PageRenderTime 57ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 1ms

/gecko_api/include/pk11pub.h

http://firefox-mac-pdf.googlecode.com/
C Header | 799 lines | 415 code | 53 blank | 331 comment | 0 complexity | 9088fe7e78881237e4a4a2f49aae5830 MD5 | raw file
  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Douglas Stebila <douglas@stebila.ca>, Sun Microsystems Laboratories
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. #ifndef _PK11PUB_H_
  38. #define _PK11PUB_H_
  39. #include "plarena.h"
  40. #include "seccomon.h"
  41. #include "secoidt.h"
  42. #include "secdert.h"
  43. #include "keyt.h"
  44. #include "certt.h"
  45. #include "pkcs11t.h"
  46. #include "secmodt.h"
  47. #include "seccomon.h"
  48. #include "pkcs7t.h"
  49. #include "cmsreclist.h"
  50. /*
  51. * Exported PK11 wrap functions.
  52. */
  53. SEC_BEGIN_PROTOS
  54. /************************************************************
  55. * Generic Slot Lists Management
  56. ************************************************************/
  57. void PK11_FreeSlotList(PK11SlotList *list);
  58. SECStatus PK11_FreeSlotListElement(PK11SlotList *list, PK11SlotListElement *le);
  59. PK11SlotListElement * PK11_GetFirstSafe(PK11SlotList *list);
  60. PK11SlotListElement *PK11_GetNextSafe(PK11SlotList *list,
  61. PK11SlotListElement *le, PRBool restart);
  62. /************************************************************
  63. * Generic Slot Management
  64. ************************************************************/
  65. PK11SlotInfo *PK11_ReferenceSlot(PK11SlotInfo *slot);
  66. void PK11_FreeSlot(PK11SlotInfo *slot);
  67. SECStatus PK11_DestroyObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
  68. SECStatus PK11_DestroyTokenObject(PK11SlotInfo *slot,CK_OBJECT_HANDLE object);
  69. PK11SlotInfo *PK11_GetInternalKeySlot(void);
  70. PK11SlotInfo *PK11_GetInternalSlot(void);
  71. SECStatus PK11_Logout(PK11SlotInfo *slot);
  72. void PK11_LogoutAll(void);
  73. /************************************************************
  74. * Slot Password Management
  75. ************************************************************/
  76. void PK11_SetSlotPWValues(PK11SlotInfo *slot,int askpw, int timeout);
  77. void PK11_GetSlotPWValues(PK11SlotInfo *slot,int *askpw, int *timeout);
  78. SECStatus PK11_CheckSSOPassword(PK11SlotInfo *slot, char *ssopw);
  79. SECStatus PK11_CheckUserPassword(PK11SlotInfo *slot, const char *pw);
  80. PRBool PK11_IsLoggedIn(PK11SlotInfo *slot, void *wincx);
  81. SECStatus PK11_InitPin(PK11SlotInfo *slot,const char *ssopw,
  82. const char *pk11_userpwd);
  83. SECStatus PK11_ChangePW(PK11SlotInfo *slot, const char *oldpw,
  84. const char *newpw);
  85. void PK11_SetPasswordFunc(PK11PasswordFunc func);
  86. int PK11_GetMinimumPwdLength(PK11SlotInfo *slot);
  87. SECStatus PK11_ResetToken(PK11SlotInfo *slot, char *sso_pwd);
  88. SECStatus PK11_Authenticate(PK11SlotInfo *slot, PRBool loadCerts, void *wincx);
  89. SECStatus PK11_TokenRefresh(PK11SlotInfo *slot);
  90. /******************************************************************
  91. * Slot info functions
  92. ******************************************************************/
  93. PK11SlotInfo *PK11_FindSlotByName(const char *name);
  94. /******************************************************************
  95. * PK11_FindSlotsByNames searches for a PK11SlotInfo using one or
  96. * more criteria : dllName, slotName and tokenName . In addition, if
  97. * presentOnly is set , only slots with a token inserted will be
  98. * returned.
  99. ******************************************************************/
  100. PK11SlotList *PK11_FindSlotsByNames(const char *dllName,
  101. const char* slotName, const char* tokenName, PRBool presentOnly);
  102. PRBool PK11_IsReadOnly(PK11SlotInfo *slot);
  103. PRBool PK11_IsInternal(PK11SlotInfo *slot);
  104. char * PK11_GetTokenName(PK11SlotInfo *slot);
  105. char * PK11_GetSlotName(PK11SlotInfo *slot);
  106. PRBool PK11_NeedLogin(PK11SlotInfo *slot);
  107. PRBool PK11_IsFriendly(PK11SlotInfo *slot);
  108. PRBool PK11_IsHW(PK11SlotInfo *slot);
  109. PRBool PK11_IsRemovable(PK11SlotInfo *slot);
  110. PRBool PK11_NeedUserInit(PK11SlotInfo *slot);
  111. PRBool PK11_ProtectedAuthenticationPath(PK11SlotInfo *slot);
  112. int PK11_GetSlotSeries(PK11SlotInfo *slot);
  113. int PK11_GetCurrentWrapIndex(PK11SlotInfo *slot);
  114. unsigned long PK11_GetDefaultFlags(PK11SlotInfo *slot);
  115. CK_SLOT_ID PK11_GetSlotID(PK11SlotInfo *slot);
  116. SECMODModuleID PK11_GetModuleID(PK11SlotInfo *slot);
  117. SECStatus PK11_GetSlotInfo(PK11SlotInfo *slot, CK_SLOT_INFO *info);
  118. SECStatus PK11_GetTokenInfo(PK11SlotInfo *slot, CK_TOKEN_INFO *info);
  119. PRBool PK11_IsDisabled(PK11SlotInfo *slot);
  120. PRBool PK11_HasRootCerts(PK11SlotInfo *slot);
  121. PK11DisableReasons PK11_GetDisabledReason(PK11SlotInfo *slot);
  122. /* Prevents the slot from being used, and set disable reason to user-disable */
  123. /* NOTE: Mechanisms that were ON continue to stay ON */
  124. /* Therefore, when the slot is enabled, it will remember */
  125. /* what mechanisms needs to be turned on */
  126. PRBool PK11_UserDisableSlot(PK11SlotInfo *slot);
  127. /* Allow all mechanisms that are ON before UserDisableSlot() */
  128. /* was called to be available again */
  129. PRBool PK11_UserEnableSlot(PK11SlotInfo *slot);
  130. /*
  131. * wait for a specific slot event.
