summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/secmodti.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--security/nss/lib/pk11wrap/secmodti.h205
1 files changed, 205 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/secmodti.h b/security/nss/lib/pk11wrap/secmodti.h
new file mode 100644
index 0000000000..5dca1e46cd
--- /dev/null
+++ b/security/nss/lib/pk11wrap/secmodti.h
@@ -0,0 +1,205 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+/*
+ * Internal header file included only by files in pkcs11 dir, or in
+ * pkcs11 specific client and server files.
+ */
+
+#ifndef _SECMODTI_H_
+#define _SECMODTI_H_ 1
+#include "prmon.h"
+#include "prtypes.h"
+#include "nssilckt.h"
+#include "secmodt.h"
+#include "pkcs11t.h"
+
+#include "nssdevt.h"
+
+/* internal data structures */
+
+/* Traverse slots callback */
+typedef struct pk11TraverseSlotStr {
+ SECStatus (*callback)(PK11SlotInfo *, CK_OBJECT_HANDLE, void *);
+ void *callbackArg;
+ CK_ATTRIBUTE *findTemplate;
+ int templateCount;
+} pk11TraverseSlot;
+
+/* represent a pkcs#11 slot reference counted. */
+struct PK11SlotInfoStr {
+ /* the PKCS11 function list for this slot */
+ void *functionList;
+ SECMODModule *module; /* our parent module */
+ /* Boolean to indicate the current state of this slot */
+ PRBool needTest; /* Has this slot been tested for Export complience */
+ PRBool isPerm; /* is this slot a permanment device */
+ PRBool isHW; /* is this slot a hardware device */
+ PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */
+ PRBool disabled; /* is this slot disabled... */
+ PK11DisableReasons reason; /* Why this slot is disabled */
+ PRBool readOnly; /* is the token in this slot read-only */
+ PRBool needLogin; /* does the token of the type that needs
+ * authentication (still true even if token is logged
+ * in) */
+ PRBool hasRandom; /* can this token generated random numbers */
+ PRBool defRWSession; /* is the default session RW (we open our default
+ * session rw if the token can only handle one session
+ * at a time. */
+ PRBool isThreadSafe; /* copied from the module */
+ /* The actual flags (many of which are distilled into the above PRBools) */
+ CK_FLAGS flags; /* flags from PKCS #11 token Info */
+ /* a default session handle to do quick and dirty functions */
+ CK_SESSION_HANDLE session;
+ PZLock *sessionLock; /* lock for this session */
+ /* our ID */
+ CK_SLOT_ID slotID;
+ /* persistant flags saved from startup to startup */
+ unsigned long defaultFlags;
+ /* keep track of who is using us so we don't accidently get freed while
+ * still in use */
+ PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */
+ PZLock *freeListLock;
+ PK11SymKey *freeSymKeysWithSessionHead;
+ PK11SymKey *freeSymKeysHead;
+ int keyCount;
+ int maxKeyCount;
+ /* Password control functions for this slot. many of these are only
+ * active if the appropriate flag is on in defaultFlags */
+ int askpw; /* what our password options are */
+ int timeout; /* If we're ask_timeout, what is our timeout time is
+ * seconds */
+ int authTransact; /* allow multiple authentications off one password if
+ * they are all part of the same transaction */
+ PRTime authTime; /* when were we last authenticated */
+ int minPassword; /* smallest legal password */
+ int maxPassword; /* largest legal password */
+ PRUint16 series; /* break up the slot info into various groups of
+ * inserted tokens so that keys and certs can be
+ * invalidated */
+ PRUint16 flagSeries; /* record the last series for the last event
+ * returned for this slot */
+ PRBool flagState; /* record the state of the last event returned for this
+ * slot. */
+ PRUint16 wrapKey; /* current wrapping key for SSL master secrets */
+ CK_MECHANISM_TYPE wrapMechanism;
+ /* current wrapping mechanism for current wrapKey */
+ CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
+ CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
+ * token */
+ int mechanismCount;
+ /* cache the certificates stored on the token of this slot */
