diff options
Diffstat (limited to 'security/nss/lib/softoken/pkcs11i.h')
-rw-r--r-- | security/nss/lib/softoken/pkcs11i.h | 646 |
1 files changed, 0 insertions, 646 deletions
diff --git a/security/nss/lib/softoken/pkcs11i.h b/security/nss/lib/softoken/pkcs11i.h deleted file mode 100644 index 391f2f152..000000000 --- a/security/nss/lib/softoken/pkcs11i.h +++ /dev/null @@ -1,646 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ -/* - * Internal data structures and functions used by pkcs11.c - */ -#ifndef _PKCS11I_H_ -#define _PKCS11I_H_ 1 - -#include "nssilock.h" -#include "seccomon.h" -#include "secoidt.h" -#include "lowkeyti.h" -#include "pkcs11t.h" -#include "pcertt.h" - - -/* - * Configuration Defines - * - * The following defines affect the space verse speed trade offs of - * the PKCS #11 module. For the most part the current settings are optimized - * for web servers, where we want faster speed and lower lock contention at - * the expense of space. - */ - -#define PKCS11_USE_THREADS /* set to true of you are need threads */ -/* - * Attribute Allocation strategy: - * - * 1) static allocation (PKCS11_STATIC_ATTRIBUTES set - * PKCS11_REF_COUNT_ATTRIBUTES not set) - * Attributes are pre-allocated as part of the session object and used from - * the object array. - * - * 2) heap allocation with ref counting (PKCS11_STATIC_ATTRIBUTES not set - * PKCS11_REF_COUNT_ATTRIBUTES set) - * Attributes are allocated from the heap when needed and freed when their - * reference count goes to zero. - * - * 3) arena allocation (PKCS11_STATIC_ATTRIBUTES not set - * PKCS11_REF_COUNT_ATTRIBUTE not set) - * Attributes are allocated from the arena when needed and freed only when - * the object goes away. - */ -#define PKCS11_STATIC_ATTRIBUTES -/*#define PKCS11_REF_COUNT_ATTRIBUTES */ -/* the next two are only active if PKCS11_STATIC_ATTRIBUTES is set */ -#define MAX_OBJS_ATTRS 45 /* number of attributes to preallocate in - * the object (must me the absolute max) */ -#define ATTR_SPACE 50 /* Maximum size of attribute data before extra - * data needs to be allocated. This is set to - * enough space to hold an SSL MASTER secret */ - -#define NSC_STRICT PR_FALSE /* forces the code to do strict template - * matching when doing C_FindObject on token - * objects. This will slow down search in - * NSS. */ -/* default search block allocations and increments */ -#define NSC_CERT_BLOCK_SIZE 50 -#define NSC_SEARCH_BLOCK_SIZE 5 -#define NSC_SLOT_LIST_BLOCK_SIZE 10 - -/* these are data base storage hashes, not cryptographic hashes.. The define - * the effective size of the various object hash tables */ -#ifdef MOZ_CLIENT -/* clients care more about memory usage than lookup performance on - * cyrptographic objects. Clients also have less objects around to play with - * - * we eventually should make this configurable at runtime! Especially now that - * NSS is a shared library. - */ -#define ATTRIBUTE_HASH_SIZE 32 -#define SESSION_OBJECT_HASH_SIZE 16 -#define TOKEN_OBJECT_HASH_SIZE 32 -#define SESSION_HASH_SIZE 32 -#else -#define ATTRIBUTE_HASH_SIZE 32 -#define SESSION_OBJECT_HASH_SIZE 32 -#define TOKEN_OBJECT_HASH_SIZE 1024 -#define SESSION_HASH_SIZE 1024 -#define MAX_OBJECT_LIST_SIZE 800 /* how many objects to keep on the free list - * before we start freeing them */ -#endif -#define MAX_KEY_LEN 256 - -/* - * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. - * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0. - * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0. - * - * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS - * 1024 9 512 2 - * 1024 5 32 32 - * 1024 1 2 512 - * 1024 0 1 1024 - * 4096 11 2048 2 - * 4096 9 512 8 - * 4096 5 32 128 - * 4096 1 2 2048 - * 4096 0 1 4096 - */ -#define LOG2_BUCKETS_PER_SESSION_LOCK 1 -#define BUCKETS_PER_SESSION_LOCK (1 << (LOG2_BUCKETS_PER_SESSION_LOCK)) -#define NUMBER_OF_SESSION_LOCKS (SESSION_HASH_SIZE/BUCKETS_PER_SESSION_LOCK) -/* NOSPREAD sessionID to hash table index macro has been slower. */ -#if 0 -#define NOSPREAD -#endif - -#ifdef PKCS11_USE_THREADS -#define PK11_USE_THREADS(x) x -#else -#define PK11_USE_THREADS(x) -#endif - -/* define typedefs, double as forward declarations as well */ -typedef struct PK11AttributeStr PK11Attribute; -typedef struct PK11ObjectListStr PK11ObjectList; -typedef struct PK11ObjectListElementStr PK11ObjectListElement; -typedef struct PK11ObjectStr PK11Object; -typedef struct PK11SessionObjectStr PK11SessionObject; -typedef struct PK11TokenObjectStr PK11TokenObject; -typedef struct PK11SessionStr PK11Session; -typedef struct PK11SlotStr PK11Slot; -typedef struct PK11SessionContextStr PK11SessionContext; -typedef struct PK11SearchResultsStr PK11SearchResults; -typedef struct PK11HashVerifyInfoStr PK11HashVerifyInfo; -typedef struct PK11HashSignInfoStr PK11HashSignInfo; -typedef struct PK11SSLMACInfoStr PK11SSLMACInfo; - -/* define function pointer typdefs for pointer tables */ -typedef void (*PK11Destroy)(void *, PRBool); -typedef void (*PK11Begin)(void *); -typedef SECStatus (*PK11Cipher)(void *,void *,unsigned int *,unsigned int, - void *, unsigned int); -typedef SECStatus (*PK11Verify)(void *,void *,unsigned int,void *,unsigned int); -typedef void (*PK11Hash)(void *,void *,unsigned int); -typedef void (*PK11End)(void *,void *,unsigned int *,unsigned int); -typedef void (*PK11Free)(void *); - -/* Value to tell if an attribute is modifiable or not. - * NEVER: attribute is only set on creation. - * ONCOPY: attribute is set on creation and can only be changed on copy. - * SENSITIVE: attribute can only be changed to TRUE. - * ALWAYS: attribute can always be changed. - */ -typedef enum { - PK11_NEVER = 0, - PK11_ONCOPY = 1, - PK11_SENSITIVE = 2, - PK11_ALWAYS = 3 -} PK11ModifyType; - -/* - * Free Status Enum... tell us more information when we think we're - * deleting an object. - */ -typedef enum { - PK11_DestroyFailure, - PK11_Destroyed, - PK11_Busy -} PK11FreeStatus; - -/* - * attribute values of an object. - */ -struct PK11AttributeStr { - PK11Attribute *next; - PK11Attribute *prev; - PRBool freeAttr; - PRBool freeData; -#ifdef PKCS11_REF_COUNT_ATTRIBUTES - int refCount; - PZLock *refLock; -#endif - /*must be called handle to make pk11queue_find work */ - CK_ATTRIBUTE_TYPE handle; - CK_ATTRIBUTE attrib; -#ifdef PKCS11_STATIC_ATTRIBUTES - unsigned char space[ATTR_SPACE]; -#endif -}; - - -/* - * doubly link list of objects - */ -struct PK11ObjectListStr { - PK11ObjectList *next; - PK11ObjectList *prev; - PK11Object *parent; -}; - -/* - * PKCS 11 crypto object structure - */ -struct PK11ObjectStr { - PK11Object *next; - PK11Object *prev; - CK_OBJECT_CLASS objclass; - CK_OBJECT_HANDLE handle; - int refCount; - PZLock *refLock; - PK11Slot *slot; - void *objectInfo; - PK11Free infoFree; -#ifndef PKCS11_STATIC_ATTRIBUTES - PLArenaPool *arena; -#endif -}; - -struct PK11TokenObjectStr { - PK11Object obj; - SECItem dbKey; -}; - -struct PK11SessionObjectStr { - PK11Object obj; - PK11ObjectList sessionList; - PZLock *attributeLock; - PK11Session *session; - PRBool wasDerived; - PK11Attribute *head[ATTRIBUTE_HASH_SIZE]; -#ifdef PKCS11_STATIC_ATTRIBUTES - int nextAttr; - PK11Attribute attrList[MAX_OBJS_ATTRS]; -#endif -}; - -/* - * struct to deal with a temparary list of objects - */ -struct PK11ObjectListElementStr { - PK11ObjectListElement *next; - PK11Object *object; -}; - -/* - * Area to hold Search results - */ -struct PK11SearchResultsStr { - CK_OBJECT_HANDLE *handles; - int size; - int index; - int array_size; -}; - - -/* - * the universal crypto/hash/sign/verify context structure - */ -typedef enum { - PK11_ENCRYPT, - PK11_DECRYPT, - PK11_HASH, - PK11_SIGN, - PK11_SIGN_RECOVER, - PK11_VERIFY, - PK11_VERIFY_RECOVER -} PK11ContextType; - - -#define PK11_MAX_BLOCK_SIZE 16 -/* currently SHA1 is the biggest hash length */ -#define PK11_MAX_MAC_LENGTH 20 -#define PK11_INVALID_MAC_SIZE 0xffffffff - -struct PK11SessionContextStr { - PK11ContextType type; - PRBool multi; /* is multipart */ - PRBool doPad; /* use PKCS padding for block ciphers */ - unsigned int blockSize; /* blocksize for padding */ - unsigned int padDataLength; /* length of the valid data in padbuf */ - unsigned char padBuf[PK11_MAX_BLOCK_SIZE]; - unsigned char macBuf[PK11_MAX_BLOCK_SIZE]; - CK_ULONG macSize; /* size of a general block cipher mac*/ - void *cipherInfo; - void *hashInfo; - unsigned int cipherInfoLen; - CK_MECHANISM_TYPE currentMech; - PK11Cipher update; - PK11Hash hashUpdate; - PK11End end; - PK11Destroy destroy; - PK11Destroy hashdestroy; - PK11Verify verify; - unsigned int maxLen; - PK11Object *key; -}; - -/* - * Sessions (have objects) - */ -struct PK11SessionStr { - PK11Session *next; - PK11Session *prev; - CK_SESSION_HANDLE handle; - int refCount; - PZLock *objectLock; - int objectIDCount; - CK_SESSION_INFO info; - CK_NOTIFY notify; - CK_VOID_PTR appData; - PK11Slot *slot; - PK11SearchResults *search; - PK11SessionContext *enc_context; - PK11SessionContext *hash_context; - PK11SessionContext *sign_context; - PK11ObjectList *objects[1]; -}; - -/* - * slots (have sessions and objects) - * - * The array of sessionLock's protect the session hash table (head[]) - * as well as the reference count of session objects in that bucket - * (head[]->refCount), objectLock protects all elements of the token - * object hash table (tokObjects[], tokenIDCount, and tokenHashTable), - * and slotLock protects the remaining protected elements: - * password, isLoggedIn, ssoLoggedIn, sessionCount, and rwSessionCount. - */ -struct PK11SlotStr { - CK_SLOT_ID slotID; - PZLock *slotLock; - PZLock *sessionLock[NUMBER_OF_SESSION_LOCKS]; - PZLock *objectLock; - SECItem *password; - PRBool hasTokens; - PRBool isLoggedIn; - PRBool ssoLoggedIn; - PRBool needLogin; - PRBool DB_loaded; - PRBool readOnly; - NSSLOWCERTCertDBHandle *certDB; - NSSLOWKEYDBHandle *keyDB; - int minimumPinLen; - PRInt32 sessionIDCount; /* atomically incremented */ - int sessionIDConflict; /* not protected by a lock */ - int sessionCount; - int rwSessionCount; - int tokenIDCount; - int