| OLD | NEW |
|---|
| (Empty) |
| 1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 4 | |
| 5 #ifndef _PKCS11N_H_ | |
| 6 #define _PKCS11N_H_ | |
| 7 | |
| 8 #ifdef DEBUG | |
| 9 static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.31 $
$Date: 2013/02/07 01:29:19 $"; | |
| 10 #endif /* DEBUG */ | |
| 11 | |
| 12 /* | |
| 13 * pkcs11n.h | |
| 14 * | |
| 15 * This file contains the NSS-specific type definitions for Cryptoki | |
| 16 * (PKCS#11). | |
| 17 */ | |
| 18 | |
| 19 /* | |
| 20 * NSSCK_VENDOR_NSS | |
| 21 * | |
| 22 * Cryptoki reserves the high half of all the number spaces for | |
| 23 * vendor-defined use. I'd like to keep all of our NSS- | |
| 24 * specific values together, but not in the oh-so-obvious | |
| 25 * 0x80000001, 0x80000002, etc. area. So I've picked an offset, | |
| 26 * and constructed values for the beginnings of our spaces. | |
| 27 * | |
| 28 * Note that some "historical" Netscape values don't fall within | |
| 29 * this range. | |
| 30 */ | |
| 31 #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */ | |
| 32 | |
| 33 /* | |
| 34 * NSS-defined object classes | |
| 35 * | |
| 36 */ | |
| 37 #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 38 | |
| 39 #define CKO_NSS_CRL (CKO_NSS + 1) | |
| 40 #define CKO_NSS_SMIME (CKO_NSS + 2) | |
| 41 #define CKO_NSS_TRUST (CKO_NSS + 3) | |
| 42 #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) | |
| 43 #define CKO_NSS_NEWSLOT (CKO_NSS + 5) | |
| 44 #define CKO_NSS_DELSLOT (CKO_NSS + 6) | |
| 45 | |
| 46 | |
| 47 /* | |
| 48 * NSS-defined key types | |
| 49 * | |
| 50 */ | |
| 51 #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 52 | |
| 53 #define CKK_NSS_PKCS8 (CKK_NSS + 1) | |
| 54 | |
| 55 #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) | |
| 56 #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) | |
| 57 | |
| 58 /* | |
| 59 * NSS-defined certificate types | |
| 60 * | |
| 61 */ | |
| 62 #define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 63 | |
| 64 /* FAKE PKCS #11 defines */ | |
| 65 #define CKA_DIGEST 0x81000000L | |
| 66 #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ | |
| 67 | |
| 68 /* | |
| 69 * NSS-defined object attributes | |
| 70 * | |
| 71 */ | |
| 72 #define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 73 | |
| 74 #define CKA_NSS_URL (CKA_NSS + 1) | |
| 75 #define CKA_NSS_EMAIL (CKA_NSS + 2) | |
| 76 #define CKA_NSS_SMIME_INFO (CKA_NSS + 3) | |
| 77 #define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4) | |
| 78 #define CKA_NSS_PKCS8_SALT (CKA_NSS + 5) | |
| 79 #define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6) | |
| 80 #define CKA_NSS_EXPIRES (CKA_NSS + 7) | |
| 81 #define CKA_NSS_KRL (CKA_NSS + 8) | |
| 82 | |
| 83 #define CKA_NSS_PQG_COUNTER (CKA_NSS + 20) | |
| 84 #define CKA_NSS_PQG_SEED (CKA_NSS + 21) | |
| 85 #define CKA_NSS_PQG_H (CKA_NSS + 22) | |
| 86 #define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23) | |
| 87 #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) | |
| 88 #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) | |
| 89 | |
| 90 #define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26) | |
| 91 #define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27) | |
| 92 #define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28) | |
| 93 #define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29) | |
| 94 #define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30) | |
| 95 #define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31) | |
| 96 #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) | |
| 97 #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) | |
| 98 | |
| 99 /* | |
| 100 * Trust attributes: | |
| 101 * | |
| 102 * If trust goes standard, these probably will too. So I'll | |
| 103 * put them all in one place. | |
| 104 */ | |
| 105 | |
| 106 #define CKA_TRUST (CKA_NSS + 0x2000) | |
| 107 | |
| 108 /* "Usage" key information */ | |
| 109 #define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1) | |
| 110 #define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2) | |
| 111 #define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3) | |
| 112 #define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4) | |
| 113 #define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5) | |
| 114 #define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6) | |
| 115 #define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7) | |
| 116 | |
| 117 /* "Purpose" trust information */ | |
| 118 #define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8) | |
| 119 #define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9) | |
| 120 #define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10) | |
| 121 #define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11) | |
| 122 #define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12) | |
| 123 #define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13) | |
| 124 #define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14) | |
| 125 #define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15) | |
| 126 #define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16) | |
