Back to index

lightning-sunbird  0.9+nobinonly
secmodti.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 /*
00037  * Internal header file included only by files in pkcs11 dir, or in
00038  * pkcs11 specific client and server files.
00039  */
00040 
00041 #ifndef  _SECMODTI_H_
00042 #define  _SECMODTI_H_ 1
00043 #include "prmon.h"
00044 #include "prtypes.h"
00045 #include "nssilckt.h"
00046 #include "pk11init.h"
00047 #include "secmodt.h"
00048 #include "pkcs11t.h"
00049 
00050 #ifndef NSS_3_4_CODE
00051 #define NSS_3_4_CODE
00052 #endif /* NSS_3_4_CODE */
00053 #include "nssdevt.h"
00054 
00055 /* internal data structures */
00056 
00057 /* Traverse slots callback */
00058 typedef struct pk11TraverseSlotStr {
00059     SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
00060     void *callbackArg;
00061     CK_ATTRIBUTE *findTemplate;
00062     int templateCount;
00063 } pk11TraverseSlot;
00064 
00065 
00066 /* represent a pkcs#11 slot reference counted. */
00067 struct PK11SlotInfoStr {
00068     /* the PKCS11 function list for this slot */
00069     void *functionList;
00070     SECMODModule *module; /* our parent module */
00071     /* Boolean to indicate the current state of this slot */
00072     PRBool needTest; /* Has this slot been tested for Export complience */
00073     PRBool isPerm;   /* is this slot a permanment device */
00074     PRBool isHW;     /* is this slot a hardware device */
00075     PRBool isInternal;  /* is this slot one of our internal PKCS #11 devices */
00076     PRBool disabled; /* is this slot disabled... */
00077     PK11DisableReasons reason;     /* Why this slot is disabled */
00078     PRBool readOnly; /* is the token in this slot read-only */
00079     PRBool needLogin;       /* does the token of the type that needs 
00080                       * authentication (still true even if token is logged 
00081                       * in) */
00082     PRBool hasRandom;   /* can this token generated random numbers */
00083     PRBool defRWSession; /* is the default session RW (we open our default 
00084                        * session rw if the token can only handle one session
00085                        * at a time. */
00086     PRBool isThreadSafe; /* copied from the module */
00087     /* The actual flags (many of which are distilled into the above PRBools) */
00088     CK_FLAGS flags;      /* flags from PKCS #11 token Info */
00089     /* a default session handle to do quick and dirty functions */
00090     CK_SESSION_HANDLE session; 
00091     PZLock *sessionLock; /* lock for this session */
00092     /* our ID */
00093     CK_SLOT_ID slotID;
00094     /* persistant flags saved from startup to startup */
00095     unsigned long defaultFlags;
00096     /* keep track of who is using us so we don't accidently get freed while
00097      * still in use */
00098     PRInt32 refCount;    /* to be in/decremented by atomic calls ONLY! */
00099     PZLock *freeListLock;
00100     PK11SymKey *freeSymKeysWithSessionHead;
00101     PK11SymKey *freeSymKeysHead;
00102     int keyCount;
00103     int maxKeyCount;
00104     /* Password control functions for this slot. many of these are only
00105      * active if the appropriate flag is on in defaultFlags */
00106     int askpw;              /* what our password options are */
00107     int timeout;     /* If we're ask_timeout, what is our timeout time is 
00108                       * seconds */
00109     int authTransact;   /* allow multiple authentications off one password if
00110                        * they are all part of the same transaction */
00111     int64 authTime;     /* when were we last authenticated */
00112     int minPassword; /* smallest legal password */
00113     int maxPassword; /* largest legal password */
00114     uint16 series;   /* break up the slot info into various groups of 
00115                       * inserted tokens so that keys and certs can be
00116                       * invalidated */
00117     uint16 flagSeries;      /* record the last series for the last event
00118                          * returned for this slot */
00119     PRBool flagState;       /* record the state of the last event returned for this
00120                       * slot. */
00121     uint16 wrapKey;  /* current wrapping key for SSL master secrets */
00122     CK_MECHANISM_TYPE wrapMechanism;
00123                      /* current wrapping mechanism for current wrapKey */
00124     CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
00125     CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
00126                                    * token */
00127     int mechanismCount;
