tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

pkit.h (4381B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #ifndef PKIT_H
      6 #define PKIT_H
      7 
      8 /*
      9 * pkit.h
     10 *
     11 * This file contains definitions for the types of the top-level PKI objects.
     12 */
     13 
     14 #ifndef NSSBASET_H
     15 #include "nssbaset.h"
     16 #endif /* NSSBASET_H */
     17 
     18 #ifndef BASET_H
     19 #include "baset.h"
     20 #endif /* BASET_H */
     21 
     22 #include "certt.h"
     23 #include "pkcs11t.h"
     24 
     25 #ifndef NSSPKIT_H
     26 #include "nsspkit.h"
     27 #endif /* NSSPKIT_H */
     28 
     29 #ifndef NSSDEVT_H
     30 #include "nssdevt.h"
     31 #endif /* NSSDEVT_H */
     32 
     33 #ifndef DEVT_H
     34 #include "devt.h"
     35 #endif /* DEVT_H */
     36 
     37 #ifndef nssrwlkt_h__
     38 #include "nssrwlkt.h"
     39 #endif /* nssrwlkt_h__ */
     40 
     41 PR_BEGIN_EXTERN_C
     42 
     43 /*
     44 * A note on ephemeral certs
     45 *
     46 * The key objects defined here can only be created on tokens, and can only
     47 * exist on tokens.  Therefore, any instance of a key object must have
     48 * a corresponding cryptoki instance.  OTOH, certificates created in
     49 * crypto contexts need not be stored as session objects on the token.
     50 * There are good performance reasons for not doing so.  The certificate
     51 * and trust objects have been defined with a cryptoContext field to
     52 * allow for ephemeral certs, which may have a single instance in a crypto
     53 * context along with any number (including zero) of cryptoki instances.
     54 * Since contexts may not share objects, there can be only one context
     55 * for each object.
     56 */
     57 
     58 typedef enum {
     59    nssPKILock = 1,
     60    nssPKIMonitor = 2
     61 } nssPKILockType;
     62 
     63 /* nssPKIObject
     64 *
     65 * This is the base object class, common to all PKI objects defined in
     66 * nsspkit.h
     67 */
     68 struct nssPKIObjectStr {
     69    /* The arena for all object memory */
     70    NSSArena *arena;
     71    /* Atomically incremented/decremented reference counting */
     72    PRInt32 refCount;
     73    /* lock protects the array of nssCryptokiInstance's of the object */
     74    union {
     75        PZLock *lock;
     76        PZMonitor *mlock;
     77    } sync;
     78    nssPKILockType lockType;
     79    /* XXX with LRU cache, this cannot be guaranteed up-to-date.  It cannot
     80     * be compared against the update level of the trust domain, since it is
     81     * also affected by import/export.  Where is this array needed?
     82     */
     83    nssCryptokiObject **instances;
     84    PRUint32 numInstances;
     85    /* The object must live in a trust domain */
     86    NSSTrustDomain *trustDomain;
     87    /* The object may live in a crypto context */
     88    NSSCryptoContext *cryptoContext;
     89    /* XXX added so temp certs can have nickname, think more ... */
     90    NSSUTF8 *tempName;
     91 };
     92 
     93 typedef struct nssDecodedCertStr nssDecodedCert;
     94 
     95 typedef struct nssCertificateStoreStr nssCertificateStore;
     96 
     97 /* How wide is the scope of this? */
     98 typedef struct nssSMIMEProfileStr nssSMIMEProfile;
     99 
    100 typedef struct nssPKIObjectStr nssPKIObject;
    101 
    102 struct NSSTrustStr {
    103    nssPKIObject object;
    104    NSSCertificate *certificate;
    105    nssTrustLevel serverAuth;
    106    nssTrustLevel clientAuth;
    107    nssTrustLevel emailProtection;
    108    nssTrustLevel codeSigning;
    109    PRBool stepUpApproved;
    110 };
    111 
    112 struct nssSMIMEProfileStr {
    113    nssPKIObject object;
    114    NSSCertificate *certificate;
    115    NSSASCII7 *email;
    116    NSSDER *subject;
    117    NSSItem *profileTime;
    118    NSSItem *profileData;
    119 };
    120 
    121 struct NSSCertificateStr {
    122    nssPKIObject object;
    123    NSSCertificateType type;
    124    NSSItem id;
    125    NSSBER encoding;
    126    NSSDER issuer;
    127    NSSDER subject;
    128    NSSDER serial;
    129    NSSASCII7 *email;
    130    nssDecodedCert *decoding;
    131 };
    132 
    133 struct NSSPrivateKeyStr;
    134 
    135 struct NSSPublicKeyStr;
    136 
    137 struct NSSSymmetricKeyStr;
    138 
    139 typedef struct nssTDCertificateCacheStr nssTDCertificateCache;
    140 
    141 struct NSSTrustDomainStr {
    142    PRInt32 refCount;
    143    NSSArena *arena;
    144    NSSCallback *defaultCallback;
    145    nssList *tokenList;
    146    nssListIterator *tokens;
    147    nssTDCertificateCache *cache;
    148    NSSRWLock *tokensLock;
    149    void *spkDigestInfo;
    150    CERTStatusConfig *statusConfig;
    151 };
    152 
    153 struct NSSCryptoContextStr {
    154    PRInt32 refCount;
    155    NSSArena *arena;
    156    NSSTrustDomain *td;
    157    NSSToken *token;
    158    nssSession *session;
    159    nssCertificateStore *certStore;
    160 };
    161 
    162 struct NSSTimeStr {
    163    PRTime prTime;
    164 };
    165 
    166 struct NSSCRLStr {
    167    nssPKIObject object;
    168    NSSDER encoding;
    169    NSSUTF8 *url;
    170    PRBool isKRL;
    171 };
    172 
    173 typedef struct NSSCRLStr NSSCRL;
    174 
    175 struct NSSPoliciesStr;
    176 
    177 struct NSSAlgorithmAndParametersStr;
    178 
    179 struct NSSPKIXCertificateStr;
    180 
    181 PR_END_EXTERN_C
    182 
    183 #endif /* PKIT_H */