1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pk11wrap/secmod.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,166 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +#ifndef _SECMOD_H_
1.8 +#define _SECMOD_H_
1.9 +#include "seccomon.h"
1.10 +#include "secmodt.h"
1.11 +#include "prinrval.h"
1.12 +
1.13 +/* These mechanisms flags are visible to all other libraries. */
1.14 +/* They must be converted to internal SECMOD_*_FLAG */
1.15 +/* if used inside the functions of the security library */
1.16 +#define PUBLIC_MECH_RSA_FLAG 0x00000001ul
1.17 +#define PUBLIC_MECH_DSA_FLAG 0x00000002ul
1.18 +#define PUBLIC_MECH_RC2_FLAG 0x00000004ul
1.19 +#define PUBLIC_MECH_RC4_FLAG 0x00000008ul
1.20 +#define PUBLIC_MECH_DES_FLAG 0x00000010ul
1.21 +#define PUBLIC_MECH_DH_FLAG 0x00000020ul
1.22 +#define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul
1.23 +#define PUBLIC_MECH_RC5_FLAG 0x00000080ul
1.24 +#define PUBLIC_MECH_SHA1_FLAG 0x00000100ul
1.25 +#define PUBLIC_MECH_MD5_FLAG 0x00000200ul
1.26 +#define PUBLIC_MECH_MD2_FLAG 0x00000400ul
1.27 +#define PUBLIC_MECH_SSL_FLAG 0x00000800ul
1.28 +#define PUBLIC_MECH_TLS_FLAG 0x00001000ul
1.29 +#define PUBLIC_MECH_AES_FLAG 0x00002000ul
1.30 +#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul
1.31 +#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
1.32 +#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
1.33 +#define PUBLIC_MECH_SEED_FLAG 0x00020000ul
1.34 +#define PUBLIC_MECH_ECC_FLAG 0x00040000ul
1.35 +
1.36 +#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
1.37 +#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul
1.38 +#define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul
1.39 +#define PUBLIC_DISABLE_FLAG 0x40000000ul
1.40 +
1.41 +/* warning: reserved means reserved */
1.42 +#define PUBLIC_MECH_RESERVED_FLAGS 0x87FF0000ul
1.43 +
1.44 +/* These cipher flags are visible to all other libraries, */
1.45 +/* But they must be converted before used in functions */
1.46 +/* withing the security module */
1.47 +#define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul
1.48 +
1.49 +/* warning: reserved means reserved */
1.50 +#define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul
1.51 +
1.52 +SEC_BEGIN_PROTOS
1.53 +
1.54 +/*
1.55 + * the following functions are going to be deprecated in NSS 4.0 in
1.56 + * favor of the new stan functions.
1.57 + */
1.58 +
1.59 +/* Initialization */
1.60 +extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent,
1.61 + PRBool recurse);
1.62 +
1.63 +extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec,SECMODModule *parent,
1.64 + PRBool recurse);
1.65 +
1.66 +SECStatus SECMOD_UnloadUserModule(SECMODModule *mod);
1.67 +
1.68 +SECMODModule * SECMOD_CreateModule(const char *lib, const char *name,
1.69 + const char *param, const char *nss);
1.70 +/*
1.71 + * After a fork(), PKCS #11 says we need to call C_Initialize again in
1.72 + * the child before we can use the module. This function causes this
1.73 + * reinitialization.
1.74 + * NOTE: Any outstanding handles will become invalid, which means your
1.75 + * keys and contexts will fail, but new ones can be created.
1.76 + *
1.77 + * Setting 'force' to true means to do the reinitialization even if the
1.78 + * PKCS #11 module does not seem to need it. This allows software modules
1.79 + * which ignore fork to preserve their keys across the fork().
