Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(207)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/ckfw/nssckmdt.h

Issue 1843333003: Update NSPR to 4.12 and NSS to 3.23 on iOS (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss.git@master
Patch Set: Created 4 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/ckfw/nssckfwt.h ('k') | nss/lib/ckfw/nssckt.h » ('j') | nss/lib/util/secoid.c » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* This Source Code Form is subject to the terms of the Mozilla Public 1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 4
5 #ifndef NSSCKMDT_H 5 #ifndef NSSCKMDT_H
6 #define NSSCKMDT_H 6 #define NSSCKMDT_H
7 7
8 /* 8 /*
9 * nssckmdt.h 9 * nssckmdt.h
10 * 10 *
(...skipping 26 matching lines...) Expand all
37 * NSSCKFWItem 37 * NSSCKFWItem
38 * 38 *
39 * This is a structure used by modules to return object attributes. 39 * This is a structure used by modules to return object attributes.
40 * The needsFreeing bit indicates whether the object needs to be freed. 40 * The needsFreeing bit indicates whether the object needs to be freed.
41 * If so, the framework will call the FreeAttribute function on the item 41 * If so, the framework will call the FreeAttribute function on the item
42 * after it is done using it. 42 * after it is done using it.
43 * 43 *
44 */ 44 */
45 45
46 typedef struct { 46 typedef struct {
47 PRBool needsFreeing; 47 PRBool needsFreeing;
48 NSSItem* item; 48 NSSItem *item;
49 } NSSCKFWItem ; 49 } NSSCKFWItem;
50 50
51 /* 51 /*
52 * NSSCKMDInstance 52 * NSSCKMDInstance
53 * 53 *
54 * This is the basic handle for an instance of a PKCS#11 Module. 54 * This is the basic handle for an instance of a PKCS#11 Module.
55 * It is returned by the Module's CreateInstance routine, and 55 * It is returned by the Module's CreateInstance routine, and
56 * may be obtained from the corresponding NSSCKFWInstance object. 56 * may be obtained from the corresponding NSSCKFWInstance object.
57 * It contains a pointer for use by the Module, to store any 57 * It contains a pointer for use by the Module, to store any
58 * instance-related data, and it contains the EPV for a set of 58 * instance-related data, and it contains the EPV for a set of
59 * routines which the Module may implement for use by the Framework. 59 * routines which the Module may implement for use by the Framework.
60 * Some of these routines are optional; others are mandatory. 60 * Some of these routines are optional; others are mandatory.
61 */ 61 */
62 62
63 struct NSSCKMDInstanceStr { 63 struct NSSCKMDInstanceStr {
64 /* 64 /*
65 * The Module may use this pointer for its own purposes. 65 * The Module may use this pointer for its own purposes.
66 */ 66 */
67 void *etc; 67 void *etc;
68 68
69 /* 69 /*
70 * This routine is called by the Framework to initialize 70 * This routine is called by the Framework to initialize
71 * the Module. This routine is optional; if unimplemented, 71 * the Module. This routine is optional; if unimplemented,
72 * it won't be called. If this routine returns an error, 72 * it won't be called. If this routine returns an error,
73 * then the initialization will fail. 73 * then the initialization will fail.
74 */ 74 */
75 CK_RV (PR_CALLBACK *Initialize)( 75 CK_RV(PR_CALLBACK *Initialize)
76 NSSCKMDInstance *mdInstance, 76 (
77 NSSCKFWInstance *fwInstance, 77 NSSCKMDInstance *mdInstance,
78 NSSUTF8 *configurationData 78 NSSCKFWInstance *fwInstance,
79 ); 79 NSSUTF8 *configurationData);
80 80
81 /* 81 /*
82 * This routine is called when the Framework is finalizing 82 * This routine is called when the Framework is finalizing
83 * the PKCS#11 Module. It is the last thing called before 83 * the PKCS#11 Module. It is the last thing called before
84 * the NSSCKFWInstance's NSSArena is destroyed. This routine 84 * the NSSCKFWInstance's NSSArena is destroyed. This routine
85 * is optional; if unimplemented, it merely won't be called. 85 * is optional; if unimplemented, it merely won't be called.
86 */ 86 */
87 void (PR_CALLBACK *Finalize)( 87 void(PR_CALLBACK *Finalize)(
88 NSSCKMDInstance *mdInstance, 88 NSSCKMDInstance *mdInstance,
89 NSSCKFWInstance *fwInstance 89 NSSCKFWInstance *fwInstance);
90 );
91 90
92 /* 91 /*
93 * This routine gets the number of slots. This value must 92 * This routine gets the number of slots. This value must
94 * never change, once the instance is initialized. This 93 * never change, once the instance is initialized. This
95 * routine must be implemented. It may return zero on error. 94 * routine must be implemented. It may return zero on error.
96 */ 95 */
97 CK_ULONG (PR_CALLBACK *GetNSlots)( 96 CK_ULONG(PR_CALLBACK *GetNSlots)
98 NSSCKMDInstance *mdInstance, 97 (
99 NSSCKFWInstance *fwInstance, 98 NSSCKMDInstance *mdInstance,
100 CK_RV *pError 99 NSSCKFWInstance *fwInstance,
101 ); 100 CK_RV *pError);
102 101
103 /* 102 /*
104 * This routine returns the version of the Cryptoki standard 103 * This routine returns the version of the Cryptoki standard
105 * to which this Module conforms. This routine is optional; 104 * to which this Module conforms. This routine is optional;
106 * if unimplemented, the Framework uses the version to which 105 * if unimplemented, the Framework uses the version to which
107 * ~it~ was implemented. 106 * ~it~ was implemented.
108 */ 107 */
109 CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( 108 CK_VERSION(PR_CALLBACK *GetCryptokiVersion)
110 NSSCKMDInstance *mdInstance, 109 (
111 NSSCKFWInstance *fwInstance 110 NSSCKMDInstance *mdInstance,
112 ); 111 NSSCKFWInstance *fwInstance);
113 112
114 /* 113 /*
115 * This routine returns a pointer to a UTF8-encoded string 114 * This routine returns a pointer to a UTF8-encoded string
116 * containing the manufacturer ID for this Module. Only 115 * containing the manufacturer ID for this Module. Only
117 * the characters completely encoded in the first thirty- 116 * the characters completely encoded in the first thirty-
118 * two bytes are significant. This routine is optional. 117 * two bytes are significant. This routine is optional.
119 * The string returned is never freed; if dynamically generated, 118 * The string returned is never freed; if dynamically generated,
120 * the space for it should be allocated from the NSSArena 119 * the space for it should be allocated from the NSSArena
121 * that may be obtained from the NSSCKFWInstance. This 120 * that may be obtained from the NSSCKFWInstance. This
122 * routine may return NULL upon error; however if *pError 121 * routine may return NULL upon error; however if *pError
123 * is CKR_OK, the NULL will be considered the valid response. 122 * is CKR_OK, the NULL will be considered the valid response.
124 */ 123 */
125 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 124 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
126 NSSCKMDInstance *mdInstance, 125 NSSCKMDInstance *mdInstance,
127 NSSCKFWInstance *fwInstance, 126 NSSCKFWInstance *fwInstance,
128 CK_RV *pError 127 CK_RV *pError);
129 );
130 128
131 /* 129 /*
132 * This routine returns a pointer to a UTF8-encoded string 130 * This routine returns a pointer to a UTF8-encoded string
133 * containing a description of this Module library. Only 131 * containing a description of this Module library. Only
134 * the characters completely encoded in the first thirty- 132 * the characters completely encoded in the first thirty-
135 * two bytes are significant. This routine is optional. 133 * two bytes are significant. This routine is optional.
