 + * This creates a trust domain, optionally with an initial cryptoki
1.1365 + * module. If the module name is not null, the module is loaded if
1.1366 + * needed (using the uriOpt argument), and initialized with the
1.1367 + * opaqueOpt argument. If mumble mumble priority settings, then
1.1368 + * module-specification objects in the module can cause the loading
1.1369 + * and initialization of further modules.
1.1370 + *
1.1371 + * The uriOpt is defined to take a URI. At present, we only
1.1372 + * support file: URLs pointing to platform-native shared libraries.
1.1373 + * However, by specifying this as a URI, this keeps open the
1.1374 + * possibility of supporting other, possibly remote, resources.
1.1375 + *
1.1376 + * The "reserved" arguments is held for when we figure out the
1.1377 + * module priority stuff.
1.1378 + */
1.1379 +
1.1380 +NSS_EXTERN NSSTrustDomain *
1.1381 +NSSTrustDomain_Create
1.1382 +(
1.1383 + NSSUTF8 *moduleOpt,
1.1384 + NSSUTF8 *uriOpt,
1.1385 + NSSUTF8 *opaqueOpt,
1.1386 + void *reserved
1.1387 +);
1.1388 +
1.1389 +/*
1.1390 + * NSSTrustDomain_Destroy
1.1391 + *
1.1392 + */
1.1393 +
1.1394 +NSS_EXTERN PRStatus
1.1395 +NSSTrustDomain_Destroy
1.1396 +(
1.1397 + NSSTrustDomain *td
1.1398 +);
1.1399 +
1.1400 +/*
1.1401 + * NSSTrustDomain_SetDefaultCallback
1.1402 + *
1.1403 + */
1.1404 +
1.1405 +NSS_EXTERN PRStatus
1.1406 +NSSTrustDomain_SetDefaultCallback
1.1407 +(
1.1408 + NSSTrustDomain *td,
1.1409 + NSSCallback *newCallback,
1.1410 + NSSCallback **oldCallbackOpt
1.1411 +);
1.1412 +
1.1413 +/*
1.1414 + * NSSTrustDomain_GetDefaultCallback
1.1415 + *
1.1416 + */
1.1417 +
1.1418 +NSS_EXTERN NSSCallback *
1.1419 +NSSTrustDomain_GetDefaultCallback
1.1420 +(
1.1421 + NSSTrustDomain *td,
1.1422 + PRStatus *statusOpt
1.1423 +);
1.1424 +
1.1425 +/*
1.1426 + * Default policies?
1.1427 + * Default usage?
1.1428 + * Default time, for completeness?
1.1429 + */
1.1430 +
1.1431 +/*
1.1432 + * NSSTrustDomain_LoadModule
1.1433 + *
1.1434 + */
1.1435 +
1.1436 +NSS_EXTERN PRStatus
1.1437 +NSSTrustDomain_LoadModule
1.1438 +(
1.1439 + NSSTrustDomain *td,
1.1440 + NSSUTF8 *moduleOpt,
1.1441 + NSSUTF8 *uriOpt,
1.1442 + NSSUTF8 *opaqueOpt,
1.1443 + void *reserved
1.1444 +);
1.1445 +
1.1446 +/*
1.1447 + * NSSTrustDomain_AddModule
1.1448 + * NSSTrustDomain_AddSlot
1.1449 + * NSSTrustDomain_UnloadModule
1.1450 + * Managing modules, slots, tokens; priorities;
1.1451 + * Traversing all of the above
1.1452 + * this needs more work
1.1453 + */
1.1454 +
1.1455 +/*
1.1456 + * NSSTrustDomain_DisableToken
1.1457 + *
1.1458 + */
1.1459 +
1.1460 +NSS_EXTERN PRStatus
1.1461 +NSSTrustDomain_DisableToken
1.1462 +(
1.1463 + NSSTrustDomain *td,
1.1464 + NSSToken *token,
1.1465 + NSSError why
1.1466 +);
1.1467 +
1.1468 +/*
1.1469 + * NSSTrustDomain_EnableToken
1.1470 + *
1.1471 + */
1.1472 +
1.1473 +NSS_EXTERN PRStatus
1.1474 +NSSTrustDomain_EnableToken
1.1475 +(
1.1476 + NSSTrustDomain *td,
1.1477 + NSSToken *token
1.1478 +);
1.1479 +
1.1480 +/*
1.1481 + * NSSTrustDomain_IsTokenEnabled
1.1482 + *
1.1483 + * If disabled, "why" is always on the error stack.
1.1484 + * The optional argument is just for convenience.
1.1485 + */
1.1486 +
1.1487 +NSS_EXTERN PRStatus
1.1488 +NSSTrustDomain_IsTokenEnabled
1.1489 +(
1.1490 + NSSTrustDomain *td,
1.1491 + NSSToken *token,
1.1492 + NSSError *whyOpt
1.1493 +);
1.1494 +
1.1495 +/*
1.1496 + * NSSTrustDomain_FindSlotByName
1.1497 + *
1.1498 + */
1.1499 +
1.1500 +NSS_EXTERN NSSSlot *
1.1501 +NSSTrustDomain_FindSlotByName
1.1502 +(
1.1503 + NSSTrustDomain *td,
1.1504 + NSSUTF8 *slotName
1.1505 +);
1.1506 +
1.1507 +/*
1.1508 + * NSSTrustDomain_FindTokenByName
1.1509 + *
1.1510 + */
1.1511 +
1.1512 +NSS_EXTERN NSSToken *
1.1513 +NSSTrustDomain_FindTokenByName
1.1514 +(
1.1515 + NSSTrustDomain *td,
1.1516 + NSSUTF8 *tokenName
1.1517 +);
1.1518 +
1.1519 +/*
1.1520 + * NSSTrustDomain_FindTokenBySlotName
1.1521 + *
1.1522 + */
1.1523 +
1.1524 +NSS_EXTERN NSSToken *
1.1525 +NSSTrustDomain_FindTokenBySlotName
1.1526 +(
1.1527 + NSSTrustDomain *td,
1.1528 + NSSUTF8 *slotName
1.1529 +);
1.1530 +
1.1531 +/*
1.1532 + * NSSTrustDomain_FindBestTokenForAlgorithm
1.1533 + *
1.1534 + */
1.1535 +
1.1536 +NSS_EXTERN NSSToken *
1.1537 +NSSTrustDomain_FindTokenForAlgorithm
1.1538 +(
1.1539 + NSSTrustDomain *td,
1.1540 + NSSOID *algorithm
1.1541 +);
1.1542 +
1.1543 +/*
1.1544 + * NSSTrustDomain_FindBestTokenForAlgorithms
1.1545 + *
1.1546 + */
1.1547 +
1.1548 +NSS_EXTERN NSSToken *
1.1549 +NSSTrustDomain_FindBestTokenForAlgorithms
1.1550 +(
1.1551 + NSSTrustDomain *td,
1.1552 + NSSOID *algorithms[], /* may be null-terminated */
1.1553 + PRUint32 nAlgorithmsOpt /* limits the array if nonzero */
1.1554 +);
1.1555 +
1.1556 +/*
1.1557 + * NSSTrustDomain_Login
1.1558 + *
1.1559 + */
1.1560 +
1.1561 +NSS_EXTERN PRStatus
1.1562 +NSSTrustDomain_Login
1.1563 +(
1.1564 + NSSTrustDomain *td,
1.1565 + NSSCallback *uhhOpt
1.1566 +);
1.1567 +
1.1568 +/*
1.1569 + * NSSTrustDomain_Logout
1.1570 + *
1.1571 + */
1.1572 +
1.1573 +NSS_EXTERN PRStatus
1.1574 +NSSTrustDomain_Logout
1.1575 +(
1.1576 + NSSTrustDomain *td
1.1577 +);
1.1578 +
1.1579 +/* Importing things */
1.1580 +
1.1581 +/*
1.1582 + * NSSTrustDomain_ImportCertificate
1.1583 + *
1.1584 + * The implementation will pull some data out of the certificate
1.1585 + * (e.g. e-mail address) for use in pkcs#11 object attributes.
1.1586 + */
1.1587 +
1.1588 +NSS_EXTERN NSSCertificate *
1.1589 +NSSTrustDomain_ImportCertificate
1.1590 +(
1.1591 + NSSTrustDomain *td,
1.1592 + NSSCertificate *c
1.1593 +);
1.1594 +
1.1595 +/*
1.1596 + * NSSTrustDomain_ImportPKIXCertificate
1.1597 + *
1.1598 + */
1.1599 +
1.1600 +NSS_EXTERN NSSCertificate *
1.1601 +NSSTrustDomain_ImportPKIXCertificate
1.1602 +(
1.1603 + NSSTrustDomain *td,
1.1604 + /* declared as a struct until these "data types" are defined */
1.1605 + struct NSSPKIXCertificateStr *pc
1.1606 +);
1.1607 +
1.1608 +/*
1.1609 + * NSSTrustDomain_ImportEncodedCertificate
1.1610 + *
1.1611 + * Imports any type of certificate we support.
