Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1790)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mozilla/security/nss/lib/ckfw/nssckmdt.h

Issue 14249009: Change the NSS and NSPR source tree to the new directory structure to be (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/
Patch Set: Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « mozilla/security/nss/lib/ckfw/nssckg.h ('k') | mozilla/security/nss/lib/ckfw/nssckt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef NSSCKMDT_H
6 #define NSSCKMDT_H
7
8 #ifdef DEBUG
9 static const char NSSCKMDT_CVS_ID[] = "@(#) $RCSfile: nssckmdt.h,v $ $Revision: 1.7 $ $Date: 2012/04/25 14:49:28 $";
10 #endif /* DEBUG */
11
12 /*
13 * nssckmdt.h
14 *
15 * This file specifies the basic types that must be implemented by
16 * any Module using the NSS Cryptoki Framework.
17 */
18
19 #ifndef NSSBASET_H
20 #include "nssbaset.h"
21 #endif /* NSSBASET_H */
22
23 #ifndef NSSCKT_H
24 #include "nssckt.h"
25 #endif /* NSSCKT_H */
26
27 #ifndef NSSCKFWT_H
28 #include "nssckfwt.h"
29 #endif /* NSSCKFWT_H */
30
31 typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
32 typedef struct NSSCKMDSlotStr NSSCKMDSlot;
33 typedef struct NSSCKMDTokenStr NSSCKMDToken;
34 typedef struct NSSCKMDSessionStr NSSCKMDSession;
35 typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
36 typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
37 typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
38 typedef struct NSSCKMDObjectStr NSSCKMDObject;
39
40 /*
41 * NSSCKFWItem
42 *
43 * This is a structure used by modules to return object attributes.
44 * The needsFreeing bit indicates whether the object needs to be freed.
45 * If so, the framework will call the FreeAttribute function on the item
46 * after it is done using it.
47 *
48 */
49
50 typedef struct {
51 PRBool needsFreeing;
52 NSSItem* item;
53 } NSSCKFWItem ;
54
55 /*
56 * NSSCKMDInstance
57 *
58 * This is the basic handle for an instance of a PKCS#11 Module.
59 * It is returned by the Module's CreateInstance routine, and
60 * may be obtained from the corresponding NSSCKFWInstance object.
61 * It contains a pointer for use by the Module, to store any
62 * instance-related data, and it contains the EPV for a set of
63 * routines which the Module may implement for use by the Framework.
64 * Some of these routines are optional; others are mandatory.
65 */
66
67 struct NSSCKMDInstanceStr {
68 /*
69 * The Module may use this pointer for its own purposes.
70 */
71 void *etc;
72
73 /*
74 * This routine is called by the Framework to initialize
75 * the Module. This routine is optional; if unimplemented,
76 * it won't be called. If this routine returns an error,
77 * then the initialization will fail.
78 */
79 CK_RV (PR_CALLBACK *Initialize)(
80 NSSCKMDInstance *mdInstance,
81 NSSCKFWInstance *fwInstance,
82 NSSUTF8 *configurationData
83 );
84
85 /*
86 * This routine is called when the Framework is finalizing
87 * the PKCS#11 Module. It is the last thing called before
88 * the NSSCKFWInstance's NSSArena is destroyed. This routine
89 * is optional; if unimplemented, it merely won't be called.
90 */
91 void (PR_CALLBACK *Finalize)(
92 NSSCKMDInstance *mdInstance,
93 NSSCKFWInstance *fwInstance
94 );
95
96 /*
97 * This routine gets the number of slots. This value must
98 * never change, once the instance is initialized. This
99 * routine must be implemented. It may return zero on error.
100 */
101 CK_ULONG (PR_CALLBACK *GetNSlots)(
102 NSSCKMDInstance *mdInstance,
103 NSSCKFWInstance *fwInstance,
104 CK_RV *pError
105 );
106
107 /*
108 * This routine returns the version of the Cryptoki standard
109 * to which this Module conforms. This routine is optional;
110 * if unimplemented, the Framework uses the version to which
111 * ~it~ was implemented.
112 */
113 CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
114 NSSCKMDInstance *mdInstance,
115 NSSCKFWInstance *fwInstance
116 );
117
118 /*
119 * This routine returns a pointer to a UTF8-encoded string
120 * containing the manufacturer ID for this Module. Only
121 * the characters completely encoded in the first thirty-
122 * two bytes are significant. This routine is optional.
123 * The string returned is never freed; if dynamically generated,
124 * the space for it should be allocated from the NSSArena
125 * that may be obtained from the NSSCKFWInstance. This
126 * routine may return NULL upon error; however if *pError
127 * is CKR_OK, the NULL will be considered the valid response.
128 */
129 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
130 NSSCKMDInstance *mdInstance,
131 NSSCKFWInstance *fwInstance,
132 CK_RV *pError
133 );
134
135 /*
136 * This routine returns a pointer to a UTF8-encoded string
137 * containing a description of this Module library. Only
138 * the characters completely encoded in the first thirty-
139 * two bytes are significant. This routine is optional.
140 * The string returned is never freed; if dynamically generated,
141 * the space for it should be allocated from the NSSArena
142 * that may be obtained from the NSSCKFWInstance. This
143 * routine may return NULL upon error; however if *pError
144 * is CKR_OK, the NULL will be considered the valid response.
145 */
146 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
147 NSSCKMDInstance *mdInstance,
148 NSSCKFWInstance *fwInstance,
149 CK_RV *pError
150 );
151
152 /*
153 * This routine returns the version of this Module library.
154 * This routine is optional; if unimplemented, the Framework
155 * will assume a Module library version of 0.1.
156 */
157 CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
158 NSSCKMDInstance *mdInstance,
159 NSSCKFWInstance *fwInstance
160 );
161
162 /*
163 * This routine returns CK_TRUE if the Module wishes to
164 * handle session objects. This routine is optional.
165 * If this routine is NULL, or if it exists but returns
166 * CK_FALSE, the Framework will assume responsibility
167 * for managing session objects.
168 */
169 CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
170 NSSCKMDInstance *mdInstance,
171 NSSCKFWInstance *fwInstance
172 );
173
174 /*
175 * This routine stuffs pointers to NSSCKMDSlot objects into
176 * the specified array; one for each slot supported by this
177 * instance. The Framework will determine the size needed
178 * for the array by calling GetNSlots. This routine is
179 * required.
180 */
181 CK_RV (PR_CALLBACK *GetSlots)(
182 NSSCKMDInstance *mdInstance,
183 NSSCKFWInstance *fwInstance,
184 NSSCKMDSlot *slots[]
185 );
186
187 /*
188 * This call returns a pointer to the slot in which an event
189 * has occurred. If the block argument is CK_TRUE, the call
190 * should block until a slot event occurs; if CK_FALSE, it
191 * should check to see if an event has occurred, occurred,
192 * but return NULL (and set *pError to CK_NO_EVENT) if one
193 * hasn't. This routine is optional; if unimplemented, the
194 * Framework will assume that no event has happened. This
195 * routine may return NULL upon error.
196 */
197 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
198 NSSCKMDInstance *mdInstance,
199 NSSCKFWInstance *fwInstance,
200 CK_BBOOL block,
201 CK_RV *pError
202 );
203
204 /*
205 * This object may be extended in future versions of the
206 * NSS Cryptoki Framework. To allow for some flexibility
207 * in the area of binary compatibility, this field should
208 * be NULL.
209 */
210 void *null;
211 };
212
213
214 /*
215 * NSSCKMDSlot
216 *
217 * This is the basic handle for a PKCS#11 Module Slot. It is
218 * created by the NSSCKMDInstance->GetSlots call, and may be
219 * obtained from the Framework's corresponding NSSCKFWSlot
220 * object. It contains a pointer for use by the Module, to
221 * store any slot-related data, and it contains the EPV for
222 * a set of routines which the Module may implement for use
223 * by the Framework. Some of these routines are optional.
224 */
225
226 struct NSSCKMDSlotStr {
227 /*
228 * The Module may use this pointer for its own purposes.
229 */
230 void *etc;
231
232 /*
233 * This routine is called during the Framework initialization
234 * step, after the Framework Instance has obtained the list
235 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
236 * specific initialization can be done here. This routine is
237 * optional; if unimplemented, it won't be called. Note that
238 * if this routine returns an error, the entire Framework
239 * initialization for this Module will fail.
240 */
241 CK_RV (PR_CALLBACK *Initialize)(
242 NSSCKMDSlot *mdSlot,
243 NSSCKFWSlot *fwSlot,
244 NSSCKMDInstance *mdInstance,
245 NSSCKFWInstance *fwInstance
246 );
247
248 /*
249 * This routine is called when the Framework is finalizing
250 * the PKCS#11 Module. This call (for each of the slots)
251 * is the last thing called before NSSCKMDInstance->Finalize.
252 * This routine is optional; if unimplemented, it merely
253 * won't be called. Note: In the rare circumstance that
254 * the Framework initialization cannot complete (due to,
255 * for example, memory limitations), this can be called with
256 * a NULL value for fwSlot.
