Mercurial > trustbridge > nss-cmake-static

comparison nss/lib/softoken/pkcs11i.h @ 0:1e5118fa0cb1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
This is NSS with a Cmake Buildsyste To compile a static NSS library for Windows we've used the Chromium-NSS fork and added a Cmake buildsystem to compile it statically for Windows. See README.chromium for chromium changes and README.trustbridge for our modifications.
author Andre Heinecke <andre.heinecke@intevation.de>
date Mon, 28 Jul 2014 10:47:06 +0200
parents
children
comparison
equal deleted inserted replaced
-1:000000000000 0:1e5118fa0cb1
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 /*
5 * Internal data structures and functions used by pkcs11.c
6 */
7 #ifndef _PKCS11I_H_
8 #define _PKCS11I_H_ 1
9
10 #include "nssilock.h"
11 #include "seccomon.h"
12 #include "secoidt.h"
13 #include "lowkeyti.h"
14 #include "pkcs11t.h"
15
16 #include "sftkdbt.h"
17 #include "chacha20poly1305.h"
18 #include "hasht.h"
19
20 /*
21 * Configuration Defines
22 *
23 * The following defines affect the space verse speed trade offs of
24 * the PKCS #11 module. For the most part the current settings are optimized
25 * for web servers, where we want faster speed and lower lock contention at
26 * the expense of space.
27 */
28
29 /*
30 * The attribute allocation strategy is static allocation:
31 * Attributes are pre-allocated as part of the session object and used from
32 * the object array.
33 */
34 #define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in
35 * the object (must me the absolute max) */
36 #define ATTR_SPACE 50 /* Maximum size of attribute data before extra
37 * data needs to be allocated. This is set to
38 * enough space to hold an SSL MASTER secret */
39
40 #define NSC_STRICT PR_FALSE /* forces the code to do strict template
41 * matching when doing C_FindObject on token
42 * objects. This will slow down search in
43 * NSS. */
44 /* default search block allocations and increments */
45 #define NSC_CERT_BLOCK_SIZE 50
46 #define NSC_SEARCH_BLOCK_SIZE 5
47 #define NSC_SLOT_LIST_BLOCK_SIZE 10
48
49 #define NSC_FIPS_MODULE 1
50 #define NSC_NON_FIPS_MODULE 0
51
52 /* these are data base storage hashes, not cryptographic hashes.. The define
53 * the effective size of the various object hash tables */
54 /* clients care more about memory usage than lookup performance on
55 * cyrptographic objects. Clients also have less objects around to play with
56 *
57 * we eventually should make this configurable at runtime! Especially now that
58 * NSS is a shared library.
59 */
60 #define SPACE_ATTRIBUTE_HASH_SIZE 32
61 #define SPACE_SESSION_OBJECT_HASH_SIZE 32
62 #define SPACE_SESSION_HASH_SIZE 32
63 #define TIME_ATTRIBUTE_HASH_SIZE 32
64 #define TIME_SESSION_OBJECT_HASH_SIZE 1024
65 #define TIME_SESSION_HASH_SIZE 1024
66 #define MAX_OBJECT_LIST_SIZE 800
67 /* how many objects to keep on the free list
68 * before we start freeing them */
69 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */
70
71 /*
72 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
73 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
74 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
75 *
76 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS
77 * 1024 9 512 2
78 * 1024 5 32 32
79 * 1024 1 2 512
80 * 1024 0 1 1024
81 * 4096 11 2048 2
82 * 4096 9 512 8
83 * 4096 5 32 128
84 * 4096 1 2 2048
85 * 4096 0 1 4096
86 */
87 #define LOG2_BUCKETS_PER_SESSION_LOCK 1
88 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
89 /* NOSPREAD sessionID to hash table index macro has been slower. */
90
91 /* define typedefs, double as forward declarations as well */
92 typedef struct SFTKAttributeStr SFTKAttribute;
93 typedef struct SFTKObjectListStr SFTKObjectList;
94 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
95 typedef struct SFTKObjectListElementStr SFTKObjectListElement;
96 typedef struct SFTKObjectStr SFTKObject;
97 typedef struct SFTKSessionObjectStr SFTKSessionObject;
98 typedef struct SFTKTokenObjectStr SFTKTokenObject;
99 typedef struct SFTKSessionStr SFTKSession;
100 typedef struct SFTKSlotStr SFTKSlot;
101 typedef struct SFTKSessionContextStr SFTKSessionContext;
102 typedef struct SFTKSearchResultsStr SFTKSearchResults;
103 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
104 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
105 typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo;
106 typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo;
107 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
108 typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info;
109 typedef struct SFTKItemTemplateStr SFTKItemTemplate;
110
111 /* define function pointer typdefs for pointer tables */
112 typedef void (*SFTKDestroy)(void *, PRBool);
113 typedef void (*SFTKBegin)(void *);
114 typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
115 void *, unsigned int);
116 typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
117 typedef void (*SFTKHash)(void *,void *,unsigned int);
118 typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
119 typedef void (*SFTKFree)(void *);
120
121 /* Value to tell if an attribute is modifiable or not.
