security/nss/lib/pk11wrap/pk11pub.h@b8a032363ba2
security/nss/lib/pk11wrap/pk11pub.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 #ifndef _PK11PUB_H_
5 #define _PK11PUB_H_
6 #include "plarena.h"
7 #include "seccomon.h"
8 #include "secoidt.h"
9 #include "secdert.h"
10 #include "keyt.h"
11 #include "certt.h"
12 #include "pkcs11t.h"
13 #include "secmodt.h"
14 #include "seccomon.h"
15 #include "pkcs7t.h"
16 #include "cmsreclist.h"
18 /*
19 * Exported PK11 wrap functions.
20 */
22 SEC_BEGIN_PROTOS
24 /************************************************************
25 * Generic Slot Lists Management
26 ************************************************************/
27 void PK11_FreeSlotList(PK11SlotList *list);
28 SECStatus PK11_FreeSlotListElement(PK11SlotList *list, PK11SlotListElement *le);
29 PK11SlotListElement * PK11_GetFirstSafe(PK11SlotList *list);
30 PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list,
31 PK11SlotListElement *le, PRBool restart);
33 /************************************************************
34 * Generic Slot Management
35 ************************************************************/
36 PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot);
37 void PK11_FreeSlot(PK11SlotInfo *slot);
38 SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
39 SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
40 PK11SlotInfo *PK11_GetInternalKeySlot(void);
41 PK11SlotInfo *PK11_GetInternalSlot(void);
42 SECStatus PK11_Logout(PK11SlotInfo *slot);
43 void PK11_LogoutAll(void);
46 /************************************************************
47 * Slot Password Management
48 ************************************************************/
49 void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout);
50 void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout);
51 SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
52 SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw);
53 PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
54 SECStatus PK11_InitPin(PK11SlotInfo *slot,const char *ssopw,
55 const char *pk11_userpwd);
56 SECStatus PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw,
57 const char *newpw);
58 void PK11_SetPasswordFunc(PK11PasswordFunc func);
59 int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
60 SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
61 SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
62 SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
65 /******************************************************************
66 * Slot info functions
67 ******************************************************************/
68 PK11SlotInfo *PK11_FindSlotByName(const char *name);
69 /******************************************************************
70 * PK11_FindSlotsByNames searches for a PK11SlotInfo using one or
71 * more criteria : dllName, slotName and tokenName . In addition, if
72 * presentOnly is set , only slots with a token inserted will be
73 * returned.
74 ******************************************************************/
75 PK11SlotList *PK11_FindSlotsByNames(const char *dllName,
76 const char* slotName, const char* tokenName, PRBool presentOnly);
77 PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
78 PRBool PK11_IsInternal(PK11SlotInfo *slot);
79 PRBool PK11_IsInternalKeySlot(PK11SlotInfo *slot);
80 char * PK11_GetTokenName(PK11SlotInfo *slot);
81 char * PK11_GetSlotName(PK11SlotInfo *slot);
82 PRBool PK11_NeedLogin(PK11SlotInfo *slot);
83 PRBool PK11_IsFriendly(PK11SlotInfo *slot);
84 PRBool PK11_IsHW(PK11SlotInfo *slot);
85 PRBool PK11_IsRemovable(PK11SlotInfo *slot);
86 PRBool PK11_NeedUserInit(PK11SlotInfo *slot);
87 PRBool PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot);
88 int PK11_GetSlotSeries(PK11SlotInfo *slot);
89 int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot);
90 unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot);
91 CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot);
92 SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot);
93 SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info);
94 SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info);
95 PRBool PK11_IsDisabled(PK11SlotInfo *slot);
96 PRBool PK11_HasRootCerts(PK11SlotInfo *slot);
97 PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot);
98 /* Prevents the slot from being used, and set disable reason to user-disable */
99 /* NOTE: Mechanisms that were ON continue to stay ON */
100 /* Therefore, when the slot is enabled, it will remember */
101 /* what mechanisms needs to be turned on */
102 PRBool PK11_UserDisableSlot(PK11SlotInfo *slot);
103 /* Allow all mechanisms that are ON before UserDisableSlot() */
104 /* was called to be available again */
105 PRBool PK11_UserEnableSlot(PK11SlotInfo *slot);
106 /*
107 * wait for a specific slot event.
108 * event is a specific event to wait for. Currently only
109 * PK11TokenChangeOrRemovalEvent and PK11TokenPresentEvents are defined.
