14.4. Data Definitions for libnss3

This section defines global identifiers and their values that are associated with interfaces contained in libnss3. These definitions are organized into groups that correspond to system headers. This convention is used as a convenience for the reader, and does not imply the existence of these headers, or their content. Where an interface is defined as requiring a particular system header file all of the data definitions for that system header file presented here shall be in effect.

This section gives data definitions to promote binary application portability, not to repeat source interface definitions available elsewhere. System providers and application developers should use this ABI to supplement - not to replace - source interface definition specifications.

This specification uses the ISO C (1999) C Language as the reference programming language, and data definitions are specified in ISO C format. The C language is used here as a convenient notation. Using a C language description of these data objects does not preclude their use by other programming languages.

14.4.1. nss3/blapit.h


#define _BLAPIT_H_
#define PQG_PBITS_TO_INDEX(bits)	 \
   (((bits) < 512 || (bits) > 1024 || (bits) % 64) ? -1 : \
 (int)((bits)-512)/64)
#define PQG_INDEX_TO_PBITS(j)	 \
   (((unsigned)(j) > 8) ? -1 : (512 + 64 * (j)))
#define NSS_AES	0
#define NSS_DES	0
#define NSS_RC2	0
#define NSS_RC5	0
#define NSS_AES_CBC	1
#define NSS_DES_CBC	1
#define NSS_RC2_CBC	1
#define NSS_RC5_CBC	1
#define DSA_MAX_P_BITS	1024
#define DH_MIN_P_BITS	128
#define RSA_MIN_MODULUS_BITS	128
#define AES_BLOCK_SIZE	16
#define DSA_Q_BITS	160
#define NSS_DES_EDE3	2
#define DSA_SUBPRIME_LEN	20
#define NSS_FREEBL_DEFAULT_CHUNKSIZE	2048
#define DH_MAX_P_BITS	2236
#define NSS_DES_EDE3_CBC	3
#define DSA_SIGNATURE_LEN	40
#define DSA_MIN_P_BITS	512
#define AES_KEY_WRAP_BLOCK_SIZE	8
#define AES_KEY_WRAP_IV_BYTES	8
#define DES_KEY_LENGTH	8

typedef struct PQGParamsStr {
    PLArenaPool *arena;
    SECItem prime;
    SECItem subPrime;
    SECItem base;
} PQGParams;
typedef struct PQGVerifyStr {
    PLArenaPool *arena;
    unsigned int counter;
    SECItem seed;
    SECItem h;
} PQGVerify;

14.4.2. nss3/cert.h


#define _CERT_H_

extern SECCertTimeValidity CERT_CheckCertValidTimes(CERTCertificate * cert,
						    PRTime t,
						    PRBool allowOverride);
extern void CERT_DestroyCertificate(CERTCertificate * cert);
extern CERTCertificate *CERT_DupCertificate(CERTCertificate * c);
extern void CERT_FreeNicknames(CERTCertNicknames * nicknames);
extern CERTCertNicknames *CERT_GetCertNicknames(CERTCertDBHandle * handle,
						int what, void *wincx);
extern CERTCertDBHandle *CERT_GetDefaultCertDB(void);
extern SECStatus CERT_VerifyCertName(CERTCertificate * cert,
				     const char *hostname);
extern SECStatus CERT_VerifyCertNow(CERTCertDBHandle * handle,
				    CERTCertificate * cert,
				    PRBool checkSig,
				    SECCertUsage certUsage, void *wincx);

14.4.3. nss3/certt.h


#define _CERTT_H_
#define NS_CERT_TYPE_CA	 \
	( NS_CERT_TYPE_SSL_CA | NS_CERT_TYPE_EMAIL_CA | \
	NS_CERT_TYPE_OBJECT_SIGNING_CA | EXT_KEY_USAGE_STATUS_RESPONDER )
#define NS_CERT_TYPE_APP	 \
	( NS_CERT_TYPE_SSL_CLIENT | NS_CERT_TYPE_SSL_SERVER | \
	NS_CERT_TYPE_EMAIL | NS_CERT_TYPE_OBJECT_SIGNING )
#define SEC_GET_TRUST_FLAGS(trust,type)	 \
	(((type)==trustSSL)?((trust)->sslFlags): \
	(((type)==trustEmail)?((trust)->emailFlags): \
	(((type)==trustObjectSigning)?((trust)->objectSigningFlags):0)))
#define KU_ALL	 \
	(KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT | \
	KU_DATA_ENCIPHERMENT | KU_KEY_AGREEMENT | KU_KEY_CERT_SIGN | \
	KU_CRL_SIGN)
#define CERT_LIST_END(n,l)	(((void *)n) == ((void *)&l->list))
#define CERT_LIST_NEXT(n)	((CERTCertListNode *)n->links.next)
#define CERT_LIST_HEAD(l)	((CERTCertListNode *)PR_LIST_HEAD(&l->list))
#define certificateUsageSSLClient	(0x0001)
#define certificateUsageSSLServer	(0x0002)
#define certificateUsageSSLServerWithStepUp	(0x0004)
#define certificateUsageSSLCA	(0x0008)
#define certificateUsageEmailSigner	(0x0010)
#define certificateUsageEmailRecipient	(0x0020)
#define certificateUsageObjectSigner	(0x0040)
#define certificateUsageUserCertImport	(0x0080)
#define NS_CERT_TYPE_OBJECT_SIGNING_CA	(0x01)
#define certificateUsageVerifyCA	(0x0100)
#define KU_CRL_SIGN	(0x02)
#define NS_CERT_TYPE_EMAIL_CA	(0x02)
#define RF_CERTIFICATE_HOLD	(0x02)
#define certificateUsageProtectedObjectSigner	(0x0200)
#define KU_KEY_CERT_SIGN	(0x04)
#define NS_CERT_TYPE_SSL_CA	(0x04)
#define RF_CESSATION_OF_OPERATION	(0x04)
#define certificateUsageStatusResponder	(0x0400)
#define KU_KEY_AGREEMENT	(0x08)
#define NS_CERT_TYPE_RESERVED	(0x08)
#define RF_SUPERSEDED	(0x08)
#define certificateUsageAnyCA	(0x0800)
#define KU_DATA_ENCIPHERMENT	(0x10)
#define NS_CERT_TYPE_OBJECT_SIGNING	(0x10)
#define RF_AFFILIATION_CHANGED	(0x10)
#define KU_KEY_ENCIPHERMENT	(0x20)
#define NS_CERT_TYPE_EMAIL	(0x20)
#define RF_CA_COMPROMISE	(0x20)
#define KU_NON_REPUDIATION	(0x40)
#define NS_CERT_TYPE_SSL_SERVER	(0x40)
#define RF_KEY_COMPROMISE	(0x40)
#define EXT_KEY_USAGE_STATUS_RESPONDER	(0x4000)
#define KU_KEY_AGREEMENT_OR_ENCIPHERMENT	(0x4000)
#define KU_DIGITAL_SIGNATURE	(0x80)
#define NS_CERT_TYPE_SSL_CLIENT	(0x80)
#define RF_UNUSED	(0x80)
#define EXT_KEY_USAGE_TIME_STAMP	(0x8000)
#define KU_NS_GOVT_APPROVED	(0x8000)
#define CERT_UNLIMITED_PATH_CONSTRAINT	-2
#define SEC_CERTIFICATE_REQUEST_VERSION	0
#define SEC_CERTIFICATE_VERSION_1	0
#define SEC_CRL_VERSION_1	0
#define SEC_CERTIFICATE_VERSION_2	1
#define SEC_CERT_CLASS_CA	1
#define SEC_CERT_NICKNAMES_ALL	1
#define SEC_CRL_VERSION_2	1
#define SEC_CERTIFICATE_VERSION_3	2
#define SEC_CERT_CLASS_SERVER	2
#define SEC_CERT_NICKNAMES_USER	2
#define CERT_MAX_CERT_CHAIN	20
#define SEC_CERT_CLASS_USER	3
#define SEC_CERT_NICKNAMES_SERVER	3
#define SEC_CERT_CLASS_EMAIL	4
#define SEC_CERT_NICKNAMES_CA	4
#define certificateUsageHighest	certificateUsageAnyCA
#define CERT_LIST_EMPTY(l)	CERT_LIST_END(CERT_LIST_HEAD(l), l)

