secmodti.h (9752B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * Internal header file included only by files in pkcs11 dir, or in 6 * pkcs11 specific client and server files. 7 */ 8 9 #ifndef _SECMODTI_H_ 10 #define _SECMODTI_H_ 1 11 #include "prmon.h" 12 #include "prtypes.h" 13 #include "nssilckt.h" 14 #include "secmodt.h" 15 #include "pkcs11t.h" 16 17 #include "nssdevt.h" 18 19 /* internal data structures */ 20 21 /* Traverse slots callback */ 22 typedef struct pk11TraverseSlotStr { 23 SECStatus (*callback)(PK11SlotInfo *, CK_OBJECT_HANDLE, void *); 24 void *callbackArg; 25 CK_ATTRIBUTE *findTemplate; 26 int templateCount; 27 } pk11TraverseSlot; 28 29 /* represent a pkcs#11 slot reference counted. */ 30 struct PK11SlotInfoStr { 31 /* the PKCS11 function list for this slot */ 32 void *functionList; 33 SECMODModule *module; /* our parent module */ 34 /* Boolean to indicate the current state of this slot */ 35 PRBool needTest; /* Has this slot been tested for Export complience */ 36 PRBool isPerm; /* is this slot a permanment device */ 37 PRBool isHW; /* is this slot a hardware device */ 38 PRBool isInternal; /* is this slot one of our internal PKCS #11 devices */ 39 PRBool disabled; /* is this slot disabled... */ 40 PK11DisableReasons reason; /* Why this slot is disabled */ 41 PRBool readOnly; /* is the token in this slot read-only */ 42 PRBool needLogin; /* does the token of the type that needs 43 * authentication (still true even if token is logged 44 * in) */ 45 PRBool hasRandom; /* can this token generated random numbers */ 46 PRBool defRWSession; /* is the default session RW (we open our default 47 * session rw if the token can only handle one session 48 * at a time. */ 49 PRBool isThreadSafe; /* copied from the module */ 50 /* The actual flags (many of which are distilled into the above PRBools) */ 51 CK_FLAGS flags; /* flags from PKCS #11 token Info */ 52 /* a default session handle to do quick and dirty functions */ 53 CK_SESSION_HANDLE session; 54 PZLock *sessionLock; /* lock for this session */ 55 /* our ID */ 56 CK_SLOT_ID slotID; 57 /* persistant flags saved from startup to startup */ 58 unsigned long defaultFlags; 59 /* keep track of who is using us so we don't accidently get freed while 60 * still in use */ 61 PRInt32 refCount; /* to be in/decremented by atomic calls ONLY! */ 62 PZLock *freeListLock; 63 PK11SymKey *freeSymKeysWithSessionHead; 64 PK11SymKey *freeSymKeysHead; 65 int keyCount; 66 int maxKeyCount; 67 /* Password control functions for this slot. many of these are only 68 * active if the appropriate flag is on in defaultFlags */ 69 int askpw; /* what our password options are */ 70 int timeout; /* If we're ask_timeout, what is our timeout time is 71 * seconds */ 72 int authTransact; /* allow multiple authentications off one password if 73 * they are all part of the same transaction */ 74 PRTime authTime; /* when were we last authenticated */ 75 int minPassword; /* smallest legal password */ 76 int maxPassword; /* largest legal password */ 77 PRUint16 series; /* break up the slot info into various groups of 78 * inserted tokens so that keys and certs can be 79 * invalidated */ 80 PRUint16 flagSeries; /* record the last series for the last event 81 * returned for this slot */ 82 PRBool flagState; /* record the state of the last event returned for this 83 * slot. */ 84 PRUint16 wrapKey; /* current wrapping key for SSL master secrets */ 85 CK_MECHANISM_TYPE wrapMechanism; 86 /* current wrapping mechanism for current wrapKey */ 87 CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */ 88 CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this 89 * token */ 90 int mechanismCount; 91 /* cache the certificates stored on the token of this slot */ 92 CERTCertificate **cert_array; 93 int array_size; 94 int cert_count; 95 char serial[16]; 96 /* since these are odd sizes, keep them last. They are odd sizes to 97 * allow them to become null terminated strings */ 98 char slot_name[65]; 99 char token_name[33]; 100 PRBool hasRootCerts; 101 PRBool