136 * The string returned is never freed; if dynamically generated, 134 * The string returned is never freed; if dynamically generated,
137 * the space for it should be allocated from the NSSArena 135 * the space for it should be allocated from the NSSArena
138 * that may be obtained from the NSSCKFWInstance. This 136 * that may be obtained from the NSSCKFWInstance. This
139 * routine may return NULL upon error; however if *pError 137 * routine may return NULL upon error; however if *pError
140 * is CKR_OK, the NULL will be considered the valid response. 138 * is CKR_OK, the NULL will be considered the valid response.
141 */ 139 */
142 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( 140 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
143 NSSCKMDInstance *mdInstance, 141 NSSCKMDInstance *mdInstance,
144 NSSCKFWInstance *fwInstance, 142 NSSCKFWInstance *fwInstance,
145 CK_RV *pError 143 CK_RV *pError);
146 );
147 144
148 /* 145 /*
149 * This routine returns the version of this Module library. 146 * This routine returns the version of this Module library.
150 * This routine is optional; if unimplemented, the Framework 147 * This routine is optional; if unimplemented, the Framework
151 * will assume a Module library version of 0.1. 148 * will assume a Module library version of 0.1.
152 */ 149 */
153 CK_VERSION (PR_CALLBACK *GetLibraryVersion)( 150 CK_VERSION(PR_CALLBACK *GetLibraryVersion)
154 NSSCKMDInstance *mdInstance, 151 (
155 NSSCKFWInstance *fwInstance 152 NSSCKMDInstance *mdInstance,
156 ); 153 NSSCKFWInstance *fwInstance);
157 154
158 /* 155 /*
159 * This routine returns CK_TRUE if the Module wishes to 156 * This routine returns CK_TRUE if the Module wishes to
160 * handle session objects. This routine is optional. 157 * handle session objects. This routine is optional.
161 * If this routine is NULL, or if it exists but returns 158 * If this routine is NULL, or if it exists but returns
162 * CK_FALSE, the Framework will assume responsibility 159 * CK_FALSE, the Framework will assume responsibility
163 * for managing session objects. 160 * for managing session objects.
164 */ 161 */
165 CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( 162 CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects)
166 NSSCKMDInstance *mdInstance, 163 (
167 NSSCKFWInstance *fwInstance 164 NSSCKMDInstance *mdInstance,
168 ); 165 NSSCKFWInstance *fwInstance);
169 166
170 /* 167 /*
171 * This routine stuffs pointers to NSSCKMDSlot objects into 168 * This routine stuffs pointers to NSSCKMDSlot objects into
172 * the specified array; one for each slot supported by this 169 * the specified array; one for each slot supported by this
173 * instance. The Framework will determine the size needed 170 * instance. The Framework will determine the size needed
174 * for the array by calling GetNSlots. This routine is 171 * for the array by calling GetNSlots. This routine is
175 * required. 172 * required.
176 */ 173 */
177 CK_RV (PR_CALLBACK *GetSlots)( 174 CK_RV(PR_CALLBACK *GetSlots)
178 NSSCKMDInstance *mdInstance, 175 (
179 NSSCKFWInstance *fwInstance, 176 NSSCKMDInstance *mdInstance,
180 NSSCKMDSlot *slots[] 177 NSSCKFWInstance *fwInstance,
181 ); 178 NSSCKMDSlot *slots[]);
182 179
183 /* 180 /*
184 * This call returns a pointer to the slot in which an event 181 * This call returns a pointer to the slot in which an event
185 * has occurred. If the block argument is CK_TRUE, the call 182 * has occurred. If the block argument is CK_TRUE, the call
186 * should block until a slot event occurs; if CK_FALSE, it 183 * should block until a slot event occurs; if CK_FALSE, it
187 * should check to see if an event has occurred, occurred, 184 * should check to see if an event has occurred, occurred,
188 * but return NULL (and set *pError to CK_NO_EVENT) if one 185 * but return NULL (and set *pError to CK_NO_EVENT) if one
189 * hasn't. This routine is optional; if unimplemented, the 186 * hasn't. This routine is optional; if unimplemented, the
190 * Framework will assume that no event has happened. This 187 * Framework will assume that no event has happened. This
191 * routine may return NULL upon error. 188 * routine may return NULL upon error.
192 */ 189 */
193 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( 190 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
194 NSSCKMDInstance *mdInstance, 191 NSSCKMDInstance *mdInstance,
195 NSSCKFWInstance *fwInstance, 192 NSSCKFWInstance *fwInstance,
196 CK_BBOOL block, 193 CK_BBOOL block,
197 CK_RV *pError 194 CK_RV *pError);
198 );
199 195
200 /* 196 /*
201 * This object may be extended in future versions of the 197 * This object may be extended in future versions of the
202 * NSS Cryptoki Framework. To allow for some flexibility 198 * NSS Cryptoki Framework. To allow for some flexibility
203 * in the area of binary compatibility, this field should 199 * in the area of binary compatibility, this field should
204 * be NULL. 200 * be NULL.
205 */ 201 */
206 void *null; 202 void *null;
207 }; 203 };
208 204
209
210 /* 205 /*
211 * NSSCKMDSlot 206 * NSSCKMDSlot
212 * 207 *
213 * This is the basic handle for a PKCS#11 Module Slot. It is 208 * This is the basic handle for a PKCS#11 Module Slot. It is
214 * created by the NSSCKMDInstance->GetSlots call, and may be 209 * created by the NSSCKMDInstance->GetSlots call, and may be
215 * obtained from the Framework's corresponding NSSCKFWSlot 210 * obtained from the Framework's corresponding NSSCKFWSlot
216 * object. It contains a pointer for use by the Module, to 211 * object. It contains a pointer for use by the Module, to
217 * store any slot-related data, and it contains the EPV for 212 * store any slot-related data, and it contains the EPV for
218 * a set of routines which the Module may implement for use 213 * a set of routines which the Module may implement for use
219 * by the Framework. Some of these routines are optional. 214 * by the Framework. Some of these routines are optional.
220 */ 215 */
221 216
222 struct NSSCKMDSlotStr { 217 struct NSSCKMDSlotStr {
223 /* 218 /*
224 * The Module may use this pointer for its own purposes. 219 * The Module may use this pointer for its own purposes.
225 */ 220 */
226 void *etc; 221 void *etc;
227 222
228 /* 223 /*
229 * This routine is called during the Framework initialization 224 * This routine is called during the Framework initialization
230 * step, after the Framework Instance has obtained the list 225 * step, after the Framework Instance has obtained the list
231 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- 226 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
232 * specific initialization can be done here. This routine is 227 * specific initialization can be done here. This routine is
233 * optional; if unimplemented, it won't be called. Note that 228 * optional; if unimplemented, it won't be called. Note that
234 * if this routine returns an error, the entire Framework 229 * if this routine returns an error, the entire Framework
235 * initialization for this Module will fail. 230 * initialization for this Module will fail.
236 */ 231 */
237 CK_RV (PR_CALLBACK *Initialize)( 232 CK_RV(PR_CALLBACK *Initialize)
238 NSSCKMDSlot *mdSlot, 233 (
239 NSSCKFWSlot *fwSlot, 234 NSSCKMDSlot *mdSlot,
240 NSSCKMDInstance *mdInstance, 235 NSSCKFWSlot *fwSlot,
241 NSSCKFWInstance *fwInstance 236 NSSCKMDInstance *mdInstance,
242 ); 237 NSSCKFWInstance *fwInstance);
243 238
244 /* 239 /*
245 * This routine is called when the Framework is finalizing 240 * This routine is called when the Framework is finalizing
246 * the PKCS#11 Module. This call (for each of the slots) 241 * the PKCS#11 Module. This call (for each of the slots)
247 * is the last thing called before NSSCKMDInstance->Finalize. 242 * is the last thing called before NSSCKMDInstance->Finalize.
248 * This routine is optional; if unimplemented, it merely 243 * This routine is optional; if unimplemented, it merely
249 * won't be called. Note: In the rare circumstance that 244 * won't be called. Note: In the rare circumstance that
250 * the Framework initialization cannot complete (due to, 245 * the Framework initialization cannot complete (due to,
251 * for example, memory limitations), this can be called with 246 * for example, memory limitations), this can be called with
252 * a NULL value for fwSlot. 247 * a NULL value for fwSlot.
