andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: /* andre@0: * Internal header file included only by files in pkcs11 dir, or in andre@0: * pkcs11 specific client and server files. andre@0: */ andre@0: andre@0: #ifndef _SECMODTI_H_ andre@0: #define _SECMODTI_H_ 1 andre@0: #include "prmon.h" andre@0: #include "prtypes.h" andre@0: #include "nssilckt.h" andre@0: #include "secmodt.h" andre@0: #include "pkcs11t.h" andre@0: andre@0: #include "nssdevt.h" andre@0: andre@0: /* internal data structures */ andre@0: andre@0: /* Traverse slots callback */ andre@0: typedef struct pk11TraverseSlotStr { andre@0: SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *); andre@0: void *callbackArg; andre@0: CK_ATTRIBUTE *findTemplate; andre@0: int templateCount; andre@0: } pk11TraverseSlot; andre@0: andre@0: andre@0: /* represent a pkcs#11 slot reference counted. */ andre@0: struct PK11SlotInfoStr { andre@0: /* the PKCS11 function list for this slot */ andre@0: void *functionList; andre@0: SECMODModule *module; /* our parent module */ andre@0: /* Boolean to indicate the current state of this slot */ andre@0: PRBool needTest; /* Has this slot been tested for Export complience */ andre@0: PRBool isPerm; /* is this slot a permanment device */ andre@0: PRBool isHW; /* is this slot a hardware device */ andre@0: PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */ andre@0: PRBool disabled; /* is this slot disabled... */ andre@0: PK11DisableReasons reason; /* Why this slot is disabled */ andre@0: PRBool readOnly; /* is the token in this slot read-only */ andre@0: PRBool needLogin; /* does the token of the type that needs andre@0: * authentication (still true even if token is logged andre@0: * in) */ andre@0: PRBool hasRandom; /* can this token generated random numbers */ andre@0: PRBool defRWSession; /* is the default session RW (we open our default andre@0: * session rw if the token can only handle one session andre@0: * at a time. */ andre@0: PRBool isThreadSafe; /* copied from the module */ andre@0: /* The actual flags (many of which are distilled into the above PRBools) */ andre@0: CK_FLAGS flags; /* flags from PKCS #11 token Info */ andre@0: /* a default session handle to do quick and dirty functions */ andre@0: CK_SESSION_HANDLE session; andre@0: PZLock *sessionLock; /* lock for this session */ andre@0: /* our ID */ andre@0: CK_SLOT_ID slotID; andre@0: /* persistant flags saved from startup to startup */ andre@0: unsigned long defaultFlags; andre@0: /* keep track of who is using us so we don't accidently get freed while andre@0: * still in use */ andre@0: PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */ andre@0: PZLock *freeListLock; andre@0: PK11SymKey *freeSymKeysWithSessionHead; andre@0: PK11SymKey *freeSymKeysHead; andre@0: int keyCount; andre@0: int maxKeyCount; andre@0: /* Password control functions for this slot. many of these are only andre@0: * active if the appropriate flag is on in defaultFlags */ andre@0: int askpw; /* what our password options are */ andre@0: int timeout; /* If we're ask_timeout, what is our timeout time is andre@0: * seconds */ andre@0: int authTransact; /* allow multiple authentications off one password if andre@0: * they are all part of the same transaction */ andre@0: PRTime authTime; /* when were we last authenticated */ andre@0: int minPassword; /* smallest legal password */ andre@0: int maxPassword; /* largest legal password */ andre@0: PRUint16 series; /* break up the slot info into various groups of andre@0: * inserted tokens so that keys and certs can be andre@0: * invalidated */ andre@0: PRUint16 flagSeries;/* record the last series for the last event andre@0: * returned for this slot */ andre@0: PRBool flagState; /* record the state of the last event returned for this andre@0: * slot. */ andre@0: PRUint16 wrapKey; /* current wrapping key for SSL master secrets */ andre@0: CK_MECHANISM_TYPE wrapMechanism; andre@0: /* current wrapping mechanism for current wrapKey */ andre@0: CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */ andre@0: CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this