257 */
258 void (PR_CALLBACK *Destroy)(
259 NSSCKMDSlot *mdSlot,
260 NSSCKFWSlot *fwSlot,
261 NSSCKMDInstance *mdInstance,
262 NSSCKFWInstance *fwInstance
263 );
264
265 /*
266 * This routine returns a pointer to a UTF8-encoded string
267 * containing a description of this slot. Only the characters
268 * completely encoded in the first sixty-four bytes are
269 * significant. This routine is optional. The string
270 * returned is never freed; if dynamically generated,
271 * the space for it should be allocated from the NSSArena
272 * that may be obtained from the NSSCKFWInstance. This
273 * routine may return NULL upon error; however if *pError
274 * is CKR_OK, the NULL will be considered the valid response.
275 */
276 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
277 NSSCKMDSlot *mdSlot,
278 NSSCKFWSlot *fwSlot,
279 NSSCKMDInstance *mdInstance,
280 NSSCKFWInstance *fwInstance,
281 CK_RV *pError
282 );
283
284 /*
285 * This routine returns a pointer to a UTF8-encoded string
286 * containing a description of the manufacturer of this slot.
287 * Only the characters completely encoded in the first thirty-
288 * two bytes are significant. This routine is optional.
289 * The string returned is never freed; if dynamically generated,
290 * the space for it should be allocated from the NSSArena
291 * that may be obtained from the NSSCKFWInstance. This
292 * routine may return NULL upon error; however if *pError
293 * is CKR_OK, the NULL will be considered the valid response.
294 */
295 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
296 NSSCKMDSlot *mdSlot,
297 NSSCKFWSlot *fwSlot,
298 NSSCKMDInstance *mdInstance,
299 NSSCKFWInstance *fwInstance,
300 CK_RV *pError
301 );
302
303 /*
304 * This routine returns CK_TRUE if a token is present in this
305 * slot. This routine is optional; if unimplemented, CK_TRUE
306 * is assumed.
307 */
308 CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
309 NSSCKMDSlot *mdSlot,
310 NSSCKFWSlot *fwSlot,
311 NSSCKMDInstance *mdInstance,
312 NSSCKFWInstance *fwInstance
313 );
314
315 /*
316 * This routine returns CK_TRUE if the slot supports removable
317 * tokens. This routine is optional; if unimplemented, CK_FALSE
318 * is assumed.
319 */
320 CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
321 NSSCKMDSlot *mdSlot,
322 NSSCKFWSlot *fwSlot,
323 NSSCKMDInstance *mdInstance,
324 NSSCKFWInstance *fwInstance
325 );
326
327 /*
328 * This routine returns CK_TRUE if this slot is a hardware
329 * device, or CK_FALSE if this slot is a software device. This
330 * routine is optional; if unimplemented, CK_FALSE is assumed.
331 */
332 CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
333 NSSCKMDSlot *mdSlot,
334 NSSCKFWSlot *fwSlot,
335 NSSCKMDInstance *mdInstance,
336 NSSCKFWInstance *fwInstance
337 );
338
339 /*
340 * This routine returns the version of this slot's hardware.
341 * This routine is optional; if unimplemented, the Framework
342 * will assume a hardware version of 0.1.
343 */
344 CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
345 NSSCKMDSlot *mdSlot,
346 NSSCKFWSlot *fwSlot,
347 NSSCKMDInstance *mdInstance,
348 NSSCKFWInstance *fwInstance
349 );
350
351 /*
352 * This routine returns the version of this slot's firmware.
353 * This routine is optional; if unimplemented, the Framework
354 * will assume a hardware version of 0.1.
355 */
356 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
357 NSSCKMDSlot *mdSlot,
358 NSSCKFWSlot *fwSlot,
359 NSSCKMDInstance *mdInstance,
360 NSSCKFWInstance *fwInstance
361 );
362
363 /*
364 * This routine should return a pointer to an NSSCKMDToken
365 * object corresponding to the token in the specified slot.
366 * The NSSCKFWToken object passed in has an NSSArena
367 * available which is dedicated for this token. This routine
368 * must be implemented. This routine may return NULL upon
369 * error.
370 */
371 NSSCKMDToken *(PR_CALLBACK *GetToken)(
372 NSSCKMDSlot *mdSlot,
373 NSSCKFWSlot *fwSlot,
374 NSSCKMDInstance *mdInstance,
375 NSSCKFWInstance *fwInstance,
376 CK_RV *pError
377 );
378
379 /*
380 * This object may be extended in future versions of the
381 * NSS Cryptoki Framework. To allow for some flexibility
382 * in the area of binary compatibility, this field should
383 * be NULL.
384 */
385 void *null;
386 };
387
388 /*
389 * NSSCKMDToken
390 *
391 * This is the basic handle for a PKCS#11 Token. It is created by
392 * the NSSCKMDSlot->GetToken call, and may be obtained from the
393 * Framework's corresponding NSSCKFWToken object. It contains a
394 * pointer for use by the Module, to store any token-related
395 * data, and it contains the EPV for a set of routines which the
396 * Module may implement for use by the Framework. Some of these
397 * routines are optional.
398 */
399
400 struct NSSCKMDTokenStr {
401 /*
402 * The Module may use this pointer for its own purposes.
403 */
404 void *etc;
405
406 /*
407 * This routine is used to prepare a Module token object for
408 * use. It is called after the NSSCKMDToken object is obtained
409 * from NSSCKMDSlot->GetToken. It is named "Setup" here because
410 * Cryptoki already defines "InitToken" to do the process of
411 * wiping out any existing state on a token and preparing it for
412 * a new use. This routine is optional; if unimplemented, it
413 * merely won't be called.
414 */
415 CK_RV (PR_CALLBACK *Setup)(
416 NSSCKMDToken *mdToken,
417 NSSCKFWToken *fwToken,
418 NSSCKMDInstance *mdInstance,
419 NSSCKFWInstance *fwInstance
420 );
421
422 /*
423 * This routine is called by the Framework whenever it notices
424 * that the token object is invalid. (Typically this is when a
425 * routine indicates an error such as CKR_DEVICE_REMOVED). This
426 * call is the last thing called before the NSSArena in the
427 * corresponding NSSCKFWToken is destroyed. This routine is
428 * optional; if unimplemented, it merely won't be called.
429 */
430 void (PR_CALLBACK *Invalidate)(
431 NSSCKMDToken *mdToken,
432 NSSCKFWToken *fwToken,
433 NSSCKMDInstance *mdInstance,
434 NSSCKFWInstance *fwInstance
435 );
436
437 /*
438 * This routine initialises the token in the specified slot.
439 * This routine is optional; if unimplemented, the Framework
440 * will fail this operation with an error of CKR_DEVICE_ERROR.
441 */
442
443 CK_RV (PR_CALLBACK *InitToken)(
444 NSSCKMDToken *mdToken,
445 NSSCKFWToken *fwToken,
446 NSSCKMDInstance *mdInstance,
447 NSSCKFWInstance *fwInstance,
448 NSSItem *pin,
449 NSSUTF8 *label
450 );
451
452 /*
453 * This routine returns a pointer to a UTF8-encoded string
454 * containing this token's label. Only the characters
455 * completely encoded in the first thirty-two bytes are
456 * significant. This routine is optional. The string
457 * returned is never freed; if dynamically generated,
458 * the space for it should be allocated from the NSSArena
459 * that may be obtained from the NSSCKFWInstance. This
460 * routine may return NULL upon error; however if *pError
461 * is CKR_OK, the NULL will be considered the valid response.
462 */
463 NSSUTF8 *(PR_CALLBACK *GetLabel)(
464 NSSCKMDToken *mdToken,
465 NSSCKFWToken *fwToken,
466 NSSCKMDInstance *mdInstance,
467 NSSCKFWInstance *fwInstance,
468 CK_RV *pError
469 );
470
471 /*
472 * This routine returns a pointer to a UTF8-encoded string
473 * containing this token's manufacturer ID. Only the characters
474 * completely encoded in the first thirty-two bytes are
475 * significant. This routine is optional. The string
476 * returned is never freed; if dynamically generated,
477 * the space for it should be allocated from the NSSArena
478 * that may be obtained from the NSSCKFWInstance. This
479 * routine may return NULL upon error; however if *pError
480 * is CKR_OK, the NULL will be considered the valid response.
481 */
482 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
483 NSSCKMDToken *mdToken,
484 NSSCKFWToken *fwToken,
485 NSSCKMDInstance *mdInstance,
486 NSSCKFWInstance *fwInstance,
487 CK_RV *pError
488 );
489
490 /*
491 * This routine returns a pointer to a UTF8-encoded string
492 * containing this token's model name. Only the characters
493 * completely encoded in the first thirty-two bytes are
494 * significant. This routine is optional. The string
495 * returned is never freed; if dynamically generated,
496 * the space for it should be allocated from the NSSArena
497 * that may be obtained from the NSSCKFWInstance. This
498 * routine may return NULL upon error; however if *pError
499 * is CKR_OK, the NULL will be considered the valid response.
