1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/pk11wrap/secmodti.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,187 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +/*
1.8 + * Internal header file included only by files in pkcs11 dir, or in
1.9 + * pkcs11 specific client and server files.
1.10 + */
1.11 +
1.12 +#ifndef _SECMODTI_H_
1.13 +#define _SECMODTI_H_ 1
1.14 +#include "prmon.h"
1.15 +#include "prtypes.h"
1.16 +#include "nssilckt.h"
1.17 +#include "secmodt.h"
1.18 +#include "pkcs11t.h"
1.19 +
1.20 +#include "nssdevt.h"
1.21 +
1.22 +/* internal data structures */
1.23 +
1.24 +/* Traverse slots callback */
1.25 +typedef struct pk11TraverseSlotStr {
1.26 + SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
1.27 + void *callbackArg;
1.28 + CK_ATTRIBUTE *findTemplate;
1.29 + int templateCount;
1.30 +} pk11TraverseSlot;
1.31 +
1.32 +
1.33 +/* represent a pkcs#11 slot reference counted. */
1.34 +struct PK11SlotInfoStr {
1.35 + /* the PKCS11 function list for this slot */
1.36 + void *functionList;
1.37 + SECMODModule *module; /* our parent module */
1.38 + /* Boolean to indicate the current state of this slot */
1.39 + PRBool needTest; /* Has this slot been tested for Export complience */
1.40 + PRBool isPerm; /* is this slot a permanment device */
1.41 + PRBool isHW; /* is this slot a hardware device */
1.42 + PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */
1.43 + PRBool disabled; /* is this slot disabled... */
1.44 + PK11DisableReasons reason; /* Why this slot is disabled */
1.45 + PRBool readOnly; /* is the token in this slot read-only */
1.46 + PRBool needLogin; /* does the token of the type that needs
1.47 + * authentication (still true even if token is logged
1.48 + * in) */
1.49 + PRBool hasRandom; /* can this token generated random numbers */
1.50 + PRBool defRWSession; /* is the default session RW (we open our default
1.51 + * session rw if the token can only handle one session
1.52 + * at a time. */
1.53 + PRBool isThreadSafe; /* copied from the module */
1.54 + /* The actual flags (many of which are distilled into the above PRBools) */
1.55 + CK_FLAGS flags; /* flags from PKCS #11 token Info */
1.56 + /* a default session handle to do quick and dirty functions */
1.57 + CK_SESSION_HANDLE session;
1.58 + PZLock *sessionLock; /* lock for this session */
1.59 + /* our ID */
1.60 + CK_SLOT_ID slotID;
1.61 + /* persistant flags saved from startup to startup */
1.62 + unsigned long defaultFlags;
1.63 + /* keep track of who is using us so we don't accidently get freed while
1.64 + * still in use */
1.65 + PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */
1.66 + PZLock *freeListLock;
1.67 + PK11SymKey *freeSymKeysWithSessionHead;
1.68 + PK11SymKey *freeSymKeysHead;
1.69 + int keyCount;
1.70 + int maxKeyCount;
1.71 + /* Password control functions for this slot. many of these are only
1.72 + * active if the appropriate flag is on in defaultFlags */
1.73 + int askpw; /* what our password options are */
1.74 + int timeout; /* If we're ask_timeout, what is our timeout time is
1.75 + * seconds */
1.76 + int authTransact; /* allow multiple authentications off one password if
1.77 + * they are all part of the same transaction */
1.78 + PRTime authTime; /* when were we last authenticated */
1.79 + int minPassword; /* smallest legal password */
1.80 + int maxPassword; /* largest legal password */
1.81 + PRUint16 series; /* break up the slot info into various groups of
1.82 + * inserted tokens so that keys and certs can be
1.83 + * invalidated */
1.84 + PRUint16 flagSeries;/* record the last series for the last event
1.85 + * returned for this slot */
1.86 + PRBool flagState; /* record the state of the last event returned for this
1.87 + * slot. */
1.88 + PRUint16 wrapKey; /* current wrapping key for SSL master secrets */
1.89 + CK_MECHANISM_TYPE wrapMechanism;
1.90 + /* current wrapping mechanism for current wrapKey */
1.91 + CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