hasRootTrust; 102 PRBool hasRSAInfo; 103 CK_FLAGS RSAInfoFlags; 104 PRBool protectedAuthPath; 105 PRBool isActiveCard; 106 PRIntervalTime lastLoginCheck; 107 unsigned int lastState; 108 /* for Stan */ 109 NSSToken *nssToken; 110 PZLock *nssTokenLock; 111 /* the tokeninfo struct */ 112 CK_TOKEN_INFO tokenInfo; 113 /* fast mechanism lookup */ 114 char mechanismBits[256]; 115 CK_PROFILE_ID *profileList; 116 int profileCount; 117 CK_FLAGS validationFIPSFlags; 118 }; 119 120 /* Symetric Key structure. Reference Counted */ 121 struct PK11SymKeyStr { 122 CK_MECHANISM_TYPE type; /* type of operation this key was created for*/ 123 CK_OBJECT_HANDLE objectID; /* object id of this key in the slot */ 124 PK11SlotInfo *slot; /* Slot this key is loaded into */ 125 void *cx; /* window context in case we need to loggin */ 126 PK11SymKey *next; 127 PRBool owner; 128 SECItem data; /* raw key data if available */ 129 CK_SESSION_HANDLE session; 130 PRBool sessionOwner; 131 PRInt32 refCount; /* number of references to this key */ 132 int size; /* key size in bytes */ 133 PK11Origin origin; /* where this key came from 134 * (see def in secmodt.h) */ 135 PK11SymKey *parent; /* potential owner key of the session */ 136 PRUint16 series; /* break up the slot info into various groups 137 * of inserted tokens so that keys and certs 138 * can be invalidated */ 139 void *userData; /* random data the application can attach to 140 * this key */ 141 PK11FreeDataFunc freeFunc; /* function to free the user data */ 142 }; 143 144 /* 145 * hold a hash, encryption or signing context for multi-part operations. 146 * hold enough information so that multiple contexts can be interleaved 147 * if necessary. ... Not RefCounted. 148 */ 149 struct PK11ContextStr { 150 CK_ATTRIBUTE_TYPE operation; /* type of operation this context is 151 * doing (CKA_ENCRYPT, CKA_SIGN, 152 * CKA_HASH, etc.) */ 153 PK11SymKey *key; /* symetric key for this context */ 154 CK_OBJECT_HANDLE objectID; /* object handle to key */ 155 PK11SlotInfo *slot; /* slot this context is using */ 156 CK_SESSION_HANDLE session; /* session this context is using */ 157 PZLock *sessionLock; /* lock before accessing a PKCS #11 158 * session */ 159 PRBool ownSession; /* do we own the session? */ 160 void *pwArg; /* applicaton specific passwd arg */ 161 void *savedData; /* save data when we are 162 * multiplexing on a single context */ 163 unsigned long savedLength; /* length of the saved context */ 164 SECItem *param; /* mechanism parameters used to 165 * build this context */ 166 PRBool init; /* this contexted been initialized? */ 167 CK_MECHANISM_TYPE type; /* what is the PKCS #11 this context 168 * is representing (usually what 169 * algorithm is being used 170 * (CKM_RSA_PKCS, CKM_DES, CKM_SHA, 171 * etc. */ 172 PRBool fortezzaHack; /* Fortezza SSL has some special 173 * non-standard semantics*/ 174 PRBool simulate_message; /* We are initializing a message 175 * interface but the underlying 176 * PKCS #11 module does not support 177 * it. We simulate the interface with 178 * the PCKS #11 v2 interface */ 179 CK_MECHANISM_TYPE simulate_mechanism; /* The mechanism we are simulating */ 180 PRUint64 ivCounter; /* iv counter for simulated message */ 181 PRUint64 ivMaxCount; /* total number of IVs valid for 182 * this key */ 183 unsigned long ivLen; /* length of the iv in bytes */ 184 unsigned int ivFixedBits; /* number of bits not generated 185 * for the iv */ 186 CK_GENERATOR_FUNCTION ivGen; /* PKCS #11 iv generator value */ 187 }; 188 189 /* 190 * structure to hold a pointer to a unique PKCS #11 object 191 * (pointer to the slot and the object id). 192 */ 193 struct PK11GenericObjectStr { 194 PK11GenericObject *prev; 195 PK11GenericObject *next; 196 PK11SlotInfo *slot; 197 CK_OBJECT_HANDLE objectID; 198 PRBool owner; 199 }; 200 201 #define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */ 202 203 /* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */ 204 #define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL 205 206 #endif /* _SECMODTI_H_ */