Back to index

lightning-sunbird  0.9+nobinonly
secmodti.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 /*
00037  * Internal header file included only by files in pkcs11 dir, or in
00038  * pkcs11 specific client and server files.
00039  */
00040 
00041 #ifndef  _SECMODTI_H_
00042 #define  _SECMODTI_H_ 1
00043 #include "prmon.h"
00044 #include "prtypes.h"
00045 #include "nssilckt.h"
00046 #include "pk11init.h"
00047 #include "secmodt.h"
00048 #include "pkcs11t.h"
00049 
00050 #include "nssdevt.h"
00051 
00052 /* internal data structures */
00053 
00054 /* Traverse slots callback */
00055 typedef struct pk11TraverseSlotStr {
00056     SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);
00057     void *callbackArg;
00058     CK_ATTRIBUTE *findTemplate;
00059     int templateCount;
00060 } pk11TraverseSlot;
00061 
00062 
00063 /* represent a pkcs#11 slot reference counted. */
00064 struct PK11SlotInfoStr {
00065     /* the PKCS11 function list for this slot */
00066     void *functionList;
00067     SECMODModule *module; /* our parent module */
00068     /* Boolean to indicate the current state of this slot */
00069     PRBool needTest; /* Has this slot been tested for Export complience */
00070     PRBool isPerm;   /* is this slot a permanment device */
00071     PRBool isHW;     /* is this slot a hardware device */
00072     PRBool isInternal;  /* is this slot one of our internal PKCS #11 devices */
00073     PRBool disabled; /* is this slot disabled... */
00074     PK11DisableReasons reason;     /* Why this slot is disabled */
00075     PRBool readOnly; /* is the token in this slot read-only */
00076     PRBool needLogin;       /* does the token of the type that needs 
00077                       * authentication (still true even if token is logged 
00078                       * in) */
00079     PRBool hasRandom;   /* can this token generated random numbers */
00080     PRBool defRWSession; /* is the default session RW (we open our default 
00081                        * session rw if the token can only handle one session
00082                        * at a time. */
00083     PRBool isThreadSafe; /* copied from the module */
00084     /* The actual flags (many of which are distilled into the above PRBools) */
00085     CK_FLAGS flags;      /* flags from PKCS #11 token Info */
00086     /* a default session handle to do quick and dirty functions */
00087     CK_SESSION_HANDLE session; 
00088     PZLock *sessionLock; /* lock for this session */
00089     /* our ID */
00090     CK_SLOT_ID slotID;
00091     /* persistant flags saved from startup to startup */
00092     unsigned long defaultFlags;
00093     /* keep track of who is using us so we don't accidently get freed while
00094      * still in use */
00095     PRInt32 refCount;    /* to be in/decremented by atomic calls ONLY! */
00096     PZLock *freeListLock;
00097     PK11SymKey *freeSymKeysWithSessionHead;
00098     PK11SymKey *freeSymKeysHead;
00099     int keyCount;
00100     int maxKeyCount;
00101     /* Password control functions for this slot. many of these are only
00102      * active if the appropriate flag is on in defaultFlags */
00103     int askpw;              /* what our password options are */
00104     int timeout;     /* If we're ask_timeout, what is our timeout time is 
00105                       * seconds */
00106     int authTransact;   /* allow multiple authentications off one password if
00107                        * they are all part of the same transaction */
00108     int64 authTime;     /* when were we last authenticated */
00109     int minPassword; /* smallest legal password */
00110     int maxPassword; /* largest legal password */
00111     uint16 series;   /* break up the slot info into various groups of 
00112                       * inserted tokens so that keys and certs can be
00113                       * invalidated */
00114     uint16 flagSeries;      /* record the last series for the last event
00115                          * returned for this slot */
00116     PRBool flagState;       /* record the state of the last event returned for this
00117                       * slot. */
00118     uint16 wrapKey;  /* current wrapping key for SSL master secrets */
00119     CK_MECHANISM_TYPE wrapMechanism;
00120                      /* current wrapping mechanism for current wrapKey */
00121     CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
00122     CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
00123                                    * token */
00124     int mechanismCount;
