Bug 470455 - test_database_sync_embed_visits.js leaks, r=sdwilsh
[wine-gecko.git] / security / nss / lib / softoken / pkcs11i.h
blob3ab20156247377ffbea2bcb49c7db0f08769cc8e
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
14 * The Original Code is the Netscape security libraries.
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
21 * Contributor(s):
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
35 * ***** END LICENSE BLOCK ***** */
37 * Internal data structures and functions used by pkcs11.c
39 #ifndef _PKCS11I_H_
40 #define _PKCS11I_H_ 1
42 #include "nssilock.h"
43 #include "seccomon.h"
44 #include "secoidt.h"
45 #include "lowkeyti.h"
46 #include "pkcs11t.h"
48 #include "sftkdbt.h"
51 /*
52 * Configuration Defines
54 * The following defines affect the space verse speed trade offs of
55 * the PKCS #11 module. For the most part the current settings are optimized
56 * for web servers, where we want faster speed and lower lock contention at
57 * the expense of space.
60 /*
61 * The attribute allocation strategy is static allocation:
62 * Attributes are pre-allocated as part of the session object and used from
63 * the object array.
65 #define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in
66 * the object (must me the absolute max) */
67 #define ATTR_SPACE 50 /* Maximum size of attribute data before extra
68 * data needs to be allocated. This is set to
69 * enough space to hold an SSL MASTER secret */
71 #define NSC_STRICT PR_FALSE /* forces the code to do strict template
72 * matching when doing C_FindObject on token
73 * objects. This will slow down search in
74 * NSS. */
75 /* default search block allocations and increments */
76 #define NSC_CERT_BLOCK_SIZE 50
77 #define NSC_SEARCH_BLOCK_SIZE 5
78 #define NSC_SLOT_LIST_BLOCK_SIZE 10
80 #define NSC_FIPS_MODULE 1
81 #define NSC_NON_FIPS_MODULE 0
83 /* these are data base storage hashes, not cryptographic hashes.. The define
84 * the effective size of the various object hash tables */
85 /* clients care more about memory usage than lookup performance on
86 * cyrptographic objects. Clients also have less objects around to play with
88 * we eventually should make this configurable at runtime! Especially now that
89 * NSS is a shared library.
91 #define SPACE_ATTRIBUTE_HASH_SIZE 32
92 #define SPACE_SESSION_OBJECT_HASH_SIZE 32
93 #define SPACE_SESSION_HASH_SIZE 32
94 #define TIME_ATTRIBUTE_HASH_SIZE 32
95 #define TIME_SESSION_OBJECT_HASH_SIZE 1024
96 #define TIME_SESSION_HASH_SIZE 1024
97 #define MAX_OBJECT_LIST_SIZE 800
98 /* how many objects to keep on the free list
99 * before we start freeing them */
100 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */
102 #define MULTIACCESS "multiaccess:"
105 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number.
106 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0.
107 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0.
109 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS
110 * 1024 9 512 2
111 * 1024 5 32 32
112 * 1024 1 2 512
113 * 1024 0 1 1024
114 * 4096 11 2048 2
115 * 4096 9 512 8
116 * 4096 5 32 128
117 * 4096 1 2 2048
118 * 4096 0 1 4096
120 #define LOG2_BUCKETS_PER_SESSION_LOCK 1
121 #define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK))
122 /* NOSPREAD sessionID to hash table index macro has been slower. */
124 /* define typedefs, double as forward declarations as well */
125 typedef struct SFTKAttributeStr SFTKAttribute;
126 typedef struct SFTKObjectListStr SFTKObjectList;
127 typedef struct SFTKObjectFreeListStr SFTKObjectFreeList;
128 typedef struct SFTKObjectListElementStr SFTKObjectListElement;
129 typedef struct SFTKObjectStr SFTKObject;
130 typedef struct SFTKSessionObjectStr SFTKSessionObject;
131 typedef struct SFTKTokenObjectStr SFTKTokenObject;
132 typedef struct SFTKSessionStr SFTKSession;
133 typedef struct SFTKSlotStr SFTKSlot;
134 typedef struct SFTKSessionContextStr SFTKSessionContext;
135 typedef struct SFTKSearchResultsStr SFTKSearchResults;
136 typedef struct SFTKHashVerifyInfoStr SFTKHashVerifyInfo;
137 typedef struct SFTKHashSignInfoStr SFTKHashSignInfo;
138 typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo;
139 typedef struct SFTKItemTemplateStr SFTKItemTemplate;
141 /* define function pointer typdefs for pointer tables */
142 typedef void (*SFTKDestroy)(void *, PRBool);
143 typedef void (*SFTKBegin)(void *);
144 typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int,
145 void *, unsigned int);
146 typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int);
147 typedef void (*SFTKHash)(void *,void *,unsigned int);
148 typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int);
149 typedef void (*SFTKFree)(void *);
151 /* Value to tell if an attribute is modifiable or not.