500 */
501 NSSUTF8 *(PR_CALLBACK *GetModel)(
502 NSSCKMDToken *mdToken,
503 NSSCKFWToken *fwToken,
504 NSSCKMDInstance *mdInstance,
505 NSSCKFWInstance *fwInstance,
506 CK_RV *pError
507 );
508
509 /*
510 * This routine returns a pointer to a UTF8-encoded string
511 * containing this token's serial number. Only the characters
512 * completely encoded in the first thirty-two bytes are
513 * significant. This routine is optional. The string
514 * returned is never freed; if dynamically generated,
515 * the space for it should be allocated from the NSSArena
516 * that may be obtained from the NSSCKFWInstance. This
517 * routine may return NULL upon error; however if *pError
518 * is CKR_OK, the NULL will be considered the valid response.
519 */
520 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
521 NSSCKMDToken *mdToken,
522 NSSCKFWToken *fwToken,
523 NSSCKMDInstance *mdInstance,
524 NSSCKFWInstance *fwInstance,
525 CK_RV *pError
526 );
527
528 /*
529 * This routine returns CK_TRUE if the token has its own
530 * random number generator. This routine is optional; if
531 * unimplemented, CK_FALSE is assumed.
532 */
533 CK_BBOOL (PR_CALLBACK *GetHasRNG)(
534 NSSCKMDToken *mdToken,
535 NSSCKFWToken *fwToken,
536 NSSCKMDInstance *mdInstance,
537 NSSCKFWInstance *fwInstance
538 );
539
540 /*
541 * This routine returns CK_TRUE if this token is write-protected.
542 * This routine is optional; if unimplemented, CK_FALSE is
543 * assumed.
544 */
545 CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
546 NSSCKMDToken *mdToken,
547 NSSCKFWToken *fwToken,
548 NSSCKMDInstance *mdInstance,
549 NSSCKFWInstance *fwInstance
550 );
551
552 /*
553 * This routine returns CK_TRUE if this token requires a login.
554 * This routine is optional; if unimplemented, CK_FALSE is
555 * assumed.
556 */
557 CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
558 NSSCKMDToken *mdToken,
559 NSSCKFWToken *fwToken,
560 NSSCKMDInstance *mdInstance,
561 NSSCKFWInstance *fwInstance
562 );
563
564 /*
565 * This routine returns CK_TRUE if the normal user's PIN on this
566 * token has been initialised. This routine is optional; if
567 * unimplemented, CK_FALSE is assumed.
568 */
569 CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
570 NSSCKMDToken *mdToken,
571 NSSCKFWToken *fwToken,
572 NSSCKMDInstance *mdInstance,
573 NSSCKFWInstance *fwInstance
574 );
575
576 /*
577 * This routine returns CK_TRUE if a successful save of a
578 * session's cryptographic operations state ~always~ contains
579 * all keys needed to restore the state of the session. This
580 * routine is optional; if unimplemented, CK_FALSE is assumed.
581 */
582 CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
583 NSSCKMDToken *mdToken,
584 NSSCKFWToken *fwToken,
585 NSSCKMDInstance *mdInstance,
586 NSSCKFWInstance *fwInstance
587 );
588
589 /*
590 * This routine returns CK_TRUE if the token has its own
591 * hardware clock. This routine is optional; if unimplemented,
592 * CK_FALSE is assumed.
593 */
594 CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
595 NSSCKMDToken *mdToken,
596 NSSCKFWToken *fwToken,
597 NSSCKMDInstance *mdInstance,
598 NSSCKFWInstance *fwInstance
599 );
600
601 /*
602 * This routine returns CK_TRUE if the token has a protected
603 * authentication path. This routine is optional; if
604 * unimplemented, CK_FALSE is assumed.
605 */
606 CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
607 NSSCKMDToken *mdToken,
608 NSSCKFWToken *fwToken,
609 NSSCKMDInstance *mdInstance,
610 NSSCKFWInstance *fwInstance
611 );
612
613 /*
614 * This routine returns CK_TRUE if the token supports dual
615 * cryptographic operations within a single session. This
616 * routine is optional; if unimplemented, CK_FALSE is assumed.
617 */
618 CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
619 NSSCKMDToken *mdToken,
620 NSSCKFWToken *fwToken,
621 NSSCKMDInstance *mdInstance,
622 NSSCKFWInstance *fwInstance
623 );
624
625 /*
626 * XXX fgmr-- should we have a call to return all the flags
627 * at once, for folks who already know about Cryptoki?
628 */
629
630 /*
631 * This routine returns the maximum number of sessions that
632 * may be opened on this token. This routine is optional;
633 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
634 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
635 */
636 CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
637 NSSCKMDToken *mdToken,
638 NSSCKFWToken *fwToken,
639 NSSCKMDInstance *mdInstance,
640 NSSCKFWInstance *fwInstance
641 );
642
643 /*
644 * This routine returns the maximum number of read/write
645 * sesisons that may be opened on this token. This routine
646 * is optional; if unimplemented, the special value
647 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
648 * CK_EFFECTIVELY_INFINITE?
649 */
650 CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
651 NSSCKMDToken *mdToken,
652 NSSCKFWToken *fwToken,
653 NSSCKMDInstance *mdInstance,
654 NSSCKFWInstance *fwInstance
655 );
656
657 /*
658 * This routine returns the maximum PIN code length that is
659 * supported on this token. This routine is optional;
660 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
661 * is assumed.
662 */
663 CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
664 NSSCKMDToken *mdToken,
665 NSSCKFWToken *fwToken,
666 NSSCKMDInstance *mdInstance,
667 NSSCKFWInstance *fwInstance
668 );
669
670 /*
671 * This routine returns the minimum PIN code length that is
672 * supported on this token. This routine is optional; if
673 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
674 * is assumed. XXX fgmr-- or 0?
675 */
676 CK_ULONG (PR_CALLBACK *GetMinPinLen)(
677 NSSCKMDToken *mdToken,
678 NSSCKFWToken *fwToken,
679 NSSCKMDInstance *mdInstance,
680 NSSCKFWInstance *fwInstance
681 );
682
683 /*
684 * This routine returns the total amount of memory on the token
685 * in which public objects may be stored. This routine is
686 * optional; if unimplemented, the special value
687 * CK_UNAVAILABLE_INFORMATION is assumed.
688 */
689 CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
690 NSSCKMDToken *mdToken,
691 NSSCKFWToken *fwToken,
692 NSSCKMDInstance *mdInstance,
693 NSSCKFWInstance *fwInstance
694 );
695
696 /*
697 * This routine returns the amount of unused memory on the
698 * token in which public objects may be stored. This routine
699 * is optional; if unimplemented, the special value
700 * CK_UNAVAILABLE_INFORMATION is assumed.
701 */
702 CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
703 NSSCKMDToken *mdToken,
704 NSSCKFWToken *fwToken,
705 NSSCKMDInstance *mdInstance,
706 NSSCKFWInstance *fwInstance
707 );
708
709 /*
710 * This routine returns the total amount of memory on the token
711 * in which private objects may be stored. This routine is
712 * optional; if unimplemented, the special value
713 * CK_UNAVAILABLE_INFORMATION is assumed.
714 */
715 CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
716 NSSCKMDToken *mdToken,
717 NSSCKFWToken *fwToken,
718 NSSCKMDInstance *mdInstance,
719 NSSCKFWInstance *fwInstance
720 );
721
722 /*
723 * This routine returns the amount of unused memory on the
724 * token in which private objects may be stored. This routine
725 * is optional; if unimplemented, the special value
726 * CK_UNAVAILABLE_INFORMATION is assumed.
727 */
728 CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
729 NSSCKMDToken *mdToken,
730 NSSCKFWToken *fwToken,
731 NSSCKMDInstance *mdInstance,
732 NSSCKFWInstance *fwInstance
733 );
734
735 /*
736 * This routine returns the version number of this token's
737 * hardware. This routine is optional; if unimplemented,
738 * the value 0.1 is assumed.
739 */
740 CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
741 NSSCKMDToken *mdToken,
742 NSSCKFWToken *fwToken,
743 NSSCKMDInstance *mdInstance,
744 NSSCKFWInstance *fwInstance
745 );
746
747 /*
748 * This routine returns the version number of this token's
749 * firmware. This routine is optional; if unimplemented,
750 * the value 0.1 is assumed.
751 */
752 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
753 NSSCKMDToken *mdToken,
754 NSSCKFWToken *fwToken,
755 NSSCKMDInstance *mdInstance,
756 NSSCKFWInstance *fwInstance
757 );
758
759 /*
760 * This routine stuffs the current UTC time, as obtained from
761 * the token, into the sixteen-byte buffer in the form
762 * YYYYMMDDhhmmss00. This routine need only be implemented
763 * by token which indicate that they have a real-time clock.
764 * XXX fgmr-- think about time formats.
765 */
766 CK_RV (PR_CALLBACK *GetUTCTime)(
767 NSSCKMDToken *mdToken,
768 NSSCKFWToken *fwToken,
769 NSSCKMDInstance *mdInstance,
770 NSSCKFWInstance *fwInstance,
771 CK_CHAR utcTime[16]
772 );
773
774 /*
775 * This routine creates a session on the token, and returns
776 * the corresponding NSSCKMDSession object. The value of
777 * rw will be CK_TRUE if the session is to be a read/write
778 * session, or CK_FALSE otherwise. An NSSArena dedicated to
779 * the new session is available from the specified NSSCKFWSession.
