michael@0: /* This Source Code Form is subject to the terms of the Mozilla Public michael@0: * License, v. 2.0. If a copy of the MPL was not distributed with this michael@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ michael@0: /* michael@0: * Internal header file included only by files in pkcs11 dir, or in michael@0: * pkcs11 specific client and server files. michael@0: */ michael@0: michael@0: #ifndef _SECMODTI_H_ michael@0: #define _SECMODTI_H_ 1 michael@0: #include "prmon.h" michael@0: #include "prtypes.h" michael@0: #include "nssilckt.h" michael@0: #include "secmodt.h" michael@0: #include "pkcs11t.h" michael@0: michael@0: #include "nssdevt.h" michael@0: michael@0: /* internal data structures */ michael@0: michael@0: /* Traverse slots callback */ michael@0: typedef struct pk11TraverseSlotStr { michael@0: SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *); michael@0: void *callbackArg; michael@0: CK_ATTRIBUTE *findTemplate; michael@0: int templateCount; michael@0: } pk11TraverseSlot; michael@0: michael@0: michael@0: /* represent a pkcs#11 slot reference counted. */ michael@0: struct PK11SlotInfoStr { michael@0: /* the PKCS11 function list for this slot */ michael@0: void *functionList; michael@0: SECMODModule *module; /* our parent module */ michael@0: /* Boolean to indicate the current state of this slot */ michael@0: PRBool needTest; /* Has this slot been tested for Export complience */ michael@0: PRBool isPerm; /* is this slot a permanment device */ michael@0: PRBool isHW; /* is this slot a hardware device */ michael@0: PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */ michael@0: PRBool disabled; /* is this slot disabled... */ michael@0: PK11DisableReasons reason; /* Why this slot is disabled */ michael@0: PRBool readOnly; /* is the token in this slot read-only */ michael@0: PRBool needLogin; /* does the token of the type that needs michael@0: * authentication (still true even if token is logged michael@0: * in) */ michael@0: PRBool hasRandom; /* can this token generated random numbers */ michael@0: PRBool defRWSession; /* is the default session RW (we open our default michael@0: * session rw if the token can only handle one session michael@0: * at a time. */ michael@0: PRBool isThreadSafe; /* copied from the module */ michael@0: /* The actual flags (many of which are distilled into the above PRBools) */ michael@0: CK_FLAGS flags; /* flags from PKCS #11 token Info */ michael@0: /* a default session handle to do quick and dirty functions */ michael@0: CK_SESSION_HANDLE session; michael@0: PZLock *sessionLock; /* lock for this session */ michael@0: /* our ID */ michael@0: CK_SLOT_ID slotID; michael@0: /* persistant flags saved from startup to startup */ michael@0: unsigned long defaultFlags; michael@0: /* keep track of who is using us so we don't accidently get freed while michael@0: * still in use */ michael@0: PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */ michael@0: PZLock *freeListLock; michael@0: PK11SymKey *freeSymKeysWithSessionHead; michael@0: PK11SymKey *freeSymKeysHead; michael@0: int keyCount; michael@0: int maxKeyCount; michael@0: /* Password control functions for this slot. many of these are only michael@0: * active if the appropriate flag is on in defaultFlags */ michael@0: int askpw; /* what our password options are */ michael@0: int timeout; /* If we're ask_timeout, what is our timeout time is michael@0: * seconds */ michael@0: int authTransact; /* allow multiple authentications off one password if michael@0: * they are all part of the same transaction */ michael@0: PRTime authTime; /* when were we last authenticated */ michael@0: int minPassword; /* smallest legal password */ michael@0: int maxPassword; /* largest legal password */ michael@0: PRUint16 series; /* break up the slot info into various groups of michael@0: * inserted tokens so that keys and certs can be michael@0: * invalidated */ michael@0: PRUint16 flagSeries;/* record the last series for the last event michael@0: * returned for this slot */ michael@0: PRBool flagState; /* record the state of the last event returned for this michael@0: * slot. */ michael@0: PRUint16 wrapKey; /* current wrapping key for SSL master secrets */ michael@0: CK_MECHANISM_TYPE wrapMechanism; michael@0: /* current wrapping mechanism for current wrapKey */ michael@0: CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */ michael@0: CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this michael@0: * token */ michael@0: int mechanismCount; michael@0: /* cache the certificates stored on the token of this slot */ michael@0: CERTCertificate **cert_array; michael@0: int array_size; michael@0: int cert_count; michael@0: char serial[16]; michael@0: /* since these are odd sizes, keep them last. They are odd sizes to michael@0: * allow them to become null terminated strings */ michael@0: char slot_name[65]; michael@0: char token_name[33]; michael@0: PRBool hasRootCerts; michael@0: PRBool hasRootTrust; michael@0: PRBool hasRSAInfo; michael@0: CK_FLAGS RSAInfoFlags; michael@0: PRBool protectedAuthPath; michael@0: PRBool isActiveCard; michael@0: PRIntervalTime lastLoginCheck; michael@0: unsigned int lastState; michael@0: /* for Stan */ michael@0: NSSToken *nssToken; michael@0: /* fast mechanism lookup */ michael@0: char mechanismBits[256]; michael@0: }; michael@0: michael@0: /* Symetric Key structure. Reference Counted */ michael@0: struct PK11SymKeyStr { michael@0: CK_MECHANISM_TYPE type; /* type of operation this key was created for*/ michael@0: CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */ michael@0: PK11SlotInfo *slot; /* Slot this key is loaded into */ michael@0: void *cx; /* window context in case we need to loggin */ michael@0: PK11SymKey *next; michael@0: PRBool owner; michael@0: SECItem data; /* raw key data if available */ michael@0: CK_SESSION_HANDLE session; michael@0: PRBool sessionOwner; michael@0: PRInt32 refCount; /* number of references to this key */ michael@0: int size; /* key size in bytes */ michael@0: PK11Origin origin; /* where this key came from michael@0: * (see def in secmodt.h) */ michael@0: PK11SymKey *parent; /* potential owner key of the session */ michael@0: PRUint16 series; /* break up the slot info into various groups michael@0: * of inserted tokens so that keys and certs michael@0: * can be invalidated */ michael@0: void *userData; /* random data the application can attach to michael@0: * this key */ michael@0: PK11FreeDataFunc freeFunc; /* function to free the user data */ michael@0: }; michael@0: michael@0: michael@0: /* michael@0: * hold a hash, encryption or signing context for multi-part operations. michael@0: * hold enough information so that multiple contexts can be interleaved michael@0: * if necessary. ... Not RefCounted. michael@0: */ michael@0: struct PK11ContextStr { michael@0: CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing michael@0: * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */ michael@0: PK11SymKey *key; /* symetric key used in this context */ michael@0: PK11SlotInfo *slot; /* slot this context is operationing on */ michael@0: CK_SESSION_HANDLE session; /* session this context is using */ michael@0: PZLock *sessionLock; /* lock before accessing a PKCS #11 michael@0: * session */ michael@0: PRBool ownSession;/* do we own the session? */ michael@0: void *cx; /* window context in case we need to loggin*/ michael@0: void *savedData;/* save data when we are multiplexing on a michael@0: * single context */ michael@0: unsigned long savedLength; /* length of the saved context */ michael@0: SECItem *param; /* mechanism parameters used to build this michael@0: context */ michael@0: PRBool init; /* has this contexted been initialized */ michael@0: CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is michael@0: * representing (usually what algorithm is michael@0: * being used (CKM_RSA_PKCS, CKM_DES, michael@0: * CKM_SHA, etc.*/ michael@0: PRBool fortezzaHack; /*Fortezza SSL has some special michael@0: * non-standard semantics*/ michael@0: }; michael@0: michael@0: /* michael@0: * structure to hold a pointer to a unique PKCS #11 object michael@0: * (pointer to the slot and the object id). michael@0: */ michael@0: struct PK11GenericObjectStr { michael@0: PK11GenericObject *prev; michael@0: PK11GenericObject *next; michael@0: PK11SlotInfo *slot; michael@0: CK_OBJECT_HANDLE objectID; michael@0: }; michael@0: michael@0: michael@0: #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ michael@0: michael@0: /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ michael@0: #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL michael@0: michael@0: michael@0: #endif /* _SECMODTI_H_ */