typedef struct CERTAVAStr {
    SECItem type;
    SECItem value;
} CERTAVA;
typedef struct CERTAttributeStr {
    SECItem attrType;
    SECItem **attrValue;
} CERTAttribute;
typedef struct CERTAuthInfoAccessStr {
    SECItem method;
    SECItem derLocation;
    CERTGeneralName *location;
} CERTAuthInfoAccess;
typedef struct CERTAuthKeyIDStr {
    SECItem keyID;
    CERTGeneralName *authCertIssuer;
    SECItem authCertSerialNumber;
    SECItem **DERAuthCertIssuer;
} CERTAuthKeyID;
typedef struct CERTBasicConstraintsStr {
    PRBool isCA;
    int pathLenConstraint;
} CERTBasicConstraints;
typedef struct NSSTrustDomainStr CERTCertDBHandle;
typedef struct CERTCertExtensionStr {
    SECItem id;
    SECItem critical;
    SECItem value;
} CERTCertExtension;
typedef struct CERTCertListStr {
    PRCList list;
    PLArenaPool *arena;
} CERTCertList;
typedef struct CERTCertListNodeStr {
    PRCList links;
    CERTCertificate *cert;
    void *appData;
} CERTCertListNode;
typedef struct CERTCertNicknamesStr {
    PLArenaPool *arena;
    void *head;
    int numnicknames;
    char **nicknames;
    int what;
    int totallen;
} CERTCertNicknames;
typedef struct CERTCertTrustStr {
    unsigned int sslFlags;
    unsigned int emailFlags;
    unsigned int objectSigningFlags;
} CERTCertTrust;
typedef struct CERTSignedDataStr {
    SECItem data;
    SECAlgorithmID signatureAlgorithm;
    SECItem signature;
} CERTSignedData;
typedef struct CERTCertificateListStr {
    SECItem *certs;
    int len;
    PLArenaPool *arena;
} CERTCertificateList;
typedef struct CERTNameStr {
    PLArenaPool *arena;
    CERTRDN **rdns;
} CERTName;
typedef struct CERTCrlStr {
    PLArenaPool *arena;
    SECItem version;
    SECAlgorithmID signatureAlg;
    SECItem derName;
    CERTName name;
    SECItem lastUpdate;
    SECItem nextUpdate;
    CERTCrlEntry **entries;
    CERTCertExtension **extensions;
} CERTCrl;
typedef struct CERTCrlDistributionPointsStr {
    CRLDistributionPoint **distPoints;
} CERTCrlDistributionPoints;
typedef struct CERTCrlEntryStr {
    SECItem serialNumber;
    SECItem revocationDate;
    CERTCertExtension **extensions;
} CERTCrlEntry;
typedef struct CERTCrlHeadNodeStr {
    PLArenaPool *arena;
    CERTCertDBHandle *dbhandle;
    CERTCrlNode *first;
    CERTCrlNode *last;
} CERTCrlHeadNode;
typedef struct CERTCrlNodeStr {
    CERTCrlNode *next;
    int type;
    CERTSignedCrl *crl;
} CERTCrlNode;
typedef struct CERTDistNamesStr {
    PLArenaPool *arena;
    int nnames;
    SECItem *names;
    void *head;
} CERTDistNames;
typedef struct OtherNameStr {
    SECItem name;
    SECItem oid;
} OtherName;
typedef struct CERTGeneralNameListStr {
    PLArenaPool *arena;
    CERTGeneralName *name;
    int refCount;
    int len;
    PRLock *lock;
} CERTGeneralNameList;
typedef struct CERTIssuerAndSNStr {
    SECItem derIssuer;
    CERTName issuer;
    SECItem serialNumber;
} CERTIssuerAndSN;
typedef struct CERTSubjectPublicKeyInfoStr {
    PLArenaPool *arena;
    SECAlgorithmID algorithm;
    SECItem subjectPublicKey;
} CERTSubjectPublicKeyInfo;
typedef struct CERTGeneralNameStr {
    CERTGeneralNameType type;
    union {
	CERTName directoryName;
	OtherName OthName;
	SECItem other;
    } name;
    SECItem derDirectoryName;
    PRCList l;
} CERTGeneralName;
typedef struct CERTNameConstraintsStr {
    CERTNameConstraint *permited;
    CERTNameConstraint *excluded;
    SECItem **DERPermited;
    SECItem **DERExcluded;
} CERTNameConstraints;
typedef struct CERTOKDomainNameStr {
    CERTOKDomainName *next;
    char name[1];
} CERTOKDomainName;
typedef struct CERTPrivKeyUsagePeriodStr {
    SECItem notBefore;
    SECItem notAfter;
    PLArenaPool *arena;
} CERTPrivKeyUsagePeriod;
typedef struct CERTRDNStr {
    CERTAVA **avas;
} CERTRDN;
typedef struct CERTSignedCrlStr {
    PLArenaPool *arena;
    CERTCrl crl;
    void *reserved1;
    PRBool reserved2;
    PRBool isperm;
    PRBool istemp;
    int referenceCount;
    CERTCertDBHandle *dbhandle;
    CERTSignedData signatureWrap;
    char *url;
    SECItem *derCrl;
    PK11SlotInfo *slot;
    CK_OBJECT_HANDLE pkcs11ID;
    void *opaque;
} CERTSignedCrl;
typedef struct CERTValidityStr {
    PLArenaPool *arena;
    SECItem notBefore;
    SECItem notAfter;
} CERTValidity;
typedef struct CERTStatusConfigStr {
    CERTStatusChecker statusChecker;
    CERTStatusDestroy statusDestroy;
    void *statusContext;
} CERTStatusConfig;
typedef struct CERTSubjectListStr {
    PLArenaPool *arena;
    int ncerts;
    char *emailAddr;
    CERTSubjectNode *head;
    CERTSubjectNode *tail;
    void *entry;
} CERTSubjectList;
typedef struct CERTSubjectNodeStr {
    struct CERTSubjectNodeStr *next;
    struct CERTSubjectNodeStr *prev;
    SECItem certKey;
    SECItem keyID;
} CERTSubjectNode;
typedef struct CERTCertificateRequestStr {
    PLArenaPool *arena;
    SECItem version;
    CERTName subject;
    CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
    CERTAttribute **attributes;
} CERTCertificateRequest;
typedef struct CERTCertificateStr {
    PLArenaPool *arena;
    char *subjectName;
    char *issuerName;
    CERTSignedData signatureWrap;
    SECItem derCert;
    SECItem derIssuer;
    SECItem derSubject;
    SECItem derPublicKey;
    SECItem certKey;
    SECItem version;
    SECItem serialNumber;
    SECAlgorithmID signature;
    CERTName issuer;
    CERTValidity validity;
    CERTName subject;
    CERTSubjectPublicKeyInfo subjectPublicKeyInfo;
    SECItem issuerID;
    SECItem subjectID;
    CERTCertExtension **extensions;
    char *emailAddr;
    CERTCertDBHandle *dbhandle;
    SECItem subjectKeyID;
    PRBool keyIDGenerated;
    unsigned int keyUsage;
    unsigned int rawKeyUsage;
    PRBool keyUsagePresent;
    PRUint32 nsCertType;
    PRBool keepSession;
    PRBool timeOK;
    CERTOKDomainName *domainOK;
    PRBool isperm;
    PRBool istemp;
    char *nickname;
    char *dbnickname;
    struct NSSCertificateStr *nssCertificate;
    CERTCertTrust *trust;
    int referenceCount;
    CERTSubjectList *subjectList;
    CERTAuthKeyID *authKeyID;
    PRBool isRoot;
    union {
	void *apointer;
	struct {
	    unsigned int hasUnsupportedCriticalExt;
	} bits;
    } options;
    int series;
    PK11SlotInfo *slot;
    CK_OBJECT_HANDLE pkcs11ID;
    PRBool ownSlot;
} CERTCertificate;
typedef struct CERTVerifyLogStr {
    PLArenaPool *arena;
    unsigned int count;
    struct CERTVerifyLogNodeStr *head;
    struct CERTVerifyLogNodeStr *tail;
} CERTVerifyLog;
typedef struct CRLDistributionPointStr {
    DistributionPointTypes distPointType;
    union {
	CERTGeneralName *fullName;
	CERTRDN relativeName;
    } distPoint;
    SECItem reasons;
    CERTGeneralName *crlIssuer;
    SECItem derDistPoint;
    SECItem derRelativeName;
    SECItem **derCrlIssuer;
    SECItem **derFullName;
    SECItem bitsmap;
} CRLDistributionPoint;
typedef enum SECCertUsageEnum {
    certUsageSSLClient,
    certUsageSSLServer = 1,
    certUsageSSLServerWithStepUp = 2,
    certUsageSSLCA = 3,
    certUsageEmailSigner = 4,
    certUsageEmailRecipient = 5,
    certUsageObjectSigner = 6,
    certUsageUserCertImport = 7,
    certUsageVerifyCA = 8,
    certUsageProtectedObjectSigner = 9,
    certUsageStatusResponder = 10,
    certUsageAnyCA = 11
} SECCertUsage;
typedef PRInt64 SECCertificateUsage;
typedef enum SECCertTimeValidityEnum {
    secCertTimeValid,
    secCertTimeExpired = 1,
    secCertTimeNotValidYet = 2,
    secCertTimeUndetermined = 3
} SECCertTimeValidity;
typedef enum CERTCompareValidityStatusEnum {
    certValidityUndetermined,
    certValidityChooseB = 1,
    certValidityEqual = 2,
    certValidityChooseA = 3
} CERTCompareValidityStatus;
typedef enum CERTGeneralNameTypeEnum {
    certOtherName = 1,
    certRFC822Name = 2,
    certDNSName = 3,
    certX400Address = 4,
    certDirectoryName = 5,
    certEDIPartyName = 6,
    certURI = 7,
    certIPAddress = 8,
    certRegisterID = 9
} CERTGeneralNameType;
typedef struct CERTNameConstraintStr {
    CERTGeneralName name;
    SECItem DERName;
    SECItem min;
    SECItem max;
    PRCList l;
} CERTNameConstraint;
typedef enum DistributionPointTypesEnum {
    generalName = 1,
    relativeDistinguishedName = 2
} DistributionPointTypes;
struct CERTVerifyLogNodeStr {
    CERTCertificate *cert;
    long int error;
    unsigned int depth;
    void *arg;
    struct CERTVerifyLogNodeStr *next;
    struct CERTVerifyLogNodeStr *prev;
};
typedef SECStatus(*CERTStatusChecker) (CERTCertDBHandle *,
				       CERTCertificate *, PRInt64, void *);
typedef SECStatus(*CERTStatusDestroy) (CERTStatusConfig *);
typedef struct {
    SECOidTag oid;
    SECItem qualifierID;
    SECItem qualifierValue;
} CERTPolicyQualifier;
typedef struct {
    SECOidTag oid;
    SECItem policyID;
    CERTPolicyQualifier **policyQualifiers;
} CERTPolicyInfo;
typedef struct {
    PLArenaPool *arena;
    CERTPolicyInfo **policyInfos;
} CERTCertificatePolicies;
typedef struct {
    SECItem organization;
    SECItem **noticeNumbers;
} CERTNoticeReference;
typedef struct {
    PLArenaPool *arena;
    CERTNoticeReference noticeReference;
    SECItem derNoticeReference;
    SECItem displayText;
} CERTUserNotice;
typedef struct {
    PLArenaPool *arena;
    SECItem **oids;
} CERTOidSequence;