1.80 + */
1.81 +SECStatus SECMOD_RestartModules(PRBool force);
1.82 +
1.83 +
1.84 +/* Module Management */
1.85 +char **SECMOD_GetModuleSpecList(SECMODModule *module);
1.86 +SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module,char **moduleSpecList);
1.87 +
1.88 +
1.89 +/* protoypes */
1.90 +/* Get a list of active PKCS #11 modules */
1.91 +extern SECMODModuleList *SECMOD_GetDefaultModuleList(void);
1.92 +/* Get a list of defined but not loaded PKCS #11 modules */
1.93 +extern SECMODModuleList *SECMOD_GetDeadModuleList(void);
1.94 +/* Get a list of Modules which define PKCS #11 modules to load */
1.95 +extern SECMODModuleList *SECMOD_GetDBModuleList(void);
1.96 +
1.97 +/* lock to protect all three module lists above */
1.98 +extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void);
1.99 +
1.100 +extern SECStatus SECMOD_UpdateModule(SECMODModule *module);
1.101 +
1.102 +/* lock management */
1.103 +extern void SECMOD_GetReadLock(SECMODListLock *);
1.104 +extern void SECMOD_ReleaseReadLock(SECMODListLock *);
1.105 +
1.106 +/* Operate on modules by name */
1.107 +extern SECMODModule *SECMOD_FindModule(const char *name);
1.108 +extern SECStatus SECMOD_DeleteModule(const char *name, int *type);
1.109 +extern SECStatus SECMOD_DeleteModuleEx(const char * name,
1.110 + SECMODModule *mod,
1.111 + int *type,
1.112 + PRBool permdb);
1.113 +extern SECStatus SECMOD_DeleteInternalModule(const char *name);
1.114 +extern PRBool SECMOD_CanDeleteInternalModule(void);
1.115 +extern SECStatus SECMOD_AddNewModule(const char* moduleName,
1.116 + const char* dllPath,
1.117 + unsigned long defaultMechanismFlags,
1.118 + unsigned long cipherEnableFlags);
1.119 +extern SECStatus SECMOD_AddNewModuleEx(const char* moduleName,
1.120 + const char* dllPath,
1.121 + unsigned long defaultMechanismFlags,
1.122 + unsigned long cipherEnableFlags,
1.123 + char* modparms,
1.124 + char* nssparms);
1.125 +
1.126 +/* database/memory management */
1.127 +extern SECMODModule *SECMOD_GetInternalModule(void);
1.128 +extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module);
1.129 +extern void SECMOD_DestroyModule(SECMODModule *module);
1.130 +extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module,
1.131 + unsigned long slotID);
1.132 +extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,const char *name);
1.133 +
1.134 +/* Funtion reports true if at least one of the modules */
1.135 +/* of modType has been installed */
1.136 +PRBool SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags );
1.137 +
1.138 +/* accessors */
1.139 +PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod);
1.140 +PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);
1.141 +
1.142 +/* Functions used to convert between internal & public representation
1.143 + * of Mechanism Flags and Cipher Enable Flags */
1.144 +extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
1.145 +extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
1.146 +extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);
1.147 +
1.148 +PRBool SECMOD_HasRemovableSlots(SECMODModule *mod);
1.149 +PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod,
1.150 + unsigned long flags, PRIntervalTime latency);
1.151 +/*
1.152 + * Warning: the SECMOD_CancelWait function is highly destructive, potentially
1.153 + * finalizing the module 'mod' (causing inprogress operations to fail,
1.154 + * and session key material to disappear). It should only be called when
1.155 + * shutting down the module.
1.156 + */
1.157 +SECStatus SECMOD_CancelWait(SECMODModule *mod);
1.158 +/*
1.159 + * check to see if the module has added new slots. PKCS 11 v2.20 allows for
1.160 + * modules to add new slots, but never remove them. Slots not be added between
1.161 + * a call to C_GetSlotLlist(Flag, NULL, &count) and the corresponding
1.162 + * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
1.163 + * grow on the caller. It is permissible for the slots to increase between
1.164 + * corresponding calls with NULL to get the size.
1.165 + */
1.166 +SECStatus SECMOD_UpdateSlotList(SECMODModule *mod);
1.167 +SEC_END_PROTOS
1.168 +
1.169 +#endif
