Back to index

lightning-sunbird  0.9+nobinonly
pkcs11i.h
Go to the documentation of this file.
00001 /* ***** BEGIN LICENSE BLOCK *****
00002  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
00003  *
00004  * The contents of this file are subject to the Mozilla Public License Version
00005  * 1.1 (the "License"); you may not use this file except in compliance with
00006  * the License. You may obtain a copy of the License at
00007  * http://www.mozilla.org/MPL/
00008  *
00009  * Software distributed under the License is distributed on an "AS IS" basis,
00010  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
00011  * for the specific language governing rights and limitations under the
00012  * License.
00013  *
00014  * The Original Code is the Netscape security libraries.
00015  *
00016  * The Initial Developer of the Original Code is
00017  * Netscape Communications Corporation.
00018  * Portions created by the Initial Developer are Copyright (C) 1994-2000
00019  * the Initial Developer. All Rights Reserved.
00020  *
00021  * Contributor(s):
00022  *
00023  * Alternatively, the contents of this file may be used under the terms of
00024  * either the GNU General Public License Version 2 or later (the "GPL"), or
00025  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
00026  * in which case the provisions of the GPL or the LGPL are applicable instead
00027  * of those above. If you wish to allow use of your version of this file only
00028  * under the terms of either the GPL or the LGPL, and not to allow others to
00029  * use your version of this file under the terms of the MPL, indicate your
00030  * decision by deleting the provisions above and replace them with the notice
00031  * and other provisions required by the GPL or the LGPL. If you do not delete
00032  * the provisions above, a recipient may use your version of this file under
00033  * the terms of any one of the MPL, the GPL or the LGPL.
00034  *
00035  * ***** END LICENSE BLOCK ***** */
00036 /*
00037  * Internal data structures and functions used by pkcs11.c
00038  */
00039 #ifndef _PKCS11I_H_
00040 #define _PKCS11I_H_ 1
00041 
00042 #include "nssilock.h"
00043 #include "seccomon.h"
00044 #include "secoidt.h"
00045 #include "lowkeyti.h"
00046 #include "pkcs11t.h"
00047 #include "pcertt.h"
00048 
00049 
00050 /* 
00051  * Configuration Defines 
00052  *
00053  * The following defines affect the space verse speed trade offs of
00054  * the PKCS #11 module. For the most part the current settings are optimized
00055  * for web servers, where we want faster speed and lower lock contention at
00056  * the expense of space.
00057  */
00058 
00059 /* 
00060  * The attribute allocation strategy is static allocation:
00061  *   Attributes are pre-allocated as part of the session object and used from
00062  *   the object array.
00063  */
00064 #define MAX_OBJS_ATTRS 45   /* number of attributes to preallocate in
00065                              * the object (must me the absolute max) */
00066 #define ATTR_SPACE 50              /* Maximum size of attribute data before extra
00067                              * data needs to be allocated. This is set to
00068                              * enough space to hold an SSL MASTER secret */
00069 
00070 #define NSC_STRICT      PR_FALSE  /* forces the code to do strict template
00071                                * matching when doing C_FindObject on token
00072                                * objects. This will slow down search in
00073                                * NSS. */
00074 /* default search block allocations and increments */
00075 #define NSC_CERT_BLOCK_SIZE     50
00076 #define NSC_SEARCH_BLOCK_SIZE   5 
00077 #define NSC_SLOT_LIST_BLOCK_SIZE 10
00078 
00079 #define NSC_FIPS_MODULE 1
00080 #define NSC_NON_FIPS_MODULE 0
00081 
00082 /* these are data base storage hashes, not cryptographic hashes.. The define
00083  * the effective size of the various object hash tables */
00084 /* clients care more about memory usage than lookup performance on
00085  * cyrptographic objects. Clients also have less objects around to play with 
00086  *
00087  * we eventually should make this configurable at runtime! Especially now that
00088  * NSS is a shared library.
