gecko/security/nss/lib/dev/dev.h
2008-08-15 06:12:54 +02:00

979 lines
17 KiB
C

/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is the Netscape security libraries.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 1994-2000
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#ifndef DEV_H
#define DEV_H
/*
* dev.h
*
* Low-level methods for interaction with cryptoki devices
*/
#ifdef DEBUG
static const char DEV_CVS_ID[] = "@(#) $RCSfile: dev.h,v $ $Revision: 1.41 $ $Date: 2008/05/29 17:24:15 $";
#endif /* DEBUG */
#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */
#ifndef NSSDEV_H
#include "nssdev.h"
#endif /* NSSDEV_H */
#ifndef DEVT_H
#include "devt.h"
#endif /* DEVT_H */
PR_BEGIN_EXTERN_C
/* the global module list
*
* These functions are for managing the global set of modules. Trust Domains,
* etc., will draw from this set. These functions are completely internal
* and only invoked when there are changes to the global module state
* (load or unload).
*
* nss_InitializeGlobalModuleList
* nss_DestroyGlobalModuleList
* nss_GetLoadedModules
*
* nssGlobalModuleList_Add
* nssGlobalModuleList_Remove
* nssGlobalModuleList_FindModuleByName
* nssGlobalModuleList_FindSlotByName
* nssGlobalModuleList_FindTokenByName
*/
NSS_EXTERN PRStatus
nss_InitializeGlobalModuleList
(
void
);
NSS_EXTERN PRStatus
nss_DestroyGlobalModuleList
(
void
);
NSS_EXTERN NSSModule **
nss_GetLoadedModules
(
void
);
NSS_EXTERN PRStatus
nssGlobalModuleList_Add
(
NSSModule *module
);
NSS_EXTERN PRStatus
nssGlobalModuleList_Remove
(
NSSModule *module
);
NSS_EXTERN NSSModule *
nssGlobalModuleList_FindModuleByName
(
NSSUTF8 *moduleName
);
NSS_EXTERN NSSSlot *
nssGlobalModuleList_FindSlotByName
(
NSSUTF8 *slotName
);
NSS_EXTERN NSSToken *
nssGlobalModuleList_FindTokenByName
(
NSSUTF8 *tokenName
);
NSS_EXTERN NSSToken *
nss_GetDefaultCryptoToken
(
void
);
NSS_EXTERN NSSToken *
nss_GetDefaultDatabaseToken
(
void
);
/*
* |-----------|<---> NSSSlot <--> NSSToken
* | NSSModule |<---> NSSSlot <--> NSSToken
* |-----------|<---> NSSSlot <--> NSSToken
*/
/* NSSModule
*
* nssModule_Create
* nssModule_CreateFromSpec
* nssModule_AddRef
* nssModule_GetName
* nssModule_GetSlots
* nssModule_FindSlotByName
* nssModule_FindTokenByName
* nssModule_GetCertOrder
*/
NSS_EXTERN NSSModule *
nssModule_Create
(
NSSUTF8 *moduleOpt,
NSSUTF8 *uriOpt,
NSSUTF8 *opaqueOpt,
void *reserved
);
/* This is to use the new loading mechanism. */
NSS_EXTERN NSSModule *
nssModule_CreateFromSpec
(
NSSUTF8 *moduleSpec,
NSSModule *parent,
PRBool loadSubModules
);
NSS_EXTERN PRStatus
nssModule_Destroy
(
NSSModule *mod
);
NSS_EXTERN NSSModule *
nssModule_AddRef
(
NSSModule *mod
);
NSS_EXTERN NSSUTF8 *
nssModule_GetName
(
NSSModule *mod
);
NSS_EXTERN NSSSlot **
nssModule_GetSlots
(
NSSModule *mod
);
NSS_EXTERN NSSSlot *
nssModule_FindSlotByName
(
NSSModule *mod,
NSSUTF8 *slotName
);
NSS_EXTERN NSSToken *
nssModule_FindTokenByName
(
NSSModule *mod,
NSSUTF8 *tokenName
);
NSS_EXTERN PRInt32
nssModule_GetCertOrder
(
NSSModule *module
);
/* NSSSlot
*
* nssSlot_Destroy
* nssSlot_AddRef
* nssSlot_GetName
* nssSlot_GetTokenName
* nssSlot_IsTokenPresent
* nssSlot_IsPermanent
* nssSlot_IsFriendly
* nssSlot_IsHardware
* nssSlot_Refresh
* nssSlot_GetModule
* nssSlot_GetToken
* nssSlot_Login
* nssSlot_Logout
* nssSlot_SetPassword
* nssSlot_CreateSession
*/
NSS_EXTERN PRStatus
nssSlot_Destroy
(
NSSSlot *slot
);
NSS_EXTERN NSSSlot *
nssSlot_AddRef
(
NSSSlot *slot
);
NSS_EXTERN void
nssSlot_ResetDelay
(
NSSSlot *slot
);
NSS_EXTERN NSSUTF8 *
nssSlot_GetName
(
NSSSlot *slot
);
NSS_EXTERN NSSUTF8 *
nssSlot_GetTokenName
(
NSSSlot *slot
);
NSS_EXTERN NSSModule *
nssSlot_GetModule
(
NSSSlot *slot
);
NSS_EXTERN NSSToken *
nssSlot_GetToken
(
NSSSlot *slot
);
NSS_EXTERN PRBool
