diff options
Diffstat (limited to 'nss/lib/softoken/pkcs11i.h')
-rw-r--r-- | nss/lib/softoken/pkcs11i.h | 593 |
1 files changed, 305 insertions, 288 deletions
diff --git a/nss/lib/softoken/pkcs11i.h b/nss/lib/softoken/pkcs11i.h index 1023a00..c5f21c3 100644 --- a/nss/lib/softoken/pkcs11i.h +++ b/nss/lib/softoken/pkcs11i.h @@ -10,14 +10,15 @@ #include "nssilock.h" #include "seccomon.h" #include "secoidt.h" -#include "lowkeyti.h" +#include "lowkeyti.h" #include "pkcs11t.h" -#include "sftkdbt.h" +#include "sftkdbt.h" +#include "chacha20poly1305.h" #include "hasht.h" -/* - * Configuration Defines +/* + * Configuration Defines * * The following defines affect the space verse speed trade offs of * the PKCS #11 module. For the most part the current settings are optimized @@ -25,24 +26,24 @@ * the expense of space. */ -/* +/* * The attribute allocation strategy is static allocation: * Attributes are pre-allocated as part of the session object and used from * the object array. */ -#define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in - * the object (must me the absolute max) */ -#define ATTR_SPACE 50 /* Maximum size of attribute data before extra - * data needs to be allocated. This is set to - * enough space to hold an SSL MASTER secret */ - -#define NSC_STRICT PR_FALSE /* forces the code to do strict template - * matching when doing C_FindObject on token - * objects. This will slow down search in - * NSS. */ +#define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in \ + * the object (must me the absolute max) */ +#define ATTR_SPACE 50 /* Maximum size of attribute data before extra \ + * data needs to be allocated. This is set to \ + * enough space to hold an SSL MASTER secret */ + +#define NSC_STRICT PR_FALSE /* forces the code to do strict template \ + * matching when doing C_FindObject on token \ + * objects. This will slow down search in \ + * NSS. */ /* default search block allocations and increments */ -#define NSC_CERT_BLOCK_SIZE 50 -#define NSC_SEARCH_BLOCK_SIZE 5 +#define NSC_CERT_BLOCK_SIZE 50 +#define NSC_SEARCH_BLOCK_SIZE 5 #define NSC_SLOT_LIST_BLOCK_SIZE 10 #define NSC_FIPS_MODULE 1 @@ -51,21 +52,21 @@ /* these are data base storage hashes, not cryptographic hashes.. The define * the effective size of the various object hash tables */ /* clients care more about memory usage than lookup performance on - * cyrptographic objects. Clients also have less objects around to play with + * cyrptographic objects. Clients also have less objects around to play with * * we eventually should make this configurable at runtime! Especially now that * NSS is a shared library. */ -#define SPACE_ATTRIBUTE_HASH_SIZE 32 +#define SPACE_ATTRIBUTE_HASH_SIZE 32 #define SPACE_SESSION_OBJECT_HASH_SIZE 32 #define SPACE_SESSION_HASH_SIZE 32 #define TIME_ATTRIBUTE_HASH_SIZE 32 #define TIME_SESSION_OBJECT_HASH_SIZE 1024 #define TIME_SESSION_HASH_SIZE 1024 -#define MAX_OBJECT_LIST_SIZE 800 - /* how many objects to keep on the free list - * before we start freeing them */ -#define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */ +#define MAX_OBJECT_LIST_SIZE 800 +/* how many objects to keep on the free list + * before we start freeing them */ +#define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */ /* * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. @@ -104,16 +105,17 @@ typedef struct SFTKHashSignInfoStr SFTKHashSignInfo; typedef struct SFTKOAEPEncryptInfoStr SFTKOAEPEncryptInfo; typedef struct SFTKOAEPDecryptInfoStr SFTKOAEPDecryptInfo; typedef struct SFTKSSLMACInfoStr SFTKSSLMACInfo; +typedef struct SFTKChaCha20Poly1305InfoStr SFTKChaCha20Poly1305Info; typedef struct SFTKItemTemplateStr SFTKItemTemplate; /* define function pointer typdefs for pointer tables */ typedef void (*SFTKDestroy)(void *, PRBool); typedef void (*SFTKBegin)(void *); -typedef SECStatus (*SFTKCipher)(void *,void *,unsigned int *,unsigned int, - void *, unsigned int); -typedef