Source code
Revision control
Copy as Markdown
Other Tools
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
/*
* Internal header file included only by files in pkcs11 dir, or in
* pkcs11 specific client and server files.
*/
#ifndef _SECMODTI_H_
#define _SECMODTI_H_ 1
#include "prmon.h"
#include "prtypes.h"
#include "nssilckt.h"
#include "secmodt.h"
#include "pkcs11t.h"
#include "nssdevt.h"
/* internal data structures */
/* Traverse slots callback */
typedef struct pk11TraverseSlotStr {
SECStatus (*callback)(PK11SlotInfo *, CK_OBJECT_HANDLE, void *);
void *callbackArg;
CK_ATTRIBUTE *findTemplate;
int templateCount;
} pk11TraverseSlot;
/* represent a pkcs#11 slot reference counted. */
struct PK11SlotInfoStr {
/* the PKCS11 function list for this slot */
void *functionList;
SECMODModule *module; /* our parent module */
/* Boolean to indicate the current state of this slot */
PRBool needTest; /* Has this slot been tested for Export complience */
PRBool isPerm; /* is this slot a permanment device */
PRBool isHW; /* is this slot a hardware device */
PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */
PRBool disabled; /* is this slot disabled... */
PK11DisableReasons reason; /* Why this slot is disabled */
PRBool readOnly; /* is the token in this slot read-only */
PRBool needLogin; /* does the token of the type that needs
* authentication (still true even if token is logged
* in) */
PRBool hasRandom; /* can this token generated random numbers */
PRBool defRWSession; /* is the default session RW (we open our default
* session rw if the token can only handle one session
* at a time. */
PRBool isThreadSafe; /* copied from the module */
/* The actual flags (many of which are distilled into the above PRBools) */
CK_FLAGS flags; /* flags from PKCS #11 token Info */
/* a default session handle to do quick and dirty functions */
CK_SESSION_HANDLE session;
PZLock *sessionLock; /* lock for this session */
/* our ID */
CK_SLOT_ID slotID;
/* persistant flags saved from startup to startup */
unsigned long defaultFlags;
/* keep track of who is using us so we don't accidently get freed while
* still in use */
PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */
PZLock *freeListLock;
PK11SymKey *freeSymKeysWithSessionHead;
PK11SymKey *freeSymKeysHead;
int keyCount;
int maxKeyCount;
/* Password control functions for this slot. many of these are only
* active if the appropriate flag is on in defaultFlags */
int askpw; /* what our password options are */
int timeout; /* If we're ask_timeout, what is our timeout time is
* seconds */
int authTransact; /* allow multiple authentications off one password if
* they are all part of the same transaction */
PRTime authTime; /* when were we last authenticated */
int minPassword; /* smallest legal password */
int maxPassword; /* largest legal password */
PRUint16 series; /* break up the slot info into various groups of
* inserted tokens so that keys and certs can be
* invalidated */
PRUint16 flagSeries; /* record the last series for the last event
* returned for this slot */
PRBool flagState; /* record the state of the last event returned for this
* slot. */
PRUint16 wrapKey; /* current wrapping key for SSL master secrets */
CK_MECHANISM_TYPE wrapMechanism;
/* current wrapping mechanism for current wrapKey */
CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */
CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this
* token */
int mechanismCount;
/* cache the certificates stored on the token of this slot */
CERTCertificate **cert_array;
int array_size;
int cert_count;
char serial[16];
/* since these are odd sizes, keep them last. They are odd sizes to
* allow them to become null terminated strings */
char slot_name[65];
char token_name[33];
PRBool hasRootCerts;
PRBool hasRootTrust;
PRBool hasRSAInfo;
CK_FLAGS RSAInfoFlags;
PRBool protectedAuthPath;
PRBool isActiveCard;
PRIntervalTime lastLoginCheck;
unsigned int lastState;
/* for Stan */
NSSToken *nssToken;
PZLock *nssTokenLock;
/* the tokeninfo struct */
CK_TOKEN_INFO tokenInfo;
/* fast mechanism lookup */
char mechanismBits[256];
CK_PROFILE_ID *profileList;
int profileCount;
};
/* Symetric Key structure. Reference Counted */
struct PK11SymKeyStr {
CK_MECHANISM_TYPE type; /* type of operation this key was created for*/
CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */
PK11SlotInfo *slot; /* Slot this key is loaded into */
void *cx; /* window context in case we need to loggin */
PK11SymKey *next;
PRBool owner;
SECItem data; /* raw key data if available */
CK_SESSION_HANDLE session;
PRBool sessionOwner;
PRInt32 refCount; /* number of references to this key */
int size; /* key size in bytes */
PK11Origin origin; /* where this key came from
* (see def in secmodt.h) */
PK11SymKey *parent; /* potential owner key of the session */
PRUint16 series; /* break up the slot info into various groups
* of inserted tokens so that keys and certs
* can be invalidated */
void *userData; /* random data the application can attach to
* this key */
PK11FreeDataFunc freeFunc; /* function to free the user data */
};
/*
* hold a hash, encryption or signing context for multi-part operations.
* hold enough information so that multiple contexts can be interleaved
* if necessary. ... Not RefCounted.
*/
struct PK11ContextStr {
CK_ATTRIBUTE_TYPE operation; /* type of operation this context is
* doing (CKA_ENCRYPT, CKA_SIGN,
* CKA_HASH, etc.) */
PK11SymKey *key; /* symetric key for this context */
CK_OBJECT_HANDLE objectID; /* object handle to key */
PK11SlotInfo *slot; /* slot this context is using */
CK_SESSION_HANDLE session; /* session this context is using */
PZLock *sessionLock; /* lock before accessing a PKCS #11
* session */
PRBool ownSession; /* do we own the session? */
void *pwArg; /* applicaton specific passwd arg */
void *savedData; /* save data when we are
* multiplexing on a single context */
unsigned long savedLength; /* length of the saved context */
SECItem *param; /* mechanism parameters used to
* build this context */
PRBool init; /* this contexted been initialized? */
CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context
* is representing (usually what
* algorithm is being used
* (CKM_RSA_PKCS, CKM_DES, CKM_SHA,
* etc. */
PRBool fortezzaHack; /* Fortezza SSL has some special
* non-standard semantics*/
PRBool simulate_message; /* We are initializing a message
* interface but the underlying
* PKCS #11 module does not support
* it. We simulate the interface with
* the PCKS #11 v2 interface */
CK_MECHANISM_TYPE simulate_mechanism; /* The mechanism we are simulating */
PRUint64 ivCounter; /* iv counter for simulated message */
PRUint64 ivMaxCount; /* total number of IVs valid for
* this key */
unsigned long ivLen; /* length of the iv in bytes */
unsigned int ivFixedBits; /* number of bits not generated
* for the iv */
CK_GENERATOR_FUNCTION ivGen; /* PKCS #11 iv generator value */
};
/*
* structure to hold a pointer to a unique PKCS #11 object
* (pointer to the slot and the object id).
*/
struct PK11GenericObjectStr {
PK11GenericObject *prev;
PK11GenericObject *next;
PK11SlotInfo *slot;
CK_OBJECT_HANDLE objectID;
PRBool owner;
};
#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */
/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */
#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL
#endif /* _SECMODTI_H_ */