1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* 5 * Internal data structures and functions used by pkcs11.c 6 */ 7 #ifndef _LGDB_H_ 8 #define _LGDB_H_ 1 9 10 #include "nssilock.h" 11 #include "seccomon.h" 12 #include "secoidt.h" 13 #include "lowkeyti.h" 14 #include "pkcs11t.h" 15 #include "sdb.h" 16 #include "cdbhdl.h" 17 18 #define MULTIACCESS "multiaccess:" 19 20 /* path stuff (was machine dependent) used by dbinit.c and pk11db.c */ 21 #define PATH_SEPARATOR "/" 22 #define SECMOD_DB "secmod.db" 23 #define CERT_DB_FMT "%scert%s.db" 24 #define KEY_DB_FMT "%skey%s.db" 25 26 SEC_BEGIN_PROTOS 27 28 /* internal utility functions used by pkcs11.c */ 29 extern const CK_ATTRIBUTE *lg_FindAttribute(CK_ATTRIBUTE_TYPE type, 30 const CK_ATTRIBUTE *templ, CK_ULONG count); 31 extern CK_RV lg_Attribute2SecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type, 32 const CK_ATTRIBUTE *templ, CK_ULONG count, 33 SECItem *item); 34 extern CK_RV lg_Attribute2SSecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type, 35 const CK_ATTRIBUTE *templ, CK_ULONG count, 36 SECItem *item); 37 extern CK_RV lg_PrivAttr2SecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type, 38 const CK_ATTRIBUTE *templ, CK_ULONG count, 39 SECItem *item, SDB *sdbpw); 40 extern CK_RV lg_PrivAttr2SSecItem(PLArenaPool *, CK_ATTRIBUTE_TYPE type, 41 const CK_ATTRIBUTE *templ, CK_ULONG count, 42 SECItem *item, SDB *sdbpw); 43 extern CK_RV lg_GetULongAttribute(CK_ATTRIBUTE_TYPE type, 44 const CK_ATTRIBUTE *templ, CK_ULONG count, 45 CK_ULONG *out); 46 extern PRBool lg_hasAttribute(CK_ATTRIBUTE_TYPE type, 47 const CK_ATTRIBUTE *templ, CK_ULONG count); 48 extern PRBool lg_isTrue(CK_ATTRIBUTE_TYPE type, 49 const CK_ATTRIBUTE *templ, CK_ULONG count); 50 extern PRBool lg_isSensitive(CK_ATTRIBUTE_TYPE type, CK_OBJECT_CLASS inClass); 51 extern char *lg_getString(CK_ATTRIBUTE_TYPE type, 52 const CK_ATTRIBUTE *templ, CK_ULONG count); 53 extern unsigned int lg_MapTrust(CK_TRUST trust, PRBool clientAuth); 54 55 /* clear out all the existing object ID to database key mappings. 56 * used to reinit a token */ 57 extern CK_RV lg_ClearTokenKeyHashTable(SDB *sdb); 58 59 extern void lg_FreeSearch(SDBFind *search); 60 61 NSSLOWCERTCertDBHandle *lg_getCertDB(SDB *sdb); 62 NSSLOWKEYDBHandle *lg_getKeyDB(SDB *sdb); 63 64 const char *lg_EvaluateConfigDir(const char *configdir, char **domain); 65 66 /* verify the FIPS selftests ran and were successful */ 67 PRBool lg_FIPSEntryOK(void); 68 69 /* 70 * object handle modifiers 71 */ 72 #define LG_TOKEN_MASK 0xc0000000L 73 #define LG_TOKEN_TYPE_MASK 0x38000000L 74 #define LG_TOKEN_TYPE_SHIFT 27 75 /* keydb (high bit == 0) */ 76 #define LG_TOKEN_TYPE_PRIV 0x08000000L 77 #define LG_TOKEN_TYPE_PUB 0x10000000L 78 #define LG_TOKEN_TYPE_KEY 0x18000000L 79 /* certdb (high bit == 1) */ 80 #define LG_TOKEN_TYPE_TRUST 0x20000000L 81 #define LG_TOKEN_TYPE_CRL 0x28000000L 82 #define LG_TOKEN_TYPE_SMIME 0x30000000L 83 #define LG_TOKEN_TYPE_CERT 0x38000000L 84 85 #define LG_TOKEN_KRL_HANDLE (LG_TOKEN_TYPE_CRL | 1) 86 87 #define