1.1612 + */
1.1613 +
1.1614 +NSS_EXTERN NSSCertificate *
1.1615 +NSSTrustDomain_ImportEncodedCertificate
1.1616 +(
1.1617 + NSSTrustDomain *td,
1.1618 + NSSBER *ber
1.1619 +);
1.1620 +
1.1621 +/*
1.1622 + * NSSTrustDomain_ImportEncodedCertificateChain
1.1623 + *
1.1624 + * If you just want the leaf, pass in a maximum of one.
1.1625 + */
1.1626 +
1.1627 +NSS_EXTERN NSSCertificate **
1.1628 +NSSTrustDomain_ImportEncodedCertificateChain
1.1629 +(
1.1630 + NSSTrustDomain *td,
1.1631 + NSSBER *ber,
1.1632 + NSSCertificate *rvOpt[],
1.1633 + PRUint32 maximumOpt, /* 0 for no max */
1.1634 + NSSArena *arenaOpt
1.1635 +);
1.1636 +
1.1637 +/*
1.1638 + * NSSTrustDomain_ImportEncodedPrivateKey
1.1639 + *
1.1640 + */
1.1641 +
1.1642 +NSS_EXTERN NSSPrivateKey *
1.1643 +NSSTrustDomain_ImportEncodedPrivateKey
1.1644 +(
1.1645 + NSSTrustDomain *td,
1.1646 + NSSBER *ber,
1.1647 + NSSItem *passwordOpt, /* NULL will cause a callback */
1.1648 + NSSCallback *uhhOpt,
1.1649 + NSSToken *destination
1.1650 +);
1.1651 +
1.1652 +/*
1.1653 + * NSSTrustDomain_ImportEncodedPublicKey
1.1654 + *
1.1655 + */
1.1656 +
1.1657 +NSS_EXTERN NSSPublicKey *
1.1658 +NSSTrustDomain_ImportEncodedPublicKey
1.1659 +(
1.1660 + NSSTrustDomain *td,
1.1661 + NSSBER *ber
1.1662 +);
1.1663 +
1.1664 +/* Other importations: S/MIME capabilities */
1.1665 +
1.1666 +/*
1.1667 + * NSSTrustDomain_FindBestCertificateByNickname
1.1668 + *
1.1669 + */
1.1670 +
1.1671 +NSS_EXTERN NSSCertificate *
1.1672 +NSSTrustDomain_FindBestCertificateByNickname
1.1673 +(
1.1674 + NSSTrustDomain *td,
1.1675 + const NSSUTF8 *name,
1.1676 + NSSTime *timeOpt, /* NULL for "now" */
1.1677 + NSSUsage *usage,
1.1678 + NSSPolicies *policiesOpt /* NULL for none */
1.1679 +);
1.1680 +
1.1681 +/*
1.1682 + * NSSTrustDomain_FindCertificatesByNickname
1.1683 + *
1.1684 + */
1.1685 +
1.1686 +NSS_EXTERN NSSCertificate **
1.1687 +NSSTrustDomain_FindCertificatesByNickname
1.1688 +(
1.1689 + NSSTrustDomain *td,
1.1690 + NSSUTF8 *name,
1.1691 + NSSCertificate *rvOpt[],
1.1692 + PRUint32 maximumOpt, /* 0 for no max */
1.1693 + NSSArena *arenaOpt
1.1694 +);
1.1695 +
1.1696 +/*
1.1697 + * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
1.1698 + *
1.1699 + */
1.1700 +
1.1701 +NSS_EXTERN NSSCertificate *
1.1702 +NSSTrustDomain_FindCertificateByIssuerAndSerialNumber
1.1703 +(
1.1704 + NSSTrustDomain *td,
1.1705 + NSSDER *issuer,
1.1706 + NSSDER *serialNumber
1.1707 +);
1.1708 +
1.1709 +/*
1.1710 + * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber
1.1711 + *
1.1712 + * Theoretically, this should never happen. However, some companies
1.1713 + * we know have issued duplicate certificates with the same issuer
1.1714 + * and serial number. Do we just ignore them? I'm thinking yes.
1.1715 + */
1.1716 +
1.1717 +/*
1.1718 + * NSSTrustDomain_FindBestCertificateBySubject
1.1719 + *
1.1720 + * This does not search through alternate names hidden in extensions.
1.1721 + */
1.1722 +
1.1723 +NSS_EXTERN NSSCertificate *
1.1724 +NSSTrustDomain_FindBestCertificateBySubject
1.1725 +(
1.1726 + NSSTrustDomain *td,
1.1727 + NSSDER /*NSSUTF8*/ *subject,
1.1728 + NSSTime *timeOpt,
1.1729 + NSSUsage *usage,
1.1730 + NSSPolicies *policiesOpt
1.1731 +);
1.1732 +
1.1733 +/*
1.1734 + * NSSTrustDomain_FindCertificatesBySubject
1.1735 + *
1.1736 + * This does not search through alternate names hidden in extensions.
1.1737 + */
1.1738 +
1.1739 +NSS_EXTERN NSSCertificate **
1.1740 +NSSTrustDomain_FindCertificatesBySubject
1.1741 +(
1.1742 + NSSTrustDomain *td,
1.1743 + NSSDER /*NSSUTF8*/ *subject,
1.1744 + NSSCertificate *rvOpt[],
1.1745 + PRUint32 maximumOpt, /* 0 for no max */
1.1746 + NSSArena *arenaOpt
1.1747 +);
1.1748 +
1.1749 +/*
1.1750 + * NSSTrustDomain_FindBestCertificateByNameComponents
1.1751 + *
1.1752 + * This call does try several tricks, including a pseudo pkcs#11
1.1753 + * attribute for the ldap module to try as a query. Eventually
1.1754 + * this call falls back to a traversal if that's what's required.
1.1755 + * It will search through alternate names hidden in extensions.
1.1756 + */
1.1757 +
1.1758 +NSS_EXTERN NSSCertificate *
1.1759 +NSSTrustDomain_FindBestCertificateByNameComponents
1.1760 +(
1.1761 + NSSTrustDomain *td,
1.1762 + NSSUTF8 *nameComponents,
1.1763 + NSSTime *timeOpt,
1.1764 + NSSUsage *usage,
1.1765 + NSSPolicies *policiesOpt
1.1766 +);
1.1767 +
1.1768 +/*
1.1769 + * NSSTrustDomain_FindCertificatesByNameComponents
1.1770 + *
1.1771 + * This call, too, tries several tricks. It will stop on the first
1.1772 + * attempt that generates results, so it won't e.g. traverse the
1.1773 + * entire ldap database.
1.1774 + */
1.1775 +
1.1776 +NSS_EXTERN NSSCertificate **
1.1777 +NSSTrustDomain_FindCertificatesByNameComponents
1.1778 +(
1.1779 + NSSTrustDomain *td,
1.1780 + NSSUTF8 *nameComponents,
1.1781 + NSSCertificate *rvOpt[],
1.1782 + PRUint32 maximumOpt, /* 0 for no max */
1.1783 + NSSArena *arenaOpt
1.1784 +);
1.1785 +
1.1786 +/*
1.1787 + * NSSTrustDomain_FindCertificateByEncodedCertificate
1.1788 + *
1.1789 + */
1.1790 +
1.1791 +NSS_EXTERN NSSCertificate *
1.1792 +NSSTrustDomain_FindCertificateByEncodedCertificate
1.1793 +(
1.1794 + NSSTrustDomain *td,
1.1795 + NSSBER *encodedCertificate
1.1796 +);
1.1797 +
1.1798 +/*
1.1799 + * NSSTrustDomain_FindBestCertificateByEmail
1.1800 + *
1.1801 + */
1.1802 +
1.1803 +NSS_EXTERN NSSCertificate *
1.1804 +NSSTrustDomain_FindCertificateByEmail
1.1805 +(
1.1806 + NSSTrustDomain *td,
1.1807 + NSSASCII7 *email,
1.1808 + NSSTime *timeOpt,
1.1809 + NSSUsage *usage,
1.1810 + NSSPolicies *policiesOpt
1.1811 +);
1.1812 +
1.1813 +/*
1.1814 + * NSSTrustDomain_FindCertificatesByEmail
1.1815 + *
1.1816 + */
1.1817 +
1.1818 +NSS_EXTERN NSSCertificate **
1.1819 +NSSTrustDomain_FindCertificatesByEmail
1.1820 +(
1.1821 + NSSTrustDomain *td,
1.1822 + NSSASCII7 *email,
1.1823 + NSSCertificate *rvOpt[],
1.1824 + PRUint32 maximumOpt, /* 0 for no max */
1.1825 + NSSArena *arenaOpt
1.1826 +);
1.1827 +
1.1828 +/*
1.1829 + * NSSTrustDomain_FindCertificateByOCSPHash
1.1830 + *
1.1831 + * There can be only one.
