The Tor Browser: security/nss/lib/softoken/pkcs11i.h@6474c204b198 (annotated)

security/nss/lib/softoken/pkcs11i.h@6474c204b198 (annotated)

security/nss/lib/softoken/pkcs11i.h

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rw-r--r--

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * Internal data structures and functions used by pkcs11.c
  */
 #ifndef _PKCS11I_H_
 #define _PKCS11I_H_ 1
 #include "nssilock.h"
 #include "seccomon.h"
 #include "secoidt.h"
 #include "lowkeyti.h"
 #include "pkcs11t.h"
 #include "sftkdbt.h"
 #include "hasht.h"
 /*
  * Configuration Defines
  *
  * The following defines affect the space verse speed trade offs of
  * the PKCS #11 module. For the most part the current settings are optimized
  * for web servers, where we want faster speed and lower lock contention at
  * the expense of space.
  */
 /*
  * The attribute allocation strategy is static allocation:
  *   Attributes are pre-allocated as part of the session object and used from
  *   the object array.
  */
 #define MAX_OBJS_ATTRS 45	/* number of attributes to preallocate in
 				 * the object (must me the absolute max) */
 #define ATTR_SPACE 50  		/* Maximum size of attribute data before extra
 				 * data needs to be allocated. This is set to
 				 * enough space to hold an SSL MASTER secret */
 #define NSC_STRICT      PR_FALSE  /* forces the code to do strict template
 				   * matching when doing C_FindObject on token
 				   * objects. This will slow down search in
 				   * NSS. */
 /* default search block allocations and increments */
 #define NSC_CERT_BLOCK_SIZE     50
 #define NSC_SEARCH_BLOCK_SIZE   5
 #define NSC_SLOT_LIST_BLOCK_SIZE 10
 #define NSC_FIPS_MODULE 1
 #define NSC_NON_FIPS_MODULE 0
 /* these are data base storage hashes, not cryptographic hashes.. The define
  * the effective size of the various object hash tables */
 /* clients care more about memory usage than lookup performance on
  * cyrptographic objects. Clients also have less objects around to play with
  *
  * we eventually should make this configurable at runtime! Especially now that
  * NSS is a shared library.
  */
 #define SPACE_ATTRIBUTE_HASH_SIZE 32
 #define SPACE_SESSION_OBJECT_HASH_SIZE 32
 #define SPACE_SESSION_HASH_SIZE 32
 #define TIME_ATTRIBUTE_HASH_SIZE 32
 #define TIME_SESSION_OBJECT_HASH_SIZE 1024
 #define TIME_SESSION_HASH_SIZE 1024
 #define MAX_OBJECT_LIST_SIZE 800
 				  /* how many objects to keep on the free list
 				   * before we start freeing them */
 #define MAX_KEY_LEN 256 	  /* maximum symmetric key length in bytes */
 /*
  * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
  * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
  * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
  *
  * HASH_SIZE   LOG2_BUCKETS_PER   BUCKETS_PER_LOCK  NUMBER_OF_BUCKETS
  * 1024        9                  512               2
  * 1024        5                  32                32
  * 1024        1                  2                 512
  * 1024        0                  1                 1024
  * 4096        11                 2048              2
  * 4096        9                  512               8
  * 4096        5                  32                128
  * 4096        1                  2                 2048
  * 4096        0                  1                 4096
  */
 #define LOG2_BUCKETS_PER_SESSION_LOCK 1
 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
 /* NOSPREAD sessionID to hash table index macro has been slower. */
 /* define typedefs, double as forward declarations as well */
 typedef struct SFTKAttributeStr SFTKAttribute;
 typedef struct SFTKObjectListStr SFTKObjectList;
 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
 typedef struct SFTKObjectListElementStr SFTKObjectListElement;
 typedef struct SFTKObjectStr SFTKObject;
 typedef struct SFTKSessionObjectStr SFTKSessionObject;
 typedef struct SFTKTokenObjectStr SFTKTokenObject;
 typedef struct SFTKSessionStr SFTKSession;
 typedef struct SFTKSlotStr SFTKSlot;
 typedef struct SFTKSessionContextStr SFTKSessionContext;
 typedef struct SFTKSearchResultsStr SFTKSearchResults;
 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
 typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo;
 typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo;
 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
 typedef struct SFTKItemTemplateStr SFTKItemTemplate;
 /* define function pointer typdefs for pointer tables */
 typedef void (*SFTKDestroy)(void *, PRBool);
 typedef void (*SFTKBegin)(void *);
 typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
 					void *, unsigned int);
 typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
 typedef void (*SFTKHash)(void *,void *,unsigned int);
 typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
 typedef void (*SFTKFree)(void *);
 /* Value to tell if an attribute is modifiable or not.
