The Tor Browser / file revision

 /* This Source Code Form is subject to the terms of the Mozilla Public

  * License, v. 2.0. If a copy of the MPL was not distributed with this

  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

 /*

  * Internal header file included only by files in pkcs11 dir, or in

  * pkcs11 specific client and server files.

  */

 #ifndef  _SECMODTI_H_

 #define  _SECMODTI_H_ 1

 #include "prmon.h"

 #include "prtypes.h"

 #include "nssilckt.h"

 #include "secmodt.h"

 #include "pkcs11t.h"

 #include "nssdevt.h"

 /* internal data structures */

 /* Traverse slots callback */

 typedef struct pk11TraverseSlotStr {

     SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);

     void *callbackArg;

     CK_ATTRIBUTE *findTemplate;

     int templateCount;

 } pk11TraverseSlot;

 /* represent a pkcs#11 slot reference counted. */

 struct PK11SlotInfoStr {

     /* the PKCS11 function list for this slot */

     void *functionList;

     SECMODModule *module; /* our parent module */

     /* Boolean to indicate the current state of this slot */

     PRBool needTest;	/* Has this slot been tested for Export complience */

     PRBool isPerm;	/* is this slot a permanment device */

     PRBool isHW;	/* is this slot a hardware device */

     PRBool isInternal;  /* is this slot one of our internal PKCS #11 devices */

     PRBool disabled;	/* is this slot disabled... */

     PK11DisableReasons reason; 	/* Why this slot is disabled */

     PRBool readOnly;	/* is the token in this slot read-only */

     PRBool needLogin;	/* does the token of the type that needs 

 			 * authentication (still true even if token is logged 

 			 * in) */

     PRBool hasRandom;   /* can this token generated random numbers */

     PRBool defRWSession; /* is the default session RW (we open our default 

 			  * session rw if the token can only handle one session

 			  * at a time. */

     PRBool isThreadSafe; /* copied from the module */

     /* The actual flags (many of which are distilled into the above PRBools) */

     CK_FLAGS flags;      /* flags from PKCS #11 token Info */

     /* a default session handle to do quick and dirty functions */

     CK_SESSION_HANDLE session; 

     PZLock *sessionLock; /* lock for this session */

     /* our ID */

     CK_SLOT_ID slotID;

     /* persistant flags saved from startup to startup */

     unsigned long defaultFlags;

     /* keep track of who is using us so we don't accidently get freed while

      * still in use */

     PRInt32 refCount;    /* to be in/decremented by atomic calls ONLY! */

     PZLock *freeListLock;

     PK11SymKey *freeSymKeysWithSessionHead;

     PK11SymKey *freeSymKeysHead;

     int keyCount;

     int maxKeyCount;

     /* Password control functions for this slot. many of these are only

      * active if the appropriate flag is on in defaultFlags */

     int askpw;		/* what our password options are */

     int timeout;	/* If we're ask_timeout, what is our timeout time is 

 			 * seconds */

     int authTransact;   /* allow multiple authentications off one password if

 		         * they are all part of the same transaction */

     PRTime authTime;	/* when were we last authenticated */

     int minPassword;	/* smallest legal password */

     int maxPassword;	/* largest legal password */

     PRUint16 series;	/* break up the slot info into various groups of

 			 * inserted tokens so that keys and certs can be

 			 * invalidated */

     PRUint16 flagSeries;/* record the last series for the last event

                          * returned for this slot */

     PRBool flagState;	/* record the state of the last event returned for this

 			 * slot. */

     PRUint16 wrapKey;	/* current wrapping key for SSL master secrets */

     CK_MECHANISM_TYPE wrapMechanism;

 			/* current wrapping mechanism for current wrapKey */

     CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */

     CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this

 				       * token */

     int mechanismCount;

     /* cache the certificates stored on the token of this slot */

     CERTCertificate **cert_array;

     int array_size;

     int cert_count;

     char serial[16];

     /* since these are odd sizes, keep them last. They are odd sizes to 

      * allow them to become null terminated strings */

     char slot_name[65];

     char token_name[33];

     PRBool hasRootCerts;

     PRBool hasRootTrust;

     PRBool hasRSAInfo;

     CK_FLAGS RSAInfoFlags;

     PRBool protectedAuthPath;

     PRBool isActiveCard;

     PRIntervalTime lastLoginCheck;

     unsigned int lastState;

     /* for Stan */

     NSSToken *nssToken;

     /* fast mechanism lookup */

     char mechanismBits[256];

 };

 /* Symetric Key structure. Reference Counted */

 struct PK11SymKeyStr {

     CK_MECHANISM_TYPE type;	/* type of operation this key was created for*/

     CK_OBJECT_HANDLE  objectID; /* object id of this key in the slot */

     PK11SlotInfo      *slot;    /* Slot this key is loaded into */

     void	      *cx;	/* window context in case we need to loggin */

     PK11SymKey	      *next;

     PRBool	      owner;

     SECItem	      data;	/* raw key data if available */

     CK_SESSION_HANDLE session;

     PRBool	      sessionOwner;

     PRInt32	      refCount;	/* number of references to this key */

     int		      size;	/* key size in bytes */

     PK11Origin	      origin;	/* where this key came from 

                                  * (see def in secmodt.h) */

     PK11SymKey        *parent;  /* potential owner key of the session */

     PRUint16 series;		/* break up the slot info into various groups

 				 * of inserted tokens so that keys and certs 

 				 * can be invalidated */

     void *userData;		/* random data the application can attach to

                                  * this key */

     PK11FreeDataFunc freeFunc;	/* function to free the user data */

 };

 /*

  * hold a hash, encryption or signing context for multi-part operations.

  * hold enough information so that multiple contexts can be interleaved

  * if necessary. ... Not RefCounted.

  */

 struct PK11ContextStr {

     CK_ATTRIBUTE_TYPE	operation; /* type of operation this context is doing

 				    * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */

     PK11SymKey  	*key;	   /* symetric key used in this context */

     PK11SlotInfo	*slot;	   /* slot this context is operationing on */

     CK_SESSION_HANDLE	session;   /* session this context is using */

     PZLock		*sessionLock; /* lock before accessing a PKCS #11 

 				       * session */

     PRBool		ownSession;/* do we own the session? */

     void 		*cx;	   /* window context in case we need to loggin*/

     void		*savedData;/* save data when we are multiplexing on a

 				    * single context */

     unsigned long	savedLength; /* length of the saved context */

     SECItem		*param;	    /* mechanism parameters used to build this

 								context */

     PRBool		init;	    /* has this contexted been initialized */

     CK_MECHANISM_TYPE	type;	    /* what is the PKCS #11 this context is

 				     * representing (usually what algorithm is

 				     * being used (CKM_RSA_PKCS, CKM_DES,

 				     * CKM_SHA, etc.*/

     PRBool		fortezzaHack; /*Fortezza SSL has some special

 				       * non-standard semantics*/

 };

 /*

  * structure to hold a pointer to a unique PKCS #11 object 

  * (pointer to the slot and the object id).

  */

 struct PK11GenericObjectStr {

     PK11GenericObject *prev;

     PK11GenericObject *next;

     PK11SlotInfo *slot;

     CK_OBJECT_HANDLE objectID;

 };

 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */

 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */

 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL

 #endif /* _SECMODTI_H_ */