search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Import from 1.9a8 tarball
[mozilla-nss.git] / security / nss / lib / softoken / pkcs11i.h
blob71b0ccce33ec7edb09c929a1be520da45a46e540
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
36 /*
37 * Internal data structures and functions used by pkcs11.c
38 */
39 #ifndef _PKCS11I_H_
40 #define _PKCS11I_H_ 1
41
42 #include "nssilock.h"
43 #include "seccomon.h"
44 #include "secoidt.h"
45 #include "lowkeyti.h"
46 #include "pkcs11t.h"
47
48 #include "sftkdbt.h"
49
50
51 /*
52 * Configuration Defines
53 *
54 * The following defines affect the space verse speed trade offs of
55 * the PKCS #11 module. For the most part the current settings are optimized
56 * for web servers, where we want faster speed and lower lock contention at
57 * the expense of space.
58 */
59
60 /*
61 * The attribute allocation strategy is static allocation:
62 * Attributes are pre-allocated as part of the session object and used from
63 * the object array.
64 */
65 #define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in
66 * the object (must me the absolute max) */
67 #define ATTR_SPACE 50 /* Maximum size of attribute data before extra
68 * data needs to be allocated. This is set to
69 * enough space to hold an SSL MASTER secret */
70
71 #define NSC_STRICT PR_FALSE /* forces the code to do strict template
72 * matching when doing C_FindObject on token
73 * objects. This will slow down search in
74 * NSS. */
75 /* default search block allocations and increments */
76 #define NSC_CERT_BLOCK_SIZE 50
77 #define NSC_SEARCH_BLOCK_SIZE 5
78 #define NSC_SLOT_LIST_BLOCK_SIZE 10
79
80 #define NSC_FIPS_MODULE 1
81 #define NSC_NON_FIPS_MODULE 0
82
83 /* these are data base storage hashes, not cryptographic hashes.. The define
84 * the effective size of the various object hash tables */
85 /* clients care more about memory usage than lookup performance on
86 * cyrptographic objects. Clients also have less objects around to play with
87 *
88 * we eventually should make this configurable at runtime! Especially now that
89 * NSS is a shared library.
90 */
91 #define SPACE_ATTRIBUTE_HASH_SIZE 32
92 #define SPACE_SESSION_OBJECT_HASH_SIZE 32
93 #define SPACE_SESSION_HASH_SIZE 32
94 #define TIME_ATTRIBUTE_HASH_SIZE 32
95 #define TIME_SESSION_OBJECT_HASH_SIZE 1024
96 #define TIME_SESSION_HASH_SIZE 1024
97 #define MAX_OBJECT_LIST_SIZE 800
98 /* how many objects to keep on the free list
99 * before we start freeing them */
100 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */
101
102 #define MULTIACCESS "multiaccess:"
103
104 /*
105 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
106 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
107 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
108 *
109 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS
110 * 1024 9 512 2
111 * 1024 5 32 32
112 * 1024 1 2 512
113 * 1024 0 1 1024
114 * 4096 11 2048 2
115 * 4096 9 512 8
116 * 4096 5 32 128
117 * 4096 1 2 2048
118 * 4096 0 1 4096
119 */
120 #define LOG2_BUCKETS_PER_SESSION_LOCK 1
121 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
122 /* NOSPREAD sessionID to hash table index macro has been slower. */
123
124 /* define typedefs, double as forward declarations as well */
125 typedef struct SFTKAttributeStr SFTKAttribute;
126 typedef struct SFTKObjectListStr SFTKObjectList;
127 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
128 typedef struct SFTKObjectListElementStr SFTKObjectListElement;
129 typedef struct SFTKObjectStr SFTKObject;
130 typedef struct SFTKSessionObjectStr SFTKSessionObject;
131 typedef struct SFTKTokenObjectStr SFTKTokenObject;
132 typedef struct SFTKSessionStr SFTKSession;
133 typedef struct SFTKSlotStr SFTKSlot;
134 typedef struct SFTKSessionContextStr SFTKSessionContext;
135 typedef struct SFTKSearchResultsStr SFTKSearchResults;
136 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
137 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
138 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
139
140 /* define function pointer typdefs for pointer tables */
141 typedef void (*SFTKDestroy)(void *, PRBool);
142 typedef void (*SFTKBegin)(void *);
143 typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
144 void *, unsigned int);
145 typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
146 typedef void (*SFTKHash)(void *,void *,unsigned int);
147 typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
148 typedef void (*SFTKFree)(void *);
149
150 /* Value to tell if an attribute is modifiable or not.
