diff options
Diffstat (limited to 'security/nss/lib/pk11wrap/secmod.h')
-rw-r--r-- | security/nss/lib/pk11wrap/secmod.h | 194 |
1 files changed, 194 insertions, 0 deletions
diff --git a/security/nss/lib/pk11wrap/secmod.h b/security/nss/lib/pk11wrap/secmod.h new file mode 100644 index 0000000000..53181f0118 --- /dev/null +++ b/security/nss/lib/pk11wrap/secmod.h @@ -0,0 +1,194 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#ifndef _SECMOD_H_ +#define _SECMOD_H_ +#include "seccomon.h" +#include "secmodt.h" +#include "prinrval.h" + +/* These mechanisms flags are visible to all other libraries. */ +/* They must be converted to internal SECMOD_*_FLAG */ +/* if used inside the functions of the security library */ +#define PUBLIC_MECH_RSA_FLAG 0x00000001ul +#define PUBLIC_MECH_DSA_FLAG 0x00000002ul +#define PUBLIC_MECH_RC2_FLAG 0x00000004ul +#define PUBLIC_MECH_RC4_FLAG 0x00000008ul +#define PUBLIC_MECH_DES_FLAG 0x00000010ul +#define PUBLIC_MECH_DH_FLAG 0x00000020ul +#define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul +#define PUBLIC_MECH_RC5_FLAG 0x00000080ul +#define PUBLIC_MECH_SHA1_FLAG 0x00000100ul +#define PUBLIC_MECH_MD5_FLAG 0x00000200ul +#define PUBLIC_MECH_MD2_FLAG 0x00000400ul +#define PUBLIC_MECH_SSL_FLAG 0x00000800ul +#define PUBLIC_MECH_TLS_FLAG 0x00001000ul +#define PUBLIC_MECH_AES_FLAG 0x00002000ul +#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul +#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul +#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul +#define PUBLIC_MECH_SEED_FLAG 0x00020000ul +#define PUBLIC_MECH_ECC_FLAG 0x00040000ul + +#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul +#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul +#define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul +#define PUBLIC_DISABLE_FLAG 0x40000000ul + +/* warning: reserved means reserved */ +#define PUBLIC_MECH_RESERVED_FLAGS 0x87FF0000ul + +/* These cipher flags are visible to all other libraries, */ +/* But they must be converted before used in functions */ +/* withing the security module */ +#define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul + +/* warning: reserved means reserved */ +#define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul + +SEC_BEGIN_PROTOS + +/* + * the following functions are going to be deprecated in NSS 4.0 in + * favor of the new stan functions. + */ + +/* Initialization */ +extern SECMODModule *SECMOD_LoadModule(char *moduleSpec, SECMODModule *parent, + PRBool recurse); + +extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec, SECMODModule *parent, + PRBool recurse); + +SECStatus SECMOD_UnloadUserModule(SECMODModule *mod); + +SECMODModule *SECMOD_CreateModule(const char *lib, const char *name, + const char *param, const char *nss); +SECMODModule *SECMOD_CreateModuleEx(const char *lib, const char *name, + const char *param, const char *nss, + const char *config); +/* + * After a fork(), PKCS #11 says we need to call C_Initialize again in + * the child before we can use the module. This function causes this + * reinitialization. + * NOTE: Any outstanding handles will become invalid, which means your + * keys and contexts will fail, but new ones can be created. + * + * Setting 'force' to true means to do the reinitialization even if the + * PKCS #11 module does not seem to need it. This allows software modules + * which ignore fork to preserve their keys across the fork(). + */ +SECStatus SECMOD_RestartModules(PRBool force); + +/* Module Management */ +char **SECMOD_GetModuleSpecList(SECMODModule *module); +SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module, char **moduleSpecList); + +/* protoypes */ +/* Get a list of active PKCS #11 modules */ +extern SECMODModuleList *SECMOD_GetDefaultModuleList(void); +/* Get a list of defined but not loaded PKCS #11 modules */ +extern SECMODModuleList *SECMOD_GetDeadModuleList(void); +/* Get a list of Modules which define PKCS #11 modules to load */ +extern SECMODModuleList *SECMOD_GetDBModuleList(void); + +/* lock to protect all three module lists above */ +extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void); + +extern SECStatus SECMOD_UpdateModule(SECMODModule *module); + +/* lock management */ +extern void SECMOD_GetReadLock(SECMODListLock *); +extern void SECMOD_ReleaseReadLock(SECMODListLock *); + +/* Operate on modules by name */ +extern SECMODModule *SECMOD_FindModule(const char *name); +extern SECStatus SECMOD_DeleteModule(const char *name, int *type); +extern SECStatus SECMOD_DeleteModuleEx(const char *name, + SECMODModule *mod, + int *type, + PRBool permdb); +extern SECStatus SECMOD_DeleteInternalModule(const char *name); +extern PRBool SECMOD_CanDeleteInternalModule(void); +extern SECStatus SECMOD_AddNewModule(const char *moduleName, + const char *dllPath, + unsigned long defaultMechanismFlags, + unsigned long cipherEnableFlags); +extern SECStatus SECMOD_AddNewModuleEx(const char *moduleName, + const char *dllPath, + unsigned long defaultMechanismFlags, + unsigned long cipherEnableFlags, + char *modparms, + char *nssparms); + +/* database/memory management */ +extern SECMODModule *SECMOD_GetInternalModule(void); +extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module); +extern void SECMOD_DestroyModule(SECMODModule *module); +extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module, + unsigned long slotID); +extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module, const char *name); + +/* Funtion reports true if at least one of the modules */ +/* of modType has been installed */ +PRBool SECMOD_IsModulePresent(unsigned long int pubCipherEnableFlags); + +/* accessors */ +PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod); +PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod); + +/* Functions used to convert between internal & public representation + * of Mechanism Flags and Cipher Enable Flags */ +extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags); +extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags); +extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags); + +/* + * Check to see if the module has removable slots that we may need to + * watch for. + * + * NB: This function acquires the module list lock in order to access + * mod->slotCount and mod->slots. Deadlock can occur if the caller holds the + * module list lock. Callers that already hold the module list lock must use + * SECMOD_LockedModuleHasRemovableSlots instead. + */ +PRBool SECMOD_HasRemovableSlots(SECMODModule *mod); + +/* + * Like SECMOD_HasRemovableSlots but this function does not acquire the module + * list lock. + */ +PRBool SECMOD_LockedModuleHasRemovableSlots(SECMODModule *mod); + +/* + * this function waits for a token event on any slot of a given module + * This function should not be called from more than one thread of the + * same process (though other threads can make other library calls + * on this module while this call is blocked). + * + * Caller must not hold a module list read lock. + */ +PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod, + unsigned long flags, PRIntervalTime latency); +/* + * Warning: the SECMOD_CancelWait function is highly destructive, potentially + * finalizing the module 'mod' (causing inprogress operations to fail, + * and session key material to disappear). It should only be called when + * shutting down the module. + */ +SECStatus SECMOD_CancelWait(SECMODModule *mod); + +/* + * check to see if the module has added new slots. PKCS 11 v2.20 allows for + * modules to add new slots, but never remove them. Slots not be added between + * a call to C_GetSlotLlist(Flag, NULL, &count) and the corresponding + * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently + * grow on the caller. It is permissible for the slots to increase between + * corresponding calls with NULL to get the size. + * + * Caller must not hold a module list read lock. + */ +SECStatus SECMOD_UpdateSlotList(SECMODModule *mod); +SEC_END_PROTOS + +#endif |