1.1832 + */
1.1833 +
1.1834 +NSS_EXTERN NSSCertificate *
1.1835 +NSSTrustDomain_FindCertificateByOCSPHash
1.1836 +(
1.1837 + NSSTrustDomain *td,
1.1838 + NSSItem *hash
1.1839 +);
1.1840 +
1.1841 +/*
1.1842 + * NSSTrustDomain_TraverseCertificates
1.1843 + *
1.1844 + * This function descends from one in older versions of NSS which
1.1845 + * traverses the certs in the permanent database. That function
1.1846 + * was used to implement selection routines, but was directly
1.1847 + * available too. Trust domains are going to contain a lot more
1.1848 + * certs now (e.g., an ldap server), so we'd really like to
1.1849 + * discourage traversal. Thus for now, this is commented out.
1.1850 + * If it's needed, let's look at the situation more closely to
1.1851 + * find out what the actual requirements are.
1.1852 + */
1.1853 +
1.1854 +/* For now, adding this function. This may only be for debugging
1.1855 + * purposes.
1.1856 + * Perhaps some equivalent function, on a specified token, will be
1.1857 + * needed in a "friend" header file?
1.1858 + */
1.1859 +NSS_EXTERN PRStatus *
1.1860 +NSSTrustDomain_TraverseCertificates
1.1861 +(
1.1862 + NSSTrustDomain *td,
1.1863 + PRStatus (*callback)(NSSCertificate *c, void *arg),
1.1864 + void *arg
1.1865 +);
1.1866 +
1.1867 +/*
1.1868 + * NSSTrustDomain_FindBestUserCertificate
1.1869 + *
1.1870 + */
1.1871 +
1.1872 +NSS_EXTERN NSSCertificate *
1.1873 +NSSTrustDomain_FindBestUserCertificate
1.1874 +(
1.1875 + NSSTrustDomain *td,
1.1876 + NSSTime *timeOpt,
1.1877 + NSSUsage *usage,
1.1878 + NSSPolicies *policiesOpt
1.1879 +);
1.1880 +
1.1881 +/*
1.1882 + * NSSTrustDomain_FindUserCertificates
1.1883 + *
1.1884 + */
1.1885 +
1.1886 +NSS_EXTERN NSSCertificate **
1.1887 +NSSTrustDomain_FindUserCertificates
1.1888 +(
1.1889 + NSSTrustDomain *td,
1.1890 + NSSTime *timeOpt,
1.1891 + NSSUsage *usageOpt,
1.1892 + NSSPolicies *policiesOpt,
1.1893 + NSSCertificate **rvOpt,
1.1894 + PRUint32 rvLimit, /* zero for no limit */
1.1895 + NSSArena *arenaOpt
1.1896 +);
1.1897 +
1.1898 +/*
1.1899 + * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
1.1900 + *
1.1901 + */
1.1902 +
1.1903 +NSS_EXTERN NSSCertificate *
1.1904 +NSSTrustDomain_FindBestUserCertificateForSSLClientAuth
1.1905 +(
1.1906 + NSSTrustDomain *td,
1.1907 + NSSUTF8 *sslHostOpt,
1.1908 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.1909 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.1910 + NSSAlgorithmAndParameters *apOpt,
1.1911 + NSSPolicies *policiesOpt
1.1912 +);
1.1913 +
1.1914 +/*
1.1915 + * NSSTrustDomain_FindUserCertificatesForSSLClientAuth
1.1916 + *
1.1917 + */
1.1918 +
1.1919 +NSS_EXTERN NSSCertificate **
1.1920 +NSSTrustDomain_FindUserCertificatesForSSLClientAuth
1.1921 +(
1.1922 + NSSTrustDomain *td,
1.1923 + NSSUTF8 *sslHostOpt,
1.1924 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.1925 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.1926 + NSSAlgorithmAndParameters *apOpt,
1.1927 + NSSPolicies *policiesOpt,
1.1928 + NSSCertificate **rvOpt,
1.1929 + PRUint32 rvLimit, /* zero for no limit */
1.1930 + NSSArena *arenaOpt
1.1931 +);
1.1932 +
1.1933 +/*
1.1934 + * NSSTrustDomain_FindBestUserCertificateForEmailSigning
1.1935 + *
1.1936 + */
1.1937 +
1.1938 +NSS_EXTERN NSSCertificate *
1.1939 +NSSTrustDomain_FindBestUserCertificateForEmailSigning
1.1940 +(
1.1941 + NSSTrustDomain *td,
1.1942 + NSSASCII7 *signerOpt,
1.1943 + NSSASCII7 *recipientOpt,
1.1944 + /* anything more here? */
1.1945 + NSSAlgorithmAndParameters *apOpt,
1.1946 + NSSPolicies *policiesOpt
1.1947 +);
1.1948 +
1.1949 +/*
1.1950 + * NSSTrustDomain_FindUserCertificatesForEmailSigning
1.1951 + *
1.1952 + */
1.1953 +
1.1954 +NSS_EXTERN NSSCertificate **
1.1955 +NSSTrustDomain_FindUserCertificatesForEmailSigning
1.1956 +(
1.1957 + NSSTrustDomain *td,
1.1958 + NSSASCII7 *signerOpt,
1.1959 + NSSASCII7 *recipientOpt,
1.1960 + /* anything more here? */
1.1961 + NSSAlgorithmAndParameters *apOpt,
1.1962 + NSSPolicies *policiesOpt,
1.1963 + NSSCertificate **rvOpt,
1.1964 + PRUint32 rvLimit, /* zero for no limit */
1.1965 + NSSArena *arenaOpt
1.1966 +);
1.1967 +
1.1968 +/*
1.1969 + * Here is where we'd add more Find[Best]UserCertificate[s]For<usage>
1.1970 + * routines.
1.1971 + */
1.1972 +
1.1973 +/* Private Keys */
1.1974 +
1.1975 +/*
1.1976 + * NSSTrustDomain_GenerateKeyPair
1.1977 + *
1.1978 + * Creates persistant objects. If you want session objects, use
1.1979 + * NSSCryptoContext_GenerateKeyPair. The destination token is where
1.1980 + * the keys are stored. If that token can do the required math, then
1.1981 + * that's where the keys are generated too. Otherwise, the keys are
1.1982 + * generated elsewhere and moved to that token.
1.1983 + */
1.1984 +
1.1985 +NSS_EXTERN PRStatus
1.1986 +NSSTrustDomain_GenerateKeyPair
1.1987 +(
1.1988 + NSSTrustDomain *td,
1.1989 + NSSAlgorithmAndParameters *ap,
1.1990 + NSSPrivateKey **pvkOpt,
1.1991 + NSSPublicKey **pbkOpt,
1.1992 + PRBool privateKeyIsSensitive,
1.1993 + NSSToken *destination,
1.1994 + NSSCallback *uhhOpt
1.1995 +);
1.1996 +
1.1997 +/*
1.1998 + * NSSTrustDomain_TraversePrivateKeys
1.1999 + *
1.2000 + *
1.2001 + * NSS_EXTERN PRStatus *
1.2002 + * NSSTrustDomain_TraversePrivateKeys
1.2003 + * (
1.2004 + * NSSTrustDomain *td,
1.2005 + * PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
1.2006 + * void *arg
1.2007 + * );
1.2008 + */
1.2009 +
1.2010 +/* Symmetric Keys */
1.2011 +
1.2012 +/*
1.2013 + * NSSTrustDomain_GenerateSymmetricKey
1.2014 + *
1.2015 + */
1.2016 +
1.2017 +NSS_EXTERN NSSSymmetricKey *
1.2018 +NSSTrustDomain_GenerateSymmetricKey
1.2019 +(
1.2020 + NSSTrustDomain *td,
1.2021 + NSSAlgorithmAndParameters *ap,
1.2022 + PRUint32 keysize,
1.2023 + NSSToken *destination,
1.2024 + NSSCallback *uhhOpt
1.2025 +);
1.2026 +
1.2027 +/*
1.2028 + * NSSTrustDomain_GenerateSymmetricKeyFromPassword
1.2029 + *
1.2030 + */
1.2031 +
1.2032 +NSS_EXTERN NSSSymmetricKey *
1.2033 +NSSTrustDomain_GenerateSymmetricKeyFromPassword
1.2034 +(
1.2035 + NSSTrustDomain *td,
1.2036 + NSSAlgorithmAndParameters *ap,
1.2037 + NSSUTF8 *passwordOpt, /* if null, prompt */
1.2038 + NSSToken *destinationOpt,
1.2039 + NSSCallback *uhhOpt
1.2040 +);
1.2041 +
1.2042 +/*
1.2043 + * NSSTrustDomain_FindSymmetricKeyByAlgorithm
1.2044 + *
1.2045 + * Is this still needed?