151 * NEVER: attribute is only set on creation.
152 * ONCOPY: attribute is set on creation and can only be changed on copy.
153 * SENSITIVE: attribute can only be changed to TRUE.
154 * ALWAYS: attribute can always be changed.
155 */
156 typedef enum {
157 SFTK_NEVER = 0,
158 SFTK_ONCOPY = 1,
159 SFTK_SENSITIVE = 2,
160 SFTK_ALWAYS = 3
161 } SFTKModifyType;
162
163 /*
164 * Free Status Enum... tell us more information when we think we're
165 * deleting an object.
166 */
167 typedef enum {
168 SFTK_DestroyFailure,
169 SFTK_Destroyed,
170 SFTK_Busy
171 } SFTKFreeStatus;
172
173 /*
174 * attribute values of an object.
175 */
176 struct SFTKAttributeStr {
177 SFTKAttribute *next;
178 SFTKAttribute *prev;
179 PRBool freeAttr;
180 PRBool freeData;
181 /*must be called handle to make sftkqueue_find work */
182 CK_ATTRIBUTE_TYPE handle;
183 CK_ATTRIBUTE attrib;
184 unsigned char space[ATTR_SPACE];
185 };
186
187
188 /*
189 * doubly link list of objects
190 */
191 struct SFTKObjectListStr {
192 SFTKObjectList *next;
193 SFTKObjectList *prev;
194 SFTKObject *parent;
195 };
196
197 struct SFTKObjectFreeListStr {
198 SFTKObject *head;
199 PZLock *lock;
200 int count;
201 };
202
203 /*
204 * PKCS 11 crypto object structure
205 */
206 struct SFTKObjectStr {
207 SFTKObject *next;
208 SFTKObject *prev;
209 CK_OBJECT_CLASS objclass;
210 CK_OBJECT_HANDLE handle;
211 int refCount;
212 PZLock *refLock;
213 SFTKSlot *slot;
214 void *objectInfo;
215 SFTKFree infoFree;
216 };
217
218 struct SFTKTokenObjectStr {
219 SFTKObject obj;
220 SECItem dbKey;
221 };
222
223 struct SFTKSessionObjectStr {
224 SFTKObject obj;
225 SFTKObjectList sessionList;
226 PZLock *attributeLock;
227 SFTKSession *session;
228 PRBool wasDerived;
229 int nextAttr;
230 SFTKAttribute attrList[MAX_OBJS_ATTRS];
231 PRBool optimizeSpace;
232 unsigned int hashSize;
233 SFTKAttribute *head[1];
234 };
235
236 /*
237 * struct to deal with a temparary list of objects
238 */
239 struct SFTKObjectListElementStr {
240 SFTKObjectListElement *next;
241 SFTKObject *object;
242 };
243
244 /*
245 * Area to hold Search results
246 */
247 struct SFTKSearchResultsStr {
248 CK_OBJECT_HANDLE *handles;
249 int size;
250 int index;
251 int array_size;
252 };
253
254
255 /*
256 * the universal crypto/hash/sign/verify context structure
257 */
258 typedef enum {
259 SFTK_ENCRYPT,
260 SFTK_DECRYPT,
261 SFTK_HASH,
262 SFTK_SIGN,
263 SFTK_SIGN_RECOVER,
264 SFTK_VERIFY,
265 SFTK_VERIFY_RECOVER
266 } SFTKContextType;
267
268
269 #define SFTK_MAX_BLOCK_SIZE 16
270 /* currently SHA512 is the biggest hash length */
271 #define SFTK_MAX_MAC_LENGTH 64
272 #define SFTK_INVALID_MAC_SIZE 0xffffffff
273
274 struct SFTKSessionContextStr {
275 SFTKContextType type;
276 PRBool multi; /* is multipart */
277 PRBool doPad; /* use PKCS padding for block ciphers */
278 unsigned int blockSize; /* blocksize for padding */
279 unsigned int padDataLength; /* length of the valid data in padbuf */
280 unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];
281 unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];
282 CK_ULONG macSize; /* size of a general block cipher mac*/
283 void *cipherInfo;
284 void *hashInfo;
285 unsigned int cipherInfoLen;
286 CK_MECHANISM_TYPE currentMech;
287 SFTKCipher update;
288 SFTKHash hashUpdate;
289 SFTKEnd end;
290 SFTKDestroy destroy;
291 SFTKDestroy hashdestroy;
292 SFTKVerify verify;
293 unsigned int maxLen;
294 SFTKObject *key;
295 };
296
297 /*
298 * Sessions (have objects)
299 */
300 struct SFTKSessionStr {
301 SFTKSession *next;
302 SFTKSession *prev;
303 CK_SESSION_HANDLE handle;
304 int refCount;
305 PZLock *objectLock;
306 int objectIDCount;
307 CK_SESSION_INFO info;
308 CK_NOTIFY notify;
309 CK_VOID_PTR appData;
310 SFTKSlot *slot;
311 SFTKSearchResults *search;
312 SFTKSessionContext *enc_context;
313 SFTKSessionContext *hash_context;
314 SFTKSessionContext *sign_context;
315 SFTKObjectList *objects[1];
316 };
317
318 /*
319 * slots (have sessions and objects)
320 *
321 * The array of sessionLock's protect the session hash table (head[])
322 * as well as the reference count of session objects in that bucket
323 * (head[]->refCount), objectLock protects all elements of the slot's
324 * object hash tables (sessObjHashTable[] and tokObjHashTable), and
325 * sessionObjectHandleCount.