110 * timeout can be an interval time to wait, PR_INTERVAL_NO_WAIT (meaning only
111 * poll once), or PR_INTERVAL_NO_TIMEOUT (meaning block until a change).
112 * pollInterval is a suggested pulling interval value. '0' means use the
113 * default. Future implementations that don't poll may ignore this value.
114 * series is the current series for the last slot. This should be the series
115 * value for the slot the last time you read persistant information from the
116 * slot. For instance, if you publish a cert from the slot, you should obtain
117 * the slot series at that time. Then PK11_WaitForTokenEvent can detect a
118 * a change in the slot between the time you publish and the time
119 * PK11_WaitForTokenEvent is called, elliminating potential race conditions.
120 *
121 * The current status that is returned is:
122 * PK11TokenNotRemovable - always returned for any non-removable token.
123 * PK11TokenPresent - returned when the token is present and we are waiting
124 * on a PK11TokenPresentEvent. Then next event to look for is a
125 * PK11TokenChangeOrRemovalEvent.
126 * PK11TokenChanged - returned when the old token has been removed and a new
127 * token ad been inserted, and we are waiting for a
128 * PK11TokenChangeOrRemovalEvent. The next event to look for is another
129 * PK11TokenChangeOrRemovalEvent.
130 * PK11TokenRemoved - returned when the token is not present and we are
131 * waiting for a PK11TokenChangeOrRemovalEvent. The next event to look for
132 * is a PK11TokenPresentEvent.
133 */
134 PK11TokenStatus PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
135 PRIntervalTime timeout, PRIntervalTime pollInterval, int series);
137 PRBool PK11_NeedPWInit(void);
138 PRBool PK11_TokenExists(CK_MECHANISM_TYPE);
139 SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info);
140 PRBool PK11_IsFIPS(void);
141 SECMODModule *PK11_GetModule(PK11SlotInfo *slot);
143 /*********************************************************************
144 * Slot mapping utility functions.
145 *********************************************************************/
146 PRBool PK11_IsPresent(PK11SlotInfo *slot);
147 PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
148 PK11SlotList * PK11_GetAllTokens(CK_MECHANISM_TYPE type,PRBool needRW,
149 PRBool loadCerts, void *wincx);
150 PK11SlotInfo *PK11_GetBestSlotMultipleWithAttributes(CK_MECHANISM_TYPE *type,
151 CK_FLAGS *mechFlag, unsigned int *keySize,
152 unsigned int count, void *wincx);
153 PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type,
154 unsigned int count, void *wincx);
155 PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx);
156 PK11SlotInfo *PK11_GetBestSlotWithAttributes(CK_MECHANISM_TYPE type,
157 CK_FLAGS mechFlag, unsigned int keySize, void *wincx);
158 CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot);
159 int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
161 /*
162 * Open a new database using the softoken. The caller is responsible for making
163 * sure the module spec is correct and usable. The caller should ask for one
164 * new database per call if the caller wants to get meaningful information
165 * about the new database.
166 *
167 * moduleSpec is the same data that you would pass to softoken at
168 * initialization time under the 'tokens' options. For example, if you were
169 * to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
170 * You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
171 * module spec here. The slot ID will be calculated for you by
172 * SECMOD_OpenUserDB().
173 *
174 * Typical parameters here are configdir, tokenDescription and flags.
175 *
176 * a Full list is below:
177 *
178 *
179 * configDir - The location of the databases for this token. If configDir is
180 * not specified, and noCertDB and noKeyDB is not specified, the load
181 * will fail.
182 * certPrefix - Cert prefix for this token.
183 * keyPrefix - Prefix for the key database for this token. (if not specified,
184 * certPrefix will be used).
185 * tokenDescription - The label value for this token returned in the
186 * CK_TOKEN_INFO structure with an internationalize string (UTF8).
187 * This value will be truncated at 32 bytes (no NULL, partial UTF8
188 * characters dropped). You should specify a user friendly name here
189 * as this is the value the token will be referred to in most
190 * application UI's. You should make sure tokenDescription is unique.
191 * slotDescription - The slotDescription value for this token returned
192 * in the CK_SLOT_INFO structure with an internationalize string
193 * (UTF8). This value will be truncated at 64 bytes (no NULL, partial
194 * UTF8 characters dropped). This name will not change after the
195 * database is closed. It should have some number to make this unique.
