The Tor Browser / annotate

security/nss/lib/pk11wrap/secmodti.h@b8a032363ba2 (annotated)

security/nss/lib/pk11wrap/secmodti.h

Thu, 22 Jan 2015 13:21:57 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Thu, 22 Jan 2015 13:21:57 +0100
branch
TOR_BUG_9701
changeset 15
b8a032363ba2
permissions
-rw-r--r--

Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4 /*
michael@0 5 * Internal header file included only by files in pkcs11 dir, or in
michael@0 6 * pkcs11 specific client and server files.
michael@0 7 */
michael@0 8
michael@0 9 #ifndef _SECMODTI_H_
michael@0 10 #define _SECMODTI_H_ 1
michael@0 11 #include "prmon.h"
michael@0 12 #include "prtypes.h"
michael@0 13 #include "nssilckt.h"
michael@0 14 #include "secmodt.h"
michael@0 15 #include "pkcs11t.h"
michael@0 16
michael@0 17 #include "nssdevt.h"
michael@0 18
michael@0 19 /* internal data structures */
michael@0 20
michael@0 21 /* Traverse slots callback */
michael@0 22 typedef struct pk11TraverseSlotStr {
michael@0 23 SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
michael@0 24 void *callbackArg;
michael@0 25 CK_ATTRIBUTE *findTemplate;
michael@0 26 int templateCount;
michael@0 27 } pk11TraverseSlot;
michael@0 28
michael@0 29
michael@0 30 /* represent a pkcs#11 slot reference counted. */
michael@0 31 struct PK11SlotInfoStr {
michael@0 32 /* the PKCS11 function list for this slot */
michael@0 33 void *functionList;
michael@0 34 SECMODModule *module; /* our parent module */
michael@0 35 /* Boolean to indicate the current state of this slot */
michael@0 36 PRBool needTest; /* Has this slot been tested for Export complience */
michael@0 37 PRBool isPerm; /* is this slot a permanment device */
michael@0 38 PRBool isHW; /* is this slot a hardware device */
michael@0 39 PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */
michael@0 40 PRBool disabled; /* is this slot disabled... */
michael@0 41 PK11DisableReasons reason; /* Why this slot is disabled */
michael@0 42 PRBool readOnly; /* is the token in this slot read-only */
michael@0 43 PRBool needLogin; /* does the token of the type that needs
michael@0 44 * authentication (still true even if token is logged
michael@0 45 * in) */
michael@0 46 PRBool hasRandom; /* can this token generated random numbers */
michael@0 47 PRBool defRWSession; /* is the default session RW (we open our default
michael@0 48 * session rw if the token can only handle one session
michael@0 49 * at a time. */
michael@0 50 PRBool isThreadSafe; /* copied from the module */
michael@0 51 /* The actual flags (many of which are distilled into the above PRBools) */
michael@0 52 CK_FLAGS flags; /* flags from PKCS #11 token Info */
michael@0 53 /* a default session handle to do quick and dirty functions */
michael@0 54 CK_SESSION_HANDLE session;
michael@0 55 PZLock *sessionLock; /* lock for this session */
michael@0 56 /* our ID */
michael@0 57 CK_SLOT_ID slotID;
michael@0 58 /* persistant flags saved from startup to startup */
michael@0 59 unsigned long defaultFlags;
michael@0 60 /* keep track of who is using us so we don't accidently get freed while
michael@0 61 * still in use */
michael@0 62 PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */
michael@0 63 PZLock *freeListLock;
michael@0 64 PK11SymKey *freeSymKeysWithSessionHead;
michael@0 65 PK11SymKey *freeSymKeysHead;
michael@0 66 int keyCount;
michael@0 67 int maxKeyCount;
michael@0 68 /* Password control functions for this slot. many of these are only
michael@0 69 * active if the appropriate flag is on in defaultFlags */
michael@0 70 int askpw; /* what our password options are */
michael@0 71 int timeout; /* If we're ask_timeout, what is our timeout time is
michael@0 72 * seconds */
michael@0 73 int authTransact; /* allow multiple authentications off one password if
michael@0 74 * they are all part of the same transaction */
michael@0 75 PRTime authTime; /* when were we last authenticated */
michael@0 76 int minPassword; /* smallest legal password */
michael@0 77 int maxPassword; /* largest legal password */
michael@0 78 PRUint16 series; /* break up the slot info into various groups of
michael@0 79 * inserted tokens so that keys and certs can be
michael@0 80 * invalidated */
michael@0 81 PRUint16 flagSeries;/* record the last series for the last event
michael@0 82 * returned for this slot */
michael@0 83 PRBool flagState; /* record the state of the last event returned for this
michael@0 84 * slot. */
michael@0 85 PRUint16 wrapKey; /* current wrapping key for SSL master secrets */
michael@0 86 CK_MECHANISM_TYPE wrapMechanism;
michael@0 87 /* current wrapping mechanism for current wrapKey */
michael@0 88 CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