SECStatus (*SFTKVerify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*SFTKHash)(void *,const void *,unsigned int); -typedef void (*SFTKEnd)(void *,void *,unsigned int *,unsigned int); +typedef SECStatus (*SFTKCipher)(void *, void *, unsigned int *, unsigned int, + void *, unsigned int); +typedef SECStatus (*SFTKVerify)(void *, void *, unsigned int, void *, unsigned int); +typedef void (*SFTKHash)(void *, const void *, unsigned int); +typedef void (*SFTKEnd)(void *, void *, unsigned int *, unsigned int); typedef void (*SFTKFree)(void *); /* Value to tell if an attribute is modifiable or not. @@ -123,10 +125,10 @@ typedef void (*SFTKFree)(void *); * ALWAYS: attribute can always be changed. */ typedef enum { - SFTK_NEVER = 0, - SFTK_ONCOPY = 1, - SFTK_SENSITIVE = 2, - SFTK_ALWAYS = 3 + SFTK_NEVER = 0, + SFTK_ONCOPY = 1, + SFTK_SENSITIVE = 2, + SFTK_ALWAYS = 3 } SFTKModifyType; /* @@ -134,39 +136,38 @@ typedef enum { * deleting an object. */ typedef enum { - SFTK_DestroyFailure, - SFTK_Destroyed, - SFTK_Busy + SFTK_DestroyFailure, + SFTK_Destroyed, + SFTK_Busy } SFTKFreeStatus; /* * attribute values of an object. */ struct SFTKAttributeStr { - SFTKAttribute *next; - SFTKAttribute *prev; - PRBool freeAttr; - PRBool freeData; + SFTKAttribute *next; + SFTKAttribute *prev; + PRBool freeAttr; + PRBool freeData; /*must be called handle to make sftkqueue_find work */ - CK_ATTRIBUTE_TYPE handle; - CK_ATTRIBUTE attrib; + CK_ATTRIBUTE_TYPE handle; + CK_ATTRIBUTE attrib; unsigned char space[ATTR_SPACE]; }; - /* * doubly link list of objects */ struct SFTKObjectListStr { SFTKObjectList *next; SFTKObjectList *prev; - SFTKObject *parent; + SFTKObject *parent; }; struct SFTKObjectFreeListStr { - SFTKObject *head; - PZLock *lock; - int count; + SFTKObject *head; + PZLock *lock; + int count; }; /* @@ -174,54 +175,53 @@ struct SFTKObjectFreeListStr { */ struct SFTKObjectStr { SFTKObject *next; - SFTKObject *prev; - CK_OBJECT_CLASS objclass; - CK_OBJECT_HANDLE handle; - int refCount; - PZLock *refLock; - SFTKSlot *slot; - void *objectInfo; - SFTKFree infoFree; + SFTKObject *prev; + CK_OBJECT_CLASS objclass; + CK_OBJECT_HANDLE handle; + int refCount; + PZLock *refLock; + SFTKSlot *slot; + void *objectInfo; + SFTKFree infoFree; }; struct SFTKTokenObjectStr { - SFTKObject obj; - SECItem dbKey; + SFTKObject obj; + SECItem dbKey; }; struct SFTKSessionObjectStr { - SFTKObject obj; + SFTKObject obj; SFTKObjectList sessionList; - PZLock *attributeLock; - SFTKSession *session; - PRBool wasDerived; + PZLock *attributeLock; + SFTKSession *session; + PRBool wasDerived; int nextAttr; - SFTKAttribute attrList[MAX_OBJS_ATTRS]; - PRBool optimizeSpace; - unsigned int hashSize; - SFTKAttribute *head[1]; + SFTKAttribute attrList[MAX_OBJS_ATTRS]; + PRBool optimizeSpace; + unsigned int hashSize; + SFTKAttribute *head[1]; }; /* * struct to deal with a temparary list of objects */ struct SFTKObjectListElementStr { - SFTKObjectListElement *next; - SFTKObject *object; + SFTKObjectListElement *next; + SFTKObject *object; }; /* * Area to hold Search results */ struct SFTKSearchResultsStr { - CK_OBJECT_HANDLE *handles; - int size; - int index; - int array_size; + CK_OBJECT_HANDLE *handles; + int size; + int index; + int array_size; }; - -/* +/* * the universal crypto/hash/sign/verify context structure */ typedef enum { @@ -249,50 +249,50 @@ typedef enum { * multi=0 hashInfo=X *** shouldn't happen *** */ struct SFTKSessionContextStr { - SFTKContextType type; - PRBool multi; /* is multipart */ - PRBool rsa; /* is rsa */ - PRBool doPad; /* use PKCS padding for block ciphers */ - unsigned int blockSize; /* blocksize for padding */ - unsigned int padDataLength; /* length of the valid data in padbuf */ + SFTKContextType type; + PRBool multi; /* is multipart */ + PRBool rsa; /* is rsa */ + PRBool doPad; /* use PKCS padding for block ciphers */ + unsigned int blockSize; /* blocksize for padding */ + unsigned int padDataLength; /* length of the valid data in padbuf */ /** latest incomplete block of data for block cipher */ - unsigned char padBuf[SFTK_MAX_BLOCK_SIZE]; + unsigned char padBuf[SFTK_MAX_BLOCK_SIZE]; /** result of MAC'ing of latest full block of data with block cipher */ - unsigned char macBuf[SFTK_MAX_BLOCK_SIZE]; - CK_ULONG macSize; /* size of a general block cipher mac*/ - void *cipherInfo; - void *hashInfo; - unsigned int cipherInfoLen; - CK_MECHANISM_TYPE currentMech; - SFTKCipher update; - SFTKHash hashUpdate; - SFTKEnd end; - SFTKDestroy destroy; - SFTKDestroy hashdestroy; - SFTKVerify verify; - unsigned int maxLen; - SFTKObject *key; + unsigned char macBuf[SFTK_MAX_BLOCK_SIZE]; + CK_ULONG macSize; /* size of a general block cipher mac*/ + void *cipherInfo; + void *hashInfo; + unsigned int cipherInfoLen; + CK_MECHANISM_TYPE currentMech; + SFTKCipher update; + SFTKHash hashUpdate; + SFTKEnd end; + SFTKDestroy destroy; + SFTKDestroy hashdestroy; + SFTKVerify verify; + unsigned int maxLen; + SFTKObject *key; }; /* * Sessions (have objects) */ struct SFTKSessionStr { - SFTKSession *next; - SFTKSession *prev; - CK_SESSION_HANDLE handle; - int refCount; - PZLock *objectLock; - int objectIDCount; - CK_SESSION_INFO info; - CK_NOTIFY notify; - CK_VOID_PTR appData; - SFTKSlot *slot; - SFTKSearchResults *search; - SFTKSessionContext *enc_context; - SFTKSessionContext *hash_context; - SFTKSessionContext *sign_context; - SFTKObjectList *objects[1]; + SFTKSession *next; + SFTKSession *prev; + CK_SESSION_HANDLE handle; + int refCount; + PZLock *objectLock; + int objectIDCount; + CK_SESSION_INFO info; + CK_NOTIFY notify; + CK_VOID_PTR appData; + SFTKSlot *slot; + SFTKSearchResults *search; + SFTKSessionContext *enc_context; + SFTKSessionContext *hash_context; + SFTKSessionContext *sign_context; + SFTKObjectList *objects[1]; }; /* @@ -312,66 +312,66 @@ struct SFTKSessionStr { * next to the fields: * invariant - This value is set when the slot is first created and * never changed until it is destroyed. - * per load - This value is set when the slot is first created, or + * per load - This value is set when the slot is first created, or * when the slot is used to open another directory. Between open and close * this field does not change. * variable - This value changes through the normal process of slot operation. - * - reset. The value of this variable is cleared during an open/close + * - reset. The value of this variable is cleared during an open/close * cycles. * - preserved. The value of this variable is preserved over open/close * cycles. */ struct SFTKSlotStr { - CK_SLOT_ID slotID; /* invariant */ - PZLock *slotLock; /* invariant */ - PZLock **sessionLock; /* invariant */ - unsigned int numSessionLocks; /* invariant */ - unsigned long sessionLockMask; /* invariant */ - PZLock *objectLock; /* invariant */ - PRLock *pwCheckLock; /* invariant */ - PRBool present; /* variable -set */ - PRBool hasTokens; /* per load */ - PRBool isLoggedIn; /* variable - reset */ - PRBool ssoLoggedIn; /* variable - reset */ - PRBool needLogin; /* per load */ - PRBool DB_loaded; /* per load */ - PRBool readOnly; /* per load */ - PRBool optimizeSpace; /* invariant */ - SFTKDBHandle *certDB; /* per load */ - SFTKDBHandle *keyDB; /* per load */ - int minimumPinLen; /* per load */ - PRInt32 sessionIDCount; /* atomically incremented */ - /* (preserved) */ - int sessionIDConflict; /* not protected by a lock */ - /* (preserved) */ - int sessionCount; /* variable - reset */ - PRInt32 rwSessionCount; /* set by atomic operations */ - /* (reset) */ - int sessionObjectHandleCount;/* variable - perserved */ - int index; /* invariant */ - PLHashTable *tokObjHashTable; /* invariant */ - SFTKObject **sessObjHashTable; /* variable - reset */ - unsigned int sessObjHashSize; /* invariant */ - SFTKSession **head; /* variable -reset */ - unsigned int sessHashSize; /* invariant */ - char