152 * NEVER: attribute is only set on creation.
153 * ONCOPY: attribute is set on creation and can only be changed on copy.
154 * SENSITIVE: attribute can only be changed to TRUE.
155 * ALWAYS: attribute can always be changed.
157 typedef enum {
158 SFTK_NEVER = 0,
159 SFTK_ONCOPY = 1,
160 SFTK_SENSITIVE = 2,
161 SFTK_ALWAYS = 3
162 } SFTKModifyType;
165 * Free Status Enum... tell us more information when we think we're
166 * deleting an object.
168 typedef enum {
169 SFTK_DestroyFailure,
170 SFTK_Destroyed,
171 SFTK_Busy
172 } SFTKFreeStatus;
175 * attribute values of an object.
177 struct SFTKAttributeStr {
178 SFTKAttribute *next;
179 SFTKAttribute *prev;
180 PRBool freeAttr;
181 PRBool freeData;
182 /*must be called handle to make sftkqueue_find work */
183 CK_ATTRIBUTE_TYPE handle;
184 CK_ATTRIBUTE attrib;
185 unsigned char space[ATTR_SPACE];
190 * doubly link list of objects
192 struct SFTKObjectListStr {
193 SFTKObjectList *next;
194 SFTKObjectList *prev;
195 SFTKObject *parent;
198 struct SFTKObjectFreeListStr {
199 SFTKObject *head;
200 PZLock *lock;
201 int count;
205 * PKCS 11 crypto object structure
207 struct SFTKObjectStr {
208 SFTKObject *next;
209 SFTKObject *prev;
210 CK_OBJECT_CLASS objclass;
211 CK_OBJECT_HANDLE handle;
212 int refCount;
213 PZLock *refLock;
214 SFTKSlot *slot;
215 void *objectInfo;
216 SFTKFree infoFree;
219 struct SFTKTokenObjectStr {
220 SFTKObject obj;
221 SECItem dbKey;
224 struct SFTKSessionObjectStr {
225 SFTKObject obj;
226 SFTKObjectList sessionList;
227 PZLock *attributeLock;
228 SFTKSession *session;
229 PRBool wasDerived;
230 int nextAttr;
231 SFTKAttribute attrList[MAX_OBJS_ATTRS];
232 PRBool optimizeSpace;
233 unsigned int hashSize;
234 SFTKAttribute *head[1];
238 * struct to deal with a temparary list of objects
240 struct SFTKObjectListElementStr {
241 SFTKObjectListElement *next;
242 SFTKObject *object;
246 * Area to hold Search results
248 struct SFTKSearchResultsStr {
249 CK_OBJECT_HANDLE *handles;
250 int size;
251 int index;
252 int array_size;
257 * the universal crypto/hash/sign/verify context structure
259 typedef enum {
260 SFTK_ENCRYPT,
261 SFTK_DECRYPT,
262 SFTK_HASH,
263 SFTK_SIGN,
264 SFTK_SIGN_RECOVER,
265 SFTK_VERIFY,
266 SFTK_VERIFY_RECOVER
267 } SFTKContextType;
270 #define SFTK_MAX_BLOCK_SIZE 16
271 /* currently SHA512 is the biggest hash length */
272 #define SFTK_MAX_MAC_LENGTH 64
273 #define SFTK_INVALID_MAC_SIZE 0xffffffff
275 struct SFTKSessionContextStr {
276 SFTKContextType type;
277 PRBool multi; /* is multipart */
278 PRBool doPad; /* use PKCS padding for block ciphers */
279 unsigned int blockSize; /* blocksize for padding */
280 unsigned int padDataLength; /* length of the valid data in padbuf */
281 unsigned char padBuf[SFTK_MAX_BLOCK_SIZE];
282 unsigned char macBuf[SFTK_MAX_BLOCK_SIZE];
283 CK_ULONG macSize; /* size of a general block cipher mac*/
284 void *cipherInfo;
285 void *hashInfo;
286 unsigned int cipherInfoLen;
287 CK_MECHANISM_TYPE currentMech;
288 SFTKCipher update;
289 SFTKHash hashUpdate;
290 SFTKEnd end;
291 SFTKDestroy destroy;
292 SFTKDestroy hashdestroy;
293 SFTKVerify verify;
294 unsigned int maxLen;
295 SFTKObject *key;
299 * Sessions (have objects)
301 struct SFTKSessionStr {
302 SFTKSession *next;
303 SFTKSession *prev;
304 CK_SESSION_HANDLE handle;
305 int refCount;
306 PZLock *objectLock;
307 int objectIDCount;
308 CK_SESSION_INFO info;
309 CK_NOTIFY notify;
310 CK_VOID_PTR appData;
311 SFTKSlot *slot;
312 SFTKSearchResults *search;
313 SFTKSessionContext *enc_context;
314 SFTKSessionContext *hash_context;
315 SFTKSessionContext *sign_context;
316 SFTKObjectList *objects[1];