253 */ 248 */
254 void (PR_CALLBACK *Destroy)( 249 void(PR_CALLBACK *Destroy)(
255 NSSCKMDSlot *mdSlot, 250 NSSCKMDSlot *mdSlot,
256 NSSCKFWSlot *fwSlot, 251 NSSCKFWSlot *fwSlot,
257 NSSCKMDInstance *mdInstance, 252 NSSCKMDInstance *mdInstance,
258 NSSCKFWInstance *fwInstance 253 NSSCKFWInstance *fwInstance);
259 );
260 254
261 /* 255 /*
262 * This routine returns a pointer to a UTF8-encoded string 256 * This routine returns a pointer to a UTF8-encoded string
263 * containing a description of this slot. Only the characters 257 * containing a description of this slot. Only the characters
264 * completely encoded in the first sixty-four bytes are 258 * completely encoded in the first sixty-four bytes are
265 * significant. This routine is optional. The string 259 * significant. This routine is optional. The string
266 * returned is never freed; if dynamically generated, 260 * returned is never freed; if dynamically generated,
267 * the space for it should be allocated from the NSSArena 261 * the space for it should be allocated from the NSSArena
268 * that may be obtained from the NSSCKFWInstance. This 262 * that may be obtained from the NSSCKFWInstance. This
269 * routine may return NULL upon error; however if *pError 263 * routine may return NULL upon error; however if *pError
270 * is CKR_OK, the NULL will be considered the valid response. 264 * is CKR_OK, the NULL will be considered the valid response.
271 */ 265 */
272 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( 266 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
273 NSSCKMDSlot *mdSlot, 267 NSSCKMDSlot *mdSlot,
274 NSSCKFWSlot *fwSlot, 268 NSSCKFWSlot *fwSlot,
275 NSSCKMDInstance *mdInstance, 269 NSSCKMDInstance *mdInstance,
276 NSSCKFWInstance *fwInstance, 270 NSSCKFWInstance *fwInstance,
277 CK_RV *pError 271 CK_RV *pError);
278 );
279 272
280 /* 273 /*
281 * This routine returns a pointer to a UTF8-encoded string 274 * This routine returns a pointer to a UTF8-encoded string
282 * containing a description of the manufacturer of this slot. 275 * containing a description of the manufacturer of this slot.
283 * Only the characters completely encoded in the first thirty- 276 * Only the characters completely encoded in the first thirty-
284 * two bytes are significant. This routine is optional. 277 * two bytes are significant. This routine is optional.
285 * The string returned is never freed; if dynamically generated, 278 * The string returned is never freed; if dynamically generated,
286 * the space for it should be allocated from the NSSArena 279 * the space for it should be allocated from the NSSArena
287 * that may be obtained from the NSSCKFWInstance. This 280 * that may be obtained from the NSSCKFWInstance. This
288 * routine may return NULL upon error; however if *pError 281 * routine may return NULL upon error; however if *pError
289 * is CKR_OK, the NULL will be considered the valid response. 282 * is CKR_OK, the NULL will be considered the valid response.
290 */ 283 */
291 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 284 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
292 NSSCKMDSlot *mdSlot, 285 NSSCKMDSlot *mdSlot,
293 NSSCKFWSlot *fwSlot, 286 NSSCKFWSlot *fwSlot,
294 NSSCKMDInstance *mdInstance, 287 NSSCKMDInstance *mdInstance,
295 NSSCKFWInstance *fwInstance, 288 NSSCKFWInstance *fwInstance,
296 CK_RV *pError 289 CK_RV *pError);
297 );
298 290
299 /* 291 /*
300 * This routine returns CK_TRUE if a token is present in this 292 * This routine returns CK_TRUE if a token is present in this
301 * slot. This routine is optional; if unimplemented, CK_TRUE 293 * slot. This routine is optional; if unimplemented, CK_TRUE
302 * is assumed. 294 * is assumed.
303 */ 295 */
304 CK_BBOOL (PR_CALLBACK *GetTokenPresent)( 296 CK_BBOOL(PR_CALLBACK *GetTokenPresent)
305 NSSCKMDSlot *mdSlot, 297 (
306 NSSCKFWSlot *fwSlot, 298 NSSCKMDSlot *mdSlot,
307 NSSCKMDInstance *mdInstance, 299 NSSCKFWSlot *fwSlot,
308 NSSCKFWInstance *fwInstance 300 NSSCKMDInstance *mdInstance,
309 ); 301 NSSCKFWInstance *fwInstance);
310 302
311 /* 303 /*
312 * This routine returns CK_TRUE if the slot supports removable 304 * This routine returns CK_TRUE if the slot supports removable
313 * tokens. This routine is optional; if unimplemented, CK_FALSE 305 * tokens. This routine is optional; if unimplemented, CK_FALSE
314 * is assumed. 306 * is assumed.
315 */ 307 */
316 CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( 308 CK_BBOOL(PR_CALLBACK *GetRemovableDevice)
317 NSSCKMDSlot *mdSlot, 309 (
318 NSSCKFWSlot *fwSlot, 310 NSSCKMDSlot *mdSlot,
319 NSSCKMDInstance *mdInstance, 311 NSSCKFWSlot *fwSlot,
320 NSSCKFWInstance *fwInstance 312 NSSCKMDInstance *mdInstance,
321 ); 313 NSSCKFWInstance *fwInstance);
322 314
323 /* 315 /*
324 * This routine returns CK_TRUE if this slot is a hardware 316 * This routine returns CK_TRUE if this slot is a hardware
325 * device, or CK_FALSE if this slot is a software device. This 317 * device, or CK_FALSE if this slot is a software device. This
326 * routine is optional; if unimplemented, CK_FALSE is assumed. 318 * routine is optional; if unimplemented, CK_FALSE is assumed.
327 */ 319 */
328 CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( 320 CK_BBOOL(PR_CALLBACK *GetHardwareSlot)
329 NSSCKMDSlot *mdSlot, 321 (
330 NSSCKFWSlot *fwSlot, 322 NSSCKMDSlot *mdSlot,
331 NSSCKMDInstance *mdInstance, 323 NSSCKFWSlot *fwSlot,
332 NSSCKFWInstance *fwInstance 324 NSSCKMDInstance *mdInstance,
333 ); 325 NSSCKFWInstance *fwInstance);
334 326
335 /* 327 /*
336 * This routine returns the version of this slot's hardware. 328 * This routine returns the version of this slot's hardware.
337 * This routine is optional; if unimplemented, the Framework 329 * This routine is optional; if unimplemented, the Framework
338 * will assume a hardware version of 0.1. 330 * will assume a hardware version of 0.1.
339 */ 331 */
340 CK_VERSION (PR_CALLBACK *GetHardwareVersion)( 332 CK_VERSION(PR_CALLBACK *GetHardwareVersion)
341 NSSCKMDSlot *mdSlot, 333 (
342 NSSCKFWSlot *fwSlot, 334 NSSCKMDSlot *mdSlot,
343 NSSCKMDInstance *mdInstance, 335 NSSCKFWSlot *fwSlot,
344 NSSCKFWInstance *fwInstance 336 NSSCKMDInstance *mdInstance,
345 ); 337 NSSCKFWInstance *fwInstance);
346 338
347 /* 339 /*
348 * This routine returns the version of this slot's firmware. 340 * This routine returns the version of this slot's firmware.
349 * This routine is optional; if unimplemented, the Framework 341 * This routine is optional; if unimplemented, the Framework
350 * will assume a hardware version of 0.1. 342 * will assume a hardware version of 0.1.
