Update NSS to 3.21 RTM and NSPR to 4.11 RTM

nss/lib/util/pkcs11n.h

 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef _PKCS11N_H_
 #define _PKCS11N_H_
 
 /*
  * pkcs11n.h
  *
@@ skipping 10 matching lines @@
  * 0x80000001, 0x80000002, etc. area.  So I've picked an offset,
  * and constructed values for the beginnings of our spaces.
  *
  * Note that some "historical" Netscape values don't fall within
  * this range.
  */
 #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
 
 /*
  * NSS-defined object classes
- * 
+ *
  */
 #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 
 #define CKO_NSS_CRL                (CKO_NSS + 1)
 #define CKO_NSS_SMIME              (CKO_NSS + 2)
 #define CKO_NSS_TRUST              (CKO_NSS + 3)
 #define CKO_NSS_BUILTIN_ROOT_LIST  (CKO_NSS + 4)
 #define CKO_NSS_NEWSLOT            (CKO_NSS + 5)
 #define CKO_NSS_DELSLOT            (CKO_NSS + 6)
 
@@ skipping 117 matching lines @@
  * Output key class: CKO_PRIVATE_KEY
  * Parameter type: CK_NSS_JPAKERound1Params
  *
  */
 #define CKM_NSS_JPAKE_ROUND1_SHA1   (CKM_NSS + 7)
 #define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
 #define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
 #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
 
 /* J-PAKE round 2 key derivation mechanisms.
- * 
+ *
  * Required template attributes: CKA_NSS_JPAKE_PEERID
  * Input key type:  CKK_NSS_JPAKE_ROUND1
  * Output key type: CKK_NSS_JPAKE_ROUND2
  * Output key class: CKO_PRIVATE_KEY
  * Parameter type: CK_NSS_JPAKERound2Params
  */
 #define CKM_NSS_JPAKE_ROUND2_SHA1   (CKM_NSS + 11)
 #define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
 #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
 #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
 
-/* J-PAKE final key material derivation mechanisms 
+/* J-PAKE final key material derivation mechanisms
  *
  * Input key type:  CKK_NSS_JPAKE_ROUND2
  * Output key type: CKK_GENERIC_SECRET
  * Output key class: CKO_SECRET_KEY
  * Parameter type: CK_NSS_JPAKEFinalParams
  *
- * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 
+ * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
  * to get a key with uniformly distributed bits.
  */
 #define CKM_NSS_JPAKE_FINAL_SHA1    (CKM_NSS + 15)
 #define CKM_NSS_JPAKE_FINAL_SHA256  (CKM_NSS + 16)
 #define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
 #define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)
 
 /* Constant-time MAC mechanisms:
  *
  * These operations verify a padded, MAC-then-encrypt block of data in
@@ skipping 10 matching lines @@
  */
 #define CKM_NSS_HMAC_CONSTANT_TIME      (CKM_NSS + 19)
 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME  (CKM_NSS + 20)
 
 /* TLS 1.2 mechanisms */
 #define CKM_NSS_TLS_PRF_GENERAL_SHA256          (CKM_NSS + 21)
 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256    (CKM_NSS + 22)
 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256   (CKM_NSS + 23)
 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
 
-#define CKM_NSS_CHACHA20_KEY_GEN                (CKM_NSS + 25)
-#define CKM_NSS_CHACHA20_POLY1305               (CKM_NSS + 26)
+/* TLS extended master secret derivation */
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE    (CKM_NSS + 25)
+#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
+
+#define CKM_NSS_CHACHA20_KEY_GEN                (CKM_NSS + 27)
+#define CKM_NSS_CHACHA20_POLY1305               (CKM_NSS + 28)

[davidben, 2015/12/11 22:10:58]

I assume we have no more consumers of these symbols that cared about ABI
stability?

(Did we ever? I dunno if we shipped the CHACHA20_POLY1305 patch on CrOS. I guess
CrOS hopefully doesn't mismatch the system headers and Chrome? Meh. Not a
problem now with the chimera.)

[Ryan Sleevi, 2015/12/11 22:20:44]

We actually don't ship the CHACHA20_POLY1305 patch on CrOS. That used to be
something that I wanted to work on, but didn't precisely because of the
ABI/landing timing issues.