320 * slots (have sessions and objects)
322 * The array of sessionLock's protect the session hash table (head[])
323 * as well as the reference count of session objects in that bucket
324 * (head[]->refCount), objectLock protects all elements of the slot's
325 * object hash tables (sessObjHashTable[] and tokObjHashTable), and
326 * sessionObjectHandleCount.
327 * slotLock protects the remaining protected elements:
328 * password, isLoggedIn, ssoLoggedIn, and sessionCount,
329 * and pwCheckLock serializes the key database password checks in
330 * NSC_SetPIN and NSC_Login.
332 * Each of the fields below has the following lifetime as commented
333 * next to the fields:
334 * invariant - This value is set when the slot is first created and
335 * never changed until it is destroyed.
336 * per load - This value is set when the slot is first created, or
337 * when the slot is used to open another directory. Between open and close
338 * this field does not change.
339 * variable - This value changes through the normal process of slot operation.
340 * - reset. The value of this variable is cleared during an open/close
341 * cycles.
342 * - preserved. The value of this variable is preserved over open/close
343 * cycles.
345 struct SFTKSlotStr {
346 CK_SLOT_ID slotID; /* invariant */
347 PZLock *slotLock; /* invariant */
348 PZLock **sessionLock; /* invariant */
349 unsigned int numSessionLocks; /* invariant */
350 unsigned long sessionLockMask; /* invariant */
351 PZLock *objectLock; /* invariant */
352 PRLock *pwCheckLock; /* invariant */
353 PRBool present; /* variable -set */
354 PRBool hasTokens; /* per load */
355 PRBool isLoggedIn; /* variable - reset */
356 PRBool ssoLoggedIn; /* variable - reset */
357 PRBool needLogin; /* per load */
358 PRBool DB_loaded; /* per load */
359 PRBool readOnly; /* per load */
360 PRBool optimizeSpace; /* invariant */
361 SFTKDBHandle *certDB; /* per load */
362 SFTKDBHandle *keyDB; /* per load */
363 int minimumPinLen; /* per load */
364 PRInt32 sessionIDCount; /* atomically incremented */
365 /* (preserved) */
366 int sessionIDConflict; /* not protected by a lock */
367 /* (preserved) */
368 int sessionCount; /* variable - reset */
369 PRInt32 rwSessionCount; /* set by atomic operations */
370 /* (reset) */
371 int sessionObjectHandleCount;/* variable - perserved */
372 int index; /* invariant */
373 PLHashTable *tokObjHashTable; /* invariant */
374 SFTKObject **sessObjHashTable; /* variable - reset */
375 unsigned int sessObjHashSize; /* invariant */
376 SFTKSession **head; /* variable -reset */
377 unsigned int sessHashSize; /* invariant */
378 char tokDescription[33]; /* per load */
379 char updateTokDescription[33]; /* per load */
380 char slotDescription[65]; /* invariant */
384 * special joint operations Contexts
386 struct SFTKHashVerifyInfoStr {
387 SECOidTag hashOid;
388 NSSLOWKEYPublicKey *key;
391 struct SFTKHashSignInfoStr {
392 SECOidTag hashOid;
393 NSSLOWKEYPrivateKey *key;
396 /* context for the Final SSLMAC message */
397 struct SFTKSSLMACInfoStr {
398 void *hashContext;
399 SFTKBegin begin;
400 SFTKHash update;
401 SFTKEnd end;
402 CK_ULONG macSize;
403 int padSize;
404 unsigned char key[MAX_KEY_LEN];
405 unsigned int keySize;
409 * Template based on SECItems, suitable for passing as arrays
411 struct SFTKItemTemplateStr {
412 CK_ATTRIBUTE_TYPE type;
413 SECItem *item;
416 /* macro for setting SFTKTemplates. */
417 #define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \
418 templ[count].type = attr; \
419 templ[count].item = itemPtr
421 #define SFTK_MAX_ITEM_TEMPLATE 10
424 * session handle modifiers
426 #define SFTK_SESSION_SLOT_MASK 0xff000000L
