OLD | NEW |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | 1 /* This Source Code Form is subject to the terms of the Mozilla Public |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | 2 * License, v. 2.0. If a copy of the MPL was not distributed with this |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
4 /* | 4 /* |
5 * Internal data structures and functions used by pkcs11.c | 5 * Internal data structures and functions used by pkcs11.c |
6 */ | 6 */ |
7 #ifndef _PKCS11I_H_ | 7 #ifndef _PKCS11I_H_ |
8 #define _PKCS11I_H_ 1 | 8 #define _PKCS11I_H_ 1 |
9 | 9 |
10 #include "nssilock.h" | 10 #include "nssilock.h" |
11 #include "seccomon.h" | 11 #include "seccomon.h" |
12 #include "secoidt.h" | 12 #include "secoidt.h" |
13 #include "lowkeyti.h" | 13 #include "lowkeyti.h" |
14 #include "pkcs11t.h" | 14 #include "pkcs11t.h" |
15 | 15 |
16 #include "sftkdbt.h" | 16 #include "sftkdbt.h" |
17 #include "hasht.h" | 17 #include "hasht.h" |
18 | 18 |
19 /* | 19 /* |
20 * Configuration Defines | 20 * Configuration Defines |
21 * | 21 * |
22 * The following defines affect the space verse speed trade offs of | 22 * The following defines affect the space verse speed trade offs of |
23 * the PKCS #11 module. For the most part the current settings are optimized | 23 * the PKCS #11 module. For the most part the current settings are optimized |
24 * for web servers, where we want faster speed and lower lock contention at | 24 * for web servers, where we want faster speed and lower lock contention at |
25 * the expense of space. | 25 * the expense of space. |
26 */ | 26 */ |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
60 #define SPACE_SESSION_OBJECT_HASH_SIZE 32 | 60 #define SPACE_SESSION_OBJECT_HASH_SIZE 32 |
61 #define SPACE_SESSION_HASH_SIZE 32 | 61 #define SPACE_SESSION_HASH_SIZE 32 |
62 #define TIME_ATTRIBUTE_HASH_SIZE 32 | 62 #define TIME_ATTRIBUTE_HASH_SIZE 32 |
63 #define TIME_SESSION_OBJECT_HASH_SIZE 1024 | 63 #define TIME_SESSION_OBJECT_HASH_SIZE 1024 |
64 #define TIME_SESSION_HASH_SIZE 1024 | 64 #define TIME_SESSION_HASH_SIZE 1024 |
65 #define MAX_OBJECT_LIST_SIZE 800 | 65 #define MAX_OBJECT_LIST_SIZE 800 |
66 /* how many objects to keep on the free list | 66 /* how many objects to keep on the free list |
67 * before we start freeing them */ | 67 * before we start freeing them */ |
68 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */ | 68 #define MAX_KEY_LEN 256 /* maximum symmetric key length in bytes */ |
69 | 69 |
70 #define MULTIACCESS "multiaccess:" | |
71 | |
72 /* | 70 /* |
73 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. | 71 * LOG2_BUCKETS_PER_SESSION_LOCK must be a prime number. |
74 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0. | 72 * With SESSION_HASH_SIZE=1024, LOG2 can be 9, 5, 1, or 0. |
75 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0. | 73 * With SESSION_HASH_SIZE=4096, LOG2 can be 11, 9, 5, 1, or 0. |
76 * | 74 * |
77 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS | 75 * HASH_SIZE LOG2_BUCKETS_PER BUCKETS_PER_LOCK NUMBER_OF_BUCKETS |
78 * 1024 9 512 2 | 76 * 1024 9 512 2 |
79 * 1024 5 32 32 | 77 * 1024 5 32 32 |
80 * 1024 1 2 512 | 78 * 1024 1 2 512 |
81 * 1024 0 1 1024 | 79 * 1024 0 1 1024 |
(...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
539 PRBool noCertDB; | 537 PRBool noCertDB; |
540 PRBool forceOpen; | 538 PRBool forceOpen; |
541 PRBool pwRequired; | 539 PRBool pwRequired; |
542 PRBool optimizeSpace; | 540 PRBool optimizeSpace; |