196 * minPWLen - minimum password length for this token.
197 * flags - comma separated list of flag values, parsed case-insensitive.
198 * Valid flags are:
199 * readOnly - Databases should be opened read only.
200 * noCertDB - Don't try to open a certificate database.
201 * noKeyDB - Don't try to open a key database.
202 * forceOpen - Don't fail to initialize the token if the
203 * databases could not be opened.
204 * passwordRequired - zero length passwords are not acceptable
205 * (valid only if there is a keyDB).
206 * optimizeSpace - allocate smaller hash tables and lock tables.
207 * When this flag is not specified, Softoken will allocate
208 * large tables to prevent lock contention.
209 */
210 PK11SlotInfo *SECMOD_OpenUserDB(const char *moduleSpec);
211 SECStatus SECMOD_CloseUserDB(PK11SlotInfo *slot);
213 /*
214 * This is exactly the same as OpenUserDB except it can be called on any
215 * module that understands softoken style new slot entries. The resulting
216 * slot can be closed using SECMOD_CloseUserDB above. Value of moduleSpec
217 * is token specific.
218 */
219 PK11SlotInfo *SECMOD_OpenNewSlot(SECMODModule *mod, const char *moduleSpec);
222 /*
223 * merge the permanent objects from on token to another
224 */
225 SECStatus PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
226 PK11MergeLog *log, void *targetPwArg, void *sourcePwArg);
228 /*
229 * create and destroy merge logs needed by PK11_MergeTokens
230 */
231 PK11MergeLog * PK11_CreateMergeLog(void);
232 void PK11_DestroyMergeLog(PK11MergeLog *log);
236 /*********************************************************************
237 * Mechanism Mapping functions
238 *********************************************************************/
239 CK_KEY_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len);
240 CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
241 int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params);
242 int PK11_GetIVLength(CK_MECHANISM_TYPE type);
243 SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv);
244 unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len);
245 SECItem * PK11_BlockData(SECItem *data,unsigned long size);
247 /* PKCS #11 to DER mapping functions */
248 SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid);
249 SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *);
250 CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag);
251 SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type);
252 SECOidTag PK11_FortezzaMapSig(SECOidTag algTag);
253 SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param,
254 PLArenaPool *arena, SECAlgorithmID *algid);
255 SECStatus PK11_SeedRandom(PK11SlotInfo *,unsigned char *data,int len);
256 SECStatus PK11_GenerateRandomOnSlot(PK11SlotInfo *,unsigned char *data,int len);
257 SECStatus PK11_RandomUpdate(void *data, size_t bytes);
258 SECStatus PK11_GenerateRandom(unsigned char *data,int len);
260 /* warning: cannot work with pkcs 5 v2
261 * use algorithm ID s instead of pkcs #11 mechanism pointers */
262 CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
263 CK_MECHANISM_PTR pCryptoMechanism,
264 SECItem *pbe_pwd, PRBool bad3DES);
265 CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
266 CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType);
268 /**********************************************************************
269 * Symmetric, Public, and Private Keys
270 **********************************************************************/
271 void PK11_FreeSymKey(PK11SymKey *key);
272 PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
273 PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
274 PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx);
275 PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot,
276 CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation,
277 SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx);
278 PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
279 PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID,
280 PRBool owner, void *wincx);
281 PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
282 CK_MECHANISM_TYPE type,int series, void *wincx);
283 /*
284 * This function is not thread-safe. It can only be called when only
285 * one thread has a reference to wrapKey.
286 */
287 void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
288 CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
289 /*
290 * import a public key into the desired slot
291 *
292 * This function takes a public key structure and creates a public key in a
293 * given slot. If isToken is set, then a persistant public key is created.
294 *
295 * Note: it is possible for this function to return a handle for a key which
296 * is persistant, even if isToken is not set.
297 */
298 CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot,
299 SECKEYPublicKey *pubKey, PRBool isToken);
300 PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
301 SECItem *param, int keySize,void *wincx);
302 PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
303 SECItem *param, int keySize, SECItem *keyid,
304 PRBool isToken, void *wincx);
305 PK11SymKey *PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot,
306 CK_MECHANISM_TYPE type, SECItem *param,
307 int keySize, SECItem *keyid, CK_FLAGS opFlags,
308 PK11AttrFlags attrFlags, void *wincx);
309 /* Generates a key using the exact template supplied by the caller. The other
310 * PK11_[Token]KeyGen mechanisms should be used instead of this one whenever
311 * they work because they include/exclude the CKA_VALUE_LEN template value
312 * based on the mechanism type as required by many tokens.