00089  */
00090 #define SPACE_ATTRIBUTE_HASH_SIZE 32 
00091 #define SPACE_SESSION_OBJECT_HASH_SIZE 32
00092 #define SPACE_SESSION_HASH_SIZE 32
00093 #define TIME_ATTRIBUTE_HASH_SIZE 32
00094 #define TIME_SESSION_OBJECT_HASH_SIZE 1024
00095 #define TIME_SESSION_HASH_SIZE 1024
00096 #define MAX_OBJECT_LIST_SIZE 800  
00097                               /* how many objects to keep on the free list
00098                                * before we start freeing them */
00099 #define MAX_KEY_LEN 256
00100 
00101 #define MULTIACCESS "multiaccess:"
00102 
00103 /*
00104  * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
00105  * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
00106  * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
00107  *
00108  * HASH_SIZE   LOG2_BUCKETS_PER   BUCKETS_PER_LOCK  NUMBER_OF_BUCKETS
00109  * 1024        9                  512               2
00110  * 1024        5                  32                32
00111  * 1024        1                  2                 512
00112  * 1024        0                  1                 1024
00113  * 4096        11                 2048              2
00114  * 4096        9                  512               8
00115  * 4096        5                  32                128
00116  * 4096        1                  2                 2048
00117  * 4096        0                  1                 4096
00118  */
00119 #define LOG2_BUCKETS_PER_SESSION_LOCK 1
00120 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
00121 /* NOSPREAD sessionID to hash table index macro has been slower. */
00122 
00123 /* define typedefs, double as forward declarations as well */
00124 typedef struct SFTKAttributeStr SFTKAttribute;
00125 typedef struct SFTKObjectListStr SFTKObjectList;
00126 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
00127 typedef struct SFTKObjectListElementStr SFTKObjectListElement;
00128 typedef struct SFTKObjectStr SFTKObject;
00129 typedef struct SFTKSessionObjectStr SFTKSessionObject;
00130 typedef struct SFTKTokenObjectStr SFTKTokenObject;
00131 typedef struct SFTKSessionStr SFTKSession;
00132 typedef struct SFTKSlotStr SFTKSlot;
00133 typedef struct SFTKSessionContextStr SFTKSessionContext;
00134 typedef struct SFTKSearchResultsStr SFTKSearchResults;
00135 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
00136 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
00137 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
00138 
00139 /* define function pointer typdefs for pointer tables */
00140 typedef void (*SFTKDestroy)(void *, PRBool);
00141 typedef void (*SFTKBegin)(void *);
00142 typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
00143                                    void *, unsigned int);
00144 typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
00145 typedef void (*SFTKHash)(void *,void *,unsigned int);
00146 typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
00147 typedef void (*SFTKFree)(void *);
00148 
00149 /* Value to tell if an attribute is modifiable or not.
00150  *    NEVER: attribute is only set on creation.
00151  *    ONCOPY: attribute is set on creation and can only be changed on copy.
00152  *    SENSITIVE: attribute can only be changed to TRUE.
00153  *    ALWAYS: attribute can always be changed.
00154  */
00155 typedef enum {
00156        SFTK_NEVER = 0,
00157        SFTK_ONCOPY = 1,
00158        SFTK_SENSITIVE = 2,
00159        SFTK_ALWAYS = 3
00160 } SFTKModifyType;
00161 
00162 /*
00163  * Free Status Enum... tell us more information when we think we're
00164  * deleting an object.
00165  */
00166 typedef enum {
00167        SFTK_DestroyFailure,
00168        SFTK_Destroyed,
00169        SFTK_Busy
00170 } SFTKFreeStatus;
00171 
00172 /*
00173  * attribute values of an object.
