is a set of libraries, APIs, utilities, and documentation designed to support cross-platform development of security-enabled client and server applications. It provides a complete implementation of the crypto libraries used by Mozilla and other companies.
| pk11pub.h (nss-3.61) | : | pk11pub.h (nss-3.62) |
|---|
| | |
| skipping to change at line 731 | | skipping to change at line 731 |
|---|
| CERTCertList *PK11_ListCerts(PK11CertListType type, void *pwarg); | | CERTCertList *PK11_ListCerts(PK11CertListType type, void *pwarg); |
| CERTCertList *PK11_ListCertsInSlot(PK11SlotInfo *slot); | | CERTCertList *PK11_ListCertsInSlot(PK11SlotInfo *slot); |
| CERTSignedCrl *PK11_ImportCRL(PK11SlotInfo *slot, SECItem *derCRL, char *url, | | CERTSignedCrl *PK11_ImportCRL(PK11SlotInfo *slot, SECItem *derCRL, char *url, |
| int type, void *wincx, PRInt32 importOptions, PLAr
enaPool *arena, PRInt32 decodeOptions); | | int type, void *wincx, PRInt32 importOptions, PLAr
enaPool *arena, PRInt32 decodeOptions); |
| CK_BBOOL PK11_HasAttributeSet(PK11SlotInfo *slot, | | CK_BBOOL PK11_HasAttributeSet(PK11SlotInfo *slot, |
| CK_OBJECT_HANDLE id, | | CK_OBJECT_HANDLE id, |
| CK_ATTRIBUTE_TYPE type, | | CK_ATTRIBUTE_TYPE type, |
| PRBool haslock /* must be set to PR_FALSE */); | | PRBool haslock /* must be set to PR_FALSE */); |
| | |
| /********************************************************************** | | /********************************************************************** |
|
| * Hybrid Public Key Encryption (draft-05) | | * Hybrid Public Key Encryption (draft-07) |
| **********************************************************************/ | | **********************************************************************/ |
| /* | | /* |
| * NOTE: All HPKE functions will fail with SEC_ERROR_INVALID_ALGORITHM | | * NOTE: All HPKE functions will fail with SEC_ERROR_INVALID_ALGORITHM |
| * unless NSS is compiled with NSS_ENABLE_DRAFT_HPKE while spec (and | | * unless NSS is compiled with NSS_ENABLE_DRAFT_HPKE while spec (and |
| * implementation) is in draft. The eventual RFC number is an input to | | * implementation) is in draft. The eventual RFC number is an input to |
| * the key schedule, so applications opting into this MUST be prepared for | | * the key schedule, so applications opting into this MUST be prepared for |
| * outputs to change when the implementation is updated or finalized. */ | | * outputs to change when the implementation is updated or finalized. */ |
| | |
| /* Some of the various HPKE arguments would ideally be const, but the | | /* Some of the various HPKE arguments would ideally be const, but the |
| * underlying PK11 functions take them as non-const. To avoid lying to | | * underlying PK11 functions take them as non-const. To avoid lying to |
| * the application with a cast, this idiosyncrasy is exposed. */ | | * the application with a cast, this idiosyncrasy is exposed. */ |
| SECStatus PK11_HPKE_ValidateParameters(HpkeKemId kemId, HpkeKdfId kdfId, HpkeAea
dId aeadId); | | SECStatus PK11_HPKE_ValidateParameters(HpkeKemId kemId, HpkeKdfId kdfId, HpkeAea
dId aeadId); |
| HpkeContext *PK11_HPKE_NewContext(HpkeKemId kemId, HpkeKdfId kdfId, HpkeAeadId a
eadId, | | HpkeContext *PK11_HPKE_NewContext(HpkeKemId kemId, HpkeKdfId kdfId, HpkeAeadId a
eadId, |
| PK11SymKey *psk, const SECItem *pskId); | | PK11SymKey *psk, const SECItem *pskId); |
| SECStatus PK11_HPKE_Deserialize(const HpkeContext *cx, const PRUint8 *enc, | | SECStatus PK11_HPKE_Deserialize(const HpkeContext *cx, const PRUint8 *enc, |