326 * slotLock protects the remaining protected elements:
327 * password, isLoggedIn, ssoLoggedIn, and sessionCount,
328 * and pwCheckLock serializes the key database password checks in
329 * NSC_SetPIN and NSC_Login.
330 *
331 * Each of the fields below has the following lifetime as commented
332 * next to the fields:
333 * invariant - This value is set when the slot is first created and
334 * never changed until it is destroyed.
335 * per load - This value is set when the slot is first created, or
336 * when the slot is used to open another directory. Between open and close
337 * this field does not change.
338 * variable - This value changes through the normal process of slot operation.
339 * - reset. The value of this variable is cleared during an open/close
340 * cycles.
341 * - preserved. The value of this variable is preserved over open/close
342 * cycles.
343 */
344 struct SFTKSlotStr {
345 CK_SLOT_ID slotID; /* invariant */
346 PZLock *slotLock; /* invariant */
347 PZLock **sessionLock; /* invariant */
348 unsigned int numSessionLocks; /* invariant */
349 unsigned long sessionLockMask; /* invariant */
350 PZLock *objectLock; /* invariant */
351 PRLock *pwCheckLock; /* invariant */
352 PRBool present; /* variable -set */
353 PRBool hasTokens; /* per load */
354 PRBool isLoggedIn; /* variable - reset */
355 PRBool ssoLoggedIn; /* variable - reset */
356 PRBool needLogin; /* per load */
357 PRBool DB_loaded; /* per load */
358 PRBool readOnly; /* per load */
359 PRBool optimizeSpace; /* invariant */
360 SFTKDBHandle *certDB; /* per load */
361 SFTKDBHandle *keyDB; /* per load */
362 int minimumPinLen; /* per load */
363 PRInt32 sessionIDCount; /* atomically incremented */
364 /* (preserved) */
365 int sessionIDConflict; /* not protected by a lock */
366 /* (preserved) */
367 int sessionCount; /* variable - reset */
368 PRInt32 rwSessionCount; /* set by atomic operations */
369 /* (reset) */
370 int sessionObjectHandleCount;/* variable - perserved */
371 int index; /* invariant */
372 PLHashTable *tokObjHashTable; /* invariant */
373 SFTKObject **sessObjHashTable; /* variable - reset */
374 unsigned int sessObjHashSize; /* invariant */
375 SFTKSession **head; /* variable -reset */
376 unsigned int sessHashSize; /* invariant */
377 char tokDescription[33]; /* per load */
378 char slotDescription[64]; /* invariant */
379 };
380
381 /*
382 * special joint operations Contexts
383 */
384 struct SFTKHashVerifyInfoStr {
385 SECOidTag hashOid;
386 NSSLOWKEYPublicKey *key;
387 };
388
389 struct SFTKHashSignInfoStr {
390 SECOidTag hashOid;
391 NSSLOWKEYPrivateKey *key;
392 };
393
394 /* context for the Final SSLMAC message */
395 struct SFTKSSLMACInfoStr {
396 void *hashContext;
397 SFTKBegin begin;
398 SFTKHash update;
399 SFTKEnd end;
400 CK_ULONG macSize;
401 int padSize;
402 unsigned char key[MAX_KEY_LEN];
403 unsigned int keySize;
404 };
405
406 /*
407 * session handle modifiers
408 */
409 #define SFTK_SESSION_SLOT_MASK 0xff000000L
410
411 /*
412 * object handle modifiers
413 */
414 #define SFTK_TOKEN_MASK 0x80000000L
415 #define SFTK_TOKEN_MAGIC 0x80000000L
416 #define SFTK_TOKEN_TYPE_MASK 0x70000000L
417 /* keydb (high bit == 0) */
418 #define SFTK_TOKEN_TYPE_PRIV 0x10000000L
419 #define SFTK_TOKEN_TYPE_PUB 0x20000000L
420 #define SFTK_TOKEN_TYPE_KEY 0x30000000L
421 /* certdb (high bit == 1) */
422 #define SFTK_TOKEN_TYPE_TRUST 0x40000000L
423 #define SFTK_TOKEN_TYPE_CRL 0x50000000L
424 #define SFTK_TOKEN_TYPE_SMIME 0x60000000L
425 #define SFTK_TOKEN_TYPE_CERT 0x70000000L
426
427 #define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
428 /* how big (in bytes) a password/pin we can deal with */
429 #define SFTK_MAX_PIN 255
430 /* minimum password/pin length (in Unicode characters) in FIPS mode */
431 #define FIPS_MIN_PIN 7
432
433 /* slot ID's */
434 #define NETSCAPE_SLOT_ID 1
435 #define PRIVATE_KEY_SLOT_ID 2
436 #define FIPS_SLOT_ID 3
437
438 /* slot helper macros */
439 #define sftk_SlotFromSession(sp) ((sp)->slot)
440 #define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
441
442 /* the session hash multiplier (see bug 201081) */
443 #define SHMULTIPLIER 1791398085
444
445 /* queueing helper macros */
446 #define sftk_hash(value,size) \
447 ((PRUint32)((value) * SHMULTIPLIER) & (size-1))
448 #define sftkqueue_add(element,id,head,hash_size) \
449 { int tmp = sftk_hash(id,hash_size); \
450 (element)->next = (head)[tmp]; \
451 (element)->prev = NULL; \