  *    NEVER: attribute is only set on creation.
  *    ONCOPY: attribute is set on creation and can only be changed on copy.
  *    SENSITIVE: attribute can only be changed to TRUE.
  *    ALWAYS: attribute can always be changed.
  */
 typedef enum {
 	SFTK_NEVER = 0,
 	SFTK_ONCOPY = 1,
 	SFTK_SENSITIVE = 2,
 	SFTK_ALWAYS = 3
 } SFTKModifyType;
 /*
  * Free Status Enum... tell us more information when we think we're
  * deleting an object.
  */
 typedef enum {
 	SFTK_DestroyFailure,
 	SFTK_Destroyed,
 	SFTK_Busy
 } SFTKFreeStatus;
 /*
  * attribute values of an object.
  */
 struct SFTKAttributeStr {
     SFTKAttribute  	*next;
     SFTKAttribute  	*prev;
     PRBool		freeAttr;
     PRBool		freeData;
     /*must be called handle to make sftkqueue_find work */
     CK_ATTRIBUTE_TYPE	handle;
     CK_ATTRIBUTE 	attrib;
     unsigned char space[ATTR_SPACE];
 };
 /*
  * doubly link list of objects
  */
 struct SFTKObjectListStr {
     SFTKObjectList *next;
     SFTKObjectList *prev;
     SFTKObject	   *parent;
 };
 struct SFTKObjectFreeListStr {
     SFTKObject	*head;
     PZLock	*lock;
     int		count;
 };
 /*
  * PKCS 11 crypto object structure
  */
 struct SFTKObjectStr {
     SFTKObject *next;
     SFTKObject	*prev;
     CK_OBJECT_CLASS 	objclass;
     CK_OBJECT_HANDLE	handle;
     int 		refCount;
     PZLock 		*refLock;
     SFTKSlot	   	*slot;
     void 		*objectInfo;
     SFTKFree 		infoFree;
 };
 struct SFTKTokenObjectStr {
     SFTKObject  obj;
     SECItem	dbKey;
 };
 struct SFTKSessionObjectStr {
     SFTKObject	   obj;
     SFTKObjectList sessionList;
     PZLock		*attributeLock;
     SFTKSession   	*session;
     PRBool		wasDerived;
     int nextAttr;
     SFTKAttribute	attrList[MAX_OBJS_ATTRS];
     PRBool		optimizeSpace;
     unsigned int	hashSize;
     SFTKAttribute 	*head[1];
 };
 /*
  * struct to deal with a temparary list of objects
  */
 struct SFTKObjectListElementStr {
     SFTKObjectListElement	*next;
     SFTKObject 			*object;
 };
 /*
  * Area to hold Search results
  */
 struct SFTKSearchResultsStr {
     CK_OBJECT_HANDLE	*handles;
     int			size;
     int			index;
     int			array_size;
 };
 /*
  * the universal crypto/hash/sign/verify context structure
  */
 typedef enum {
     SFTK_ENCRYPT,
     SFTK_DECRYPT,
     SFTK_HASH,
     SFTK_SIGN,
     SFTK_SIGN_RECOVER,
     SFTK_VERIFY,
     SFTK_VERIFY_RECOVER
 } SFTKContextType;
 /** max block size of supported block ciphers */
 #define SFTK_MAX_BLOCK_SIZE 16
 /** currently SHA512 is the biggest hash length */
 #define SFTK_MAX_MAC_LENGTH 64
 #define SFTK_INVALID_MAC_SIZE 0xffffffff
 /** Particular ongoing operation in session (sign/verify/digest/encrypt/...)