  132. * event is a specific event to wait for. Currently only
  133. * PK11TokenChangeOrRemovalEvent and PK11TokenPresentEvents are defined.
  134. * timeout can be an interval time to wait, PR_INTERVAL_NO_WAIT (meaning only
  135. * poll once), or PR_INTERVAL_NO_TIMEOUT (meaning block until a change).
  136. * pollInterval is a suggested pulling interval value. '0' means use the
  137. * default. Future implementations that don't poll may ignore this value.
  138. * series is the current series for the last slot. This should be the series
  139. * value for the slot the last time you read persistant information from the
  140. * slot. For instance, if you publish a cert from the slot, you should obtain
  141. * the slot series at that time. Then PK11_WaitForTokenEvent can detect a
  142. * a change in the slot between the time you publish and the time
  143. * PK11_WaitForTokenEvent is called, elliminating potential race conditions.
  144. *
  145. * The current status that is returned is:
  146. * PK11TokenNotRemovable - always returned for any non-removable token.
  147. * PK11TokenPresent - returned when the token is present and we are waiting
  148. * on a PK11TokenPresentEvent. Then next event to look for is a
  149. * PK11TokenChangeOrRemovalEvent.
  150. * PK11TokenChanged - returned when the old token has been removed and a new
  151. * token ad been inserted, and we are waiting for a
  152. * PK11TokenChangeOrRemovalEvent. The next event to look for is another
  153. * PK11TokenChangeOrRemovalEvent.
  154. * PK11TokenRemoved - returned when the token is not present and we are
  155. * waiting for a PK11TokenChangeOrRemovalEvent. The next event to look for
  156. * is a PK11TokenPresentEvent.
  157. */
  158. PK11TokenStatus PK11_WaitForTokenEvent(PK11SlotInfo *slot, PK11TokenEvent event,
  159. PRIntervalTime timeout, PRIntervalTime pollInterval, int series);
  160. PRBool PK11_NeedPWInit(void);
  161. PRBool PK11_TokenExists(CK_MECHANISM_TYPE);
  162. SECStatus PK11_GetModInfo(SECMODModule *mod, CK_INFO *info);
  163. PRBool PK11_IsFIPS(void);
  164. SECMODModule *PK11_GetModule(PK11SlotInfo *slot);
  165. /*********************************************************************
  166. * Slot mapping utility functions.
  167. *********************************************************************/
  168. PRBool PK11_IsPresent(PK11SlotInfo *slot);
  169. PRBool PK11_DoesMechanism(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
  170. PK11SlotList * PK11_GetAllTokens(CK_MECHANISM_TYPE type,PRBool needRW,
  171. PRBool loadCerts, void *wincx);
  172. PK11SlotInfo *PK11_GetBestSlotMultiple(CK_MECHANISM_TYPE *type, int count,
  173. void *wincx);
  174. PK11SlotInfo *PK11_GetBestSlot(CK_MECHANISM_TYPE type, void *wincx);
  175. CK_MECHANISM_TYPE PK11_GetBestWrapMechanism(PK11SlotInfo *slot);
  176. int PK11_GetBestKeyLength(PK11SlotInfo *slot, CK_MECHANISM_TYPE type);
  177. /*
  178. * Open a new database using the softoken. The caller is responsible for making
  179. * sure the module spec is correct and usable. The caller should ask for one
  180. * new database per call if the caller wants to get meaningful information
  181. * about the new database.
  182. *
  183. * moduleSpec is the same data that you would pass to softoken at
  184. * initialization time under the 'tokens' options. For example, if you were
  185. * to specify tokens=<0x4=[configdir='./mybackup' tokenDescription='Backup']>
  186. * You would specify "configdir='./mybackup' tokenDescription='Backup'" as your
  187. * module spec here. The slot ID will be calculated for you by
  188. * SECMOD_OpenUserDB().
  189. *
  190. * Typical parameters here are configdir, tokenDescription and flags.
  191. *
  192. * a Full list is below:
  193. *
  194. *
  195. * configDir - The location of the databases for this token. If configDir is
  196. * not specified, and noCertDB and noKeyDB is not specified, the load
  197. * will fail.
  198. * certPrefix - Cert prefix for this token.
  199. * keyPrefix - Prefix for the key database for this token. (if not specified,
  200. * certPrefix will be used).
  201. * tokenDescription - The label value for this token returned in the
  202. * CK_TOKEN_INFO structure with an internationalize string (UTF8).
  203. * This value will be truncated at 32 bytes (no NULL, partial UTF8
  204. * characters dropped). You should specify a user friendly name here
  205. * as this is the value the token will be refered to in most
  206. * application UI's. You should make sure tokenDescription is unique.
  207. * slotDescription - The slotDescription value for this token returned
  208. * in the CK_SLOT_INFO structure with an internationalize string
  209. * (UTF8). This value will be truncated at 64 bytes (no NULL, partial
  210. * UTF8 characters dropped). This name will not change after the
  211. * database is closed. It should have some number to make this unique.
  212. * minPWLen - minimum password length for this token.
  213. * flags - comma separated list of flag values, parsed case-insensitive.
  214. * Valid flags are:
  215. * readOnly - Databases should be opened read only.
  216. * noCertDB - Don't try to open a certificate database.
  217. * noKeyDB - Don't try to open a key database.
