michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: #ifndef _SECMOD_H_ michael@0: #define _SECMOD_H_ michael@0: #include "seccomon.h" michael@0: #include "secmodt.h" michael@0: #include "prinrval.h" michael@0: michael@0: /* These mechanisms flags are visible to all other libraries. */ michael@0: /* They must be converted to internal SECMOD_*_FLAG */ michael@0: /* if used inside the functions of the security library */ michael@0: #define PUBLIC_MECH_RSA_FLAG 0x00000001ul michael@0: #define PUBLIC_MECH_DSA_FLAG 0x00000002ul michael@0: #define PUBLIC_MECH_RC2_FLAG 0x00000004ul michael@0: #define PUBLIC_MECH_RC4_FLAG 0x00000008ul michael@0: #define PUBLIC_MECH_DES_FLAG 0x00000010ul michael@0: #define PUBLIC_MECH_DH_FLAG 0x00000020ul michael@0: #define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul michael@0: #define PUBLIC_MECH_RC5_FLAG 0x00000080ul michael@0: #define PUBLIC_MECH_SHA1_FLAG 0x00000100ul michael@0: #define PUBLIC_MECH_MD5_FLAG 0x00000200ul michael@0: #define PUBLIC_MECH_MD2_FLAG 0x00000400ul michael@0: #define PUBLIC_MECH_SSL_FLAG 0x00000800ul michael@0: #define PUBLIC_MECH_TLS_FLAG 0x00001000ul michael@0: #define PUBLIC_MECH_AES_FLAG 0x00002000ul michael@0: #define PUBLIC_MECH_SHA256_FLAG 0x00004000ul michael@0: #define PUBLIC_MECH_SHA512_FLAG 0x00008000ul michael@0: #define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul michael@0: #define PUBLIC_MECH_SEED_FLAG 0x00020000ul michael@0: #define PUBLIC_MECH_ECC_FLAG 0x00040000ul michael@0: michael@0: #define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul michael@0: #define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul michael@0: #define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul michael@0: #define PUBLIC_DISABLE_FLAG 0x40000000ul michael@0: michael@0: /* warning: reserved means reserved */ michael@0: #define PUBLIC_MECH_RESERVED_FLAGS 0x87FF0000ul michael@0: michael@0: /* These cipher flags are visible to all other libraries, */ michael@0: /* But they must be converted before used in functions */ michael@0: /* withing the security module */ michael@0: #define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul michael@0: michael@0: /* warning: reserved means reserved */ michael@0: #define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul michael@0: michael@0: SEC_BEGIN_PROTOS michael@0: michael@0: /* michael@0: * the following functions are going to be deprecated in NSS 4.0 in michael@0: * favor of the new stan functions. michael@0: */ michael@0: michael@0: /* Initialization */ michael@0: extern SECMODModule *SECMOD_LoadModule(char *moduleSpec,SECMODModule *parent, michael@0: PRBool recurse); michael@0: michael@0: extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec,SECMODModule *parent, michael@0: PRBool recurse); michael@0: michael@0: SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); michael@0: michael@0: SECMODModule * SECMOD_CreateModule(const char *lib, const char *name, michael@0: const char *param, const char *nss); michael@0: /* michael@0: * After a fork(), PKCS #11 says we need to call C_Initialize again in michael@0: * the child before we can use the module. This function causes this michael@0: * reinitialization. michael@0: * NOTE: Any outstanding handles will become invalid, which means your michael@0: * keys and contexts will fail, but new ones can be created. michael@0: * michael@0: * Setting 'force' to true means to do the reinitialization even if the michael@0: * PKCS #11 module does not seem to need it. This allows software modules michael@0: * which ignore fork to preserve their keys across the fork(). michael@0: */ michael@0: SECStatus SECMOD_RestartModules(PRBool force); michael@0: michael@0: michael@0: /* Module Management */ michael@0: char **SECMOD_GetModuleSpecList(SECMODModule *module); michael@0: SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module,char **moduleSpecList); michael@0: michael@0: michael@0: /* protoypes */ michael@0: /* Get a list of active PKCS #11 modules */ michael@0: extern SECMODModuleList *SECMOD_GetDefaultModuleList(void); michael@0: /* Get a list of defined but not loaded PKCS #11 modules */ michael@0: extern SECMODModuleList *SECMOD_GetDeadModuleList(void); michael@0: /* Get a list of Modules which define PKCS #11 modules to load */ michael@0: extern SECMODModuleList *SECMOD_GetDBModuleList(void); michael@0: michael@0: /* lock to protect all three module lists above */ michael@0: extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void); michael@0: michael@0: extern SECStatus SECMOD_UpdateModule(SECMODModule *module); michael@0: michael@0: /* lock management */ michael@0: extern void SECMOD_GetReadLock(SECMODListLock *); michael@0: extern void SECMOD_ReleaseReadLock(SECMODListLock *); michael@0: michael@0: /* Operate on modules by name */ michael@0: extern SECMODModule *SECMOD_FindModule(const char *name); michael@0: extern SECStatus SECMOD_DeleteModule(const char *name, int *type); michael@0: extern SECStatus SECMOD_DeleteModuleEx(const char * name, michael@0: SECMODModule *mod, michael@0: int *type, michael@0: PRBool permdb); michael@0: extern SECStatus SECMOD_DeleteInternalModule(const char *name); michael@0: extern PRBool SECMOD_CanDeleteInternalModule(void); michael@0: extern SECStatus SECMOD_AddNewModule(const char* moduleName, michael@0: const char* dllPath, michael@0: unsigned long defaultMechanismFlags, michael@0: unsigned long cipherEnableFlags); michael@0: extern SECStatus SECMOD_AddNewModuleEx(const char* moduleName, michael@0: const char* dllPath, michael@0: unsigned long defaultMechanismFlags, michael@0: unsigned long cipherEnableFlags, michael@0: char* modparms, michael@0: char* nssparms); michael@0: michael@0: /* database/memory management */ michael@0: extern SECMODModule *SECMOD_GetInternalModule(void); michael@0: extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module); michael@0: extern void SECMOD_DestroyModule(SECMODModule *module); michael@0: extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module, michael@0: unsigned long slotID); michael@0: extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module,const char *name); michael@0: michael@0: /* Funtion reports true if at least one of the modules */ michael@0: /* of modType has been installed */ michael@0: PRBool SECMOD_IsModulePresent( unsigned long int pubCipherEnableFlags ); michael@0: michael@0: /* accessors */ michael@0: PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod); michael@0: PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod); michael@0: michael@0: /* Functions used to convert between internal & public representation michael@0: * of Mechanism Flags and Cipher Enable Flags */ michael@0: extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags); michael@0: extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); michael@0: extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); michael@0: michael@0: PRBool SECMOD_HasRemovableSlots(SECMODModule *mod); michael@0: PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod, michael@0: unsigned long flags, PRIntervalTime latency); michael@0: /* michael@0: * Warning: the SECMOD_CancelWait function is highly destructive, potentially michael@0: * finalizing the module 'mod' (causing inprogress operations to fail, michael@0: * and session key material to disappear). It should only be called when michael@0: * shutting down the module. michael@0: */ michael@0: SECStatus SECMOD_CancelWait(SECMODModule *mod); michael@0: /* michael@0: * check to see if the module has added new slots. PKCS 11 v2.20 allows for michael@0: * modules to add new slots, but never remove them. Slots not be added between michael@0: * a call to C_GetSlotLlist(Flag, NULL, &count) and the corresponding michael@0: * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently michael@0: * grow on the caller. It is permissible for the slots to increase between michael@0: * corresponding calls with NULL to get the size. michael@0: */ michael@0: SECStatus SECMOD_UpdateSlotList(SECMODModule *mod); michael@0: SEC_END_PROTOS michael@0: michael@0: #endif