780 * This routine may return NULL upon error.
781 */
782 NSSCKMDSession *(PR_CALLBACK *OpenSession)(
783 NSSCKMDToken *mdToken,
784 NSSCKFWToken *fwToken,
785 NSSCKMDInstance *mdInstance,
786 NSSCKFWInstance *fwInstance,
787 NSSCKFWSession *fwSession,
788 CK_BBOOL rw,
789 CK_RV *pError
790 );
791
792 /*
793 * This routine returns the number of PKCS#11 Mechanisms
794 * supported by this token. This routine is optional; if
795 * unimplemented, zero is assumed.
796 */
797 CK_ULONG (PR_CALLBACK *GetMechanismCount)(
798 NSSCKMDToken *mdToken,
799 NSSCKFWToken *fwToken,
800 NSSCKMDInstance *mdInstance,
801 NSSCKFWInstance *fwInstance
802 );
803
804 /*
805 * This routine stuffs into the specified array the types
806 * of the mechanisms supported by this token. The Framework
807 * determines the size of the array by calling GetMechanismCount.
808 */
809 CK_RV (PR_CALLBACK *GetMechanismTypes)(
810 NSSCKMDToken *mdToken,
811 NSSCKFWToken *fwToken,
812 NSSCKMDInstance *mdInstance,
813 NSSCKFWInstance *fwInstance,
814 CK_MECHANISM_TYPE types[]
815 );
816
817 /*
818 * This routine returns a pointer to a Module mechanism
819 * object corresponding to a specified type. This routine
820 * need only exist for tokens implementing at least one
821 * mechanism.
822 */
823 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
824 NSSCKMDToken *mdToken,
825 NSSCKFWToken *fwToken,
826 NSSCKMDInstance *mdInstance,
827 NSSCKFWInstance *fwInstance,
828 CK_MECHANISM_TYPE which,
829 CK_RV *pError
830 );
831
832 /*
833 * This object may be extended in future versions of the
834 * NSS Cryptoki Framework. To allow for some flexibility
835 * in the area of binary compatibility, this field should
836 * be NULL.
837 */
838 void *null;
839 };
840
841 /*
842 * NSSCKMDSession
843 *
844 * This is the basic handle for a session on a PKCS#11 Token. It
845 * is created by NSSCKMDToken->OpenSession, and may be obtained
846 * from the Framework's corresponding NSSCKFWSession object. It
847 * contains a pointer for use by the Module, to store any session-
848 * realted data, and it contains the EPV for a set of routines
849 * which the Module may implement for use by the Framework. Some
850 * of these routines are optional.
851 */
852
853 struct NSSCKMDSessionStr {
854 /*
855 * The Module may use this pointer for its own purposes.
856 */
857 void *etc;
858
859 /*
860 * This routine is called by the Framework when a session is
861 * closed. This call is the last thing called before the
862 * NSSArena in the correspoinding NSSCKFWSession is destroyed.
863 * This routine is optional; if unimplemented, it merely won't
864 * be called.
865 */
866 void (PR_CALLBACK *Close)(
867 NSSCKMDSession *mdSession,
868 NSSCKFWSession *fwSession,
869 NSSCKMDToken *mdToken,
870 NSSCKFWToken *fwToken,
871 NSSCKMDInstance *mdInstance,
872 NSSCKFWInstance *fwInstance
873 );
874
875 /*
876 * This routine is used to get any device-specific error.
877 * This routine is optional.
878 */
879 CK_ULONG (PR_CALLBACK *GetDeviceError)(
880 NSSCKMDSession *mdSession,
881 NSSCKFWSession *fwSession,
882 NSSCKMDToken *mdToken,
883 NSSCKFWToken *fwToken,
884 NSSCKMDInstance *mdInstance,
885 NSSCKFWInstance *fwInstance
886 );
887
888 /*
889 * This routine is used to log in a user to the token. This
890 * routine is optional, since the Framework's NSSCKFWSession
891 * object keeps track of the login state.
892 */
893 CK_RV (PR_CALLBACK *Login)(
894 NSSCKMDSession *mdSession,
895 NSSCKFWSession *fwSession,
896 NSSCKMDToken *mdToken,
897 NSSCKFWToken *fwToken,
898 NSSCKMDInstance *mdInstance,
899 NSSCKFWInstance *fwInstance,
900 CK_USER_TYPE userType,
901 NSSItem *pin,
902 CK_STATE oldState,
903 CK_STATE newState
904 );
905
906 /*
907 * This routine is used to log out a user from the token. This
908 * routine is optional, since the Framework's NSSCKFWSession
909 * object keeps track of the login state.
910 */
911 CK_RV (PR_CALLBACK *Logout)(
912 NSSCKMDSession *mdSession,
913 NSSCKFWSession *fwSession,
914 NSSCKMDToken *mdToken,
915 NSSCKFWToken *fwToken,
916 NSSCKMDInstance *mdInstance,
917 NSSCKFWInstance *fwInstance,
918 CK_STATE oldState,
919 CK_STATE newState
920 );
921
922 /*
923 * This routine is used to initialize the normal user's PIN or
924 * password. This will only be called in the "read/write
925 * security officer functions" state. If this token has a
926 * protected authentication path, then the pin argument will
927 * be NULL. This routine is optional; if unimplemented, the
928 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
929 */
930 CK_RV (PR_CALLBACK *InitPIN)(
931 NSSCKMDSession *mdSession,
932 NSSCKFWSession *fwSession,
933 NSSCKMDToken *mdToken,
934 NSSCKFWToken *fwToken,
935 NSSCKMDInstance *mdInstance,
936 NSSCKFWInstance *fwInstance,
937 NSSItem *pin
938 );
939
940 /*
941 * This routine is used to modify a user's PIN or password. This
942 * routine will only be called in the "read/write security officer
943 * functions" or "read/write user functions" state. If this token
944 * has a protected authentication path, then the pin arguments
945 * will be NULL. This routine is optional; if unimplemented, the
946 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
947 */
948 CK_RV (PR_CALLBACK *SetPIN)(
949 NSSCKMDSession *mdSession,
950 NSSCKFWSession *fwSession,
951 NSSCKMDToken *mdToken,
952 NSSCKFWToken *fwToken,
953 NSSCKMDInstance *mdInstance,
954 NSSCKFWInstance *fwInstance,
955 NSSItem *oldPin,
956 NSSItem *newPin
957 );
958
959 /*
960 * This routine is used to find out how much space would be required
961 * to save the current operational state. This routine is optional;
962 * if unimplemented, the Framework will reject any attempts to save
963 * the operational state with the error CKR_STATE_UNSAVEABLE. This
964 * routine may return zero on error.
965 */
966 CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
967 NSSCKMDSession *mdSession,
968 NSSCKFWSession *fwSession,
969 NSSCKMDToken *mdToken,
970 NSSCKFWToken *fwToken,
971 NSSCKMDInstance *mdInstance,
972 NSSCKFWInstance *fwInstance,
973 CK_RV *pError
974 );
975
976 /*
977 * This routine is used to store the current operational state. This
978 * routine is only required if GetOperationStateLen is implemented
979 * and can return a nonzero value. The buffer in the specified item
980 * will be pre-allocated, and the length will specify the amount of
981 * space available (which may be more than GetOperationStateLen
982 * asked for, but which will not be smaller).
983 */
984 CK_RV (PR_CALLBACK *GetOperationState)(
985 NSSCKMDSession *mdSession,
986 NSSCKFWSession *fwSession,
987 NSSCKMDToken *mdToken,
988 NSSCKFWToken *fwToken,
989 NSSCKMDInstance *mdInstance,
990 NSSCKFWInstance *fwInstance,
991 NSSItem *buffer
992 );
993
994 /*
995 * This routine is used to restore an operational state previously
996 * obtained with GetOperationState. The Framework will take pains
997 * to be sure that the state is (or was at one point) valid; if the
998 * Module notices that the state is invalid, it should return an
999 * error, but it is not required to be paranoid about the issue.
1000 * [XXX fgmr-- should (can?) the framework verify the keys match up?]
1001 * This routine is required only if GetOperationState is implemented.
1002 */
1003 CK_RV (PR_CALLBACK *SetOperationState)(
1004 NSSCKMDSession *mdSession,
1005 NSSCKFWSession *fwSession,
1006 NSSCKMDToken *mdToken,
1007 NSSCKFWToken *fwToken,
1008 NSSCKMDInstance *mdInstance,
1009 NSSCKFWInstance *fwInstance,
1010 NSSItem *state,
1011 NSSCKMDObject *mdEncryptionKey,
1012 NSSCKFWObject *fwEncryptionKey,
1013 NSSCKMDObject *mdAuthenticationKey,
1014 NSSCKFWObject *fwAuthenticationKey
1015 );
1016
1017 /*
1018 * This routine is used to create an object. The specified template
1019 * will only specify a session object if the Module has indicated
1020 * that it wishes to handle its own session objects. This routine
1021 * is optional; if unimplemented, the Framework will reject the
1022 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1023 * token objects should come from the NSSArena available from the
1024 * NSSCKFWToken object; space for session objects (if supported)
1025 * should come from the NSSArena available from the NSSCKFWSession
1026 * object. The appropriate NSSArena pointer will, as a convenience,
1027 * be passed as the handyArenaPointer argument. This routine may
1028 * return NULL upon error.