00174  */
00175 struct SFTKAttributeStr {
00176     SFTKAttribute    *next;
00177     SFTKAttribute    *prev;
00178     PRBool           freeAttr;
00179     PRBool           freeData;
00180     /*must be called handle to make sftkqueue_find work */
00181     CK_ATTRIBUTE_TYPE       handle;
00182     CK_ATTRIBUTE     attrib;
00183     unsigned char space[ATTR_SPACE];
00184 };
00185 
00186 
00187 /*
00188  * doubly link list of objects
00189  */
00190 struct SFTKObjectListStr {
00191     SFTKObjectList *next;
00192     SFTKObjectList *prev;
00193     SFTKObject          *parent;
00194 };
00195 
00196 struct SFTKObjectFreeListStr {
00197     SFTKObject       *head;
00198     PZLock    *lock;
00199     int              count;
00200 };
00201 
00202 /*
00203  * PKCS 11 crypto object structure
00204  */
00205 struct SFTKObjectStr {
00206     SFTKObject *next;
00207     SFTKObject       *prev;
00208     CK_OBJECT_CLASS  objclass;
00209     CK_OBJECT_HANDLE handle;
00210     int              refCount;
00211     PZLock           *refLock;
00212     SFTKSlot         *slot;
00213     void             *objectInfo;
00214     SFTKFree         infoFree;
00215 };
00216 
00217 struct SFTKTokenObjectStr {
00218     SFTKObject  obj;
00219     SECItem   dbKey;
00220 };
00221 
00222 struct SFTKSessionObjectStr {
00223     SFTKObject          obj;
00224     SFTKObjectList sessionList;
00225     PZLock           *attributeLock;
00226     SFTKSession      *session;
00227     PRBool           wasDerived;
00228     int nextAttr;
00229     SFTKAttribute    attrList[MAX_OBJS_ATTRS];
00230     PRBool           optimizeSpace;
00231     unsigned int     hashSize;
00232     SFTKAttribute    *head[1];
00233 };
00234 
00235 /*
00236  * struct to deal with a temparary list of objects
00237  */
00238 struct SFTKObjectListElementStr {
00239     SFTKObjectListElement   *next;
00240     SFTKObject                     *object;
00241 };
00242 
00243 /*
00244  * Area to hold Search results
00245  */
00246 struct SFTKSearchResultsStr {
00247     CK_OBJECT_HANDLE *handles;
00248     int                     size;
00249     int                     index;
00250     int                     array_size;
00251 };
00252 
00253 
00254 /* 
00255  * the universal crypto/hash/sign/verify context structure
00256  */
00257 typedef enum {
00258     SFTK_ENCRYPT,
00259     SFTK_DECRYPT,
00260     SFTK_HASH,
00261     SFTK_SIGN,
00262     SFTK_SIGN_RECOVER,
00263     SFTK_VERIFY,
00264     SFTK_VERIFY_RECOVER
00265 } SFTKContextType;
00266 
00267 
00268 #define SFTK_MAX_BLOCK_SIZE 16
00269 /* currently SHA512 is the biggest hash length */
00270 #define SFTK_MAX_MAC_LENGTH 64
00271 #define SFTK_INVALID_MAC_SIZE 0xffffffff
00272 
00273 struct SFTKSessionContextStr {
00274     SFTKContextType  type;
00275     PRBool           multi;               /* is multipart */
00276     PRBool           doPad;               /* use PKCS padding for block ciphers */
00277     unsigned int     blockSize;    /* blocksize for padding */
00278     unsigned int     padDataLength;       /* length of the valid data in padbuf */
00279     unsigned char    padBuf[SFTK_MAX_BLOCK_SIZE];
00280     unsigned char    macBuf[SFTK_MAX_BLOCK_SIZE];
00281     CK_ULONG         macSize;      /* size of a general block cipher mac*/
00282     void             *cipherInfo;
00283     void             *hashInfo;
00284     unsigned int     cipherInfoLen;
00285     CK_MECHANISM_TYPE       currentMech;
00286     SFTKCipher              update;
00287     SFTKHash         hashUpdate;
00288     SFTKEnd          end;
00289     SFTKDestroy             destroy;
00290     SFTKDestroy             hashdestroy;
00291     SFTKVerify              verify;
00292     unsigned int     maxLen;
00293     SFTKObject              *key;
00294 };
00295 
00296 /*
00297  * Sessions (have objects)
00298  */
00299 struct SFTKSessionStr {
00300     SFTKSession        *next;
00301     SFTKSession        *prev;
00302     CK_SESSION_HANDLE       handle;
00303     int                     refCount;
00304     PZLock           *objectLock;
00305     int                     objectIDCount;
00306     CK_SESSION_INFO  info;
00307     CK_NOTIFY        notify;
00308     CK_VOID_PTR             appData;
00309     SFTKSlot         *slot;
00310     SFTKSearchResults       *search;
00311     SFTKSessionContext      *enc_context;
00312     SFTKSessionContext      *hash_context;
00313     SFTKSessionContext      *sign_context;
00314     SFTKObjectList   *objects[1];
00315 };
00316 
00317 /*
00318  * slots (have sessions and objects)
00319  *
00320  * The array of sessionLock's protect the session hash table (head[])
00321  * as well as the reference count of session objects in that bucket
00322  * (head[]->refCount),  objectLock protects all elements of the slot's
00323  * object hash tables (sessObjHashTable[] and tokObjHashTable), and
00324  * sessionObjectHandleCount.