1.2046 + *
1.2047 + * NSS_EXTERN NSSSymmetricKey *
1.2048 + * NSSTrustDomain_FindSymmetricKeyByAlgorithm
1.2049 + * (
1.2050 + * NSSTrustDomain *td,
1.2051 + * NSSOID *algorithm,
1.2052 + * NSSCallback *uhhOpt
1.2053 + * );
1.2054 + */
1.2055 +
1.2056 +/*
1.2057 + * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
1.2058 + *
1.2059 + */
1.2060 +
1.2061 +NSS_EXTERN NSSSymmetricKey *
1.2062 +NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID
1.2063 +(
1.2064 + NSSTrustDomain *td,
1.2065 + NSSOID *algorithm,
1.2066 + NSSItem *keyID,
1.2067 + NSSCallback *uhhOpt
1.2068 +);
1.2069 +
1.2070 +/*
1.2071 + * NSSTrustDomain_TraverseSymmetricKeys
1.2072 + *
1.2073 + *
1.2074 + * NSS_EXTERN PRStatus *
1.2075 + * NSSTrustDomain_TraverseSymmetricKeys
1.2076 + * (
1.2077 + * NSSTrustDomain *td,
1.2078 + * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
1.2079 + * void *arg
1.2080 + * );
1.2081 + */
1.2082 +
1.2083 +/*
1.2084 + * NSSTrustDomain_CreateCryptoContext
1.2085 + *
1.2086 + * If a callback object is specified, it becomes the for the crypto
1.2087 + * context; otherwise, this trust domain's default (if any) is
1.2088 + * inherited.
1.2089 + */
1.2090 +
1.2091 +NSS_EXTERN NSSCryptoContext *
1.2092 +NSSTrustDomain_CreateCryptoContext
1.2093 +(
1.2094 + NSSTrustDomain *td,
1.2095 + NSSCallback *uhhOpt
1.2096 +);
1.2097 +
1.2098 +/*
1.2099 + * NSSTrustDomain_CreateCryptoContextForAlgorithm
1.2100 + *
1.2101 + */
1.2102 +
1.2103 +NSS_EXTERN NSSCryptoContext *
1.2104 +NSSTrustDomain_CreateCryptoContextForAlgorithm
1.2105 +(
1.2106 + NSSTrustDomain *td,
1.2107 + NSSOID *algorithm
1.2108 +);
1.2109 +
1.2110 +/*
1.2111 + * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
1.2112 + *
1.2113 + */
1.2114 +
1.2115 +NSS_EXTERN NSSCryptoContext *
1.2116 +NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters
1.2117 +(
1.2118 + NSSTrustDomain *td,
1.2119 + NSSAlgorithmAndParameters *ap
1.2120 +);
1.2121 +
1.2122 +/* find/traverse other objects, e.g. s/mime profiles */
1.2123 +
1.2124 +/*
1.2125 + * NSSCryptoContext
1.2126 + *
1.2127 + * A crypto context is sort of a short-term snapshot of a trust domain,
1.2128 + * used for the life of "one crypto operation." You can also think of
1.2129 + * it as a "temporary database."
1.2130 + *
1.2131 + * Just about all of the things you can do with a trust domain -- importing
1.2132 + * or creating certs, keys, etc. -- can be done with a crypto context.
1.2133 + * The difference is that the objects will be temporary ("session") objects.
1.2134 + *
1.2135 + * Also, if the context was created for a key, cert, and/or algorithm; or
1.2136 + * if such objects have been "associated" with the context, then the context
1.2137 + * can do everything the keys can, like crypto operations.
1.2138 + *
1.2139 + * And finally, because it keeps the state of the crypto operations, it
1.2140 + * can do streaming crypto ops.
1.2141 + */
1.2142 +
1.2143 +/*
1.2144 + * NSSTrustDomain_Destroy
1.2145 + *
1.2146 + */
1.2147 +
1.2148 +NSS_EXTERN PRStatus
1.2149 +NSSCryptoContext_Destroy
1.2150 +(
1.2151 + NSSCryptoContext *cc
1.2152 +);
1.2153 +
1.2154 +/* establishing a default callback */
1.2155 +
1.2156 +/*
1.2157 + * NSSCryptoContext_SetDefaultCallback
1.2158 + *
1.2159 + */
1.2160 +
1.2161 +NSS_EXTERN PRStatus
1.2162 +NSSCryptoContext_SetDefaultCallback
1.2163 +(
1.2164 + NSSCryptoContext *cc,
1.2165 + NSSCallback *newCallback,
1.2166 + NSSCallback **oldCallbackOpt
1.2167 +);
1.2168 +
1.2169 +/*
1.2170 + * NSSCryptoContext_GetDefaultCallback
1.2171 + *
1.2172 + */
1.2173 +
1.2174 +NSS_EXTERN NSSCallback *
1.2175 +NSSCryptoContext_GetDefaultCallback
1.2176 +(
1.2177 + NSSCryptoContext *cc,
1.2178 + PRStatus *statusOpt
1.2179 +);
1.2180 +
1.2181 +/*
1.2182 + * NSSCryptoContext_GetTrustDomain
1.2183 + *
1.2184 + */
1.2185 +
1.2186 +NSS_EXTERN NSSTrustDomain *
1.2187 +NSSCryptoContext_GetTrustDomain
1.2188 +(
1.2189 + NSSCryptoContext *cc
1.2190 +);
1.2191 +
1.2192 +/* AddModule, etc: should we allow "temporary" changes here? */
1.2193 +/* DisableToken, etc: ditto */
1.2194 +/* Ordering of tokens? */
1.2195 +/* Finding slots+token etc. */
1.2196 +/* login+logout */
1.2197 +
1.2198 +/* Importing things */
1.2199 +
1.2200 +/*
1.2201 + * NSSCryptoContext_FindOrImportCertificate
1.2202 + *
1.2203 + * If the certificate store already contains this DER cert, return the
1.2204 + * address of the matching NSSCertificate that is already in the store,
1.2205 + * and bump its reference count.
1.2206 + *
1.2207 + * If this DER cert is NOT already in the store, then add the new
1.2208 + * NSSCertificate to the store and bump its reference count,
1.2209 + * then return its address.
1.2210 + *
1.2211 + * if this DER cert is not in the store and cannot be added to it,
1.2212 + * return NULL;
1.2213 + *
1.2214 + * Record the associated crypto context in the certificate.
1.2215 + */
1.2216 +
1.2217 +NSS_EXTERN NSSCertificate *
1.2218 +NSSCryptoContext_FindOrImportCertificate (
1.2219 + NSSCryptoContext *cc,
1.2220 + NSSCertificate *c
1.2221 +);
1.2222 +
1.2223 +/*
1.2224 + * NSSCryptoContext_ImportPKIXCertificate
1.2225 + *
1.2226 + */
1.2227 +
1.2228 +NSS_EXTERN NSSCertificate *
1.2229 +NSSCryptoContext_ImportPKIXCertificate
1.2230 +(
1.2231 + NSSCryptoContext *cc,
1.2232 + struct NSSPKIXCertificateStr *pc
1.2233 +);
1.2234 +
1.2235 +/*
1.2236 + * NSSCryptoContext_ImportEncodedCertificate
1.2237 + *
1.2238 + */
1.2239 +
1.2240 +NSS_EXTERN NSSCertificate *
1.2241 +NSSCryptoContext_ImportEncodedCertificate
1.2242 +(
1.2243 + NSSCryptoContext *cc,
1.2244 + NSSBER *ber
1.2245 +);
1.2246 +
1.2247 +/*
1.2248 + * NSSCryptoContext_ImportEncodedPKIXCertificateChain
1.2249 + *
1.2250 + */
1.2251 +
1.2252 +NSS_EXTERN PRStatus
1.2253 +NSSCryptoContext_ImportEncodedPKIXCertificateChain
1.2254 +(
1.2255 + NSSCryptoContext *cc,
1.2256 + NSSBER *ber
1.2257 +);
1.2258 +
1.2259 +/* Other importations: S/MIME capabilities
1.2260 + */
1.2261 +
1.2262 +/*
1.2263 + * NSSCryptoContext_FindBestCertificateByNickname
1.2264 + *
1.2265 + */
1.2266 +
1.2267 +NSS_EXTERN NSSCertificate *
1.2268 +NSSCryptoContext_FindBestCertificateByNickname
1.2269 +(
1.2270 + NSSCryptoContext *cc,
1.2271 + const NSSUTF8 *name,
1.2272 + NSSTime *timeOpt, /* NULL for "now" */
1.2273 + NSSUsage *usage,
1.2274 + NSSPolicies *policiesOpt /* NULL for none */
1.2275 +);
1.2276 +
1.2277 +/*
1.2278 + * NSSCryptoContext_FindCertificatesByNickname
1.2279 + *
1.2280 + */
1.2281 +
1.2282 +NSS_EXTERN NSSCertificate **
1.2283 +NSSCryptoContext_FindCertificatesByNickname
1.2284 +(
1.2285 + NSSCryptoContext *cc,
1.2286 + NSSUTF8 *name,
1.2287 + NSSCertificate *rvOpt[],
1.2288 + PRUint32 maximumOpt, /* 0 for no max */
1.2289 + NSSArena *arenaOpt
1.2290 +);
1.2291 +
1.2292 +/*
1.2293 + * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
1.2294 + *
1.2295 + */
1.2296 +
1.2297 +NSS_EXTERN NSSCertificate *
1.2298 +NSSCryptoContext_FindCertificateByIssuerAndSerialNumber
1.2299 +(
1.2300 + NSSCryptoContext *cc,
1.2301 + NSSDER *issuer,
1.2302 + NSSDER *serialNumber
1.2303 +);
1.2304 +
1.2305 +/*
1.2306 + * NSSCryptoContext_FindBestCertificateBySubject
1.2307 + *
1.2308 + * This does not search through alternate names hidden in extensions.