1.92 + CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
1.93 + * token */
1.94 + int mechanismCount;
1.95 + /* cache the certificates stored on the token of this slot */
1.96 + CERTCertificate **cert_array;
1.97 + int array_size;
1.98 + int cert_count;
1.99 + char serial[16];
1.100 + /* since these are odd sizes, keep them last. They are odd sizes to
1.101 + * allow them to become null terminated strings */
1.102 + char slot_name[65];
1.103 + char token_name[33];
1.104 + PRBool hasRootCerts;
1.105 + PRBool hasRootTrust;
1.106 + PRBool hasRSAInfo;
1.107 + CK_FLAGS RSAInfoFlags;
1.108 + PRBool protectedAuthPath;
1.109 + PRBool isActiveCard;
1.110 + PRIntervalTime lastLoginCheck;
1.111 + unsigned int lastState;
1.112 + /* for Stan */
1.113 + NSSToken *nssToken;
1.114 + /* fast mechanism lookup */
1.115 + char mechanismBits[256];
1.116 +};
1.117 +
1.118 +/* Symetric Key structure. Reference Counted */
1.119 +struct PK11SymKeyStr {
1.120 + CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
1.121 + CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
1.122 + PK11SlotInfo *slot; /* Slot this key is loaded into */
1.123 + void *cx; /* window context in case we need to loggin */
1.124 + PK11SymKey *next;
1.125 + PRBool owner;
1.126 + SECItem data; /* raw key data if available */
1.127 + CK_SESSION_HANDLE session;
1.128 + PRBool sessionOwner;
1.129 + PRInt32 refCount; /* number of references to this key */
1.130 + int size; /* key size in bytes */
1.131 + PK11Origin origin; /* where this key came from
1.132 + * (see def in secmodt.h) */
1.133 + PK11SymKey *parent; /* potential owner key of the session */
1.134 + PRUint16 series; /* break up the slot info into various groups
1.135 + * of inserted tokens so that keys and certs
1.136 + * can be invalidated */
1.137 + void *userData; /* random data the application can attach to
1.138 + * this key */
1.139 + PK11FreeDataFunc freeFunc; /* function to free the user data */
1.140 +};
1.141 +
1.142 +
1.143 +/*
1.144 + * hold a hash, encryption or signing context for multi-part operations.
1.145 + * hold enough information so that multiple contexts can be interleaved
1.146 + * if necessary. ... Not RefCounted.
1.147 + */
1.148 +struct PK11ContextStr {
1.149 + CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing
1.150 + * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
1.151 + PK11SymKey *key; /* symetric key used in this context */
1.152 + PK11SlotInfo *slot; /* slot this context is operationing on */
1.153 + CK_SESSION_HANDLE session; /* session this context is using */
1.154 + PZLock *sessionLock; /* lock before accessing a PKCS #11
1.155 + * session */
1.156 + PRBool ownSession;/* do we own the session? */
1.157 + void *cx; /* window context in case we need to loggin*/
1.158 + void *savedData;/* save data when we are multiplexing on a
1.159 + * single context */
1.160 + unsigned long savedLength; /* length of the saved context */
1.161 + SECItem *param; /* mechanism parameters used to build this
1.162 + context */
1.163 + PRBool init; /* has this contexted been initialized */
1.164 + CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is
1.165 + * representing (usually what algorithm is
1.166 + * being used (CKM_RSA_PKCS, CKM_DES,
1.167 + * CKM_SHA, etc.*/
1.168 + PRBool fortezzaHack; /*Fortezza SSL has some special
1.169 + * non-standard semantics*/
1.170 +};
1.171 +
1.172 +/*
1.173 + * structure to hold a pointer to a unique PKCS #11 object
1.174 + * (pointer to the slot and the object id).
1.175 + */
1.176 +struct PK11GenericObjectStr {
1.177 + PK11GenericObject *prev;
1.178 + PK11GenericObject *next;
1.179 + PK11SlotInfo *slot;
1.180 + CK_OBJECT_HANDLE objectID;
1.181 +};
1.182 +
1.183 +
1.184 +#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
1.185 +
1.186 +/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
1.187 +#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
1.188 +
1.189 +
1.190 +#endif /* _SECMODTI_H_ */