| 127 | |
| 128 #define CKA_CERT_SHA1_HASH (CKA_TRUST + 100) | |
| 129 #define CKA_CERT_MD5_HASH (CKA_TRUST + 101) | |
| 130 | |
| 131 /* NSS trust stuff */ | |
| 132 | |
| 133 /* HISTORICAL: define used to pass in the database key for DSA private keys */ | |
| 134 #define CKA_NETSCAPE_DB 0xD5A0DB00L | |
| 135 #define CKA_NETSCAPE_TRUST 0x80000001L | |
| 136 | |
| 137 /* FAKE PKCS #11 defines */ | |
| 138 #define CKM_FAKE_RANDOM 0x80000efeUL | |
| 139 #define CKM_INVALID_MECHANISM 0xffffffffUL | |
| 140 | |
| 141 /* | |
| 142 * NSS-defined crypto mechanisms | |
| 143 * | |
| 144 */ | |
| 145 #define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 146 | |
| 147 #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) | |
| 148 #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) | |
| 149 | |
| 150 /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ | |
| 151 #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) | |
| 152 #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) | |
| 153 #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) | |
| 154 #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) | |
| 155 | |
| 156 /* J-PAKE round 1 key generation mechanisms. | |
| 157 * | |
| 158 * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, | |
| 159 * CKA_NSS_JPAKE_SIGNERID | |
| 160 * Output key type: CKK_NSS_JPAKE_ROUND1 | |
| 161 * Output key class: CKO_PRIVATE_KEY | |
| 162 * Parameter type: CK_NSS_JPAKERound1Params | |
| 163 * | |
| 164 */ | |
| 165 #define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7) | |
| 166 #define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8) | |
| 167 #define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9) | |
| 168 #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) | |
| 169 | |
| 170 /* J-PAKE round 2 key derivation mechanisms. | |
| 171 * | |
| 172 * Required template attributes: CKA_NSS_JPAKE_PEERID | |
| 173 * Input key type: CKK_NSS_JPAKE_ROUND1 | |
| 174 * Output key type: CKK_NSS_JPAKE_ROUND2 | |
| 175 * Output key class: CKO_PRIVATE_KEY | |
| 176 * Parameter type: CK_NSS_JPAKERound2Params | |
| 177 */ | |
| 178 #define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11) | |
| 179 #define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12) | |
| 180 #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) | |
| 181 #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) | |
| 182 | |
| 183 /* J-PAKE final key material derivation mechanisms | |
| 184 * | |
| 185 * Input key type: CKK_NSS_JPAKE_ROUND2 | |
| 186 * Output key type: CKK_GENERIC_SECRET | |
| 187 * Output key class: CKO_SECRET_KEY | |
| 188 * Parameter type: CK_NSS_JPAKEFinalParams | |
| 189 * | |
| 190 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material | |
| 191 * to get a key with uniformly distributed bits. | |
| 192 */ | |
| 193 #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) | |
| 194 #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) | |
| 195 #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) | |
| 196 #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) | |
| 197 | |
| 198 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) | |
| 199 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) | |
| 200 | |
| 201 /* | |
| 202 * HISTORICAL: | |
| 203 * Do not attempt to use these. They are only used by NETSCAPE's internal | |
| 204 * PKCS #11 interface. Most of these are place holders for other mechanism | |
| 205 * and will change in the future. | |
| 206 */ | |
| 207 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL | |
| 208 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL | |
| 209 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL | |
| 210 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL | |
| 211 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL | |
| 212 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL | |
| 213 #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL | |
| 214 #define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL | |
| 215 #define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL | |
| 216 #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL | |
| 217 | |
| 218 #define CKM_TLS_PRF_GENERAL 0x80000373UL | |
| 219 | |
| 220 typedef struct CK_NSS_JPAKEPublicValue { | |
| 221 CK_BYTE * pGX; | |
| 222 CK_ULONG ulGXLen; | |
| 223 CK_BYTE * pGV; | |
| 224 CK_ULONG ulGVLen; | |
| 225 CK_BYTE * pR; | |
| 226 CK_ULONG ulRLen; | |
| 227 } CK_NSS_JPAKEPublicValue; | |
| 228 | |
| 229 typedef struct CK_NSS_JPAKERound1Params { | |
| 230 CK_NSS_JPAKEPublicValue gx1; /* out */ | |
| 231 CK_NSS_JPAKEPublicValue gx2; /* out */ | |
| 232 } CK_NSS_JPAKERound1Params; | |
| 233 | |
| 234 typedef struct CK_NSS_JPAKERound2Params { | |
| 235 CK_BYTE * pSharedKey; /* in */ | |
| 236 CK_ULONG ulSharedKeyLen; /* in */ | |
| 237 CK_NSS_JPAKEPublicValue gx3; /* in */ | |
| 238 CK_NSS_JPAKEPublicValue gx4; /* in */ | |
| 239 CK_NSS_JPAKEPublicValue A; /* out */ | |
| 240 } CK_NSS_JPAKERound2Params; | |
| 241 | |
| 242 typedef struct CK_NSS_JPAKEFinalParams { | |
| 243 CK_NSS_JPAKEPublicValue B; /* in */ | |