  *
  *  Understanding sign/verify context:
  *      multi=1 hashInfo=0   block (symmetric) cipher MACing
  *      multi=1 hashInfo=X   PKC S/V with prior hashing
  *      multi=0 hashInfo=0   PKC S/V one shot (w/o hashing)
  *      multi=0 hashInfo=X   *** shouldn't happen ***
  */
 struct SFTKSessionContextStr {
     SFTKContextType	type;
     PRBool		multi; 		/* is multipart */
     PRBool		rsa; 		/* is rsa */
     PRBool		doPad; 		/* use PKCS padding for block ciphers */
     unsigned int	blockSize; 	/* blocksize for padding */
     unsigned int	padDataLength; 	/* length of the valid data in padbuf */
     /** latest incomplete block of data for block cipher */
     unsigned char	padBuf[SFTK_MAX_BLOCK_SIZE];
     /** result of MAC'ing of latest full block of data with block cipher */
     unsigned char	macBuf[SFTK_MAX_BLOCK_SIZE];
     CK_ULONG		macSize;	/* size of a general block cipher mac*/
     void		*cipherInfo;
     void		*hashInfo;
     unsigned int	cipherInfoLen;
     CK_MECHANISM_TYPE	currentMech;
     SFTKCipher		update;
     SFTKHash		hashUpdate;
     SFTKEnd		end;
     SFTKDestroy		destroy;
     SFTKDestroy		hashdestroy;
     SFTKVerify		verify;
     unsigned int	maxLen;
     SFTKObject		*key;
 };
 /*
  * Sessions (have objects)
  */
 struct SFTKSessionStr {
     SFTKSession        *next;
     SFTKSession        *prev;
     CK_SESSION_HANDLE	handle;
     int			refCount;
     PZLock		*objectLock;
     int			objectIDCount;
     CK_SESSION_INFO	info;
     CK_NOTIFY		notify;
     CK_VOID_PTR		appData;
     SFTKSlot		*slot;
     SFTKSearchResults	*search;
     SFTKSessionContext	*enc_context;
     SFTKSessionContext	*hash_context;
     SFTKSessionContext	*sign_context;
     SFTKObjectList	*objects[1];
 };
 /*
  * slots (have sessions and objects)
  *
  * The array of sessionLock's protect the session hash table (head[])
  * as well as the reference count of session objects in that bucket
  * (head[]->refCount),  objectLock protects all elements of the slot's
  * object hash tables (sessObjHashTable[] and tokObjHashTable), and
  * sessionObjectHandleCount.
  * slotLock protects the remaining protected elements:
  * password, isLoggedIn, ssoLoggedIn, and sessionCount,
  * and pwCheckLock serializes the key database password checks in
  * NSC_SetPIN and NSC_Login.
  *
  * Each of the fields below has the following lifetime as commented
  * next to the fields:
  *   invariant  - This value is set when the slot is first created and
  * never changed until it is destroyed.
  *   per load   - This value is set when the slot is first created, or
  * when the slot is used to open another directory. Between open and close
  * this field does not change.
  *   variable - This value changes through the normal process of slot operation.
  *      - reset. The value of this variable is cleared during an open/close
  *   cycles.
  *      - preserved. The value of this variable is preserved over open/close
  *   cycles.