michael@0 89 CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
michael@0 90 * token */
michael@0 91 int mechanismCount;
michael@0 92 /* cache the certificates stored on the token of this slot */
michael@0 93 CERTCertificate **cert_array;
michael@0 94 int array_size;
michael@0 95 int cert_count;
michael@0 96 char serial[16];
michael@0 97 /* since these are odd sizes, keep them last. They are odd sizes to
michael@0 98 * allow them to become null terminated strings */
michael@0 99 char slot_name[65];
michael@0 100 char token_name[33];
michael@0 101 PRBool hasRootCerts;
michael@0 102 PRBool hasRootTrust;
michael@0 103 PRBool hasRSAInfo;
michael@0 104 CK_FLAGS RSAInfoFlags;
michael@0 105 PRBool protectedAuthPath;
michael@0 106 PRBool isActiveCard;
michael@0 107 PRIntervalTime lastLoginCheck;
michael@0 108 unsigned int lastState;
michael@0 109 /* for Stan */
michael@0 110 NSSToken *nssToken;
michael@0 111 /* fast mechanism lookup */
michael@0 112 char mechanismBits[256];
michael@0 113 };
michael@0 114
michael@0 115 /* Symetric Key structure. Reference Counted */
michael@0 116 struct PK11SymKeyStr {
michael@0 117 CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
michael@0 118 CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
michael@0 119 PK11SlotInfo *slot; /* Slot this key is loaded into */
michael@0 120 void *cx; /* window context in case we need to loggin */
michael@0 121 PK11SymKey *next;
michael@0 122 PRBool owner;
michael@0 123 SECItem data; /* raw key data if available */
michael@0 124 CK_SESSION_HANDLE session;
michael@0 125 PRBool sessionOwner;
michael@0 126 PRInt32 refCount; /* number of references to this key */
michael@0 127 int size; /* key size in bytes */
michael@0 128 PK11Origin origin; /* where this key came from
michael@0 129 * (see def in secmodt.h) */
michael@0 130 PK11SymKey *parent; /* potential owner key of the session */
michael@0 131 PRUint16 series; /* break up the slot info into various groups
michael@0 132 * of inserted tokens so that keys and certs
michael@0 133 * can be invalidated */
michael@0 134 void *userData; /* random data the application can attach to
michael@0 135 * this key */
michael@0 136 PK11FreeDataFunc freeFunc; /* function to free the user data */
michael@0 137 };
michael@0 138
michael@0 139
michael@0 140 /*
michael@0 141 * hold a hash, encryption or signing context for multi-part operations.
michael@0 142 * hold enough information so that multiple contexts can be interleaved
michael@0 143 * if necessary. ... Not RefCounted.
michael@0 144 */
michael@0 145 struct PK11ContextStr {
michael@0 146 CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing
michael@0 147 * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
michael@0 148 PK11SymKey *key; /* symetric key used in this context */
michael@0 149 PK11SlotInfo *slot; /* slot this context is operationing on */
michael@0 150 CK_SESSION_HANDLE session; /* session this context is using */
michael@0 151 PZLock *sessionLock; /* lock before accessing a PKCS #11
michael@0 152 * session */
michael@0 153 PRBool ownSession;/* do we own the session? */
michael@0 154 void *cx; /* window context in case we need to loggin*/
michael@0 155 void *savedData;/* save data when we are multiplexing on a
michael@0 156 * single context */
michael@0 157 unsigned long savedLength; /* length of the saved context */
michael@0 158 SECItem *param; /* mechanism parameters used to build this
michael@0 159 context */
michael@0 160 PRBool init; /* has this contexted been initialized */
michael@0 161 CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is
michael@0 162 * representing (usually what algorithm is
michael@0 163 * being used (CKM_RSA_PKCS, CKM_DES,
michael@0 164 * CKM_SHA, etc.*/
michael@0 165 PRBool fortezzaHack; /*Fortezza SSL has some special
michael@0 166 * non-standard semantics*/
michael@0 167 };
michael@0 168
michael@0 169 /*
michael@0 170 * structure to hold a pointer to a unique PKCS #11 object
michael@0 171 * (pointer to the slot and the object id).
michael@0 172 */
michael@0 173 struct PK11GenericObjectStr {
michael@0 174 PK11GenericObject *prev;
michael@0 175 PK11GenericObject *next;
michael@0 176 PK11SlotInfo *slot;
michael@0 177 CK_OBJECT_HANDLE objectID;
michael@0 178 };
michael@0 179
michael@0 180
michael@0 181 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
michael@0 182
michael@0 183 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
michael@0 184 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
michael@0 185
michael@0 186
michael@0 187 #endif /* _SECMODTI_H_ */

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial