pk11priv.h (10198B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 #ifndef _PK11PRIV_H_ 5 #define _PK11PRIV_H_ 6 7 #include <stddef.h> 8 9 #include "plarena.h" 10 #include "seccomon.h" 11 #include "secoidt.h" 12 #include "secdert.h" 13 #include "keythi.h" 14 #include "certt.h" 15 #include "pkcs11t.h" 16 #include "secmodt.h" 17 #include "seccomon.h" 18 #include "pkcs7t.h" 19 #include "cmsreclist.h" 20 #include "pkcs11uri.h" 21 22 /* 23 * These are the private NSS functions. They are not exported by nss.def, and 24 * are not callable outside nss3.dll. 25 */ 26 27 SEC_BEGIN_PROTOS 28 29 /************************************************************ 30 * Generic Slot Lists Management 31 ************************************************************/ 32 PK11SlotList *PK11_NewSlotList(void); 33 PK11SlotList *PK11_GetPrivateKeyTokens(CK_MECHANISM_TYPE type, 34 PRBool needRW, void *wincx); 35 SECStatus PK11_AddSlotToList(PK11SlotList *list, PK11SlotInfo *slot, PRBool sorted); 36 SECStatus PK11_DeleteSlotFromList(PK11SlotList *list, PK11SlotListElement *le); 37 PK11SlotListElement *PK11_FindSlotElement(PK11SlotList *list, 38 PK11SlotInfo *slot); 39 PK11SlotInfo *PK11_FindSlotBySerial(char *serial); 40 41 /************************************************************ 42 * Generic Slot Management 43 ************************************************************/ 44 CK_OBJECT_HANDLE PK11_CopyKey(PK11SlotInfo *slot, CK_OBJECT_HANDLE srcObject); 45 PRBool pk11_MatchUriTokenInfo(PK11SlotInfo *slot, PK11URI *uri); 46 SECStatus PK11_ReadAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, 47 CK_ATTRIBUTE_TYPE type, PLArenaPool *arena, SECItem *result); 48 CK_ULONG PK11_ReadULongAttribute(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, 49 CK_ATTRIBUTE_TYPE type); 50 char *PK11_MakeString(PLArenaPool *arena, char *space, char *staticSring, 51 int stringLen); 52 PRBool pk11_MatchString(const char *string, 53 const char *staticString, size_t staticStringLen); 54 int PK11_MapError(CK_RV error); 55 CK_SESSION_HANDLE PK11_GetRWSession(PK11SlotInfo *slot); 56 void PK11_RestoreROSession(PK11SlotInfo *slot, CK_SESSION_HANDLE rwsession); 57 PRBool PK11_RWSessionHasLock(PK11SlotInfo *slot, 58 CK_SESSION_HANDLE session_handle); 59 PK11SlotInfo *PK11_NewSlotInfo(SECMODModule *mod); 60 void PK11_EnterSlotMonitor(PK11SlotInfo *); 61 void PK11_ExitSlotMonitor(PK11SlotInfo *); 62 void PK11_CleanKeyList(PK11SlotInfo *slot); 63 64 /************************************************************ 65 * Slot Password Management 66 ************************************************************/ 67 SECStatus PK11_DoPassword(PK11SlotInfo *slot, CK_SESSION_HANDLE session, 68 PRBool loadCerts, void *wincx, PRBool alreadyLocked, 69 PRBool contextSpecific); 70 SECStatus PK11_VerifyPW(PK11SlotInfo *slot, char *pw); 71 void PK11_HandlePasswordCheck(PK11SlotInfo *slot, void *wincx); 72 void PK11_SetVerifyPasswordFunc(PK11VerifyPasswordFunc func); 73 void PK11_SetIsLoggedInFunc(PK11IsLoggedInFunc func); 74 75 /************************************************************ 76 * Manage the built-In Slot Lists 77 ************************************************************/ 