| 244 } CK_NSS_JPAKEFinalParams; | |
| 245 | |
| 246 /* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and | |
| 247 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen | |
| 248 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an | |
| 249 * unsigned int variable to represent the length in bits. This should not | |
| 250 * be a problem because the SSL/TLS protocol limits the size of an SSL | |
| 251 * record to something considerably less than 2^32 bytes. | |
| 252 */ | |
| 253 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { | |
| 254 CK_MECHANISM_TYPE macAlg; /* in */ | |
| 255 CK_ULONG ulBodyTotalLen; /* in */ | |
| 256 CK_BYTE * pHeader; /* in */ | |
| 257 CK_ULONG ulHeaderLen; /* in */ | |
| 258 } CK_NSS_MAC_CONSTANT_TIME_PARAMS; | |
| 259 | |
| 260 /* | |
| 261 * NSS-defined return values | |
| 262 * | |
| 263 */ | |
| 264 #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 265 | |
| 266 #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) | |
| 267 #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) | |
| 268 | |
| 269 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. | |
| 270 See RFC 5869. | |
| 271 | |
| 272 bExtract: If set, HKDF-Extract will be applied to the input key. If | |
| 273 the optional salt is given, it is used; otherwise, the salt is | |
| 274 set to a sequence of zeros equal in length to the HMAC output. | |
| 275 If bExpand is not set, then the key template given to | |
| 276 C_DeriveKey must indicate an output key size less than or equal | |
| 277 to the output size of the HMAC. | |
| 278 | |
| 279 bExpand: If set, HKDF-Expand will be applied to the input key (if | |
| 280 bExtract is not set) or to the result of HKDF-Extract (if | |
| 281 bExtract is set). Any info given in the optional pInfo field will | |
| 282 be included in the calculation. | |
| 283 | |
| 284 The size of the output key must be specified in the template passed to | |
| 285 C_DeriveKey. | |
| 286 */ | |
| 287 typedef struct CK_NSS_HKDFParams { | |
| 288 CK_BBOOL bExtract; | |
| 289 CK_BYTE_PTR pSalt; | |
| 290 CK_ULONG ulSaltLen; | |
| 291 CK_BBOOL bExpand; | |
| 292 CK_BYTE_PTR pInfo; | |
| 293 CK_ULONG ulInfoLen; | |
| 294 } CK_NSS_HKDFParams; | |
| 295 | |
| 296 /* | |
| 297 * Trust info | |
| 298 * | |
| 299 * This isn't part of the Cryptoki standard (yet), so I'm putting | |
| 300 * all the definitions here. Some of this would move to nssckt.h | |
| 301 * if trust info were made part of the standard. In view of this | |
| 302 * possibility, I'm putting my (NSS) values in the NSS | |
| 303 * vendor space, like everything else. | |
| 304 */ | |
| 305 | |
| 306 typedef CK_ULONG CK_TRUST; | |
| 307 | |
| 308 /* The following trust types are defined: */ | |
| 309 #define CKT_VENDOR_DEFINED 0x80000000 | |
| 310 | |
| 311 #define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS) | |
| 312 | |
| 313 /* If trust goes standard, these'll probably drop out of vendor space. */ | |
| 314 #define CKT_NSS_TRUSTED (CKT_NSS + 1) | |
| 315 #define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2) | |
| 316 #define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3) | |
| 317 #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) | |
| 318 #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ | |
| 319 | |
| 320 /* | |
| 321 * These may well remain NSS-specific; I'm only using them | |
| 322 * to cache resolution data. | |
| 323 */ | |
| 324 #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) | |
| 325 | |
| 326 | |
| 327 /* | |
| 328 * old definitions. They still exist, but the plain meaning of the | |
| 329 * labels have never been accurate to what was really implemented. | |
| 330 * The new labels correctly reflect what the values effectively mean. | |
| 331 */ | |
| 332 #if defined(__GNUC__) && (__GNUC__ > 3) | |
| 333 /* make GCC warn when we use these #defines */ | |
| 334 /* | |
| 335 * This is really painful because GCC doesn't allow us to mark random | |
| 336 * #defines as deprecated. We can only mark the following: | |
| 337 * functions, variables, and types. | |
| 338 * const variables will create extra storage for everyone including this | |
| 339 * header file, so it's undesirable. | |
| 340 * functions could be inlined to prevent storage creation, but will fail | |
| 341 * when constant values are expected (like switch statements). | |
| 342 * enum types do not seem to pay attention to the deprecated attribute. | |
| 343 * | |
| 344 * That leaves typedefs. We declare new types that we then deprecate, then | |
| 345 * cast the resulting value to the deprecated type in the #define, thus | |
| 346 * producting the warning when the #define is used. | |
| 347 */ | |
| 348 #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) | |
| 349 /* The mac doesn't like the friendlier deprecate messages. I'm assuming this | |
| 350 * is a gcc version issue rather than mac or ppc specific */ | |
| 351 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); | |
| 352 typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated)); | |
| 353 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated)); | |
| 354 #else | |