14.4.4. nss3/cmsreclist.h


#define _CMSRECLIST_H

typedef struct NSSCMSRecipientStr {
    int riIndex;
    int subIndex;
    enum {
	RLIssuerSN,
	RLSubjKeyID = 1
    } kind;
    union {
	CERTIssuerAndSN *issuerAndSN;
	SECItem *subjectKeyID;
    } id;
    CERTCertificate *cert;
    SECKEYPrivateKey *privkey;
    PK11SlotInfo *slot;
} NSSCMSRecipient;

14.4.5. nss3/cryptoht.h


#define _CRYPTOHT_H_

typedef struct SGNContextStr SGNContext;
typedef struct VFYContextStr VFYContext;

14.4.6. nss3/hasht.h


#define _HASHT_H_
#define MD2_LENGTH	16
#define MD5_LENGTH	16
#define SHA1_LENGTH	20
#define SHA256_LENGTH	32
#define SHA384_LENGTH	48
#define SHA512_LENGTH	64
#define HASH_LENGTH_MAX	SHA512_LENGTH

typedef struct SECHashObjectStr {
    unsigned int length;
    void *(*create) (void);
    void *(*clone) (void *);
    void (*destroy) (void *, PRBool);
    void (*begin) (void *);
    void (*update) (void *, const unsigned char *, unsigned int);
    void (*end) (void *, unsigned char *, unsigned int *, unsigned int);
    unsigned int blocklength;
    HASH_HashType type;
} SECHashObject;
typedef struct HASHContextStr {
    const struct SECHashObjectStr *hashobj;
    void *hash_context;
} HASHContext;
typedef enum {
    HASH_AlgNULL,
    HASH_AlgMD2 = 1,
    HASH_AlgMD5 = 2,
    HASH_AlgSHA1 = 3,
    HASH_AlgSHA256 = 4,
    HASH_AlgSHA384 = 5,
    HASH_AlgSHA512 = 6,
    HASH_AlgTOTAL = 7
} HASH_HashType;

14.4.7. nss3/key.h


#define _KEY_H_

14.4.8. nss3/keyhi.h


#define _KEYHI_H_

extern void SECKEY_DestroyPrivateKey(SECKEYPrivateKey * key);

14.4.9. nss3/keyt.h


#define _KEYT_H_

14.4.10. nss3/keythi.h


#define _KEYTHI_H_

typedef enum {
    nullKey,
    rsaKey = 1,
    dsaKey = 2,
    fortezzaKey = 3,
    dhKey = 4,
    keaKey = 5,
    ecKey = 6
} KeyType;
typedef struct SECKEYRSAPublicKeyStr {
    PLArenaPool *arena;
    SECItem modulus;
    SECItem publicExponent;
} SECKEYRSAPublicKey;
typedef struct SECKEYPQGParamsStr {
    PLArenaPool *arena;
    SECItem prime;
    SECItem subPrime;
    SECItem base;
} SECKEYPQGParams;
typedef struct SECKEYDSAPublicKeyStr {
    SECKEYPQGParams params;
    SECItem publicValue;
} SECKEYDSAPublicKey;
typedef struct SECKEYDHParamsStr {
    PLArenaPool *arena;
    SECItem prime;
    SECItem base;
} SECKEYDHParams;
typedef struct SECKEYDHPublicKeyStr {
    PLArenaPool *arena;
    SECItem prime;
    SECItem base;
    SECItem publicValue;
} SECKEYDHPublicKey;
typedef SECItem SECKEYECParams;
typedef struct SECKEYECPublicKeyStr {
    SECKEYECParams DEREncodedParams;
    int size;
    SECItem publicValue;
} SECKEYECPublicKey;
typedef struct SECKEYFortezzaPublicKeyStr {
    int KEAversion;
    int DSSversion;
    unsigned char KMID[8];
    SECItem clearance;
    SECItem KEApriviledge;
    SECItem DSSpriviledge;
    SECItem KEAKey;
    SECItem DSSKey;
    SECKEYPQGParams params;
    SECKEYPQGParams keaParams;
} SECKEYFortezzaPublicKey;
typedef struct SECKEYKEAParamsStr {
    PLArenaPool *arena;
    SECItem hash;
} SECKEYKEAParams;
typedef struct SECKEYKEAPublicKeyStr {
    SECKEYKEAParams params;
    SECItem publicValue;
} SECKEYKEAPublicKey;
typedef struct SECKEYPublicKeyStr {
    PLArenaPool *arena;
    KeyType keyType;
    PK11SlotInfo *pkcs11Slot;
    CK_OBJECT_HANDLE pkcs11ID;
    union {
	SECKEYRSAPublicKey rsa;
	SECKEYDSAPublicKey dsa;
	SECKEYDHPublicKey dh;
	SECKEYKEAPublicKey kea;
	SECKEYFortezzaPublicKey fortezza;
	SECKEYECPublicKey ec;
    } u;
} SECKEYPublicKey;
typedef struct SECKEYPrivateKeyStr {
    PLArenaPool *arena;
    KeyType keyType;
    PK11SlotInfo *pkcs11Slot;
    CK_OBJECT_HANDLE pkcs11ID;
    PRBool pkcs11IsTemp;
    void *wincx;
    PRUint32 staticflags;
} SECKEYPrivateKey;
typedef struct {
    PRCList links;
    SECKEYPrivateKey *key;
} SECKEYPrivateKeyListNode;
typedef struct {
    PRCList list;
    PLArenaPool *arena;
} SECKEYPrivateKeyList;
typedef struct {
    PRCList list;
    PLArenaPool *arena;
} SECKEYPublicKeyList;

