| OLD | NEW |
|---|
| (Empty) |
| 1 /* | |
| 2 * softoken.h - private data structures and prototypes for the softoken lib | |
| 3 * | |
| 4 * This Source Code Form is subject to the terms of the Mozilla Public | |
| 5 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 7 | |
| 8 #ifndef _SOFTOKEN_H_ | |
| 9 #define _SOFTOKEN_H_ | |
| 10 | |
| 11 #include "blapi.h" | |
| 12 #include "lowkeyti.h" | |
| 13 #include "softoknt.h" | |
| 14 #include "secoidt.h" | |
| 15 | |
| 16 #include "pkcs11t.h" | |
| 17 | |
| 18 SEC_BEGIN_PROTOS | |
| 19 | |
| 20 /* | |
| 21 * Convenience wrapper for doing a single PKCS#1 v1.5 RSA operations where the | |
| 22 * encoded digest info is computed internally, rather than by the caller. | |
| 23 * | |
| 24 * The HashSign variants expect as input the value of H, the computed hash | |
| 25 * from RFC 3447, Section 9.2, Step 1, and will compute the DER-encoded | |
| 26 * DigestInfo structure internally prior to signing/verifying. | |
| 27 */ | |
| 28 extern SECStatus | |
| 29 RSA_HashSign(SECOidTag hashOid, NSSLOWKEYPrivateKey *key, | |
| 30 unsigned char *sig, unsigned int *sigLen, unsigned int maxLen, | |
| 31 const unsigned char *hash, unsigned int hashLen); | |
| 32 | |
| 33 extern SECStatus | |
| 34 RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, | |
| 35 const unsigned char *sig, unsigned int sigLen, | |
| 36 const unsigned char *hash, unsigned int hashLen); | |
| 37 | |
| 38 /* | |
| 39 ** Prepare a buffer for padded CBC encryption, growing to the appropriate | |
| 40 ** boundary, filling with the appropriate padding. | |
| 41 ** | |
| 42 ** blockSize must be a power of 2. | |
| 43 ** | |
| 44 ** We add from 1 to blockSize bytes -- we *always* grow. | |
| 45 ** The extra bytes contain the value of the length of the padding: | |
| 46 ** if we have 2 bytes of padding, then the padding is "0x02, 0x02". | |
| 47 ** | |
| 48 ** NOTE: If arena is non-NULL, we re-allocate from there, otherwise | |
| 49 ** we assume (and use) PR memory (re)allocation. | |
| 50 */ | |
| 51 extern unsigned char * CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf, | |
| 52 unsigned int inlen, unsigned int *outlen, | |
| 53 int blockSize); | |
| 54 | |
| 55 | |
| 56 /****************************************/ | |
| 57 /* | |
| 58 ** Power-Up selftests required for FIPS and invoked only | |
| 59 ** under PKCS #11 FIPS mode. | |
| 60 */ | |
| 61 extern CK_RV sftk_fipsPowerUpSelfTest( void ); | |
| 62 | |
| 63 /* | |
| 64 ** make known fixed PKCS #11 key types to their sizes in bytes | |
| 65 */ | |
| 66 unsigned long sftk_MapKeySize(CK_KEY_TYPE keyType); | |
| 67 | |
| 68 /* | |
| 69 ** FIPS 140-2 auditing | |
| 70 */ | |
| 71 extern PRBool sftk_audit_enabled; | |
| 72 | |
| 73 extern void sftk_LogAuditMessage(NSSAuditSeverity severity, | |
| 74 NSSAuditType, const char *msg); | |
| 75 | |
| 76 extern void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession, | |
| 77 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, | |
| 78 CK_OBJECT_HANDLE_PTR phObject, CK_RV rv); | |
| 79 | |
| 80 extern void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession, | |
| 81 CK_OBJECT_HANDLE hObject, | |
| 82 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, | |
| 83 CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv); | |
| 84 | |
| 85 extern void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession, | |
| 86 CK_OBJECT_HANDLE hObject, CK_RV rv); | |
| 87 | |
| 88 extern void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession, | |
| 89 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, | |
| 90 CK_RV rv); | |
| 91 | |
| 92 extern void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession, | |
| 93 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, | |
| 94 CK_ULONG ulCount, CK_RV rv); | |
| 95 | |
| 96 extern void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession, | |
| 97 CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, | |
| 98 CK_ULONG ulCount, CK_RV rv); | |
| 99 | |
| 100 extern void sftk_AuditCryptInit(const char *opName, | |
| 101 CK_SESSION_HANDLE hSession, | |
| 102 CK_MECHANISM_PTR pMechanism, | |
| 103 CK_OBJECT_HANDLE hKey, CK_RV rv); | |
| 104 | |
| 105 extern void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession, | |
| 106 CK_MECHANISM_PTR pMechanism, | |
| 107 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, | |
| 108 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); | |
| 109 | |
| 110 extern void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession, | |
| 111 CK_MECHANISM_PTR pMechanism, | |
| 112 CK_ATTRIBUTE_PTR pPublicKeyTemplate, | |
| 113 CK_ULONG ulPublicKeyAttributeCount, | |
| 114 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, | |
| 115 CK_ULONG ulPrivateKeyAttributeCount, | |
| 116 CK_OBJECT_HANDLE_PTR phPublicKey, | |