  */
 struct SFTKSlotStr {
     CK_SLOT_ID		slotID;			/* invariant */
     PZLock		*slotLock;		/* invariant */
     PZLock		**sessionLock;		/* invariant */
     unsigned int	numSessionLocks;	/* invariant */
     unsigned long	sessionLockMask;	/* invariant */
     PZLock		*objectLock;		/* invariant */
     PRLock		*pwCheckLock;		/* invariant */
     PRBool		present;		/* variable -set */
     PRBool		hasTokens;		/* per load */
     PRBool		isLoggedIn;		/* variable - reset */
     PRBool		ssoLoggedIn;		/* variable - reset */
     PRBool		needLogin;		/* per load */
     PRBool		DB_loaded;		/* per load */
     PRBool		readOnly;		/* per load */
     PRBool		optimizeSpace;		/* invariant */
     SFTKDBHandle	*certDB;		/* per load */
     SFTKDBHandle	*keyDB;			/* per load */
     int			minimumPinLen;		/* per load */
     PRInt32		sessionIDCount;		/* atomically incremented */
                                         	/* (preserved) */
     int			sessionIDConflict; 	/* not protected by a lock */
                                             	/* (preserved) */
     int			sessionCount;           /* variable - reset */
     PRInt32             rwSessionCount;    	/* set by atomic operations */
                                           	/* (reset) */
     int			sessionObjectHandleCount;/* variable - perserved */
     int			index;			/* invariant */
     PLHashTable		*tokObjHashTable;	/* invariant */
     SFTKObject		**sessObjHashTable;	/* variable - reset */
     unsigned int	sessObjHashSize;	/* invariant */
     SFTKSession		**head;			/* variable -reset */
     unsigned int	sessHashSize;		/* invariant */
     char		tokDescription[33];	/* per load */
     char		updateTokDescription[33]; /* per load */
     char		slotDescription[65];	/* invariant */
 };
 /*
  * special joint operations Contexts
  */
 struct SFTKHashVerifyInfoStr {
     SECOidTag   	hashOid;
     void		*params;
     NSSLOWKEYPublicKey	*key;
 };
 struct SFTKHashSignInfoStr {
     SECOidTag   	hashOid;
     void		*params;
     NSSLOWKEYPrivateKey	*key;
 };
 /**
  * Contexts for RSA-OAEP
  */
 struct SFTKOAEPEncryptInfoStr {
     CK_RSA_PKCS_OAEP_PARAMS *params;
     NSSLOWKEYPublicKey *key;
 };
 struct SFTKOAEPDecryptInfoStr {
     CK_RSA_PKCS_OAEP_PARAMS *params;
     NSSLOWKEYPrivateKey *key;
 };
 /* context for the Final SSLMAC message */
 struct SFTKSSLMACInfoStr {
     void 		*hashContext;
     SFTKBegin		begin;
     SFTKHash		update;
     SFTKEnd		end;
     CK_ULONG		macSize;
     int			padSize;
     unsigned char	key[MAX_KEY_LEN];
     unsigned int	keySize;
 };
 /*
  * Template based on SECItems, suitable for passing as arrays
  */
 struct SFTKItemTemplateStr {
     CK_ATTRIBUTE_TYPE	type;
     SECItem		*item;
 };
 /* macro for setting SFTKTemplates. */
 #define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \
    templ[count].type = attr; \
    templ[count].item = itemPtr
 #define SFTK_MAX_ITEM_TEMPLATE 10
 /*
  * session handle modifiers
  */
 #define SFTK_SESSION_SLOT_MASK	0xff000000L
 /*
  * object handle modifiers
  */
 #define SFTK_TOKEN_MASK		0x80000000L
 #define SFTK_TOKEN_MAGIC	0x80000000L
 #define SFTK_TOKEN_TYPE_MASK	0x70000000L
 /* keydb (high bit == 0) */
 #define SFTK_TOKEN_TYPE_PRIV	0x10000000L
 #define SFTK_TOKEN_TYPE_PUB	0x20000000L
 #define SFTK_TOKEN_TYPE_KEY	0x30000000L
 /* certdb (high bit == 1) */
 #define SFTK_TOKEN_TYPE_TRUST	0x40000000L
 #define SFTK_TOKEN_TYPE_CRL	0x50000000L
 #define SFTK_TOKEN_TYPE_SMIME	0x60000000L
 #define SFTK_TOKEN_TYPE_CERT	0x70000000L
 #define SFTK_TOKEN_KRL_HANDLE	(SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
 /* how big (in bytes) a password/pin we can deal with */
 #define SFTK_MAX_PIN	255
 /* minimum password/pin length (in Unicode characters) in FIPS mode */
 #define FIPS_MIN_PIN	7
 /* slot ID's */
 #define NETSCAPE_SLOT_ID 1
 #define PRIVATE_KEY_SLOT_ID 2
 #define FIPS_SLOT_ID 3
 /* slot helper macros */
 #define sftk_SlotFromSession(sp) ((sp)->slot)
 #define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
 /* the session hash multiplier (see bug 201081) */
 #define SHMULTIPLIER 1791398085
 /* queueing helper macros */
 #define sftk_hash(value,size) \
 	((PRUint32)((value) * SHMULTIPLIER) & (size-1))
 #define sftkqueue_add(element,id,head,hash_size) \
 	{ int tmp = sftk_hash(id,hash_size); \
 	(element)->next = (head)[tmp]; \
 	(element)->prev = NULL; \
 	if ((head)[tmp]) (head)[tmp]->prev = (element); \
 	(head)[tmp] = (element); }
 #define sftkqueue_find(element,id,head,hash_size) \
 	for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
 					 (element) = (element)->next) { \
 	    if ((element)->handle == (id)) { break; } }
 #define sftkqueue_is_queued(element,id,head,hash_size) \
 	( ((element)->next) || ((element)->prev) || \
 	 ((head)[sftk_hash(id,hash_size)] == (element)) )
 #define sftkqueue_delete(element,id,head,hash_size) \
 	if ((element)->next) (element)->next->prev = (element)->prev; \
 	if ((element)->prev) (element)->prev->next = (element)->next; \
 	   else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
 	(element)->next = NULL; \
 	(element)->prev = NULL; \
 #define sftkqueue_init_element(element) \
