michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: michael@0: #ifndef NSSPKI_H michael@0: #define NSSPKI_H michael@0: michael@0: /* michael@0: * nsspki.h michael@0: * michael@0: * This file prototypes the methods of the top-level PKI objects. michael@0: */ michael@0: michael@0: #ifndef NSSDEVT_H michael@0: #include "nssdevt.h" michael@0: #endif /* NSSDEVT_H */ michael@0: michael@0: #ifndef NSSPKIT_H michael@0: #include "nsspkit.h" michael@0: #endif /* NSSPKIT_H */ michael@0: michael@0: #ifndef BASE_H michael@0: #include "base.h" michael@0: #endif /* BASE_H */ michael@0: michael@0: PR_BEGIN_EXTERN_C michael@0: michael@0: /* michael@0: * A note about interfaces michael@0: * michael@0: * Although these APIs are specified in C, a language which does michael@0: * not have fancy support for abstract interfaces, this library michael@0: * was designed from an object-oriented perspective. It may be michael@0: * useful to consider the standard interfaces which went into michael@0: * the writing of these APIs. michael@0: * michael@0: * Basic operations on all objects: michael@0: * Destroy -- free a pointer to an object michael@0: * DeleteStoredObject -- delete an object permanently michael@0: * michael@0: * Public Key cryptographic operations: michael@0: * Encrypt michael@0: * Verify michael@0: * VerifyRecover michael@0: * Wrap michael@0: * Derive michael@0: * michael@0: * Private Key cryptographic operations: michael@0: * IsStillPresent michael@0: * Decrypt michael@0: * Sign michael@0: * SignRecover michael@0: * Unwrap michael@0: * Derive michael@0: * michael@0: * Symmetric Key cryptographic operations: michael@0: * IsStillPresent michael@0: * Encrypt michael@0: * Decrypt michael@0: * Sign michael@0: * SignRecover michael@0: * Verify michael@0: * VerifyRecover michael@0: * Wrap michael@0: * Unwrap michael@0: * Derive michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * NSSCertificate michael@0: * michael@0: * These things can do crypto ops like public keys, except that the trust, michael@0: * usage, and other constraints are checked. These objects are "high-level," michael@0: * so trust, usages, etc. are in the form we throw around (client auth, michael@0: * email signing, etc.). Remember that theoretically another implementation michael@0: * (think PGP) could be beneath this object. michael@0: */ michael@0: michael@0: /* michael@0: * NSSCertificate_Destroy michael@0: * michael@0: * Free a pointer to a certificate object. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCertificate_Destroy michael@0: ( michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_DeleteStoredObject michael@0: * michael@0: * Permanently remove this certificate from storage. If this is the michael@0: * only (remaining) certificate corresponding to a private key, michael@0: * public key, and/or other object; then that object (those objects) michael@0: * are deleted too. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCertificate_DeleteStoredObject michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_Validate michael@0: * michael@0: * Verify that this certificate is trusted, for the specified usage(s), michael@0: * at the specified time, {word word} the specified policies. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCertificate_Validate michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSTime *timeOpt, /* NULL for "now" */ michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt /* NULL for none */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_ValidateCompletely michael@0: * michael@0: * Verify that this certificate is trusted. The difference between michael@0: * this and the previous call is that NSSCertificate_Validate merely michael@0: * returns success or failure with an appropriate error stack. michael@0: * However, there may be (and often are) multiple problems with a michael@0: * certificate. This routine returns an array of errors, specifying michael@0: * every problem. michael@0: */ michael@0: michael@0: /* michael@0: * Return value must be an array of objects, each of which has michael@0: * an NSSError, and any corresponding certificate (in the chain) michael@0: * and/or policy. michael@0: */ michael@0: michael@0: NSS_EXTERN void ** /* void *[] */ michael@0: NSSCertificate_ValidateCompletely michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSTime *timeOpt, /* NULL for "now" */ michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, /* NULL for none */ michael@0: void **rvOpt, /* NULL for allocate */ michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt /* NULL for heap */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_ValidateAndDiscoverUsagesAndPolicies michael@0: * michael@0: * Returns PR_SUCCESS if the certificate is valid for at least something. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCertificate_ValidateAndDiscoverUsagesAndPolicies michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSTime **notBeforeOutOpt, michael@0: NSSTime **notAfterOutOpt, michael@0: void *allowedUsages, michael@0: void *disallowedUsages, michael@0: void *allowedPolicies, michael@0: void *disallowedPolicies, michael@0: /* more args.. work on this fgmr */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_Encode michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSDER * michael@0: NSSCertificate_Encode michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSDER *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_BuildChain michael@0: * michael@0: * This routine returns NSSCertificate *'s for each certificate michael@0: * in the "chain" starting from the specified one up to and michael@0: * including the root. The zeroth element in the array is the michael@0: * specified ("leaf") certificate. michael@0: * michael@0: * If statusOpt is supplied, and is returned as PR_FAILURE, possible michael@0: * error values are: michael@0: * michael@0: * NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND - the chain is incomplete michael@0: * michael@0: */ michael@0: michael@0: extern const NSSError NSS_ERROR_CERTIFICATE_ISSUER_NOT_FOUND; michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCertificate_BuildChain michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt, michael@0: PRStatus *statusOpt, michael@0: NSSTrustDomain *td, michael@0: NSSCryptoContext *cc michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_GetTrustDomain michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSCertificate_GetTrustDomain michael@0: ( michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_GetToken michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSCertificate_GetToken michael@0: ( michael@0: NSSCertificate *c, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_GetSlot michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSlot * michael@0: NSSCertificate_GetSlot michael@0: ( michael@0: NSSCertificate *c, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_GetModule michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSModule * michael@0: NSSCertificate_GetModule michael@0: ( michael@0: NSSCertificate *c, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_Encrypt michael@0: * michael@0: * Encrypt a single chunk of data with the public key corresponding to michael@0: * this certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCertificate_Encrypt michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_Verify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCertificate_Verify michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSItem *signature, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_VerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCertificate_VerifyRecover michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *signature, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_WrapSymmetricKey michael@0: * michael@0: * This method tries very hard to to succeed, even in situations michael@0: * involving sensitive keys and multiple modules. michael@0: * { relyea: want to add verbiage? } michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCertificate_WrapSymmetricKey michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSSymmetricKey *keyToWrap, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_CreateCryptoContext michael@0: * michael@0: * Create a crypto context, in this certificate's trust domain, with this michael@0: * as the distinguished certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSCertificate_CreateCryptoContext michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_GetPublicKey michael@0: * michael@0: * Returns the public key corresponding to this certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPublicKey * michael@0: NSSCertificate_GetPublicKey michael@0: ( michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_FindPrivateKey michael@0: * michael@0: * Finds and returns the private key corresponding to this certificate, michael@0: * if it is available. michael@0: * michael@0: * { Should this hang off of NSSUserCertificate? } michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPrivateKey * michael@0: NSSCertificate_FindPrivateKey michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSCertificate_IsPrivateKeyAvailable michael@0: * michael@0: * Returns success if the private key corresponding to this certificate michael@0: * is available to be used. michael@0: * michael@0: * { Should *this* hang off of NSSUserCertificate?? } michael@0: */ michael@0: michael@0: NSS_EXTERN PRBool michael@0: NSSCertificate_IsPrivateKeyAvailable michael@0: ( michael@0: NSSCertificate *c, michael@0: NSSCallback *uhh, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * If we make NSSUserCertificate not a typedef of NSSCertificate, michael@0: * then we'll need implementations of the following: michael@0: * michael@0: * NSSUserCertificate_Destroy michael@0: * NSSUserCertificate_DeleteStoredObject michael@0: * NSSUserCertificate_Validate michael@0: * NSSUserCertificate_ValidateCompletely michael@0: * NSSUserCertificate_ValidateAndDiscoverUsagesAndPolicies michael@0: * NSSUserCertificate_Encode michael@0: * NSSUserCertificate_BuildChain michael@0: * NSSUserCertificate_GetTrustDomain michael@0: * NSSUserCertificate_GetToken michael@0: * NSSUserCertificate_GetSlot michael@0: * NSSUserCertificate_GetModule michael@0: * NSSUserCertificate_GetCryptoContext michael@0: * NSSUserCertificate_GetPublicKey michael@0: */ michael@0: michael@0: /* michael@0: * NSSUserCertificate_IsStillPresent michael@0: * michael@0: * Verify that if this certificate lives on a token, that the token michael@0: * is still present and the certificate still exists. This is a michael@0: * lightweight call which should be used whenever it should be michael@0: * verified that the user hasn't perhaps popped out his or her michael@0: * token and strolled away. michael@0: */ michael@0: michael@0: NSS_EXTERN PRBool michael@0: NSSUserCertificate_IsStillPresent michael@0: ( michael@0: NSSUserCertificate *uc, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSUserCertificate_Decrypt michael@0: * michael@0: * Decrypt a single chunk of data with the private key corresponding michael@0: * to this certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSUserCertificate_Decrypt michael@0: ( michael@0: NSSUserCertificate *uc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSUserCertificate_Sign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSUserCertificate_Sign michael@0: ( michael@0: NSSUserCertificate *uc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSUserCertificate_SignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSUserCertificate_SignRecover michael@0: ( michael@0: NSSUserCertificate *uc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSUserCertificate_UnwrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSUserCertificate_UnwrapSymmetricKey michael@0: ( michael@0: NSSUserCertificate *uc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *wrappedKey, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSUserCertificate_DeriveSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSUserCertificate_DeriveSymmetricKey michael@0: ( michael@0: NSSUserCertificate *uc, /* provides private key */ michael@0: NSSCertificate *c, /* provides public key */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSOID *target, michael@0: PRUint32 keySizeOpt, /* zero for best allowed */ michael@0: NSSOperations operations, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* filter-certs function(s) */ michael@0: michael@0: /** michael@0: ** fgmr -- trust objects michael@0: **/ michael@0: michael@0: /* michael@0: * NSSPrivateKey michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * NSSPrivateKey_Destroy michael@0: * michael@0: * Free a pointer to a private key object. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSPrivateKey_Destroy michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_DeleteStoredObject michael@0: * michael@0: * Permanently remove this object, and any related objects (such as the michael@0: * certificates corresponding to this key). michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSPrivateKey_DeleteStoredObject michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetSignatureLength michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRUint32 michael@0: NSSPrivateKey_GetSignatureLength michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetPrivateModulusLength michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRUint32 michael@0: NSSPrivateKey_GetPrivateModulusLength michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_IsStillPresent michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRBool michael@0: NSSPrivateKey_IsStillPresent michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_Encode michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPrivateKey_Encode michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSItem *passwordOpt, /* NULL will cause a callback; "" for no password */ michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetTrustDomain michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSPrivateKey_GetTrustDomain michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetToken michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSPrivateKey_GetToken michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetSlot michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSlot * michael@0: NSSPrivateKey_GetSlot michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_GetModule michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSModule * michael@0: NSSPrivateKey_GetModule michael@0: ( michael@0: NSSPrivateKey *vk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_Decrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPrivateKey_Decrypt michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *encryptedData, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_Sign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPrivateKey_Sign michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_SignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPrivateKey_SignRecover michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_UnwrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSPrivateKey_UnwrapSymmetricKey michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *wrappedKey, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_DeriveSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSPrivateKey_DeriveSymmetricKey michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSOID *target, michael@0: PRUint32 keySizeOpt, /* zero for best allowed */ michael@0: NSSOperations operations, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_FindPublicKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPublicKey * michael@0: NSSPrivateKey_FindPublicKey michael@0: ( michael@0: NSSPrivateKey *vk michael@0: /* { don't need the callback here, right? } */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_CreateCryptoContext michael@0: * michael@0: * Create a crypto context, in this key's trust domain, michael@0: * with this as the distinguished private key. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSPrivateKey_CreateCryptoContext michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_FindCertificates michael@0: * michael@0: * Note that there may be more than one certificate for this michael@0: * private key. { FilterCertificates function to further michael@0: * reduce the list. } michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSPrivateKey_FindCertificates michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_FindBestCertificate michael@0: * michael@0: * The parameters for this function will depend on what the users michael@0: * need. This is just a starting point. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSPrivateKey_FindBestCertificate michael@0: ( michael@0: NSSPrivateKey *vk, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usageOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey michael@0: * michael@0: * Once you generate, find, or derive one of these, you can use it michael@0: * to perform (simple) cryptographic operations. Though there may michael@0: * be certificates associated with these public keys, they are not michael@0: * verified. michael@0: */ michael@0: michael@0: /* michael@0: * NSSPublicKey_Destroy michael@0: * michael@0: * Free a pointer to a public key object. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSPublicKey_Destroy michael@0: ( michael@0: NSSPublicKey *bk michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_DeleteStoredObject michael@0: * michael@0: * Permanently remove this object, and any related objects (such as the michael@0: * corresponding private keys and certificates). michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSPublicKey_DeleteStoredObject michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_Encode michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPublicKey_Encode michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_GetTrustDomain michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSPublicKey_GetTrustDomain michael@0: ( michael@0: NSSPublicKey *bk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_GetToken michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSPublicKey_GetToken michael@0: ( michael@0: NSSPublicKey *bk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_GetSlot michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSlot * michael@0: NSSPublicKey_GetSlot michael@0: ( michael@0: NSSPublicKey *bk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_GetModule michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSModule * michael@0: NSSPublicKey_GetModule michael@0: ( michael@0: NSSPublicKey *bk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_Encrypt michael@0: * michael@0: * Encrypt a single chunk of data with the public key corresponding to michael@0: * this certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPublicKey_Encrypt michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_Verify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSPublicKey_Verify michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSItem *signature, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_VerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPublicKey_VerifyRecover michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *signature, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_WrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSPublicKey_WrapSymmetricKey michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSSymmetricKey *keyToWrap, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_CreateCryptoContext michael@0: * michael@0: * Create a crypto context, in this key's trust domain, with this michael@0: * as the distinguished public key. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSPublicKey_CreateCryptoContext michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_FindCertificates michael@0: * michael@0: * Note that there may be more than one certificate for this michael@0: * public key. The current implementation may not find every michael@0: * last certificate available for this public key: that would michael@0: * involve trolling e.g. huge ldap databases, which will be michael@0: * grossly inefficient and not generally useful. michael@0: * { FilterCertificates function to further reduce the list } michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSPublicKey_FindCertificates michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPrivateKey_FindBestCertificate michael@0: * michael@0: * The parameters for this function will depend on what the users michael@0: * need. This is just a starting point. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSPublicKey_FindBestCertificate michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usageOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSPublicKey_FindPrivateKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPrivateKey * michael@0: NSSPublicKey_FindPrivateKey michael@0: ( michael@0: NSSPublicKey *bk, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * NSSSymmetricKey_Destroy michael@0: * michael@0: * Free a pointer to a symmetric key object. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSSymmetricKey_Destroy michael@0: ( michael@0: NSSSymmetricKey *mk michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_DeleteStoredObject michael@0: * michael@0: * Permanently remove this object. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSSymmetricKey_DeleteStoredObject michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetKeyLength michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRUint32 michael@0: NSSSymmetricKey_GetKeyLength michael@0: ( michael@0: NSSSymmetricKey *mk michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetKeyStrength michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRUint32 michael@0: NSSSymmetricKey_GetKeyStrength michael@0: ( michael@0: NSSSymmetricKey *mk michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_IsStillPresent michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSSymmetricKey_IsStillPresent michael@0: ( michael@0: NSSSymmetricKey *mk michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetTrustDomain michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSSymmetricKey_GetTrustDomain michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetToken michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSSymmetricKey_GetToken michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetSlot michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSlot * michael@0: NSSSymmetricKey_GetSlot michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_GetModule michael@0: * michael@0: * There doesn't have to be one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSModule * michael@0: NSSSymmetricKey_GetModule michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_Encrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_Encrypt michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_Decrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_Decrypt michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *encryptedData, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_Sign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_Sign michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_SignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_SignRecover michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_Verify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSSymmetricKey_Verify michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSItem *signature, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_VerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_VerifyRecover michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *signature, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_WrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_WrapSymmetricKey michael@0: ( michael@0: NSSSymmetricKey *wrappingKey, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSSymmetricKey *keyToWrap, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_WrapPrivateKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSSymmetricKey_WrapPrivateKey michael@0: ( michael@0: NSSSymmetricKey *wrappingKey, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPrivateKey *keyToWrap, michael@0: NSSCallback *uhh, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_UnwrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSSymmetricKey_UnwrapSymmetricKey michael@0: ( michael@0: NSSSymmetricKey *wrappingKey, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *wrappedKey, michael@0: NSSOID *target, michael@0: PRUint32 keySizeOpt, michael@0: NSSOperations operations, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_UnwrapPrivateKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPrivateKey * michael@0: NSSSymmetricKey_UnwrapPrivateKey michael@0: ( michael@0: NSSSymmetricKey *wrappingKey, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *wrappedKey, michael@0: NSSUTF8 *labelOpt, michael@0: NSSItem *keyIDOpt, michael@0: PRBool persistant, michael@0: PRBool sensitive, michael@0: NSSToken *destinationOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_DeriveSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSSymmetricKey_DeriveSymmetricKey michael@0: ( michael@0: NSSSymmetricKey *originalKey, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSOID *target, michael@0: PRUint32 keySizeOpt, michael@0: NSSOperations operations, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSSymmetricKey_CreateCryptoContext michael@0: * michael@0: * Create a crypto context, in this key's trust domain, michael@0: * with this as the distinguished symmetric key. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSSymmetricKey_CreateCryptoContext michael@0: ( michael@0: NSSSymmetricKey *mk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhh michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_Create michael@0: * michael@0: * This creates a trust domain, optionally with an initial cryptoki michael@0: * module. If the module name is not null, the module is loaded if michael@0: * needed (using the uriOpt argument), and initialized with the michael@0: * opaqueOpt argument. If mumble mumble priority settings, then michael@0: * module-specification objects in the module can cause the loading michael@0: * and initialization of further modules. michael@0: * michael@0: * The uriOpt is defined to take a URI. At present, we only michael@0: * support file: URLs pointing to platform-native shared libraries. michael@0: * However, by specifying this as a URI, this keeps open the michael@0: * possibility of supporting other, possibly remote, resources. michael@0: * michael@0: * The "reserved" arguments is held for when we figure out the michael@0: * module priority stuff. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSTrustDomain_Create michael@0: ( michael@0: NSSUTF8 *moduleOpt, michael@0: NSSUTF8 *uriOpt, michael@0: NSSUTF8 *opaqueOpt, michael@0: void *reserved michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_Destroy michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_Destroy michael@0: ( michael@0: NSSTrustDomain *td michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_SetDefaultCallback michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_SetDefaultCallback michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCallback *newCallback, michael@0: NSSCallback **oldCallbackOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_GetDefaultCallback michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCallback * michael@0: NSSTrustDomain_GetDefaultCallback michael@0: ( michael@0: NSSTrustDomain *td, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * Default policies? michael@0: * Default usage? michael@0: * Default time, for completeness? michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_LoadModule michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_LoadModule michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *moduleOpt, michael@0: NSSUTF8 *uriOpt, michael@0: NSSUTF8 *opaqueOpt, michael@0: void *reserved michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_AddModule michael@0: * NSSTrustDomain_AddSlot michael@0: * NSSTrustDomain_UnloadModule michael@0: * Managing modules, slots, tokens; priorities; michael@0: * Traversing all of the above michael@0: * this needs more work michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_DisableToken michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_DisableToken michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSToken *token, michael@0: NSSError why michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_EnableToken michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_EnableToken michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSToken *token michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_IsTokenEnabled michael@0: * michael@0: * If disabled, "why" is always on the error stack. michael@0: * The optional argument is just for convenience. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_IsTokenEnabled michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSToken *token, michael@0: NSSError *whyOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindSlotByName michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSlot * michael@0: NSSTrustDomain_FindSlotByName michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *slotName michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindTokenByName michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSTrustDomain_FindTokenByName michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *tokenName michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindTokenBySlotName michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSTrustDomain_FindTokenBySlotName michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *slotName michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestTokenForAlgorithm michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSTrustDomain_FindTokenForAlgorithm michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSOID *algorithm michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestTokenForAlgorithms michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSToken * michael@0: NSSTrustDomain_FindBestTokenForAlgorithms michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSOID *algorithms[], /* may be null-terminated */ michael@0: PRUint32 nAlgorithmsOpt /* limits the array if nonzero */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_Login michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_Login michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_Logout michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_Logout michael@0: ( michael@0: NSSTrustDomain *td michael@0: ); michael@0: michael@0: /* Importing things */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportCertificate michael@0: * michael@0: * The implementation will pull some data out of the certificate michael@0: * (e.g. e-mail address) for use in pkcs#11 object attributes. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_ImportCertificate michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportPKIXCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_ImportPKIXCertificate michael@0: ( michael@0: NSSTrustDomain *td, michael@0: /* declared as a struct until these "data types" are defined */ michael@0: struct NSSPKIXCertificateStr *pc michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportEncodedCertificate michael@0: * michael@0: * Imports any type of certificate we support. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_ImportEncodedCertificate michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSBER *ber michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportEncodedCertificateChain michael@0: * michael@0: * If you just want the leaf, pass in a maximum of one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_ImportEncodedCertificateChain michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSBER *ber, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportEncodedPrivateKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPrivateKey * michael@0: NSSTrustDomain_ImportEncodedPrivateKey michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSBER *ber, michael@0: NSSItem *passwordOpt, /* NULL will cause a callback */ michael@0: NSSCallback *uhhOpt, michael@0: NSSToken *destination michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_ImportEncodedPublicKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSPublicKey * michael@0: NSSTrustDomain_ImportEncodedPublicKey michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSBER *ber michael@0: ); michael@0: michael@0: /* Other importations: S/MIME capabilities */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestCertificateByNickname michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestCertificateByNickname michael@0: ( michael@0: NSSTrustDomain *td, michael@0: const NSSUTF8 *name, michael@0: NSSTime *timeOpt, /* NULL for "now" */ michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt /* NULL for none */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificatesByNickname michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindCertificatesByNickname michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *name, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificateByIssuerAndSerialNumber michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindCertificateByIssuerAndSerialNumber michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER *issuer, michael@0: NSSDER *serialNumber michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificatesByIssuerAndSerialNumber michael@0: * michael@0: * Theoretically, this should never happen. However, some companies michael@0: * we know have issued duplicate certificates with the same issuer michael@0: * and serial number. Do we just ignore them? I'm thinking yes. michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestCertificateBySubject michael@0: * michael@0: * This does not search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestCertificateBySubject michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER /*NSSUTF8*/ *subject, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificatesBySubject michael@0: * michael@0: * This does not search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindCertificatesBySubject michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSDER /*NSSUTF8*/ *subject, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestCertificateByNameComponents michael@0: * michael@0: * This call does try several tricks, including a pseudo pkcs#11 michael@0: * attribute for the ldap module to try as a query. Eventually michael@0: * this call falls back to a traversal if that's what's required. michael@0: * It will search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestCertificateByNameComponents michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *nameComponents, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificatesByNameComponents michael@0: * michael@0: * This call, too, tries several tricks. It will stop on the first michael@0: * attempt that generates results, so it won't e.g. traverse the michael@0: * entire ldap database. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindCertificatesByNameComponents michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *nameComponents, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificateByEncodedCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindCertificateByEncodedCertificate michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSBER *encodedCertificate michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestCertificateByEmail michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindCertificateByEmail michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSASCII7 *email, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificatesByEmail michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindCertificatesByEmail michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSASCII7 *email, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindCertificateByOCSPHash michael@0: * michael@0: * There can be only one. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindCertificateByOCSPHash michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSItem *hash michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_TraverseCertificates michael@0: * michael@0: * This function descends from one in older versions of NSS which michael@0: * traverses the certs in the permanent database. That function michael@0: * was used to implement selection routines, but was directly michael@0: * available too. Trust domains are going to contain a lot more michael@0: * certs now (e.g., an ldap server), so we'd really like to michael@0: * discourage traversal. Thus for now, this is commented out. michael@0: * If it's needed, let's look at the situation more closely to michael@0: * find out what the actual requirements are. michael@0: */ michael@0: michael@0: /* For now, adding this function. This may only be for debugging michael@0: * purposes. michael@0: * Perhaps some equivalent function, on a specified token, will be michael@0: * needed in a "friend" header file? michael@0: */ michael@0: NSS_EXTERN PRStatus * michael@0: NSSTrustDomain_TraverseCertificates michael@0: ( michael@0: NSSTrustDomain *td, michael@0: PRStatus (*callback)(NSSCertificate *c, void *arg), michael@0: void *arg michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestUserCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestUserCertificate michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindUserCertificates michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindUserCertificates michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usageOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestUserCertificateForSSLClientAuth michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestUserCertificateForSSLClientAuth michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *sslHostOpt, michael@0: NSSDER *rootCAsOpt[], /* null pointer for none */ michael@0: PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindUserCertificatesForSSLClientAuth michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindUserCertificatesForSSLClientAuth michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSUTF8 *sslHostOpt, michael@0: NSSDER *rootCAsOpt[], /* null pointer for none */ michael@0: PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindBestUserCertificateForEmailSigning michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSTrustDomain_FindBestUserCertificateForEmailSigning michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSASCII7 *signerOpt, michael@0: NSSASCII7 *recipientOpt, michael@0: /* anything more here? */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindUserCertificatesForEmailSigning michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSTrustDomain_FindUserCertificatesForEmailSigning michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSASCII7 *signerOpt, michael@0: NSSASCII7 *recipientOpt, michael@0: /* anything more here? */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * Here is where we'd add more Find[Best]UserCertificate[s]For michael@0: * routines. michael@0: */ michael@0: michael@0: /* Private Keys */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_GenerateKeyPair michael@0: * michael@0: * Creates persistant objects. If you want session objects, use michael@0: * NSSCryptoContext_GenerateKeyPair. The destination token is where michael@0: * the keys are stored. If that token can do the required math, then michael@0: * that's where the keys are generated too. Otherwise, the keys are michael@0: * generated elsewhere and moved to that token. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSTrustDomain_GenerateKeyPair michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSPrivateKey **pvkOpt, michael@0: NSSPublicKey **pbkOpt, michael@0: PRBool privateKeyIsSensitive, michael@0: NSSToken *destination, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_TraversePrivateKeys michael@0: * michael@0: * michael@0: * NSS_EXTERN PRStatus * michael@0: * NSSTrustDomain_TraversePrivateKeys michael@0: * ( michael@0: * NSSTrustDomain *td, michael@0: * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), michael@0: * void *arg michael@0: * ); michael@0: */ michael@0: michael@0: /* Symmetric Keys */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_GenerateSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSTrustDomain_GenerateSymmetricKey michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSAlgorithmAndParameters *ap, michael@0: PRUint32 keysize, michael@0: NSSToken *destination, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_GenerateSymmetricKeyFromPassword michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSTrustDomain_GenerateSymmetricKeyFromPassword michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSUTF8 *passwordOpt, /* if null, prompt */ michael@0: NSSToken *destinationOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindSymmetricKeyByAlgorithm michael@0: * michael@0: * Is this still needed? michael@0: * michael@0: * NSS_EXTERN NSSSymmetricKey * michael@0: * NSSTrustDomain_FindSymmetricKeyByAlgorithm michael@0: * ( michael@0: * NSSTrustDomain *td, michael@0: * NSSOID *algorithm, michael@0: * NSSCallback *uhhOpt michael@0: * ); michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSTrustDomain_FindSymmetricKeyByAlgorithmAndKeyID michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSOID *algorithm, michael@0: NSSItem *keyID, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_TraverseSymmetricKeys michael@0: * michael@0: * michael@0: * NSS_EXTERN PRStatus * michael@0: * NSSTrustDomain_TraverseSymmetricKeys michael@0: * ( michael@0: * NSSTrustDomain *td, michael@0: * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), michael@0: * void *arg michael@0: * ); michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_CreateCryptoContext michael@0: * michael@0: * If a callback object is specified, it becomes the for the crypto michael@0: * context; otherwise, this trust domain's default (if any) is michael@0: * inherited. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSTrustDomain_CreateCryptoContext michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_CreateCryptoContextForAlgorithm michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSTrustDomain_CreateCryptoContextForAlgorithm michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSOID *algorithm michael@0: ); michael@0: michael@0: /* michael@0: * NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSTrustDomain_CreateCryptoContextForAlgorithmAndParameters michael@0: ( michael@0: NSSTrustDomain *td, michael@0: NSSAlgorithmAndParameters *ap michael@0: ); michael@0: michael@0: /* find/traverse other objects, e.g. s/mime profiles */ michael@0: michael@0: /* michael@0: * NSSCryptoContext michael@0: * michael@0: * A crypto context is sort of a short-term snapshot of a trust domain, michael@0: * used for the life of "one crypto operation." You can also think of michael@0: * it as a "temporary database." michael@0: * michael@0: * Just about all of the things you can do with a trust domain -- importing michael@0: * or creating certs, keys, etc. -- can be done with a crypto context. michael@0: * The difference is that the objects will be temporary ("session") objects. michael@0: * michael@0: * Also, if the context was created for a key, cert, and/or algorithm; or michael@0: * if such objects have been "associated" with the context, then the context michael@0: * can do everything the keys can, like crypto operations. michael@0: * michael@0: * And finally, because it keeps the state of the crypto operations, it michael@0: * can do streaming crypto ops. michael@0: */ michael@0: michael@0: /* michael@0: * NSSTrustDomain_Destroy michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_Destroy michael@0: ( michael@0: NSSCryptoContext *cc michael@0: ); michael@0: michael@0: /* establishing a default callback */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_SetDefaultCallback michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_SetDefaultCallback michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSCallback *newCallback, michael@0: NSSCallback **oldCallbackOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_GetDefaultCallback michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCallback * michael@0: NSSCryptoContext_GetDefaultCallback michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: PRStatus *statusOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_GetTrustDomain michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSTrustDomain * michael@0: NSSCryptoContext_GetTrustDomain michael@0: ( michael@0: NSSCryptoContext *cc michael@0: ); michael@0: michael@0: /* AddModule, etc: should we allow "temporary" changes here? */ michael@0: /* DisableToken, etc: ditto */ michael@0: /* Ordering of tokens? */ michael@0: /* Finding slots+token etc. */ michael@0: /* login+logout */ michael@0: michael@0: /* Importing things */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindOrImportCertificate michael@0: * michael@0: * If the certificate store already contains this DER cert, return the michael@0: * address of the matching NSSCertificate that is already in the store, michael@0: * and bump its reference count. michael@0: * michael@0: * If this DER cert is NOT already in the store, then add the new michael@0: * NSSCertificate to the store and bump its reference count, michael@0: * then return its address. michael@0: * michael@0: * if this DER cert is not in the store and cannot be added to it, michael@0: * return NULL; michael@0: * michael@0: * Record the associated crypto context in the certificate. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindOrImportCertificate ( michael@0: NSSCryptoContext *cc, michael@0: NSSCertificate *c michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ImportPKIXCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_ImportPKIXCertificate michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: struct NSSPKIXCertificateStr *pc michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ImportEncodedCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_ImportEncodedCertificate michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSBER *ber michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ImportEncodedPKIXCertificateChain michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_ImportEncodedPKIXCertificateChain michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSBER *ber michael@0: ); michael@0: michael@0: /* Other importations: S/MIME capabilities michael@0: */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestCertificateByNickname michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestCertificateByNickname michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: const NSSUTF8 *name, michael@0: NSSTime *timeOpt, /* NULL for "now" */ michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt /* NULL for none */ michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificatesByNickname michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindCertificatesByNickname michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSUTF8 *name, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificateByIssuerAndSerialNumber michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindCertificateByIssuerAndSerialNumber michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSDER *issuer, michael@0: NSSDER *serialNumber michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestCertificateBySubject michael@0: * michael@0: * This does not search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestCertificateBySubject michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSDER /*NSSUTF8*/ *subject, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificatesBySubject michael@0: * michael@0: * This does not search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindCertificatesBySubject michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSDER /*NSSUTF8*/ *subject, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestCertificateByNameComponents michael@0: * michael@0: * This call does try several tricks, including a pseudo pkcs#11 michael@0: * attribute for the ldap module to try as a query. Eventually michael@0: * this call falls back to a traversal if that's what's required. michael@0: * It will search through alternate names hidden in extensions. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestCertificateByNameComponents michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSUTF8 *nameComponents, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificatesByNameComponents michael@0: * michael@0: * This call, too, tries several tricks. It will stop on the first michael@0: * attempt that generates results, so it won't e.g. traverse the michael@0: * entire ldap database. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindCertificatesByNameComponents michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSUTF8 *nameComponents, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificateByEncodedCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindCertificateByEncodedCertificate michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSBER *encodedCertificate michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestCertificateByEmail michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestCertificateByEmail michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSASCII7 *email, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificatesByEmail michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindCertificatesByEmail michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSASCII7 *email, michael@0: NSSCertificate *rvOpt[], michael@0: PRUint32 maximumOpt, /* 0 for no max */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindCertificateByOCSPHash michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindCertificateByOCSPHash michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *hash michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_TraverseCertificates michael@0: * michael@0: * michael@0: * NSS_EXTERN PRStatus * michael@0: * NSSCryptoContext_TraverseCertificates michael@0: * ( michael@0: * NSSCryptoContext *cc, michael@0: * PRStatus (*callback)(NSSCertificate *c, void *arg), michael@0: * void *arg michael@0: * ); michael@0: */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestUserCertificate michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestUserCertificate michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usage, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindUserCertificates michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindUserCertificates michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSTime *timeOpt, michael@0: NSSUsage *usageOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestUserCertificateForSSLClientAuth michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestUserCertificateForSSLClientAuth michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSUTF8 *sslHostOpt, michael@0: NSSDER *rootCAsOpt[], /* null pointer for none */ michael@0: PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindUserCertificatesForSSLClientAuth michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate ** michael@0: NSSCryptoContext_FindUserCertificatesForSSLClientAuth michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSUTF8 *sslHostOpt, michael@0: NSSDER *rootCAsOpt[], /* null pointer for none */ michael@0: PRUint32 rootCAsMaxOpt, /* zero means list is null-terminated */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindBestUserCertificateForEmailSigning michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindBestUserCertificateForEmailSigning michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSASCII7 *signerOpt, michael@0: NSSASCII7 *recipientOpt, michael@0: /* anything more here? */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindUserCertificatesForEmailSigning michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCertificate * michael@0: NSSCryptoContext_FindUserCertificatesForEmailSigning michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSASCII7 *signerOpt, /* fgmr or a more general name? */ michael@0: NSSASCII7 *recipientOpt, michael@0: /* anything more here? */ michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSPolicies *policiesOpt, michael@0: NSSCertificate **rvOpt, michael@0: PRUint32 rvLimit, /* zero for no limit */ michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* Private Keys */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_GenerateKeyPair michael@0: * michael@0: * Creates session objects. If you want persistant objects, use michael@0: * NSSTrustDomain_GenerateKeyPair. The destination token is where michael@0: * the keys are stored. If that token can do the required math, then michael@0: * that's where the keys are generated too. Otherwise, the keys are michael@0: * generated elsewhere and moved to that token. michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_GenerateKeyPair michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSPrivateKey **pvkOpt, michael@0: NSSPublicKey **pbkOpt, michael@0: PRBool privateKeyIsSensitive, michael@0: NSSToken *destination, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_TraversePrivateKeys michael@0: * michael@0: * michael@0: * NSS_EXTERN PRStatus * michael@0: * NSSCryptoContext_TraversePrivateKeys michael@0: * ( michael@0: * NSSCryptoContext *cc, michael@0: * PRStatus (*callback)(NSSPrivateKey *vk, void *arg), michael@0: * void *arg michael@0: * ); michael@0: */ michael@0: michael@0: /* Symmetric Keys */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_GenerateSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSCryptoContext_GenerateSymmetricKey michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *ap, michael@0: PRUint32 keysize, michael@0: NSSToken *destination, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_GenerateSymmetricKeyFromPassword michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSCryptoContext_GenerateSymmetricKeyFromPassword michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *ap, michael@0: NSSUTF8 *passwordOpt, /* if null, prompt */ michael@0: NSSToken *destinationOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindSymmetricKeyByAlgorithm michael@0: * michael@0: * michael@0: * NSS_EXTERN NSSSymmetricKey * michael@0: * NSSCryptoContext_FindSymmetricKeyByType michael@0: * ( michael@0: * NSSCryptoContext *cc, michael@0: * NSSOID *type, michael@0: * NSSCallback *uhhOpt michael@0: * ); michael@0: */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSCryptoContext_FindSymmetricKeyByAlgorithmAndKeyID michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSOID *algorithm, michael@0: NSSItem *keyID, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_TraverseSymmetricKeys michael@0: * michael@0: * michael@0: * NSS_EXTERN PRStatus * michael@0: * NSSCryptoContext_TraverseSymmetricKeys michael@0: * ( michael@0: * NSSCryptoContext *cc, michael@0: * PRStatus (*callback)(NSSSymmetricKey *mk, void *arg), michael@0: * void *arg michael@0: * ); michael@0: */ michael@0: michael@0: /* Crypto ops on distinguished keys */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_Decrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_Decrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *encryptedData, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginDecrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginDecrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueDecrypt michael@0: * michael@0: */ michael@0: michael@0: /* michael@0: * NSSItem semantics: michael@0: * michael@0: * If rvOpt is NULL, a new NSSItem and buffer are allocated. michael@0: * If rvOpt is not null, but the buffer pointer is null, michael@0: * then rvOpt is returned but a new buffer is allocated. michael@0: * In this case, if the length value is not zero, then michael@0: * no more than that much space will be allocated. michael@0: * If rvOpt is not null and the buffer pointer is not null, michael@0: * then that buffer is re-used. No more than the buffer michael@0: * length value will be used; if it's not enough, an michael@0: * error is returned. If less is used, the number is michael@0: * adjusted downwards. michael@0: * michael@0: * Note that although this is short of some ideal "Item" michael@0: * definition, we can usually tell how big these buffers michael@0: * have to be. michael@0: * michael@0: * Feedback is requested; and earlier is better than later. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_ContinueDecrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishDecrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishDecrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_Sign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_Sign michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginSign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginSign michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueSign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_ContinueSign michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishSign michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishSign michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_SignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_SignRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginSignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginSignRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueSignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_ContinueSignRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishSignRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishSignRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_UnwrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSCryptoContext_UnwrapSymmetricKey michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *wrappedKey, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_DeriveSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSSymmetricKey * michael@0: NSSCryptoContext_DeriveSymmetricKey michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSPublicKey *bk, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSOID *target, michael@0: PRUint32 keySizeOpt, /* zero for best allowed */ michael@0: NSSOperations operations, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_Encrypt michael@0: * michael@0: * Encrypt a single chunk of data with the distinguished public key michael@0: * of this crypto context. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_Encrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginEncrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginEncrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueEncrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_ContinueEncrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishEncrypt michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishEncrypt michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_Verify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_Verify michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSItem *signature, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginVerify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginVerify michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *signature, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueVerify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_ContinueVerify michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishVerify michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_FinishVerify michael@0: ( michael@0: NSSCryptoContext *cc michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_VerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_VerifyRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *signature, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginVerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginVerifyRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueVerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_ContinueVerifyRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *data, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishVerifyRecover michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishVerifyRecover michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_WrapSymmetricKey michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_WrapSymmetricKey michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSSymmetricKey *keyToWrap, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_Digest michael@0: * michael@0: * Digest a single chunk of data with the distinguished digest key michael@0: * of this crypto context. michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_Digest michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *data, michael@0: NSSCallback *uhhOpt, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_BeginDigest michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_BeginDigest michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSCallback *uhhOpt michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_ContinueDigest michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN PRStatus michael@0: NSSCryptoContext_ContinueDigest michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSAlgorithmAndParameters *apOpt, michael@0: NSSItem *item michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_FinishDigest michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSItem * michael@0: NSSCryptoContext_FinishDigest michael@0: ( michael@0: NSSCryptoContext *cc, michael@0: NSSItem *rvOpt, michael@0: NSSArena *arenaOpt michael@0: ); michael@0: michael@0: /* michael@0: * tbd: Combination ops michael@0: */ michael@0: michael@0: /* michael@0: * NSSCryptoContext_Clone michael@0: * michael@0: */ michael@0: michael@0: NSS_EXTERN NSSCryptoContext * michael@0: NSSCryptoContext_Clone michael@0: ( michael@0: NSSCryptoContext *cc michael@0: ); michael@0: michael@0: /* michael@0: * NSSCryptoContext_Save michael@0: * NSSCryptoContext_Restore michael@0: * michael@0: * We need to be able to save and restore the state of contexts. michael@0: * Perhaps a mark-and-release mechanism would be better? michael@0: */ michael@0: michael@0: /* michael@0: * ..._SignTBSCertificate michael@0: * michael@0: * This requires feedback from the cert server team. michael@0: */ michael@0: michael@0: /* michael@0: * PRBool NSSCertificate_GetIsTrustedFor{xxx}(NSSCertificate *c); michael@0: * PRStatus NSSCertificate_SetIsTrustedFor{xxx}(NSSCertificate *c, PRBool trusted); michael@0: * michael@0: * These will be helper functions which get the trust object for a cert, michael@0: * and then call the corresponding function(s) on it. michael@0: * michael@0: * PKIX trust objects will have methods to manipulate the low-level trust michael@0: * bits (which are based on key usage and extended key usage), and also the michael@0: * conceptual high-level usages (e.g. ssl client auth, email encryption, etc.) michael@0: * michael@0: * Other types of trust objects (if any) might have different low-level michael@0: * representations, but hopefully high-level concepts would map. michael@0: * michael@0: * Only these high-level general routines would be promoted to the michael@0: * general certificate level here. Hence the {xxx} above would be things michael@0: * like "EmailSigning." michael@0: * michael@0: * michael@0: * NSSPKIXTrust *NSSCertificate_GetPKIXTrustObject(NSSCertificate *c); michael@0: * PRStatus NSSCertificate_SetPKIXTrustObject(NSSCertificate *c, NSPKIXTrust *t); michael@0: * michael@0: * I want to hold off on any general trust object until we've investigated michael@0: * other models more thoroughly. michael@0: */ michael@0: michael@0: PR_END_EXTERN_C michael@0: michael@0: #endif /* NSSPKI_H */