I still want to land the CrOS fixes first and will be sending those out later
today :)

 
 /*
  * HISTORICAL:
  * Do not attempt to use these. They are only used by NETSCAPE's internal
  * PKCS #11 interface. Most of these are place holders for other mechanism
  * and will change in the future.
  */
 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC           0x80000002UL
 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC    0x80000003UL
 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC    0x80000004UL
@@ skipping 67 matching lines @@
  * NSS-defined return values
  *
  */
 #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 
 #define CKR_NSS_CERTDB_FAILED      (CKR_NSS + 1)
 #define CKR_NSS_KEYDB_FAILED       (CKR_NSS + 2)
 
 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
    See RFC 5869.
-   
+
     bExtract: If set, HKDF-Extract will be applied to the input key. If
               the optional salt is given, it is used; otherwise, the salt is
               set to a sequence of zeros equal in length to the HMAC output.
               If bExpand is not set, then the key template given to
               C_DeriveKey must indicate an output key size less than or equal
               to the output size of the HMAC.
 
     bExpand:  If set, HKDF-Expand will be applied to the input key (if
               bExtract is not set) or to the result of HKDF-Extract (if
               bExtract is set). Any info given in the optional pInfo field will
               be included in the calculation.
 
     The size of the output key must be specified in the template passed to
     C_DeriveKey.
 */
 typedef struct CK_NSS_HKDFParams {
     CK_BBOOL bExtract;
     CK_BYTE_PTR pSalt;
     CK_ULONG ulSaltLen;
     CK_BBOOL bExpand;
     CK_BYTE_PTR pInfo;
     CK_ULONG ulInfoLen;
 } CK_NSS_HKDFParams;
 
 /*
+ * Parameter for the TLS extended master secret key derivation mechanisms:
+ *
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
+ *  * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
+ *
+ * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
+ * function used. For earlier versions of the PRF, set the prfHashMechanism
+ * value to CKM_TLS_PRF.
+ *
+ * The session hash input is expected to be the output of the same hash
+ * function as the PRF uses (as required by draft-ietf-tls-session-hash).  So
+ * the ulSessionHashLen member must be equal the output length of the hash
+ * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF,
+ * the length of concatenated MD5 and SHA-1 digests).
+ *
+ */
+typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
+    CK_MECHANISM_TYPE prfHashMechanism;
+    CK_BYTE_PTR pSessionHash;
+    CK_ULONG ulSessionHashLen;
+    CK_VERSION_PTR pVersion;
+} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
+
+
+/*
  * Trust info
  *
  * This isn't part of the Cryptoki standard (yet), so I'm putting
  * all the definitions here.  Some of this would move to nssckt.h
  * if trust info were made part of the standard.  In view of this
  * possibility, I'm putting my (NSS) values in the NSS
  * vendor space, like everything else.
  */
 
 typedef CK_ULONG          CK_TRUST;
 
 /* The following trust types are defined: */
 #define CKT_VENDOR_DEFINED     0x80000000
 
 #define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 
 /* If trust goes standard, these'll probably drop out of vendor space. */
 #define CKT_NSS_TRUSTED            (CKT_NSS + 1)
 #define CKT_NSS_TRUSTED_DELEGATOR  (CKT_NSS + 2)
 #define CKT_NSS_MUST_VERIFY_TRUST  (CKT_NSS + 3)
 #define CKT_NSS_NOT_TRUSTED        (CKT_NSS + 10)
 #define CKT_NSS_TRUST_UNKNOWN      (CKT_NSS + 5) /* default */
 
-/* 
+/*
  * These may well remain NSS-specific; I'm only using them
  * to cache resolution data.
  */
 #define CKT_NSS_VALID_DELEGATOR    (CKT_NSS + 11)
 
 
 /*
  * old definitions. They still exist, but the plain meaning of the
  * labels have never been accurate to what was really implemented.
  * The new labels correctly reflect what the values effectively mean.
@@ skipping 90 matching lines @@
  *
  * The function 'FIND' returns an array of PKCS #11 initialization strings
  * The function 'ADD' takes a PKCS #11 initialization string and stores it.
  * The function 'DEL' takes a 'name= library=' value and deletes the associated
  *  string.
  * The function 'RELEASE' frees the array returned by 'FIND'
  */
 #define SECMOD_MODULE_DB_FUNCTION_FIND  0
 #define SECMOD_MODULE_DB_FUNCTION_ADD   1
 #define SECMOD_MODULE_DB_FUNCTION_DEL   2
-#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
+#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
                                         char *parameters, void *moduleSpec);
 
 /* softoken slot ID's */
 #define SFTK_MIN_USER_SLOT_ID 4
 #define SFTK_MAX_USER_SLOT_ID 100
 #define SFTK_MIN_FIPS_USER_SLOT_ID 101
 #define SFTK_MAX_FIPS_USER_SLOT_ID 127
 
 
 #endif /* _PKCS11N_H_ */