1029 */
1030 NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1031 NSSCKMDSession *mdSession,
1032 NSSCKFWSession *fwSession,
1033 NSSCKMDToken *mdToken,
1034 NSSCKFWToken *fwToken,
1035 NSSCKMDInstance *mdInstance,
1036 NSSCKFWInstance *fwInstance,
1037 NSSArena *handyArenaPointer,
1038 CK_ATTRIBUTE_PTR pTemplate,
1039 CK_ULONG ulAttributeCount,
1040 CK_RV *pError
1041 );
1042
1043 /*
1044 * This routine is used to make a copy of an object. It is entirely
1045 * optional; if unimplemented, the Framework will try to use
1046 * CreateObject instead. If the Module has indicated that it does
1047 * not wish to handle session objects, then this routine will only
1048 * be called to copy a token object to another token object.
1049 * Otherwise, either the original object or the new may be of
1050 * either the token or session variety. As with CreateObject, the
1051 * handyArenaPointer will point to the appropriate arena for the
1052 * new object. This routine may return NULL upon error.
1053 */
1054 NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1055 NSSCKMDSession *mdSession,
1056 NSSCKFWSession *fwSession,
1057 NSSCKMDToken *mdToken,
1058 NSSCKFWToken *fwToken,
1059 NSSCKMDInstance *mdInstance,
1060 NSSCKFWInstance *fwInstance,
1061 NSSCKMDObject *mdOldObject,
1062 NSSCKFWObject *fwOldObject,
1063 NSSArena *handyArenaPointer,
1064 CK_ATTRIBUTE_PTR pTemplate,
1065 CK_ULONG ulAttributeCount,
1066 CK_RV *pError
1067 );
1068
1069 /*
1070 * This routine is used to begin an object search. This routine may
1071 * be unimplemented only if the Module does not handle session
1072 * objects, and if none of its tokens have token objects. The
1073 * NSSCKFWFindObjects pointer has an NSSArena that may be used for
1074 * storage for the life of this "find" operation. This routine may
1075 * return NULL upon error. If the Module can determine immediately
1076 * that the search will not find any matching objects, it may return
1077 * NULL, and specify CKR_OK as the error.
1078 */
1079 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1080 NSSCKMDSession *mdSession,
1081 NSSCKFWSession *fwSession,
1082 NSSCKMDToken *mdToken,
1083 NSSCKFWToken *fwToken,
1084 NSSCKMDInstance *mdInstance,
1085 NSSCKFWInstance *fwInstance,
1086 CK_ATTRIBUTE_PTR pTemplate,
1087 CK_ULONG ulAttributeCount,
1088 CK_RV *pError
1089 );
1090
1091 /*
1092 * This routine seeds the random-number generator. It is
1093 * optional, even if GetRandom is implemented. If unimplemented,
1094 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1095 */
1096 CK_RV (PR_CALLBACK *SeedRandom)(
1097 NSSCKMDSession *mdSession,
1098 NSSCKFWSession *fwSession,
1099 NSSCKMDToken *mdToken,
1100 NSSCKFWToken *fwToken,
1101 NSSCKMDInstance *mdInstance,
1102 NSSCKFWInstance *fwInstance,
1103 NSSItem *seed
1104 );
1105
1106 /*
1107 * This routine gets random data. It is optional. If unimplemented,
1108 * the Framework will issue the error CKR_RANDOM_NO_RNG.
1109 */
1110 CK_RV (PR_CALLBACK *GetRandom)(
1111 NSSCKMDSession *mdSession,
1112 NSSCKFWSession *fwSession,
1113 NSSCKMDToken *mdToken,
1114 NSSCKFWToken *fwToken,
1115 NSSCKMDInstance *mdInstance,
1116 NSSCKFWInstance *fwInstance,
1117 NSSItem *buffer
1118 );
1119
1120 /*
1121 * This object may be extended in future versions of the
1122 * NSS Cryptoki Framework. To allow for some flexibility
1123 * in the area of binary compatibility, this field should
1124 * be NULL.
1125 */
1126 void *null;
1127 };
1128
1129 /*
1130 * NSSCKMDFindObjects
1131 *
1132 * This is the basic handle for an object search. It is
1133 * created by NSSCKMDSession->FindObjectsInit, and may be
1134 * obtained from the Framework's corresponding object.
1135 * It contains a pointer for use by the Module, to store
1136 * any search-related data, and it contains the EPV for a
1137 * set of routines which the Module may implement for use
1138 * by the Framework. Some of these routines are optional.
1139 */
1140
1141 struct NSSCKMDFindObjectsStr {
1142 /*
1143 * The Module may use this pointer for its own purposes.
1144 */
1145 void *etc;
1146
1147 /*
1148 * This routine is called by the Framework to finish a
1149 * search operation. Note that the Framework may finish
1150 * a search before it has completed. This routine is
1151 * optional; if unimplemented, it merely won't be called.
1152 */
1153 void (PR_CALLBACK *Final)(
1154 NSSCKMDFindObjects *mdFindObjects,
1155 NSSCKFWFindObjects *fwFindObjects,
1156 NSSCKMDSession *mdSession,
1157 NSSCKFWSession *fwSession,
1158 NSSCKMDToken *mdToken,
1159 NSSCKFWToken *fwToken,
1160 NSSCKMDInstance *mdInstance,
1161 NSSCKFWInstance *fwInstance
1162 );
1163
1164 /*
1165 * This routine is used to obtain another pointer to an
1166 * object matching the search criteria. This routine is
1167 * required. If no (more) objects match the search, it
1168 * should return NULL and set the error to CKR_OK.
1169 */
1170 NSSCKMDObject *(PR_CALLBACK *Next)(
1171 NSSCKMDFindObjects *mdFindObjects,
1172 NSSCKFWFindObjects *fwFindObjects,
1173 NSSCKMDSession *mdSession,
1174 NSSCKFWSession *fwSession,
1175 NSSCKMDToken *mdToken,
1176 NSSCKFWToken *fwToken,
1177 NSSCKMDInstance *mdInstance,
1178 NSSCKFWInstance *fwInstance,
1179 NSSArena *arena,
1180 CK_RV *pError
1181 );
1182
1183 /*
1184 * This object may be extended in future versions of the
1185 * NSS Cryptoki Framework. To allow for some flexibility
1186 * in the area of binary compatibility, this field should
1187 * be NULL.
1188 */
1189 void *null;
1190 };
1191
1192 /*
1193 * NSSCKMDCryptoOperaion
1194 *
1195 * This is the basic handle for an encryption, decryption,
1196 * sign, verify, or hash opertion.
1197 * created by NSSCKMDMechanism->XXXXInit, and may be
1198 * obtained from the Framework's corresponding object.
1199 * It contains a pointer for use by the Module, to store
1200 * any intermediate data, and it contains the EPV for a
1201 * set of routines which the Module may implement for use
1202 * by the Framework. Some of these routines are optional.
1203 */
1204
1205 struct NSSCKMDCryptoOperationStr {
1206 /*
1207 * The Module may use this pointer for its own purposes.
1208 */
1209 void *etc;
1210
1211 /*
1212 * This routine is called by the Framework clean up the mdCryptoOperation
1213 * structure.
1214 * This routine is optional; if unimplemented, it will be ignored.
1215 */
1216 void (PR_CALLBACK *Destroy)(
1217 NSSCKMDCryptoOperation *mdCryptoOperation,
1218 NSSCKFWCryptoOperation *fwCryptoOperation,
1219 NSSCKMDInstance *mdInstance,
1220 NSSCKFWInstance *fwInstance
1221 );
1222
1223
1224 /*
1225 * how many bytes do we need to finish this buffer?
1226 * must be implemented if Final is implemented.
1227 */
1228 CK_ULONG (PR_CALLBACK *GetFinalLength)(
1229 NSSCKMDCryptoOperation *mdCryptoOperation,
1230 NSSCKFWCryptoOperation *fwCryptoOperation,
1231 NSSCKMDSession *mdSession,
1232 NSSCKFWSession *fwSession,
1233 NSSCKMDToken *mdToken,
1234 NSSCKFWToken *fwToken,
1235 NSSCKMDInstance *mdInstance,
1236 NSSCKFWInstance *fwInstance,
1237 CK_RV *pError
1238 );
1239
1240 /*
1241 * how many bytes do we need to complete the next operation.
1242 * used in both Update and UpdateFinal.
1243 */
1244 CK_ULONG (PR_CALLBACK *GetOperationLength)(
1245 NSSCKMDCryptoOperation *mdCryptoOperation,
1246 NSSCKFWCryptoOperation *fwCryptoOperation,
1247 NSSCKMDSession *mdSession,
1248 NSSCKFWSession *fwSession,
1249 NSSCKMDToken *mdToken,
1250 NSSCKFWToken *fwToken,
1251 NSSCKMDInstance *mdInstance,
1252 NSSCKFWInstance *fwInstance,
1253 const NSSItem *inputBuffer,
1254 CK_RV *pError
1255 );
1256
1257 /*
1258 * This routine is called by the Framework to finish a
1259 * search operation. Note that the Framework may finish
1260 * a search before it has completed. This routine is
1261 * optional; if unimplemented, it merely won't be called.