14.4.11. nss3/nss.h


#define __nss_h_
#define NSS_INIT_READONLY	0x1
#define NSS_INIT_NOROOTINIT	0x10
#define NSS_INIT_NOPK11FINALIZE	0x100
#define NSS_INIT_NOCERTDB	0x2
#define NSS_INIT_OPTIMIZESPACE	0x20
#define NSS_INIT_RESERVED	0x200
#define NSS_INIT_NOMODDB	0x4
#define NSS_INIT_PK11THREADSAFE	0x40
#define NSS_INIT_FORCEOPEN	0x8
#define NSS_INIT_PK11RELOAD	0x80
#define NSS_VMINOR	11
#define NSS_VMAJOR	3
#define NSS_VERSION	"3.11.4"
#define NSS_VPATCH	4
#define NSS_INIT_COOPERATE	NSS_INIT_PK11THREADSAFE | NSS_INIT_PK11RELOAD | NSS_INIT_NOPK11FINALIZE | NSS_INIT_RESERVED
#define SECMOD_DB	"secmod.db"

extern SECStatus NSS_Init(const char *configdir);
extern SECStatus NSS_InitReadWrite(const char *configdir);
extern SECStatus NSS_NoDB_Init(const char *configdir);
extern SECStatus NSS_Shutdown(void);

14.4.12. nss3/nssb64.h


#define _NSSB64_H_

14.4.13. nss3/nssb64t.h


#define _NSSB64T_H_

typedef struct NSSBase64DecoderStr NSSBase64Decoder;
typedef struct NSSBase64EncoderStr NSSBase64Encoder;

14.4.14. nss3/nssilckt.h


#define _NSSILCKT_H_

typedef enum {
    nssILockArena,
    nssILockSession = 1,
    nssILockObject = 2,
    nssILockRefLock = 3,
    nssILockCert = 4,
    nssILockCertDB = 5,
    nssILockDBM = 6,
    nssILockCache = 7,
    nssILockSSL = 8,
    nssILockList = 9,
    nssILockSlot = 10,
    nssILockFreelist = 11,
    nssILockOID = 12,
    nssILockAttribute = 13,
    nssILockPK11cxt = 14,
    nssILockRWLock = 15,
    nssILockOther = 16,
    nssILockSelfServ = 17,
    nssILockKeyDB = 18,
    nssILockLast = 19
} nssILockType;

14.4.15. nss3/nssrwlkt.h


#define nssrwlkt_h___

typedef struct nssRWLockStr NSSRWLock;

14.4.16. nss3/ocspt.h


#define _OCSPT_H_

typedef struct CERTOCSPRequestStr CERTOCSPRequest;
typedef struct CERTOCSPResponseStr CERTOCSPResponse;
typedef struct CERTOCSPCertIDStr CERTOCSPCertID;
typedef struct CERTOCSPSingleResponseStr CERTOCSPSingleResponse;

14.4.17. nss3/pk11pub.h


#define _PK11PUB_H_

extern CERTCertificate *PK11_FindCertFromNickname(const char *nickname,
						  void *wincx);
extern SECKEYPrivateKey *PK11_FindKeyByAnyCert(CERTCertificate * cert,
					       void *wincx);
extern char *PK11_GetSlotName(PK11SlotInfo * slot);
extern char *PK11_GetTokenName(PK11SlotInfo * slot);
extern PRBool PK11_IsHW(PK11SlotInfo * slot);
extern PRBool PK11_IsPresent(PK11SlotInfo * slot);
extern PRBool PK11_IsReadOnly(PK11SlotInfo * slot);
extern void PK11_SetPasswordFunc(PK11PasswordFunc func);

14.4.18. nss3/pkcs11t.h


#define _PKCS11T_H_

typedef unsigned char CK_BYTE;
typedef CK_BYTE CK_CHAR;
typedef CK_BYTE CK_UTF8CHAR;
typedef unsigned long int CK_ULONG;
typedef CK_ULONG CK_FLAGS;
typedef void *CK_VOID_PTR;
typedef struct CK_VERSION {
    CK_BYTE major;
    CK_BYTE minor;
} CK_VERSION;
typedef struct CK_INFO {
    CK_VERSION cryptokiVersion;
    CK_UTF8CHAR manufacturerID[31];
    CK_FLAGS flags;
    CK_UTF8CHAR libraryDescription[31];
    CK_VERSION libraryVersion;
} CK_INFO;
typedef CK_ULONG CK_SLOT_ID;
typedef struct CK_SLOT_INFO {
    CK_UTF8CHAR slotDescription[63];
    CK_UTF8CHAR manufacturerID[31];
    CK_FLAGS flags;
    CK_VERSION hardwareVersion;
    CK_VERSION firmwareVersion;
} CK_SLOT_INFO;
typedef struct CK_TOKEN_INFO {
    CK_UTF8CHAR label[31];
    CK_UTF8CHAR manufacturerID[31];
    CK_UTF8CHAR model[15];
    CK_CHAR serialNumber[15];
    CK_FLAGS flags;
    CK_ULONG ulMaxSessionCount;
    CK_ULONG ulSessionCount;
    CK_ULONG ulMaxRwSessionCount;
    CK_ULONG ulRwSessionCount;
    CK_ULONG ulMaxPinLen;
    CK_ULONG ulMinPinLen;
    CK_ULONG ulTotalPublicMemory;
    CK_ULONG ulFreePublicMemory;
    CK_ULONG ulTotalPrivateMemory;
    CK_ULONG ulFreePrivateMemory;
    CK_VERSION hardwareVersion;
    CK_VERSION firmwareVersion;
    CK_CHAR utcTime[15];
} CK_TOKEN_INFO;
typedef CK_ULONG CK_SESSION_HANDLE;
typedef CK_ULONG CK_OBJECT_HANDLE;
typedef CK_ULONG CK_OBJECT_CLASS;
typedef CK_ULONG CK_KEY_TYPE;
typedef CK_ULONG CK_ATTRIBUTE_TYPE;
typedef struct CK_ATTRIBUTE {
    CK_ATTRIBUTE_TYPE type;
    CK_VOID_PTR pValue;
    CK_ULONG ulValueLen;
} CK_ATTRIBUTE;
typedef CK_ATTRIBUTE *CK_ATTRIBUTE_PTR;
typedef CK_ULONG CK_MECHANISM_TYPE;
typedef struct CK_MECHANISM {
    CK_MECHANISM_TYPE mechanism;
    CK_VOID_PTR pParameter;
    CK_ULONG ulParameterLen;
} CK_MECHANISM;
typedef CK_MECHANISM *CK_MECHANISM_PTR;
typedef CK_ULONG CK_RV;

14.4.19. nss3/pkcs7t.h


#define _PKCS7T_H_

typedef struct SEC_PKCS7RecipientInfoStr {
    SECItem version;
    CERTIssuerAndSN *issuerAndSN;
    SECAlgorithmID keyEncAlg;
    SECItem encKey;
    CERTCertificate *cert;
} SEC_PKCS7RecipientInfo;