313 *
314 * keyGenType should be PK11_GetKeyGenWithSize(type, <key size>) or it should
315 * be equal to type if PK11_GetKeyGenWithSize cannot be used (e.g. because
316 * pk11wrap does not know about the mechanisms).
317 */
318 PK11SymKey *PK11_KeyGenWithTemplate(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
319 CK_MECHANISM_TYPE keyGenType,
320 SECItem *param, CK_ATTRIBUTE * attrs,
321 unsigned int attrsCount, void *wincx);
322 PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname,
323 void *wincx);
324 PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey);
325 CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key);
326 CK_OBJECT_HANDLE PK11_GetSymKeyHandle(PK11SymKey *symKey);
329 /*
330 * PK11_SetSymKeyUserData
331 * sets generic user data on keys (usually a pointer to a data structure)
332 * that can later be retrieved by PK11_GetSymKeyUserData().
333 * symKey - key where data will be set.
334 * data - data to be set.
335 * freefunc - function used to free the data.
336 * Setting user data on symKeys with existing user data already set will cause
337 * the existing user data to be freed before the new user data is set.
338 * Freeing user data is done by calling the user specified freefunc.
339 * If freefunc is NULL, the user data is assumed to be global or static an
340 * not freed. Passing NULL for user data to PK11_SetSymKeyUserData has the
341 * effect of freeing any existing user data, and clearing the user data
342 * pointer. If user data exists when the symKey is finally freed, that
343 * data will be freed with freefunc.
344 *
345 * Applications should only use this function on keys which the application
346 * has created directly, as there is only one user data value per key.
347 */
348 void PK11_SetSymKeyUserData(PK11SymKey *symKey, void *data,
349 PK11FreeDataFunc freefunc);
350 /* PK11_GetSymKeyUserData
351 * retrieves generic user data which was set on a key by
352 * PK11_SetSymKeyUserData.
353 * symKey - key with data to be fetched
354 *
355 * If no data exists, or the data has been cleared, PK11_GetSymKeyUserData
356 * will return NULL. Returned data is still owned and managed by the SymKey,
357 * the caller should not free the data.
358 *
359 */
360 void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
362 SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
363 PK11SymKey *symKey, SECItem *wrappedKey);
364 SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
365 PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
366 /* move a key to 'slot' optionally set the key attributes according to either
367 * operation or the flags and making the key permanent at the same time.
368 * If the key is moved to the same slot, operation and flags values are
369 * currently ignored */
370 PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
371 CK_FLAGS flags, PRBool perm, PK11SymKey *symKey);
372 /*
373 * derive a new key from the base key.
374 * PK11_Derive returns a key which can do exactly one operation, and is
375 * ephemeral (session key).
376 * PK11_DeriveWithFlags is the same as PK11_Derive, except you can use
377 * CKF_ flags to enable more than one operation.
378 * PK11_DeriveWithFlagsPerm is the same as PK11_DeriveWithFlags except you can
379 * (optionally) make the key permanent (token key).
380 */
381 PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism,
382 SECItem *param, CK_MECHANISM_TYPE target,
383 CK_ATTRIBUTE_TYPE operation, int keySize);
384 PK11SymKey *PK11_DeriveWithFlags( PK11SymKey *baseKey,
385 CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target,
386 CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags);
387 PK11SymKey * PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey,
388 CK_MECHANISM_TYPE derive,
389 SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
390 int keySize, CK_FLAGS flags, PRBool isPerm);
391 PK11SymKey *
392 PK11_DeriveWithTemplate( PK11SymKey *baseKey, CK_MECHANISM_TYPE derive,
393 SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
394 int keySize, CK_ATTRIBUTE *userAttr, unsigned int numAttrs,
395 PRBool isPerm);
398 PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey,
399 SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
400 CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
401 CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) ;
402 PK11SymKey *PK11_PubDeriveWithKDF( SECKEYPrivateKey *privKey,
403 SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
404 CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
405 CK_ATTRIBUTE_TYPE operation, int keySize,
406 CK_ULONG kdf, SECItem *sharedData, void *wincx);
408 /*
409 * unwrap a new key with a symetric key.
410 * PK11_Unwrap returns a key which can do exactly one operation, and is
411 * ephemeral (session key).