1262 * The respective final call with fail with CKR_FUNCTION_FAILED
1263 * Final should not free the mdCryptoOperation.
1264 */
1265 CK_RV(PR_CALLBACK *Final)(
1266 NSSCKMDCryptoOperation *mdCryptoOperation,
1267 NSSCKFWCryptoOperation *fwCryptoOperation,
1268 NSSCKMDSession *mdSession,
1269 NSSCKFWSession *fwSession,
1270 NSSCKMDToken *mdToken,
1271 NSSCKFWToken *fwToken,
1272 NSSCKMDInstance *mdInstance,
1273 NSSCKFWInstance *fwInstance,
1274 NSSItem *outputBuffer
1275 );
1276
1277
1278 /*
1279 * This routine is called by the Framework to complete the
1280 * next step in an encryption/decryption operation.
1281 * This routine is optional; if unimplemented, the respective
1282 * update call with fail with CKR_FUNCTION_FAILED.
1283 * Update should not be implemented for signing/verification/digest
1284 * mechanisms.
1285 */
1286 CK_RV(PR_CALLBACK *Update)(
1287 NSSCKMDCryptoOperation *mdCryptoOperation,
1288 NSSCKFWCryptoOperation *fwCryptoOperation,
1289 NSSCKMDSession *mdSession,
1290 NSSCKFWSession *fwSession,
1291 NSSCKMDToken *mdToken,
1292 NSSCKFWToken *fwToken,
1293 NSSCKMDInstance *mdInstance,
1294 NSSCKFWInstance *fwInstance,
1295 const NSSItem *inputBuffer,
1296 NSSItem *outputBuffer
1297 );
1298
1299 /*
1300 * This routine is called by the Framework to complete the
1301 * next step in a signing/verification/digest operation.
1302 * This routine is optional; if unimplemented, the respective
1303 * update call with fail with CKR_FUNCTION_FAILED
1304 * Update should not be implemented for encryption/decryption
1305 * mechanisms.
1306 */
1307 CK_RV(PR_CALLBACK *DigestUpdate)(
1308 NSSCKMDCryptoOperation *mdCryptoOperation,
1309 NSSCKFWCryptoOperation *fwCryptoOperation,
1310 NSSCKMDSession *mdSession,
1311 NSSCKFWSession *fwSession,
1312 NSSCKMDToken *mdToken,
1313 NSSCKFWToken *fwToken,
1314 NSSCKMDInstance *mdInstance,
1315 NSSCKFWInstance *fwInstance,
1316 const NSSItem *inputBuffer
1317 );
1318
1319 /*
1320 * This routine is called by the Framework to complete a
1321 * single step operation. This routine is optional; if unimplemented,
1322 * the framework will use the Update and Final functions to complete
1323 * the operation.
1324 */
1325 CK_RV(PR_CALLBACK *UpdateFinal)(
1326 NSSCKMDCryptoOperation *mdCryptoOperation,
1327 NSSCKFWCryptoOperation *fwCryptoOperation,
1328 NSSCKMDSession *mdSession,
1329 NSSCKFWSession *fwSession,
1330 NSSCKMDToken *mdToken,
1331 NSSCKFWToken *fwToken,
1332 NSSCKMDInstance *mdInstance,
1333 NSSCKFWInstance *fwInstance,
1334 const NSSItem *inputBuffer,
1335 NSSItem *outputBuffer
1336 );
1337
1338 /*
1339 * This routine is called by the Framework to complete next
1340 * step in a combined operation. The Decrypt/Encrypt mechanism
1341 * should define and drive the combo step.
1342 * This routine is optional; if unimplemented,
1343 * the framework will use the appropriate Update functions to complete
1344 * the operation.
1345 */
1346 CK_RV(PR_CALLBACK *UpdateCombo)(
1347 NSSCKMDCryptoOperation *mdCryptoOperation,
1348 NSSCKFWCryptoOperation *fwCryptoOperation,
1349 NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1350 NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1351 NSSCKMDSession *mdSession,
1352 NSSCKFWSession *fwSession,
1353 NSSCKMDToken *mdToken,
1354 NSSCKFWToken *fwToken,
1355 NSSCKMDInstance *mdInstance,
1356 NSSCKFWInstance *fwInstance,
1357 const NSSItem *inputBuffer,
1358 NSSItem *outputBuffer
1359 );
1360
1361 /*
1362 * Hash a key directly into the digest
1363 */
1364 CK_RV(PR_CALLBACK *DigestKey)(
1365 NSSCKMDCryptoOperation *mdCryptoOperation,
1366 NSSCKFWCryptoOperation *fwCryptoOperation,
1367 NSSCKMDToken *mdToken,
1368 NSSCKFWToken *fwToken,
1369 NSSCKMDInstance *mdInstance,
1370 NSSCKFWInstance *fwInstance,
1371 NSSCKMDObject *mdKey,
1372 NSSCKFWObject *fwKey
1373 );
1374
1375 /*
1376 * This object may be extended in future versions of the
1377 * NSS Cryptoki Framework. To allow for some flexibility
1378 * in the area of binary compatibility, this field should
1379 * be NULL.
1380 */
1381 void *null;
1382 };
1383
1384 /*
1385 * NSSCKMDMechanism
1386 *
1387 */
1388
1389 struct NSSCKMDMechanismStr {
1390 /*
1391 * The Module may use this pointer for its own purposes.
1392 */
1393 void *etc;
1394
1395 /*
1396 * This also frees the fwMechanism if appropriate.
1397 * If it is not supplied, the Framework will assume that the Token
1398 * Manages a static list of mechanisms and the function will not be called.
1399 */
1400 void (PR_CALLBACK *Destroy)(
1401 NSSCKMDMechanism *mdMechanism,
1402 NSSCKFWMechanism *fwMechanism,
1403 NSSCKMDInstance *mdInstance,
1404 NSSCKFWInstance *fwInstance
1405 );
1406
1407
1408 /*
1409 * This routine returns the minimum key size allowed for
1410 * this mechanism. This routine is optional; if unimplemented,
1411 * zero will be assumed. This routine may return zero on
1412 * error; if the error is CKR_OK, zero will be accepted as
1413 * a valid response.
1414 */
1415 CK_ULONG (PR_CALLBACK *GetMinKeySize)(
1416 NSSCKMDMechanism *mdMechanism,
1417 NSSCKFWMechanism *fwMechanism,
1418 NSSCKMDToken *mdToken,
1419 NSSCKFWToken *fwToken,
1420 NSSCKMDInstance *mdInstance,
1421 NSSCKFWInstance *fwInstance,
1422 CK_RV *pError
1423 );
1424
1425 /*
1426 * This routine returns the maximum key size allowed for
1427 * this mechanism. This routine is optional; if unimplemented,
1428 * zero will be assumed. This routine may return zero on
1429 * error; if the error is CKR_OK, zero will be accepted as
1430 * a valid response.
1431 */
1432 CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
1433 NSSCKMDMechanism *mdMechanism,
1434 NSSCKFWMechanism *fwMechanism,
1435 NSSCKMDToken *mdToken,
1436 NSSCKFWToken *fwToken,
1437 NSSCKMDInstance *mdInstance,
1438 NSSCKFWInstance *fwInstance,
1439 CK_RV *pError
1440 );
1441
1442 /*
1443 * This routine is called to determine if the mechanism is
1444 * implemented in hardware or software. It returns CK_TRUE
1445 * if it is done in hardware.
1446 */
1447 CK_BBOOL (PR_CALLBACK *GetInHardware)(
1448 NSSCKMDMechanism *mdMechanism,
1449 NSSCKFWMechanism *fwMechanism,
1450 NSSCKMDToken *mdToken,
1451 NSSCKFWToken *fwToken,
1452 NSSCKMDInstance *mdInstance,
1453 NSSCKFWInstance *fwInstance,
1454 CK_RV *pError
1455 );
1456
1457 /*
1458 * The crypto routines themselves. Most crypto operations may
1459 * be performed in two ways, streaming and single-part. The
1460 * streaming operations involve the use of (typically) three
1461 * calls-- an Init method to set up the operation, an Update
1462 * method to feed data to the operation, and a Final method to
1463 * obtain the final result. Single-part operations involve
1464 * one method, to perform the crypto operation all at once.
1465 *
1466 * The NSS Cryptoki Framework can implement the single-part
1467 * operations in terms of the streaming operations on behalf
1468 * of the Module. There are a few variances.
1469 *
1470 * Only the Init Functions are defined by the mechanism. Each
1471 * init function will return a NSSCKFWCryptoOperation which
1472 * can supply update, final, the single part updateFinal, and
1473 * the combo updateCombo functions.
1474 *
1475 * For simplicity, the routines are listed in summary here:
1476 *
1477 * EncryptInit,
1478 * DecryptInit,
1479 * DigestInit,
1480 * SignInit,
1481 * SignRecoverInit;
1482 * VerifyInit,
1483 * VerifyRecoverInit;
1484 *
1485 * The key-management routines are
1486 *
1487 * GenerateKey
1488 * GenerateKeyPair
1489 * WrapKey
1490 * UnwrapKey
1491 * DeriveKey
1492 *
1493 * All of these routines based on the Cryptoki API;
1494 * see PKCS#11 for further information.