00325  * slotLock protects the remaining protected elements:
00326  * password, isLoggedIn, ssoLoggedIn, and sessionCount,
00327  * and pwCheckLock serializes the key database password checks in
00328  * NSC_SetPIN and NSC_Login.
00329  *
00330  * Each of the fields below has the following lifetime as commented
00331  * next to the fields:
00332  *   invariant  - This value is set when the slot is first created and
00333  * never changed until it is destroyed.
00334  *   per load   - This value is set when the slot is first created, or 
00335  * when the slot is used to open another directory. Between open and close
00336  * this field does not change.
00337  *   variable - This value changes through the normal process of slot operation.
00338  *      - reset. The value of this variable is cleared during an open/close 
00339  *   cycles.
00340  *      - preserved. The value of this variable is preserved over open/close
00341  *   cycles.
00342  */
00343 struct SFTKSlotStr {
00344     CK_SLOT_ID              slotID;                     /* invariant */
00345     PZLock           *slotLock;           /* invariant */
00346     PZLock           **sessionLock;              /* invariant */
00347     unsigned int     numSessionLocks;     /* invariant */
00348     unsigned long    sessionLockMask;     /* invariant */
00349     PZLock           *objectLock;         /* invariant */
00350     PRLock           *pwCheckLock;        /* invariant */
00351     SECItem          *password;           /* variable - reset */
00352     PRBool           present;             /* variable -set */
00353     PRBool           hasTokens;           /* per load */
00354     PRBool           isLoggedIn;          /* variable - reset */
00355     PRBool           ssoLoggedIn;         /* variable - reset */
00356     PRBool           needLogin;           /* per load */
00357     PRBool           DB_loaded;           /* per load */
00358     PRBool           readOnly;            /* per load */
00359     PRBool           optimizeSpace;              /* invariant */
00360     NSSLOWCERTCertDBHandle *certDB;              /* per load */
00361     NSSLOWKEYDBHandle       *keyDB;                     /* per load */
00362     int                     minimumPinLen;              /* per load */
00363     PRInt32          sessionIDCount;             /* atomically incremented */
00364                                           /* (preserved) */
00365     int                     sessionIDConflict;   /* not protected by a lock */
00366                                                  /* (preserved) */
00367     int                     sessionCount;           /* variable - reset */
00368     PRInt32             rwSessionCount;          /* set by atomic operations */
00369                                                  /* (reset) */
00370     PRUint32         sessionObjectHandleCount; /* variable - preserved */
00371     int                     index;               /* invariant */
00372     PLHashTable             *tokObjHashTable;    /* invariant */
00373     SFTKObject              **sessObjHashTable;  /* variable - reset */
00374     unsigned int     sessObjHashSize;     /* invariant */
00375     SFTKSession             **head;                     /* variable -reset */
00376     unsigned int     sessHashSize;        /* invariant */
00377     char             tokDescription[33];  /* per load */
00378     char             slotDescription[64]; /* invariant */
00379 };
00380 
00381 /*
00382  * special joint operations Contexts
00383  */
00384 struct SFTKHashVerifyInfoStr {
00385     SECOidTag        hashOid;
00386     NSSLOWKEYPublicKey      *key;
00387 };
00388 
00389 struct SFTKHashSignInfoStr {
00390     SECOidTag        hashOid;
00391     NSSLOWKEYPrivateKey     *key;
00392 };
00393 
00394 /* context for the Final SSLMAC message */
00395 struct SFTKSSLMACInfoStr {
00396     void             *hashContext;
00397     SFTKBegin        begin;
00398     SFTKHash         update;
00399     SFTKEnd          end;
00400     CK_ULONG         macSize;
00401     int                     padSize;
00402     unsigned char    key[MAX_KEY_LEN];
00403     unsigned int     keySize;
00404 };
00405 
00406 /*
00407  * session handle modifiers
00408  */
00409 #define SFTK_SESSION_SLOT_MASK     0xff000000L
00410 
00411 /*
00412  * object handle modifiers
00413  */
00414 #define SFTK_TOKEN_MASK            0x80000000L
00415 #define SFTK_TOKEN_MAGIC    0x80000000L
00416 #define SFTK_TOKEN_TYPE_MASK       0x70000000L
00417 /* keydb (high bit == 0) */