429 * object handle modifiers
431 #define SFTK_TOKEN_MASK 0x80000000L
432 #define SFTK_TOKEN_MAGIC 0x80000000L
433 #define SFTK_TOKEN_TYPE_MASK 0x70000000L
434 /* keydb (high bit == 0) */
435 #define SFTK_TOKEN_TYPE_PRIV 0x10000000L
436 #define SFTK_TOKEN_TYPE_PUB 0x20000000L
437 #define SFTK_TOKEN_TYPE_KEY 0x30000000L
438 /* certdb (high bit == 1) */
439 #define SFTK_TOKEN_TYPE_TRUST 0x40000000L
440 #define SFTK_TOKEN_TYPE_CRL 0x50000000L
441 #define SFTK_TOKEN_TYPE_SMIME 0x60000000L
442 #define SFTK_TOKEN_TYPE_CERT 0x70000000L
444 #define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1)
445 /* how big (in bytes) a password/pin we can deal with */
446 #define SFTK_MAX_PIN 255
447 /* minimum password/pin length (in Unicode characters) in FIPS mode */
448 #define FIPS_MIN_PIN 7
450 /* slot ID's */
451 #define NETSCAPE_SLOT_ID 1
452 #define PRIVATE_KEY_SLOT_ID 2
453 #define FIPS_SLOT_ID 3
455 /* slot helper macros */
456 #define sftk_SlotFromSession(sp) ((sp)->slot)
457 #define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC)
459 /* the session hash multiplier (see bug 201081) */
460 #define SHMULTIPLIER 1791398085
462 /* queueing helper macros */
463 #define sftk_hash(value,size) \
464 ((PRUint32)((value) * SHMULTIPLIER) & (size-1))
465 #define sftkqueue_add(element,id,head,hash_size) \
466 { int tmp = sftk_hash(id,hash_size); \
467 (element)->next = (head)[tmp]; \
468 (element)->prev = NULL; \
469 if ((head)[tmp]) (head)[tmp]->prev = (element); \
470 (head)[tmp] = (element); }
471 #define sftkqueue_find(element,id,head,hash_size) \
472 for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \
473 (element) = (element)->next) { \
474 if ((element)->handle == (id)) { break; } }
475 #define sftkqueue_is_queued(element,id,head,hash_size) \
476 ( ((element)->next) || ((element)->prev) || \
477 ((head)[sftk_hash(id,hash_size)] == (element)) )
478 #define sftkqueue_delete(element,id,head,hash_size) \
479 if ((element)->next) (element)->next->prev = (element)->prev; \
480 if ((element)->prev) (element)->prev->next = (element)->next; \
481 else (head)[sftk_hash(id,hash_size)] = ((element)->next); \
482 (element)->next = NULL; \
483 (element)->prev = NULL; \
485 #define sftkqueue_init_element(element) \
486 (element)->prev = NULL;
488 #define sftkqueue_add2(element, id, index, head) \
490 (element)->next = (head)[index]; \
491 if ((head)[index]) \
492 (head)[index]->prev = (element); \
493 (head)[index] = (element); \
496 #define sftkqueue_find2(element, id, index, head) \
497 for ( (element) = (head)[index]; \
498 (element) != NULL; \
499 (element) = (element)->next) { \
500 if ((element)->handle == (id)) { break; } \
503 #define sftkqueue_delete2(element, id, index, head) \
504 if ((element)->next) (element)->next->prev = (element)->prev; \
505 if ((element)->prev) (element)->prev->next = (element)->next; \
506 else (head)[index] = ((element)->next);
508 #define sftkqueue_clear_deleted_element(element) \
509 (element)->next = NULL; \
510 (element)->prev = NULL; \
513 /* sessionID (handle) is used to determine session lock bucket */
514 #ifdef NOSPREAD
515 /* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */
516 #define SFTK_SESSION_LOCK(slot,handle) \
517 ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \
518 & (slot)->sessionLockMask])
519 #else
520 /* SPREAD: ID & (perbucket-1) */
521 #define SFTK_SESSION_LOCK(slot,handle) \
522 ((slot)->sessionLock[(handle) & (slot)->sessionLockMask])
523 #endif
525 /* expand an attribute & secitem structures out */
526 #define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen
527 #define sftk_item_expand(ip) (ip)->data,(ip)->len