     (element)->prev = NULL;
 #define sftkqueue_add2(element, id, index, head) \
     {                                            \
 	(element)->next = (head)[index];         \
 	if ((head)[index])                       \
 	    (head)[index]->prev = (element);     \
 	(head)[index] = (element);               \
     }
 #define sftkqueue_find2(element, id, index, head) \
     for ( (element) = (head)[index];              \
           (element) != NULL;                      \
           (element) = (element)->next) {          \
 	if ((element)->handle == (id)) { break; } \
     }
 #define sftkqueue_delete2(element, id, index, head) \
 	if ((element)->next) (element)->next->prev = (element)->prev; \
 	if ((element)->prev) (element)->prev->next = (element)->next; \
 	   else (head)[index] = ((element)->next);
 #define sftkqueue_clear_deleted_element(element) \
 	(element)->next = NULL; \
 	(element)->prev = NULL; \
 /* sessionID (handle) is used to determine session lock bucket */
 #ifdef NOSPREAD
 /* NOSPREAD:	(ID>>L2LPB) & (perbucket-1) */
 #define SFTK_SESSION_LOCK(slot,handle) \
     ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
         & (slot)->sessionLockMask])
 #else
 /* SPREAD:	ID & (perbucket-1) */
 #define SFTK_SESSION_LOCK(slot,handle) \
     ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
 #endif
 /* expand an attribute & secitem structures out */
 #define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
 #define sftk_item_expand(ip) (ip)->data,(ip)->len
 typedef struct sftk_token_parametersStr {
     CK_SLOT_ID slotID;
     char *configdir;
     char *certPrefix;
     char *keyPrefix;
     char *updatedir;
     char *updCertPrefix;
     char *updKeyPrefix;
     char *updateID;
     char *tokdes;
     char *slotdes;
     char *updtokdes;
     int minPW;
     PRBool readOnly;
     PRBool noCertDB;
     PRBool noKeyDB;
     PRBool forceOpen;
     PRBool pwRequired;
     PRBool optimizeSpace;
 } sftk_token_parameters;
 typedef struct sftk_parametersStr {
     char *configdir;
     char *updatedir;
     char *updateID;
     char *secmodName;
     char *man;
     char *libdes;
     PRBool readOnly;
     PRBool noModDB;
     PRBool noCertDB;
     PRBool forceOpen;
     PRBool pwRequired;
     PRBool optimizeSpace;
     sftk_token_parameters *tokens;
     int token_count;
 } sftk_parameters;
 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */
 #define CERT_DB_FMT "%scert%s.db"
 #define KEY_DB_FMT "%skey%s.db"
 SEC_BEGIN_PROTOS
 /* shared functions between pkcs11.c and fipstokn.c */
 extern PRBool nsf_init;
 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
 extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv);
 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
 	CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
 /* slot initialization, reinit, shutdown and destruction */
 extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,
 			sftk_token_parameters *params, int moduleIndex);
 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
 			char *updatedir, char *updateID,
 			sftk_token_parameters *params, int moduleIndex);
 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
 extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout);
 /* internal utility functions used by pkcs11.c */
 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
 					 CK_ATTRIBUTE_TYPE type);
 extern void sftk_FreeAttribute(SFTKAttribute *attribute);
 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
 				   const void *valPtr, CK_ULONG length);
 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
 				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
 extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena,
 		SFTKObject *object, SFTKItemTemplate *templ, int count);
 extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
 							 unsigned int bufLen);
 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
 	CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
 extern void sftk_DeleteAttributeType(SFTKObject *object,
 				     CK_ATTRIBUTE_TYPE type);
 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
 				    SFTKObject *object, CK_ATTRIBUTE_TYPE type);
 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
 				     SFTKObject *object,
 				     CK_ATTRIBUTE_TYPE type);
 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
 				      CK_OBJECT_CLASS inClass);
 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
 extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
                                                          CK_ULONG *longData);
 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
 				 const void *value, unsigned int len);
 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
 				   const void *value, unsigned int len);
 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
 extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
 extern void sftk_ReferenceObject(SFTKObject *object);
 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
 					 SFTKSession *session);
 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
 /* clear out all the existing object ID to database key mappings.