00125     /* cache the certificates stored on the token of this slot */
00126     CERTCertificate **cert_array;
00127     int array_size;
00128     int cert_count;
00129     char serial[16];
00130     /* since these are odd sizes, keep them last. They are odd sizes to 
00131      * allow them to become null terminated strings */
00132     char slot_name[65];
00133     char token_name[33];
00134     PRBool hasRootCerts;
00135     PRBool hasRootTrust;
00136     PRBool hasRSAInfo;
00137     CK_FLAGS RSAInfoFlags;
00138     PRBool protectedAuthPath;
00139     PRBool isActiveCard;
00140     PRIntervalTime lastLoginCheck;
00141     unsigned int lastState;
00142     /* for Stan */
00143     NSSToken *nssToken;
00144     /* fast mechanism lookup */
00145     char mechanismBits[256];
00146 };
00147 
00148 /* Symetric Key structure. Reference Counted */
00149 struct PK11SymKeyStr {
00150     CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
00151     CK_OBJECT_HANDLE  objectID; /* object id of this key in the slot */
00152     PK11SlotInfo      *slot;    /* Slot this key is loaded into */
00153     void            *cx;    /* window context in case we need to loggin */
00154     PK11SymKey             *next;
00155     PRBool          owner;
00156     SECItem         data;   /* raw key data if available */
00157     CK_SESSION_HANDLE session;
00158     PRBool          sessionOwner;
00159     PRInt32         refCount;      /* number of references to this key */
00160     int                    size;   /* key size in bytes */
00161     PK11Origin             origin; /* where this key came from 
00162                                  * (see def in secmodt.h) */
00163     PK11SymKey        *parent;  /* potential owner key of the session */
00164     uint16 series;          /* break up the slot info into various groups 
00165                              * of inserted tokens so that keys and certs 
00166                              * can be invalidated */
00167     void *userData;         /* random data the application can attach to
00168                                  * this key */
00169     PK11FreeDataFunc freeFunc;     /* function to free the user data */
00170 };
00171 
00172 
00173 /*
00174  * hold a hash, encryption or signing context for multi-part operations.
00175  * hold enough information so that multiple contexts can be interleaved
00176  * if necessary. ... Not RefCounted.
00177  */
00178 struct PK11ContextStr {
00179     CK_ATTRIBUTE_TYPE       operation; /* type of operation this context is doing
00180                                 * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */
00181     PK11SymKey       *key;     /* symetric key used in this context */
00182     PK11SlotInfo     *slot;    /* slot this context is operationing on */
00183     CK_SESSION_HANDLE       session;   /* session this context is using */
00184     PZLock           *sessionLock; /* lock before accessing a PKCS #11 
00185                                    * session */
00186     PRBool           ownSession;/* do we own the session? */
00187     void             *cx;      /* window context in case we need to loggin*/
00188     void             *savedData;/* save data when we are multiplexing on a
00189                                 * single context */
00190     unsigned long    savedLength; /* length of the saved context */
00191     SECItem          *param;           /* mechanism parameters used to build this
00192                                                         context */
00193     PRBool           init;      /* has this contexted been initialized */
00194     CK_MECHANISM_TYPE       type;      /* what is the PKCS #11 this context is
00195                                  * representing (usually what algorithm is
00196                                  * being used (CKM_RSA_PKCS, CKM_DES,
00197                                  * CKM_SHA, etc.*/
00198     PRBool           fortezzaHack; /*Fortezza SSL has some special
00199                                    * non-standard semantics*/
00200 };
00201 
00202 /*
00203  * structure to hold a pointer to a unique PKCS #11 object 
00204  * (pointer to the slot and the object id).
00205  */
00206 struct PK11GenericObjectStr {
00207     PK11GenericObject *prev;
00208     PK11GenericObject *next;
00209     PK11SlotInfo *slot;
00210     CK_OBJECT_HANDLE objectID;
00211 };
00212 
00213 
00214 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
00215 
00216 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
00217 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
00218 
00219 
00220 #endif /* _SECMODTI_H_ */