529 typedef struct sftk_token_parametersStr {
530 CK_SLOT_ID slotID;
531 char *configdir;
532 char *certPrefix;
533 char *keyPrefix;
534 char *updatedir;
535 char *updCertPrefix;
536 char *updKeyPrefix;
537 char *updateID;
538 char *tokdes;
539 char *slotdes;
540 char *updtokdes;
541 int minPW;
542 PRBool readOnly;
543 PRBool noCertDB;
544 PRBool noKeyDB;
545 PRBool forceOpen;
546 PRBool pwRequired;
547 PRBool optimizeSpace;
548 } sftk_token_parameters;
550 typedef struct sftk_parametersStr {
551 char *configdir;
552 char *updatedir;
553 char *updateID;
554 char *secmodName;
555 char *man;
556 char *libdes;
557 PRBool readOnly;
558 PRBool noModDB;
559 PRBool noCertDB;
560 PRBool forceOpen;
561 PRBool pwRequired;
562 PRBool optimizeSpace;
563 sftk_token_parameters *tokens;
564 int token_count;
565 } sftk_parameters;
568 /* machine dependent path stuff used by dbinit.c and pk11db.c */
569 #ifdef macintosh
570 #define PATH_SEPARATOR ":"
571 #define SECMOD_DB "Security Modules"
572 #define CERT_DB_FMT "%sCertificates%s"
573 #define KEY_DB_FMT "%sKey Database%s"
574 #else
575 #define PATH_SEPARATOR "/"
576 #define SECMOD_DB "secmod.db"
577 #define CERT_DB_FMT "%scert%s.db"
578 #define KEY_DB_FMT "%skey%s.db"
579 #endif
581 SEC_BEGIN_PROTOS
583 /* shared functions between pkcs11.c and fipstokn.c */
584 extern PRBool nsf_init;
585 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS);
586 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS);
587 extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent,
588 CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex);
590 /* slot initialization, reinit, shutdown and destruction */
591 extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID,
592 sftk_token_parameters *params, int moduleIndex);
593 extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir,
594 char *updatedir, char *updateID,
595 sftk_token_parameters *params, int moduleIndex);
596 extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot);
597 extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot);
598 extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot);
601 /* internal utility functions used by pkcs11.c */
602 extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object,
603 CK_ATTRIBUTE_TYPE type);
604 extern void sftk_FreeAttribute(SFTKAttribute *attribute);
605 extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
606 void *valPtr,
607 CK_ULONG length);
608 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
609 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
610 extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena,
611 SFTKObject *object, SFTKItemTemplate *templ, int count);
612 extern unsigned int sftk_GetLengthInBits(unsigned char *buf,
613 unsigned int bufLen);
614 extern CK_RV sftk_ConstrainAttribute(SFTKObject *object,
615 CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple);
616 extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
617 extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
618 extern void sftk_DeleteAttributeType(SFTKObject *object,
619 CK_ATTRIBUTE_TYPE type);
620 extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item,
621 SFTKObject *object, CK_ATTRIBUTE_TYPE type);
622 extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item,
623 SFTKObject *object,
624 CK_ATTRIBUTE_TYPE type);
625 extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type,
626 CK_OBJECT_CLASS inClass);
627 extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass);
628 extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type);
629 extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type);