122 * NEVER: attribute is only set on creation.
123 * ONCOPY: attribute is set on creation and can only be changed on copy.
124 * SENSITIVE: attribute can only be changed to TRUE.
125 * ALWAYS: attribute can always be changed.
126 */
127 typedef enum {
128 SFTK_NEVER = 0,
129 SFTK_ONCOPY = 1,
130 SFTK_SENSITIVE = 2,
131 SFTK_ALWAYS = 3
132 } SFTKModifyType;
133
134 /*
135 * Free Status Enum... tell us more information when we think we're
136 * deleting an object.
137 */
138 typedef enum {
139 SFTK_DestroyFailure,
140 SFTK_Destroyed,
141 SFTK_Busy
142 } SFTKFreeStatus;
143
144 /*
145 * attribute values of an object.
146 */
147 struct SFTKAttributeStr {
148 SFTKAttribute *next;
149 SFTKAttribute *prev;
150 PRBool freeAttr;
151 PRBool freeData;
152 /*must be called handle to make sftkqueue_find work */
153 CK_ATTRIBUTE_TYPE handle;
154 CK_ATTRIBUTE attrib;
155 unsigned char space[ATTR_SPACE];
156 };
157
158
159 /*
160 * doubly link list of objects
161 */
162 struct SFTKObjectListStr {
163 SFTKObjectList *next;
164 SFTKObjectList *prev;
165 SFTKObject *parent;
166 };
167
168 struct SFTKObjectFreeListStr {
169 SFTKObject *head;
170 PZLock *lock;
171 int count;
172 };
173
174 /*
175 * PKCS 11 crypto object structure
176 */
177 struct SFTKObjectStr {
178 SFTKObject *next;
179 SFTKObject *prev;
180 CK_OBJECT_CLASS objclass;
181 CK_OBJECT_HANDLE handle;
182 int refCount;
183 PZLock *refLock;
184 SFTKSlot *slot;
185 void *objectInfo;
186 SFTKFree infoFree;
187 };
188
189 struct SFTKTokenObjectStr {
190 SFTKObject obj;
191 SECItem dbKey;
192 };
193
194 struct SFTKSessionObjectStr {
195 SFTKObject obj;
196 SFTKObjectList sessionList;
197 PZLock *attributeLock;
198 SFTKSession *session;
199 PRBool wasDerived;
200 int nextAttr;
201 SFTKAttribute attrList[MAX_OBJS_ATTRS];
202 PRBool optimizeSpace;
203 unsigned int hashSize;
204 SFTKAttribute *head[1];
205 };
206
207 /*
208 * struct to deal with a temparary list of objects
209 */
210 struct SFTKObjectListElementStr {
211 SFTKObjectListElement *next;
212 SFTKObject *object;
213 };
214
215 /*
216 * Area to hold Search results
217 */
218 struct SFTKSearchResultsStr {
219 CK_OBJECT_HANDLE *handles;
220 int size;
221 int index;
222 int array_size;
223 };
224
225
226 /*
227 * the universal crypto/hash/sign/verify context structure
228 */
229 typedef enum {
230 SFTK_ENCRYPT,
231 SFTK_DECRYPT,
232 SFTK_HASH,
233 SFTK_SIGN,
234 SFTK_SIGN_RECOVER,
235 SFTK_VERIFY,
236 SFTK_VERIFY_RECOVER
237 } SFTKContextType;
238
239 /** max block size of supported block ciphers */
240 #define SFTK_MAX_BLOCK_SIZE 16
241 /** currently SHA512 is the biggest hash length */
242 #define SFTK_MAX_MAC_LENGTH 64
243 #define SFTK_INVALID_MAC_SIZE 0xffffffff
244
245 /** Particular ongoing operation in session (sign/verify/digest/encrypt/...)