tokDescription[33]; /* per load */ - char updateTokDescription[33]; /* per load */ - char slotDescription[65]; /* invariant */ + CK_SLOT_ID slotID; /* invariant */ + PZLock *slotLock; /* invariant */ + PZLock **sessionLock; /* invariant */ + unsigned int numSessionLocks; /* invariant */ + unsigned long sessionLockMask; /* invariant */ + PZLock *objectLock; /* invariant */ + PRLock *pwCheckLock; /* invariant */ + PRBool present; /* variable -set */ + PRBool hasTokens; /* per load */ + PRBool isLoggedIn; /* variable - reset */ + PRBool ssoLoggedIn; /* variable - reset */ + PRBool needLogin; /* per load */ + PRBool DB_loaded; /* per load */ + PRBool readOnly; /* per load */ + PRBool optimizeSpace; /* invariant */ + SFTKDBHandle *certDB; /* per load */ + SFTKDBHandle *keyDB; /* per load */ + int minimumPinLen; /* per load */ + PRInt32 sessionIDCount; /* atomically incremented */ + /* (preserved) */ + int sessionIDConflict; /* not protected by a lock */ + /* (preserved) */ + int sessionCount; /* variable - reset */ + PRInt32 rwSessionCount; /* set by atomic operations */ + /* (reset) */ + int sessionObjectHandleCount; /* variable - perserved */ + CK_ULONG index; /* invariant */ + PLHashTable *tokObjHashTable; /* invariant */ + SFTKObject **sessObjHashTable; /* variable - reset */ + unsigned int sessObjHashSize; /* invariant */ + SFTKSession **head; /* variable -reset */ + unsigned int sessHashSize; /* invariant */ + char tokDescription[33]; /* per load */ + char updateTokDescription[33]; /* per load */ + char slotDescription[65]; /* invariant */ }; /* * special joint operations Contexts */ struct SFTKHashVerifyInfoStr { - SECOidTag hashOid; - void *params; - NSSLOWKEYPublicKey *key; + SECOidTag hashOid; + void *params; + NSSLOWKEYPublicKey *key; }; struct SFTKHashSignInfoStr { - SECOidTag hashOid; - void *params; - NSSLOWKEYPrivateKey *key; + SECOidTag hashOid; + void *params; + NSSLOWKEYPrivateKey *key; }; /** @@ -389,57 +389,67 @@ struct SFTKOAEPDecryptInfoStr { /* context for the Final SSLMAC message */ struct SFTKSSLMACInfoStr { - void *hashContext; - SFTKBegin begin; - SFTKHash update; - SFTKEnd end; - CK_ULONG macSize; - int padSize; - unsigned char key[MAX_KEY_LEN]; - unsigned int keySize; + void *hashContext; + SFTKBegin begin; + SFTKHash update; + SFTKEnd end; + CK_ULONG macSize; + int padSize; + unsigned char key[MAX_KEY_LEN]; + unsigned int keySize; +}; + +/* SFTKChaCha20Poly1305Info saves the key, tag length, nonce, + * and additional data for a ChaCha20+Poly1305 AEAD operation. */ +struct SFTKChaCha20Poly1305InfoStr { + ChaCha20Poly1305Context freeblCtx; + unsigned char nonce[12]; + unsigned char ad[16]; + unsigned char *adOverflow; + unsigned int adLen; }; /* * Template based on SECItems, suitable for passing as arrays */ struct SFTKItemTemplateStr { - CK_ATTRIBUTE_TYPE type; - SECItem *item; + CK_ATTRIBUTE_TYPE type; + SECItem *item; }; /* macro for setting SFTKTemplates. */ #define SFTK_SET_ITEM_TEMPLATE(templ, count, itemPtr, attr) \ - templ[count].type = attr; \ - templ[count].item = itemPtr + templ[count].type = attr; \ + templ[count].item = itemPtr #define SFTK_MAX_ITEM_TEMPLATE 10 /* * session handle modifiers */ -#define SFTK_SESSION_SLOT_MASK 0xff000000L +#define SFTK_SESSION_SLOT_MASK 0xff000000L /* * object handle modifiers */ -#define SFTK_TOKEN_MASK 0x80000000L -#define SFTK_TOKEN_MAGIC 0x80000000L -#define SFTK_TOKEN_TYPE_MASK 0x70000000L +#define SFTK_TOKEN_MASK 0x80000000L +#define SFTK_TOKEN_MAGIC 0x80000000L +#define SFTK_TOKEN_TYPE_MASK 0x70000000L /* keydb (high bit == 0) */ -#define SFTK_TOKEN_TYPE_PRIV 0x10000000L -#define SFTK_TOKEN_TYPE_PUB 0x20000000L -#define SFTK_TOKEN_TYPE_KEY 0x30000000L +#define SFTK_TOKEN_TYPE_PRIV 0x10000000L +#define SFTK_TOKEN_TYPE_PUB 0x20000000L +#define SFTK_TOKEN_TYPE_KEY 0x30000000L /* certdb (high bit == 1) */ -#define SFTK_TOKEN_TYPE_TRUST 0x40000000L -#define SFTK_TOKEN_TYPE_CRL 