/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef DEV_H
#define DEV_H
/*
* dev.h
*
* Low-level methods for interaction with cryptoki devices
*/
#ifndef NSSDEV_H
#include "nssdev.h"
#endif /* NSSDEV_H */
#ifndef DEVT_H
#include "devt.h"
#endif /* DEVT_H */
PR_BEGIN_EXTERN_C
/* the global module list
*
* These functions are for managing the global set of modules. Trust Domains,
* etc., will draw from this set. These functions are completely internal
* and only invoked when there are changes to the global module state
* (load or unload).
*
* nss_InitializeGlobalModuleList
* nss_DestroyGlobalModuleList
* nss_GetLoadedModules
*
* nssGlobalModuleList_Add
* nssGlobalModuleList_Remove
* nssGlobalModuleList_FindModuleByName
* nssGlobalModuleList_FindSlotByName
* nssGlobalModuleList_FindTokenByName
*/
NSS_EXTERN PRStatus
nss_InitializeGlobalModuleList(
void);
NSS_EXTERN PRStatus
nss_DestroyGlobalModuleList(
void);
NSS_EXTERN NSSModule **
nss_GetLoadedModules(
void);
NSS_EXTERN PRStatus
nssGlobalModuleList_Add(
NSSModule *module);
NSS_EXTERN PRStatus
nssGlobalModuleList_Remove(
NSSModule *module);
NSS_EXTERN NSSModule *
nssGlobalModuleList_FindModuleByName(
NSSUTF8 *moduleName);
NSS_EXTERN NSSSlot *
nssGlobalModuleList_FindSlotByName(
NSSUTF8 *slotName);
NSS_EXTERN NSSToken *
nssGlobalModuleList_FindTokenByName(
NSSUTF8 *tokenName);
NSS_EXTERN NSSToken *
nss_GetDefaultCryptoToken(
void);
NSS_EXTERN NSSToken *
nss_GetDefaultDatabaseToken(
void);
/*
* |-----------|<---> NSSSlot <--> NSSToken
* | NSSModule |<---> NSSSlot <--> NSSToken
* |-----------|<---> NSSSlot <--> NSSToken
*/
/* NSSModule
*
* nssModule_Create
* nssModule_CreateFromSpec
* nssModule_AddRef
* nssModule_GetName
* nssModule_GetSlots
* nssModule_FindSlotByName
* nssModule_FindTokenByName
* nssModule_GetCertOrder
*/
NSS_EXTERN NSSModule *
nssModule_Create(
NSSUTF8 *moduleOpt,
NSSUTF8 *uriOpt,
NSSUTF8 *opaqueOpt,
void *reserved);
/* This is to use the new loading mechanism. */
NSS_EXTERN NSSModule *
nssModule_CreateFromSpec(
NSSUTF8 *moduleSpec,
NSSModule *parent,
PRBool loadSubModules);
NSS_EXTERN PRStatus
nssModule_Destroy(
NSSModule *mod);
NSS_EXTERN NSSModule *
nssModule_AddRef(
NSSModule *mod);
NSS_EXTERN NSSUTF8 *
nssModule_GetName(
NSSModule *mod);
NSS_EXTERN NSSSlot **
nssModule_GetSlots(
NSSModule *mod);
NSS_EXTERN NSSSlot *
nssModule_FindSlotByName(
NSSModule *mod,
NSSUTF8 *slotName);
NSS_EXTERN NSSToken *
nssModule_FindTokenByName(
NSSModule *mod,
NSSUTF8 *tokenName);
NSS_EXTERN PRInt32
nssModule_GetCertOrder(
NSSModule *module);
/* NSSSlot
*
* nssSlot_Destroy
* nssSlot_AddRef
* nssSlot_GetName
* nssSlot_IsTokenPresent
* nssSlot_IsPermanent
* nssSlot_IsFriendly
* nssSlot_IsHardware
* nssSlot_Refresh
* nssSlot_GetModule
* nssSlot_GetToken
* nssSlot_Login
* nssSlot_Logout
* nssSlot_SetPassword
* nssSlot_CreateSession
*/
NSS_EXTERN PRStatus
nssSlot_Destroy(
NSSSlot *slot);
NSS_EXTERN NSSSlot *
nssSlot_AddRef(
NSSSlot *slot);
NSS_EXTERN
void
nssSlot_ResetDelay(
NSSSlot *slot);
NSS_EXTERN NSSUTF8 *
nssSlot_GetName(
NSSSlot *slot);
NSS_EXTERN NSSModule *
nssSlot_GetModule(
NSSSlot *slot);
NSS_EXTERN NSSToken *
nssSlot_GetToken(
NSSSlot *slot);
NSS_EXTERN PRBool
nssSlot_IsTokenPresent(
NSSSlot *slot);
NSS_EXTERN PRBool
nssSlot_IsPermanent(
NSSSlot *slot);
NSS_EXTERN PRBool
nssSlot_IsFriendly(
NSSSlot *slot);
NSS_EXTERN PRBool
nssSlot_IsHardware(
NSSSlot *slot);
NSS_EXTERN PRBool
nssSlot_IsLoggedIn(
NSSSlot *slot);
NSS_EXTERN PRStatus
nssSlot_Refresh(
NSSSlot *slot);
NSS_EXTERN PRStatus
nssSlot_Login(
NSSSlot *slot,
NSSCallback *pwcb);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