246 *
247 * Understanding sign/verify context:
248 * multi=1 hashInfo=0 block (symmetric) cipher MACing
249 * multi=1 hashInfo=X PKC S/V with prior hashing
250 * multi=0 hashInfo=0 PKC S/V one shot (w/o hashing)
251 * multi=0 hashInfo=X *** shouldn't happen ***
252 */
253 struct SFTKSessionContextStr {
254 SFTKContextType type;
255 PRBool multi; /* is multipart */
256 PRBool rsa; /* is rsa */
257 PRBool doPad; /* use PKCS padding for block ciphers */
258 unsigned int blockSize; /* blocksize for padding */
259 unsigned int padDataLength; /* length of the valid data in padbuf */
260 /** latest incomplete block of data for block cipher */
261 unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];
262 /** result of MAC'ing of latest full block of data with block cipher */
263 unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];
264 CK_ULONG macSize; /* size of a general block cipher mac*/
265 void *cipherInfo;
266 void *hashInfo;
267 unsigned int cipherInfoLen;
268 CK_MECHANISM_TYPE currentMech;
269 SFTKCipher update;
270 SFTKHash hashUpdate;
271 SFTKEnd end;
272 SFTKDestroy destroy;
273 SFTKDestroy hashdestroy;
274 SFTKVerify verify;
275 unsigned int maxLen;
276 SFTKObject *key;
277 };
278
279 /*
280 * Sessions (have objects)
281 */
282 struct SFTKSessionStr {
283 SFTKSession *next;
284 SFTKSession *prev;
285 CK_SESSION_HANDLE handle;
286 int refCount;
287 PZLock *objectLock;
288 int objectIDCount;
289 CK_SESSION_INFO info;
290 CK_NOTIFY notify;
291 CK_VOID_PTR appData;
292 SFTKSlot *slot;
293 SFTKSearchResults *search;
294 SFTKSessionContext *enc_context;
295 SFTKSessionContext *hash_context;
296 SFTKSessionContext *sign_context;
297 SFTKObjectList *objects[1];
298 };
299
300 /*
301 * slots (have sessions and objects)
302 *
303 * The array of sessionLock's protect the session hash table (head[])
304 * as well as the reference count of session objects in that bucket
305 * (head[]->refCount), objectLock protects all elements of the slot's
306 * object hash tables (sessObjHashTable[] and tokObjHashTable), and
307 * sessionObjectHandleCount.
308 * slotLock protects the remaining protected elements:
309 * password, isLoggedIn, ssoLoggedIn, and sessionCount,
310 * and pwCheckLock serializes the key database password checks in
311 * NSC_SetPIN and NSC_Login.
312 *
313 * Each of the fields below has the following lifetime as commented
314 * next to the fields:
315 * invariant - This value is set when the slot is first created and
316 * never changed until it is destroyed.
317 * per load - This value is set when the slot is first created, or
318 * when the slot is used to open another directory. Between open and close
319 * this field does not change.
320 * variable - This value changes through the normal process of slot operation.
321 * - reset. The value of this variable is cleared during an open/close
322 * cycles.
323 * - preserved. The value of this variable is preserved over open/close
324 * cycles.
325 */
326 struct SFTKSlotStr {
327 CK_SLOT_ID slotID; /* invariant */
328 PZLock *slotLock; /* invariant */
329 PZLock **sessionLock; /* invariant */
330 unsigned int numSessionLocks; /* invariant */
331 unsigned long sessionLockMask; /* invariant */
332 PZLock *objectLock; /* invariant */
333 PRLock *pwCheckLock; /* invariant */
334 PRBool present; /* variable -set */
335 PRBool hasTokens; /* per load */
336 PRBool isLoggedIn; /* variable - reset */
337 PRBool ssoLoggedIn; /* variable - reset */
338 PRBool needLogin; /* per load */
339 PRBool DB_loaded; /* per load */
340 PRBool readOnly; /* per load */
341 PRBool optimizeSpace; /* invariant */
342 SFTKDBHandle *certDB; /* per load */
343 SFTKDBHandle *keyDB; /* per load */
344 int minimumPinLen; /* per load */
345 PRInt32 sessionIDCount; /* atomically incremented */
346 /* (preserved) */
347 int sessionIDConflict; /* not protected by a lock */
348 /* (preserved) */
349 int sessionCount; /* variable - reset */
350 PRInt32 rwSessionCount; /* set by atomic operations */
351 /* (reset) */
352 int sessionObjectHandleCount;/* variable - perserved */
353 int index; /* invariant */
354 PLHashTable *tokObjHashTable; /* invariant */
355 SFTKObject **sessObjHashTable; /* variable - reset */
356 unsigned int sessObjHashSize; /* invariant */
357 SFTKSession **head; /* variable -reset */
358 unsigned int sessHashSize; /* invariant */
359 char tokDescription[33]; /* per load */
360 char updateTokDescription[33]; /* per load */
361 char slotDescription[65]; /* invariant */
362 };
363
364 /*
365 * special joint operations Contexts
366 */
367 struct SFTKHashVerifyInfoStr {
368 SECOidTag hashOid;
369 void *params;
370 NSSLOWKEYPublicKey *key;
371 };
372
373 struct SFTKHashSignInfoStr {
