/* This Source Code Form is subject to the terms of the Mozilla Public

 * License, v. 2.0. If a copy of the MPL was not distributed with this

 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

/*

 * Internal header file included only by files in pkcs11 dir, or in

 * pkcs11 specific client and server files.

 */

#ifndef  _SECMODTI_H_

#define  _SECMODTI_H_ 1

#include "prmon.h"

#include "prtypes.h"

#include "nssilckt.h"

#include "secmodt.h"

#include "pkcs11t.h"

#include "nssdevt.h"

/* internal data structures */

/* Traverse slots callback */

typedef struct pk11TraverseSlotStr {

    SECStatus (*callback)(PK11SlotInfo *,CK_OBJECT_HANDLE, void *);

    void *callbackArg;

    CK_ATTRIBUTE *findTemplate;

    int templateCount;

} pk11TraverseSlot;

/* represent a pkcs#11 slot reference counted. */

struct PK11SlotInfoStr {

    /* the PKCS11 function list for this slot */

    void *functionList;

    SECMODModule *module; /* our parent module */

    /* Boolean to indicate the current state of this slot */

    PRBool needTest;	/* Has this slot been tested for Export complience */

    PRBool isPerm;	/* is this slot a permanment device */

    PRBool isHW;	/* is this slot a hardware device */

    PRBool isInternal;  /* is this slot one of our internal PKCS #11 devices */

    PRBool disabled;	/* is this slot disabled... */

    PK11DisableReasons reason; 	/* Why this slot is disabled */

    PRBool readOnly;	/* is the token in this slot read-only */

    PRBool needLogin;	/* does the token of the type that needs 

			 * authentication (still true even if token is logged 

			 * in) */

    PRBool hasRandom;   /* can this token generated random numbers */

    PRBool defRWSession; /* is the default session RW (we open our default 

			  * session rw if the token can only handle one session

			  * at a time. */

    PRBool isThreadSafe; /* copied from the module */

    /* The actual flags (many of which are distilled into the above PRBools) */

    CK_FLAGS flags;      /* flags from PKCS #11 token Info */

    /* a default session handle to do quick and dirty functions */

    CK_SESSION_HANDLE session; 

    PZLock *sessionLock; /* lock for this session */

    /* our ID */

    CK_SLOT_ID slotID;

    /* persistant flags saved from startup to startup */

    unsigned long defaultFlags;

    /* keep track of who is using us so we don't accidently get freed while

     * still in use */

    PRInt32 refCount;    /* to be in/decremented by atomic calls ONLY! */

    PZLock *freeListLock;

    PK11SymKey *freeSymKeysWithSessionHead;

    PK11SymKey *freeSymKeysHead;

    int keyCount;

    int maxKeyCount;

    /* Password control functions for this slot. many of these are only

     * active if the appropriate flag is on in defaultFlags */

    int askpw;		/* what our password options are */

    int timeout;	/* If we're ask_timeout, what is our timeout time is 

			 * seconds */

    int authTransact;   /* allow multiple authentications off one password if

		         * they are all part of the same transaction */

    PRTime authTime;	/* when were we last authenticated */

    int minPassword;	/* smallest legal password */

    int maxPassword;	/* largest legal password */

    PRUint16 series;	/* break up the slot info into various groups of

			 * inserted tokens so that keys and certs can be

			 * invalidated */

    PRUint16 flagSeries;/* record the last series for the last event

                         * returned for this slot */

    PRBool flagState;	/* record the state of the last event returned for this

			 * slot. */

    PRUint16 wrapKey;	/* current wrapping key for SSL master secrets */

    CK_MECHANISM_TYPE wrapMechanism;

			/* current wrapping mechanism for current wrapKey */

    CK_OBJECT_HANDLE refKeys[1]; /* array of existing wrapping keys for */

    CK_MECHANISM_TYPE *mechanismList; /* list of mechanism supported by this

				       * token */

    int mechanismCount;