LG_SEARCH_BLOCK_SIZE 10 88 #define LG_BUF_SPACE 50 89 #define LG_STRICT PR_FALSE 90 91 /* 92 * token object utilities 93 */ 94 void lg_addHandle(SDBFind *search, CK_OBJECT_HANDLE handle); 95 PRBool lg_poisonHandle(SDB *sdb, SECItem *dbkey, CK_OBJECT_HANDLE handle); 96 PRBool lg_tokenMatch(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE class, 97 const CK_ATTRIBUTE *templ, CK_ULONG count); 98 const SECItem *lg_lookupTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle); 99 CK_OBJECT_HANDLE lg_mkHandle(SDB *sdb, SECItem *dbKey, CK_OBJECT_HANDLE class); 100 SECStatus lg_deleteTokenKeyByHandle(SDB *sdb, CK_OBJECT_HANDLE handle); 101 102 SECStatus lg_util_encrypt(PLArenaPool *arena, SDB *sdbpw, 103 SECItem *plainText, SECItem **cipherText); 104 SECStatus lg_util_decrypt(SDB *sdbpw, 105 SECItem *cipherText, SECItem **plainText); 106 PLHashTable *lg_GetHashTable(SDB *sdb); 107 void lg_DBLock(SDB *sdb); 108 void lg_DBUnlock(SDB *sdb); 109 110 typedef void (*LGFreeFunc)(void *); 111 112 /* 113 * database functions 114 */ 115 116 /* lg_FindObjectsInit initializes a search for token and session objects 117 * that match a template. */ 118 CK_RV lg_FindObjectsInit(SDB *sdb, const CK_ATTRIBUTE *pTemplate, 119 CK_ULONG ulCount, SDBFind **search); 120 /* lg_FindObjects continues a search for token and session objects 121 * that match a template, obtaining additional object handles. */ 122 CK_RV lg_FindObjects(SDB *sdb, SDBFind *search, 123 CK_OBJECT_HANDLE *phObject, CK_ULONG ulMaxObjectCount, 124 CK_ULONG *pulObjectCount); 125 126 /* lg_FindObjectsFinal finishes a search for token and session objects. */ 127 CK_RV lg_FindObjectsFinal(SDB *lgdb, SDBFind *search); 128 129 /* lg_CreateObject parses the template and create an object stored in the 130 * DB that reflects the object specified in the template. */ 131 CK_RV lg_CreateObject(SDB *sdb, CK_OBJECT_HANDLE *handle, 132 const CK_ATTRIBUTE *templ, CK_ULONG count); 133 134 CK_RV lg_GetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, 135 CK_ATTRIBUTE *template, CK_ULONG count); 136 CK_RV lg_SetAttributeValue(SDB *sdb, CK_OBJECT_HANDLE object_id, 137 const CK_ATTRIBUTE *template, CK_ULONG count); 138 CK_RV lg_DestroyObject(SDB *sdb, CK_OBJECT_HANDLE object_id); 139 140 CK_RV lg_Close(SDB *sdb); 141 CK_RV lg_Reset(SDB *sdb); 142 143 /* 144 * The old database doesn't share and doesn't support 145 * transactions. 146 */ 147 CK_RV lg_Begin(SDB *sdb); 148 CK_RV lg_Commit(SDB *sdb); 149 CK_RV lg_Abort(SDB *sdb); 150 CK_RV lg_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2); 151 CK_RV lg_PutMetaData(SDB *sdb, const char *id, 152 const SECItem *item1, const SECItem *item2); 153 154 SEC_END_PROTOS 155 156 #ifndef XP_UNIX 157 158 #define NO_FORK_CHECK 159 160 #endif 161 162 #ifndef NO_FORK_CHECK 163 164 extern PRBool lg_parentForkedAfterC_Initialize; 165 #define SKIP_AFTER_FORK(x) \ 166 if (!lg_parentForkedAfterC_Initialize) \ 167 x 168 169 #else 170 171 #define SKIP_AFTER_FORK(x) x 172 173 #endif /* NO_FORK_CHECK */ 174 175 #endif /* _LGDB_H_ */ 176