374 SECOidTag hashOid;
375 void *params;
376 NSSLOWKEYPrivateKey *key;
377 };
378
379 /**
380 * Contexts for RSA-OAEP
381 */
382 struct SFTKOAEPEncryptInfoStr {
383 CK_RSA_PKCS_OAEP_PARAMS *params;
384 NSSLOWKEYPublicKey *key;
385 };
386
387 struct SFTKOAEPDecryptInfoStr {
388 CK_RSA_PKCS_OAEP_PARAMS *params;
389 NSSLOWKEYPrivateKey *key;
390 };
391
392 /* context for the Final SSLMAC message */
393 struct SFTKSSLMACInfoStr {
394 void *hashContext;
395 SFTKBegin begin;
396 SFTKHash update;
397 SFTKEnd end;
398 CK_ULONG macSize;
399 int padSize;
400 unsigned char key[MAX_KEY_LEN];
401 unsigned int keySize;
402 };
403
404 /* SFTKChaCha20Poly1305Info saves the key, tag length, nonce, and additional
405 * data for a ChaCha20+Poly1305 AEAD operation. */
406 struct SFTKChaCha20Poly1305InfoStr {
407 ChaCha20Poly1305Context freeblCtx;
408 unsigned char nonce[8];
409 unsigned char ad[16];
410 unsigned char *adOverflow;
411 unsigned int adLen;
412 };
413
414 /*
415 * Template based on SECItems, suitable for passing as arrays
416 */
417 struct SFTKItemTemplateStr {
418 CK_ATTRIBUTE_TYPE type;
419 SECItem *item;
420 };
421
422 /* macro for setting SFTKTemplates. */
423 #define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \
424 templ[count].type = attr; \
425 templ[count].item = itemPtr
426
427 #define SFTK_MAX_ITEM_TEMPLATE 10
428
429 /*
430 * session handle modifiers
431 */
432 #define SFTK_SESSION_SLOT_MASK 0xff000000L
433
434 /*
435 * object handle modifiers
436 */
437 #define SFTK_TOKEN_MASK 0x80000000L
438 #define SFTK_TOKEN_MAGIC 0x80000000L
439 #define SFTK_TOKEN_TYPE_MASK 0x70000000L
440 /* keydb (high bit == 0) */
441 #define SFTK_TOKEN_TYPE_PRIV 0x10000000L
442 #define SFTK_TOKEN_TYPE_PUB 0x20000000L
443 #define SFTK_TOKEN_TYPE_KEY 0x30000000L
444 /* certdb (high bit == 1) */
445 #define SFTK_TOKEN_TYPE_TRUST 0x40000000L
446 #define SFTK_TOKEN_TYPE_CRL 0x50000000L
447 #define SFTK_TOKEN_TYPE_SMIME 0x60000000L
448 #define SFTK_TOKEN_TYPE_CERT 0x70000000L
449
450 #define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
451 /* how big (in bytes) a password/pin we can deal with */
452 #define SFTK_MAX_PIN 255
453 /* minimum password/pin length (in Unicode characters) in FIPS mode */
454 #define FIPS_MIN_PIN 7
455
456 /* slot ID's */
457 #define NETSCAPE_SLOT_ID 1
458 #define PRIVATE_KEY_SLOT_ID 2
459 #define FIPS_SLOT_ID 3
460
461 /* slot helper macros */
462 #define sftk_SlotFromSession(sp) ((sp)->slot)
463 #define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
464
465 /* the session hash multiplier (see bug 201081) */
466 #define SHMULTIPLIER 1791398085
467
468 /* queueing helper macros */
469 #define sftk_hash(value,size) \
470 ((PRUint32)((value) * SHMULTIPLIER) & (size-1))
471 #define sftkqueue_add(element,id,head,hash_size) \
472 { int tmp = sftk_hash(id,hash_size); \
473 (element)->next = (head)[tmp]; \
474 (element)->prev = NULL; \
475 if ((head)[tmp]) (head)[tmp]->prev = (element); \
476 (head)[tmp] = (element); }
477 #define sftkqueue_find(element,id,head,hash_size) \
478 for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
479 (element) = (element)->next) { \
480 if ((element)->handle == (id)) { break; } }
481 #define sftkqueue_is_queued(element,id,head,hash_size) \
482 ( ((element)->next) || ((element)->prev) || \
483 ((head)[sftk_hash(id,hash_size)] == (element)) )
484 #define sftkqueue_delete(element,id,head,hash_size) \
485 if ((element)->next) (element)->next->prev = (element)->prev; \
486 if ((element)->prev) (element)->prev->next = (element)->next; \
487 else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
488 (element)->next = NULL; \
489 (element)->prev = NULL; \
490
491 #define sftkqueue_init_element(element) \
492 (element)->prev = NULL;
493
494 #define sftkqueue_add2(element, id, index, head) \
495 { \
496 (element)->next = (head)[index]; \
497 if ((head)[index]) \
498 (head)[index]->prev = (element); \
499 (head)[index] = (element); \
500 }
501
502 #define sftkqueue_find2(element, id, index, head) \
503 for ( (element) = (head)[index]; \
504 (element) != NULL; \
505 (element) = (element)->next) { \
506 if ((element)->handle == (id)) { break; } \
507 }
508
509 #define sftkqueue_delete2(element, id, index, head) \
510 if ((element)->next) (element)->next->prev = (element)->prev; \
511 if ((element)->prev) (element)->prev->next = (element)->next; \
512 else (head)[index] = ((element)->next);
513
514 #define sftkqueue_clear_deleted_element(element) \
515 (element)->next = NULL; \
516 (element)->prev = NULL; \
517
518
519 /* sessionID (handle) is used to determine session lock bucket */
520 #ifdef NOSPREAD
521 /* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */
522 #define SFTK_SESSION_LOCK(slot,handle) \
