Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(712)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/util/pkcs11n.h

Issue 13898013: Update NSS to NSS_3_15_BETA2. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« nss/lib/util/hasht.h ('K') | « nss/lib/util/nssutil.h ('k') | nss/lib/util/seccomon.h » ('j') | nss/lib/util/seccomon.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 #ifndef _PKCS11N_H_ 5 #ifndef _PKCS11N_H_
6 #define _PKCS11N_H_ 6 #define _PKCS11N_H_
7 7
8 #ifdef DEBUG 8 #ifdef DEBUG
9 static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$"; 9 static const char CKT_CVS_ID[] = "@(#) $RCSfile$ $Revision$ $Date$";
10 #endif /* DEBUG */ 10 #endif /* DEBUG */
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
188 * Parameter type: CK_NSS_JPAKEFinalParams 188 * Parameter type: CK_NSS_JPAKEFinalParams
189 * 189 *
190 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 190 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
191 * to get a key with uniformly distributed bits. 191 * to get a key with uniformly distributed bits.
192 */ 192 */
193 #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) 193 #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15)
194 #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) 194 #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16)
195 #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) 195 #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17)
196 #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) 196 #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18)
197 197
198 /* Constant-time MAC mechanisms:
199 *
200 * These operations verify a padded, MAC-then-encrypt block of data in
201 * constant-time. Because of the order of operations, the padding bytes are not
202 * protected by the MAC. However, disclosing the value of the padding bytes
203 * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
204 * as subtle as taking slightly less time to perform the MAC when the padding
205 * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
206 *
207 * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
208 * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
209 *
210 * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
211 */
198 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) 212 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
199 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) 213 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
200 214
215 /* TLS 1.2 mechanisms */
216 #define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
217 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
218 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
219 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
220
201 /* 221 /*
202 * HISTORICAL: 222 * HISTORICAL:
203 * Do not attempt to use these. They are only used by NETSCAPE's internal 223 * Do not attempt to use these. They are only used by NETSCAPE's internal
204 * PKCS #11 interface. Most of these are place holders for other mechanism 224 * PKCS #11 interface. Most of these are place holders for other mechanism
205 * and will change in the future. 225 * and will change in the future.
206 */ 226 */
207 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL 227 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
208 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL 228 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
209 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL 229 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
210 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL 230 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
(...skipping 25 matching lines...) Expand all
236 CK_ULONG ulSharedKeyLen; /* in */ 256 CK_ULONG ulSharedKeyLen; /* in */
237 CK_NSS_JPAKEPublicValue gx3; /* in */ 257 CK_NSS_JPAKEPublicValue gx3; /* in */
238 CK_NSS_JPAKEPublicValue gx4; /* in */ 258 CK_NSS_JPAKEPublicValue gx4; /* in */
239 CK_NSS_JPAKEPublicValue A; /* out */ 259 CK_NSS_JPAKEPublicValue A; /* out */
240 } CK_NSS_JPAKERound2Params; 260 } CK_NSS_JPAKERound2Params;
241 261
242 typedef struct CK_NSS_JPAKEFinalParams { 262 typedef struct CK_NSS_JPAKEFinalParams {
243 CK_NSS_JPAKEPublicValue B; /* in */ 263 CK_NSS_JPAKEPublicValue B; /* in */
244 } CK_NSS_JPAKEFinalParams; 264 } CK_NSS_JPAKEFinalParams;
245 265
246 /* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and 266 /* macAlg: the MAC algorithm to use. This determines the hash function used in
267 * the HMAC/SSLv3 MAC calculations.
268 * ulBodyTotalLen: the total length of the data, including padding bytes and
269 * padding length.
270 * pHeader: points to a block of data that contains additional data to
271 * authenticate. For TLS this includes the sequence number etc. For SSLv3,
272 * this also includes the initial padding bytes.
273 *
274 * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
247 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen 275 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
248 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an 276 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
249 * unsigned int variable to represent the length in bits. This should not 277 * unsigned int variable to represent the length in bits. This should not
250 * be a problem because the SSL/TLS protocol limits the size of an SSL 278 * be a problem because the SSL/TLS protocol limits the size of an SSL
251 * record to something considerably less than 2^32 bytes. 279 * record to something considerably less than 2^32 bytes.
252 */ 280 */
253 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { 281 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
254 CK_MECHANISM_TYPE macAlg; /* in */ 282 CK_MECHANISM_TYPE macAlg; /* in */
255 CK_ULONG ulBodyTotalLen; /* in */ 283 CK_ULONG ulBodyTotalLen; /* in */
256 CK_BYTE * pHeader; /* in */ 284 CK_BYTE * pHeader; /* in */
(...skipping 176 matching lines...) Expand 10 before | Expand all | Expand 10 after
433 char *parameters, void *moduleSpec); 461 char *parameters, void *moduleSpec);
434 462
435 /* softoken slot ID's */ 463 /* softoken slot ID's */
436 #define SFTK_MIN_USER_SLOT_ID 4 464 #define SFTK_MIN_USER_SLOT_ID 4
437 #define SFTK_MAX_USER_SLOT_ID 100 465 #define SFTK_MAX_USER_SLOT_ID 100
438 #define SFTK_MIN_FIPS_USER_SLOT_ID 101 466 #define SFTK_MIN_FIPS_USER_SLOT_ID 101
439 #define SFTK_MAX_FIPS_USER_SLOT_ID 127 467 #define SFTK_MAX_FIPS_USER_SLOT_ID 127
440 468
441 469
442 #endif /* _PKCS11N_H_ */ 470 #endif /* _PKCS11N_H_ */
OLDNEW
« nss/lib/util/hasht.h ('K') | « nss/lib/util/nssutil.h ('k') | nss/lib/util/seccomon.h » ('j') | nss/lib/util/seccomon.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698