412 * PK11_UnwrapWithFlags is the same as PK11_Unwrap, except you can use
413 * CKF_ flags to enable more than one operation.
414 * PK11_UnwrapWithFlagsPerm is the same as PK11_UnwrapWithFlags except you can
415 * (optionally) make the key permanent (token key).
416 */
417 PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key,
418 CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey,
419 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
420 PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey,
421 CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
422 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
423 CK_FLAGS flags);
424 PK11SymKey * PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
425 CK_MECHANISM_TYPE wrapType,
426 SECItem *param, SECItem *wrappedKey,
427 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
428 int keySize, CK_FLAGS flags, PRBool isPerm);
430 /*
431 * unwrap a new key with a private key.
432 * PK11_PubUnwrap returns a key which can do exactly one operation, and is
433 * ephemeral (session key).
434 * PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can
435 * use * CKF_ flags to enable more than one operation, and optionally make
436 * the key permanent (token key).
437 */
438 PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
439 CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
440 PK11SymKey * PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
441 SECItem *wrappedKey, CK_MECHANISM_TYPE target,
442 CK_ATTRIBUTE_TYPE operation, int keySize,
443 CK_FLAGS flags, PRBool isPerm);
444 PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
445 SECItem *keyID, void *wincx);
446 SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey,PRBool force);
447 SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
448 SECStatus PK11_DeleteTokenSymKey(PK11SymKey *symKey);
449 SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx);
450 SECKEYPrivateKey * PK11_LoadPrivKey(PK11SlotInfo *slot,
451 SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
452 PRBool token, PRBool sensitive);
453 char * PK11_GetSymKeyNickname(PK11SymKey *symKey);
454 char * PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey);
455 char * PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey);
456 SECStatus PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname);
457 SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey,
458 const char *nickname);
459 SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey,
460 const char *nickname);
462 /* size to hold key in bytes */
463 unsigned int PK11_GetKeyLength(PK11SymKey *key);
464 /* size of actual secret parts of key in bits */
465 /* algid is because RC4 strength is determined by the effective bits as well
466 * as the key bits */
467 unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid);
468 SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
469 SECItem * PK11_GetKeyData(PK11SymKey *symKey);
470 PK11SlotInfo * PK11_GetSlotFromKey(PK11SymKey *symKey);
471 void *PK11_GetWindow(PK11SymKey *symKey);
473 /*
474 * Explicitly set the key usage for the generated private key.
475 *
476 * This allows us to specify single use EC and RSA keys whose usage
477 * can be regulated by the underlying token.
478 *
479 * The underlying key usage is set using opFlags. opFlagsMask specifies
480 * which operations are specified by opFlags. For instance to turn encrypt
481 * on and signing off, opFlags would be CKF_ENCRYPT|CKF_DECRYPT and
482 * opFlagsMask would be CKF_ENCRYPT|CKF_DECRYPT|CKF_SIGN|CKF_VERIFY. You
483 * need to specify both the public and private key flags,
484 * PK11_GenerateKeyPairWithOpFlags will sort out the correct flag to the
485 * correct key type. Flags not specified in opFlagMask will be defaulted
486 * according to mechanism type and token capabilities.
487 */
488 SECKEYPrivateKey *PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot,
489 CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
490 PK11AttrFlags attrFlags, CK_FLAGS opFlags, CK_FLAGS opFlagsMask,
491 void *wincx);
492 /*
493 * The attrFlags is the logical OR of the PK11_ATTR_XXX bitflags.
494 * These flags apply to the private key. The PK11_ATTR_TOKEN,
495 * PK11_ATTR_SESSION, PK11_ATTR_MODIFIABLE, and PK11_ATTR_UNMODIFIABLE
496 * flags also apply to the public key.