+ CERTCertificate **cert_array;
+ int array_size;
+ int cert_count;
+ char serial[16];
+ /* since these are odd sizes, keep them last. They are odd sizes to
+ * allow them to become null terminated strings */
+ char slot_name[65];
+ char token_name[33];
+ PRBool hasRootCerts;
+ PRBool hasRootTrust;
+ PRBool hasRSAInfo;
+ CK_FLAGS RSAInfoFlags;
+ PRBool protectedAuthPath;
+ PRBool isActiveCard;
+ PRIntervalTime lastLoginCheck;
+ unsigned int lastState;
+ /* for Stan */
+ NSSToken *nssToken;
+ PZLock *nssTokenLock;
+ /* the tokeninfo struct */
+ CK_TOKEN_INFO tokenInfo;
+ /* fast mechanism lookup */
+ char mechanismBits[256];
+ CK_PROFILE_ID *profileList;
+ int profileCount;
+};
+
+/* Symetric Key structure. Reference Counted */
+struct PK11SymKeyStr {
+ CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
+ CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
+ PK11SlotInfo *slot; /* Slot this key is loaded into */
+ void *cx; /* window context in case we need to loggin */
+ PK11SymKey *next;
+ PRBool owner;
+ SECItem data; /* raw key data if available */
+ CK_SESSION_HANDLE session;
+ PRBool sessionOwner;
+ PRInt32 refCount; /* number of references to this key */
+ int size; /* key size in bytes */
+ PK11Origin origin; /* where this key came from
+ * (see def in secmodt.h) */
+ PK11SymKey *parent; /* potential owner key of the session */
+ PRUint16 series; /* break up the slot info into various groups
+ * of inserted tokens so that keys and certs
+ * can be invalidated */
+ void *userData; /* random data the application can attach to
+ * this key */
+ PK11FreeDataFunc freeFunc; /* function to free the user data */
+};
+
+/*
+ * hold a hash, encryption or signing context for multi-part operations.
+ * hold enough information so that multiple contexts can be interleaved
+ * if necessary. ... Not RefCounted.
+ */
+struct PK11ContextStr {
+ CK_ATTRIBUTE_TYPE operation; /* type of operation this context is
+ * doing (CKA_ENCRYPT, CKA_SIGN,
+ * CKA_HASH, etc.) */
+ PK11SymKey *key; /* symetric key for this context */
+ CK_OBJECT_HANDLE objectID; /* object handle to key */
+ PK11SlotInfo *slot; /* slot this context is using */
+ CK_SESSION_HANDLE session; /* session this context is using */
+ PZLock *sessionLock; /* lock before accessing a PKCS #11
+ * session */
+ PRBool ownSession; /* do we own the session? */
+ void *pwArg; /* applicaton specific passwd arg */
+ void *savedData; /* save data when we are
+ * multiplexing on a single context */
+ unsigned long savedLength; /* length of the saved context */
+ SECItem *param; /* mechanism parameters used to
+ * build this context */
+ PRBool init; /* this contexted been initialized? */
+ CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context
+ * is representing (usually what
+ * algorithm is being used
+ * (CKM_RSA_PKCS, CKM_DES, CKM_SHA,
+ * etc. */
+ PRBool fortezzaHack; /* Fortezza SSL has some special
+ * non-standard semantics*/
+ PRBool simulate_message; /* We are initializing a message
+ * interface but the underlying
+ * PKCS #11 module does not support
+ * it. We simulate the interface with
+ * the PCKS #11 v2 interface */
+ CK_MECHANISM_TYPE simulate_mechanism; /* The mechanism we are simulating */
+ PRUint64 ivCounter; /* iv counter for simulated message */
+ PRUint64 ivMaxCount; /* total number of IVs valid for
+ * this key */
+ unsigned long ivLen; /* length of the iv in bytes */
+ unsigned int ivFixedBits; /* number of bits not generated
+ * for the iv */
+ CK_GENERATOR_FUNCTION ivGen; /* PKCS #11 iv generator value */
+};
+
+/*
+ * structure to hold a pointer to a unique PKCS #11 object
+ * (pointer to the slot and the object id).
+ */
+struct PK11GenericObjectStr {
+ PK11GenericObject *prev;
+ PK11GenericObject *next;
+ PK11SlotInfo *slot;
+ CK_OBJECT_HANDLE objectID;
+ PRBool owner;
+};
+
+#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
+
+/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
+#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
+
+#endif /* _SECMODTI_H_ */