351 */ 343 */
352 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( 344 CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
353 NSSCKMDSlot *mdSlot, 345 (
354 NSSCKFWSlot *fwSlot, 346 NSSCKMDSlot *mdSlot,
355 NSSCKMDInstance *mdInstance, 347 NSSCKFWSlot *fwSlot,
356 NSSCKFWInstance *fwInstance 348 NSSCKMDInstance *mdInstance,
357 ); 349 NSSCKFWInstance *fwInstance);
358 350
359 /* 351 /*
360 * This routine should return a pointer to an NSSCKMDToken 352 * This routine should return a pointer to an NSSCKMDToken
361 * object corresponding to the token in the specified slot. 353 * object corresponding to the token in the specified slot.
362 * The NSSCKFWToken object passed in has an NSSArena 354 * The NSSCKFWToken object passed in has an NSSArena
363 * available which is dedicated for this token. This routine 355 * available which is dedicated for this token. This routine
364 * must be implemented. This routine may return NULL upon 356 * must be implemented. This routine may return NULL upon
365 * error. 357 * error.
366 */ 358 */
367 NSSCKMDToken *(PR_CALLBACK *GetToken)( 359 NSSCKMDToken *(PR_CALLBACK *GetToken)(
368 NSSCKMDSlot *mdSlot, 360 NSSCKMDSlot *mdSlot,
369 NSSCKFWSlot *fwSlot, 361 NSSCKFWSlot *fwSlot,
370 NSSCKMDInstance *mdInstance, 362 NSSCKMDInstance *mdInstance,
371 NSSCKFWInstance *fwInstance, 363 NSSCKFWInstance *fwInstance,
372 CK_RV *pError 364 CK_RV *pError);
373 );
374 365
375 /* 366 /*
376 * This object may be extended in future versions of the 367 * This object may be extended in future versions of the
377 * NSS Cryptoki Framework. To allow for some flexibility 368 * NSS Cryptoki Framework. To allow for some flexibility
378 * in the area of binary compatibility, this field should 369 * in the area of binary compatibility, this field should
379 * be NULL. 370 * be NULL.
380 */ 371 */
381 void *null; 372 void *null;
382 }; 373 };
383 374
384 /* 375 /*
385 * NSSCKMDToken 376 * NSSCKMDToken
386 * 377 *
387 * This is the basic handle for a PKCS#11 Token. It is created by 378 * This is the basic handle for a PKCS#11 Token. It is created by
388 * the NSSCKMDSlot->GetToken call, and may be obtained from the 379 * the NSSCKMDSlot->GetToken call, and may be obtained from the
389 * Framework's corresponding NSSCKFWToken object. It contains a 380 * Framework's corresponding NSSCKFWToken object. It contains a
390 * pointer for use by the Module, to store any token-related 381 * pointer for use by the Module, to store any token-related
391 * data, and it contains the EPV for a set of routines which the 382 * data, and it contains the EPV for a set of routines which the
392 * Module may implement for use by the Framework. Some of these 383 * Module may implement for use by the Framework. Some of these
393 * routines are optional. 384 * routines are optional.
394 */ 385 */
395 386
396 struct NSSCKMDTokenStr { 387 struct NSSCKMDTokenStr {
397 /* 388 /*
398 * The Module may use this pointer for its own purposes. 389 * The Module may use this pointer for its own purposes.
399 */ 390 */
400 void *etc; 391 void *etc;
401 392
402 /* 393 /*
403 * This routine is used to prepare a Module token object for 394 * This routine is used to prepare a Module token object for
404 * use. It is called after the NSSCKMDToken object is obtained 395 * use. It is called after the NSSCKMDToken object is obtained
405 * from NSSCKMDSlot->GetToken. It is named "Setup" here because 396 * from NSSCKMDSlot->GetToken. It is named "Setup" here because
406 * Cryptoki already defines "InitToken" to do the process of 397 * Cryptoki already defines "InitToken" to do the process of
407 * wiping out any existing state on a token and preparing it for 398 * wiping out any existing state on a token and preparing it for
408 * a new use. This routine is optional; if unimplemented, it 399 * a new use. This routine is optional; if unimplemented, it
409 * merely won't be called. 400 * merely won't be called.
410 */ 401 */
411 CK_RV (PR_CALLBACK *Setup)( 402 CK_RV(PR_CALLBACK *Setup)
412 NSSCKMDToken *mdToken, 403 (
413 NSSCKFWToken *fwToken, 404 NSSCKMDToken *mdToken,
414 NSSCKMDInstance *mdInstance, 405 NSSCKFWToken *fwToken,
415 NSSCKFWInstance *fwInstance 406 NSSCKMDInstance *mdInstance,
416 ); 407 NSSCKFWInstance *fwInstance);
417 408
418 /* 409 /*
419 * This routine is called by the Framework whenever it notices 410 * This routine is called by the Framework whenever it notices
420 * that the token object is invalid. (Typically this is when a 411 * that the token object is invalid. (Typically this is when a
421 * routine indicates an error such as CKR_DEVICE_REMOVED). This 412 * routine indicates an error such as CKR_DEVICE_REMOVED). This
422 * call is the last thing called before the NSSArena in the 413 * call is the last thing called before the NSSArena in the
423 * corresponding NSSCKFWToken is destroyed. This routine is 414 * corresponding NSSCKFWToken is destroyed. This routine is
424 * optional; if unimplemented, it merely won't be called. 415 * optional; if unimplemented, it merely won't be called.
425 */ 416 */
426 void (PR_CALLBACK *Invalidate)( 417 void(PR_CALLBACK *Invalidate)(
427 NSSCKMDToken *mdToken, 418 NSSCKMDToken *mdToken,
428 NSSCKFWToken *fwToken, 419 NSSCKFWToken *fwToken,
429 NSSCKMDInstance *mdInstance, 420 NSSCKMDInstance *mdInstance,
430 NSSCKFWInstance *fwInstance 421 NSSCKFWInstance *fwInstance);
431 ); 422
432 423 /*
433 /* 424 * This routine initialises the token in the specified slot.
434 * This routine initialises the token in the specified slot. 425 * This routine is optional; if unimplemented, the Framework
435 * This routine is optional; if unimplemented, the Framework 426 * will fail this operation with an error of CKR_DEVICE_ERROR.
436 * will fail this operation with an error of CKR_DEVICE_ERROR. 427 */
437 */ 428
438 429 CK_RV(PR_CALLBACK *InitToken)
439 CK_RV (PR_CALLBACK *InitToken)( 430 (
440 NSSCKMDToken *mdToken, 431 NSSCKMDToken *mdToken,
441 NSSCKFWToken *fwToken, 432 NSSCKFWToken *fwToken,
442 NSSCKMDInstance *mdInstance, 433 NSSCKMDInstance *mdInstance,
443 NSSCKFWInstance *fwInstance, 434 NSSCKFWInstance *fwInstance,
444 NSSItem *pin, 435 NSSItem *pin,
445 NSSUTF8 *label 436 NSSUTF8 *label);
446 ); 437
447 438 /*
448 /* 439 * This routine returns a pointer to a UTF8-encoded string
449 * This routine returns a pointer to a UTF8-encoded string 440 * containing this token's label. Only the characters
450 * containing this token's label. Only the characters 441 * completely encoded in the first thirty-two bytes are
451 * completely encoded in the first thirty-two bytes are 442 * significant. This routine is optional. The string
452 * significant. This routine is optional. The string 443 * returned is never freed; if dynamically generated,
453 * returned is never freed; if dynamically generated, 444 * the space for it should be allocated from the NSSArena
454 * the space for it should be allocated from the NSSArena 445 * that may be obtained from the NSSCKFWInstance. This
455 * that may be obtained from the NSSCKFWInstance. This 446 * routine may return NULL upon error; however if *pError
456 * routine may return NULL upon error; however if *pError 447 * is CKR_OK, the NULL will be considered the valid response.