452 if ((head)[tmp]) (head)[tmp]->prev = (element); \
453 (head)[tmp] = (element); }
454 #define sftkqueue_find(element,id,head,hash_size) \
455 for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
456 (element) = (element)->next) { \
457 if ((element)->handle == (id)) { break; } }
458 #define sftkqueue_is_queued(element,id,head,hash_size) \
459 ( ((element)->next) || ((element)->prev) || \
460 ((head)[sftk_hash(id,hash_size)] == (element)) )
461 #define sftkqueue_delete(element,id,head,hash_size) \
462 if ((element)->next) (element)->next->prev = (element)->prev; \
463 if ((element)->prev) (element)->prev->next = (element)->next; \
464 else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
465 (element)->next = NULL; \
466 (element)->prev = NULL; \
467
468 #define sftkqueue_init_element(element) \
469 (element)->prev = NULL;
470
471 #define sftkqueue_add2(element, id, index, head) \
472 { \
473 (element)->next = (head)[index]; \
474 if ((head)[index]) \
475 (head)[index]->prev = (element); \
476 (head)[index] = (element); \
477 }
478
479 #define sftkqueue_find2(element, id, index, head) \
480 for ( (element) = (head)[index]; \
481 (element) != NULL; \
482 (element) = (element)->next) { \
483 if ((element)->handle == (id)) { break; } \
484 }
485
486 #define sftkqueue_delete2(element, id, index, head) \
487 if ((element)->next) (element)->next->prev = (element)->prev; \
488 if ((element)->prev) (element)->prev->next = (element)->next; \
489 else (head)[index] = ((element)->next);
490
491 #define sftkqueue_clear_deleted_element(element) \
492 (element)->next = NULL; \
493 (element)->prev = NULL; \
494
495
496 /* sessionID (handle) is used to determine session lock bucket */
497 #ifdef NOSPREAD
498 /* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */
499 #define SFTK_SESSION_LOCK(slot,handle) \
500 ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
501 & (slot)->sessionLockMask])
502 #else
503 /* SPREAD: ID & (perbucket-1) */
504 #define SFTK_SESSION_LOCK(slot,handle) \
505 ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
506 #endif
507
508 /* expand an attribute & secitem structures out */
509 #define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
510 #define sftk_item_expand(ip) (ip)->data,(ip)->len
511
512 typedef struct sftk_token_parametersStr {
513 CK_SLOT_ID slotID;
514 char *configdir;
515 char *certPrefix;
516 char *keyPrefix;
517 char *tokdes;
518 char *slotdes;
519 int minPW;
520 PRBool readOnly;
521 PRBool noCertDB;
522 PRBool noKeyDB;
523 PRBool forceOpen;
524 PRBool pwRequired;
525 PRBool optimizeSpace;
526 } sftk_token_parameters;
527
528 typedef struct sftk_parametersStr {
529 char *configdir;
530 char *secmodName;
531 char *man;
532 char *libdes;
533 PRBool readOnly;
534 PRBool noModDB;
535 PRBool noCertDB;
536 PRBool forceOpen;
537 PRBool pwRequired;
538 PRBool optimizeSpace;
539 sftk_token_parameters *tokens;
540 int token_count;
541 } sftk_parameters;
542
543
544 /* machine dependent path stuff used by dbinit.c and pk11db.c */
545 #ifdef macintosh
546 #define PATH_SEPARATOR ":"
547 #define SECMOD_DB "Security Modules"
548 #define CERT_DB_FMT "%sCertificates%s"
549 #define KEY_DB_FMT "%sKey Database%s"
550 #else
551 #define PATH_SEPARATOR "/"
552 #define SECMOD_DB "secmod.db"
553 #define CERT_DB_FMT "%scert%s.db"
554 #define KEY_DB_FMT "%skey%s.db"
555 #endif
556
557 SEC_BEGIN_PROTOS
558
559 /* shared functions between pkcs11.c and fipstokn.c */
560 extern PRBool nsf_init;
561 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
562 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
563 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
564 CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
565
566 /* slot initialization, reinit, shutdown and destruction */
567 extern CK_RV SFTK_SlotInit(char *configdir,
568 sftk_token_parameters *params, int moduleIndex);
569 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
570 sftk_token_parameters *params, int moduleIndex);
571 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
572 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
573
574
575 /* internal utility functions used by pkcs11.c */
576 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
577 CK_ATTRIBUTE_TYPE type);
578 extern void sftk_FreeAttribute(SFTKAttribute *attribute);
579 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
580 void *valPtr,
581 CK_ULONG length);
582 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
