summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/pk11wrap/secmod.h
blob: 53181f01182b45ea98eeda8312850c475d577d5f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _SECMOD_H_
#define _SECMOD_H_
#include "seccomon.h"
#include "secmodt.h"
#include "prinrval.h"

/* These mechanisms flags are visible to all other libraries. */
/* They must be converted to internal SECMOD_*_FLAG */
/* if used inside the functions of the security library */
#define PUBLIC_MECH_RSA_FLAG 0x00000001ul
#define PUBLIC_MECH_DSA_FLAG 0x00000002ul
#define PUBLIC_MECH_RC2_FLAG 0x00000004ul
#define PUBLIC_MECH_RC4_FLAG 0x00000008ul
#define PUBLIC_MECH_DES_FLAG 0x00000010ul
#define PUBLIC_MECH_DH_FLAG 0x00000020ul
#define PUBLIC_MECH_FORTEZZA_FLAG 0x00000040ul
#define PUBLIC_MECH_RC5_FLAG 0x00000080ul
#define PUBLIC_MECH_SHA1_FLAG 0x00000100ul
#define PUBLIC_MECH_MD5_FLAG 0x00000200ul
#define PUBLIC_MECH_MD2_FLAG 0x00000400ul
#define PUBLIC_MECH_SSL_FLAG 0x00000800ul
#define PUBLIC_MECH_TLS_FLAG 0x00001000ul
#define PUBLIC_MECH_AES_FLAG 0x00002000ul
#define PUBLIC_MECH_SHA256_FLAG 0x00004000ul
#define PUBLIC_MECH_SHA512_FLAG 0x00008000ul
#define PUBLIC_MECH_CAMELLIA_FLAG 0x00010000ul
#define PUBLIC_MECH_SEED_FLAG 0x00020000ul
#define PUBLIC_MECH_ECC_FLAG 0x00040000ul

#define PUBLIC_MECH_RANDOM_FLAG 0x08000000ul
#define PUBLIC_MECH_FRIENDLY_FLAG 0x10000000ul
#define PUBLIC_OWN_PW_DEFAULTS 0X20000000ul
#define PUBLIC_DISABLE_FLAG 0x40000000ul

/* warning: reserved means reserved */
#define PUBLIC_MECH_RESERVED_FLAGS 0x87FF0000ul

/* These cipher flags are visible to all other libraries, */
/* But they must be converted before used in functions */
/* withing the security module */
#define PUBLIC_CIPHER_FORTEZZA_FLAG 0x00000001ul

/* warning: reserved means reserved */
#define PUBLIC_CIPHER_RESERVED_FLAGS 0xFFFFFFFEul

SEC_BEGIN_PROTOS

/*
 * the following functions are going to be deprecated in NSS 4.0 in
 * favor of the new stan functions.
 */

/* Initialization */
extern SECMODModule *SECMOD_LoadModule(char *moduleSpec, SECMODModule *parent,
                                       PRBool recurse);

extern SECMODModule *SECMOD_LoadUserModule(char *moduleSpec, SECMODModule *parent,
                                           PRBool recurse);

SECStatus SECMOD_UnloadUserModule(SECMODModule *mod);

SECMODModule *SECMOD_CreateModule(const char *lib, const char *name,
                                  const char *param, const char *nss);
SECMODModule *SECMOD_CreateModuleEx(const char *lib, const char *name,
                                    const char *param, const char *nss,
                                    const char *config);
/*
 * After a fork(), PKCS #11 says we need to call C_Initialize again in
 * the child before we can use the module. This function causes this
 * reinitialization.
 * NOTE: Any outstanding handles will become invalid, which means your
 * keys and contexts will fail, but new ones can be created.
 *
 * Setting 'force' to true means to do the reinitialization even if the
 * PKCS #11 module does not seem to need it. This allows software modules
 * which ignore fork to preserve their keys across the fork().
 */
SECStatus SECMOD_RestartModules(PRBool force);

/* Module Management */
char **SECMOD_GetModuleSpecList(SECMODModule *module);
SECStatus SECMOD_FreeModuleSpecList(SECMODModule *module, char **moduleSpecList);

/* protoypes */
/* Get a list of active PKCS #11 modules */
extern SECMODModuleList *SECMOD_GetDefaultModuleList(void);
/* Get a list of defined but not loaded PKCS #11 modules */
extern SECMODModuleList *SECMOD_GetDeadModuleList(void);
/* Get a list of Modules which define PKCS #11 modules to load */
extern SECMODModuleList *SECMOD_GetDBModuleList(void);