| unsigned int encLen, SECKEYPublicKey **outPubKey
); | | unsigned int encLen, SECKEYPublicKey **outPubKey
); |
| void PK11_HPKE_DestroyContext(HpkeContext *cx, PRBool freeit); | | void PK11_HPKE_DestroyContext(HpkeContext *cx, PRBool freeit); |
|
| const SECItem *PK11_HPKE_GetEncapPubKey(const HpkeContext *cx); | | |
| | /* Serialize an initialized receiver context. This only retains the keys and |
| | * associated information necessary to resume Export and Open operations after |
| | * import. Serialization is currently supported for receiver contexts only. |
| | * This is done for two reasons: 1) it avoids having to move the encryption |
| | * sequence number outside of the token (or adding encryption context |
| | * serialization support to softoken), and 2) we don't have to worry about IV |
| | * reuse due to sequence number cloning. |
| | * |
| | * |wrapKey| is required when exporting in FIPS mode. If exported with a |
| | * wrapping key, that same key must be provided to the import function, |
| | * otherwise behavior is undefined. |
| | * |
| | * Even when exported with key wrap, HPKE expects the nonce to also be kept |
| | * secret and that value is not protected by wrapKey. Applications are |
| | * responsible for maintaining the confidentiality of the exported information. |
| | */ |
| | SECStatus PK11_HPKE_ExportContext(const HpkeContext *cx, PK11SymKey *wrapKey, SE |
| | CItem **serialized); |
| SECStatus PK11_HPKE_ExportSecret(const HpkeContext *cx, const SECItem *info, uns
igned int L, | | SECStatus PK11_HPKE_ExportSecret(const HpkeContext *cx, const SECItem *info, uns
igned int L, |
| PK11SymKey **outKey); | | PK11SymKey **outKey); |
|
| | const SECItem *PK11_HPKE_GetEncapPubKey(const HpkeContext *cx); |
| | HpkeContext *PK11_HPKE_ImportContext(const SECItem *serialized, PK11SymKey *wrap |
| | Key); |
| SECStatus PK11_HPKE_Open(HpkeContext *cx, const SECItem *aad, const SECItem *ct,
SECItem **outPt); | | SECStatus PK11_HPKE_Open(HpkeContext *cx, const SECItem *aad, const SECItem *ct,
SECItem **outPt); |
| SECStatus PK11_HPKE_Seal(HpkeContext *cx, const SECItem *aad, const SECItem *pt,
SECItem **outCt); | | SECStatus PK11_HPKE_Seal(HpkeContext *cx, const SECItem *aad, const SECItem *pt,
SECItem **outCt); |
| SECStatus PK11_HPKE_Serialize(const SECKEYPublicKey *pk, PRUint8 *buf, unsigned
int *len, unsigned int maxLen); | | SECStatus PK11_HPKE_Serialize(const SECKEYPublicKey *pk, PRUint8 *buf, unsigned
int *len, unsigned int maxLen); |
| SECStatus PK11_HPKE_SetupS(HpkeContext *cx, const SECKEYPublicKey *pkE, SECKEYPr
ivateKey *skE, | | SECStatus PK11_HPKE_SetupS(HpkeContext *cx, const SECKEYPublicKey *pkE, SECKEYPr
ivateKey *skE, |
| SECKEYPublicKey *pkR, const SECItem *info); | | SECKEYPublicKey *pkR, const SECItem *info); |
| SECStatus PK11_HPKE_SetupR(HpkeContext *cx, const SECKEYPublicKey *pkR, SECKEYPr
ivateKey *skR, | | SECStatus PK11_HPKE_SetupR(HpkeContext *cx, const SECKEYPublicKey *pkR, SECKEYPr
ivateKey *skR, |
| const SECItem *enc, const SECItem *info); | | const SECItem *enc, const SECItem *info); |
| | |
| /********************************************************************** | | /********************************************************************** |
| * Sign/Verify | | * Sign/Verify |
| | | |
| End of changes. 3 change blocks. |
|---|
| 2 lines changed or deleted | | 23 lines changed or added |
|---|
"Fossies" - the Fresh Open Source Software Archive 