497 */
498 SECKEYPrivateKey *PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot,
499 CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
500 PK11AttrFlags attrFlags, void *wincx);
501 SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot,
502 CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
503 PRBool isPerm, PRBool isSensitive, void *wincx);
504 SECKEYPrivateKey * PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot,
505 CERTCertificate *cert, void *wincx);
506 SECKEYPrivateKey * PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx);
507 SECKEYPrivateKey * PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID,
508 void *wincx);
509 int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
511 SECStatus PK11_Decrypt(PK11SymKey *symkey,
512 CK_MECHANISM_TYPE mechanism, SECItem *param,
513 unsigned char *out, unsigned int *outLen,
514 unsigned int maxLen,
515 const unsigned char *enc, unsigned int encLen);
516 SECStatus PK11_Encrypt(PK11SymKey *symKey,
517 CK_MECHANISM_TYPE mechanism, SECItem *param,
518 unsigned char *out, unsigned int *outLen,
519 unsigned int maxLen,
520 const unsigned char *data, unsigned int dataLen);
522 /* note: despite the name, this function takes a private key. */
523 SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key,
524 unsigned char *data, unsigned *outLen,
525 unsigned int maxLen,
526 const unsigned char *enc, unsigned encLen);
527 #define PK11_PrivDecryptRaw PK11_PubDecryptRaw
528 /* The encrypt function that complements the above decrypt function. */
529 SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key,
530 unsigned char *enc,
531 const unsigned char *data, unsigned dataLen,
532 void *wincx);
534 SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key,
535 unsigned char *data, unsigned *outLen,
536 unsigned int maxLen,
537 const unsigned char *enc, unsigned encLen);
538 /* The encrypt function that complements the above decrypt function. */
539 SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key,
540 unsigned char *enc,
541 const unsigned char *data, unsigned dataLen,
542 void *wincx);
544 SECStatus PK11_PrivDecrypt(SECKEYPrivateKey *key,
545 CK_MECHANISM_TYPE mechanism, SECItem *param,
546 unsigned char *out, unsigned int *outLen,
547 unsigned int maxLen,
548 const unsigned char *enc, unsigned int encLen);
549 SECStatus PK11_PubEncrypt(SECKEYPublicKey *key,
550 CK_MECHANISM_TYPE mechanism, SECItem *param,
551 unsigned char *out, unsigned int *outLen,
552 unsigned int maxLen,
553 const unsigned char *data, unsigned int dataLen,
554 void *wincx);
556 SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot,
557 SECKEYPrivateKeyInfo *pki, SECItem *nickname,
558 SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
559 unsigned int usage, void *wincx);
560 SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
561 SECKEYPrivateKeyInfo *pki, SECItem *nickname,
562 SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
563 unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
564 SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot,
565 SECItem *derPKI, SECItem *nickname,
566 SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
567 unsigned int usage, void *wincx);
568 SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
569 SECItem *derPKI, SECItem *nickname,
570 SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
571 unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
572 SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
573 SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
574 SECItem *nickname, SECItem *publicValue, PRBool isPerm,
575 PRBool isPrivate, KeyType type,
576 unsigned int usage, void *wincx);
577 SECStatus PK11_ImportEncryptedPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
578 SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
579 SECItem *nickname, SECItem *publicValue, PRBool isPerm,
580 PRBool isPrivate, KeyType type,
581 unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
582 SECItem *PK11_ExportDERPrivateKeyInfo(SECKEYPrivateKey *pk, void *wincx);
583 SECKEYPrivateKeyInfo *PK11_ExportPrivKeyInfo(
584 SECKEYPrivateKey *pk, void *wincx);
585 SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
586 CERTCertificate *cert, void *wincx);
587 SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo(
588 PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
589 SECKEYPrivateKey *pk, int iteration, void *wincx);
590 SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo(
591 PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
592 CERTCertificate *cert, int iteration, void *wincx);
593 SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot,
594 CERTCertificate *cert, void *wincx);
595 SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length);
596 SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key);
597 PRBool PK11_VerifyKeyOK(PK11SymKey *key);
598 SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot,
599 PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
600 SECItem *param, SECItem *wrappedKey, SECItem *label,
601 SECItem *publicValue, PRBool token, PRBool sensitive,
602 CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
603 void *wincx);
604 SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
605 SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
606 SECItem *param, SECItem *wrappedKey, void *wincx);
607 /*
608 * The caller of PK11_DEREncodePublicKey should free the returned SECItem with
609 * a SECITEM_FreeItem(..., PR_TRUE) call.