1495 */
1496
1497 /*
1498 */
1499 NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)(
1500 NSSCKMDMechanism *mdMechanism,
1501 NSSCKFWMechanism *fwMechanism,
1502 CK_MECHANISM_PTR pMechanism,
1503 NSSCKMDSession *mdSession,
1504 NSSCKFWSession *fwSession,
1505 NSSCKMDToken *mdToken,
1506 NSSCKFWToken *fwToken,
1507 NSSCKMDInstance *mdInstance,
1508 NSSCKFWInstance *fwInstance,
1509 NSSCKMDObject *mdKey,
1510 NSSCKFWObject *fwKey,
1511 CK_RV *pError
1512 );
1513
1514 /*
1515 */
1516 NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)(
1517 NSSCKMDMechanism *mdMechanism,
1518 NSSCKFWMechanism *fwMechanism,
1519 CK_MECHANISM_PTR pMechanism,
1520 NSSCKMDSession *mdSession,
1521 NSSCKFWSession *fwSession,
1522 NSSCKMDToken *mdToken,
1523 NSSCKFWToken *fwToken,
1524 NSSCKMDInstance *mdInstance,
1525 NSSCKFWInstance *fwInstance,
1526 NSSCKMDObject *mdKey,
1527 NSSCKFWObject *fwKey,
1528 CK_RV *pError
1529 );
1530
1531 /*
1532 */
1533 NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)(
1534 NSSCKMDMechanism *mdMechanism,
1535 NSSCKFWMechanism *fwMechanism,
1536 CK_MECHANISM_PTR pMechanism,
1537 NSSCKMDSession *mdSession,
1538 NSSCKFWSession *fwSession,
1539 NSSCKMDToken *mdToken,
1540 NSSCKFWToken *fwToken,
1541 NSSCKMDInstance *mdInstance,
1542 NSSCKFWInstance *fwInstance,
1543 CK_RV *pError
1544 );
1545
1546
1547 /*
1548 */
1549 NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)(
1550 NSSCKMDMechanism *mdMechanism,
1551 NSSCKFWMechanism *fwMechanism,
1552 CK_MECHANISM_PTR pMechanism,
1553 NSSCKMDSession *mdSession,
1554 NSSCKFWSession *fwSession,
1555 NSSCKMDToken *mdToken,
1556 NSSCKFWToken *fwToken,
1557 NSSCKMDInstance *mdInstance,
1558 NSSCKFWInstance *fwInstance,
1559 NSSCKMDObject *mdKey,
1560 NSSCKFWObject *fwKey,
1561 CK_RV *pError
1562 );
1563
1564 /*
1565 */
1566 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)(
1567 NSSCKMDMechanism *mdMechanism,
1568 NSSCKFWMechanism *fwMechanism,
1569 CK_MECHANISM_PTR pMechanism,
1570 NSSCKMDSession *mdSession,
1571 NSSCKFWSession *fwSession,
1572 NSSCKMDToken *mdToken,
1573 NSSCKFWToken *fwToken,
1574 NSSCKMDInstance *mdInstance,
1575 NSSCKFWInstance *fwInstance,
1576 NSSCKMDObject *mdKey,
1577 NSSCKFWObject *fwKey,
1578 CK_RV *pError
1579 );
1580
1581 /*
1582 */
1583 NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)(
1584 NSSCKMDMechanism *mdMechanism,
1585 NSSCKFWMechanism *fwMechanism,
1586 CK_MECHANISM_PTR pMechanism,
1587 NSSCKMDSession *mdSession,
1588 NSSCKFWSession *fwSession,
1589 NSSCKMDToken *mdToken,
1590 NSSCKFWToken *fwToken,
1591 NSSCKMDInstance *mdInstance,
1592 NSSCKFWInstance *fwInstance,
1593 NSSCKMDObject *mdKey,
1594 NSSCKFWObject *fwKey,
1595 CK_RV *pError
1596 );
1597
1598 /*
1599 */
1600 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)(
1601 NSSCKMDMechanism *mdMechanism,
1602 NSSCKFWMechanism *fwMechanism,
1603 CK_MECHANISM_PTR pMechanism,
1604 NSSCKMDSession *mdSession,
1605 NSSCKFWSession *fwSession,
1606 NSSCKMDToken *mdToken,
1607 NSSCKFWToken *fwToken,
1608 NSSCKMDInstance *mdInstance,
1609 NSSCKFWInstance *fwInstance,
1610 NSSCKMDObject *mdKey,
1611 NSSCKFWObject *fwKey,
1612 CK_RV *pError
1613 );
1614
1615 /*
1616 * Key management operations.
1617 */
1618
1619 /*
1620 * This routine generates a key. This routine may return NULL
1621 * upon error.
1622 */
1623 NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1624 NSSCKMDMechanism *mdMechanism,
1625 NSSCKFWMechanism *fwMechanism,
1626 CK_MECHANISM_PTR pMechanism,
1627 NSSCKMDSession *mdSession,
1628 NSSCKFWSession *fwSession,
1629 NSSCKMDToken *mdToken,
1630 NSSCKFWToken *fwToken,
1631 NSSCKMDInstance *mdInstance,
1632 NSSCKFWInstance *fwInstance,
1633 CK_ATTRIBUTE_PTR pTemplate,
1634 CK_ULONG ulAttributeCount,
1635 CK_RV *pError
1636 );
1637
1638 /*
1639 * This routine generates a key pair.
1640 */
1641 CK_RV (PR_CALLBACK *GenerateKeyPair)(
1642 NSSCKMDMechanism *mdMechanism,
1643 NSSCKFWMechanism *fwMechanism,
1644 CK_MECHANISM_PTR pMechanism,
1645 NSSCKMDSession *mdSession,
1646 NSSCKFWSession *fwSession,
1647 NSSCKMDToken *mdToken,
1648 NSSCKFWToken *fwToken,
1649 NSSCKMDInstance *mdInstance,
1650 NSSCKFWInstance *fwInstance,
1651 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1652 CK_ULONG ulPublicKeyAttributeCount,
1653 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1654 CK_ULONG ulPrivateKeyAttributeCount,
1655 NSSCKMDObject **pPublicKey,
1656 NSSCKMDObject **pPrivateKey
1657 );
1658
1659 /*
1660 * This routine wraps a key.
1661 */
1662 CK_ULONG (PR_CALLBACK *GetWrapKeyLength)(
1663 NSSCKMDMechanism *mdMechanism,
1664 NSSCKFWMechanism *fwMechanism,
1665 CK_MECHANISM_PTR pMechanism,
1666 NSSCKMDSession *mdSession,
1667 NSSCKFWSession *fwSession,
1668 NSSCKMDToken *mdToken,
1669 NSSCKFWToken *fwToken,
1670 NSSCKMDInstance *mdInstance,
1671 NSSCKFWInstance *fwInstance,
1672 NSSCKMDObject *mdWrappingKey,
1673 NSSCKFWObject *fwWrappingKey,
1674 NSSCKMDObject *mdWrappedKey,
1675 NSSCKFWObject *fwWrappedKey,
1676 CK_RV *pError
1677 );
1678
1679 /*
1680 * This routine wraps a key.
1681 */
1682 CK_RV (PR_CALLBACK *WrapKey)(
1683 NSSCKMDMechanism *mdMechanism,
1684 NSSCKFWMechanism *fwMechanism,
1685 CK_MECHANISM_PTR pMechanism,
1686 NSSCKMDSession *mdSession,
1687 NSSCKFWSession *fwSession,
1688 NSSCKMDToken *mdToken,
1689 NSSCKFWToken *fwToken,
1690 NSSCKMDInstance *mdInstance,
1691 NSSCKFWInstance *fwInstance,
1692 NSSCKMDObject *mdWrappingKey,
1693 NSSCKFWObject *fwWrappingKey,
1694 NSSCKMDObject *mdKeyObject,
1695 NSSCKFWObject *fwKeyObject,
1696 NSSItem *wrappedKey
1697 );
1698
1699 /*
1700 * This routine unwraps a key. This routine may return NULL
1701 * upon error.
1702 */
1703 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1704 NSSCKMDMechanism *mdMechanism,
1705 NSSCKFWMechanism *fwMechanism,
1706 CK_MECHANISM_PTR pMechanism,
1707 NSSCKMDSession *mdSession,
1708 NSSCKFWSession *fwSession,
1709 NSSCKMDToken *mdToken,
1710 NSSCKFWToken *fwToken,
1711 NSSCKMDInstance *mdInstance,
1712 NSSCKFWInstance *fwInstance,
1713 NSSCKMDObject *mdWrappingKey,
1714 NSSCKFWObject *fwWrappingKey,
1715 NSSItem *wrappedKey,
1716 CK_ATTRIBUTE_PTR pTemplate,
1717 CK_ULONG ulAttributeCount,
1718 CK_RV *pError
1719 );
1720
1721 /*
1722 * This routine derives a key. This routine may return NULL
1723 * upon error.