583 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
584 extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
585 unsigned int bufLen);
586 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
587 CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
588 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
589 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
590 extern void sftk_DeleteAttributeType(SFTKObject *object,
591 CK_ATTRIBUTE_TYPE type);
592 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
593 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
594 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
595 SFTKObject *object,
596 CK_ATTRIBUTE_TYPE type);
597 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
598 CK_OBJECT_CLASS inClass);
599 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
600 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
601 extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
602 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
603 CK_ULONG *longData);
604 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
605 void *value, unsigned int len);
606 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
607 void *value, unsigned int len);
608 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
609
610 extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
611 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
612 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
613 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
614 extern void sftk_ReferenceObject(SFTKObject *object);
615 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
616 SFTKSession *session);
617 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
618 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
619 /* clear out all the existing object ID to database key mappings.
620 * used to reinit a token */
621 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
622
623 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
624 SFTKObject **head, unsigned int size,
625 PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
626 int count, PRBool isLoggedIn);
627 extern SFTKObjectListElement *sftk_FreeObjectListElement(
628 SFTKObjectListElement *objectList);
629 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
630 extern void sftk_FreeSearch(SFTKSearchResults *search);
631 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
632
633 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
634 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
635 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
636 extern void sftk_FreeSession(SFTKSession *session);
637 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
638 CK_VOID_PTR pApplication, CK_FLAGS flags);
639 extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
640 extern void sftk_update_all_states(SFTKSlot *slot);
641 extern void sftk_FreeContext(SFTKSessionContext *context);
642 extern void sftk_InitFreeLists(void);
643 extern void sftk_CleanupFreeLists(void);
644
645 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
646 CK_KEY_TYPE key_type, CK_RV *crvp);
647 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
648 CK_KEY_TYPE key_type, CK_RV *crvp);
649 extern void sftk_FormatDESKey(unsigned char *key, int length);
650 extern PRBool sftk_CheckDESKey(unsigned char *key);
651 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
652
653 /* mechanism allows this operation */
654 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
655
656 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely
657 * acquiring a reference to the keydb from the slot */
658 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
659
660 /*
661 * narrow objects
662 */
663 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
664 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
665
666 /*
667 * token object utilities
668 */
669 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
670 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
671 CK_OBJECT_HANDLE handle);
672 SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
673 CK_OBJECT_HANDLE handle);
674 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
675
676 /****************************************
677 * implement TLS Pseudo Random Function (PRF)
678 */
679
680 extern CK_RV
681 sftk_TLSPRFInit(SFTKSessionContext *context,
682 SFTKObject * key,
683 CK_KEY_TYPE key_type);
684
685 SEC_END_PROTOS
686
687 #endif /* _PKCS11I_H_ */
Mozilla NSS module