  218. * forceOpen - Don't fail to initialize the token if the
  219. * databases could not be opened.
  220. * passwordRequired - zero length passwords are not acceptable
  221. * (valid only if there is a keyDB).
  222. * optimizeSpace - allocate smaller hash tables and lock tables.
  223. * When this flag is not specified, Softoken will allocate
  224. * large tables to prevent lock contention.
  225. */
  226. PK11SlotInfo *SECMOD_OpenUserDB(const char *moduleSpec);
  227. SECStatus SECMOD_CloseUserDB(PK11SlotInfo *slot);
  228. /*
  229. * merge the permanent objects from on token to another
  230. */
  231. SECStatus PK11_MergeTokens(PK11SlotInfo *targetSlot, PK11SlotInfo *sourceSlot,
  232. PK11MergeLog *log, void *targetPwArg, void *sourcePwArg);
  233. /*
  234. * create and destroy merge logs needed by PK11_MergeTokens
  235. */
  236. PK11MergeLog * PK11_CreateMergeLog();
  237. void PK11_DestroyMergeLog(PK11MergeLog *log);
  238. /*********************************************************************
  239. * Mechanism Mapping functions
  240. *********************************************************************/
  241. CK_MECHANISM_TYPE PK11_GetKeyType(CK_MECHANISM_TYPE type,unsigned long len);
  242. CK_MECHANISM_TYPE PK11_GetKeyGen(CK_MECHANISM_TYPE type);
  243. int PK11_GetBlockSize(CK_MECHANISM_TYPE type,SECItem *params);
  244. int PK11_GetIVLength(CK_MECHANISM_TYPE type);
  245. SECItem *PK11_ParamFromIV(CK_MECHANISM_TYPE type,SECItem *iv);
  246. unsigned char *PK11_IVFromParam(CK_MECHANISM_TYPE type,SECItem *param,int *len);
  247. SECItem * PK11_BlockData(SECItem *data,unsigned long size);
  248. /* PKCS #11 to DER mapping functions */
  249. SECItem *PK11_ParamFromAlgid(SECAlgorithmID *algid);
  250. SECItem *PK11_GenerateNewParam(CK_MECHANISM_TYPE, PK11SymKey *);
  251. CK_MECHANISM_TYPE PK11_AlgtagToMechanism(SECOidTag algTag);
  252. SECOidTag PK11_MechanismToAlgtag(CK_MECHANISM_TYPE type);
  253. SECOidTag PK11_FortezzaMapSig(SECOidTag algTag);
  254. SECStatus PK11_ParamToAlgid(SECOidTag algtag, SECItem *param,
  255. PRArenaPool *arena, SECAlgorithmID *algid);
  256. SECStatus PK11_SeedRandom(PK11SlotInfo *,unsigned char *data,int len);
  257. SECStatus PK11_GenerateRandomOnSlot(PK11SlotInfo *,unsigned char *data,int len);
  258. SECStatus PK11_RandomUpdate(void *data, size_t bytes);
  259. SECStatus PK11_GenerateRandom(unsigned char *data,int len);
  260. /* warning: cannot work with pkcs 5 v2
  261. * use algorithm ID s instead of pkcs #11 mechanism pointers */
  262. CK_RV PK11_MapPBEMechanismToCryptoMechanism(CK_MECHANISM_PTR pPBEMechanism,
  263. CK_MECHANISM_PTR pCryptoMechanism,
  264. SECItem *pbe_pwd, PRBool bad3DES);
  265. CK_MECHANISM_TYPE PK11_GetPadMechanism(CK_MECHANISM_TYPE);
  266. CK_MECHANISM_TYPE PK11_MapSignKeyType(KeyType keyType);
  267. /**********************************************************************
  268. * Symetric, Public, and Private Keys
  269. **********************************************************************/
  270. void PK11_FreeSymKey(PK11SymKey *key);
  271. PK11SymKey *PK11_ReferenceSymKey(PK11SymKey *symKey);
  272. PK11SymKey *PK11_ImportSymKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
  273. PK11Origin origin, CK_ATTRIBUTE_TYPE operation, SECItem *key, void *wincx);
  274. PK11SymKey *PK11_ImportSymKeyWithFlags(PK11SlotInfo *slot,
  275. CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation,
  276. SECItem *key, CK_FLAGS flags, PRBool isPerm, void *wincx);
  277. PK11SymKey *PK11_SymKeyFromHandle(PK11SlotInfo *slot, PK11SymKey *parent,
  278. PK11Origin origin, CK_MECHANISM_TYPE type, CK_OBJECT_HANDLE keyID,
  279. PRBool owner, void *wincx);
  280. PK11SymKey *PK11_GetWrapKey(PK11SlotInfo *slot, int wrap,
  281. CK_MECHANISM_TYPE type,int series, void *wincx);
  282. /*
  283. * This function is not thread-safe. It can only be called when only
  284. * one thread has a reference to wrapKey.
  285. */
  286. void PK11_SetWrapKey(PK11SlotInfo *slot, int wrap, PK11SymKey *wrapKey);
  287. CK_MECHANISM_TYPE PK11_GetMechanism(PK11SymKey *symKey);
  288. /*
  289. * import a public key into the desired slot
  290. *
  291. * This function takes a public key structure and creates a public key in a
  292. * given slot. If isToken is set, then a persistant public key is created.
  293. *
  294. * Note: it is possible for this function to return a handle for a key which
  295. * is persistant, even if isToken is not set.