/* lock to protect all three module lists above */
extern SECMODListLock *SECMOD_GetDefaultModuleListLock(void);

extern SECStatus SECMOD_UpdateModule(SECMODModule *module);

/* lock management */
extern void SECMOD_GetReadLock(SECMODListLock *);
extern void SECMOD_ReleaseReadLock(SECMODListLock *);

/* Operate on modules by name */
extern SECMODModule *SECMOD_FindModule(const char *name);
extern SECStatus SECMOD_DeleteModule(const char *name, int *type);
extern SECStatus SECMOD_DeleteModuleEx(const char *name,
                                       SECMODModule *mod,
                                       int *type,
                                       PRBool permdb);
extern SECStatus SECMOD_DeleteInternalModule(const char *name);
extern PRBool SECMOD_CanDeleteInternalModule(void);
extern SECStatus SECMOD_AddNewModule(const char *moduleName,
                                     const char *dllPath,
                                     unsigned long defaultMechanismFlags,
                                     unsigned long cipherEnableFlags);
extern SECStatus SECMOD_AddNewModuleEx(const char *moduleName,
                                       const char *dllPath,
                                       unsigned long defaultMechanismFlags,
                                       unsigned long cipherEnableFlags,
                                       char *modparms,
                                       char *nssparms);

/* database/memory management */
extern SECMODModule *SECMOD_GetInternalModule(void);
extern SECMODModule *SECMOD_ReferenceModule(SECMODModule *module);
extern void SECMOD_DestroyModule(SECMODModule *module);
extern PK11SlotInfo *SECMOD_LookupSlot(SECMODModuleID module,
                                       unsigned long slotID);
extern PK11SlotInfo *SECMOD_FindSlot(SECMODModule *module, const char *name);

/* Funtion reports true if at least one of the modules */
/* of modType has been installed */
PRBool SECMOD_IsModulePresent(unsigned long int pubCipherEnableFlags);

/* accessors */
PRBool SECMOD_GetSkipFirstFlag(SECMODModule *mod);
PRBool SECMOD_GetDefaultModDBFlag(SECMODModule *mod);

/* Functions used to convert between internal & public representation
 * of Mechanism Flags and Cipher Enable Flags */
extern unsigned long SECMOD_PubMechFlagstoInternal(unsigned long publicFlags);
extern unsigned long SECMOD_InternaltoPubMechFlags(unsigned long internalFlags);
extern unsigned long SECMOD_PubCipherFlagstoInternal(unsigned long publicFlags);

/*
 * Check to see if the module has removable slots that we may need to
 * watch for.
 *
 * NB: This function acquires the module list lock in order to access
 * mod->slotCount and mod->slots. Deadlock can occur if the caller holds the
 * module list lock. Callers that already hold the module list lock must use
 * SECMOD_LockedModuleHasRemovableSlots instead.
 */
PRBool SECMOD_HasRemovableSlots(SECMODModule *mod);

/*
 * Like SECMOD_HasRemovableSlots but this function does not acquire the module
 * list lock.
 */
PRBool SECMOD_LockedModuleHasRemovableSlots(SECMODModule *mod);

/*
 * this function waits for a token event on any slot of a given module
 * This function should not be called from more than one thread of the
 * same process (though other threads can make other library calls
 * on this module while this call is blocked).
 *
 * Caller must not hold a module list read lock.
 */
PK11SlotInfo *SECMOD_WaitForAnyTokenEvent(SECMODModule *mod,
                                          unsigned long flags, PRIntervalTime latency);
/*
 * Warning: the SECMOD_CancelWait function is highly destructive, potentially
 * finalizing  the module 'mod' (causing inprogress operations to fail,
 * and session key material to disappear). It should only be called when
 * shutting down  the module.
 */
SECStatus SECMOD_CancelWait(SECMODModule *mod);

/*
 * check to see if the module has added new slots. PKCS 11 v2.20 allows for
 * modules to add new slots, but never remove them. Slots not be added between
 * a call to C_GetSlotLlist(Flag, NULL, &count) and the corresponding
 * C_GetSlotList(flag, &data, &count) so that the array doesn't accidently
 * grow on the caller. It is permissible for the slots to increase between
 * corresponding calls with NULL to get the size.
 *
 * Caller must not hold a module list read lock.
 */
SECStatus SECMOD_UpdateSlotList(SECMODModule *mod);
SEC_END_PROTOS

#endif