523 ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
524 & (slot)->sessionLockMask])
525 #else
526 /* SPREAD: ID & (perbucket-1) */
527 #define SFTK_SESSION_LOCK(slot,handle) \
528 ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
529 #endif
530
531 /* expand an attribute & secitem structures out */
532 #define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
533 #define sftk_item_expand(ip) (ip)->data,(ip)->len
534
535 typedef struct sftk_token_parametersStr {
536 CK_SLOT_ID slotID;
537 char *configdir;
538 char *certPrefix;
539 char *keyPrefix;
540 char *updatedir;
541 char *updCertPrefix;
542 char *updKeyPrefix;
543 char *updateID;
544 char *tokdes;
545 char *slotdes;
546 char *updtokdes;
547 int minPW;
548 PRBool readOnly;
549 PRBool noCertDB;
550 PRBool noKeyDB;
551 PRBool forceOpen;
552 PRBool pwRequired;
553 PRBool optimizeSpace;
554 } sftk_token_parameters;
555
556 typedef struct sftk_parametersStr {
557 char *configdir;
558 char *updatedir;
559 char *updateID;
560 char *secmodName;
561 char *man;
562 char *libdes;
563 PRBool readOnly;
564 PRBool noModDB;
565 PRBool noCertDB;
566 PRBool forceOpen;
567 PRBool pwRequired;
568 PRBool optimizeSpace;
569 sftk_token_parameters *tokens;
570 int token_count;
571 } sftk_parameters;
572
573
574 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */
575 #define CERT_DB_FMT "%scert%s.db"
576 #define KEY_DB_FMT "%skey%s.db"
577
578 SEC_BEGIN_PROTOS
579
580 /* shared functions between pkcs11.c and fipstokn.c */
581 extern PRBool nsf_init;
582 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
583 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
584 extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv);
585 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
586 CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
587
588 /* slot initialization, reinit, shutdown and destruction */
589 extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,
590 sftk_token_parameters *params, int moduleIndex);
591 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
592 char *updatedir, char *updateID,
593 sftk_token_parameters *params, int moduleIndex);
594 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
595 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
596 extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout);
597
598
599 /* internal utility functions used by pkcs11.c */
600 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
601 CK_ATTRIBUTE_TYPE type);
602 extern void sftk_FreeAttribute(SFTKAttribute *attribute);
603 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
604 const void *valPtr, CK_ULONG length);
605 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
606 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
607 extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena,
608 SFTKObject *object, SFTKItemTemplate *templ, int count);
609 extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
610 unsigned int bufLen);
611 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
612 CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
613 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
614 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
615 extern void sftk_DeleteAttributeType(SFTKObject *object,
616 CK_ATTRIBUTE_TYPE type);
617 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
618 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
619 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
620 SFTKObject *object,
621 CK_ATTRIBUTE_TYPE type);
622 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
623 CK_OBJECT_CLASS inClass);
624 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
625 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
626 extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
627 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
628 CK_ULONG *longData);
629 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
630 const void *value, unsigned int len);
631 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
632 const void *value, unsigned int len);
633 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
634
635 extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
636 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
637 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
638 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
639 extern void sftk_ReferenceObject(SFTKObject *object);
640 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
641 SFTKSession *session);
642 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
643 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
644 /* clear out all the existing object ID to database key mappings.
