OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * Internal header file included only by files in pkcs11 dir, or in | 5 * Internal header file included only by files in pkcs11 dir, or in |
6 * pkcs11 specific client and server files. | 6 * pkcs11 specific client and server files. |
7 */ | 7 */ |
8 | 8 |
9 #ifndef _SECMODTI_H_ | 9 #ifndef _SECMODTI_H_ |
10 #define _SECMODTI_H_ 1 | 10 #define _SECMODTI_H_ 1 |
11 #include "prmon.h" | 11 #include "prmon.h" |
12 #include "prtypes.h" | 12 #include "prtypes.h" |
13 #include "nssilckt.h" | 13 #include "nssilckt.h" |
14 #include "secmodt.h" | 14 #include "secmodt.h" |
15 #include "pkcs11t.h" | 15 #include "pkcs11t.h" |
16 | 16 |
17 #include "nssdevt.h" | 17 #include "nssdevt.h" |
18 | 18 |
19 /* internal data structures */ | 19 /* internal data structures */ |
20 | 20 |
21 /* Traverse slots callback */ | 21 /* Traverse slots callback */ |
22 typedef struct pk11TraverseSlotStr { | 22 typedef struct pk11TraverseSlotStr { |
23 SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *); | 23 SECStatus (*callback)(PK11SlotInfo *, CK_OBJECT_HANDLE, void *); |
24 void *callbackArg; | 24 void *callbackArg; |
25 CK_ATTRIBUTE *findTemplate; | 25 CK_ATTRIBUTE *findTemplate; |
26 int templateCount; | 26 int templateCount; |
27 } pk11TraverseSlot; | 27 } pk11TraverseSlot; |
28 | 28 |
29 | |
30 /* represent a pkcs#11 slot reference counted. */ | 29 /* represent a pkcs#11 slot reference counted. */ |
31 struct PK11SlotInfoStr { | 30 struct PK11SlotInfoStr { |
32 /* the PKCS11 function list for this slot */ | 31 /* the PKCS11 function list for this slot */ |
33 void *functionList; | 32 void *functionList; |
34 SECMODModule *module; /* our parent module */ | 33 SECMODModule *module; /* our parent module */ |
35 /* Boolean to indicate the current state of this slot */ | 34 /* Boolean to indicate the current state of this slot */ |
36 PRBool needTest;» /* Has this slot been tested for Export complience */ | 35 PRBool needTest; /* Has this slot been tested for Export complience */ |
37 PRBool isPerm;» /* is this slot a permanment device */ | 36 PRBool isPerm; /* is this slot a permanment device */ |
38 PRBool isHW;» /* is this slot a hardware device */ | 37 PRBool isHW; /* is this slot a hardware device */ |
39 PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */ | 38 PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */ |
40 PRBool disabled;» /* is this slot disabled... */ | 39 PRBool disabled; /* is this slot disabled... */ |
41 PK11DisableReasons reason; »/* Why this slot is disabled */ | 40 PK11DisableReasons reason; /* Why this slot is disabled */ |
42 PRBool readOnly;» /* is the token in this slot read-only */ | 41 PRBool readOnly; /* is the token in this slot read-only */ |
43 PRBool needLogin;» /* does the token of the type that needs· | 42 PRBool needLogin; /* does the token of the type that needs |
44 » » » * authentication (still true even if token is logged· | 43 * authentication (still true even if token is logged |
45 » » » * in) */ | 44 * in) */ |
46 PRBool hasRandom; /* can this token generated random numbers */ | 45 PRBool hasRandom; /* can this token generated random numbers */ |
47 PRBool defRWSession; /* is the default session RW (we open our default· | 46 PRBool defRWSession; /* is the default session RW (we open our default |
48 » » » * session rw if the token can only handle one session | 47 * session rw if the token can only handle one session |
49 » » » * at a time. */ | 48 * at a time. */ |
50 PRBool isThreadSafe; /* copied from the module */ | 49 PRBool isThreadSafe; /* copied from the module */ |
51 /* The actual flags (many of which are distilled into the above PRBools) */ | 50 /* The actual flags (many of which are distilled into the above PRBools) */ |