  296. */
  297. CK_OBJECT_HANDLE PK11_ImportPublicKey(PK11SlotInfo *slot,
  298. SECKEYPublicKey *pubKey, PRBool isToken);
  299. PK11SymKey *PK11_KeyGen(PK11SlotInfo *slot,CK_MECHANISM_TYPE type,
  300. SECItem *param, int keySize,void *wincx);
  301. PK11SymKey *PK11_TokenKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
  302. SECItem *param, int keySize, SECItem *keyid,
  303. PRBool isToken, void *wincx);
  304. PK11SymKey *PK11_TokenKeyGenWithFlags(PK11SlotInfo *slot,
  305. CK_MECHANISM_TYPE type, SECItem *param,
  306. int keySize, SECItem *keyid, CK_FLAGS opFlags,
  307. PK11AttrFlags attrFlags, void *wincx);
  308. PK11SymKey * PK11_ListFixedKeysInSlot(PK11SlotInfo *slot, char *nickname,
  309. void *wincx);
  310. PK11SymKey *PK11_GetNextSymKey(PK11SymKey *symKey);
  311. CK_KEY_TYPE PK11_GetSymKeyType(PK11SymKey *key);
  312. /*
  313. * PK11_SetSymKeyUserData
  314. * sets generic user data on keys (usually a pointer to a data structure)
  315. * that can later be retrieved by PK11_GetSymKeyUserData().
  316. * symKey - key where data will be set.
  317. * data - data to be set.
  318. * freefunc - function used to free the data.
  319. * Setting user data on symKeys with existing user data already set will cause
  320. * the existing user data to be freed before the new user data is set.
  321. * Freeing user data is done by calling the user specified freefunc.
  322. * If freefunc is NULL, the user data is assumed to be global or static an
  323. * not freed. Passing NULL for user data to PK11_SetSymKeyUserData has the
  324. * effect of freeing any existing user data, and clearing the user data
  325. * pointer. If user data exists when the symKey is finally freed, that
  326. * data will be freed with freefunc.
  327. *
  328. * Applications should only use this function on keys which the application
  329. * has created directly, as there is only one user data value per key.
  330. */
  331. void PK11_SetSymKeyUserData(PK11SymKey *symKey, void *data,
  332. PK11FreeDataFunc freefunc);
  333. /* PK11_GetSymKeyUserData
  334. * retrieves generic user data which was set on a key by
  335. * PK11_SetSymKeyUserData.
  336. * symKey - key with data to be fetched
  337. *
  338. * If no data exists, or the data has been cleared, PK11_GetSymKeyUserData
  339. * will return NULL. Returned data is still owned and managed by the SymKey,
  340. * the caller should not free the data.
  341. *
  342. */
  343. void *PK11_GetSymKeyUserData(PK11SymKey *symKey);
  344. SECStatus PK11_PubWrapSymKey(CK_MECHANISM_TYPE type, SECKEYPublicKey *pubKey,
  345. PK11SymKey *symKey, SECItem *wrappedKey);
  346. SECStatus PK11_WrapSymKey(CK_MECHANISM_TYPE type, SECItem *params,
  347. PK11SymKey *wrappingKey, PK11SymKey *symKey, SECItem *wrappedKey);
  348. /* move a key to 'slot' optionally set the key attributes according to either
  349. * operation or the flags and making the key permanent at the same time.
  350. * If the key is moved to the same slot, operation and flags values are
  351. * currently ignored */
  352. PK11SymKey *PK11_MoveSymKey(PK11SlotInfo *slot, CK_ATTRIBUTE_TYPE operation,
  353. CK_FLAGS flags, PRBool perm, PK11SymKey *symKey);
  354. /*
  355. * derive a new key from the base key.
  356. * PK11_Derive returns a key which can do exactly one operation, and is
  357. * ephemeral (session key).
  358. * PK11_DeriveWithFlags is the same as PK11_Derive, except you can use
  359. * CKF_ flags to enable more than one operation.
  360. * PK11_DeriveWithFlagsPerm is the same as PK11_DeriveWithFlags except you can
  361. * (optionally) make the key permanent (token key).
  362. */
  363. PK11SymKey *PK11_Derive(PK11SymKey *baseKey, CK_MECHANISM_TYPE mechanism,
  364. SECItem *param, CK_MECHANISM_TYPE target,
  365. CK_ATTRIBUTE_TYPE operation, int keySize);
  366. PK11SymKey *PK11_DeriveWithFlags( PK11SymKey *baseKey,
  367. CK_MECHANISM_TYPE derive, SECItem *param, CK_MECHANISM_TYPE target,
  368. CK_ATTRIBUTE_TYPE operation, int keySize, CK_FLAGS flags);
  369. PK11SymKey * PK11_DeriveWithFlagsPerm( PK11SymKey *baseKey,
  370. CK_MECHANISM_TYPE derive,
  371. SECItem *param, CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
  372. int keySize, CK_FLAGS flags, PRBool isPerm);
  373. PK11SymKey *PK11_PubDerive( SECKEYPrivateKey *privKey,
  374. SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
  375. CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
  376. CK_ATTRIBUTE_TYPE operation, int keySize,void *wincx) ;
  377. PK11SymKey *PK11_PubDeriveWithKDF( SECKEYPrivateKey *privKey,
  378. SECKEYPublicKey *pubKey, PRBool isSender, SECItem *randomA, SECItem *randomB,
  379. CK_MECHANISM_TYPE derive, CK_MECHANISM_TYPE target,
  380. CK_ATTRIBUTE_TYPE operation, int keySize,
  381. CK_ULONG kdf, SECItem *sharedData, void *wincx);
  382. /*
  383. * unwrap a new key with a symetric key.
  384. * PK11_Unwrap returns a key which can do exactly one operation, and is
  385. * ephemeral (session key).
  386. * PK11_UnwrapWithFlags is the same as PK11_Unwrap, except you can use
  387. * CKF_ flags to enable more than one operation.
  388. * PK11_UnwrapWithFlagsPerm is the same as PK11_UnwrapWithFlags except you can
  389. * (optionally) make the key permanent (token key).