| 117 CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv); | |
| 118 | |
| 119 extern void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession, | |
| 120 CK_MECHANISM_PTR pMechanism, | |
| 121 CK_OBJECT_HANDLE hWrappingKey, CK_OBJECT_HANDLE hKey, | |
| 122 CK_BYTE_PTR pWrappedKey, | |
| 123 CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv); | |
| 124 | |
| 125 extern void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession, | |
| 126 CK_MECHANISM_PTR pMechanism, | |
| 127 CK_OBJECT_HANDLE hUnwrappingKey, | |
| 128 CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen, | |
| 129 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, | |
| 130 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); | |
| 131 | |
| 132 extern void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession, | |
| 133 CK_MECHANISM_PTR pMechanism, | |
| 134 CK_OBJECT_HANDLE hBaseKey, | |
| 135 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, | |
| 136 CK_OBJECT_HANDLE_PTR phKey, CK_RV rv); | |
| 137 | |
| 138 extern void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession, | |
| 139 CK_OBJECT_HANDLE hKey, CK_RV rv); | |
| 140 | |
| 141 /* | |
| 142 ** FIPS 140-2 Error state | |
| 143 */ | |
| 144 extern PRBool sftk_fatalError; | |
| 145 | |
| 146 /* | |
| 147 ** macros to check for forked child process after C_Initialize | |
| 148 */ | |
| 149 #if defined(XP_UNIX) && !defined(NO_FORK_CHECK) | |
| 150 | |
| 151 #ifdef DEBUG | |
| 152 | |
| 153 #define FORK_ASSERT() \ | |
| 154 { \ | |
| 155 char* forkAssert = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \ | |
| 156 if ( (!forkAssert) || (0 == strcmp(forkAssert, "1")) ) { \ | |
| 157 PORT_Assert(0); \ | |
| 158 } \ | |
| 159 } | |
| 160 | |
| 161 #else | |
| 162 | |
| 163 #define FORK_ASSERT() | |
| 164 | |
| 165 #endif | |
| 166 | |
| 167 /* we have 3 methods of implementing the fork checks : | |
| 168 * - Solaris "mixed" method | |
| 169 * - pthread_atfork method | |
| 170 * - getpid method | |
| 171 */ | |
| 172 | |
| 173 #if !defined (CHECK_FORK_MIXED) && !defined(CHECK_FORK_PTHREAD) && \ | |
| 174 !defined (CHECK_FORK_GETPID) | |
| 175 | |
| 176 /* Choose fork check method automatically unless specified | |
| 177 * This section should be updated as more platforms get pthread fixes | |
| 178 * to unregister fork handlers in dlclose. | |
| 179 */ | |
| 180 | |
| 181 #ifdef SOLARIS | |
| 182 | |
| 183 /* Solaris 8, s9 use PID checks, s10 uses pthread_atfork */ | |
| 184 | |
| 185 #define CHECK_FORK_MIXED | |
| 186 | |
| 187 #elif defined(LINUX) | |
| 188 | |
| 189 #define CHECK_FORK_PTHREAD | |
| 190 | |
| 191 #else | |
| 192 | |
| 193 /* Other Unix platforms use only PID checks. Even if pthread_atfork is | |
| 194 * available, the behavior of dlclose isn't guaranteed by POSIX to | |
| 195 * unregister the fork handler. */ | |
| 196 | |
| 197 #define CHECK_FORK_GETPID | |
| 198 | |
| 199 #endif | |
| 200 | |
| 201 #endif | |
| 202 | |
| 203 #if defined(CHECK_FORK_MIXED) | |
| 204 | |
| 205 extern PRBool usePthread_atfork; | |
| 206 #include <unistd.h> | |
| 207 extern pid_t myPid; | |
| 208 extern PRBool forked; | |
| 209 | |
| 210 #define PARENT_FORKED() (usePthread_atfork ? forked : (myPid && myPid != getpid(
))) | |
| 211 | |
| 212 #elif defined(CHECK_FORK_PTHREAD) | |
| 213 | |
| 214 extern PRBool forked; | |
| 215 | |
| 216 #define PARENT_FORKED() forked | |
| 217 | |
| 218 #elif defined(CHECK_FORK_GETPID) | |
| 219 | |
| 220 #include <unistd.h> | |
| 221 extern pid_t myPid; | |
| 222 | |
| 223 #define PARENT_FORKED() (myPid && myPid != getpid()) | |
| 224 | |
| 225 #endif | |
| 226 | |
| 227 extern PRBool parentForkedAfterC_Initialize; | |
| 228 extern PRBool sftkForkCheckDisabled; | |
| 229 | |
| 230 #define CHECK_FORK() \ | |
| 231 do { \ | |
| 232 if (!sftkForkCheckDisabled && PARENT_FORKED()) { \ | |
| 233 FORK_ASSERT(); \ | |
| 234 return CKR_DEVICE_ERROR; \ | |
| 235 } \ | |
| 236 } while (0) | |
| 237 | |
| 238 #define SKIP_AFTER_FORK(x) if (!parentForkedAfterC_Initialize) x | |
| 239 | |
| 240 #define ENABLE_FORK_CHECK() \ | |
| 241 { \ | |
| 242 char* doForkCheck = PR_GetEnvSecure("NSS_STRICT_NOFORK"); \ | |
| 243 if ( doForkCheck && !strcmp(doForkCheck, "DISABLED") ) { \ | |
| 244 sftkForkCheckDisabled = PR_TRUE; \ | |
| 245 } \ | |
| 246 } | |
| 247 | |
| 248 | |
| 249 #else | |
| 250 | |
| 251 /* non-Unix platforms, or fork check disabled */ | |
| 252 | |
| 253 #define CHECK_FORK() | |
| 254 #define SKIP_AFTER_FORK(x) x | |
| 255 #define ENABLE_FORK_CHECK() | |
| 256 | |
| 257 #ifndef NO_FORK_CHECK | |
| 258 #define NO_FORK_CHECK | |
| 259 #endif | |
| 260 | |
| 261 #endif | |
| 262 | |
| 263 | |
| 264 SEC_END_PROTOS | |
| 265 | |
| 266 #endif /* _SOFTOKEN_H_ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master