1724 */
1725 NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1726 NSSCKMDMechanism *mdMechanism,
1727 NSSCKFWMechanism *fwMechanism,
1728 CK_MECHANISM_PTR pMechanism,
1729 NSSCKMDSession *mdSession,
1730 NSSCKFWSession *fwSession,
1731 NSSCKMDToken *mdToken,
1732 NSSCKFWToken *fwToken,
1733 NSSCKMDInstance *mdInstance,
1734 NSSCKFWInstance *fwInstance,
1735 NSSCKMDObject *mdBaseKey,
1736 NSSCKFWObject *fwBaseKey,
1737 CK_ATTRIBUTE_PTR pTemplate,
1738 CK_ULONG ulAttributeCount,
1739 CK_RV *pError
1740 );
1741
1742 /*
1743 * This object may be extended in future versions of the
1744 * NSS Cryptoki Framework. To allow for some flexibility
1745 * in the area of binary compatibility, this field should
1746 * be NULL.
1747 */
1748 void *null;
1749 };
1750
1751 /*
1752 * NSSCKMDObject
1753 *
1754 * This is the basic handle for any object used by a PKCS#11 Module.
1755 * Modules must implement it if they support their own objects, and
1756 * the Framework supports it for Modules that do not handle session
1757 * objects. This type contains a pointer for use by the implementor,
1758 * to store any object-specific data, and it contains an EPV for a
1759 * set of routines used to access the object.
1760 */
1761
1762 struct NSSCKMDObjectStr {
1763 /*
1764 * The implementation my use this pointer for its own purposes.
1765 */
1766 void *etc;
1767
1768 /*
1769 * This routine is called by the Framework when it is letting
1770 * go of an object handle. It can be used by the Module to
1771 * free any resources tied up by an object "in use." It is
1772 * optional.
1773 */
1774 void (PR_CALLBACK *Finalize)(
1775 NSSCKMDObject *mdObject,
1776 NSSCKFWObject *fwObject,
1777 NSSCKMDSession *mdSession,
1778 NSSCKFWSession *fwSession,
1779 NSSCKMDToken *mdToken,
1780 NSSCKFWToken *fwToken,
1781 NSSCKMDInstance *mdInstance,
1782 NSSCKFWInstance *fwInstance
1783 );
1784
1785 /*
1786 * This routine is used to completely destroy an object.
1787 * It is optional. The parameter fwObject might be NULL
1788 * if the framework runs out of memory at the wrong moment.
1789 */
1790 CK_RV (PR_CALLBACK *Destroy)(
1791 NSSCKMDObject *mdObject,
1792 NSSCKFWObject *fwObject,
1793 NSSCKMDSession *mdSession,
1794 NSSCKFWSession *fwSession,
1795 NSSCKMDToken *mdToken,
1796 NSSCKFWToken *fwToken,
1797 NSSCKMDInstance *mdInstance,
1798 NSSCKFWInstance *fwInstance
1799 );
1800
1801 /*
1802 * This helper routine is used by the Framework, and is especially
1803 * useful when it is managing session objects on behalf of the
1804 * Module. This routine is optional; if unimplemented, the
1805 * Framework will actually look up the CKA_TOKEN attribute. In the
1806 * event of an error, just make something up-- the Framework will
1807 * find out soon enough anyway.
1808 */
1809 CK_BBOOL (PR_CALLBACK *IsTokenObject)(
1810 NSSCKMDObject *mdObject,
1811 NSSCKFWObject *fwObject,
1812 NSSCKMDSession *mdSession,
1813 NSSCKFWSession *fwSession,
1814 NSSCKMDToken *mdToken,
1815 NSSCKFWToken *fwToken,
1816 NSSCKMDInstance *mdInstance,
1817 NSSCKFWInstance *fwInstance
1818 );
1819
1820 /*
1821 * This routine returns the number of attributes of which this
1822 * object consists. It is mandatory. It can return zero on
1823 * error.
1824 */
1825 CK_ULONG (PR_CALLBACK *GetAttributeCount)(
1826 NSSCKMDObject *mdObject,
1827 NSSCKFWObject *fwObject,
1828 NSSCKMDSession *mdSession,
1829 NSSCKFWSession *fwSession,
1830 NSSCKMDToken *mdToken,
1831 NSSCKFWToken *fwToken,
1832 NSSCKMDInstance *mdInstance,
1833 NSSCKFWInstance *fwInstance,
1834 CK_RV *pError
1835 );
1836
1837 /*
1838 * This routine stuffs the attribute types into the provided array.
1839 * The array size (as obtained from GetAttributeCount) is passed in
1840 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1841 * (either too big or too small).
1842 */
1843 CK_RV (PR_CALLBACK *GetAttributeTypes)(
1844 NSSCKMDObject *mdObject,
1845 NSSCKFWObject *fwObject,
1846 NSSCKMDSession *mdSession,
1847 NSSCKFWSession *fwSession,
1848 NSSCKMDToken *mdToken,
1849 NSSCKFWToken *fwToken,
1850 NSSCKMDInstance *mdInstance,
1851 NSSCKFWInstance *fwInstance,
1852 CK_ATTRIBUTE_TYPE_PTR typeArray,
1853 CK_ULONG ulCount
1854 );
1855
1856 /*
1857 * This routine returns the size (in bytes) of the specified
1858 * attribute. It can return zero on error.
1859 */
1860 CK_ULONG (PR_CALLBACK *GetAttributeSize)(
1861 NSSCKMDObject *mdObject,
1862 NSSCKFWObject *fwObject,
1863 NSSCKMDSession *mdSession,
1864 NSSCKFWSession *fwSession,
1865 NSSCKMDToken *mdToken,
1866 NSSCKFWToken *fwToken,
1867 NSSCKMDInstance *mdInstance,
1868 NSSCKFWInstance *fwInstance,
1869 CK_ATTRIBUTE_TYPE attribute,
1870 CK_RV *pError
1871 );
1872
1873 /*
1874 * This routine returns an NSSCKFWItem structure.
1875 * The item pointer points to an NSSItem containing the attribute value.
1876 * The needsFreeing bit tells the framework whether to call the
1877 * FreeAttribute function . Upon error, an NSSCKFWItem structure
1878 * with a NULL NSSItem item pointer will be returned
1879 */
1880 NSSCKFWItem (PR_CALLBACK *GetAttribute)(
1881 NSSCKMDObject *mdObject,
1882 NSSCKFWObject *fwObject,
1883 NSSCKMDSession *mdSession,
1884 NSSCKFWSession *fwSession,
1885 NSSCKMDToken *mdToken,
1886 NSSCKFWToken *fwToken,
1887 NSSCKMDInstance *mdInstance,
1888 NSSCKFWInstance *fwInstance,
1889 CK_ATTRIBUTE_TYPE attribute,
1890 CK_RV *pError
1891 );
1892
1893 /*
1894 * This routine returns CKR_OK if the attribute could be freed.
1895 */
1896 CK_RV (PR_CALLBACK *FreeAttribute)(
1897 NSSCKFWItem * item
1898 );
1899
1900 /*
1901 * This routine changes the specified attribute. If unimplemented,
1902 * the object will be considered read-only.
1903 */
1904 CK_RV (PR_CALLBACK *SetAttribute)(
1905 NSSCKMDObject *mdObject,
1906 NSSCKFWObject *fwObject,
1907 NSSCKMDSession *mdSession,
1908 NSSCKFWSession *fwSession,
1909 NSSCKMDToken *mdToken,
1910 NSSCKFWToken *fwToken,
1911 NSSCKMDInstance *mdInstance,
1912 NSSCKFWInstance *fwInstance,
1913 CK_ATTRIBUTE_TYPE attribute,
1914 NSSItem *value
1915 );
1916
1917 /*
1918 * This routine returns the storage requirements of this object,
1919 * in bytes. Cryptoki doesn't strictly define the definition,
1920 * but it should relate to the values returned by the "Get Memory"
1921 * routines of the NSSCKMDToken. This routine is optional; if
1922 * unimplemented, the Framework will consider this information
1923 * sensitive. This routine may return zero on error. If the
1924 * specified error is CKR_OK, zero will be accepted as a valid
1925 * response.
1926 */
1927 CK_ULONG (PR_CALLBACK *GetObjectSize)(
1928 NSSCKMDObject *mdObject,
1929 NSSCKFWObject *fwObject,
1930 NSSCKMDSession *mdSession,
1931 NSSCKFWSession *fwSession,
1932 NSSCKMDToken *mdToken,
1933 NSSCKFWToken *fwToken,
1934 NSSCKMDInstance *mdInstance,
1935 NSSCKFWInstance *fwInstance,
1936 CK_RV *pError
1937 );
1938
1939 /*
1940 * This object may be extended in future versions of the
1941 * NSS Cryptoki Framework. To allow for some flexibility
1942 * in the area of binary compatibility, this field should
1943 * be NULL.
1944 */
1945 void *null;
1946 };
1947
1948
1949 #endif /* NSSCKMDT_H */
OLDNEW
« no previous file with comments | « mozilla/security/nss/lib/ckfw/nssckg.h ('k') | mozilla/security/nss/lib/ckfw/nssckt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698