52 CK_FLAGS flags; /* flags from PKCS #11 token Info */ | 51 CK_FLAGS flags; /* flags from PKCS #11 token Info */ |
53 /* a default session handle to do quick and dirty functions */ | 52 /* a default session handle to do quick and dirty functions */ |
54 CK_SESSION_HANDLE session;· | 53 CK_SESSION_HANDLE session; |
55 PZLock *sessionLock; /* lock for this session */ | 54 PZLock *sessionLock; /* lock for this session */ |
56 /* our ID */ | 55 /* our ID */ |
57 CK_SLOT_ID slotID; | 56 CK_SLOT_ID slotID; |
58 /* persistant flags saved from startup to startup */ | 57 /* persistant flags saved from startup to startup */ |
59 unsigned long defaultFlags; | 58 unsigned long defaultFlags; |
60 /* keep track of who is using us so we don't accidently get freed while | 59 /* keep track of who is using us so we don't accidently get freed while |
61 * still in use */ | 60 * still in use */ |
62 PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */ | 61 PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */ |
63 PZLock *freeListLock; | 62 PZLock *freeListLock; |
64 PK11SymKey *freeSymKeysWithSessionHead; | 63 PK11SymKey *freeSymKeysWithSessionHead; |
65 PK11SymKey *freeSymKeysHead; | 64 PK11SymKey *freeSymKeysHead; |
66 int keyCount; | 65 int keyCount; |
67 int maxKeyCount; | 66 int maxKeyCount; |
68 /* Password control functions for this slot. many of these are only | 67 /* Password control functions for this slot. many of these are only |
69 * active if the appropriate flag is on in defaultFlags */ | 68 * active if the appropriate flag is on in defaultFlags */ |
70 int askpw;» » /* what our password options are */ | 69 int askpw; /* what our password options are */ |
71 int timeout;» /* If we're ask_timeout, what is our timeout time is· | 70 int timeout; /* If we're ask_timeout, what is our timeout time is |
72 » » » * seconds */ | 71 * seconds */ |
73 int authTransact; /* allow multiple authentications off one password if | 72 int authTransact; /* allow multiple authentications off one password if |
74 » » * they are all part of the same transaction */ | 73 * they are all part of the same transaction */ |
75 PRTime authTime;» /* when were we last authenticated */ | 74 PRTime authTime; /* when were we last authenticated */ |
76 int minPassword;» /* smallest legal password */ | 75 int minPassword; /* smallest legal password */ |
77 int maxPassword;» /* largest legal password */ | 76 int maxPassword; /* largest legal password */ |
78 PRUint16 series;» /* break up the slot info into various groups of | 77 PRUint16 series; /* break up the slot info into various groups of |
79 » » » * inserted tokens so that keys and certs can be | 78 * inserted tokens so that keys and certs can be |
80 » » » * invalidated */ | 79 * invalidated */ |
81 PRUint16 flagSeries;/* record the last series for the last event | 80 PRUint16 flagSeries; /* record the last series for the last event |
82 * returned for this slot */ | 81 * returned for this slot */ |
83 PRBool flagState;» /* record the state of the last event returned for this | 82 PRBool flagState; /* record the state of the last event returned for this |
84 » » » * slot. */ | 83 * slot. */ |
85 PRUint16 wrapKey;» /* current wrapping key for SSL master secrets */ | 84 PRUint16 wrapKey; /* current wrapping key for SSL master secrets */ |
86 CK_MECHANISM_TYPE wrapMechanism; | 85 CK_MECHANISM_TYPE wrapMechanism; |
87 » » » /* current wrapping mechanism for current wrapKey */ | 86 /* current wrapping mechanism for current wrapKey */ |
88 CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */ | 87 CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */ |
89 CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this | 88 CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this |
90 » » » » * token */ | 89 * token */ |