543 sftk_token_parameters *tokens; | 541 sftk_token_parameters *tokens; |
544 int token_count; | 542 int token_count; |
545 } sftk_parameters; | 543 } sftk_parameters; |
546 | 544 |
547 | 545 |
548 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */ | 546 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */ |
549 #define PATH_SEPARATOR "/" | |
550 #define SECMOD_DB "secmod.db" | |
551 #define CERT_DB_FMT "%scert%s.db" | 547 #define CERT_DB_FMT "%scert%s.db" |
552 #define KEY_DB_FMT "%skey%s.db" | 548 #define KEY_DB_FMT "%skey%s.db" |
553 | 549 |
554 SEC_BEGIN_PROTOS | 550 SEC_BEGIN_PROTOS |
555 | 551 |
556 /* shared functions between pkcs11.c and fipstokn.c */ | 552 /* shared functions between pkcs11.c and fipstokn.c */ |
557 extern PRBool nsf_init; | 553 extern PRBool nsf_init; |
558 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); | 554 extern CK_RV nsc_CommonInitialize(CK_VOID_PTR pReserved, PRBool isFIPS); |
559 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS); | 555 extern CK_RV nsc_CommonFinalize(CK_VOID_PTR pReserved, PRBool isFIPS); |
560 extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv); | 556 extern PRBool sftk_ForkReset(CK_VOID_PTR pReserved, CK_RV* crv); |
(...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
653 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); | 649 extern PRBool sftk_IsWeakKey(unsigned char *key,CK_KEY_TYPE key_type); |
654 | 650 |
655 /* mechanism allows this operation */ | 651 /* mechanism allows this operation */ |
656 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE
op); | 652 extern CK_RV sftk_MechAllowsOperation(CK_MECHANISM_TYPE type, CK_ATTRIBUTE_TYPE
op); |
657 | 653 |
658 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely | 654 /* helper function which calls nsslowkey_FindKeyByPublicKey after safely |
659 * acquiring a reference to the keydb from the slot */ | 655 * acquiring a reference to the keydb from the slot */ |
660 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); | 656 NSSLOWKEYPrivateKey *sftk_FindKeyByPublicKey(SFTKSlot *slot, SECItem *dbKey); |
661 | 657 |
662 /* | 658 /* |
| 659 * parameter parsing functions |
| 660 */ |
| 661 CK_RV sftk_parseParameters(char *param, sftk_parameters *parsed, PRBool isFIPS); |
| 662 void sftk_freeParams(sftk_parameters *params); |
| 663 |
| 664 |
| 665 /* |
663 * narrow objects | 666 * narrow objects |
664 */ | 667 */ |
665 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *); | 668 SFTKSessionObject * sftk_narrowToSessionObject(SFTKObject *); |
666 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *); | 669 SFTKTokenObject * sftk_narrowToTokenObject(SFTKObject *); |
667 | 670 |
668 /* | 671 /* |
669 * token object utilities | 672 * token object utilities |
670 */ | 673 */ |
671 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle); | 674 void sftk_addHandle(SFTKSearchResults *search, CK_OBJECT_HANDLE handle); |
672 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, | 675 PRBool sftk_poisonHandle(SFTKSlot *slot, SECItem *dbkey, |
(...skipping 22 matching lines...) Expand all Loading... |
695 */ | 698 */ |
696 | 699 |
697 extern CK_RV | 700 extern CK_RV |
698 sftk_TLSPRFInit(SFTKSessionContext *context, | 701 sftk_TLSPRFInit(SFTKSessionContext *context, |
699 SFTKObject * key, | 702 SFTKObject * key, |
700 CK_KEY_TYPE key_type); | 703 CK_KEY_TYPE key_type); |
701 | 704 |
702 SEC_END_PROTOS | 705 SEC_END_PROTOS |
703 | 706 |
704 #endif /* _PKCS11I_H_ */ | 707 #endif /* _PKCS11I_H_ */ |
OLD | NEW |