0x50000000L -#define SFTK_TOKEN_TYPE_SMIME 0x60000000L -#define SFTK_TOKEN_TYPE_CERT 0x70000000L +#define SFTK_TOKEN_TYPE_TRUST 0x40000000L +#define SFTK_TOKEN_TYPE_CRL 0x50000000L +#define SFTK_TOKEN_TYPE_SMIME 0x60000000L +#define SFTK_TOKEN_TYPE_CERT 0x70000000L -#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC|SFTK_TOKEN_TYPE_CRL|1) +#define SFTK_TOKEN_KRL_HANDLE (SFTK_TOKEN_MAGIC | SFTK_TOKEN_TYPE_CRL | 1) /* how big (in bytes) a password/pin we can deal with */ -#define SFTK_MAX_PIN 255 +#define SFTK_MAX_PIN 255 /* minimum password/pin length (in Unicode characters) in FIPS mode */ -#define FIPS_MIN_PIN 7 +#define FIPS_MIN_PIN 7 /* slot ID's */ #define NETSCAPE_SLOT_ID 1 @@ -448,77 +458,89 @@ struct SFTKItemTemplateStr { /* slot helper macros */ #define sftk_SlotFromSession(sp) ((sp)->slot) -#define sftk_isToken(id) (((id) & SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC) +#define sftk_isToken(id) (((id)&SFTK_TOKEN_MASK) == SFTK_TOKEN_MAGIC) /* the session hash multiplier (see bug 201081) */ #define SHMULTIPLIER 1791398085 /* queueing helper macros */ -#define sftk_hash(value,size) \ - ((PRUint32)((value) * SHMULTIPLIER) & (size-1)) -#define sftkqueue_add(element,id,head,hash_size) \ - { int tmp = sftk_hash(id,hash_size); \ - (element)->next = (head)[tmp]; \ - (element)->prev = NULL; \ - if ((head)[tmp]) (head)[tmp]->prev = (element); \ - (head)[tmp] = (element); } -#define sftkqueue_find(element,id,head,hash_size) \ - for( (element) = (head)[sftk_hash(id,hash_size)]; (element) != NULL; \ - (element) = (element)->next) { \ - if ((element)->handle == (id)) { break; } } -#define sftkqueue_is_queued(element,id,head,hash_size) \ - ( ((element)->next) || ((element)->prev) || \ - ((head)[sftk_hash(id,hash_size)] == (element)) ) -#define sftkqueue_delete(element,id,head,hash_size) \ - if ((element)->next) (element)->next->prev = (element)->prev; \ - if ((element)->prev) (element)->prev->next = (element)->next; \ - else (head)[sftk_hash(id,hash_size)] = ((element)->next); \ - (element)->next = NULL; \ - (element)->prev = NULL; \ +#define sftk_hash(value, size) \ + ((PRUint32)((value)*SHMULTIPLIER) & (size - 1)) +#define sftkqueue_add(element, id, head, hash_size) \ + { \ + int tmp = sftk_hash(id, hash_size); \ + (element)->next = (head)[tmp]; \ + (element)->prev = NULL; \ + if ((head)[tmp]) \ + (head)[tmp]->prev = (element); \ + (head)[tmp] = (element); \ + } +#define sftkqueue_find(element, id, head, hash_size) \ + for ((element) = (head)[sftk_hash(id, hash_size)]; (element) != NULL; \ + (element) = (element)->next) { \ + if ((element)->handle == (id)) { \ + break; \ + } \ + } +#define sftkqueue_is_queued(element, id, head, hash_size) \ + (((element)->next) || ((element)->prev) || \ + ((head)[sftk_hash(id, hash_size)] == (element))) +#define sftkqueue_delete(element, id, head, hash_size) \ + if ((element)->next) \ + (element)->next->prev = (element)->prev; \ + if ((element)->prev) \ + (element)->prev->next = (element)->next; \ + else \ + (head)[sftk_hash(id, hash_size)] = ((element)->next); \ + (element)->next = NULL; \ + (element)->prev = NULL; #define sftkqueue_init_element(element) \ (element)->prev = NULL; #define sftkqueue_add2(element, id, index, head) \ { \ - (element)->next = (head)[index]; \ - if ((head)[index]) \ - (head)[index]->prev = (element); \ - (head)[index] = (element); \ + (element)->next = (head)[index]; \ + if ((head)[index]) \ + (head)[index]->prev = (element); \ + (head)[index] = (element); \ } #define sftkqueue_find2(element, id, index, head) \ - for ( (element) = (head)[index]; \ - (element) != NULL; \ - (element) = (element)->next) { \ - if ((element)->handle == (id)) { break; } \ + for ((element) = (head)[index]; \ + (element) != NULL; \ + (element) = (element)->next) { \ + if ((element)->handle == (id)) { \ + break; \ + } \ } #define sftkqueue_delete2(element, id, index, head) \ - if ((element)->next) (element)->next->prev = (element)->prev; \ - if ((element)->prev) (element)->prev->next = (element)->next; \ - else (head)[index] = ((element)->next); + if ((element)->next) \ + (element)->next->prev = (element)->prev; \ + if ((element)->prev) \ + (element)->prev->next = (element)->next; \ + else \ + (head)[index] = ((element)->next); #define sftkqueue_clear_deleted_element(element) \ - (element)->next = NULL; \ - (element)->prev = NULL; \ - + (element)->next = NULL; \ + (element)->prev = NULL; /* sessionID (handle) is used to determine session lock bucket */ #ifdef NOSPREAD -/* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */ -#define SFTK_SESSION_LOCK(slot,handle) \ - ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \ - & (slot)->sessionLockMask]) +/* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */ +#define SFTK_SESSION_LOCK(slot, handle) \ + ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) & (slot)->sessionLockMask]) #else -/* SPREAD: ID & (perbucket-1) */ -#define SFTK_SESSION_LOCK(slot,handle) \ +/* SPREAD: ID & (perbucket-1) */ +#define SFTK_SESSION_LOCK(slot, handle) \ ((slot)->sessionLock[(handle) & (slot)->sessionLockMask]) #endif /* expand an attribute & secitem structures out */ -#define sftk_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen -#define sftk_item_expand(ip) (ip)->data,(ip)->len +#define sftk_attr_expand(ap) (ap)->type, (ap)->pValue, (ap)->ulValueLen +#define sftk_item_expand(ip) (ip)->data, (ip)->len typedef struct sftk_token_parametersStr { CK_SLOT_ID slotID; @@ -532,7 +554,7 @@ typedef struct sftk_token_parametersStr { char *tokdes; char *slotdes; char *updtokdes; - int minPW; + int minPW; PRBool readOnly; PRBool noCertDB; PRBool noKeyDB; @@ -547,7 +569,7 @@ typedef struct sftk_parametersStr { char *updateID; char *secmodName; char *man; - char *libdes; + char *libdes; PRBool readOnly; PRBool noModDB; PRBool noCertDB; @@ -558,7 +580,6 @@ typedef struct sftk_parametersStr { int token_count; } sftk_parameters; - /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */ #define CERT_DB_FMT "%scert%s.db" #define KEY_DB_FMT "%skey%s.db" @@ -569,55 +590,56 @@ SEC_BEGIN_PROTOS extern PRBool nsf_init; extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS); -extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv); -extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, - CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex); +extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV *crv); +extern CK_RV nsc_CommonGetSlotList(CK_BBOOL tokPresent, + CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount, int moduleIndex); /* slot initialization, reinit, shutdown and destruction */ extern CK_RV SFTK_SlotInit(char *configdir, char *updatedir, char *updateID, - sftk_token_parameters *params, int moduleIndex); + sftk_token_parameters *params, int moduleIndex); extern CK_RV SFTK_SlotReInit(SFTKSlot *slot, char *configdir, - char *updatedir, char *updateID, - sftk_token_parameters *params, int moduleIndex); + char *updatedir, char *updateID, + sftk_token_parameters *params, int moduleIndex); extern CK_RV SFTK_DestroySlotData(SFTKSlot *slot); extern CK_RV SFTK_ShutdownSlot(SFTKSlot *slot); extern CK_RV sftk_CloseAllSessions(SFTKSlot *slot, PRBool logout); - /* internal utility functions used by pkcs11.c */ extern SFTKAttribute *sftk_FindAttribute(SFTKObject *object, - CK_ATTRIBUTE_TYPE type); + CK_ATTRIBUTE_TYPE type); extern void sftk_FreeAttribute(SFTKAttribute *attribute); extern CK_RV sftk_AddAttributeType(SFTKObject *object, CK_ATTRIBUTE_TYPE type, - const void *valPtr, CK_ULONG length); + const void *valPtr, CK_ULONG length); extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - SFTKObject *object, CK_ATTRIBUTE_TYPE type); -extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena, - SFTKObject *object, SFTKItemTemplate *templ, int count); + SFTKObject *object, CK_ATTRIBUTE_TYPE type); +extern