14.4.20. nss3/secasn1t.h


#define _SECASN1T_H_

typedef struct sec_ASN1Template_struct {
    unsigned long int kind;
    unsigned long int offset;
    const void *sub;
    unsigned int size;
} SEC_ASN1Template;
typedef struct sec_DecoderContext_struct SEC_ASN1DecoderContext;
typedef struct sec_EncoderContext_struct SEC_ASN1EncoderContext;
typedef enum {
    SEC_ASN1_Identifier,
    SEC_ASN1_Length = 1,
    SEC_ASN1_Contents = 2,
    SEC_ASN1_EndOfContents = 3
} SEC_ASN1EncodingPart;
typedef void (*SEC_ASN1NotifyProc) (void *, PRBool, void *, int);
typedef void (*SEC_ASN1WriteProc) (void *, const char *, unsigned long int,
				   int, SEC_ASN1EncodingPart);

14.4.21. nss3/seccomon.h


#define _SECCOMMON_H_

typedef enum {
    siBuffer,
    siClearDataBuffer = 1,
    siCipherDataBuffer = 2,
    siDERCertBuffer = 3,
    siEncodedCertBuffer = 4,
    siDERNameBuffer = 5,
    siEncodedNameBuffer = 6,
    siAsciiNameString = 7,
    siAsciiString = 8,
    siDEROID = 9,
    siUnsignedInteger = 10,
    siUTCTime = 11,
    siGeneralizedTime = 12,
    siVisibleString = 13,
    siUTF8String = 14,
    siBMPString = 15
} SECItemType;
typedef struct SECItemStr {
    SECItemType type;
    unsigned char *data;
    unsigned int len;
} SECItem;
typedef enum _SECStatus {
    SECWouldBlock = -2,
    SECFailure = -1,
    SECSuccess
} SECStatus;
typedef enum _SECComparison {
    SECLessThan = -1,
    SECEqual,
    SECGreaterThan = 1
} SECComparison;

14.4.22. nss3/secdert.h


#define _SECDERT_H_

typedef struct DERTemplateStr {
    unsigned long int kind;
    unsigned int offset;
    DERTemplate *sub;
    unsigned long int arg;
} DERTemplate;

14.4.23. nss3/secdigt.h


#define _SECDIGT_H_

typedef struct SGNDigestInfoStr {
    PLArenaPool *arena;
    SECAlgorithmID digestAlgorithm;
    SECItem digest;
} SGNDigestInfo;

14.4.24. nss3/secmodt.h


#define _SECMODT_H_
#define SECMOD_MAKE_NSS_FLAGS(fips,slot)	 \
	"Flags=internal,critical"fips" \
	slotparams=("#slot"={"SECMOD_SLOT_FLAGS"})"
#define SECMOD_FIPS_NAME	"NSS Internal FIPS PKCS #11 Module"
#define SECMOD_INT_NAME	"NSS Internal PKCS #11 Module"
#define SECMOD_SLOT_FLAGS	"slotFlags=[RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,SHA256,SHA512]"
#define SECMOD_EXTERNAL	0
#define CRL_IMPORT_DEFAULT_OPTIONS	0x00000000
#define CRL_IMPORT_BYPASS_CHECKS	0x00000001
#define PK11_ATTR_TOKEN	0x00000001L
#define SECMOD_RSA_FLAG	0x00000001L
#define PK11_ATTR_SESSION	0x00000002L
#define SECMOD_DSA_FLAG	0x00000002L
#define PK11_ATTR_PRIVATE	0x00000004L
#define SECMOD_RC2_FLAG	0x00000004L
#define PK11_ATTR_PUBLIC	0x00000008L
#define SECMOD_RC4_FLAG	0x00000008L
#define PK11_ATTR_MODIFIABLE	0x00000010L
#define SECMOD_DES_FLAG	0x00000010L
#define PK11_ATTR_UNMODIFIABLE	0x00000020L
#define SECMOD_DH_FLAG	0x00000020L
#define PK11_ATTR_SENSITIVE	0x00000040L
#define SECMOD_FORTEZZA_FLAG	0x00000040L
#define PK11_ATTR_INSENSITIVE	0x00000080L
#define SECMOD_RC5_FLAG	0x00000080L
#define PK11_ATTR_EXTRACTABLE	0x00000100L
#define SECMOD_SHA1_FLAG	0x00000100L
#define PK11_ATTR_UNEXTRACTABLE	0x00000200L
#define SECMOD_MD5_FLAG	0x00000200L
#define SECMOD_MD2_FLAG	0x00000400L
#define SECMOD_SSL_FLAG	0x00000800L
#define SECMOD_TLS_FLAG	0x00001000L
#define SECMOD_AES_FLAG	0x00002000L
#define SECMOD_SHA256_FLAG	0x00004000L
#define SECMOD_SHA512_FLAG	0x00008000L
#define SECMOD_END_WAIT	0x01
#define SECMOD_WAIT_SIMULATED_EVENT	0x02
#define SECMOD_WAIT_PKCS11_EVENT	0x04
#define SECMOD_RESERVED_FLAG	0X08000000L
#define SECMOD_FRIENDLY_FLAG	0x10000000L
#define PK11_OWN_PW_DEFAULTS	0x20000000L
#define PK11_DISABLE_FLAG	0x40000000L
#define SECMOD_RANDOM_FLAG	0x80000000L
#define CKM_FAKE_RANDOM	0x80000efeL
#define CKM_INVALID_MECHANISM	0xffffffffL
#define SECMOD_INTERNAL	1
#define SECMOD_FIPS	2
#define PK11_PW_AUTHENTICATED	"AUTH"
#define PK11_PW_RETRY	"RETRY"
#define SECMOD_INT_FLAGS	SECMOD_MAKE_NSS_FLAGS("",1)
#define SECMOD_FIPS_FLAGS	SECMOD_MAKE_NSS_FLAGS(",fips",3)
#define PK11_PW_TRY	"TRY"

typedef struct SECMODModuleStr {
    PLArenaPool *arena;
    PRBool internal;
    PRBool loaded;
    PRBool isFIPS;
    char *dllName;
    char *commonName;
    void *library;
    void *functionList;
    PRLock *refLock;
    int refCount;
    PK11SlotInfo **slots;
    int slotCount;
    PK11PreSlotInfo *slotInfo;
    int slotInfoCount;
    SECMODModuleID moduleID;
    PRBool isThreadSafe;
    unsigned long int ssl[1];
    char *libraryParams;
    void *moduleDBFunc;
    SECMODModule *parent;
    PRBool isCritical;
    PRBool isModuleDB;
    PRBool moduleDBOnly;
    int trustOrder;
    int cipherOrder;
    unsigned long int evControlMask;
    CK_VERSION cryptokiVersion;
} SECMODModule;
typedef struct SECMODModuleListStr {
    SECMODModuleList *next;
    SECMODModule *module;
} SECMODModuleList;
typedef NSSRWLock SECMODListLock;
typedef struct PK11SlotInfoStr PK11SlotInfo;
typedef struct PK11PreSlotInfoStr PK11PreSlotInfo;
typedef struct PK11SymKeyStr PK11SymKey;
typedef struct PK11ContextStr PK11Context;
typedef struct PK11SlotListStr PK11SlotList;
typedef struct PK11SlotListElementStr PK11SlotListElement;
typedef unsigned long int SECMODModuleID;
typedef struct PK11DefaultArrayEntryStr PK11DefaultArrayEntry;
typedef struct PK11GenericObjectStr PK11GenericObject;
typedef void (*PK11FreeDataFunc) (void *);
typedef enum {
    PK11CertListUnique,
    PK11CertListUser = 1,
    PK11CertListRootUnique = 2,
    PK11CertListCA = 3,
    PK11CertListCAUnique = 4,
    PK11CertListUserUnique = 5,
    PK11CertListAll = 6
} PK11CertListType;
typedef PRUint32 PK11AttrFlags;
typedef enum {
    PK11_OriginNULL,
    PK11_OriginDerive = 1,
    PK11_OriginGenerated = 2,
    PK11_OriginFortezzaHack = 3,
    PK11_OriginUnwrap = 4
} PK11Origin;
typedef enum {
    PK11_DIS_NONE,
    PK11_DIS_USER_SELECTED = 1,
    PK11_DIS_COULD_NOT_INIT_TOKEN = 2,
    PK11_DIS_TOKEN_VERIFY_FAILED = 3,
    PK11_DIS_TOKEN_NOT_PRESENT = 4
} PK11DisableReasons;
typedef enum {
    PK11_TypeGeneric,
    PK11_TypePrivKey = 1,
    PK11_TypePubKey = 2,
    PK11_TypeCert = 3,
    PK11_TypeSymKey = 4
} PK11ObjectType;
typedef char *(*PK11PasswordFunc) (PK11SlotInfo *, PRBool, void *);
typedef struct SECKEYAttributeStr {
    SECItem attrType;
    SECItem **attrValue;
} SECKEYAttribute;
typedef struct SECKEYPrivateKeyInfoStr {
    PLArenaPool *arena;
    SECItem version;
    SECAlgorithmID algorithm;
    SECItem privateKey;
    SECKEYAttribute **attributes;
} SECKEYPrivateKeyInfo;
typedef struct SECKEYEncryptedPrivateKeyInfoStr {
    PLArenaPool *arena;
    SECAlgorithmID algorithm;
    SECItem encryptedData;
} SECKEYEncryptedPrivateKeyInfo;
typedef enum {
    PK11TokenNotRemovable,
    PK11TokenPresent = 1,
    PK11TokenChanged = 2,
    PK11TokenRemoved = 3
} PK11TokenStatus;
typedef enum {
    PK11TokenRemovedOrChangedEvent,
    PK11TokenPresentEvent = 1
} PK11TokenEvent;