78 SECStatus PK11_InitSlotLists(void); 79 void PK11_DestroySlotLists(void); 80 PK11SlotList *PK11_GetSlotList(CK_MECHANISM_TYPE type); 81 void PK11_LoadSlotList(PK11SlotInfo *slot, PK11PreSlotInfo *psi, int count); 82 void PK11_ClearSlotList(PK11SlotInfo *slot); 83 84 /****************************************************************** 85 * Slot initialization 86 ******************************************************************/ 87 SECStatus PK11_InitToken(PK11SlotInfo *slot, PRBool loadCerts); 88 void PK11_InitSlot(SECMODModule *mod, CK_SLOT_ID slotID, PK11SlotInfo *slot); 89 PRBool PK11_NeedPWInitForSlot(PK11SlotInfo *slot); 90 SECStatus PK11_ReadSlotCerts(PK11SlotInfo *slot); 91 void pk11_SetInternalKeySlot(PK11SlotInfo *slot); 92 PK11SlotInfo *pk11_SwapInternalKeySlot(PK11SlotInfo *slot); 93 void pk11_SetInternalKeySlotIfFirst(PK11SlotInfo *slot); 94 95 /********************************************************************* 96 * Mechanism Mapping functions 97 *********************************************************************/ 98 void PK11_AddMechanismEntry(CK_MECHANISM_TYPE type, CK_KEY_TYPE key, 99 CK_MECHANISM_TYPE keygen, CK_MECHANISM_TYPE pad, 100 int ivLen, int blocksize); 101 CK_MECHANISM_TYPE PK11_GetKeyMechanism(CK_KEY_TYPE type); 102 CK_MECHANISM_TYPE PK11_GetKeyGenWithSize(CK_MECHANISM_TYPE type, int size); 103 PRBool PK11_DoesMechanismFlag(PK11SlotInfo *, CK_MECHANISM_TYPE type, CK_FLAGS flags); 104 105 /********************************************************************** 106 * Symetric, Public, and Private Keys 107 **********************************************************************/ 108 SECKEYPublicKey *PK11_ExtractPublicKey(PK11SlotInfo *slot, KeyType keyType, 109 CK_OBJECT_HANDLE id); 110 CK_OBJECT_HANDLE PK11_FindObjectForCert(CERTCertificate *cert, 111 void *wincx, PK11SlotInfo **pSlot); 112 PK11SymKey *pk11_CopyToSlot(PK11SlotInfo *slot, CK_MECHANISM_TYPE type, 113 CK_ATTRIBUTE_TYPE operation, PK11SymKey *symKey); 114 unsigned int pk11_GetPredefinedKeyLength(CK_KEY_TYPE keyType); 115 CK_OBJECT_HANDLE PK11_DerivePubKeyFromPrivKey(SECKEYPrivateKey *privKey); 116 117 /********************************************************************** 118 * Certs 119 **********************************************************************/ 120 SECStatus PK11_TraversePrivateKeysInSlot(PK11SlotInfo *slot, 121 SECStatus (*callback)(SECKEYPrivateKey *, void *), void *arg); 122 SECKEYPrivateKey *PK11_FindPrivateKeyFromNickname(char *nickname, void *wincx); 123 CK_OBJECT_HANDLE *PK11_FindObjectsFromNickname(char *nickname, 124 PK11SlotInfo **slotptr, CK_OBJECT_CLASS objclass, int *returnCount, 125 void *wincx); 126 CK_OBJECT_HANDLE PK11_MatchItem(PK11SlotInfo *slot, CK_OBJECT_HANDLE peer, 127 CK_OBJECT_CLASS o_class); 128 CK_BBOOL pk11_HasAttributeSet_Lock(PK11SlotInfo *slot, 129 CK_OBJECT_HANDLE id, 130 CK_ATTRIBUTE_TYPE type, 131 PRBool haslock); 132 CK_RV PK11_GetAttributes(PLArenaPool *arena, PK11SlotInfo *slot, 133 CK_OBJECT_HANDLE obj, CK_ATTRIBUTE *attr, int count); 134 int PK11_NumberCertsForCertSubject(CERTCertificate *cert); 135 SECStatus PK11_TraverseCertsForSubject(CERTCertificate *cert, 136 SECStatus (*callback)(CERTCertificate *, void *), void *arg); 137 SECStatus PK11_GetKEAMatchedCerts(PK11SlotInfo *slot1, 138 PK11SlotInfo *slot2, CERTCertificate **cert1, CERTCertificate **cert2); 139 SECStatus PK11_TraverseCertsInSlot(PK11SlotInfo *slot, 140 SECStatus (*callback)(CERTCertificate *, void *), void *arg); 141 SECStatus PK11_LookupCrls(CERTCrlHeadNode *nodes, int type, void *wincx); 142 143 /********************************************************************** 144 * Crypto Contexts 145 **********************************************************************/ 146 PK11Context *PK11_CreateContextByRawKey(PK11SlotInfo *slot, 147 CK_MECHANISM_TYPE type, PK11Origin origin, CK_ATTRIBUTE_TYPE operation, 148 SECItem *key, SECItem *param, void *wincx); 149 PRBool PK11_HashOK(SECOidTag hashAlg); 150 /* 151 * Testing interfaces, not for general use. If your code isn't in 152 * gtests or cmd, stay away from these. This function forces 153 * an AEAD context into simulation mode even though the target token 154 * can already do PKCS #11 v3.0 Message (e.i. softoken). 155 */ 156 SECStatus _PK11_ContextSetAEADSimulation(PK11Context *context); 157 PRBool _PK11_ContextGetAEADSimulation(PK11Context *context); 158 159 /********************************************************************** 160 * Functions which are deprecated.... 161 **********************************************************************/ 162 163 SECItem * 164 PK11_FindCrlByName(PK11SlotInfo **slot, CK_OBJECT_HANDLE *handle, 165 SECItem *derName, int type, char **url); 166 167 CK_OBJECT_HANDLE 168 PK11_PutCrl(PK11SlotInfo *slot, SECItem *crl, 169 SECItem *name, char *url, int type); 170 171 SECItem * 172 PK11_FindSMimeProfile(PK11SlotInfo **slotp, char *emailAddr, SECItem *derSubj, 173 SECItem **profileTime); 174 SECStatus 175 PK11_SaveSMimeProfile(PK11SlotInfo *slot, char *emailAddr, SECItem *derSubj, 176 SECItem *emailProfile, SECItem *profileTime); 177 178 PRBool PK11_IsPermObject(PK11SlotInfo *slot, CK_OBJECT_HANDLE handle); 179 180 char *PK11_GetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id); 181 SECStatus PK11_SetObjectNickname(PK11SlotInfo *slot, CK_OBJECT_HANDLE id, 182 const char *nickname); 183 184 /* private */ 185 SECStatus pk11_TraverseAllSlots(SECStatus (*callback)(PK11SlotInfo *, void *), 186 void *cbArg, PRBool forceLogin, void *pwArg); 187 188 /* fetch multiple CRLs for a specific issuer */ 189 SECStatus pk11_RetrieveCrls(CERTCrlHeadNode *nodes, SECItem *issuer, 190 void *wincx); 191 192 /* set global options for NSS PKCS#11 module loader */ 193 SECStatus pk11_setGlobalOptions(PRBool noSingleThreadedModules, 194 PRBool allowAlreadyInitializedModules, 195 PRBool dontFinalizeModules); 196 197 /* return whether NSS is allowed to call C_Finalize */ 198 PRBool pk11_getFinalizeModulesOption(void); 199 200 /* fetch the FIPS state from the fips indicator, public versions of 201 * this function operate on the slot, the context, and the object */ 202 PRBool pk11slot_GetFIPSStatus(PK11SlotInfo *slot, CK_SESSION_HANDLE session, 203 CK_OBJECT_HANDLE object, CK_ULONG operationType); 204 205 SEC_END_PROTOS 206 207 #endif