00418 #define SFTK_TOKEN_TYPE_PRIV       0x10000000L
00419 #define SFTK_TOKEN_TYPE_PUB 0x20000000L
00420 #define SFTK_TOKEN_TYPE_KEY 0x30000000L
00421 /* certdb (high bit == 1) */
00422 #define SFTK_TOKEN_TYPE_TRUST      0x40000000L
00423 #define SFTK_TOKEN_TYPE_CRL 0x50000000L
00424 #define SFTK_TOKEN_TYPE_SMIME      0x60000000L
00425 #define SFTK_TOKEN_TYPE_CERT       0x70000000L
00426 
00427 #define SFTK_TOKEN_KRL_HANDLE      (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
00428 /* how big (in bytes) a password/pin we can deal with */
00429 #define SFTK_MAX_PIN 255
00430 /* minimum password/pin length (in Unicode characters) in FIPS mode */
00431 #define FIPS_MIN_PIN 7
00432 
00433 /* slot ID's */
00434 #define NETSCAPE_SLOT_ID 1
00435 #define PRIVATE_KEY_SLOT_ID 2
00436 #define FIPS_SLOT_ID 3
00437 
00438 /* slot helper macros */
00439 #define sftk_SlotFromSession(sp) ((sp)->slot)
00440 #define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
00441 
00442 /* the session hash multiplier (see bug 201081) */
00443 #define SHMULTIPLIER 1791398085
00444 
00445 /* queueing helper macros */
00446 #define sftk_hash(value,size) \
00447        ((PRUint32)((value) * SHMULTIPLIER) & (size-1))
00448 #define sftkqueue_add(element,id,head,hash_size) \
00449        { int tmp = sftk_hash(id,hash_size); \
00450        (element)->next = (head)[tmp]; \
00451        (element)->prev = NULL; \
00452        if ((head)[tmp]) (head)[tmp]->prev = (element); \
00453        (head)[tmp] = (element); }
00454 #define sftkqueue_find(element,id,head,hash_size) \
00455        for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
00456                                     (element) = (element)->next) { \
00457            if ((element)->handle == (id)) { break; } }
00458 #define sftkqueue_is_queued(element,id,head,hash_size) \
00459        ( ((element)->next) || ((element)->prev) || \
00460         ((head)[sftk_hash(id,hash_size)] == (element)) )
00461 #define sftkqueue_delete(element,id,head,hash_size) \
00462        if ((element)->next) (element)->next->prev = (element)->prev; \
00463        if ((element)->prev) (element)->prev->next = (element)->next; \
00464           else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
00465        (element)->next = NULL; \
00466        (element)->prev = NULL; \
00467 
00468 #define sftkqueue_init_element(element) \
00469     (element)->prev = NULL;
00470 
00471 #define sftkqueue_add2(element, id, index, head) \
00472     {                                            \
00473        (element)->next = (head)[index];         \
00474        if ((head)[index])                       \
00475            (head)[index]->prev = (element);     \
00476        (head)[index] = (element);               \
00477     }
00478 
00479 #define sftkqueue_find2(element, id, index, head) \
00480     for ( (element) = (head)[index];              \
00481           (element) != NULL;                      \
00482           (element) = (element)->next) {          \
00483        if ((element)->handle == (id)) { break; } \
00484     }
00485 
00486 #define sftkqueue_delete2(element, id, index, head) \
00487        if ((element)->next) (element)->next->prev = (element)->prev; \
00488        if ((element)->prev) (element)->prev->next = (element)->next; \
00489           else (head)[index] = ((element)->next);
00490 
00491 #define sftkqueue_clear_deleted_element(element) \
00492        (element)->next = NULL; \
00493        (element)->prev = NULL; \
00494 
00495 
00496 /* sessionID (handle) is used to determine session lock bucket */
00497 #ifdef NOSPREAD
00498 /* NOSPREAD:  (ID>>L2LPB) & (perbucket-1) */
00499 #define SFTK_SESSION_LOCK(slot,handle) \
00500     ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
00501         & (slot)->sessionLockMask])
00502 #else
00503 /* SPREAD:    ID & (perbucket-1) */
00504 #define SFTK_SESSION_LOCK(slot,handle) \
00505     ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
00506 #endif
00507 
00508 /* expand an attribute & secitem structures out */
00509 #define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
00510 #define sftk_item_expand(ip) (ip)->data,(ip)->len
00511 
00512 typedef struct sftk_token_parametersStr {
00513     CK_SLOT_ID slotID;
00514     char *configdir;
00515     char *certPrefix;
00516     char *keyPrefix;
00517     char *tokdes;
00518     char *slotdes;
00519     int minPW; 
00520     PRBool readOnly;
00521     PRBool noCertDB;
00522     PRBool noKeyDB;
00523     PRBool forceOpen;
00524     PRBool pwRequired;
00525     PRBool optimizeSpace;
00526 } sftk_token_parameters;
00527 
00528 typedef struct sftk_parametersStr {
00529     char *configdir;
00530     char *secmodName;
00531     char *man;
00532     char *libdes; 
00533     PRBool readOnly;
00534     PRBool noModDB;
00535     PRBool noCertDB;
00536     PRBool forceOpen;
00537     PRBool pwRequired;
00538     PRBool optimizeSpace;
00539     sftk_token_parameters *tokens;
00540     int token_count;
00541 } sftk_parameters;
00542 
00543 
00544 /* machine dependent path stuff used by dbinit.c and pk11db.c */
00545 #ifdef macintosh
00546 #define PATH_SEPARATOR ":"
00547 #define SECMOD_DB "Security Modules"
00548 #define CERT_DB_FMT "%sCertificates%s"
00549 #define KEY_DB_FMT "%sKey Database%s"
00550 #else
00551 #define PATH_SEPARATOR "/"
00552 #define SECMOD_DB "secmod.db"
00553 #define CERT_DB_FMT "%scert%s.db"
00554 #define KEY_DB_FMT "%skey%s.db"
00555 #endif
00556 
00557 SEC_BEGIN_PROTOS
00558 
00559 /* shared functions between pkcs11.c and fipstokn.c */
00560 extern PRBool nsf_init;
00561 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
00562 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
00563 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, 
00564        CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
00565 
00566 /* slot initialization, reinit, shutdown and destruction */
00567 extern CK_RV SFTK_SlotInit(char *configdir,
00568                      sftk_token_parameters *params, int moduleIndex);
00569 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
00570                      sftk_token_parameters *params, int moduleIndex);
00571 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
00572 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
00573 
00574 
00575 /* internal utility functions used by pkcs11.c */
00576 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
00577                                     CK_ATTRIBUTE_TYPE type);
00578 extern void sftk_FreeAttribute(SFTKAttribute *attribute);
00579 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
00580                                void *valPtr,
00581                               CK_ULONG length);
00582 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
00583                                 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
00584 extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
00585                                                   unsigned int bufLen);
00586 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, 
00587        CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
00588 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
00589 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
00590 extern void sftk_DeleteAttributeType(SFTKObject *object,
00591                                  CK_ATTRIBUTE_TYPE type);
00592 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
00593                                 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
00594 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
00595                                  SFTKObject *object,
00596                                  CK_ATTRIBUTE_TYPE type);
00597 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
00598                                   CK_OBJECT_CLASS inClass);
00599 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
00600 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
00601 extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
00602 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
00603                                                          CK_ULONG *longData);
00604 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
00605                              void *value, unsigned int len);
00606 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
00607                                void *value, unsigned int len);
00608 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
00609 
00610 extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
00611 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
00612 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
00613 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
00614 extern void sftk_ReferenceObject(SFTKObject *object);
00615 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
00616                                     SFTKSession *session);
00617 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
00618 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
00619 /* clear out all the existing object ID to database key mappings.