1.2309 + */
1.2310 +
1.2311 +NSS_EXTERN NSSCertificate *
1.2312 +NSSCryptoContext_FindBestCertificateBySubject
1.2313 +(
1.2314 + NSSCryptoContext *cc,
1.2315 + NSSDER /*NSSUTF8*/ *subject,
1.2316 + NSSTime *timeOpt,
1.2317 + NSSUsage *usage,
1.2318 + NSSPolicies *policiesOpt
1.2319 +);
1.2320 +
1.2321 +/*
1.2322 + * NSSCryptoContext_FindCertificatesBySubject
1.2323 + *
1.2324 + * This does not search through alternate names hidden in extensions.
1.2325 + */
1.2326 +
1.2327 +NSS_EXTERN NSSCertificate **
1.2328 +NSSCryptoContext_FindCertificatesBySubject
1.2329 +(
1.2330 + NSSCryptoContext *cc,
1.2331 + NSSDER /*NSSUTF8*/ *subject,
1.2332 + NSSCertificate *rvOpt[],
1.2333 + PRUint32 maximumOpt, /* 0 for no max */
1.2334 + NSSArena *arenaOpt
1.2335 +);
1.2336 +
1.2337 +/*
1.2338 + * NSSCryptoContext_FindBestCertificateByNameComponents
1.2339 + *
1.2340 + * This call does try several tricks, including a pseudo pkcs#11
1.2341 + * attribute for the ldap module to try as a query. Eventually
1.2342 + * this call falls back to a traversal if that's what's required.
1.2343 + * It will search through alternate names hidden in extensions.
1.2344 + */
1.2345 +
1.2346 +NSS_EXTERN NSSCertificate *
1.2347 +NSSCryptoContext_FindBestCertificateByNameComponents
1.2348 +(
1.2349 + NSSCryptoContext *cc,
1.2350 + NSSUTF8 *nameComponents,
1.2351 + NSSTime *timeOpt,
1.2352 + NSSUsage *usage,
1.2353 + NSSPolicies *policiesOpt
1.2354 +);
1.2355 +
1.2356 +/*
1.2357 + * NSSCryptoContext_FindCertificatesByNameComponents
1.2358 + *
1.2359 + * This call, too, tries several tricks. It will stop on the first
1.2360 + * attempt that generates results, so it won't e.g. traverse the
1.2361 + * entire ldap database.
1.2362 + */
1.2363 +
1.2364 +NSS_EXTERN NSSCertificate **
1.2365 +NSSCryptoContext_FindCertificatesByNameComponents
1.2366 +(
1.2367 + NSSCryptoContext *cc,
1.2368 + NSSUTF8 *nameComponents,
1.2369 + NSSCertificate *rvOpt[],
1.2370 + PRUint32 maximumOpt, /* 0 for no max */
1.2371 + NSSArena *arenaOpt
1.2372 +);
1.2373 +
1.2374 +/*
1.2375 + * NSSCryptoContext_FindCertificateByEncodedCertificate
1.2376 + *
1.2377 + */
1.2378 +
1.2379 +NSS_EXTERN NSSCertificate *
1.2380 +NSSCryptoContext_FindCertificateByEncodedCertificate
1.2381 +(
1.2382 + NSSCryptoContext *cc,
1.2383 + NSSBER *encodedCertificate
1.2384 +);
1.2385 +
1.2386 +/*
1.2387 + * NSSCryptoContext_FindBestCertificateByEmail
1.2388 + *
1.2389 + */
1.2390 +
1.2391 +NSS_EXTERN NSSCertificate *
1.2392 +NSSCryptoContext_FindBestCertificateByEmail
1.2393 +(
1.2394 + NSSCryptoContext *cc,
1.2395 + NSSASCII7 *email,
1.2396 + NSSTime *timeOpt,
1.2397 + NSSUsage *usage,
1.2398 + NSSPolicies *policiesOpt
1.2399 +);
1.2400 +
1.2401 +/*
1.2402 + * NSSCryptoContext_FindCertificatesByEmail
1.2403 + *
1.2404 + */
1.2405 +
1.2406 +NSS_EXTERN NSSCertificate **
1.2407 +NSSCryptoContext_FindCertificatesByEmail
1.2408 +(
1.2409 + NSSCryptoContext *cc,
1.2410 + NSSASCII7 *email,
1.2411 + NSSCertificate *rvOpt[],
1.2412 + PRUint32 maximumOpt, /* 0 for no max */
1.2413 + NSSArena *arenaOpt
1.2414 +);
1.2415 +
1.2416 +/*
1.2417 + * NSSCryptoContext_FindCertificateByOCSPHash
1.2418 + *
1.2419 + */
1.2420 +
1.2421 +NSS_EXTERN NSSCertificate *
1.2422 +NSSCryptoContext_FindCertificateByOCSPHash
1.2423 +(
1.2424 + NSSCryptoContext *cc,
1.2425 + NSSItem *hash
1.2426 +);
1.2427 +
1.2428 +/*
1.2429 + * NSSCryptoContext_TraverseCertificates
1.2430 + *
1.2431 + *
1.2432 + * NSS_EXTERN PRStatus *
1.2433 + * NSSCryptoContext_TraverseCertificates
1.2434 + * (
1.2435 + * NSSCryptoContext *cc,
1.2436 + * PRStatus (*callback)(NSSCertificate *c, void *arg),
1.2437 + * void *arg
1.2438 + * );
1.2439 + */
1.2440 +
1.2441 +/*
1.2442 + * NSSCryptoContext_FindBestUserCertificate
1.2443 + *
1.2444 + */
1.2445 +
1.2446 +NSS_EXTERN NSSCertificate *
1.2447 +NSSCryptoContext_FindBestUserCertificate
1.2448 +(
1.2449 + NSSCryptoContext *cc,
1.2450 + NSSTime *timeOpt,
1.2451 + NSSUsage *usage,
1.2452 + NSSPolicies *policiesOpt
1.2453 +);
1.2454 +
1.2455 +/*
1.2456 + * NSSCryptoContext_FindUserCertificates
1.2457 + *
1.2458 + */
1.2459 +
1.2460 +NSS_EXTERN NSSCertificate **
1.2461 +NSSCryptoContext_FindUserCertificates
1.2462 +(
1.2463 + NSSCryptoContext *cc,
1.2464 + NSSTime *timeOpt,
1.2465 + NSSUsage *usageOpt,
1.2466 + NSSPolicies *policiesOpt,
1.2467 + NSSCertificate **rvOpt,
1.2468 + PRUint32 rvLimit, /* zero for no limit */
1.2469 + NSSArena *arenaOpt
1.2470 +);
1.2471 +
1.2472 +/*
1.2473 + * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
1.2474 + *
1.2475 + */
1.2476 +
1.2477 +NSS_EXTERN NSSCertificate *
1.2478 +NSSCryptoContext_FindBestUserCertificateForSSLClientAuth
1.2479 +(
1.2480 + NSSCryptoContext *cc,
1.2481 + NSSUTF8 *sslHostOpt,
1.2482 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.2483 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.2484 + NSSAlgorithmAndParameters *apOpt,
1.2485 + NSSPolicies *policiesOpt
1.2486 +);
1.2487 +
1.2488 +/*
1.2489 + * NSSCryptoContext_FindUserCertificatesForSSLClientAuth
1.2490 + *
1.2491 + */
1.2492 +
1.2493 +NSS_EXTERN NSSCertificate **
1.2494 +NSSCryptoContext_FindUserCertificatesForSSLClientAuth
1.2495 +(
1.2496 + NSSCryptoContext *cc,
1.2497 + NSSUTF8 *sslHostOpt,
1.2498 + NSSDER *rootCAsOpt[], /* null pointer for none */
1.2499 + PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */
1.2500 + NSSAlgorithmAndParameters *apOpt,
1.2501 + NSSPolicies *policiesOpt,
1.2502 + NSSCertificate **rvOpt,
1.2503 + PRUint32 rvLimit, /* zero for no limit */
1.2504 + NSSArena *arenaOpt
1.2505 +);
1.2506 +
1.2507 +/*
1.2508 + * NSSCryptoContext_FindBestUserCertificateForEmailSigning
1.2509 + *
1.2510 + */
1.2511 +
1.2512 +NSS_EXTERN NSSCertificate *
1.2513 +NSSCryptoContext_FindBestUserCertificateForEmailSigning
1.2514 +(
1.2515 + NSSCryptoContext *cc,
1.2516 + NSSASCII7 *signerOpt,
1.2517 + NSSASCII7 *recipientOpt,
1.2518 + /* anything more here? */
1.2519 + NSSAlgorithmAndParameters *apOpt,
1.2520 + NSSPolicies *policiesOpt
1.2521 +);
1.2522 +
1.2523 +/*
1.2524 + * NSSCryptoContext_FindUserCertificatesForEmailSigning
1.2525 + *
1.2526 + */
1.2527 +
1.2528 +NSS_EXTERN NSSCertificate *
1.2529 +NSSCryptoContext_FindUserCertificatesForEmailSigning
1.2530 +(
1.2531 + NSSCryptoContext *cc,
1.2532 + NSSASCII7 *signerOpt, /* fgmr or a more general name? */
1.2533 + NSSASCII7 *recipientOpt,
1.2534 + /* anything more here? */
1.2535 + NSSAlgorithmAndParameters *apOpt,
1.2536 + NSSPolicies *policiesOpt,
1.2537 + NSSCertificate **rvOpt,
1.2538 + PRUint32 rvLimit, /* zero for no limit */
1.2539 + NSSArena *arenaOpt
1.2540 +);
1.2541 +
1.2542 +/* Private Keys */
1.2543 +
1.2544 +/*
1.2545 + * NSSCryptoContext_GenerateKeyPair
1.2546 + *
1.2547 + * Creates session objects. If you want persistant objects, use
1.2548 + * NSSTrustDomain_GenerateKeyPair. The destination token is where
1.2549 + * the keys are stored. If that token can do the required math, then
1.2550 + * that's where the keys are generated too. Otherwise, the keys are
1.2551 + * generated elsewhere and moved to that token.
1.2552 + */
1.2553 +
1.2554 +NSS_EXTERN PRStatus
1.2555 +NSSCryptoContext_GenerateKeyPair
1.2556 +(
1.2557 + NSSCryptoContext *cc,
1.2558 + NSSAlgorithmAndParameters *ap,
1.2559 + NSSPrivateKey **pvkOpt,
1.2560 + NSSPublicKey **pbkOpt,
1.2561 + PRBool privateKeyIsSensitive,
1.2562 + NSSToken *destination,
1.2563 + NSSCallback *uhhOpt
1.2564 +);
1.2565 +
1.2566 +/*
1.2567 + * NSSCryptoContext_TraversePrivateKeys
1.2568 + *
1.2569 + *
1.2570 + * NSS_EXTERN PRStatus *
1.2571 + * NSSCryptoContext_TraversePrivateKeys
1.2572 + * (
1.2573 + * NSSCryptoContext *cc,
1.2574 + * PRStatus (*callback)(NSSPrivateKey *vk, void *arg),
1.2575 + * void *arg
1.2576 + * );
1.2577 + */
1.2578 +
1.2579 +/* Symmetric Keys */
1.2580 +
1.2581 +/*
1.2582 + * NSSCryptoContext_GenerateSymmetricKey
1.2583 + *
1.2584 + */
1.2585 +
1.2586 +NSS_EXTERN NSSSymmetricKey *
1.2587 +NSSCryptoContext_GenerateSymmetricKey
1.2588 +(
1.2589 + NSSCryptoContext *cc,
1.2590 + NSSAlgorithmAndParameters *ap,
1.2591 + PRUint32 keysize,
1.2592 + NSSToken *destination,
1.2593 + NSSCallback *uhhOpt
1.2594 +);
1.2595 +
1.2596 +/*
1.2597 + * NSSCryptoContext_GenerateSymmetricKeyFromPassword
1.2598 + *
1.2599 + */
1.2600 +
1.2601 +NSS_EXTERN NSSSymmetricKey *
1.2602 +NSSCryptoContext_GenerateSymmetricKeyFromPassword
1.2603 +(
1.2604 + NSSCryptoContext *cc,
1.2605 + NSSAlgorithmAndParameters *ap,
1.2606 + NSSUTF8 *passwordOpt, /* if null, prompt */
1.2607 + NSSToken *destinationOpt,
1.2608 + NSSCallback *uhhOpt
1.2609 +);
1.2610 +
1.2611 +/*
1.2612 + * NSSCryptoContext_FindSymmetricKeyByAlgorithm
1.2613 + *
1.2614 + *
1.2615 + * NSS_EXTERN NSSSymmetricKey *
1.2616 + * NSSCryptoContext_FindSymmetricKeyByType
1.2617 + * (
1.2618 + * NSSCryptoContext *cc,
1.2619 + * NSSOID *type,
1.2620 + * NSSCallback *uhhOpt
1.2621 + * );
1.2622 + */
1.2623 +
1.2624 +/*
1.2625 + * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
1.2626 + *
1.2627 + */
1.2628 +
1.2629 +NSS_EXTERN NSSSymmetricKey *
1.2630 +NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID
1.2631 +(
1.2632 + NSSCryptoContext *cc,
1.2633 + NSSOID *algorithm,
1.2634 + NSSItem *keyID,
1.2635 + NSSCallback *uhhOpt
1.2636 +);
1.2637 +
1.2638 +/*
1.2639 + * NSSCryptoContext_TraverseSymmetricKeys
1.2640 + *
1.2641 + *
1.2642 + * NSS_EXTERN PRStatus *
1.2643 + * NSSCryptoContext_TraverseSymmetricKeys
1.2644 + * (
1.2645 + * NSSCryptoContext *cc,
1.2646 + * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg),
1.2647 + * void *arg
1.2648 + * );
1.2649 + */
1.2650 +
1.2651 +/* Crypto ops on distinguished keys */
1.2652 +
1.2653 +/*
1.2654 + * NSSCryptoContext_Decrypt
1.2655 + *
1.2656 + */
1.2657 +
1.2658 +NSS_EXTERN NSSItem *
1.2659 +NSSCryptoContext_Decrypt
1.2660 +(
1.2661 + NSSCryptoContext *cc,
1.2662 + NSSAlgorithmAndParameters *apOpt,
1.2663 + NSSItem *encryptedData,
1.2664 + NSSCallback *uhhOpt,
1.2665 + NSSItem *rvOpt,
1.2666 + NSSArena *arenaOpt
1.2667 +);
1.2668 +
1.2669 +/*
1.2670 + * NSSCryptoContext_BeginDecrypt
1.2671 + *
1.2672 + */
1.2673 +
1.2674 +NSS_EXTERN PRStatus
1.2675 +NSSCryptoContext_BeginDecrypt
1.2676 +(
1.2677 + NSSCryptoContext *cc,
1.2678 + NSSAlgorithmAndParameters *apOpt,
1.2679 + NSSCallback *uhhOpt
1.2680 +);
1.2681 +
1.2682 +/*
1.2683 + * NSSCryptoContext_ContinueDecrypt
1.2684 + *
1.2685 + */
1.2686 +
1.2687 +/*
1.2688 + * NSSItem semantics:
1.2689 + *
1.2690 + * If rvOpt is NULL, a new NSSItem and buffer are allocated.
1.2691 + * If rvOpt is not null, but the buffer pointer is null,
1.2692 + * then rvOpt is returned but a new buffer is allocated.
1.2693 + * In this case, if the length value is not zero, then
1.2694 + * no more than that much space will be allocated.