  390. */
  391. PK11SymKey *PK11_UnwrapSymKey(PK11SymKey *key,
  392. CK_MECHANISM_TYPE wraptype, SECItem *param, SECItem *wrapppedKey,
  393. CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
  394. PK11SymKey *PK11_UnwrapSymKeyWithFlags(PK11SymKey *wrappingKey,
  395. CK_MECHANISM_TYPE wrapType, SECItem *param, SECItem *wrappedKey,
  396. CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize,
  397. CK_FLAGS flags);
  398. PK11SymKey * PK11_UnwrapSymKeyWithFlagsPerm(PK11SymKey *wrappingKey,
  399. CK_MECHANISM_TYPE wrapType,
  400. SECItem *param, SECItem *wrappedKey,
  401. CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation,
  402. int keySize, CK_FLAGS flags, PRBool isPerm);
  403. /*
  404. * unwrap a new key with a private key.
  405. * PK11_PubUnwrap returns a key which can do exactly one operation, and is
  406. * ephemeral (session key).
  407. * PK11_PubUnwrapWithFlagsPerm is the same as PK11_PubUnwrap except you can
  408. * use * CKF_ flags to enable more than one operation, and optionally make
  409. * the key permanent (token key).
  410. */
  411. PK11SymKey *PK11_PubUnwrapSymKey(SECKEYPrivateKey *key, SECItem *wrapppedKey,
  412. CK_MECHANISM_TYPE target, CK_ATTRIBUTE_TYPE operation, int keySize);
  413. PK11SymKey * PK11_PubUnwrapSymKeyWithFlagsPerm(SECKEYPrivateKey *wrappingKey,
  414. SECItem *wrappedKey, CK_MECHANISM_TYPE target,
  415. CK_ATTRIBUTE_TYPE operation, int keySize,
  416. CK_FLAGS flags, PRBool isPerm);
  417. PK11SymKey *PK11_FindFixedKey(PK11SlotInfo *slot, CK_MECHANISM_TYPE type,
  418. SECItem *keyID, void *wincx);
  419. SECStatus PK11_DeleteTokenPrivateKey(SECKEYPrivateKey *privKey,PRBool force);
  420. SECStatus PK11_DeleteTokenPublicKey(SECKEYPublicKey *pubKey);
  421. SECStatus PK11_DeleteTokenSymKey(PK11SymKey *symKey);
  422. SECStatus PK11_DeleteTokenCertAndKey(CERTCertificate *cert,void *wincx);
  423. SECKEYPrivateKey * PK11_LoadPrivKey(PK11SlotInfo *slot,
  424. SECKEYPrivateKey *privKey, SECKEYPublicKey *pubKey,
  425. PRBool token, PRBool sensitive);
  426. char * PK11_GetSymKeyNickname(PK11SymKey *symKey);
  427. char * PK11_GetPrivateKeyNickname(SECKEYPrivateKey *privKey);
  428. char * PK11_GetPublicKeyNickname(SECKEYPublicKey *pubKey);
  429. SECStatus PK11_SetSymKeyNickname(PK11SymKey *symKey, const char *nickname);
  430. SECStatus PK11_SetPrivateKeyNickname(SECKEYPrivateKey *privKey,
  431. const char *nickname);
  432. SECStatus PK11_SetPublicKeyNickname(SECKEYPublicKey *pubKey,
  433. const char *nickname);
  434. /* size to hold key in bytes */
  435. unsigned int PK11_GetKeyLength(PK11SymKey *key);
  436. /* size of actual secret parts of key in bits */
  437. /* algid is because RC4 strength is determined by the effective bits as well
  438. * as the key bits */
  439. unsigned int PK11_GetKeyStrength(PK11SymKey *key,SECAlgorithmID *algid);
  440. SECStatus PK11_ExtractKeyValue(PK11SymKey *symKey);
  441. SECItem * PK11_GetKeyData(PK11SymKey *symKey);
  442. PK11SlotInfo * PK11_GetSlotFromKey(PK11SymKey *symKey);
  443. void *PK11_GetWindow(PK11SymKey *symKey);
  444. /*
  445. * Explicitly set the key usage for the generated private key.
  446. *
  447. * This allows us to specify single use EC and RSA keys whose usage
  448. * can be regulated by the underlying token.
  449. *
  450. * The underlying key usage is set using opFlags. opFlagsMask specifies
  451. * which operations are specified by opFlags. For instance to turn encrypt
  452. * on and signing off, opFlags would be CKF_ENCRYPT|CKF_DECRYPT and
  453. * opFlagsMask would be CKF_ENCRYPT|CKF_DECRYPT|CKF_SIGN|CKF_VERIFY. You
  454. * need to specify both the public and private key flags,
  455. * PK11_GenerateKeyPairWithOpFlags will sort out the correct flag to the
  456. * correct key type. Flags not specified in opFlagMask will be defaulted
  457. * according to mechanism type and token capabilities.
  458. */
  459. SECKEYPrivateKey *PK11_GenerateKeyPairWithOpFlags(PK11SlotInfo *slot,
  460. CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
  461. PK11AttrFlags attrFlags, CK_FLAGS opFlags, CK_FLAGS opFlagsMask,
  462. void *wincx);
  463. /*
  464. * The attrFlags is the logical OR of the PK11_ATTR_XXX bitflags.
  465. * These flags apply to the private key. The PK11_ATTR_TOKEN,
  466. * PK11_ATTR_SESSION, PK11_ATTR_MODIFIABLE, and PK11_ATTR_UNMODIFIABLE
  467. * flags also apply to the public key.