457 * is CKR_OK, the NULL will be considered the valid response. 448 */
458 */ 449 NSSUTF8 *(PR_CALLBACK *GetLabel)(
459 NSSUTF8 *(PR_CALLBACK *GetLabel)( 450 NSSCKMDToken *mdToken,
460 NSSCKMDToken *mdToken, 451 NSSCKFWToken *fwToken,
461 NSSCKFWToken *fwToken, 452 NSSCKMDInstance *mdInstance,
462 NSSCKMDInstance *mdInstance, 453 NSSCKFWInstance *fwInstance,
463 NSSCKFWInstance *fwInstance, 454 CK_RV *pError);
464 CK_RV *pError 455
465 ); 456 /*
466 457 * This routine returns a pointer to a UTF8-encoded string
467 /* 458 * containing this token's manufacturer ID. Only the characters
468 * This routine returns a pointer to a UTF8-encoded string 459 * completely encoded in the first thirty-two bytes are
469 * containing this token's manufacturer ID. Only the characters 460 * significant. This routine is optional. The string
470 * completely encoded in the first thirty-two bytes are 461 * returned is never freed; if dynamically generated,
471 * significant. This routine is optional. The string 462 * the space for it should be allocated from the NSSArena
472 * returned is never freed; if dynamically generated, 463 * that may be obtained from the NSSCKFWInstance. This
473 * the space for it should be allocated from the NSSArena 464 * routine may return NULL upon error; however if *pError
474 * that may be obtained from the NSSCKFWInstance. This 465 * is CKR_OK, the NULL will be considered the valid response.
475 * routine may return NULL upon error; however if *pError 466 */
476 * is CKR_OK, the NULL will be considered the valid response. 467 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
477 */ 468 NSSCKMDToken *mdToken,
478 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 469 NSSCKFWToken *fwToken,
479 NSSCKMDToken *mdToken, 470 NSSCKMDInstance *mdInstance,
480 NSSCKFWToken *fwToken, 471 NSSCKFWInstance *fwInstance,
481 NSSCKMDInstance *mdInstance, 472 CK_RV *pError);
482 NSSCKFWInstance *fwInstance, 473
483 CK_RV *pError 474 /*
484 ); 475 * This routine returns a pointer to a UTF8-encoded string
485 476 * containing this token's model name. Only the characters
486 /* 477 * completely encoded in the first thirty-two bytes are
487 * This routine returns a pointer to a UTF8-encoded string 478 * significant. This routine is optional. The string
488 * containing this token's model name. Only the characters 479 * returned is never freed; if dynamically generated,
489 * completely encoded in the first thirty-two bytes are 480 * the space for it should be allocated from the NSSArena
490 * significant. This routine is optional. The string 481 * that may be obtained from the NSSCKFWInstance. This
491 * returned is never freed; if dynamically generated, 482 * routine may return NULL upon error; however if *pError
492 * the space for it should be allocated from the NSSArena 483 * is CKR_OK, the NULL will be considered the valid response.
493 * that may be obtained from the NSSCKFWInstance. This 484 */
494 * routine may return NULL upon error; however if *pError 485 NSSUTF8 *(PR_CALLBACK *GetModel)(
495 * is CKR_OK, the NULL will be considered the valid response. 486 NSSCKMDToken *mdToken,
496 */ 487 NSSCKFWToken *fwToken,
497 NSSUTF8 *(PR_CALLBACK *GetModel)( 488 NSSCKMDInstance *mdInstance,
498 NSSCKMDToken *mdToken, 489 NSSCKFWInstance *fwInstance,
499 NSSCKFWToken *fwToken, 490 CK_RV *pError);
500 NSSCKMDInstance *mdInstance, 491
501 NSSCKFWInstance *fwInstance, 492 /*
502 CK_RV *pError 493 * This routine returns a pointer to a UTF8-encoded string
503 ); 494 * containing this token's serial number. Only the characters
504 495 * completely encoded in the first thirty-two bytes are
505 /* 496 * significant. This routine is optional. The string
506 * This routine returns a pointer to a UTF8-encoded string 497 * returned is never freed; if dynamically generated,
507 * containing this token's serial number. Only the characters 498 * the space for it should be allocated from the NSSArena
508 * completely encoded in the first thirty-two bytes are 499 * that may be obtained from the NSSCKFWInstance. This
509 * significant. This routine is optional. The string 500 * routine may return NULL upon error; however if *pError
510 * returned is never freed; if dynamically generated, 501 * is CKR_OK, the NULL will be considered the valid response.
511 * the space for it should be allocated from the NSSArena 502 */
512 * that may be obtained from the NSSCKFWInstance. This 503 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
513 * routine may return NULL upon error; however if *pError 504 NSSCKMDToken *mdToken,
514 * is CKR_OK, the NULL will be considered the valid response. 505 NSSCKFWToken *fwToken,
515 */ 506 NSSCKMDInstance *mdInstance,
516 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( 507 NSSCKFWInstance *fwInstance,
517 NSSCKMDToken *mdToken, 508 CK_RV *pError);
518 NSSCKFWToken *fwToken, 509
519 NSSCKMDInstance *mdInstance, 510 /*
520 NSSCKFWInstance *fwInstance, 511 * This routine returns CK_TRUE if the token has its own
521 CK_RV *pError 512 * random number generator. This routine is optional; if
522 ); 513 * unimplemented, CK_FALSE is assumed.
523 514 */
524 /* 515 CK_BBOOL(PR_CALLBACK *GetHasRNG)
525 * This routine returns CK_TRUE if the token has its own 516 (
526 * random number generator. This routine is optional; if 517 NSSCKMDToken *mdToken,
527 * unimplemented, CK_FALSE is assumed. 518 NSSCKFWToken *fwToken,
528 */ 519 NSSCKMDInstance *mdInstance,
529 CK_BBOOL (PR_CALLBACK *GetHasRNG)( 520 NSSCKFWInstance *fwInstance);
530 NSSCKMDToken *mdToken, 521
531 NSSCKFWToken *fwToken, 522 /*
532 NSSCKMDInstance *mdInstance, 523 * This routine returns CK_TRUE if this token is write-protected.
533 NSSCKFWInstance *fwInstance 524 * This routine is optional; if unimplemented, CK_FALSE is
534 ); 525 * assumed.
535 526 */
536 /* 527 CK_BBOOL(PR_CALLBACK *GetIsWriteProtected)
537 * This routine returns CK_TRUE if this token is write-protected. 528 (
538 * This routine is optional; if unimplemented, CK_FALSE is 529 NSSCKMDToken *mdToken,
539 * assumed. 530 NSSCKFWToken *fwToken,
540 */ 531 NSSCKMDInstance *mdInstance,
541 CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( 532 NSSCKFWInstance *fwInstance);
542 NSSCKMDToken *mdToken, 533
543 NSSCKFWToken *fwToken, 534 /*
544 NSSCKMDInstance *mdInstance, 535 * This routine returns CK_TRUE if this token requires a login.
545 NSSCKFWInstance *fwInstance 536 * This routine is optional; if unimplemented, CK_FALSE is
546 ); 537 * assumed.
547 538 */
548 /* 539 CK_BBOOL(PR_CALLBACK *GetLoginRequired)
549 * This routine returns CK_TRUE if this token requires a login. 540 (
550 * This routine is optional; if unimplemented, CK_FALSE is 541 NSSCKMDToken *mdToken,
551 * assumed. 542 NSSCKFWToken *fwToken,
552 */ 543 NSSCKMDInstance *mdInstance,
553 CK_BBOOL (PR_CALLBACK *GetLoginRequired)( 544 NSSCKFWInstance *fwInstance);
554 NSSCKMDToken *mdToken, 545
555 NSSCKFWToken *fwToken, 546 /*
556 NSSCKMDInstance *mdInstance, 547 * This routine returns CK_TRUE if the normal user's PIN on this
557 NSSCKFWInstance *fwInstance 548 * token has been initialised. This routine is optional; if
558 ); 549 * unimplemented, CK_FALSE is assumed.