NSS_EXTERN PRStatus
nssSlot_Logout(
NSSSlot *slot,
nssSession *sessionOpt);
NSS_EXTERN
void
nssSlot_EnterMonitor(
NSSSlot *slot);
NSS_EXTERN
void
nssSlot_ExitMonitor(
NSSSlot *slot);
#define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
NSS_EXTERN
void
nssSlot_SetPasswordDefaults(
NSSSlot *slot,
PRInt32 askPasswordTimeout);
NSS_EXTERN PRStatus
nssSlot_SetPassword(
NSSSlot *slot,
NSSUTF8 *oldPasswordOpt,
NSSUTF8 *newPassword);
extern const NSSError NSS_ERROR_INVALID_PASSWORD;
extern const NSSError NSS_ERROR_USER_CANCELED;
/*
* nssSlot_IsLoggedIn
*/
NSS_EXTERN nssSession *
nssSlot_CreateSession(
NSSSlot *slot,
NSSArena *arenaOpt,
PRBool readWrite
/* so far, this is the only flag used */
);
/* NSSToken
*
* nssToken_Destroy
* nssToken_AddRef
* nssToken_GetName
* nssToken_GetModule
* nssToken_GetSlot
* nssToken_NeedsPINInitialization
* nssToken_ImportCertificate
* nssToken_ImportTrust
* nssToken_ImportCRL
* nssToken_GenerateKeyPair
* nssToken_GenerateSymmetricKey
* nssToken_DeleteStoredObject
* nssToken_FindObjects
* nssToken_FindCertificatesBySubject
* nssToken_FindCertificatesByNickname
* nssToken_FindCertificatesByEmail
* nssToken_FindCertificateByIssuerAndSerialNumber
* nssToken_FindCertificateByEncodedCertificate
* nssToken_FindTrustForCertificate
* nssToken_FindCRLsBySubject
* nssToken_FindPrivateKeys
* nssToken_FindPrivateKeyByID
* nssToken_Digest
* nssToken_BeginDigest
* nssToken_ContinueDigest
* nssToken_FinishDigest
*/
NSS_EXTERN PRStatus
nssToken_Destroy(
NSSToken *tok);
NSS_EXTERN NSSToken *
nssToken_AddRef(
NSSToken *tok);
NSS_EXTERN NSSUTF8 *
nssToken_GetName(
NSSToken *tok);
NSS_EXTERN NSSModule *
nssToken_GetModule(
NSSToken *token);
NSS_EXTERN NSSSlot *
nssToken_GetSlot(
NSSToken *tok);
NSS_EXTERN PRBool
nssToken_NeedsPINInitialization(
NSSToken *token);
NSS_EXTERN nssCryptokiObject **
nssToken_FindObjectsByTemplate(
NSSToken *token,
nssSession *sessionOpt,
CK_ATTRIBUTE_PTR obj_template,
CK_ULONG otsize,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportCertificate(
NSSToken *tok,
nssSession *sessionOpt,
NSSCertificateType certType,
NSSItem *id,
const NSSUTF8 *nickname,
NSSDER *encoding,
NSSDER *issuer,
NSSDER *subject,
NSSDER *serial,
NSSASCII7 *emailAddr,
PRBool asTokenObject);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportTrust(
NSSToken *tok,
nssSession *sessionOpt,
NSSDER *certEncoding,
NSSDER *certIssuer,
NSSDER *certSerial,
nssTrustLevel serverAuth,
nssTrustLevel clientAuth,
nssTrustLevel codeSigning,
nssTrustLevel emailProtection,
PRBool stepUpApproved,
PRBool asTokenObject);
NSS_EXTERN nssCryptokiObject *
nssToken_ImportCRL(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
NSSDER *encoding,
PRBool isKRL,
NSSUTF8 *url,
PRBool asTokenObject);
/* Permanently remove an object from the token. */
NSS_EXTERN PRStatus
nssToken_DeleteStoredObject(
nssCryptokiObject *instance);
NSS_EXTERN nssCryptokiObject **
nssToken_FindObjects(
NSSToken *token,
nssSession *sessionOpt,
CK_OBJECT_CLASS objclass,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesBySubject(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByNickname(
NSSToken *token,
nssSession *sessionOpt,
const NSSUTF8 *name,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByEmail(
NSSToken *token,
nssSession *sessionOpt,
NSSASCII7 *email,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCertificatesByID(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *id,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
nssToken_FindCertificateByIssuerAndSerialNumber(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *issuer,