630 extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
631 CK_ULONG *longData);
632 extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
633 void *value, unsigned int len);
634 extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type,
635 void *value, unsigned int len);
636 extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth);
638 extern SFTKObject *sftk_NewObject(SFTKSlot *slot);
639 extern CK_RV sftk_CopyObject(SFTKObject *destObject, SFTKObject *srcObject);
640 extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object);
641 extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object);
642 extern void sftk_ReferenceObject(SFTKObject *object);
643 extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle,
644 SFTKSession *session);
645 extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object);
646 extern void sftk_AddObject(SFTKSession *session, SFTKObject *object);
647 /* clear out all the existing object ID to database key mappings.
648 * used to reinit a token */
649 extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot);
651 extern CK_RV sftk_searchObjectList(SFTKSearchResults *search,
652 SFTKObject **head, unsigned int size,
653 PZLock *lock, CK_ATTRIBUTE_PTR inTemplate,
654 int count, PRBool isLoggedIn);
655 extern SFTKObjectListElement *sftk_FreeObjectListElement(
656 SFTKObjectListElement *objectList);
657 extern void sftk_FreeObjectList(SFTKObjectListElement *objectList);
658 extern void sftk_FreeSearch(SFTKSearchResults *search);
659 extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session);
661 extern SFTKSlot *sftk_SlotFromID(CK_SLOT_ID slotID, PRBool all);
662 extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle);
663 extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle);
664 extern void sftk_FreeSession(SFTKSession *session);
665 extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify,
666 CK_VOID_PTR pApplication, CK_FLAGS flags);
667 extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session);
668 extern void sftk_update_all_states(SFTKSlot *slot);
669 extern void sftk_FreeContext(SFTKSessionContext *context);
670 extern void sftk_InitFreeLists(void);
671 extern void sftk_CleanupFreeLists(void);
673 extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object,
674 CK_KEY_TYPE key_type, CK_RV *crvp);
675 extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object,
676 CK_KEY_TYPE key_type, CK_RV *crvp);
677 extern void sftk_FormatDESKey(unsigned char *key, int length);
678 extern PRBool sftk_CheckDESKey(unsigned char *key);
679 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type);
681 /* mechanism allows this operation */
682 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op);
684 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely
685 * acquiring a reference to the keydb from the slot */
686 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey);
689 * narrow objects
691 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *);
692 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *);
695 * token object utilities
697 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle);
698 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey,
699 CK_OBJECT_HANDLE handle);
700 SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey,
701 CK_OBJECT_HANDLE handle);
702 SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so);
704 /****************************************
705 * implement TLS Pseudo Random Function (PRF)
708 extern CK_RV
709 sftk_TLSPRFInit(SFTKSessionContext *context,
710 SFTKObject * key,
711 CK_KEY_TYPE key_type);
713 SEC_END_PROTOS
715 #endif /* _PKCS11I_H_ */