nssSlot_IsTokenPresent
(
NSSSlot *slot
);
NSS_EXTERN PRBool
nssSlot_IsPermanent
(
NSSSlot *slot
);
NSS_EXTERN PRBool
nssSlot_IsFriendly
(
NSSSlot *slot
);
NSS_EXTERN PRBool
nssSlot_IsHardware
(
NSSSlot *slot
);
NSS_EXTERN PRBool
nssSlot_IsLoggedIn
(
NSSSlot *slot
);
NSS_EXTERN PRStatus
nssSlot_Refresh
(
NSSSlot *slot
);
NSS_EXTERN PRStatus
nssSlot_Login
(
NSSSlot *slot,
NSSCallback *pwcb
);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
NSS_EXTERN PRStatus
nssSlot_Logout
(
NSSSlot *slot,
nssSession *sessionOpt
);
NSS_EXTERN void
nssSlot_EnterMonitor
(
NSSSlot *slot
);
NSS_EXTERN void
nssSlot_ExitMonitor
(
NSSSlot *slot
);
#define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
NSS_EXTERN void
nssSlot_SetPasswordDefaults
(
NSSSlot *slot,
PRInt32 askPasswordTimeout
);
NSS_EXTERN PRStatus
nssSlot_SetPassword
(
NSSSlot *slot,
NSSUTF8 *oldPasswordOpt,
NSSUTF8 *newPassword
);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
/*
* nssSlot_IsLoggedIn
*/
NSS_EXTERN nssSession *
nssSlot_CreateSession
(
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite /* so far, this is the only flag used */
);
/* NSSToken
*
* nssToken_Destroy
* nssToken_AddRef
* nssToken_GetName
* nssToken_GetModule
* nssToken_GetSlot
* nssToken_NeedsPINInitialization
* nssToken_ImportCertificate
* nssToken_ImportTrust
* nssToken_ImportCRL
* nssToken_GenerateKeyPair
* nssToken_GenerateSymmetricKey
* nssToken_DeleteStoredObject
* nssToken_FindObjects
* nssToken_FindCertificatesBySubject
* nssToken_FindCertificatesByNickname
* nssToken_FindCertificatesByEmail
* nssToken_FindCertificateByIssuerAndSerialNumber
* nssToken_FindCertificateByEncodedCertificate
* nssToken_FindTrustForCertificate
* nssToken_FindCRLsBySubject
* nssToken_FindPrivateKeys
* nssToken_FindPrivateKeyByID
* nssToken_Digest
* nssToken_BeginDigest
* nssToken_ContinueDigest
* nssToken_FinishDigest
*/
NSS_EXTERN PRStatus
nssToken_Destroy
(
NSSToken *tok
);
NSS_EXTERN NSSToken *
nssToken_AddRef
(
NSSToken *tok
);
NSS_EXTERN NSSUTF8 *
nssToken_GetName
(
NSSToken *tok
);
NSS_EXTERN NSSModule *
nssToken_GetModule
(
NSSToken *token
);
NSS_EXTERN NSSSlot *
nssToken_GetSlot
(
NSSToken *tok
);
NSS_EXTERN PRBool
nssToken_NeedsPINInitialization
(
NSSToken *token
);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportCertificate
(
NSSToken *tok,
nssSession *sessionOpt,
NSSCertificateType certType,
NSSItem *id,
const NSSUTF8 *nickname,
NSSDER *encoding,
NSSDER *issuer,
NSSDER *subject,
NSSDER *serial,
NSSASCII7 *emailAddr,
PRBool asTokenObject
);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportTrust
(
NSSToken *tok,
nssSession *sessionOpt,
NSSDER *certEncoding,
NSSDER *certIssuer,
NSSDER *certSerial,
nssTrustLevel serverAuth,
nssTrustLevel clientAuth,
nssTrustLevel codeSigning,
nssTrustLevel emailProtection,
PRBool stepUpApproved,
PRBool asTokenObject
);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportCRL
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
NSSDER *encoding,
PRBool isKRL,
NSSUTF8 *url,
PRBool asTokenObject
);
/* Permanently remove an object from the token. */
NSS_EXTERN PRStatus
nssToken_DeleteStoredObject
(
nssCryptokiObject *instance
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindObjects
(
NSSToken *token,
nssSession *sessionOpt,
CK_OBJECT_CLASS objclass,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesBySubject
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByNickname
(
NSSToken *token,
nssSession *sessionOpt,
const NSSUTF8 *name,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByEmail
(
NSSToken *token,
nssSession *sessionOpt,
NSSASCII7 *email,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByID
(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *id,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject *
nssToken_FindCertificateByIssuerAndSerialNumber
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *issuer,
NSSDER *serial,
nssTokenSearchType searchType,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject *
nssToken_FindCertificateByEncodedCertificate
(
NSSToken *token,
nssSession *sessionOpt,
NSSBER *encodedCertificate,
nssTokenSearchType searchType,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject *
nssToken_FindTrustForCertificate
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *certEncoding,
NSSDER *certIssuer,
NSSDER *certSerial,
nssTokenSearchType searchType
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCRLsBySubject
(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject **
nssToken_FindPrivateKeys
(
NSSToken *token,
nssSession *sessionOpt,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt
);
NSS_EXTERN nssCryptokiObject *
nssToken_FindPrivateKeyByID
(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *keyID
);
NSS_EXTERN nssCryptokiObject *
nssToken_FindPublicKeyByID
(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *keyID
);
NSS_EXTERN NSSItem *
nssToken_Digest
(
NSSToken *tok,
nssSession *sessionOpt,
NSSAlgorithmAndParameters *ap,
NSSItem *data,
NSSItem *rvOpt,
NSSArena *arenaOpt
);
NSS_EXTERN PRStatus
nssToken_BeginDigest
(
NSSToken *tok,
nssSession *sessionOpt,
NSSAlgorithmAndParameters *ap
);
NSS_EXTERN PRStatus
nssToken_ContinueDigest
(
NSSToken *tok,
nssSession *sessionOpt,
NSSItem *item
);
NSS_EXTERN NSSItem *
nssToken_FinishDigest
(
NSSToken *tok,
nssSession *sessionOpt,
NSSItem *rvOpt,
NSSArena *arenaOpt
);
/* nssSession
*
* nssSession_Destroy
* nssSession_EnterMonitor
* nssSession_ExitMonitor
* nssSession_IsReadWrite
*/
NSS_EXTERN PRStatus
nssSession_Destroy
(
nssSession *s
);
/* would like to inline */
NSS_EXTERN PRStatus
nssSession_EnterMonitor
(
nssSession *s
);
/* would like to inline */
NSS_EXTERN PRStatus
nssSession_ExitMonitor
(
nssSession *s
);
/* would like to inline */
NSS_EXTERN PRBool
nssSession_IsReadWrite
(
nssSession *s
);
/* nssCryptokiObject
*
* An object living on a cryptoki token.
* Not really proper to mix up the object types just because
* nssCryptokiObject itself is generic, but doing so anyway.
*
* nssCryptokiObject_Destroy
* nssCryptokiObject_Equal
* nssCryptokiObject_Clone
* nssCryptokiCertificate_GetAttributes
* nssCryptokiPrivateKey_GetAttributes
* nssCryptokiPublicKey_GetAttributes
* nssCryptokiTrust_GetAttributes
* nssCryptokiCRL_GetAttributes
*/
NSS_EXTERN void
nssCryptokiObject_Destroy
(
nssCryptokiObject *object
);
NSS_EXTERN PRBool
nssCryptokiObject_Equal
(
nssCryptokiObject *object1,
nssCryptokiObject *object2
);
NSS_EXTERN nssCryptokiObject *
nssCryptokiObject_Clone
(
nssCryptokiObject *object
);
NSS_EXTERN PRStatus
nssCryptokiCertificate_GetAttributes
(
nssCryptokiObject *object,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSCertificateType *certTypeOpt,
NSSItem *idOpt,
NSSDER *encodingOpt,
NSSDER *issuerOpt,
NSSDER *serialOpt,
NSSDER *subjectOpt
);
NSS_EXTERN PRStatus
nssCryptokiTrust_GetAttributes
(
nssCryptokiObject *trustObject,
nssSession *sessionOpt,
NSSItem *sha1_hash,
nssTrustLevel *serverAuth,
nssTrustLevel *clientAuth,
nssTrustLevel *codeSigning,
nssTrustLevel *emailProtection,
PRBool *stepUpApproved
);
NSS_EXTERN PRStatus
nssCryptokiCRL_GetAttributes
(
nssCryptokiObject *crlObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSItem *encodingOpt,
NSSItem * subjectOpt,
CK_ULONG * crl_class,
NSSUTF8 **urlOpt,
PRBool *isKRLOpt
);
/* I'm including this to handle import of certificates in NSS 3.5. This
* function will set the cert-related attributes of a key, in order to
* associate it with a cert. Does it stay like this for 4.0?