index; - PLHashTable *tokenHashTable; - PK11Object *tokObjects[TOKEN_OBJECT_HASH_SIZE]; - PK11Session *head[SESSION_HASH_SIZE]; - char tokDescription[33]; - char slotDescription[64]; -}; - -/* - * special joint operations Contexts - */ -struct PK11HashVerifyInfoStr { - SECOidTag hashOid; - NSSLOWKEYPublicKey *key; -}; - -struct PK11HashSignInfoStr { - SECOidTag hashOid; - NSSLOWKEYPrivateKey *key; -}; - -/* context for the Final SSLMAC message */ -struct PK11SSLMACInfoStr { - void *hashContext; - PK11Begin begin; - PK11Hash update; - PK11End end; - CK_ULONG macSize; - int padSize; - unsigned char key[MAX_KEY_LEN]; - unsigned int keySize; -}; - -/* - * session handle modifiers - */ -#define PK11_SESSION_SLOT_MASK 0xff000000L - -/* - * object handle modifiers - */ -#define PK11_TOKEN_MASK 0x80000000L -#define PK11_TOKEN_MAGIC 0x80000000L -#define PK11_TOKEN_TYPE_MASK 0x70000000L -/* keydb (high bit == 0) */ -#define PK11_TOKEN_TYPE_PRIV 0x10000000L -#define PK11_TOKEN_TYPE_PUB 0x20000000L -#define PK11_TOKEN_TYPE_KEY 0x30000000L -/* certdb (high bit == 1) */ -#define PK11_TOKEN_TYPE_TRUST 0x40000000L -#define PK11_TOKEN_TYPE_CRL 0x50000000L -#define PK11_TOKEN_TYPE_SMIME 0x60000000L -#define PK11_TOKEN_TYPE_CERT 0x70000000L - -#define PK11_TOKEN_KRL_HANDLE (PK11_TOKEN_MAGIC|PK11_TOKEN_TYPE_CRL|1) -/* how big a password/pin we can deal with */ -#define PK11_MAX_PIN 255 - -/* slot ID's */ -#define NETSCAPE_SLOT_ID 1 -#define PRIVATE_KEY_SLOT_ID 2 -#define FIPS_SLOT_ID 3 - -/* slot helper macros */ -#define pk11_SlotFromSession(sp) ((sp)->slot) -#define pk11_isToken(id) (((id) & PK11_TOKEN_MASK) == PK11_TOKEN_MAGIC) - -/* queueing helper macros */ -#define pk11_hash(value,size) ((value) & (size-1))/*size must be a power of 2*/ -#define pk11queue_add(element,id,head,hash_size) \ - { int tmp = pk11_hash(id,hash_size); \ - (element)->next = (head)[tmp]; \ - (element)->prev = NULL; \ - if ((head)[tmp]) (head)[tmp]->prev = (element); \ - (head)[tmp] = (element); } -#define pk11queue_find(element,id,head,hash_size) \ - for( (element) = (head)[pk11_hash(id,hash_size)]; (element) != NULL; \ - (element) = (element)->next) { \ - if ((element)->handle == (id)) { break; } } -#define pk11queue_is_queued(element,id,head,hash_size) \ - ( ((element)->next) || ((element)->prev) || \ - ((head)[pk11_hash(id,hash_size)] == (element)) ) -#define pk11queue_delete(element,id,head,hash_size) \ - if ((element)->next) (element)->next->prev = (element)->prev; \ - if ((element)->prev) (element)->prev->next = (element)->next; \ - else (head)[pk11_hash(id,hash_size)] = ((element)->next); \ - (element)->next = NULL; \ - (element)->prev = NULL; \ - -/* sessionID (handle) is used to determine session lock bucket */ -#ifdef NOSPREAD -/* NOSPREAD: (ID>>L2LPB) & (perbucket-1) */ -#define PK11_SESSION_LOCK(slot,handle) \ - ((slot)->sessionLock[((handle) >> LOG2_BUCKETS_PER_SESSION_LOCK) \ - & (NUMBER_OF_SESSION_LOCKS-1)]) -#else -/* SPREAD: ID & (perbucket-1) */ -#define PK11_SESSION_LOCK(slot,handle) \ - ((slot)->sessionLock[(handle) & (NUMBER_OF_SESSION_LOCKS-1)]) -#endif - -/* expand an attribute & secitem structures out */ -#define pk11_attr_expand(ap) (ap)->type,(ap)->pValue,(ap)->ulValueLen -#define pk11_item_expand(ip) (ip)->data,(ip)->len - -typedef struct pk11_token_parametersStr { - CK_SLOT_ID slotID; - char *configdir; - char *certPrefix; - char *keyPrefix; - char *tokdes; - char *slotdes; - int minPW; - PRBool readOnly; - PRBool noCertDB; - PRBool noKeyDB; - PRBool forceOpen; - PRBool pwRequired; -} pk11_token_parameters; - -typedef struct pk11_parametersStr { - char *configdir; - char *secmodName; - char *man; - char *libdes; - PRBool readOnly; - PRBool noModDB; - PRBool noCertDB; - PRBool forceOpen; - PRBool pwRequired; - pk11_token_parameters *tokens; - int token_count; -} pk11_parameters; - - -/* machine dependent path stuff used by dbinit.c and pk11db.c */ -#ifdef macintosh -#define PATH_SEPARATOR ":" -#define SECMOD_DB "Security Modules" -#define CERT_DB_FMT "%sCertificates%s" -#define KEY_DB_FMT "%sKey Database%s" -#else -#define PATH_SEPARATOR "/" -#define SECMOD_DB "secmod.db" -#define CERT_DB_FMT "%scert%s.db" -#define KEY_DB_FMT "%skey%s.db" -#endif - -SEC_BEGIN_PROTOS - -extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); -/* shared functions between PKCS11.c and PK11FIPS.c */ -extern CK_RV PK11_SlotInit(char *configdir,pk11_token_parameters *params); - -/* internal utility functions used by pkcs11.c */ -extern PK11Attribute *pk11_FindAttribute(PK11Object *object, - CK_ATTRIBUTE_TYPE type); -extern void pk11_FreeAttribute(PK11Attribute *attribute); -extern CK_RV pk11_AddAttributeType(PK11Object *object, CK_ATTRIBUTE_TYPE type, - void *valPtr, - CK_ULONG length); -extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern PRBool pk11_hasAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern PRBool pk11_isTrue(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern void pk11_DeleteAttributeType(PK11Object *object, - CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_Attribute2SecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_Attribute2SSecItem(PLArenaPool *arena, SECItem *item, - PK11Object *object, - CK_ATTRIBUTE_TYPE type); -extern PK11ModifyType pk11_modifyType(CK_ATTRIBUTE_TYPE type, - CK_OBJECT_CLASS inClass); -extern PRBool pk11_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); -extern char *pk11_getString(PK11Object *object, CK_ATTRIBUTE_TYPE type); -extern void pk11_nullAttribute(PK11Object *object,CK_ATTRIBUTE_TYPE type); -extern CK_RV pk11_forceAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, - void *value, unsigned int len); -extern CK_RV pk11_defaultAttribute(PK11Object *object, CK_ATTRIBUTE_TYPE type, - void *value, unsigned int len); -extern unsigned int pk11_MapTrust(CK_TRUST trust, PRBool clientAuth); - -extern PK11Object *pk11_NewObject(PK11Slot *slot); -extern CK_RV pk11_CopyObject(PK11Object *destObject, PK11Object *srcObject); -extern PK11FreeStatus pk11_FreeObject(PK11Object *object); -extern CK_RV pk11_DeleteObject(PK11Session *session, PK11Object *object); -extern void pk11_ReferenceObject(PK11Object *object); -extern PK11Object *pk11_ObjectFromHandle(CK_OBJECT_HANDLE handle, - PK11Session *session); -extern void pk11_AddSlotObject(PK11Slot *slot, PK11Object *object); -extern void pk11_AddObject(PK11Session *session, PK11Object *object); - -extern CK_RV pk11_searchObjectList(PK11SearchResults *search, - PK11Object **head, PZLock *lock, - CK_ATTRIBUTE_PTR inTemplate, int count, - PRBool isLoggedIn); -extern PK11ObjectListElement *pk11_FreeObjectListElement( - PK11ObjectListElement *objectList); -extern void pk11_FreeObjectList(PK11ObjectListElement *objectList); -extern void pk11_FreeSearch(PK11SearchResults *search); -extern CK_RV pk11_handleObject(PK11Object *object, PK11Session *session); - -extern PK11Slot *pk11_SlotFromID(CK_SLOT_ID slotID); -extern PK11Slot *pk11_SlotFromSessionHandle(CK_SESSION_HANDLE handle); -extern PK11Session *pk11_SessionFromHandle(CK_SESSION_HANDLE handle); -extern void pk11_FreeSession(PK11Session *session); -extern PK11Session *pk11_NewSession(CK_SLOT_ID slotID, CK_NOTIFY notify, - CK_VOID_PTR pApplication, CK_FLAGS flags); -extern void pk11_update_state(PK11Slot *slot,PK11Session *session); -extern void pk11_update_all_states(PK11Slot *slot); -extern void pk11_FreeContext(PK11SessionContext *context); -extern void pk11_CleanupFreeLists(void); - -extern NSSLOWKEYPublicKey *pk11_GetPubKey(PK11Object *object, - CK_KEY_TYPE key_type); -extern NSSLOWKEYPrivateKey *pk11_GetPrivKey(PK11Object *object, - CK_KEY_TYPE key_type); -extern void pk11_FormatDESKey(unsigned char *key, int length); -extern PRBool pk11_CheckDESKey(unsigned char *key); -extern PRBool pk11_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); - -extern CK_RV secmod_parseParameters(char *param, pk11_parameters *parsed, - PRBool isFIPS); -extern void secmod_freeParams(pk11_parameters *params); -extern char *secmod_getSecmodName(char *params, PRBool *rw); -extern char ** secmod_ReadPermDB(char *dbname, char *params, PRBool rw); -extern SECStatus secmod_DeletePermDB(char *dbname,char *args, PRBool rw); -extern SECStatus secmod_AddPermDB(char *dbname, char *module, PRBool rw); -/* - * OK there are now lots of options here, lets go through them all: - * - * configdir - base directory where all the cert, key, and module datbases live. - * certPrefix - prefix added to the beginning of the cert database example: " - * "https-server1-" - * keyPrefix - prefix added to the beginning of the key database example: " - * "https-server1-" - * secmodName - name of the security module database (usually "secmod.db"). - * readOnly - Boolean: true if the databases are to be openned read only. - * nocertdb - Don't open the cert DB and key DB's, just initialize the - * Volatile certdb. - * nomoddb - Don't open the security module DB, just initialize the - * PKCS #11 module. - * forceOpen - Continue to force initializations even if the databases cannot - * be opened. - */ -CK_RV pk11_DBInit(const char *configdir, const char *certPrefix, - const char *keyPrefix, PRBool readOnly, PRBool noCertDB, - PRBool noKeyDB, PRBool forceOpen, - NSSLOWCERTCertDBHandle **certDB, NSSLOWKEYDBHandle **keyDB); - -void pk11_DBShutdown(NSSLOWCERTCertDBHandle *certHandle, - NSSLOWKEYDBHandle *keyHandle); - -/* - * narrow objects - */ -PK11SessionObject * pk11_narrowToSessionObject(PK11Object *); -PK11TokenObject * pk11_narrowToTokenObject(PK11Object *); - -/* - * token object utilities - */ -void pk11_addHandle(PK11SearchResults *search, CK_OBJECT_HANDLE handle); -PRBool pk11_tokenMatch(PK11Slot *slot, SECItem *dbKey, CK_OBJECT_HANDLE class, - CK_ATTRIBUTE_PTR theTemplate,int count); -CK_OBJECT_HANDLE pk11_mkHandle(PK11Slot *slot, - SECItem *dbKey, CK_OBJECT_HANDLE class); -PK11Object * pk11_NewTokenObject(PK11Slot *slot, SECItem *dbKey, - CK_OBJECT_HANDLE handle); -PK11TokenObject *pk11_convertSessionToToken(PK11Object *so); - -SEC_END_PROTOS - -#endif /* _PKCS11I_H_ */ |