NSSDER *serial,
nssTokenSearchType searchType,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
nssToken_FindCertificateByEncodedCertificate(
NSSToken *token,
nssSession *sessionOpt,
NSSBER *encodedCertificate,
nssTokenSearchType searchType,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
nssToken_FindTrustForCertificate(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *certEncoding,
NSSDER *certIssuer,
NSSDER *certSerial,
nssTokenSearchType searchType);
NSS_EXTERN nssCryptokiObject **
nssToken_FindCRLsBySubject(
NSSToken *token,
nssSession *sessionOpt,
NSSDER *subject,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject **
nssToken_FindPrivateKeys(
NSSToken *token,
nssSession *sessionOpt,
nssTokenSearchType searchType,
PRUint32 maximumOpt,
PRStatus *statusOpt);
NSS_EXTERN nssCryptokiObject *
nssToken_FindPrivateKeyByID(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *keyID);
NSS_EXTERN nssCryptokiObject *
nssToken_FindPublicKeyByID(
NSSToken *token,
nssSession *sessionOpt,
NSSItem *keyID);
NSS_EXTERN NSSItem *
nssToken_Digest(
NSSToken *tok,
nssSession *sessionOpt,
NSSAlgorithmAndParameters *ap,
NSSItem *data,
NSSItem *rvOpt,
NSSArena *arenaOpt);
NSS_EXTERN PRStatus
nssToken_BeginDigest(
NSSToken *tok,
nssSession *sessionOpt,
NSSAlgorithmAndParameters *ap);
NSS_EXTERN PRStatus
nssToken_ContinueDigest(
NSSToken *tok,
nssSession *sessionOpt,
NSSItem *item);
NSS_EXTERN NSSItem *
nssToken_FinishDigest(
NSSToken *tok,
nssSession *sessionOpt,
NSSItem *rvOpt,
NSSArena *arenaOpt);
/* nssSession
*
* nssSession_Destroy
* nssSession_EnterMonitor
* nssSession_ExitMonitor
* nssSession_IsReadWrite
*/
NSS_EXTERN PRStatus
nssSession_Destroy(
nssSession *s);
/* would like to inline */
NSS_EXTERN PRStatus
nssSession_EnterMonitor(
nssSession *s);
/* would like to inline */
NSS_EXTERN PRStatus
nssSession_ExitMonitor(
nssSession *s);
/* would like to inline */
NSS_EXTERN PRBool
nssSession_IsReadWrite(
nssSession *s);
/* nssCryptokiObject
*
* An object living on a cryptoki token.
* Not really proper to mix up the object types just because
* nssCryptokiObject itself is generic, but doing so anyway.
*
* nssCryptokiObject_Destroy
* nssCryptokiObject_Equal
* nssCryptokiObject_Clone
* nssCryptokiCertificate_GetAttributes
* nssCryptokiPrivateKey_GetAttributes
* nssCryptokiPublicKey_GetAttributes
* nssCryptokiTrust_GetAttributes
* nssCryptokiCRL_GetAttributes
*/
NSS_EXTERN
void
nssCryptokiObject_Destroy(
nssCryptokiObject *object);
NSS_EXTERN PRBool
nssCryptokiObject_Equal(
nssCryptokiObject *object1,
nssCryptokiObject *object2);
NSS_EXTERN nssCryptokiObject *
nssCryptokiObject_Clone(
nssCryptokiObject *object);
NSS_EXTERN PRStatus
nssCryptokiCertificate_GetAttributes(
nssCryptokiObject *object,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSCertificateType *certTypeOpt,
NSSItem *idOpt,
NSSDER *encodingOpt,
NSSDER *issuerOpt,
NSSDER *serialOpt,
NSSDER *subjectOpt);
NSS_EXTERN PRStatus
nssCryptokiTrust_GetAttributes(
nssCryptokiObject *trustObject,
nssSession *sessionOpt,
NSSItem *sha1_hash,
nssTrustLevel *serverAuth,
nssTrustLevel *clientAuth,
nssTrustLevel *codeSigning,
nssTrustLevel *emailProtection,
PRBool *stepUpApproved);
NSS_EXTERN PRStatus
nssCryptokiCRL_GetAttributes(
nssCryptokiObject *crlObject,
nssSession *sessionOpt,
NSSArena *arenaOpt,
NSSItem *encodingOpt,
NSSItem *subjectOpt,
CK_ULONG *crl_class,
NSSUTF8 **urlOpt,
PRBool *isKRLOpt);
/* I'm including this to handle import of certificates in NSS 3.5. This
* function will set the cert-related attributes of a key, in order to
* associate it with a cert. Does it stay like this for 4.0?