| 355 /* when possible, get a full deprecation warning. This works on gcc 4.5 | |
| 356 * it may work on earlier versions of gcc */ | |
| 357 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated | |
| 358 ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST"))); | |
| 359 typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated | |
| 360 ("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED"))); | |
| 361 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated | |
| 362 ("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN"))); | |
| 363 #endif | |
| 364 #define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST) | |
| 365 #define CKT_NSS_VALID ((__CKT_NSS_VALID) CKT_NSS_NOT_TRUSTED) | |
| 366 /* keep the old value for compatibility reasons*/ | |
| 367 #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS +4)) | |
| 368 #else | |
| 369 #ifdef _WIN32 | |
| 370 /* This magic gets the windows compiler to give us a deprecation | |
| 371 * warning */ | |
| 372 #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) | |
| 373 #endif | |
| 374 /* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */ | |
| 375 #define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST | |
| 376 /* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */ | |
| 377 #define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED | |
| 378 /* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */ | |
| 379 #define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/ | |
| 380 #endif | |
| 381 | |
| 382 /* don't leave old programs in a lurch just yet, give them the old NETSCAPE | |
| 383 * synonym */ | |
| 384 #define CKO_NETSCAPE_CRL CKO_NSS_CRL | |
| 385 #define CKO_NETSCAPE_SMIME CKO_NSS_SMIME | |
| 386 #define CKO_NETSCAPE_TRUST CKO_NSS_TRUST | |
| 387 #define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST | |
| 388 #define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT | |
| 389 #define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT | |
| 390 #define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8 | |
| 391 #define CKA_NETSCAPE_URL CKA_NSS_URL | |
| 392 #define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL | |
| 393 #define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO | |
| 394 #define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP | |
| 395 #define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT | |
| 396 #define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK | |
| 397 #define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES | |
| 398 #define CKA_NETSCAPE_KRL CKA_NSS_KRL | |
| 399 #define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER | |
| 400 #define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED | |
| 401 #define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H | |
| 402 #define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS | |
| 403 #define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC | |
| 404 #define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP | |
| 405 #define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD | |
| 406 #define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED | |
| 407 #define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED | |
| 408 | |
| 409 #define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED | |
| 410 #define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR | |
| 411 #define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED | |
| 412 #define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY | |
| 413 #define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN | |
| 414 #define CKT_NETSCAPE_VALID CKT_NSS_VALID | |
| 415 #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR | |
| 416 | |
| 417 /* | |
| 418 * These are not really PKCS #11 values specifically. They are the 'loadable' | |
| 419 * module spec NSS uses. The are available for others to use as well, but not | |
| 420 * part of the formal PKCS #11 spec. | |
| 421 * | |
| 422 * The function 'FIND' returns an array of PKCS #11 initialization strings | |
| 423 * The function 'ADD' takes a PKCS #11 initialization string and stores it. | |
| 424 * The function 'DEL' takes a 'name= library=' value and deletes the associated | |
| 425 * string. | |
| 426 * The function 'RELEASE' frees the array returned by 'FIND' | |
| 427 */ | |
| 428 #define SECMOD_MODULE_DB_FUNCTION_FIND 0 | |
| 429 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 | |
| 430 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 | |
| 431 #define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 | |
| 432 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, | |
| 433 char *parameters, void *moduleSpec); | |
| 434 | |
| 435 /* softoken slot ID's */ | |
| 436 #define SFTK_MIN_USER_SLOT_ID 4 | |
| 437 #define SFTK_MAX_USER_SLOT_ID 100 | |
| 438 #define SFTK_MIN_FIPS_USER_SLOT_ID 101 | |
| 439 #define SFTK_MAX_FIPS_USER_SLOT_ID 127 | |
| 440 | |
| 441 | |
| 442 #endif /* _PKCS11N_H_ */ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14249009:
Change the NSS and NSPR source tree to the new directory structure to be (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/nss/