CK_RV sftk_MultipleAttribute2SecItem(PLArenaPool *arena, + SFTKObject *object, + SFTKItemTemplate *templ, int count); extern unsigned int sftk_GetLengthInBits(unsigned char *buf, - unsigned int bufLen); -extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, - CK_ATTRIBUTE_TYPE type, int minLength, int maxLength, int minMultiple); + unsigned int bufLen); +extern CK_RV sftk_ConstrainAttribute(SFTKObject *object, + CK_ATTRIBUTE_TYPE type, int minLength, + int maxLength, int minMultiple); extern PRBool sftk_hasAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); extern PRBool sftk_isTrue(SFTKObject *object, CK_ATTRIBUTE_TYPE type); extern void sftk_DeleteAttributeType(SFTKObject *object, - CK_ATTRIBUTE_TYPE type); + CK_ATTRIBUTE_TYPE type); extern CK_RV sftk_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - SFTKObject *object, CK_ATTRIBUTE_TYPE type); + SFTKObject *object, CK_ATTRIBUTE_TYPE type); extern CK_RV sftk_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, - SFTKObject *object, - CK_ATTRIBUTE_TYPE type); + SFTKObject *object, + CK_ATTRIBUTE_TYPE type); extern SFTKModifyType sftk_modifyType(CK_ATTRIBUTE_TYPE type, - CK_OBJECT_CLASS inClass); + CK_OBJECT_CLASS inClass); extern PRBool sftk_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); extern char *sftk_getString(SFTKObject *object, CK_ATTRIBUTE_TYPE type); -extern void sftk_nullAttribute(SFTKObject *object,CK_ATTRIBUTE_TYPE type); +extern void sftk_nullAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type); extern CK_RV sftk_GetULongAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, - CK_ULONG *longData); + CK_ULONG *longData); extern CK_RV sftk_forceAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, - const void *value, unsigned int len); + const void *value, unsigned int len); extern CK_RV sftk_defaultAttribute(SFTKObject *object, CK_ATTRIBUTE_TYPE type, - const void *value, unsigned int len); + const void *value, unsigned int len); extern unsigned int sftk_MapTrust(CK_TRUST trust, PRBool clientAuth); extern SFTKObject *sftk_NewObject(SFTKSlot *slot); @@ -626,7 +648,7 @@ extern SFTKFreeStatus sftk_FreeObject(SFTKObject *object); extern CK_RV sftk_DeleteObject(SFTKSession *session, SFTKObject *object); extern void sftk_ReferenceObject(SFTKObject *object); extern SFTKObject *sftk_ObjectFromHandle(CK_OBJECT_HANDLE handle, - SFTKSession *session); + SFTKSession *session); extern void sftk_AddSlotObject(SFTKSlot *slot, SFTKObject *object); extern void sftk_AddObject(SFTKSession *session, SFTKObject *object); /* clear out all the existing object ID to database key mappings. @@ -634,11 +656,11 @@ extern void sftk_AddObject(SFTKSession *session, SFTKObject *object); extern CK_RV SFTK_ClearTokenKeyHashTable(SFTKSlot *slot); extern CK_RV sftk_searchObjectList(SFTKSearchResults *search, - SFTKObject **head, unsigned int size, - PZLock *lock, CK_ATTRIBUTE_PTR inTemplate, - int count, PRBool isLoggedIn); + SFTKObject **head, unsigned int size, + PZLock *lock, CK_ATTRIBUTE_PTR inTemplate, + int count, PRBool isLoggedIn); extern SFTKObjectListElement *sftk_FreeObjectListElement( - SFTKObjectListElement *objectList); + SFTKObjectListElement *objectList); extern void sftk_FreeObjectList(SFTKObjectListElement *objectList); extern void sftk_FreeSearch(SFTKSearchResults *search); extern CK_RV sftk_handleObject(SFTKObject *object, SFTKSession *session); @@ -648,20 +670,20 @@ extern SFTKSlot *sftk_SlotFromSessionHandle(CK_SESSION_HANDLE handle); extern SFTKSession *sftk_SessionFromHandle(CK_SESSION_HANDLE handle); extern void sftk_FreeSession(SFTKSession *session); extern SFTKSession *sftk_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, - CK_VOID_PTR pApplication, CK_FLAGS flags); -extern void sftk_update_state(SFTKSlot *slot,SFTKSession *session); + CK_VOID_PTR pApplication, CK_FLAGS flags); +extern void sftk_update_state(SFTKSlot *slot, SFTKSession *session); extern void