security/nss/lib/softoken/softoken.h@b8a032363ba2
security/nss/lib/softoken/softoken.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /*
2 * softoken.h - private data structures and prototypes for the softoken lib
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 #ifndef _SOFTOKEN_H_
9 #define _SOFTOKEN_H_
11 #include "blapi.h"
12 #include "lowkeyti.h"
13 #include "softoknt.h"
14 #include "secoidt.h"
16 #include "pkcs11t.h"
18 SEC_BEGIN_PROTOS
20 /*
21 * Convenience wrapper for doing a single PKCS#1 v1.5 RSA operations where the
22 * encoded digest info is computed internally, rather than by the caller.
23 *
24 * The HashSign variants expect as input the value of H, the computed hash
25 * from RFC 3447, Section 9.2, Step 1, and will compute the DER-encoded
26 * DigestInfo structure internally prior to signing/verifying.
27 */
28 extern SECStatus
29 RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key,
30 unsigned char *sig, unsigned int *sigLen, unsigned int maxLen,
31 const unsigned char *hash, unsigned int hashLen);
33 extern SECStatus
34 RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
35 const unsigned char *sig, unsigned int sigLen,
36 const unsigned char *hash, unsigned int hashLen);
38 /*
39 ** Prepare a buffer for padded CBC encryption, growing to the appropriate
40 ** boundary, filling with the appropriate padding.
41 **
42 ** blockSize must be a power of 2.
43 **
44 ** We add from 1 to blockSize bytes -- we *always* grow.
45 ** The extra bytes contain the value of the length of the padding:
46 ** if we have 2 bytes of padding, then the padding is "0x02, 0x02".
47 **
48 ** NOTE: If arena is non-NULL, we re-allocate from there, otherwise
49 ** we assume (and use) PR memory (re)allocation.
50 */
51 extern unsigned char * CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf,
52 unsigned int inlen, unsigned int *outlen,
53 int blockSize);
56 /****************************************/
57 /*
58 ** Power-Up selftests required for FIPS and invoked only
59 ** under PKCS #11 FIPS mode.
60 */
61 extern CK_RV sftk_fipsPowerUpSelfTest( void );
63 /*
64 ** make known fixed PKCS #11 key types to their sizes in bytes
65 */
66 unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType);
68 /*
69 ** FIPS 140-2 auditing
70 */
71 extern PRBool sftk_audit_enabled;
73 extern void sftk_LogAuditMessage(NSSAuditSeverity severity,
74 NSSAuditType, const char *msg);
76 extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
77 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
78 CK_OBJECT_HANDLE_PTR phObject, CK_RV rv);
80 extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
81 CK_OBJECT_HANDLE hObject,
82 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
83 CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv);
85 extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
86 CK_OBJECT_HANDLE hObject, CK_RV rv);
88 extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
89 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize,
90 CK_RV rv);
92 extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
93 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
94 CK_ULONG ulCount, CK_RV rv);
96 extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
97 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
98 CK_ULONG ulCount, CK_RV rv);
100 extern void sftk_AuditCryptInit(const char *opName,
101 CK_SESSION_HANDLE hSession,
102 CK_MECHANISM_PTR pMechanism,
103 CK_OBJECT_HANDLE hKey, CK_RV rv);
105 extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
106 CK_MECHANISM_PTR pMechanism,
107 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
108 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
110 extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
111 CK_MECHANISM_PTR pMechanism,
112 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
113 CK_ULONG ulPublicKeyAttributeCount,
114 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
115 CK_ULONG ulPrivateKeyAttributeCount,
116 CK_OBJECT_HANDLE_PTR phPublicKey,
117 CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv);
119 extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
120 CK_MECHANISM_PTR pMechanism,
121 CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey,
122 CK_BYTE_PTR pWrappedKey,
123 CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv);
125 extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
126 CK_MECHANISM_PTR pMechanism,
127 CK_OBJECT_HANDLE hUnwrappingKey,
128 CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
129 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
130 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
132 extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
133 CK_MECHANISM_PTR pMechanism,
134 CK_OBJECT_HANDLE hBaseKey,
135 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
136 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv);
138 extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
139 CK_OBJECT_HANDLE hKey, CK_RV rv);
141 /*
142 ** FIPS 140-2 Error state
143 */
144 extern PRBool sftk_fatalError;
146 /*
147 ** macros to check for forked child process after C_Initialize
148 */
149 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK)
151 #ifdef DEBUG
153 #define FORK_ASSERT() \
154 { \
155 char* forkAssert = getenv("NSS_STRICT_NOFORK"); \
156 if ( (!forkAssert) || (0 == strcmp(forkAssert, "1")) ) { \
157 PORT_Assert(0); \
158 } \
159 }
161 #else
163 #define FORK_ASSERT()
165 #endif
167 /* we have 3 methods of implementing the fork checks :
168 * - Solaris "mixed" method
169 * - pthread_atfork method
170 * - getpid method
171 */
173 #if !defined (CHECK_FORK_MIXED) && !defined(CHECK_FORK_PTHREAD) && \
174 !defined (CHECK_FORK_GETPID)
176 /* Choose fork check method automatically unless specified
177 * This section should be updated as more platforms get pthread fixes
178 * to unregister fork handlers in dlclose.
179 */
181 #ifdef SOLARIS
183 /* Solaris 8, s9 use PID checks, s10 uses pthread_atfork */
185 #define CHECK_FORK_MIXED
187 #elif defined(LINUX)
189 #define CHECK_FORK_PTHREAD
191 #else
193 /* Other Unix platforms use only PID checks. Even if pthread_atfork is
194 * available, the behavior of dlclose isn't guaranteed by POSIX to
195 * unregister the fork handler. */
197 #define CHECK_FORK_GETPID
199 #endif
201 #endif
203 #if defined(CHECK_FORK_MIXED)
205 extern PRBool usePthread_atfork;
206 #include <unistd.h>
207 extern pid_t myPid;
208 extern PRBool forked;
210 #define PARENT_FORKED() (usePthread_atfork ? forked : (myPid && myPid != getpid()))
212 #elif defined(CHECK_FORK_PTHREAD)
214 extern PRBool forked;
216 #define PARENT_FORKED() forked
218 #elif defined(CHECK_FORK_GETPID)
220 #include <unistd.h>
221 extern pid_t myPid;
223 #define PARENT_FORKED() (myPid && myPid != getpid())
225 #endif
227 extern PRBool parentForkedAfterC_Initialize;
228 extern PRBool sftkForkCheckDisabled;
230 #define CHECK_FORK() \
231 do { \
232 if (!sftkForkCheckDisabled && PARENT_FORKED()) { \
233 FORK_ASSERT(); \
234 return CKR_DEVICE_ERROR; \
235 } \
236 } while (0)
238 #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x
240 #define ENABLE_FORK_CHECK() \
241 { \
242 char* doForkCheck = getenv("NSS_STRICT_NOFORK"); \
243 if ( doForkCheck && !strcmp(doForkCheck, "DISABLED") ) { \
244 sftkForkCheckDisabled = PR_TRUE; \
245 } \
246 }
249 #else
251 /* non-Unix platforms, or fork check disabled */
253 #define CHECK_FORK()
254 #define SKIP_AFTER_FORK(x) x
255 #define ENABLE_FORK_CHECK()
257 #ifndef NO_FORK_CHECK
258 #define NO_FORK_CHECK
259 #endif
261 #endif
264 SEC_END_PROTOS
266 #endif /* _SOFTOKEN_H_ */