andre@0: * token */ andre@0: int mechanismCount; andre@0: /* cache the certificates stored on the token of this slot */ andre@0: CERTCertificate **cert_array; andre@0: int array_size; andre@0: int cert_count; andre@0: char serial[16]; andre@0: /* since these are odd sizes, keep them last. They are odd sizes to andre@0: * allow them to become null terminated strings */ andre@0: char slot_name[65]; andre@0: char token_name[33]; andre@0: PRBool hasRootCerts; andre@0: PRBool hasRootTrust; andre@0: PRBool hasRSAInfo; andre@0: CK_FLAGS RSAInfoFlags; andre@0: PRBool protectedAuthPath; andre@0: PRBool isActiveCard; andre@0: PRIntervalTime lastLoginCheck; andre@0: unsigned int lastState; andre@0: /* for Stan */ andre@0: NSSToken *nssToken; andre@0: /* fast mechanism lookup */ andre@0: char mechanismBits[256]; andre@0: }; andre@0: andre@0: /* Symetric Key structure. Reference Counted */ andre@0: struct PK11SymKeyStr { andre@0: CK_MECHANISM_TYPE type; /* type of operation this key was created for*/ andre@0: CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */ andre@0: PK11SlotInfo *slot; /* Slot this key is loaded into */ andre@0: void *cx; /* window context in case we need to loggin */ andre@0: PK11SymKey *next; andre@0: PRBool owner; andre@0: SECItem data; /* raw key data if available */ andre@0: CK_SESSION_HANDLE session; andre@0: PRBool sessionOwner; andre@0: PRInt32 refCount; /* number of references to this key */ andre@0: int size; /* key size in bytes */ andre@0: PK11Origin origin; /* where this key came from andre@0: * (see def in secmodt.h) */ andre@0: PK11SymKey *parent; /* potential owner key of the session */ andre@0: PRUint16 series; /* break up the slot info into various groups andre@0: * of inserted tokens so that keys and certs andre@0: * can be invalidated */ andre@0: void *userData; /* random data the application can attach to andre@0: * this key */ andre@0: PK11FreeDataFunc freeFunc; /* function to free the user data */ andre@0: }; andre@0: andre@0: andre@0: /* andre@0: * hold a hash, encryption or signing context for multi-part operations. andre@0: * hold enough information so that multiple contexts can be interleaved andre@0: * if necessary. ... Not RefCounted. andre@0: */ andre@0: struct PK11ContextStr { andre@0: CK_ATTRIBUTE_TYPE operation; /* type of operation this context is doing andre@0: * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */ andre@0: PK11SymKey *key; /* symetric key used in this context */ andre@0: PK11SlotInfo *slot; /* slot this context is operationing on */ andre@0: CK_SESSION_HANDLE session; /* session this context is using */ andre@0: PZLock *sessionLock; /* lock before accessing a PKCS #11 andre@0: * session */ andre@0: PRBool ownSession;/* do we own the session? */ andre@0: void *cx; /* window context in case we need to loggin*/ andre@0: void *savedData;/* save data when we are multiplexing on a andre@0: * single context */ andre@0: unsigned long savedLength; /* length of the saved context */ andre@0: SECItem *param; /* mechanism parameters used to build this andre@0: context */ andre@0: PRBool init; /* has this contexted been initialized */ andre@0: CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context is andre@0: * representing (usually what algorithm is andre@0: * being used (CKM_RSA_PKCS, CKM_DES, andre@0: * CKM_SHA, etc.*/ andre@0: PRBool fortezzaHack; /*Fortezza SSL has some special andre@0: * non-standard semantics*/ andre@0: }; andre@0: andre@0: /* andre@0: * structure to hold a pointer to a unique PKCS #11 object andre@0: * (pointer to the slot and the object id). andre@0: */ andre@0: struct PK11GenericObjectStr { andre@0: PK11GenericObject *prev; andre@0: PK11GenericObject *next; andre@0: PK11SlotInfo *slot; andre@0: CK_OBJECT_HANDLE objectID; andre@0: }; andre@0: andre@0: andre@0: #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ andre@0: andre@0: /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ andre@0: #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL andre@0: andre@0: andre@0: #endif /* _SECMODTI_H_ */