  468. */
  469. SECKEYPrivateKey *PK11_GenerateKeyPairWithFlags(PK11SlotInfo *slot,
  470. CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
  471. PK11AttrFlags attrFlags, void *wincx);
  472. SECKEYPrivateKey *PK11_GenerateKeyPair(PK11SlotInfo *slot,
  473. CK_MECHANISM_TYPE type, void *param, SECKEYPublicKey **pubk,
  474. PRBool isPerm, PRBool isSensitive, void *wincx);
  475. SECKEYPrivateKey * PK11_FindPrivateKeyFromCert(PK11SlotInfo *slot,
  476. CERTCertificate *cert, void *wincx);
  477. SECKEYPrivateKey * PK11_FindKeyByAnyCert(CERTCertificate *cert, void *wincx);
  478. SECKEYPrivateKey * PK11_FindKeyByKeyID(PK11SlotInfo *slot, SECItem *keyID,
  479. void *wincx);
  480. int PK11_GetPrivateModulusLen(SECKEYPrivateKey *key);
  481. /* note: despite the name, this function takes a private key. */
  482. SECStatus PK11_PubDecryptRaw(SECKEYPrivateKey *key, unsigned char *data,
  483. unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
  484. #define PK11_PrivDecryptRaw PK11_PubDecryptRaw
  485. /* The encrypt function that complements the above decrypt function. */
  486. SECStatus PK11_PubEncryptRaw(SECKEYPublicKey *key, unsigned char *enc,
  487. unsigned char *data, unsigned dataLen, void *wincx);
  488. SECStatus PK11_PrivDecryptPKCS1(SECKEYPrivateKey *key, unsigned char *data,
  489. unsigned *outLen, unsigned int maxLen, unsigned char *enc, unsigned encLen);
  490. /* The encrypt function that complements the above decrypt function. */
  491. SECStatus PK11_PubEncryptPKCS1(SECKEYPublicKey *key, unsigned char *enc,
  492. unsigned char *data, unsigned dataLen, void *wincx);
  493. SECStatus PK11_ImportPrivateKeyInfo(PK11SlotInfo *slot,
  494. SECKEYPrivateKeyInfo *pki, SECItem *nickname,
  495. SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
  496. unsigned int usage, void *wincx);
  497. SECStatus PK11_ImportPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
  498. SECKEYPrivateKeyInfo *pki, SECItem *nickname,
  499. SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
  500. unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
  501. SECStatus PK11_ImportDERPrivateKeyInfo(PK11SlotInfo *slot,
  502. SECItem *derPKI, SECItem *nickname,
  503. SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
  504. unsigned int usage, void *wincx);
  505. SECStatus PK11_ImportDERPrivateKeyInfoAndReturnKey(PK11SlotInfo *slot,
  506. SECItem *derPKI, SECItem *nickname,
  507. SECItem *publicValue, PRBool isPerm, PRBool isPrivate,
  508. unsigned int usage, SECKEYPrivateKey** privk, void *wincx);
  509. SECStatus PK11_ImportEncryptedPrivateKeyInfo(PK11SlotInfo *slot,
  510. SECKEYEncryptedPrivateKeyInfo *epki, SECItem *pwitem,
  511. SECItem *nickname, SECItem *publicValue, PRBool isPerm,
  512. PRBool isPrivate, KeyType type,
  513. unsigned int usage, void *wincx);
  514. SECKEYPrivateKeyInfo *PK11_ExportPrivateKeyInfo(
  515. CERTCertificate *cert, void *wincx);
  516. SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivKeyInfo(
  517. PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
  518. SECKEYPrivateKey *pk, int iteration, void *wincx);
  519. SECKEYEncryptedPrivateKeyInfo *PK11_ExportEncryptedPrivateKeyInfo(
  520. PK11SlotInfo *slot, SECOidTag algTag, SECItem *pwitem,
  521. CERTCertificate *cert, int iteration, void *wincx);
  522. SECKEYPrivateKey *PK11_FindKeyByDERCert(PK11SlotInfo *slot,
  523. CERTCertificate *cert, void *wincx);
  524. SECKEYPublicKey *PK11_MakeKEAPubKey(unsigned char *data, int length);
  525. SECStatus PK11_DigestKey(PK11Context *context, PK11SymKey *key);
  526. PRBool PK11_VerifyKeyOK(PK11SymKey *key);
  527. SECKEYPrivateKey *PK11_UnwrapPrivKey(PK11SlotInfo *slot,
  528. PK11SymKey *wrappingKey, CK_MECHANISM_TYPE wrapType,
  529. SECItem *param, SECItem *wrappedKey, SECItem *label,
  530. SECItem *publicValue, PRBool token, PRBool sensitive,
  531. CK_KEY_TYPE keyType, CK_ATTRIBUTE_TYPE *usage, int usageCount,
  532. void *wincx);
  533. SECStatus PK11_WrapPrivKey(PK11SlotInfo *slot, PK11SymKey *wrappingKey,
  534. SECKEYPrivateKey *privKey, CK_MECHANISM_TYPE wrapType,
  535. SECItem *param, SECItem *wrappedKey, void *wincx);
  536. SECItem* PK11_DEREncodePublicKey(SECKEYPublicKey *pubk);
  537. PK11SymKey* PK11_CopySymKeyForSigning(PK11SymKey *originalKey,
  538. CK_MECHANISM_TYPE mech);
  539. SECKEYPrivateKeyList* PK11_ListPrivKeysInSlot(PK11SlotInfo *slot,
  540. char *nickname, void *wincx);
  541. SECKEYPublicKeyList* PK11_ListPublicKeysInSlot(PK11SlotInfo *slot,
  542. char *nickname);
  543. SECKEYPQGParams *PK11_GetPQGParamsFromPrivateKey(SECKEYPrivateKey *privKey);
  544. /* depricated */
  545. SECKEYPrivateKeyList* PK11_ListPrivateKeysInSlot(PK11SlotInfo *slot);
  546. PK11SymKey *PK11_ConvertSessionSymKeyToTokenSymKey(PK11SymKey *symk,
  547. void *wincx);
  548. SECKEYPrivateKey *PK11_ConvertSessionPrivKeyToTokenPrivKey(
  549. SECKEYPrivateKey *privk, void* wincx);
  550. SECKEYPrivateKey * PK11_CopyTokenPrivKeyToSessionPrivKey(PK11SlotInfo *destSlot,
  551. SECKEYPrivateKey *privKey);