610 */
611 SECItem* PK11_DEREncodePublicKey(const SECKEYPublicKey *pubk);
612 PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
613 CK_MECHANISM_TYPE mech);
614 SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
615 char *nickname, void *wincx);
616 SECKEYPublicKeyList* PK11_ListPublicKeysInSlot(PK11SlotInfo *slot,
617 char *nickname);
618 SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
619 /* deprecated */
620 SECKEYPrivateKeyList* PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot);
622 PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
623 void *wincx);
624 SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
625 SECKEYPrivateKey *privk, void* wincx);
626 SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
627 SECKEYPrivateKey *privKey);
629 /**********************************************************************
630 * Certs
631 **********************************************************************/
632 SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
633 SECStatus PK11_TraverseSlotCerts(
634 SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
635 void *arg, void *wincx);
636 CERTCertificate * PK11_FindCertFromNickname(const char *nickname, void *wincx);
637 CERTCertList * PK11_FindCertsFromEmailAddress(const char *email, void *wincx);
638 CERTCertList * PK11_FindCertsFromNickname(const char *nickname, void *wincx);
639 CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
640 SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
641 CK_OBJECT_HANDLE key, const char *nickname,
642 PRBool includeTrust);
643 SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
644 CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
645 PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert,
646 const char *nickname, void *wincx);
647 PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname,
648 void *wincx);
649 PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert,
650 CK_OBJECT_HANDLE *keyPtr, void *wincx);
651 PK11SlotInfo *PK11_KeyForDERCertExists(SECItem *derCert,
652 CK_OBJECT_HANDLE *keyPtr, void *wincx);
653 CERTCertificate * PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot,
654 CERTIssuerAndSN *sn, void *wincx);
655 CERTCertificate * PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot,
656 SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
657 SECKEYPrivateKey**privKey, void *wincx);
658 int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist,
659 void *wincx);
660 SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert,
661 PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
662 void *arg);
663 CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot,
664 CERTCertificate *cert, void *wincx);
665 CERTCertificate *PK11_FindCertFromDERCertItem(PK11SlotInfo *slot,
666 const SECItem *derCert, void *wincx);
667 SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
668 char *nickname, PRBool addUsage,
669 void *wincx);
670 CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert,void *wincx);
671 PRBool PK11_FortezzaHasKEA(CERTCertificate *cert);
672 CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert,
673 void *wincx);
674 SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
675 PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
676 void *arg);
677 CERTCertList * PK11_ListCerts(PK11CertListType type, void *pwarg);
678 CERTCertList * PK11_ListCertsInSlot(PK11SlotInfo *slot);
679 CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
680 int type, void *wincx, PRInt32 importOptions, PLArenaPool* arena, PRInt32 decodeOptions);
682 /**********************************************************************
683 * Sign/Verify
684 **********************************************************************/
686 /*
687 * Return the length in bytes of a signature generated with the
688 * private key.
689 *
690 * Return 0 or -1 on failure. (XXX Should we fix it to always return
691 * -1 on failure?)
692 */
693 int PK11_SignatureLen(SECKEYPrivateKey *key);
694 PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
695 SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig,
696 const SECItem *hash);
697 SECStatus PK11_SignWithSymKey(PK11SymKey *symKey, CK_MECHANISM_TYPE mechanism,
698 SECItem *param, SECItem *sig, const SECItem *data);
699 SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, const SECItem *sig,
700 SECItem *dsig, void * wincx);
701 SECStatus PK11_Verify(SECKEYPublicKey *key, const SECItem *sig,
702 const SECItem *hash, void *wincx);
706 /**********************************************************************
707 * Crypto Contexts
708 **********************************************************************/
709 void PK11_DestroyContext(PK11Context *context, PRBool freeit);
710 PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
711 CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
712 PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
713 PK11Context *PK11_CloneContext(PK11Context *old);
714 SECStatus PK11_DigestBegin(PK11Context *cx);
715 /*
716 * The output buffer 'out' must be big enough to hold the output of
717 * the hash algorithm 'hashAlg'.
718 */
719 SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out,
720 const unsigned char *in, PRInt32 len);
721 SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in,
722 unsigned len);
723 SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
724 int maxout, const unsigned char *in, int inlen);
725 SECStatus PK11_Finalize(PK11Context *context);
726 SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data,
727 unsigned int *outLen, unsigned int length);
728 #define PK11_CipherFinal PK11_DigestFinal
729 SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,
730 int *len, int saveLength);
732 /* Save the context's state, with possible allocation.
733 * The caller may supply an already allocated buffer in preAllocBuf,
734 * with length pabLen. If the buffer is large enough for the context's
735 * state, it will receive the state.
736 * If the buffer is not large enough (or NULL), then a new buffer will
737 * be allocated with PORT_Alloc.
738 * In either case, the state will be returned as a buffer, and the length
739 * of the state will be given in *stateLen.
