diff options
Diffstat (limited to 'security/nss/lib/dev/dev.h')
-rw-r--r-- | security/nss/lib/dev/dev.h | 751 |
1 files changed, 751 insertions, 0 deletions
diff --git a/security/nss/lib/dev/dev.h b/security/nss/lib/dev/dev.h new file mode 100644 index 0000000000..762ea5635f --- /dev/null +++ b/security/nss/lib/dev/dev.h @@ -0,0 +1,751 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef DEV_H +#define DEV_H + +/* + * dev.h + * + * Low-level methods for interaction with cryptoki devices + */ + +#ifndef NSSDEV_H +#include "nssdev.h" +#endif /* NSSDEV_H */ + +#ifndef DEVT_H +#include "devt.h" +#endif /* DEVT_H */ + +PR_BEGIN_EXTERN_C + +/* the global module list + * + * These functions are for managing the global set of modules. Trust Domains, + * etc., will draw from this set. These functions are completely internal + * and only invoked when there are changes to the global module state + * (load or unload). + * + * nss_InitializeGlobalModuleList + * nss_DestroyGlobalModuleList + * nss_GetLoadedModules + * + * nssGlobalModuleList_Add + * nssGlobalModuleList_Remove + * nssGlobalModuleList_FindModuleByName + * nssGlobalModuleList_FindSlotByName + * nssGlobalModuleList_FindTokenByName + */ + +NSS_EXTERN PRStatus +nss_InitializeGlobalModuleList( + void); + +NSS_EXTERN PRStatus +nss_DestroyGlobalModuleList( + void); + +NSS_EXTERN NSSModule ** +nss_GetLoadedModules( + void); + +NSS_EXTERN PRStatus +nssGlobalModuleList_Add( + NSSModule *module); + +NSS_EXTERN PRStatus +nssGlobalModuleList_Remove( + NSSModule *module); + +NSS_EXTERN NSSModule * +nssGlobalModuleList_FindModuleByName( + NSSUTF8 *moduleName); + +NSS_EXTERN NSSSlot * +nssGlobalModuleList_FindSlotByName( + NSSUTF8 *slotName); + +NSS_EXTERN NSSToken * +nssGlobalModuleList_FindTokenByName( + NSSUTF8 *tokenName); + +NSS_EXTERN NSSToken * +nss_GetDefaultCryptoToken( + void); + +NSS_EXTERN NSSToken * +nss_GetDefaultDatabaseToken( + void); + +/* + * |-----------|<---> NSSSlot <--> NSSToken + * | NSSModule |<---> NSSSlot <--> NSSToken + * |-----------|<---> NSSSlot <--> NSSToken + */ + +/* NSSModule + * + * nssModule_Create + * nssModule_CreateFromSpec + * nssModule_AddRef + * nssModule_GetName + * nssModule_GetSlots + * nssModule_FindSlotByName + * nssModule_FindTokenByName + * nssModule_GetCertOrder + */ + +NSS_EXTERN NSSModule * +nssModule_Create( + NSSUTF8 *moduleOpt, + NSSUTF8 *uriOpt, + NSSUTF8 *opaqueOpt, + void *reserved); + +/* This is to use the new loading mechanism. */ +NSS_EXTERN NSSModule * +nssModule_CreateFromSpec( + NSSUTF8 *moduleSpec, + NSSModule *parent, + PRBool loadSubModules); + +NSS_EXTERN PRStatus +nssModule_Destroy( + NSSModule *mod); + +NSS_EXTERN NSSModule * +nssModule_AddRef( + NSSModule *mod); + +NSS_EXTERN NSSUTF8 * +nssModule_GetName( + NSSModule *mod); + +NSS_EXTERN NSSSlot ** +nssModule_GetSlots( + NSSModule *mod); + +NSS_EXTERN NSSSlot * +nssModule_FindSlotByName( + NSSModule *mod, + NSSUTF8 *slotName); + +NSS_EXTERN NSSToken * +nssModule_FindTokenByName( + NSSModule *mod, + NSSUTF8 *tokenName); + +NSS_EXTERN PRInt32 +nssModule_GetCertOrder( + NSSModule *module); + +/* NSSSlot + * + * nssSlot_Destroy + * nssSlot_AddRef + * nssSlot_GetName + * nssSlot_IsTokenPresent + * nssSlot_IsPermanent + * nssSlot_IsFriendly + * nssSlot_IsHardware + * nssSlot_Refresh + * nssSlot_GetModule + * nssSlot_GetToken + * nssSlot_Login + * nssSlot_Logout + * nssSlot_SetPassword + * nssSlot_CreateSession + */ + +NSS_EXTERN PRStatus +nssSlot_Destroy( + NSSSlot *slot); + +NSS_EXTERN NSSSlot * +nssSlot_AddRef( + NSSSlot *slot); + +NSS_EXTERN void +nssSlot_ResetDelay( + NSSSlot *slot); + +NSS_EXTERN NSSUTF8 * +nssSlot_GetName( + NSSSlot *slot); + +NSS_EXTERN NSSModule * +nssSlot_GetModule( + NSSSlot *slot); + +NSS_EXTERN NSSToken * +nssSlot_GetToken( + NSSSlot *slot); + +NSS_EXTERN PRBool +nssSlot_IsTokenPresent( + NSSSlot *slot); + +NSS_EXTERN PRBool +nssSlot_IsPermanent( + NSSSlot *slot); + +NSS_EXTERN PRBool +nssSlot_IsFriendly( + NSSSlot *slot); + +NSS_EXTERN PRBool +nssSlot_IsHardware( + NSSSlot *slot); + +NSS_EXTERN PRBool +nssSlot_IsLoggedIn( + NSSSlot *slot); + +NSS_EXTERN PRStatus +nssSlot_Refresh( + NSSSlot *slot); + +NSS_EXTERN PRStatus +nssSlot_Login( + NSSSlot *slot, + NSSCallback *pwcb); +extern const NSSError NSS_ERROR_INVALID_PASSWORD; +extern const NSSError NSS_ERROR_USER_CANCELED; + +NSS_EXTERN PRStatus +nssSlot_Logout( + NSSSlot *slot, + nssSession *sessionOpt); + +NSS_EXTERN void +nssSlot_EnterMonitor( + NSSSlot *slot); + +NSS_EXTERN void +nssSlot_ExitMonitor( + NSSSlot *slot); + +#define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1 +#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0 +NSS_EXTERN void +nssSlot_SetPasswordDefaults( + NSSSlot *slot, + PRInt32 askPasswordTimeout); + +NSS_EXTERN PRStatus +nssSlot_SetPassword( + NSSSlot *slot, + NSSUTF8 *oldPasswordOpt, + NSSUTF8 *newPassword); +extern const NSSError NSS_ERROR_INVALID_PASSWORD; +extern const NSSError NSS_ERROR_USER_CANCELED; + +/* + * nssSlot_IsLoggedIn + */ + +NSS_EXTERN nssSession * +nssSlot_CreateSession( + NSSSlot *slot, + NSSArena *arenaOpt, + PRBool readWrite /* so far, this is the only flag used */ +); + +/* NSSToken + * + * nssToken_Destroy + * nssToken_AddRef + * nssToken_GetName + * nssToken_GetModule + * nssToken_GetSlot + * nssToken_NeedsPINInitialization + * nssToken_ImportCertificate + * nssToken_ImportTrust + * nssToken_ImportCRL + * nssToken_GenerateKeyPair + * nssToken_GenerateSymmetricKey + * nssToken_DeleteStoredObject + * nssToken_FindObjects + * nssToken_FindCertificatesBySubject + * nssToken_FindCertificatesByNickname + * nssToken_FindCertificatesByEmail + * nssToken_FindCertificateByIssuerAndSerialNumber + * nssToken_FindCertificateByEncodedCertificate + * nssToken_FindTrustForCertificate + * nssToken_FindCRLsBySubject + * nssToken_FindPrivateKeys + * nssToken_FindPrivateKeyByID + * nssToken_Digest + * nssToken_BeginDigest + * nssToken_ContinueDigest + * nssToken_FinishDigest + */ + +NSS_EXTERN PRStatus +nssToken_Destroy( + NSSToken *tok); + +NSS_EXTERN NSSToken * +nssToken_AddRef( + NSSToken *tok); + +NSS_EXTERN NSSUTF8 * +nssToken_GetName( + NSSToken *tok); + +NSS_EXTERN NSSModule * +nssToken_GetModule( + NSSToken *token); + +NSS_EXTERN