14.4.25. nss3/secoidt.h


#define _SECOIDT_H_

typedef struct SECOidDataStr {
    SECItem oid;
    SECOidTag offset;
    const char *desc;
    unsigned long int mechanism;
    SECSupportExtenTag supportedExtension;
} SECOidData;
typedef struct SECAlgorithmIDStr {
    SECItem algorithm;
    SECItem parameters;
} SECAlgorithmID;
typedef enum {
    SEC_OID_UNKNOWN,
    SEC_OID_MD2 = 1,
    SEC_OID_MD4 = 2,
    SEC_OID_MD5 = 3,
    SEC_OID_SHA1 = 4,
    SEC_OID_RC2_CBC = 5,
    SEC_OID_RC4 = 6,
    SEC_OID_DES_EDE3_CBC = 7,
    SEC_OID_RC5_CBC_PAD = 8,
    SEC_OID_DES_ECB = 9,
    SEC_OID_DES_CBC = 10,
    SEC_OID_DES_OFB = 11,
    SEC_OID_DES_CFB = 12,
    SEC_OID_DES_MAC = 13,
    SEC_OID_DES_EDE = 14,
    SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE = 15,
    SEC_OID_PKCS1_RSA_ENCRYPTION = 16,
    SEC_OID_PKCS1_MD2_WITH_RSA_ENCRYPTION = 17,
    SEC_OID_PKCS1_MD4_WITH_RSA_ENCRYPTION = 18,
    SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION = 19,
    SEC_OID_PKCS1_SHA1_WITH_RSA_ENCRYPTION = 20,
    SEC_OID_PKCS5_PBE_WITH_MD2_AND_DES_CBC = 21,
    SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC = 22,
    SEC_OID_PKCS5_PBE_WITH_SHA1_AND_DES_CBC = 23,
    SEC_OID_PKCS7 = 24,
    SEC_OID_PKCS7_DATA = 25,
    SEC_OID_PKCS7_SIGNED_DATA = 26,
    SEC_OID_PKCS7_ENVELOPED_DATA = 27,
    SEC_OID_PKCS7_SIGNED_ENVELOPED_DATA = 28,
    SEC_OID_PKCS7_DIGESTED_DATA = 29,
    SEC_OID_PKCS7_ENCRYPTED_DATA = 30,
    SEC_OID_PKCS9_EMAIL_ADDRESS = 31,
    SEC_OID_PKCS9_UNSTRUCTURED_NAME = 32,
    SEC_OID_PKCS9_CONTENT_TYPE = 33,
    SEC_OID_PKCS9_MESSAGE_DIGEST = 34,
    SEC_OID_PKCS9_SIGNING_TIME = 35,
    SEC_OID_PKCS9_COUNTER_SIGNATURE = 36,
    SEC_OID_PKCS9_CHALLENGE_PASSWORD = 37,
    SEC_OID_PKCS9_UNSTRUCTURED_ADDRESS = 38,
    SEC_OID_PKCS9_EXTENDED_CERTIFICATE_ATTRIBUTES = 39,
    SEC_OID_PKCS9_SMIME_CAPABILITIES = 40,
    SEC_OID_AVA_COMMON_NAME = 41,
    SEC_OID_AVA_COUNTRY_NAME = 42,
    SEC_OID_AVA_LOCALITY = 43,
    SEC_OID_AVA_STATE_OR_PROVINCE = 44,
    SEC_OID_AVA_ORGANIZATION_NAME = 45,
    SEC_OID_AVA_ORGANIZATIONAL_UNIT_NAME = 46,
    SEC_OID_AVA_DN_QUALIFIER = 47,
    SEC_OID_AVA_DC = 48,
    SEC_OID_NS_TYPE_GIF = 49,
    SEC_OID_NS_TYPE_JPEG = 50,
    SEC_OID_NS_TYPE_URL = 51,
    SEC_OID_NS_TYPE_HTML = 52,
    SEC_OID_NS_TYPE_CERT_SEQUENCE = 53,
    SEC_OID_MISSI_KEA_DSS_OLD = 54,
    SEC_OID_MISSI_DSS_OLD = 55,
    SEC_OID_MISSI_KEA_DSS = 56,
    SEC_OID_MISSI_DSS = 57,
    SEC_OID_MISSI_KEA = 58,
    SEC_OID_MISSI_ALT_KEA = 59,
    SEC_OID_NS_CERT_EXT_NETSCAPE_OK = 60,
    SEC_OID_NS_CERT_EXT_ISSUER_LOGO = 61,
    SEC_OID_NS_CERT_EXT_SUBJECT_LOGO = 62,
    SEC_OID_NS_CERT_EXT_CERT_TYPE = 63,
    SEC_OID_NS_CERT_EXT_BASE_URL = 64,
    SEC_OID_NS_CERT_EXT_REVOCATION_URL = 65,
    SEC_OID_NS_CERT_EXT_CA_REVOCATION_URL = 66,
    SEC_OID_NS_CERT_EXT_CA_CRL_URL = 67,
    SEC_OID_NS_CERT_EXT_CA_CERT_URL = 68,
    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_URL = 69,
    SEC_OID_NS_CERT_EXT_CA_POLICY_URL = 70,
    SEC_OID_NS_CERT_EXT_HOMEPAGE_URL = 71,
    SEC_OID_NS_CERT_EXT_ENTITY_LOGO = 72,
    SEC_OID_NS_CERT_EXT_USER_PICTURE = 73,
    SEC_OID_NS_CERT_EXT_SSL_SERVER_NAME = 74,
    SEC_OID_NS_CERT_EXT_COMMENT = 75,
    SEC_OID_NS_CERT_EXT_LOST_PASSWORD_URL = 76,
    SEC_OID_NS_CERT_EXT_CERT_RENEWAL_TIME = 77,
    SEC_OID_NS_KEY_USAGE_GOVT_APPROVED = 78,
    SEC_OID_X509_SUBJECT_DIRECTORY_ATTR = 79,
    SEC_OID_X509_SUBJECT_KEY_ID = 80,
    SEC_OID_X509_KEY_USAGE = 81,
    SEC_OID_X509_PRIVATE_KEY_USAGE_PERIOD = 82,
    SEC_OID_X509_SUBJECT_ALT_NAME = 83,
    SEC_OID_X509_ISSUER_ALT_NAME = 84,
    SEC_OID_X509_BASIC_CONSTRAINTS = 85,
    SEC_OID_X509_NAME_CONSTRAINTS = 86,
    SEC_OID_X509_CRL_DIST_POINTS = 87,
    SEC_OID_X509_CERTIFICATE_POLICIES = 88,
    SEC_OID_X509_POLICY_MAPPINGS = 89,
    SEC_OID_X509_POLICY_CONSTRAINTS = 90,
    SEC_OID_X509_AUTH_KEY_ID = 91,
    SEC_OID_X509_EXT_KEY_USAGE = 92,
    SEC_OID_X509_AUTH_INFO_ACCESS = 93,
    SEC_OID_X509_CRL_NUMBER = 94,
    SEC_OID_X509_REASON_CODE = 95,
    SEC_OID_X509_INVALID_DATE = 96,
    SEC_OID_X500_RSA_ENCRYPTION = 97,
    SEC_OID_RFC1274_UID = 98,
    SEC_OID_RFC1274_MAIL = 99,
    SEC_OID_PKCS12 = 100,
    SEC_OID_PKCS12_MODE_IDS = 101,
    SEC_OID_PKCS12_ESPVK_IDS = 102,
    SEC_OID_PKCS12_BAG_IDS = 103,
    SEC_OID_PKCS12_CERT_BAG_IDS = 104,
    SEC_OID_PKCS12_OIDS = 105,
    SEC_OID_PKCS12_PBE_IDS = 106,
    SEC_OID_PKCS12_SIGNATURE_IDS = 107,
    SEC_OID_PKCS12_ENVELOPING_IDS = 108,
    SEC_OID_PKCS12_PKCS8_KEY_SHROUDING = 109,