sftk_update_all_states(SFTKSlot *slot); extern void sftk_FreeContext(SFTKSessionContext *context); extern void sftk_InitFreeLists(void); extern void sftk_CleanupFreeLists(void); extern NSSLOWKEYPublicKey *sftk_GetPubKey(SFTKObject *object, - CK_KEY_TYPE key_type, CK_RV *crvp); + CK_KEY_TYPE key_type, CK_RV *crvp); extern NSSLOWKEYPrivateKey *sftk_GetPrivKey(SFTKObject *object, - CK_KEY_TYPE key_type, CK_RV *crvp); + CK_KEY_TYPE key_type, CK_RV *crvp); extern void sftk_FormatDESKey(unsigned char *key, int length); extern PRBool sftk_CheckDESKey(unsigned char *key); -extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); +extern PRBool sftk_IsWeakKey(unsigned char *key, CK_KEY_TYPE key_type); /* mechanism allows this operation */ extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE op); @@ -676,37 +698,32 @@ NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS); void sftk_freeParams(sftk_parameters *params); - /* * narrow objects */ -SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *); -SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *); +SFTKSessionObject *sftk_narrowToSessionObject(SFTKObject *); +SFTKTokenObject *sftk_narrowToTokenObject(SFTKObject *); /* * token object utilities */ void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle); -PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, - CK_OBJECT_HANDLE handle); -SFTKObject * sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, - CK_OBJECT_HANDLE handle); +PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, + CK_OBJECT_HANDLE handle); +SFTKObject *sftk_NewTokenObject(SFTKSlot *slot, SECItem *dbKey, + CK_OBJECT_HANDLE handle); SFTKTokenObject *sftk_convertSessionToToken(SFTKObject *so); - /* J-PAKE (jpakesftk.c) */ -extern -CK_RV jpake_Round1(HASH_HashType hashType, - CK_NSS_JPAKERound1Params * params, - SFTKObject * key); -extern -CK_RV jpake_Round2(HASH_HashType hashType, - CK_NSS_JPAKERound2Params * params, - SFTKObject * sourceKey, SFTKObject * key); -extern -CK_RV jpake_Final(HASH_HashType hashType, - const CK_NSS_JPAKEFinalParams * params, - SFTKObject * sourceKey, SFTKObject * key); +extern CK_RV jpake_Round1(HASH_HashType hashType, + CK_NSS_JPAKERound1Params *params, + SFTKObject *key); +extern CK_RV jpake_Round2(HASH_HashType hashType, + CK_NSS_JPAKERound2Params *params, + SFTKObject *sourceKey, SFTKObject *key); +extern CK_RV jpake_Final(HASH_HashType hashType, + const CK_NSS_JPAKEFinalParams *params, + SFTKObject *sourceKey, SFTKObject *key); /* Constant time MAC functions (hmacct.c) */ @@ -720,14 +737,14 @@ struct sftk_MACConstantTimeCtxStr { unsigned char header[75]; }; typedef struct sftk_MACConstantTimeCtxStr sftk_MACConstantTimeCtx; -sftk_MACConstantTimeCtx* sftk_HMACConstantTime_New( - CK_MECHANISM_PTR mech, SFTKObject *key); -sftk_MACConstantTimeCtx* sftk_SSLv3MACConstantTime_New( - CK_MECHANISM_PTR mech, SFTKObject *key); +sftk_MACConstantTimeCtx *sftk_HMACConstantTime_New( + CK_MECHANISM_PTR mech, SFTKObject *key); +sftk_MACConstantTimeCtx *sftk_SSLv3MACConstantTime_New( + CK_MECHANISM_PTR mech, SFTKObject *key); void sftk_HMACConstantTime_Update(void *pctx, const void *data, unsigned int len); void sftk_SSLv3MACConstantTime_Update(void *pctx, const void *data, unsigned int len); void sftk_MACConstantTime_EndHash( - void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); + void *pctx, void *out, unsigned int *outLength, unsigned int maxLength); void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); /**************************************** @@ -735,11 +752,11 @@ void sftk_MACConstantTime_DestroyContext(void *pctx, PRBool); */ extern CK_RV -sftk_TLSPRFInit(SFTKSessionContext *context, - SFTKObject * key, - CK_KEY_TYPE key_type, - HASH_HashType hash_alg, - unsigned int out_len); +sftk_TLSPRFInit(SFTKSessionContext *context, + SFTKObject *key, + CK_KEY_TYPE key_type, + HASH_HashType hash_alg, + unsigned int out_len); SEC_END_PROTOS |