645 * used to reinit a token */
646 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
647
648 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
649 SFTKObject **head, unsigned int size,
650 PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
651 int count, PRBool isLoggedIn);
652 extern SFTKObjectListElement *sftk_FreeObjectListElement(
653 SFTKObjectListElement *objectList);
654 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
655 extern void sftk_FreeSearch(SFTKSearchResults *search);
656 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
657
658 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
659 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
660 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
661 extern void sftk_FreeSession(SFTKSession *session);
662 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
663 CK_VOID_PTR pApplication, CK_FLAGS flags);
664 extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
665 extern void sftk_update_all_states(SFTKSlot *slot);
666 extern void sftk_FreeContext(SFTKSessionContext *context);
667 extern void sftk_InitFreeLists(void);
668 extern void sftk_CleanupFreeLists(void);
669
670 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
671 CK_KEY_TYPE key_type, CK_RV *crvp);
672 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
673 CK_KEY_TYPE key_type, CK_RV *crvp);
674 extern void sftk_FormatDESKey(unsigned char *key, int length);
675 extern PRBool sftk_CheckDESKey(unsigned char *key);
676 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
677
678 /* mechanism allows this operation */
679 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
680
681 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely
682 * acquiring a reference to the keydb from the slot */
683 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
684
685 /*
686 * parameter parsing functions
687 */
688 CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS);
689 void sftk_freeParams(sftk_parameters *params);
690
691
692 /*
693 * narrow objects
694 */
695 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
696 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
697
698 /*
699 * token object utilities
700 */
701 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
702 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
703 CK_OBJECT_HANDLE handle);
704 SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
705 CK_OBJECT_HANDLE handle);
706 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
707
708
709 /* J-PAKE (jpakesftk.c) */
710 extern
711 CK_RV jpake_Round1(HASH_HashType hashType,
712 CK_NSS_JPAKERound1Params * params,
713 SFTKObject * key);
714 extern
715 CK_RV jpake_Round2(HASH_HashType hashType,
716 CK_NSS_JPAKERound2Params * params,
717 SFTKObject * sourceKey, SFTKObject * key);
718 extern
719 CK_RV jpake_Final(HASH_HashType hashType,
720 const CK_NSS_JPAKEFinalParams * params,
721 SFTKObject * sourceKey, SFTKObject * key);
722
723 /* Constant time MAC functions (hmacct.c) */
724
725 struct sftk_MACConstantTimeCtxStr {
726 const SECHashObject *hash;
727 unsigned char mac[64];
728 unsigned char secret[64];
729 unsigned int headerLength;
730 unsigned int secretLength;
731 unsigned int totalLength;
732 unsigned char header[75];
733 };
734 typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx;
735 sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New(
736 CK_MECHANISM_PTR mech, SFTKObject *key);
737 sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New(
738 CK_MECHANISM_PTR mech, SFTKObject *key);
739 void sftk_HMACConstantTime_Update(void *pctx, void *data, unsigned int len);
740 void sftk_SSLv3MACConstantTime_Update(void *pctx, void *data, unsigned int len);
741 void sftk_MACConstantTime_EndHash(
742 void *pctx, void *out, unsigned int *outLength, unsigned int maxLength);
743 void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool);
744
745 /****************************************
746 * implement TLS Pseudo Random Function (PRF)
747 */
748
749 extern CK_RV
750 sftk_TLSPRFInit(SFTKSessionContext *context,
751 SFTKObject * key,
752 CK_KEY_TYPE key_type,
753 HASH_HashType hash_alg);
754
755 SEC_END_PROTOS
756
757 #endif /* _PKCS11I_H_ */
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)