1.2695 + * If rvOpt is not null and the buffer pointer is not null,
1.2696 + * then that buffer is re-used. No more than the buffer
1.2697 + * length value will be used; if it's not enough, an
1.2698 + * error is returned. If less is used, the number is
1.2699 + * adjusted downwards.
1.2700 + *
1.2701 + * Note that although this is short of some ideal "Item"
1.2702 + * definition, we can usually tell how big these buffers
1.2703 + * have to be.
1.2704 + *
1.2705 + * Feedback is requested; and earlier is better than later.
1.2706 + */
1.2707 +
1.2708 +NSS_EXTERN NSSItem *
1.2709 +NSSCryptoContext_ContinueDecrypt
1.2710 +(
1.2711 + NSSCryptoContext *cc,
1.2712 + NSSItem *data,
1.2713 + NSSItem *rvOpt,
1.2714 + NSSArena *arenaOpt
1.2715 +);
1.2716 +
1.2717 +/*
1.2718 + * NSSCryptoContext_FinishDecrypt
1.2719 + *
1.2720 + */
1.2721 +
1.2722 +NSS_EXTERN NSSItem *
1.2723 +NSSCryptoContext_FinishDecrypt
1.2724 +(
1.2725 + NSSCryptoContext *cc,
1.2726 + NSSItem *rvOpt,
1.2727 + NSSArena *arenaOpt
1.2728 +);
1.2729 +
1.2730 +/*
1.2731 + * NSSCryptoContext_Sign
1.2732 + *
1.2733 + */
1.2734 +
1.2735 +NSS_EXTERN NSSItem *
1.2736 +NSSCryptoContext_Sign
1.2737 +(
1.2738 + NSSCryptoContext *cc,
1.2739 + NSSAlgorithmAndParameters *apOpt,
1.2740 + NSSItem *data,
1.2741 + NSSCallback *uhhOpt,
1.2742 + NSSItem *rvOpt,
1.2743 + NSSArena *arenaOpt
1.2744 +);
1.2745 +
1.2746 +/*
1.2747 + * NSSCryptoContext_BeginSign
1.2748 + *
1.2749 + */
1.2750 +
1.2751 +NSS_EXTERN PRStatus
1.2752 +NSSCryptoContext_BeginSign
1.2753 +(
1.2754 + NSSCryptoContext *cc,
1.2755 + NSSAlgorithmAndParameters *apOpt,
1.2756 + NSSCallback *uhhOpt
1.2757 +);
1.2758 +
1.2759 +/*
1.2760 + * NSSCryptoContext_ContinueSign
1.2761 + *
1.2762 + */
1.2763 +
1.2764 +NSS_EXTERN PRStatus
1.2765 +NSSCryptoContext_ContinueSign
1.2766 +(
1.2767 + NSSCryptoContext *cc,
1.2768 + NSSItem *data
1.2769 +);
1.2770 +
1.2771 +/*
1.2772 + * NSSCryptoContext_FinishSign
1.2773 + *
1.2774 + */
1.2775 +
1.2776 +NSS_EXTERN NSSItem *
1.2777 +NSSCryptoContext_FinishSign
1.2778 +(
1.2779 + NSSCryptoContext *cc,
1.2780 + NSSItem *rvOpt,
1.2781 + NSSArena *arenaOpt
1.2782 +);
1.2783 +
1.2784 +/*
1.2785 + * NSSCryptoContext_SignRecover
1.2786 + *
1.2787 + */
1.2788 +
1.2789 +NSS_EXTERN NSSItem *
1.2790 +NSSCryptoContext_SignRecover
1.2791 +(
1.2792 + NSSCryptoContext *cc,
1.2793 + NSSAlgorithmAndParameters *apOpt,
1.2794 + NSSItem *data,
1.2795 + NSSCallback *uhhOpt,
1.2796 + NSSItem *rvOpt,
1.2797 + NSSArena *arenaOpt
1.2798 +);
1.2799 +
1.2800 +/*
1.2801 + * NSSCryptoContext_BeginSignRecover
1.2802 + *
1.2803 + */
1.2804 +
1.2805 +NSS_EXTERN PRStatus
1.2806 +NSSCryptoContext_BeginSignRecover
1.2807 +(
1.2808 + NSSCryptoContext *cc,
1.2809 + NSSAlgorithmAndParameters *apOpt,
1.2810 + NSSCallback *uhhOpt
1.2811 +);
1.2812 +
1.2813 +/*
1.2814 + * NSSCryptoContext_ContinueSignRecover
1.2815 + *
1.2816 + */
1.2817 +
1.2818 +NSS_EXTERN NSSItem *
1.2819 +NSSCryptoContext_ContinueSignRecover
1.2820 +(
1.2821 + NSSCryptoContext *cc,
1.2822 + NSSItem *data,
1.2823 + NSSItem *rvOpt,
1.2824 + NSSArena *arenaOpt
1.2825 +);
1.2826 +
1.2827 +/*
1.2828 + * NSSCryptoContext_FinishSignRecover
1.2829 + *
1.2830 + */
1.2831 +
1.2832 +NSS_EXTERN NSSItem *
1.2833 +NSSCryptoContext_FinishSignRecover
1.2834 +(
1.2835 + NSSCryptoContext *cc,
1.2836 + NSSItem *rvOpt,
1.2837 + NSSArena *arenaOpt
1.2838 +);
1.2839 +
1.2840 +/*
1.2841 + * NSSCryptoContext_UnwrapSymmetricKey
1.2842 + *
1.2843 + */
1.2844 +
1.2845 +NSS_EXTERN NSSSymmetricKey *
1.2846 +NSSCryptoContext_UnwrapSymmetricKey
1.2847 +(
1.2848 + NSSCryptoContext *cc,
1.2849 + NSSAlgorithmAndParameters *apOpt,
1.2850 + NSSItem *wrappedKey,
1.2851 + NSSCallback *uhhOpt
1.2852 +);
1.2853 +
1.2854 +/*
1.2855 + * NSSCryptoContext_DeriveSymmetricKey
1.2856 + *
1.2857 + */
1.2858 +
1.2859 +NSS_EXTERN NSSSymmetricKey *
1.2860 +NSSCryptoContext_DeriveSymmetricKey
1.2861 +(
1.2862 + NSSCryptoContext *cc,
1.2863 + NSSPublicKey *bk,
1.2864 + NSSAlgorithmAndParameters *apOpt,
1.2865 + NSSOID *target,
1.2866 + PRUint32 keySizeOpt, /* zero for best allowed */
1.2867 + NSSOperations operations,
1.2868 + NSSCallback *uhhOpt
1.2869 +);
1.2870 +
1.2871 +/*
1.2872 + * NSSCryptoContext_Encrypt
1.2873 + *
1.2874 + * Encrypt a single chunk of data with the distinguished public key
1.2875 + * of this crypto context.