91 int mechanismCount; | 90 int mechanismCount; |
92 /* cache the certificates stored on the token of this slot */ | 91 /* cache the certificates stored on the token of this slot */ |
93 CERTCertificate **cert_array; | 92 CERTCertificate **cert_array; |
94 int array_size; | 93 int array_size; |
95 int cert_count; | 94 int cert_count; |
96 char serial[16]; | 95 char serial[16]; |
97 /* since these are odd sizes, keep them last. They are odd sizes to· | 96 /* since these are odd sizes, keep them last. They are odd sizes to |
98 * allow them to become null terminated strings */ | 97 * allow them to become null terminated strings */ |
99 char slot_name[65]; | 98 char slot_name[65]; |
100 char token_name[33]; | 99 char token_name[33]; |
101 PRBool hasRootCerts; | 100 PRBool hasRootCerts; |
102 PRBool hasRootTrust; | 101 PRBool hasRootTrust; |
103 PRBool hasRSAInfo; | 102 PRBool hasRSAInfo; |
104 CK_FLAGS RSAInfoFlags; | 103 CK_FLAGS RSAInfoFlags; |
105 PRBool protectedAuthPath; | 104 PRBool protectedAuthPath; |
106 PRBool isActiveCard; | 105 PRBool isActiveCard; |
107 PRIntervalTime lastLoginCheck; | 106 PRIntervalTime lastLoginCheck; |
108 unsigned int lastState; | 107 unsigned int lastState; |
109 /* for Stan */ | 108 /* for Stan */ |
110 NSSToken *nssToken; | 109 NSSToken *nssToken; |
111 /* fast mechanism lookup */ | 110 /* fast mechanism lookup */ |
112 char mechanismBits[256]; | 111 char mechanismBits[256]; |
113 }; | 112 }; |
114 | 113 |
115 /* Symetric Key structure. Reference Counted */ | 114 /* Symetric Key structure. Reference Counted */ |
116 struct PK11SymKeyStr { | 115 struct PK11SymKeyStr { |
117 CK_MECHANISM_TYPE type;» /* type of operation this key was created for*/ | 116 CK_MECHANISM_TYPE type; /* type of operation this key was created for*/ |
118 CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */ | 117 CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */ |
119 PK11SlotInfo *slot; /* Slot this key is loaded into */ | 118 PK11SlotInfo *slot; /* Slot this key is loaded into */ |
120 void» *cx;» /* window context in case we need to loggin */ | 119 void *cx; /* window context in case we need to loggin */ |
121 PK11SymKey» *next; | 120 PK11SymKey *next; |
122 PRBool» owner; | 121 PRBool owner; |
123 SECItem» data;» /* raw key data if available */ | 122 SECItem data; /* raw key data if available */ |
124 CK_SESSION_HANDLE session; | 123 CK_SESSION_HANDLE session; |
125 PRBool» sessionOwner; | 124 PRBool sessionOwner; |
126 PRInt32» refCount;»/* number of references to this key */ | 125 PRInt32 refCount; /* number of references to this key */ |
127 int»» size;» /* key size in bytes */ | 126 int size; /* key size in bytes */ |
128 PK11Origin» origin;» /* where this key came from· | 127 PK11Origin origin; /* where this key came from |
129 * (see def in secmodt.h) */ | 128 * (see def in secmodt.h) */ |
130 PK11SymKey *parent; /* potential owner key of the session */ | 129 PK11SymKey *parent; /* potential owner key of the session */ |
131 PRUint16 series;» » /* break up the slot info into various groups | 130 PRUint16 series; /* break up the slot info into various groups |
132 » » » » * of inserted tokens so that keys and certs· | 131 * of inserted tokens so that keys and certs |
133 » » » » * can be invalidated */ | 132 * can be invalidated */ |
134 void *userData;» » /* random data the application can attach to | 133 void *userData; /* random data the application can attach to |
135 * this key */ | 134 * this key */ |
136 PK11FreeDataFunc freeFunc;» /* function to free the user data */ | 135 PK11FreeDataFunc freeFunc; /* function to free the user data */ |
137 }; | 136 }; |
138 | 137 |
139 | |
140 /* | 138 /* |
141 * hold a hash, encryption or signing context for multi-part operations. | 139 * hold a hash, encryption or signing context for multi-part operations. |