00620  * used to reinit a token */
00621 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
00622 
00623 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
00624                                SFTKObject **head, unsigned int size,
00625                                PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
00626                                int count, PRBool isLoggedIn);
00627 extern SFTKObjectListElement *sftk_FreeObjectListElement(
00628                                         SFTKObjectListElement *objectList);
00629 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
00630 extern void sftk_FreeSearch(SFTKSearchResults *search);
00631 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
00632 
00633 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
00634 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
00635 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
00636 extern void sftk_FreeSession(SFTKSession *session);
00637 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
00638                                 CK_VOID_PTR pApplication, CK_FLAGS flags);
00639 extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
00640 extern void sftk_update_all_states(SFTKSlot *slot);
00641 extern void sftk_FreeContext(SFTKSessionContext *context);
00642 extern void sftk_InitFreeLists(void);
00643 extern void sftk_CleanupFreeLists(void);
00644 
00645 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
00646                                      CK_KEY_TYPE key_type, CK_RV *crvp);
00647 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
00648                                        CK_KEY_TYPE key_type, CK_RV *crvp);
00649 extern void sftk_FormatDESKey(unsigned char *key, int length);
00650 extern PRBool sftk_CheckDESKey(unsigned char *key);
00651 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
00652 
00653 extern CK_RV secmod_parseParameters(char *param, sftk_parameters *parsed,
00654                                                         PRBool isFIPS);
00655 extern void secmod_freeParams(sftk_parameters *params);
00656 extern char *secmod_getSecmodName(char *params, char **domain, 
00657                                           char **filename, PRBool *rw);
00658 extern char ** secmod_ReadPermDB(const char *domain, const char *filename, 
00659                      const char *dbname, char *params, PRBool rw);
00660 extern SECStatus secmod_DeletePermDB(const char *domain, const char *filename,
00661                      const char *dbname, char *args, PRBool rw);
00662 extern SECStatus secmod_AddPermDB(const char *domain, const char *filename,
00663                      const char *dbname, char *module, PRBool rw);
00664 extern SECStatus secmod_ReleasePermDBData(const char *domain, 
00665        const char *filename, const char *dbname, char **specList, PRBool rw);
00666 /* mechanism allows this operation */
00667 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
00668 /*
00669  * OK there are now lots of options here, lets go through them all:
00670  *
00671  * configdir - base directory where all the cert, key, and module datbases live.
00672  * certPrefix - prefix added to the beginning of the cert database example: "
00673  *                      "https-server1-"
00674  * keyPrefix - prefix added to the beginning of the key database example: "
00675  *                      "https-server1-"
00676  * secmodName - name of the security module database (usually "secmod.db").
00677  * readOnly - Boolean: true if the databases are to be openned read only.
00678  * nocertdb - Don't open the cert DB and key DB's, just initialize the
00679  *                      Volatile certdb.
00680  * nomoddb - Don't open the security module DB, just initialize the
00681  *                      PKCS #11 module.
00682  * forceOpen - Continue to force initializations even if the databases cannot
00683  *                      be opened.
00684  */
00685 CK_RV sftk_DBInit(const char *configdir, const char *certPrefix,
00686               const char *keyPrefix, PRBool readOnly, PRBool noCertDB, 
00687               PRBool noKeyDB, PRBool forceOpen, 
00688               NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB);
00689 NSSLOWCERTCertDBHandle *sftk_getCertDB(SFTKSlot *slot);
00690 NSSLOWKEYDBHandle *sftk_getKeyDB(SFTKSlot *slot);
00691 void sftk_freeCertDB(NSSLOWCERTCertDBHandle *certHandle);
00692 void sftk_freeKeyDB(NSSLOWKEYDBHandle *keyHandle);
00693 
00694 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely
00695  * acquiring a reference to the keydb from the slot */
00696 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
00697 
00698 const char *sftk_EvaluateConfigDir(const char *configdir, char **domain);
00699 
00700 /*
00701  * narrow objects
00702  */
00703 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
00704 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
00705 
00706 /*
00707  * token object utilities
00708  */
00709 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
00710 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, 
00711                                           CK_OBJECT_HANDLE handle);
00712 PRBool sftk_tokenMatch(SFTKSlot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class,
00713                                         CK_ATTRIBUTE_PTR theTemplate,int count);
00714 CK_OBJECT_HANDLE sftk_mkHandle(SFTKSlot *slot, 
00715                                    SECItem *dbKey, CK_OBJECT_HANDLE class);
00716 SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, 
00717                                           CK_OBJECT_HANDLE handle);
00718 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
00719 
00720 /****************************************
00721  * implement TLS Pseudo Random Function (PRF)
00722  */
00723 
00724 extern CK_RV
00725 sftk_TLSPRFInit(SFTKSessionContext *context, 
00726                 SFTKObject *        key, 
00727                 CK_KEY_TYPE         key_type);
00728 
00729 SEC_END_PROTOS
00730 
00731 #endif /* _PKCS11I_H_ */