  552. /**********************************************************************
  553. * Certs
  554. **********************************************************************/
  555. SECItem *PK11_MakeIDFromPubKey(SECItem *pubKeyData);
  556. SECStatus PK11_TraverseSlotCerts(
  557. SECStatus(* callback)(CERTCertificate*,SECItem *,void *),
  558. void *arg, void *wincx);
  559. CERTCertificate * PK11_FindCertFromNickname(const char *nickname, void *wincx);
  560. CERTCertList * PK11_FindCertsFromNickname(const char *nickname, void *wincx);
  561. CERTCertificate *PK11_GetCertFromPrivateKey(SECKEYPrivateKey *privKey);
  562. SECStatus PK11_ImportCert(PK11SlotInfo *slot, CERTCertificate *cert,
  563. CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
  564. SECStatus PK11_ImportDERCert(PK11SlotInfo *slot, SECItem *derCert,
  565. CK_OBJECT_HANDLE key, char *nickname, PRBool includeTrust);
  566. PK11SlotInfo *PK11_ImportCertForKey(CERTCertificate *cert, char *nickname,
  567. void *wincx);
  568. PK11SlotInfo *PK11_ImportDERCertForKey(SECItem *derCert, char *nickname,
  569. void *wincx);
  570. PK11SlotInfo *PK11_KeyForCertExists(CERTCertificate *cert,
  571. CK_OBJECT_HANDLE *keyPtr, void *wincx);
  572. PK11SlotInfo *PK11_KeyForDERCertExists(SECItem *derCert,
  573. CK_OBJECT_HANDLE *keyPtr, void *wincx);
  574. CERTCertificate * PK11_FindCertByIssuerAndSN(PK11SlotInfo **slot,
  575. CERTIssuerAndSN *sn, void *wincx);
  576. CERTCertificate * PK11_FindCertAndKeyByRecipientList(PK11SlotInfo **slot,
  577. SEC_PKCS7RecipientInfo **array, SEC_PKCS7RecipientInfo **rip,
  578. SECKEYPrivateKey**privKey, void *wincx);
  579. int PK11_FindCertAndKeyByRecipientListNew(NSSCMSRecipient **recipientlist,
  580. void *wincx);
  581. SECStatus PK11_TraverseCertsForSubjectInSlot(CERTCertificate *cert,
  582. PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
  583. void *arg);
  584. CERTCertificate *PK11_FindCertFromDERCert(PK11SlotInfo *slot,
  585. CERTCertificate *cert, void *wincx);
  586. SECStatus PK11_ImportCertForKeyToSlot(PK11SlotInfo *slot, CERTCertificate *cert,
  587. char *nickname, PRBool addUsage,
  588. void *wincx);
  589. CERTCertificate *PK11_FindBestKEAMatch(CERTCertificate *serverCert,void *wincx);
  590. PRBool PK11_FortezzaHasKEA(CERTCertificate *cert);
  591. CK_OBJECT_HANDLE PK11_FindCertInSlot(PK11SlotInfo *slot, CERTCertificate *cert,
  592. void *wincx);
  593. SECStatus PK11_TraverseCertsForNicknameInSlot(SECItem *nickname,
  594. PK11SlotInfo *slot, SECStatus(*callback)(CERTCertificate *, void *),
  595. void *arg);
  596. CERTCertList * PK11_ListCerts(PK11CertListType type, void *pwarg);
  597. CERTCertList * PK11_ListCertsInSlot(PK11SlotInfo *slot);
  598. CERTSignedCrl* PK11_ImportCRL(PK11SlotInfo * slot, SECItem *derCRL, char *url,
  599. int type, void *wincx, PRInt32 importOptions, PRArenaPool* arena, PRInt32 decodeOptions);
  600. /**********************************************************************
  601. * Sign/Verify
  602. **********************************************************************/
  603. /*
  604. * Return the length in bytes of a signature generated with the
  605. * private key.
  606. *
  607. * Return 0 or -1 on failure. (XXX Should we fix it to always return
  608. * -1 on failure?)
  609. */
  610. int PK11_SignatureLen(SECKEYPrivateKey *key);
  611. PK11SlotInfo * PK11_GetSlotFromPrivateKey(SECKEYPrivateKey *key);
  612. SECStatus PK11_Sign(SECKEYPrivateKey *key, SECItem *sig, SECItem *hash);
  613. SECStatus PK11_VerifyRecover(SECKEYPublicKey *key, SECItem *sig,
  614. SECItem *dsig, void * wincx);
  615. SECStatus PK11_Verify(SECKEYPublicKey *key, SECItem *sig,
  616. SECItem *hash, void *wincx);
  617. /**********************************************************************
  618. * Crypto Contexts
  619. **********************************************************************/
  620. void PK11_DestroyContext(PK11Context *context, PRBool freeit);
  621. PK11Context *PK11_CreateContextBySymKey(CK_MECHANISM_TYPE type,
  622. CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey, SECItem *param);
  623. PK11Context *PK11_CreateDigestContext(SECOidTag hashAlg);
  624. PK11Context *PK11_CloneContext(PK11Context *old);
  625. SECStatus PK11_DigestBegin(PK11Context *cx);
  626. /*
  627. * The output buffer 'out' must be big enough to hold the output of
  628. * the hash algorithm 'hashAlg'.
  629. */
  630. SECStatus PK11_HashBuf(SECOidTag hashAlg, unsigned char *out, unsigned char *in,
  631. PRInt32 len);
  632. SECStatus PK11_DigestOp(PK11Context *context, const unsigned char *in,
  633. unsigned len);
  634. SECStatus PK11_CipherOp(PK11Context *context, unsigned char * out, int *outlen,
  635. int maxout, unsigned char *in, int inlen);
  636. SECStatus PK11_Finalize(PK11Context *context);
  637. SECStatus PK11_DigestFinal(PK11Context *context, unsigned char *data,
  638. unsigned int *outLen, unsigned int length);
  639. SECStatus PK11_SaveContext(PK11Context *cx,unsigned char *save,
  640. int *len, int saveLength);
  641. /* Save the context's state, with possible allocation.