*/
NSS_EXTERN PRStatus
nssCryptokiPrivateKey_SetCertificate(
nssCryptokiObject *keyObject,
nssSession *sessionOpt,
const NSSUTF8 *nickname,
NSSItem *id,
NSSDER *subject);
NSS_EXTERN
void
nssModuleArray_Destroy(
NSSModule **modules);
/* nssSlotArray
*
* nssSlotArray_Destroy
*/
NSS_EXTERN
void
nssSlotArray_Destroy(
NSSSlot **slots);
/* nssTokenArray
*
* nssTokenArray_Destroy
*/
NSS_EXTERN
void
nssTokenArray_Destroy(
NSSToken **tokens);
/* nssCryptokiObjectArray
*
* nssCryptokiObjectArray_Destroy
*/
NSS_EXTERN
void
nssCryptokiObjectArray_Destroy(
nssCryptokiObject **object);
/* nssSlotList
*
* An ordered list of slots. The order can be anything, it is set in the
* Add methods. Perhaps it should be CreateInCertOrder, ...?
*
* nssSlotList_Create
* nssSlotList_Destroy
* nssSlotList_Add
* nssSlotList_AddModuleSlots
* nssSlotList_GetSlots
* nssSlotList_FindSlotByName
* nssSlotList_FindTokenByName
* nssSlotList_GetBestSlot
* nssSlotList_GetBestSlotForAlgorithmAndParameters
* nssSlotList_GetBestSlotForAlgorithmsAndParameters
*/
/* nssSlotList_Create
*/
NSS_EXTERN nssSlotList *
nssSlotList_Create(
NSSArena *arenaOpt);
/* nssSlotList_Destroy
*/
NSS_EXTERN
void
nssSlotList_Destroy(
nssSlotList *slotList);
/* nssSlotList_Add
*
* Add the given slot in the given order.
*/
NSS_EXTERN PRStatus
nssSlotList_Add(
nssSlotList *slotList,
NSSSlot *slot,
PRUint32 order);
/* nssSlotList_AddModuleSlots
*
* Add all slots in the module, in the given order (the slots will have
* equal weight).
*/
NSS_EXTERN PRStatus
nssSlotList_AddModuleSlots(
nssSlotList *slotList,
NSSModule *module,
PRUint32 order);
/* nssSlotList_GetSlots
*/
NSS_EXTERN NSSSlot **
nssSlotList_GetSlots(
nssSlotList *slotList);
/* nssSlotList_FindSlotByName
*/
NSS_EXTERN NSSSlot *
nssSlotList_FindSlotByName(
nssSlotList *slotList,
NSSUTF8 *slotName);
/* nssSlotList_FindTokenByName
*/
NSS_EXTERN NSSToken *
nssSlotList_FindTokenByName(
nssSlotList *slotList,
NSSUTF8 *tokenName);
/* nssSlotList_GetBestSlot
*
* The best slot is the highest ranking in order, i.e., the first in the
* list.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlot(
nssSlotList *slotList);
/* nssSlotList_GetBestSlotForAlgorithmAndParameters
*
* Highest-ranking slot than can handle algorithm/parameters.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlotForAlgorithmAndParameters(
nssSlotList *slotList,
NSSAlgorithmAndParameters *ap);
/* nssSlotList_GetBestSlotForAlgorithmsAndParameters
*
* Highest-ranking slot than can handle all algorithms/parameters.
*/
NSS_EXTERN NSSSlot *
nssSlotList_GetBestSlotForAlgorithmsAndParameters(
nssSlotList *slotList,
NSSAlgorithmAndParameters **ap);
NSS_EXTERN PRBool
nssToken_IsPresent(
NSSToken *token);
NSS_EXTERN nssSession *
nssToken_GetDefaultSession(
NSSToken *token);
NSS_EXTERN PRStatus
nssToken_GetTrustOrder(
NSSToken *tok);
NSS_EXTERN PRStatus
nssToken_NotifyCertsNotVisible(
NSSToken *tok);
NSS_EXTERN PRStatus
nssToken_TraverseCertificates(
NSSToken *token,
nssSession *sessionOpt,
nssTokenSearchType searchType,
PRStatus (*callback)(nssCryptokiObject *instance,
void *arg),
void *arg);
NSS_EXTERN PRBool
nssToken_IsPrivateKeyAvailable(
NSSToken *token,
NSSCertificate *c,
nssCryptokiObject *instance);
PR_END_EXTERN_C
#endif /* DEV_H */