00128     /* cache the certificates stored on the token of this slot */
00129     CERTCertificate **cert_array;
00130     int array_size;
00131     int cert_count;
00132     char serial[16];
00133     /* since these are odd sizes, keep them last. They are odd sizes to 
00134      * allow them to become null terminated strings */
00135     char slot_name[65];
00136     char token_name[33];
00137     PRBool hasRootCerts;
00138     PRBool hasRootTrust;
00139     PRBool hasRSAInfo;
00140     CK_FLAGS RSAInfoFlags;
00141     PRBool protectedAuthPath;
00142     PRBool isActiveCard;
00143     PRIntervalTime lastLoginCheck;
00144     unsigned int lastState;
00145     /* for Stan */
00146     NSSToken *nssToken;
00147     /* fast mechanism lookup */
00148     char mechanismBits[256];
00149 };
00150 
00151 /* Symetric Key structure. Reference Counted */
00152 struct PK11SymKeyStr {
00153     CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
00154     CK_OBJECT_HANDLE  objectID; /* object id of this key in the slot */
00155     PK11SlotInfo      *slot;    /* Slot this key is loaded into */
00156     void            *cx;    /* window context in case we need to loggin */
00157     PK11SymKey             *next;
00158     PRBool          owner;
00159     SECItem         data;   /* raw key data if available */
00160     CK_SESSION_HANDLE session;
00161     PRBool          sessionOwner;
00162     PRInt32         refCount;      /* number of references to this key */
00163     int                    size;   /* key size in bytes */
00164     PK11Origin             origin; /* where this key came from 
00165                                  * (see def in secmodt.h) */
00166     PK11SymKey        *parent;  /* potential owner key of the session */
00167     uint16 series;          /* break up the slot info into various groups 
00168                              * of inserted tokens so that keys and certs 
00169                              * can be invalidated */
00170     void *userData;         /* random data the application can attach to
00171                                  * this key */
00172     PK11FreeDataFunc freeFunc;     /* function to free the user data */
00173 };
00174 
00175 
00176 /*
00177  * hold a hash, encryption or signing context for multi-part operations.
00178  * hold enough information so that multiple contexts can be interleaved
00179  * if necessary. ... Not RefCounted.
00180  */
00181 struct PK11ContextStr {
00182     CK_ATTRIBUTE_TYPE       operation; /* type of operation this context is doing
00183                                 * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
00184     PK11SymKey       *key;     /* symetric key used in this context */
00185     PK11SlotInfo     *slot;    /* slot this context is operationing on */
00186     CK_SESSION_HANDLE       session;   /* session this context is using */
00187     PZLock           *sessionLock; /* lock before accessing a PKCS #11 
00188                                    * session */
00189     PRBool           ownSession;/* do we own the session? */
00190     void             *cx;      /* window context in case we need to loggin*/
00191     void             *savedData;/* save data when we are multiplexing on a
00192                                 * single context */
00193     unsigned long    savedLength; /* length of the saved context */
00194     SECItem          *param;           /* mechanism parameters used to build this
00195                                                         context */
00196     PRBool           init;      /* has this contexted been initialized */
00197     CK_MECHANISM_TYPE       type;      /* what is the PKCS #11 this context is
00198                                  * representing (usually what algorithm is
00199                                  * being used (CKM_RSA_PKCS, CKM_DES,
00200                                  * CKM_SHA, etc.*/
00201     PRBool           fortezzaHack; /*Fortezza SSL has some special
00202                                    * non-standard semantics*/
00203 };
00204 
00205 /*
00206  * structure to hold a pointer to a unique PKCS #11 object 
00207  * (pointer to the slot and the object id).
00208  */
00209 struct PK11GenericObjectStr {
00210     PK11GenericObject *prev;
00211     PK11GenericObject *next;
00212     PK11SlotInfo *slot;
00213     CK_OBJECT_HANDLE objectID;
00214 };
00215 
00216 
00217 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
00218 
00219 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
00220 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
00221 
00222 
00223 #endif /* _SECMODTI_H_ */