  642. * The caller may supply an already allocated buffer in preAllocBuf,
  643. * with length pabLen. If the buffer is large enough for the context's
  644. * state, it will receive the state.
  645. * If the buffer is not large enough (or NULL), then a new buffer will
  646. * be allocated with PORT_Alloc.
  647. * In either case, the state will be returned as a buffer, and the length
  648. * of the state will be given in *stateLen.
  649. */
  650. unsigned char *
  651. PK11_SaveContextAlloc(PK11Context *cx,
  652. unsigned char *preAllocBuf, unsigned int pabLen,
  653. unsigned int *stateLen);
  654. SECStatus PK11_RestoreContext(PK11Context *cx,unsigned char *save,int len);
  655. SECStatus PK11_GenerateFortezzaIV(PK11SymKey *symKey,unsigned char *iv,int len);
  656. void PK11_SetFortezzaHack(PK11SymKey *symKey) ;
  657. /**********************************************************************
  658. * PBE functions
  659. **********************************************************************/
  660. /* This function creates PBE parameters from the given inputs. The result
  661. * can be used to create a password integrity key for PKCS#12, by sending
  662. * the return value to PK11_KeyGen along with the appropriate mechanism.
  663. */
  664. SECItem *
  665. PK11_CreatePBEParams(SECItem *salt, SECItem *pwd, unsigned int iterations);
  666. /* free params created above (can be called after keygen is done */
  667. void PK11_DestroyPBEParams(SECItem *params);
  668. SECAlgorithmID *
  669. PK11_CreatePBEAlgorithmID(SECOidTag algorithm, int iteration, SECItem *salt);
  670. /* use to create PKCS5 V2 algorithms with finder control than that provided
  671. * by PK11_CreatePBEAlgorithmID. */
  672. SECAlgorithmID *
  673. PK11_CreatePBEV2AlgorithmID(SECOidTag pbeAlgTag, SECOidTag cipherAlgTag,
  674. SECOidTag prfAlgTag, int keyLength, int iteration,
  675. SECItem *salt);
  676. PK11SymKey *
  677. PK11_PBEKeyGen(PK11SlotInfo *slot, SECAlgorithmID *algid, SECItem *pwitem,
  678. PRBool faulty3DES, void *wincx);
  679. /* warning: cannot work with PKCS 5 v2 use PK11_PBEKeyGen instead */
  680. PK11SymKey *
  681. PK11_RawPBEKeyGen(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, SECItem *params,
  682. SECItem *pwitem, PRBool faulty3DES, void *wincx);
  683. SECItem *
  684. PK11_GetPBEIV(SECAlgorithmID *algid, SECItem *pwitem);
  685. /*
  686. * Get the Mechanism and parameter of the base encryption or mac scheme from
  687. * a PBE algorithm ID.
  688. * Caller is responsible for freeing the return parameter (param).
  689. */
  690. CK_MECHANISM_TYPE
  691. PK11_GetPBECryptoMechanism(SECAlgorithmID *algid,
  692. SECItem **param, SECItem *pwd);
  693. /**********************************************************************
  694. * Functions to manage secmod flags
  695. **********************************************************************/
  696. PK11DefaultArrayEntry * PK11_GetDefaultArray(int *);
  697. SECStatus PK11_UpdateSlotAttribute(PK11SlotInfo *, PK11DefaultArrayEntry *,
  698. PRBool );
  699. /**********************************************************************
  700. * Functions to look at PKCS #11 dependent data
  701. **********************************************************************/
  702. PK11GenericObject *PK11_FindGenericObjects(PK11SlotInfo *slot,
  703. CK_OBJECT_CLASS objClass);
  704. PK11GenericObject *PK11_GetNextGenericObject(PK11GenericObject *object);
  705. PK11GenericObject *PK11_GetPrevGenericObject(PK11GenericObject *object);
  706. SECStatus PK11_UnlinkGenericObject(PK11GenericObject *object);
  707. SECStatus PK11_LinkGenericObject(PK11GenericObject *list,
  708. PK11GenericObject *object);
  709. SECStatus PK11_DestroyGenericObjects(PK11GenericObject *object);
  710. SECStatus PK11_DestroyGenericObject(PK11GenericObject *object);
  711. PK11GenericObject *PK11_CreateGenericObject(PK11SlotInfo *slot,
  712. const CK_ATTRIBUTE *pTemplate,
  713. int count, PRBool token);
  714. /*
  715. * PK11_ReadRawAttribute and PK11_WriteRawAttribute are generic
  716. * functions to read and modify the actual PKCS #11 attributes of
  717. * the underlying pkcs #11 object.
  718. *
  719. * object is a pointer to an NSS object that represents the underlying
  720. * PKCS #11 object. It's type must match the type of PK11ObjectType
  721. * as follows:
  722. *
  723. * type object
  724. * PK11_TypeGeneric PK11GenericObject *
  725. * PK11_TypePrivKey SECKEYPrivateKey *
  726. * PK11_TypePubKey SECKEYPublicKey *
  727. * PK11_TypeSymKey PK11SymKey *
  728. *
  729. * All other types are considered invalid. If type does not match the object
  730. * passed, unpredictable results will occur.
  731. */
  732. SECStatus PK11_ReadRawAttribute(PK11ObjectType type, void *object,
  733. CK_ATTRIBUTE_TYPE attr, SECItem *item);
  734. SECStatus PK11_WriteRawAttribute(PK11ObjectType type, void *object,
  735. CK_ATTRIBUTE_TYPE attr, SECItem *item);
  736. /**********************************************************************
  737. * New fucntions which are already depricated....
  738. **********************************************************************/
  739. SECItem *
  740. PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
  741. CERTCertificate *cert, void *pwarg);
  742. SECItem *
  743. PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
  744. PRBool SECMOD_HasRootCerts(void);
  745. SEC_END_PROTOS
  746. #endif