    SEC_OID_PKCS12_KEY_BAG_ID = 110,
    SEC_OID_PKCS12_CERT_AND_CRL_BAG_ID = 111,
    SEC_OID_PKCS12_SECRET_BAG_ID = 112,
    SEC_OID_PKCS12_X509_CERT_CRL_BAG = 113,
    SEC_OID_PKCS12_SDSI_CERT_BAG = 114,
    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC4 = 115,
    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC4 = 116,
    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_TRIPLE_DES_CBC = 117,
    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 118,
    SEC_OID_PKCS12_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 119,
    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_128_BIT_RC4 = 120,
    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_40_BIT_RC4 = 121,
    SEC_OID_PKCS12_RSA_ENCRYPTION_WITH_TRIPLE_DES = 122,
    SEC_OID_PKCS12_RSA_SIGNATURE_WITH_SHA1_DIGEST = 123,
    SEC_OID_ANSIX9_DSA_SIGNATURE = 124,
    SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST = 125,
    SEC_OID_BOGUS_DSA_SIGNATURE_WITH_SHA1_DIGEST = 126,
    SEC_OID_VERISIGN_USER_NOTICES = 127,
    SEC_OID_PKIX_CPS_POINTER_QUALIFIER = 128,
    SEC_OID_PKIX_USER_NOTICE_QUALIFIER = 129,
    SEC_OID_PKIX_OCSP = 130,
    SEC_OID_PKIX_OCSP_BASIC_RESPONSE = 131,
    SEC_OID_PKIX_OCSP_NONCE = 132,
    SEC_OID_PKIX_OCSP_CRL = 133,
    SEC_OID_PKIX_OCSP_RESPONSE = 134,
    SEC_OID_PKIX_OCSP_NO_CHECK = 135,
    SEC_OID_PKIX_OCSP_ARCHIVE_CUTOFF = 136,
    SEC_OID_PKIX_OCSP_SERVICE_LOCATOR = 137,
    SEC_OID_PKIX_REGCTRL_REGTOKEN = 138,
    SEC_OID_PKIX_REGCTRL_AUTHENTICATOR = 139,
    SEC_OID_PKIX_REGCTRL_PKIPUBINFO = 140,
    SEC_OID_PKIX_REGCTRL_PKI_ARCH_OPTIONS = 141,
    SEC_OID_PKIX_REGCTRL_OLD_CERT_ID = 142,
    SEC_OID_PKIX_REGCTRL_PROTOCOL_ENC_KEY = 143,
    SEC_OID_PKIX_REGINFO_UTF8_PAIRS = 144,
    SEC_OID_PKIX_REGINFO_CERT_REQUEST = 145,
    SEC_OID_EXT_KEY_USAGE_SERVER_AUTH = 146,
    SEC_OID_EXT_KEY_USAGE_CLIENT_AUTH = 147,
    SEC_OID_EXT_KEY_USAGE_CODE_SIGN = 148,
    SEC_OID_EXT_KEY_USAGE_EMAIL_PROTECT = 149,
    SEC_OID_EXT_KEY_USAGE_TIME_STAMP = 150,
    SEC_OID_OCSP_RESPONDER = 151,
    SEC_OID_NETSCAPE_SMIME_KEA = 152,
    SEC_OID_FORTEZZA_SKIPJACK = 153,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC4 = 154,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC4 = 155,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC = 156,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_2KEY_TRIPLE_DES_CBC = 157,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_128_BIT_RC2_CBC = 158,
    SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_40_BIT_RC2_CBC = 159,
    SEC_OID_PKCS12_SAFE_CONTENTS_ID = 160,
    SEC_OID_PKCS12_PKCS8_SHROUDED_KEY_BAG_ID = 161,
    SEC_OID_PKCS12_V1_KEY_BAG_ID = 162,
    SEC_OID_PKCS12_V1_PKCS8_SHROUDED_KEY_BAG_ID = 163,
    SEC_OID_PKCS12_V1_CERT_BAG_ID = 164,
    SEC_OID_PKCS12_V1_CRL_BAG_ID = 165,
    SEC_OID_PKCS12_V1_SECRET_BAG_ID = 166,
    SEC_OID_PKCS12_V1_SAFE_CONTENTS_BAG_ID = 167,
    SEC_OID_PKCS9_X509_CERT = 168,
    SEC_OID_PKCS9_SDSI_CERT = 169,
    SEC_OID_PKCS9_X509_CRL = 170,
    SEC_OID_PKCS9_FRIENDLY_NAME = 171,
    SEC_OID_PKCS9_LOCAL_KEY_ID = 172,
    SEC_OID_BOGUS_KEY_USAGE = 173,
    SEC_OID_X942_DIFFIE_HELMAN_KEY = 174,
    SEC_OID_NETSCAPE_NICKNAME = 175,
    SEC_OID_NETSCAPE_RECOVERY_REQUEST = 176,
    SEC_OID_CERT_RENEWAL_LOCATOR = 177,
    SEC_OID_NS_CERT_EXT_SCOPE_OF_USE = 178,
    SEC_OID_CMS_EPHEMERAL_STATIC_DIFFIE_HELLMAN = 179,
    SEC_OID_CMS_3DES_KEY_WRAP = 180,
    SEC_OID_CMS_RC2_KEY_WRAP = 181,
    SEC_OID_SMIME_ENCRYPTION_KEY_PREFERENCE = 182,
    SEC_OID_AES_128_ECB = 183,
    SEC_OID_AES_128_CBC = 184,
    SEC_OID_AES_192_ECB = 185,
    SEC_OID_AES_192_CBC = 186,
    SEC_OID_AES_256_ECB = 187,
    SEC_OID_AES_256_CBC = 188,
    SEC_OID_SDN702_DSA_SIGNATURE = 189,
    SEC_OID_MS_SMIME_ENCRYPTION_KEY_PREFERENCE = 190,
    SEC_OID_SHA256 = 191,
    SEC_OID_SHA384 = 192,
    SEC_OID_SHA512 = 193,
    SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION = 194,
    SEC_OID_PKCS1_SHA384_WITH_RSA_ENCRYPTION = 195,
    SEC_OID_PKCS1_SHA512_WITH_RSA_ENCRYPTION = 196,
    SEC_OID_AES_128_KEY_WRAP = 197,
    SEC_OID_AES_192_KEY_WRAP = 198,
    SEC_OID_AES_256_KEY_WRAP = 199,
    SEC_OID_ANSIX962_EC_PUBLIC_KEY = 200,
    SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE = 201,
    SEC_OID_ANSIX962_EC_PRIME192V1 = 202,
    SEC_OID_ANSIX962_EC_PRIME192V2 = 203,
    SEC_OID_ANSIX962_EC_PRIME192V3 = 204,
    SEC_OID_ANSIX962_EC_PRIME239V1 = 205,
    SEC_OID_ANSIX962_EC_PRIME239V2 = 206,
    SEC_OID_ANSIX962_EC_PRIME239V3 = 207,