  * used to reinit a token */
 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
 				   SFTKObject **head, unsigned int size,
 				   PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
 				   int count, PRBool isLoggedIn);
 extern SFTKObjectListElement *sftk_FreeObjectListElement(
 					     SFTKObjectListElement *objectList);
 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
 extern void sftk_FreeSearch(SFTKSearchResults *search);
 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
 extern void sftk_FreeSession(SFTKSession *session);
 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
 				    CK_VOID_PTR pApplication, CK_FLAGS flags);
 extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
 extern void sftk_update_all_states(SFTKSlot *slot);
 extern void sftk_FreeContext(SFTKSessionContext *context);
 extern void sftk_InitFreeLists(void);
 extern void sftk_CleanupFreeLists(void);
 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
 					  CK_KEY_TYPE key_type, CK_RV *crvp);
 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
 					    CK_KEY_TYPE key_type, CK_RV *crvp);
 extern void sftk_FormatDESKey(unsigned char *key, int length);
 extern PRBool sftk_CheckDESKey(unsigned char *key);
 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
 /* mechanism allows this operation */
 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely
  * acquiring a reference to the keydb from the slot */
 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
 /*
  * parameter parsing functions
  */
 CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);
 void sftk_freeParams(sftk_parameters *params);
 /*
  * narrow objects
  */
 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
 /*
  * token object utilities
  */
 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
 						CK_OBJECT_HANDLE handle);
 SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
 						CK_OBJECT_HANDLE handle);
 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
 /* J-PAKE (jpakesftk.c) */
 extern
 CK_RV jpake_Round1(HASH_HashType hashType,
                    CK_NSS_JPAKERound1Params * params,
                    SFTKObject * key);
 extern
 CK_RV jpake_Round2(HASH_HashType hashType,
                    CK_NSS_JPAKERound2Params * params,
                    SFTKObject * sourceKey, SFTKObject * key);
 extern
 CK_RV jpake_Final(HASH_HashType hashType,
                   const CK_NSS_JPAKEFinalParams * params,
                   SFTKObject * sourceKey, SFTKObject * key);
 /* Constant time MAC functions (hmacct.c) */
 struct sftk_MACConstantTimeCtxStr {
     const SECHashObject *hash;
     unsigned char mac[64];
     unsigned char secret[64];
     unsigned int headerLength;
     unsigned int secretLength;
     unsigned int totalLength;
     unsigned char header[75];
 };
 typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx;
 sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New(
 	CK_MECHANISM_PTR mech, SFTKObject *key);
 sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(
 	CK_MECHANISM_PTR mech, SFTKObject *key);
 void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len);
 void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len);
 void sftk_MACConstantTime_EndHash(
 	void *pctx, void *out, unsigned int *outLength, unsigned int maxLength);
 void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool);
 /****************************************
  * implement TLS Pseudo Random Function (PRF)
  */
 extern CK_RV
 sftk_TLSPRFInit(SFTKSessionContext *context,
 		  SFTKObject *        key,
 		  CK_KEY_TYPE         key_type,
 		  HASH_HashType       hash_alg);
 SEC_END_PROTOS
 #endif /* _PKCS11I_H_ */

The Tor Browser / annotate

security/nss/lib/softoken/pkcs11i.h@6474c204b198 (annotated)

security/nss/lib/softoken/pkcs11i.h