142 * hold enough information so that multiple contexts can be interleaved | 140 * hold enough information so that multiple contexts can be interleaved |
143 * if necessary. ... Not RefCounted. | 141 * if necessary. ... Not RefCounted. |
144 */ | 142 */ |
145 struct PK11ContextStr { | 143 struct PK11ContextStr { |
146 CK_ATTRIBUTE_TYPE» operation; /* type of operation this context is doing | 144 CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing |
147 » » » » * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */ | 145 * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */ |
148 PK11SymKey » *key;» /* symetric key used in this context */ | 146 PK11SymKey *key; /* symetric key used in this context */ |
149 PK11SlotInfo» *slot;» /* slot this context is operationing on */ | 147 PK11SlotInfo *slot; /* slot this context is operationing on */ |
150 CK_SESSION_HANDLE» session; /* session this context is using */ | 148 CK_SESSION_HANDLE session; /* session this context is using */ |
151 PZLock» » *sessionLock; /* lock before accessing a PKCS #11· | 149 PZLock *sessionLock; /* lock before accessing a PKCS #11 |
152 » » » » * session */ | 150 * session */ |
153 PRBool» » ownSession;/* do we own the session? */ | 151 PRBool ownSession; /* do we own the session? */ |
154 void » » *cx;» /* window context in case we need to loggin*/ | 152 void *cx; /* window context in case we need to loggin*/ |
155 void» » *savedData;/* save data when we are multiplexing on a | 153 void *savedData; /* save data when we are multiplexing on a |
156 » » » » * single context */ | 154 * single context */ |
157 unsigned long» savedLength; /* length of the saved context */ | 155 unsigned long savedLength; /* length of the saved context */ |
158 SECItem» » *param;» /* mechanism parameters used to build this | 156 SECItem *param; /* mechanism parameters used to build this |
159 » » » » » » » » context */ | 157 context */ |
160 PRBool» » init;» /* has this contexted been initialized */ | 158 PRBool init; /* has this contexted been initialized */ |
161 CK_MECHANISM_TYPE» type;» /* what is the PKCS #11 this context is | 159 CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is |
162 » » » » * representing (usually what algorithm is | 160 * representing (usually what algorithm is |
163 » » » » * being used (CKM_RSA_PKCS, CKM_DES, | 161 * being used (CKM_RSA_PKCS, CKM_DES, |
164 » » » » * CKM_SHA, etc.*/ | 162 * CKM_SHA, etc.*/ |
165 PRBool» » fortezzaHack; /*Fortezza SSL has some special | 163 PRBool fortezzaHack; /*Fortezza SSL has some special |
166 » » » » * non-standard semantics*/ | 164 * non-standard semantics*/ |
167 }; | 165 }; |
168 | 166 |
169 /* | 167 /* |
170 * structure to hold a pointer to a unique PKCS #11 object | 168 * structure to hold a pointer to a unique PKCS #11 object |
171 * (pointer to the slot and the object id). | 169 * (pointer to the slot and the object id). |
172 */ | 170 */ |
173 struct PK11GenericObjectStr { | 171 struct PK11GenericObjectStr { |
174 PK11GenericObject *prev; | 172 PK11GenericObject *prev; |
175 PK11GenericObject *next; | 173 PK11GenericObject *next; |
176 PK11SlotInfo *slot; | 174 PK11SlotInfo *slot; |
177 CK_OBJECT_HANDLE objectID; | 175 CK_OBJECT_HANDLE objectID; |
178 }; | 176 }; |
179 | 177 |
180 | |
181 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ | 178 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ |
182 | 179 |
183 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ | 180 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ |
184 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL | 181 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL |
185 | 182 |
186 | |
187 #endif /* _SECMODTI_H_ */ | 183 #endif /* _SECMODTI_H_ */ |
OLD | NEW |