559 550 */
560 /* 551 CK_BBOOL(PR_CALLBACK *GetUserPinInitialized)
561 * This routine returns CK_TRUE if the normal user's PIN on this 552 (
562 * token has been initialised. This routine is optional; if 553 NSSCKMDToken *mdToken,
563 * unimplemented, CK_FALSE is assumed. 554 NSSCKFWToken *fwToken,
564 */ 555 NSSCKMDInstance *mdInstance,
565 CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( 556 NSSCKFWInstance *fwInstance);
566 NSSCKMDToken *mdToken, 557
567 NSSCKFWToken *fwToken, 558 /*
568 NSSCKMDInstance *mdInstance, 559 * This routine returns CK_TRUE if a successful save of a
569 NSSCKFWInstance *fwInstance 560 * session's cryptographic operations state ~always~ contains
570 ); 561 * all keys needed to restore the state of the session. This
571 562 * routine is optional; if unimplemented, CK_FALSE is assumed.
572 /* 563 */
573 * This routine returns CK_TRUE if a successful save of a 564 CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded)
574 * session's cryptographic operations state ~always~ contains 565 (
575 * all keys needed to restore the state of the session. This 566 NSSCKMDToken *mdToken,
576 * routine is optional; if unimplemented, CK_FALSE is assumed. 567 NSSCKFWToken *fwToken,
577 */ 568 NSSCKMDInstance *mdInstance,
578 CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( 569 NSSCKFWInstance *fwInstance);
579 NSSCKMDToken *mdToken, 570
580 NSSCKFWToken *fwToken, 571 /*
581 NSSCKMDInstance *mdInstance, 572 * This routine returns CK_TRUE if the token has its own
582 NSSCKFWInstance *fwInstance 573 * hardware clock. This routine is optional; if unimplemented,
583 ); 574 * CK_FALSE is assumed.
584 575 */
585 /* 576 CK_BBOOL(PR_CALLBACK *GetHasClockOnToken)
586 * This routine returns CK_TRUE if the token has its own 577 (
587 * hardware clock. This routine is optional; if unimplemented, 578 NSSCKMDToken *mdToken,
588 * CK_FALSE is assumed. 579 NSSCKFWToken *fwToken,
589 */ 580 NSSCKMDInstance *mdInstance,
590 CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( 581 NSSCKFWInstance *fwInstance);
591 NSSCKMDToken *mdToken, 582
592 NSSCKFWToken *fwToken, 583 /*
593 NSSCKMDInstance *mdInstance, 584 * This routine returns CK_TRUE if the token has a protected
594 NSSCKFWInstance *fwInstance 585 * authentication path. This routine is optional; if
595 ); 586 * unimplemented, CK_FALSE is assumed.
596 587 */
597 /* 588 CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath)
598 * This routine returns CK_TRUE if the token has a protected 589 (
599 * authentication path. This routine is optional; if 590 NSSCKMDToken *mdToken,
600 * unimplemented, CK_FALSE is assumed. 591 NSSCKFWToken *fwToken,
601 */ 592 NSSCKMDInstance *mdInstance,
602 CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( 593 NSSCKFWInstance *fwInstance);
603 NSSCKMDToken *mdToken, 594
604 NSSCKFWToken *fwToken, 595 /*
605 NSSCKMDInstance *mdInstance, 596 * This routine returns CK_TRUE if the token supports dual
606 NSSCKFWInstance *fwInstance 597 * cryptographic operations within a single session. This
607 ); 598 * routine is optional; if unimplemented, CK_FALSE is assumed.
608 599 */
609 /* 600 CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations)
610 * This routine returns CK_TRUE if the token supports dual 601 (
611 * cryptographic operations within a single session. This 602 NSSCKMDToken *mdToken,
612 * routine is optional; if unimplemented, CK_FALSE is assumed. 603 NSSCKFWToken *fwToken,
613 */ 604 NSSCKMDInstance *mdInstance,
614 CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( 605 NSSCKFWInstance *fwInstance);
615 NSSCKMDToken *mdToken, 606
616 NSSCKFWToken *fwToken, 607 /*
617 NSSCKMDInstance *mdInstance, 608 * XXX fgmr-- should we have a call to return all the flags
618 NSSCKFWInstance *fwInstance 609 * at once, for folks who already know about Cryptoki?
619 ); 610 */
620 611
621 /* 612 /*
622 * XXX fgmr-- should we have a call to return all the flags 613 * This routine returns the maximum number of sessions that
623 * at once, for folks who already know about Cryptoki? 614 * may be opened on this token. This routine is optional;
624 */ 615 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
625 616 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
626 /* 617 */
627 * This routine returns the maximum number of sessions that 618 CK_ULONG(PR_CALLBACK *GetMaxSessionCount)
628 * may be opened on this token. This routine is optional; 619 (
629 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION 620 NSSCKMDToken *mdToken,
630 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? 621 NSSCKFWToken *fwToken,
631 */ 622 NSSCKMDInstance *mdInstance,
632 CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( 623 NSSCKFWInstance *fwInstance);
633 NSSCKMDToken *mdToken, 624
634 NSSCKFWToken *fwToken, 625 /*
635 NSSCKMDInstance *mdInstance, 626 * This routine returns the maximum number of read/write
636 NSSCKFWInstance *fwInstance 627 * sesisons that may be opened on this token. This routine
637 ); 628 * is optional; if unimplemented, the special value
638 629 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
639 /* 630 * CK_EFFECTIVELY_INFINITE?
640 * This routine returns the maximum number of read/write 631 */
641 * sesisons that may be opened on this token. This routine 632 CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount)
642 * is optional; if unimplemented, the special value 633 (
643 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or 634 NSSCKMDToken *mdToken,
644 * CK_EFFECTIVELY_INFINITE? 635 NSSCKFWToken *fwToken,
645 */ 636 NSSCKMDInstance *mdInstance,
646 CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( 637 NSSCKFWInstance *fwInstance);
647 NSSCKMDToken *mdToken, 638
648 NSSCKFWToken *fwToken, 639 /*
649 NSSCKMDInstance *mdInstance, 640 * This routine returns the maximum PIN code length that is
650 NSSCKFWInstance *fwInstance 641 * supported on this token. This routine is optional;
651 ); 642 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
652 643 * is assumed.
653 /* 644 */
654 * This routine returns the maximum PIN code length that is 645 CK_ULONG(PR_CALLBACK *GetMaxPinLen)
655 * supported on this token. This routine is optional; 646 (
656 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION 647 NSSCKMDToken *mdToken,
657 * is assumed. 648 NSSCKFWToken *fwToken,
658 */ 649 NSSCKMDInstance *mdInstance,
659 CK_ULONG (PR_CALLBACK *GetMaxPinLen)( 650 NSSCKFWInstance *fwInstance);
660 NSSCKMDToken *mdToken, 651
661 NSSCKFWToken *fwToken, 652 /*
662 NSSCKMDInstance *mdInstance, 653 * This routine returns the minimum PIN code length that is
663 NSSCKFWInstance *fwInstance 654 * supported on this token. This routine is optional; if
664 ); 655 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
665 656 * is assumed. XXX fgmr-- or 0?
666 /* 657 */
667 * This routine returns the minimum PIN code length that is 658 CK_ULONG(PR_CALLBACK *GetMinPinLen)
668 * supported on this token. This routine is optional; if 659 (
669 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION 660 NSSCKMDToken *mdToken,
670 * is assumed. XXX fgmr-- or 0? 661 NSSCKFWToken *fwToken,
671 */ 662 NSSCKMDInstance *mdInstance,
672 CK_ULONG (PR_CALLBACK *GetMinPinLen)( 663 NSSCKFWInstance *fwInstance);
673 NSSCKMDToken *mdToken, 664
674 NSSCKFWToken *fwToken, 665 /*
675 NSSCKMDInstance *mdInstance, 666 * This routine returns the total amount of memory on the token
676 NSSCKFWInstance *fwInstance 667 * in which public objects may be stored. This routine is
677 ); 668 * optional; if unimplemented, the special value
678 669 * CK_UNAVAILABLE_INFORMATION is assumed.