1.2876 + */
1.2877 +
1.2878 +NSS_EXTERN NSSItem *
1.2879 +NSSCryptoContext_Encrypt
1.2880 +(
1.2881 + NSSCryptoContext *cc,
1.2882 + NSSAlgorithmAndParameters *apOpt,
1.2883 + NSSItem *data,
1.2884 + NSSCallback *uhhOpt,
1.2885 + NSSItem *rvOpt,
1.2886 + NSSArena *arenaOpt
1.2887 +);
1.2888 +
1.2889 +/*
1.2890 + * NSSCryptoContext_BeginEncrypt
1.2891 + *
1.2892 + */
1.2893 +
1.2894 +NSS_EXTERN PRStatus
1.2895 +NSSCryptoContext_BeginEncrypt
1.2896 +(
1.2897 + NSSCryptoContext *cc,
1.2898 + NSSAlgorithmAndParameters *apOpt,
1.2899 + NSSCallback *uhhOpt
1.2900 +);
1.2901 +
1.2902 +/*
1.2903 + * NSSCryptoContext_ContinueEncrypt
1.2904 + *
1.2905 + */
1.2906 +
1.2907 +NSS_EXTERN NSSItem *
1.2908 +NSSCryptoContext_ContinueEncrypt
1.2909 +(
1.2910 + NSSCryptoContext *cc,
1.2911 + NSSItem *data,
1.2912 + NSSItem *rvOpt,
1.2913 + NSSArena *arenaOpt
1.2914 +);
1.2915 +
1.2916 +/*
1.2917 + * NSSCryptoContext_FinishEncrypt
1.2918 + *
1.2919 + */
1.2920 +
1.2921 +NSS_EXTERN NSSItem *
1.2922 +NSSCryptoContext_FinishEncrypt
1.2923 +(
1.2924 + NSSCryptoContext *cc,
1.2925 + NSSItem *rvOpt,
1.2926 + NSSArena *arenaOpt
1.2927 +);
1.2928 +
1.2929 +/*
1.2930 + * NSSCryptoContext_Verify
1.2931 + *
1.2932 + */
1.2933 +
1.2934 +NSS_EXTERN PRStatus
1.2935 +NSSCryptoContext_Verify
1.2936 +(
1.2937 + NSSCryptoContext *cc,
1.2938 + NSSAlgorithmAndParameters *apOpt,
1.2939 + NSSItem *data,
1.2940 + NSSItem *signature,
1.2941 + NSSCallback *uhhOpt
1.2942 +);
1.2943 +
1.2944 +/*
1.2945 + * NSSCryptoContext_BeginVerify
1.2946 + *
1.2947 + */
1.2948 +
1.2949 +NSS_EXTERN PRStatus
1.2950 +NSSCryptoContext_BeginVerify
1.2951 +(
1.2952 + NSSCryptoContext *cc,
1.2953 + NSSAlgorithmAndParameters *apOpt,
1.2954 + NSSItem *signature,
1.2955 + NSSCallback *uhhOpt
1.2956 +);
1.2957 +
1.2958 +/*
1.2959 + * NSSCryptoContext_ContinueVerify
1.2960 + *
1.2961 + */
1.2962 +
1.2963 +NSS_EXTERN PRStatus
1.2964 +NSSCryptoContext_ContinueVerify
1.2965 +(
1.2966 + NSSCryptoContext *cc,
1.2967 + NSSItem *data
1.2968 +);
1.2969 +
1.2970 +/*
1.2971 + * NSSCryptoContext_FinishVerify
1.2972 + *
1.2973 + */
1.2974 +
1.2975 +NSS_EXTERN PRStatus
1.2976 +NSSCryptoContext_FinishVerify
1.2977 +(
1.2978 + NSSCryptoContext *cc
1.2979 +);
1.2980 +
1.2981 +/*
1.2982 + * NSSCryptoContext_VerifyRecover
1.2983 + *
1.2984 + */
1.2985 +
1.2986 +NSS_EXTERN NSSItem *
1.2987 +NSSCryptoContext_VerifyRecover
1.2988 +(
1.2989 + NSSCryptoContext *cc,
1.2990 + NSSAlgorithmAndParameters *apOpt,
1.2991 + NSSItem *signature,
1.2992 + NSSCallback *uhhOpt,
1.2993 + NSSItem *rvOpt,
1.2994 + NSSArena *arenaOpt
1.2995 +);
1.2996 +
1.2997 +/*
1.2998 + * NSSCryptoContext_BeginVerifyRecover
1.2999 + *
1.3000 + */
1.3001 +
1.3002 +NSS_EXTERN PRStatus
1.3003 +NSSCryptoContext_BeginVerifyRecover
1.3004 +(
1.3005 + NSSCryptoContext *cc,
1.3006 + NSSAlgorithmAndParameters *apOpt,
1.3007 + NSSCallback *uhhOpt
1.3008 +);
1.3009 +
1.3010 +/*
1.3011 + * NSSCryptoContext_ContinueVerifyRecover
1.3012 + *
1.3013 + */
1.3014 +
1.3015 +NSS_EXTERN NSSItem *
1.3016 +NSSCryptoContext_ContinueVerifyRecover
1.3017 +(
1.3018 + NSSCryptoContext *cc,
1.3019 + NSSItem *data,
1.3020 + NSSItem *rvOpt,
1.3021 + NSSArena *arenaOpt
1.3022 +);
1.3023 +
1.3024 +/*
1.3025 + * NSSCryptoContext_FinishVerifyRecover
1.3026 + *
1.3027 + */
1.3028 +
1.3029 +NSS_EXTERN NSSItem *
1.3030 +NSSCryptoContext_FinishVerifyRecover
1.3031 +(
1.3032 + NSSCryptoContext *cc,
1.3033 + NSSItem *rvOpt,
1.3034 + NSSArena *arenaOpt
1.3035 +);
1.3036 +
1.3037 +/*
1.3038 + * NSSCryptoContext_WrapSymmetricKey
1.3039 + *
1.3040 + */
1.3041 +
1.3042 +NSS_EXTERN NSSItem *
1.3043 +NSSCryptoContext_WrapSymmetricKey
1.3044 +(
1.3045 + NSSCryptoContext *cc,
1.3046 + NSSAlgorithmAndParameters *apOpt,
1.3047 + NSSSymmetricKey *keyToWrap,
1.3048 + NSSCallback *uhhOpt,
1.3049 + NSSItem *rvOpt,
1.3050 + NSSArena *arenaOpt
1.3051 +);
1.3052 +
1.3053 +/*
1.3054 + * NSSCryptoContext_Digest
1.3055 + *
1.3056 + * Digest a single chunk of data with the distinguished digest key
1.3057 + * of this crypto context.
1.3058 + */
1.3059 +
1.3060 +NSS_EXTERN NSSItem *
1.3061 +NSSCryptoContext_Digest
1.3062 +(
1.3063 + NSSCryptoContext *cc,
1.3064 + NSSAlgorithmAndParameters *apOpt,
1.3065 + NSSItem *data,
1.3066 + NSSCallback *uhhOpt,
1.3067 + NSSItem *rvOpt,
1.3068 + NSSArena *arenaOpt
1.3069 +);
1.3070 +
1.3071 +/*
1.3072 + * NSSCryptoContext_BeginDigest
1.3073 + *
1.3074 + */
1.3075 +
1.3076 +NSS_EXTERN PRStatus
1.3077 +NSSCryptoContext_BeginDigest
1.3078 +(
1.3079 + NSSCryptoContext *cc,
1.3080 + NSSAlgorithmAndParameters *apOpt,
1.3081 + NSSCallback *uhhOpt
1.3082 +);
1.3083 +
1.3084 +/*
1.3085 + * NSSCryptoContext_ContinueDigest
1.3086 + *
1.3087 + */
1.3088 +
1.3089 +NSS_EXTERN PRStatus
1.3090 +NSSCryptoContext_ContinueDigest
1.3091 +(
1.3092 + NSSCryptoContext *cc,
1.3093 + NSSAlgorithmAndParameters *apOpt,
1.3094 + NSSItem *item
1.3095 +);
1.3096 +
1.3097 +/*
1.3098 + * NSSCryptoContext_FinishDigest
1.3099 + *
1.3100 + */
1.3101 +
1.3102 +NSS_EXTERN NSSItem *
1.3103 +NSSCryptoContext_FinishDigest
1.3104 +(
1.3105 + NSSCryptoContext *cc,
1.3106 + NSSItem *rvOpt,
1.3107 + NSSArena *arenaOpt
1.3108 +);
1.3109 +
1.3110 +/*
1.3111 + * tbd: Combination ops
1.3112 + */
1.3113 +
1.3114 +/*
1.3115 + * NSSCryptoContext_Clone
1.3116 + *
1.3117 + */
1.3118 +
1.3119 +NSS_EXTERN NSSCryptoContext *
1.3120 +NSSCryptoContext_Clone
1.3121 +(
1.3122 + NSSCryptoContext *cc
1.3123 +);
1.3124 +
1.3125 +/*
1.3126 + * NSSCryptoContext_Save
1.3127 + * NSSCryptoContext_Restore
1.3128 + *
1.3129 + * We need to be able to save and restore the state of contexts.
1.3130 + * Perhaps a mark-and-release mechanism would be better?
1.3131 + */
1.3132 +
1.3133 +/*
1.3134 + * ..._SignTBSCertificate
1.3135 + *
1.3136 + * This requires feedback from the cert server team.
1.3137 + */
1.3138 +
1.3139 +/*
1.3140 + * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c);
1.3141 + * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted);
1.3142 + *
1.3143 + * These will be helper functions which get the trust object for a cert,
1.3144 + * and then call the corresponding function(s) on it.
1.3145 + *
1.3146 + * PKIX trust objects will have methods to manipulate the low-level trust
1.3147 + * bits (which are based on key usage and extended key usage), and also the
1.3148 + * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.)
1.3149 + *
1.3150 + * Other types of trust objects (if any) might have different low-level
1.3151 + * representations, but hopefully high-level concepts would map.
1.3152 + *
1.3153 + * Only these high-level general routines would be promoted to the
1.3154 + * general certificate level here. Hence the {xxx} above would be things
1.3155 + * like "EmailSigning."
1.3156 + *
1.3157 + *
1.3158 + * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c);
1.3159 + * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t);
1.3160 + *
1.3161 + * I want to hold off on any general trust object until we've investigated
1.3162 + * other models more thoroughly.
1.3163 + */
1.3164 +
1.3165 +PR_END_EXTERN_C
1.3166 +
1.3167 +#endif /* NSSPKI_H */