*/
NSS_EXTERN PRStatus
nssCryptokiPrivateKey_SetCertificate
(
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
const NSSUTF8 *nickname,
NSSItem *id,
NSSDER *subject
);
NSS_EXTERN void
nssModuleArray_Destroy
(
NSSModule **modules
);
/* nssSlotArray
*
* nssSlotArray_Destroy
*/
NSS_EXTERN void
nssSlotArray_Destroy
(
NSSSlot **slots
);
/* nssTokenArray
*
* nssTokenArray_Destroy
*/
NSS_EXTERN void
nssTokenArray_Destroy
(
NSSToken **tokens
);
/* nssCryptokiObjectArray
*
* nssCryptokiObjectArray_Destroy
*/
NSS_EXTERN void
nssCryptokiObjectArray_Destroy
(
nssCryptokiObject **object
);
/* nssSlotList
*
* An ordered list of slots. The order can be anything, it is set in the
* Add methods. Perhaps it should be CreateInCertOrder, ...?
*
* nssSlotList_Create
* nssSlotList_Destroy
* nssSlotList_Add
* nssSlotList_AddModuleSlots
* nssSlotList_GetSlots
* nssSlotList_FindSlotByName
* nssSlotList_FindTokenByName
* nssSlotList_GetBestSlot
* nssSlotList_GetBestSlotForAlgorithmAndParameters
* nssSlotList_GetBestSlotForAlgorithmsAndParameters
*/
/* nssSlotList_Create
*/
NSS_EXTERN nssSlotList *
nssSlotList_Create
(
NSSArena *arenaOpt
);
/* nssSlotList_Destroy
*/
NSS_EXTERN void
nssSlotList_Destroy
(
nssSlotList *slotList
);
/* nssSlotList_Add
*
* Add the given slot in the given order.
*/
NSS_EXTERN PRStatus
nssSlotList_Add
(
nssSlotList *slotList,
NSSSlot *slot,
PRUint32 order
);
/* nssSlotList_AddModuleSlots
*
* Add all slots in the module, in the given order (the slots will have
* equal weight).
*/
NSS_EXTERN PRStatus
nssSlotList_AddModuleSlots
(
nssSlotList *slotList,
NSSModule *module,
PRUint32 order
);
/* nssSlotList_GetSlots
*/
NSS_EXTERN NSSSlot **
nssSlotList_GetSlots
(
nssSlotList *slotList
);
/* nssSlotList_FindSlotByName
*/
NSS_EXTERN NSSSlot *
nssSlotList_FindSlotByName
(
nssSlotList *slotList,
NSSUTF8 *slotName
);
/* nssSlotList_FindTokenByName
*/
NSS_EXTERN NSSToken *
nssSlotList_FindTokenByName
(
nssSlotList *slotList,
NSSUTF8 *tokenName
);
/* nssSlotList_GetBestSlot
*
* The best slot is the highest ranking in order, i.e., the first in the
* list.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlot
(
nssSlotList *slotList
);
/* nssSlotList_GetBestSlotForAlgorithmAndParameters
*
* Highest-ranking slot than can handle algorithm/parameters.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlotForAlgorithmAndParameters
(
nssSlotList *slotList,
NSSAlgorithmAndParameters *ap
);
/* nssSlotList_GetBestSlotForAlgorithmsAndParameters
*
* Highest-ranking slot than can handle all algorithms/parameters.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlotForAlgorithmsAndParameters
(
nssSlotList *slotList,
NSSAlgorithmAndParameters **ap
);
NSS_EXTERN PRBool
nssToken_IsPresent
(
NSSToken *token
);
NSS_EXTERN nssSession *
nssToken_GetDefaultSession
(
NSSToken *token
);
NSS_EXTERN PRStatus
nssToken_GetTrustOrder
(
NSSToken *tok
);
NSS_EXTERN PRStatus
nssToken_NotifyCertsNotVisible
(
NSSToken *tok
);
NSS_EXTERN PRStatus
nssToken_TraverseCertificates
(
NSSToken *token,
nssSession *sessionOpt,
nssTokenSearchType searchType,
PRStatus (* callback)(nssCryptokiObject *instance, void *arg),
void *arg
);
NSS_EXTERN PRBool
nssToken_IsPrivateKeyAvailable
(
NSSToken *token,
NSSCertificate *c,
nssCryptokiObject *instance
);
PR_END_EXTERN_C
#endif /* DEV_H */