679 /* 670 */
680 * This routine returns the total amount of memory on the token 671 CK_ULONG(PR_CALLBACK *GetTotalPublicMemory)
681 * in which public objects may be stored. This routine is 672 (
682 * optional; if unimplemented, the special value 673 NSSCKMDToken *mdToken,
683 * CK_UNAVAILABLE_INFORMATION is assumed. 674 NSSCKFWToken *fwToken,
684 */ 675 NSSCKMDInstance *mdInstance,
685 CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( 676 NSSCKFWInstance *fwInstance);
686 NSSCKMDToken *mdToken, 677
687 NSSCKFWToken *fwToken, 678 /*
688 NSSCKMDInstance *mdInstance, 679 * This routine returns the amount of unused memory on the
689 NSSCKFWInstance *fwInstance 680 * token in which public objects may be stored. This routine
690 ); 681 * is optional; if unimplemented, the special value
691 682 * CK_UNAVAILABLE_INFORMATION is assumed.
692 /* 683 */
693 * This routine returns the amount of unused memory on the 684 CK_ULONG(PR_CALLBACK *GetFreePublicMemory)
694 * token in which public objects may be stored. This routine 685 (
695 * is optional; if unimplemented, the special value 686 NSSCKMDToken *mdToken,
696 * CK_UNAVAILABLE_INFORMATION is assumed. 687 NSSCKFWToken *fwToken,
697 */ 688 NSSCKMDInstance *mdInstance,
698 CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( 689 NSSCKFWInstance *fwInstance);
699 NSSCKMDToken *mdToken, 690
700 NSSCKFWToken *fwToken, 691 /*
701 NSSCKMDInstance *mdInstance, 692 * This routine returns the total amount of memory on the token
702 NSSCKFWInstance *fwInstance 693 * in which private objects may be stored. This routine is
703 ); 694 * optional; if unimplemented, the special value
704 695 * CK_UNAVAILABLE_INFORMATION is assumed.
705 /* 696 */
706 * This routine returns the total amount of memory on the token 697 CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory)
707 * in which private objects may be stored. This routine is 698 (
708 * optional; if unimplemented, the special value 699 NSSCKMDToken *mdToken,
709 * CK_UNAVAILABLE_INFORMATION is assumed. 700 NSSCKFWToken *fwToken,
710 */ 701 NSSCKMDInstance *mdInstance,
711 CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( 702 NSSCKFWInstance *fwInstance);
712 NSSCKMDToken *mdToken, 703
713 NSSCKFWToken *fwToken, 704 /*
714 NSSCKMDInstance *mdInstance, 705 * This routine returns the amount of unused memory on the
715 NSSCKFWInstance *fwInstance 706 * token in which private objects may be stored. This routine
716 ); 707 * is optional; if unimplemented, the special value
717 708 * CK_UNAVAILABLE_INFORMATION is assumed.
718 /* 709 */
719 * This routine returns the amount of unused memory on the 710 CK_ULONG(PR_CALLBACK *GetFreePrivateMemory)
720 * token in which private objects may be stored. This routine 711 (
721 * is optional; if unimplemented, the special value 712 NSSCKMDToken *mdToken,
722 * CK_UNAVAILABLE_INFORMATION is assumed. 713 NSSCKFWToken *fwToken,
723 */ 714 NSSCKMDInstance *mdInstance,
724 CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( 715 NSSCKFWInstance *fwInstance);
725 NSSCKMDToken *mdToken, 716
726 NSSCKFWToken *fwToken, 717 /*
727 NSSCKMDInstance *mdInstance, 718 * This routine returns the version number of this token's
728 NSSCKFWInstance *fwInstance 719 * hardware. This routine is optional; if unimplemented,
729 ); 720 * the value 0.1 is assumed.
730 721 */
731 /* 722 CK_VERSION(PR_CALLBACK *GetHardwareVersion)
732 * This routine returns the version number of this token's 723 (
733 * hardware. This routine is optional; if unimplemented, 724 NSSCKMDToken *mdToken,
734 * the value 0.1 is assumed. 725 NSSCKFWToken *fwToken,
735 */ 726 NSSCKMDInstance *mdInstance,
736 CK_VERSION (PR_CALLBACK *GetHardwareVersion)( 727 NSSCKFWInstance *fwInstance);
737 NSSCKMDToken *mdToken, 728
738 NSSCKFWToken *fwToken, 729 /*
739 NSSCKMDInstance *mdInstance, 730 * This routine returns the version number of this token's
740 NSSCKFWInstance *fwInstance 731 * firmware. This routine is optional; if unimplemented,
741 ); 732 * the value 0.1 is assumed.
742 733 */
743 /* 734 CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
744 * This routine returns the version number of this token's 735 (
745 * firmware. This routine is optional; if unimplemented, 736 NSSCKMDToken *mdToken,
746 * the value 0.1 is assumed. 737 NSSCKFWToken *fwToken,
747 */ 738 NSSCKMDInstance *mdInstance,
748 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( 739 NSSCKFWInstance *fwInstance);
749 NSSCKMDToken *mdToken, 740
750 NSSCKFWToken *fwToken, 741 /*
751 NSSCKMDInstance *mdInstance, 742 * This routine stuffs the current UTC time, as obtained from
752 NSSCKFWInstance *fwInstance 743 * the token, into the sixteen-byte buffer in the form
753 ); 744 * YYYYMMDDhhmmss00. This routine need only be implemented
754 745 * by token which indicate that they have a real-time clock.
755 /* 746 * XXX fgmr-- think about time formats.
756 * This routine stuffs the current UTC time, as obtained from 747 */
757 * the token, into the sixteen-byte buffer in the form 748 CK_RV(PR_CALLBACK *GetUTCTime)
758 * YYYYMMDDhhmmss00. This routine need only be implemented 749 (
759 * by token which indicate that they have a real-time clock. 750 NSSCKMDToken *mdToken,
760 * XXX fgmr-- think about time formats. 751 NSSCKFWToken *fwToken,
761 */ 752 NSSCKMDInstance *mdInstance,
762 CK_RV (PR_CALLBACK *GetUTCTime)( 753 NSSCKFWInstance *fwInstance,
763 NSSCKMDToken *mdToken, 754 CK_CHAR utcTime[16]);
764 NSSCKFWToken *fwToken, 755
765 NSSCKMDInstance *mdInstance, 756 /*
766 NSSCKFWInstance *fwInstance, 757 * This routine creates a session on the token, and returns
767 CK_CHAR utcTime[16] 758 * the corresponding NSSCKMDSession object. The value of
768 ); 759 * rw will be CK_TRUE if the session is to be a read/write
769 760 * session, or CK_FALSE otherwise. An NSSArena dedicated to
770 /* 761 * the new session is available from the specified NSSCKFWSession.
771 * This routine creates a session on the token, and returns 762 * This routine may return NULL upon error.