740 */
741 unsigned char *
742 PK11_SaveContextAlloc(PK11Context *cx,
743 unsigned char *preAllocBuf, unsigned int pabLen,
744 unsigned int *stateLen);
746 SECStatus PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len);
747 SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len);
748 void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
751 /**********************************************************************
752 * PBE functions
753 **********************************************************************/
755 /* This function creates PBE parameters from the given inputs. The result
756 * can be used to create a password integrity key for PKCS#12, by sending
757 * the return value to PK11_KeyGen along with the appropriate mechanism.
758 */
759 SECItem *
760 PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
762 /* free params created above (can be called after keygen is done */
763 void PK11_DestroyPBEParams(SECItem *params);
765 SECAlgorithmID *
766 PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
768 /* use to create PKCS5 V2 algorithms with finder control than that provided
769 * by PK11_CreatePBEAlgorithmID. */
770 SECAlgorithmID *
771 PK11_CreatePBEV2AlgorithmID(SECOidTag pbeAlgTag, SECOidTag cipherAlgTag,
772 SECOidTag prfAlgTag, int keyLength, int iteration,
773 SECItem *salt);
774 PK11SymKey *
775 PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
776 PRBool faulty3DES, void *wincx);
778 /* warning: cannot work with PKCS 5 v2 use PK11_PBEKeyGen instead */
779 PK11SymKey *
780 PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
781 SECItem *pwitem, PRBool faulty3DES, void *wincx);
782 SECItem *
783 PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
784 /*
785 * Get the Mechanism and parameter of the base encryption or mac scheme from
786 * a PBE algorithm ID.
787 * Caller is responsible for freeing the return parameter (param).
788 */
789 CK_MECHANISM_TYPE
790 PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
791 SECItem **param, SECItem *pwd);
793 /**********************************************************************
794 * Functions to manage secmod flags
795 **********************************************************************/
796 const PK11DefaultArrayEntry *PK11_GetDefaultArray(int *size);
797 SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *slot,
798 const PK11DefaultArrayEntry *entry,
799 PRBool add);
801 /**********************************************************************
802 * Functions to look at PKCS #11 dependent data
803 **********************************************************************/
804 PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot,
805 CK_OBJECT_CLASS objClass);
806 PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object);
807 PK11GenericObject *PK11_GetPrevGenericObject(PK11GenericObject *object);
808 SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object);
809 SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
810 PK11GenericObject *object);
811 SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
812 SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
813 PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
814 const CK_ATTRIBUTE *pTemplate,
815 int count, PRBool token);
817 /*
818 * PK11_ReadRawAttribute and PK11_WriteRawAttribute are generic
819 * functions to read and modify the actual PKCS #11 attributes of
820 * the underlying pkcs #11 object.
821 *
822 * object is a pointer to an NSS object that represents the underlying
823 * PKCS #11 object. It's type must match the type of PK11ObjectType
824 * as follows:
825 *
826 * type object
827 * PK11_TypeGeneric PK11GenericObject *
828 * PK11_TypePrivKey SECKEYPrivateKey *
829 * PK11_TypePubKey SECKEYPublicKey *
830 * PK11_TypeSymKey PK11SymKey *
831 *
832 * All other types are considered invalid. If type does not match the object
833 * passed, unpredictable results will occur.
834 *
835 * PK11_ReadRawAttribute allocates the buffer for returning the attribute
836 * value. The caller of PK11_ReadRawAttribute should free the data buffer
837 * pointed to by item using a SECITEM_FreeItem(item, PR_FALSE) or
838 * PORT_Free(item->data) call.
839 */
840 SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object,
841 CK_ATTRIBUTE_TYPE attr, SECItem *item);
842 SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object,
843 CK_ATTRIBUTE_TYPE attr, SECItem *item);
845 /*
846 * PK11_GetAllSlotsForCert returns all the slots that a given certificate
847 * exists on, since it's possible for a cert to exist on more than one
848 * PKCS#11 token.
849 */
850 PK11SlotList *
851 PK11_GetAllSlotsForCert(CERTCertificate *cert, void *arg);
853 /**********************************************************************
854 * New functions which are already deprecated....
855 **********************************************************************/
856 SECItem *
857 PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
858 CERTCertificate *cert, void *pwarg);
859 SECItem *
860 PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
862 PRBool SECMOD_HasRootCerts(void);
864 SEC_END_PROTOS
866 #endif