    SEC_OID_ANSIX962_EC_PRIME256V1 = 208,
    SEC_OID_SECG_EC_SECP112R1 = 209,
    SEC_OID_SECG_EC_SECP112R2 = 210,
    SEC_OID_SECG_EC_SECP128R1 = 211,
    SEC_OID_SECG_EC_SECP128R2 = 212,
    SEC_OID_SECG_EC_SECP160K1 = 213,
    SEC_OID_SECG_EC_SECP160R1 = 214,
    SEC_OID_SECG_EC_SECP160R2 = 215,
    SEC_OID_SECG_EC_SECP192K1 = 216,
    SEC_OID_SECG_EC_SECP224K1 = 217,
    SEC_OID_SECG_EC_SECP224R1 = 218,
    SEC_OID_SECG_EC_SECP256K1 = 219,
    SEC_OID_SECG_EC_SECP384R1 = 220,
    SEC_OID_SECG_EC_SECP521R1 = 221,
    SEC_OID_ANSIX962_EC_C2PNB163V1 = 222,
    SEC_OID_ANSIX962_EC_C2PNB163V2 = 223,
    SEC_OID_ANSIX962_EC_C2PNB163V3 = 224,
    SEC_OID_ANSIX962_EC_C2PNB176V1 = 225,
    SEC_OID_ANSIX962_EC_C2TNB191V1 = 226,
    SEC_OID_ANSIX962_EC_C2TNB191V2 = 227,
    SEC_OID_ANSIX962_EC_C2TNB191V3 = 228,
    SEC_OID_ANSIX962_EC_C2ONB191V4 = 229,
    SEC_OID_ANSIX962_EC_C2ONB191V5 = 230,
    SEC_OID_ANSIX962_EC_C2PNB208W1 = 231,
    SEC_OID_ANSIX962_EC_C2TNB239V1 = 232,
    SEC_OID_ANSIX962_EC_C2TNB239V2 = 233,
    SEC_OID_ANSIX962_EC_C2TNB239V3 = 234,
    SEC_OID_ANSIX962_EC_C2ONB239V4 = 235,
    SEC_OID_ANSIX962_EC_C2ONB239V5 = 236,
    SEC_OID_ANSIX962_EC_C2PNB272W1 = 237,
    SEC_OID_ANSIX962_EC_C2PNB304W1 = 238,
    SEC_OID_ANSIX962_EC_C2TNB359V1 = 239,
    SEC_OID_ANSIX962_EC_C2PNB368W1 = 240,
    SEC_OID_ANSIX962_EC_C2TNB431R1 = 241,
    SEC_OID_SECG_EC_SECT113R1 = 242,
    SEC_OID_SECG_EC_SECT113R2 = 243,
    SEC_OID_SECG_EC_SECT131R1 = 244,
    SEC_OID_SECG_EC_SECT131R2 = 245,
    SEC_OID_SECG_EC_SECT163K1 = 246,
    SEC_OID_SECG_EC_SECT163R1 = 247,
    SEC_OID_SECG_EC_SECT163R2 = 248,
    SEC_OID_SECG_EC_SECT193R1 = 249,
    SEC_OID_SECG_EC_SECT193R2 = 250,
    SEC_OID_SECG_EC_SECT233K1 = 251,
    SEC_OID_SECG_EC_SECT233R1 = 252,
    SEC_OID_SECG_EC_SECT239K1 = 253,
    SEC_OID_SECG_EC_SECT283K1 = 254,
    SEC_OID_SECG_EC_SECT283R1 = 255,
    SEC_OID_SECG_EC_SECT409K1 = 256,
    SEC_OID_SECG_EC_SECT409R1 = 257,
    SEC_OID_SECG_EC_SECT571K1 = 258,
    SEC_OID_SECG_EC_SECT571R1 = 259,
    SEC_OID_NETSCAPE_AOLSCREENNAME = 260,
    SEC_OID_AVA_SURNAME = 261,
    SEC_OID_AVA_SERIAL_NUMBER = 262,
    SEC_OID_AVA_STREET_ADDRESS = 263,
    SEC_OID_AVA_TITLE = 264,
    SEC_OID_AVA_POSTAL_ADDRESS = 265,
    SEC_OID_AVA_POSTAL_CODE = 266,
    SEC_OID_AVA_POST_OFFICE_BOX = 267,
    SEC_OID_AVA_GIVEN_NAME = 268,
    SEC_OID_AVA_INITIALS = 269,
    SEC_OID_AVA_GENERATION_QUALIFIER = 270,
    SEC_OID_AVA_HOUSE_IDENTIFIER = 271,
    SEC_OID_AVA_PSEUDONYM = 272,
    SEC_OID_PKIX_CA_ISSUERS = 273,
    SEC_OID_PKCS9_EXTENSION_REQUEST = 274,
    SEC_OID_ANSIX962_ECDSA_SIGNATURE_RECOMMENDED_DIGEST = 275,
    SEC_OID_ANSIX962_ECDSA_SIGNATURE_SPECIFIED_DIGEST = 276,
    SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE = 277,
    SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE = 278,
    SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE = 279,
    SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE = 280,
    SEC_OID_X509_HOLD_INSTRUCTION_CODE = 281,
    SEC_OID_X509_DELTA_CRL_INDICATOR = 282,
    SEC_OID_X509_ISSUING_DISTRIBUTION_POINT = 283,
    SEC_OID_X509_CERT_ISSUER = 284,
    SEC_OID_X509_FRESHEST_CRL = 285,
    SEC_OID_X509_INHIBIT_ANY_POLICY = 286,
    SEC_OID_X509_SUBJECT_INFO_ACCESS = 287,
    SEC_OID_CAMELLIA_128_CBC = 288,
    SEC_OID_CAMELLIA_192_CBC = 289,
    SEC_OID_CAMELLIA_256_CBC = 290,
    SEC_OID_PKCS5_PBKDF2 = 291,
    SEC_OID_PKCS5_PBES2 = 292,
    SEC_OID_PKCS5_PBMAC1 = 293,
    SEC_OID_HMAC_SHA1 = 294,
    SEC_OID_HMAC_SHA224 = 295,
    SEC_OID_HMAC_SHA256 = 296,
    SEC_OID_HMAC_SHA384 = 297,
    SEC_OID_HMAC_SHA512 = 298,
    SEC_OID_PKIX_TIMESTAMPING = 299,
    SEC_OID_PKIX_CA_REPOSITORY = 300,
    SEC_OID_ISO_SHA1_WITH_RSA_SIGNATURE = 301,
    SEC_OID_TOTAL = 302
} SECOidTag;
typedef enum {
    INVALID_CERT_EXTENSION,
    UNSUPPORTED_CERT_EXTENSION = 1,
    SUPPORTED_CERT_EXTENSION = 2
} SECSupportExtenTag;

14.4.26. nss3/secpkcs5.h


#define _SECPKCS5_H_

typedef enum {
    pbeBitGenIDNull,
    pbeBitGenCipherKey = 1,
    pbeBitGenCipherIV = 2,
    pbeBitGenIntegrityKey = 3
} PBEBitGenID;
typedef struct PBEBitGenContextStr PBEBitGenContext;

14.4.27. nss3/secport.h


#define _SECPORT_H_

typedef PRBool(*PORTCharConversionWSwapFunc) (PRBool, unsigned char *,
					      unsigned int,
					      unsigned char *,
					      unsigned int, unsigned int *,
					      PRBool);
typedef PRBool(*PORTCharConversionFunc) (PRBool, unsigned char *,
					 unsigned int, unsigned char *,
					 unsigned int, unsigned int *);