NSSSlot * +nssToken_GetSlot( + NSSToken *tok); + +NSS_EXTERN PRBool +nssToken_NeedsPINInitialization( + NSSToken *token); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindObjectsByTemplate( + NSSToken *token, + nssSession *sessionOpt, + CK_ATTRIBUTE_PTR obj_template, + CK_ULONG otsize, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject * +nssToken_ImportCertificate( + NSSToken *tok, + nssSession *sessionOpt, + NSSCertificateType certType, + NSSItem *id, + const NSSUTF8 *nickname, + NSSDER *encoding, + NSSDER *issuer, + NSSDER *subject, + NSSDER *serial, + NSSASCII7 *emailAddr, + PRBool asTokenObject); + +NSS_EXTERN nssCryptokiObject * +nssToken_ImportTrust( + NSSToken *tok, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTrustLevel serverAuth, + nssTrustLevel clientAuth, + nssTrustLevel codeSigning, + nssTrustLevel emailProtection, + PRBool stepUpApproved, + PRBool asTokenObject); + +NSS_EXTERN nssCryptokiObject * +nssToken_ImportCRL( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + NSSDER *encoding, + PRBool isKRL, + NSSUTF8 *url, + PRBool asTokenObject); + +/* Permanently remove an object from the token. */ +NSS_EXTERN PRStatus +nssToken_DeleteStoredObject( + nssCryptokiObject *instance); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindObjects( + NSSToken *token, + nssSession *sessionOpt, + CK_OBJECT_CLASS objclass, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindCertificatesBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindCertificatesByNickname( + NSSToken *token, + nssSession *sessionOpt, + const NSSUTF8 *name, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindCertificatesByEmail( + NSSToken *token, + nssSession *sessionOpt, + NSSASCII7 *email, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindCertificatesByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *id, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject * +nssToken_FindCertificateByIssuerAndSerialNumber( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *issuer, + NSSDER *serial, + nssTokenSearchType searchType, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject * +nssToken_FindCertificateByEncodedCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSBER *encodedCertificate, + nssTokenSearchType searchType, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject * +nssToken_FindTrustForCertificate( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *certEncoding, + NSSDER *certIssuer, + NSSDER *certSerial, + nssTokenSearchType searchType); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindCRLsBySubject( + NSSToken *token, + nssSession *sessionOpt, + NSSDER *subject, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject ** +nssToken_FindPrivateKeys( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRUint32 maximumOpt, + PRStatus *statusOpt); + +NSS_EXTERN nssCryptokiObject * +nssToken_FindPrivateKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID); + +NSS_EXTERN nssCryptokiObject * +nssToken_FindPublicKeyByID( + NSSToken *token, + nssSession *sessionOpt, + NSSItem *keyID); + +NSS_EXTERN NSSItem * +nssToken_Digest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap, + NSSItem *data, + NSSItem *rvOpt, + NSSArena *arenaOpt); + +NSS_EXTERN PRStatus +nssToken_BeginDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSAlgorithmAndParameters *ap); + +NSS_EXTERN PRStatus +nssToken_ContinueDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *item); + +NSS_EXTERN NSSItem * +nssToken_FinishDigest( + NSSToken *tok, + nssSession *sessionOpt, + NSSItem *rvOpt, + NSSArena *arenaOpt); + +/* nssSession + * + * nssSession_Destroy + * nssSession_EnterMonitor + * nssSession_ExitMonitor + * nssSession_IsReadWrite + */ + +NSS_EXTERN PRStatus +nssSession_Destroy( + nssSession *s); + +/* would like to inline */ +NSS_EXTERN PRStatus +nssSession_EnterMonitor( + nssSession *s); + +/* would like to inline */ +NSS_EXTERN PRStatus +nssSession_ExitMonitor( + nssSession *s); + +/* would like to inline */ +NSS_EXTERN PRBool +nssSession_IsReadWrite( + nssSession *s); + +/* nssCryptokiObject + * + * An object living on a cryptoki token. + * Not really proper to mix up the object types just because + * nssCryptokiObject itself is generic, but doing so anyway. + * + * nssCryptokiObject_Destroy + * nssCryptokiObject_Equal + * nssCryptokiObject_Clone + * nssCryptokiCertificate_GetAttributes + * nssCryptokiPrivateKey_GetAttributes + * nssCryptokiPublicKey_GetAttributes + * nssCryptokiTrust_GetAttributes + * nssCryptokiCRL_GetAttributes + */ + +NSS_EXTERN void +nssCryptokiObject_Destroy( + nssCryptokiObject *object); + +NSS_EXTERN PRBool +nssCryptokiObject_Equal( + nssCryptokiObject *object1, + nssCryptokiObject *object2); + +NSS_EXTERN nssCryptokiObject * +nssCryptokiObject_Clone( + nssCryptokiObject *object); + +NSS_EXTERN PRStatus +nssCryptokiCertificate_GetAttributes( + nssCryptokiObject *object, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSCertificateType *certTypeOpt, + NSSItem *idOpt, + NSSDER *encodingOpt, + NSSDER *issuerOpt, + NSSDER *serialOpt, + NSSDER *subjectOpt); + +NSS_EXTERN PRStatus +nssCryptokiTrust_GetAttributes( + nssCryptokiObject *trustObject, + nssSession *sessionOpt, + NSSItem *sha1_hash, + nssTrustLevel *serverAuth, + nssTrustLevel *clientAuth, + nssTrustLevel *codeSigning, + nssTrustLevel *emailProtection, + PRBool *stepUpApproved); + +NSS_EXTERN PRStatus +nssCryptokiCRL_GetAttributes( + nssCryptokiObject *crlObject, + nssSession *sessionOpt, + NSSArena *arenaOpt, + NSSItem *encodingOpt, + NSSItem *subjectOpt, + CK_ULONG *crl_class, + NSSUTF8 **urlOpt, + PRBool *isKRLOpt); + +/* I'm including this to handle import of certificates in NSS 3.5. This + * function will set the cert-related attributes of a key, in order to + * associate it with a cert. Does it stay like this for 4.0? + */ +NSS_EXTERN PRStatus +nssCryptokiPrivateKey_SetCertificate( + nssCryptokiObject *keyObject, + nssSession *sessionOpt, + const NSSUTF8 *nickname, + NSSItem *id, + NSSDER *subject); + +NSS_EXTERN void +nssModuleArray_Destroy( + NSSModule **modules); + +/* nssSlotArray + * + * nssSlotArray_Destroy + */ + +NSS_EXTERN void +nssSlotArray_Destroy( + NSSSlot **slots); + +/* nssTokenArray + * + * nssTokenArray_Destroy + */ + +NSS_EXTERN void +nssTokenArray_Destroy( + NSSToken **tokens); + +/* nssCryptokiObjectArray + * + * nssCryptokiObjectArray_Destroy + */ +NSS_EXTERN void +nssCryptokiObjectArray_Destroy( + nssCryptokiObject **object); + +/* nssSlotList + * + * An ordered list of slots. The order can be anything, it is set in the + * Add methods. Perhaps it should be CreateInCertOrder, ...? + * + * nssSlotList_Create + * nssSlotList_Destroy + * nssSlotList_Add + * nssSlotList_AddModuleSlots + * nssSlotList_GetSlots + * nssSlotList_FindSlotByName + * nssSlotList_FindTokenByName + * nssSlotList_GetBestSlot + * nssSlotList_GetBestSlotForAlgorithmAndParameters + * nssSlotList_GetBestSlotForAlgorithmsAndParameters + */ + +/* nssSlotList_Create + */ +NSS_EXTERN nssSlotList * +nssSlotList_Create( + NSSArena *arenaOpt); + +/* nssSlotList_Destroy + */ +NSS_EXTERN void +nssSlotList_Destroy( + nssSlotList *slotList); + +/* nssSlotList_Add + * + * Add the given slot in the given order. + */ +NSS_EXTERN PRStatus +nssSlotList_Add( + nssSlotList *slotList, + NSSSlot *slot, + PRUint32 order); + +/* nssSlotList_AddModuleSlots + * + * Add all slots in the module, in the given order (the slots will have + * equal weight). + */ +NSS_EXTERN PRStatus +nssSlotList_AddModuleSlots( + nssSlotList *slotList, + NSSModule *module, + PRUint32 order); + +/* nssSlotList_GetSlots + */ +NSS_EXTERN NSSSlot ** +nssSlotList_GetSlots( + nssSlotList *slotList); + +/* nssSlotList_FindSlotByName + */ +NSS_EXTERN NSSSlot * +nssSlotList_FindSlotByName( + nssSlotList *slotList, + NSSUTF8 *slotName); + +/* nssSlotList_FindTokenByName + */ +NSS_EXTERN NSSToken * +nssSlotList_FindTokenByName( + nssSlotList *slotList, + NSSUTF8 *tokenName); + +/* nssSlotList_GetBestSlot + * + * The best slot is the highest ranking in order, i.e., the first in the + * list. + */ +NSS_EXTERN NSSSlot * +nssSlotList_GetBestSlot( + nssSlotList *slotList); + +/* nssSlotList_GetBestSlotForAlgorithmAndParameters + * + * Highest-ranking slot than can handle algorithm/parameters. + */ +NSS_EXTERN NSSSlot * +nssSlotList_GetBestSlotForAlgorithmAndParameters( + nssSlotList *slotList, + NSSAlgorithmAndParameters *ap); + +/* nssSlotList_GetBestSlotForAlgorithmsAndParameters + * + * Highest-ranking slot than can handle all algorithms/parameters. + */ +NSS_EXTERN NSSSlot * +nssSlotList_GetBestSlotForAlgorithmsAndParameters( + nssSlotList *slotList, + NSSAlgorithmAndParameters **ap); + +NSS_EXTERN PRBool +nssToken_IsPresent( + NSSToken *token); + +NSS_EXTERN nssSession * +nssToken_GetDefaultSession( + NSSToken *token); + +NSS_EXTERN PRStatus +nssToken_GetTrustOrder( + NSSToken *tok); + +NSS_EXTERN PRStatus +nssToken_NotifyCertsNotVisible( + NSSToken *tok); + +NSS_EXTERN PRStatus +nssToken_TraverseCertificates( + NSSToken *token, + nssSession *sessionOpt, + nssTokenSearchType searchType, + PRStatus (*callback)(nssCryptokiObject *instance, void *arg), + void *arg); + +NSS_EXTERN PRBool +nssToken_IsPrivateKeyAvailable( + NSSToken *token, + NSSCertificate *c, + nssCryptokiObject *instance); + +PR_END_EXTERN_C + +#endif /* DEV_H */ |