    /* cache the certificates stored on the token of this slot */

    CERTCertificate **cert_array;

    int array_size;

    int cert_count;

    char serial[16];

    /* since these are odd sizes, keep them last. They are odd sizes to 

     * allow them to become null terminated strings */

    char slot_name[65];

    char token_name[33];

    PRBool hasRootCerts;

    PRBool hasRootTrust;

    PRBool hasRSAInfo;

    CK_FLAGS RSAInfoFlags;

    PRBool protectedAuthPath;

    PRBool isActiveCard;

    PRIntervalTime lastLoginCheck;

    unsigned int lastState;

    /* for Stan */

    NSSToken *nssToken;

    /* fast mechanism lookup */

    char mechanismBits[256];

};

/* Symetric Key structure. Reference Counted */

struct PK11SymKeyStr {

    CK_MECHANISM_TYPE type;	/* type of operation this key was created for*/

    CK_OBJECT_HANDLE  objectID; /* object id of this key in the slot */

    PK11SlotInfo      *slot;    /* Slot this key is loaded into */

    void	      *cx;	/* window context in case we need to loggin */

    PK11SymKey	      *next;

    PRBool	      owner;

    SECItem	      data;	/* raw key data if available */

    CK_SESSION_HANDLE session;

    PRBool	      sessionOwner;

    PRInt32	      refCount;	/* number of references to this key */

    int		      size;	/* key size in bytes */

    PK11Origin	      origin;	/* where this key came from 

                                 * (see def in secmodt.h) */

    PK11SymKey        *parent;  /* potential owner key of the session */

    PRUint16 series;		/* break up the slot info into various groups

				 * of inserted tokens so that keys and certs 

				 * can be invalidated */

    void *userData;		/* random data the application can attach to

                                 * this key */

    PK11FreeDataFunc freeFunc;	/* function to free the user data */

};

/*

 * hold a hash, encryption or signing context for multi-part operations.

 * hold enough information so that multiple contexts can be interleaved

 * if necessary. ... Not RefCounted.

 */

struct PK11ContextStr {

    CK_ATTRIBUTE_TYPE	operation; /* type of operation this context is doing

				    * (CKA_ENCRYPT, CKA_SIGN, CKA_HASH, etc. */

    PK11SymKey  	*key;	   /* symetric key used in this context */

    PK11SlotInfo	*slot;	   /* slot this context is operationing on */

    CK_SESSION_HANDLE	session;   /* session this context is using */

    PZLock		*sessionLock; /* lock before accessing a PKCS #11 

				       * session */

    PRBool		ownSession;/* do we own the session? */

    void 		*cx;	   /* window context in case we need to loggin*/

    void		*savedData;/* save data when we are multiplexing on a

				    * single context */

    unsigned long	savedLength; /* length of the saved context */

    SECItem		*param;	    /* mechanism parameters used to build this

								context */

    PRBool		init;	    /* has this contexted been initialized */

    CK_MECHANISM_TYPE	type;	    /* what is the PKCS #11 this context is

				     * representing (usually what algorithm is

				     * being used (CKM_RSA_PKCS, CKM_DES,

				     * CKM_SHA, etc.*/

    PRBool		fortezzaHack; /*Fortezza SSL has some special

				       * non-standard semantics*/

};

/*

 * structure to hold a pointer to a unique PKCS #11 object 

 * (pointer to the slot and the object id).

 */

struct PK11GenericObjectStr {

    PK11GenericObject *prev;

    PK11GenericObject *next;

    PK11SlotInfo *slot;

    CK_OBJECT_HANDLE objectID;

};

#define MAX_TEMPL_ATTRS 16 /* maximum attributes in template */

/* This mask includes all CK_FLAGs with an equivalent CKA_ attribute. */

#define CKF_KEY_OPERATION_FLAGS 0x000e7b00UL

#endif /* _SECMODTI_H_ */