772 * the corresponding NSSCKMDSession object. The value of 763 */
773 * rw will be CK_TRUE if the session is to be a read/write 764 NSSCKMDSession *(PR_CALLBACK *OpenSession)(
774 * session, or CK_FALSE otherwise. An NSSArena dedicated to 765 NSSCKMDToken *mdToken,
775 * the new session is available from the specified NSSCKFWSession. 766 NSSCKFWToken *fwToken,
776 * This routine may return NULL upon error. 767 NSSCKMDInstance *mdInstance,
777 */ 768 NSSCKFWInstance *fwInstance,
778 NSSCKMDSession *(PR_CALLBACK *OpenSession)( 769 NSSCKFWSession *fwSession,
779 NSSCKMDToken *mdToken, 770 CK_BBOOL rw,
780 NSSCKFWToken *fwToken, 771 CK_RV *pError);
781 NSSCKMDInstance *mdInstance, 772
782 NSSCKFWInstance *fwInstance, 773 /*
783 NSSCKFWSession *fwSession, 774 * This routine returns the number of PKCS#11 Mechanisms
784 CK_BBOOL rw, 775 * supported by this token. This routine is optional; if
785 CK_RV *pError 776 * unimplemented, zero is assumed.
786 ); 777 */
787 778 CK_ULONG(PR_CALLBACK *GetMechanismCount)
788 /* 779 (
789 * This routine returns the number of PKCS#11 Mechanisms 780 NSSCKMDToken *mdToken,
790 * supported by this token. This routine is optional; if 781 NSSCKFWToken *fwToken,
791 * unimplemented, zero is assumed. 782 NSSCKMDInstance *mdInstance,
792 */ 783 NSSCKFWInstance *fwInstance);
793 CK_ULONG (PR_CALLBACK *GetMechanismCount)( 784
794 NSSCKMDToken *mdToken, 785 /*
795 NSSCKFWToken *fwToken, 786 * This routine stuffs into the specified array the types
796 NSSCKMDInstance *mdInstance, 787 * of the mechanisms supported by this token. The Framework
797 NSSCKFWInstance *fwInstance 788 * determines the size of the array by calling GetMechanismCount.
798 ); 789 */
799 790 CK_RV(PR_CALLBACK *GetMechanismTypes)
800 /* 791 (
801 * This routine stuffs into the specified array the types 792 NSSCKMDToken *mdToken,
802 * of the mechanisms supported by this token. The Framework 793 NSSCKFWToken *fwToken,
803 * determines the size of the array by calling GetMechanismCount. 794 NSSCKMDInstance *mdInstance,
804 */ 795 NSSCKFWInstance *fwInstance,
805 CK_RV (PR_CALLBACK *GetMechanismTypes)( 796 CK_MECHANISM_TYPE types[]);
806 NSSCKMDToken *mdToken, 797
807 NSSCKFWToken *fwToken, 798 /*
808 NSSCKMDInstance *mdInstance, 799 * This routine returns a pointer to a Module mechanism
809 NSSCKFWInstance *fwInstance, 800 * object corresponding to a specified type. This routine
810 CK_MECHANISM_TYPE types[] 801 * need only exist for tokens implementing at least one
811 ); 802 * mechanism.
812 803 */
813 /* 804 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
814 * This routine returns a pointer to a Module mechanism 805 NSSCKMDToken *mdToken,
815 * object corresponding to a specified type. This routine 806 NSSCKFWToken *fwToken,
816 * need only exist for tokens implementing at least one 807 NSSCKMDInstance *mdInstance,
817 * mechanism. 808 NSSCKFWInstance *fwInstance,
818 */ 809 CK_MECHANISM_TYPE which,
819 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( 810 CK_RV *pError);
820 NSSCKMDToken *mdToken, 811
821 NSSCKFWToken *fwToken, 812 /*
822 NSSCKMDInstance *mdInstance, 813 * This object may be extended in future versions of the
823 NSSCKFWInstance *fwInstance, 814 * NSS Cryptoki Framework. To allow for some flexibility
824 CK_MECHANISM_TYPE which, 815 * in the area of binary compatibility, this field should
825 CK_RV *pError 816 * be NULL.
826 ); 817 */
827 818 void *null;
828 /*
829 * This object may be extended in future versions of the
830 * NSS Cryptoki Framework. To allow for some flexibility
831 * in the area of binary compatibility, this field should
832 * be NULL.
833 */
834 void *null;
835 }; 819 };
836 820
837 /* 821 /*
838 * NSSCKMDSession 822 * NSSCKMDSession
839 * 823 *
840 * This is the basic handle for a session on a PKCS#11 Token. It 824 * This is the basic handle for a session on a PKCS#11 Token. It
841 * is created by NSSCKMDToken->OpenSession, and may be obtained 825 * is created by NSSCKMDToken->OpenSession, and may be obtained
842 * from the Framework's corresponding NSSCKFWSession object. It 826 * from the Framework's corresponding NSSCKFWSession object. It
843 * contains a pointer for use by the Module, to store any session- 827 * contains a pointer for use by the Module, to store any session-
844 * realted data, and it contains the EPV for a set of routines 828 * realted data, and it contains the EPV for a set of routines
845 * which the Module may implement for use by the Framework. Some 829 * which the Module may implement for use by the Framework. Some
846 * of these routines are optional. 830 * of these routines are optional.
847 */ 831 */
848 832
849 struct NSSCKMDSessionStr { 833 struct NSSCKMDSessionStr {
850 /* 834 /*
851 * The Module may use this pointer for its own purposes. 835 * The Module may use this pointer for its own purposes.
852 */ 836 */
853 void *etc; 837 void *etc;
854 838
855 /* 839 /*
856 * This routine is called by the Framework when a session is 840 * This routine is called by the Framework when a session is
857 * closed. This call is the last thing called before the 841 * closed. This call is the last thing called before the
858 * NSSArena in the correspoinding NSSCKFWSession is destroyed. 842 * NSSArena in the correspoinding NSSCKFWSession is destroyed.
859 * This routine is optional; if unimplemented, it merely won't 843 * This routine is optional; if unimplemented, it merely won't
860 * be called. 844 * be called.
861 */ 845 */
862 void (PR_CALLBACK *Close)( 846 void(PR_CALLBACK *Close)(
863 NSSCKMDSession *mdSession, 847 NSSCKMDSession *mdSession,
864 NSSCKFWSession *fwSession, 848 NSSCKFWSession *fwSession,
865 NSSCKMDToken *mdToken, 849 NSSCKMDToken *mdToken,
866 NSSCKFWToken *fwToken, 850 NSSCKFWToken *fwToken,
867 NSSCKMDInstance *mdInstance, 851 NSSCKMDInstance *mdInstance,
868 NSSCKFWInstance *fwInstance 852 NSSCKFWInstance *fwInstance);
869 ); 853
870 854 /*
871 /* 855 * This routine is used to get any device-specific error.
872 * This routine is used to get any device-specific error. 856 * This routine is optional.
873 * This routine is optional. 857 */
874 */ 858 CK_ULONG(PR_CALLBACK *GetDeviceError)
875 CK_ULONG (PR_CALLBACK *GetDeviceError)( 859 (
876 NSSCKMDSession *mdSession, 860 NSSCKMDSession *mdSession,
877 NSSCKFWSession *fwSession, 861 NSSCKFWSession *fwSession,
878 NSSCKMDToken *mdToken, 862 NSSCKMDToken *mdToken,
879 NSSCKFWToken *fwToken, 863 NSSCKFWToken *fwToken,
880 NSSCKMDInstance *mdInstance, 864 NSSCKMDInstance *mdInstance,
881 NSSCKFWInstance *fwInstance 865 NSSCKFWInstance *fwInstance);
882 ); 866
883 867 /*
884 /* 868 * This routine is used to log in a user to the token. This
885 * This routine is used to log in a user to the token. This 869 * routine is optional, since the Framework's NSSCKFWSession
886 * routine is optional, since the Framework's NSSCKFWSession 870 * object keeps track of the login state.
887 * object keeps track of the login state. 871 */
888 */ 872 CK_RV(PR_CALLBACK *Login)
889 CK_RV (PR_CALLBACK *Login)( 873 (
890 NSSCKMDSession *mdSession, 874 NSSCKMDSession *mdSession,
891 NSSCKFWSession *fwSession, 875 NSSCKFWSession *fwSession,
892 NSSCKMDToken *mdToken, 876 NSSCKMDToken *mdToken,
893 NSSCKFWToken *fwToken, 877 NSSCKFWToken *fwToken,
894 NSSCKMDInstance *mdInstance, 878 NSSCKMDInstance *mdInstance,
895 NSSCKFWInstance *fwInstance, 879 NSSCKFWInstance *fwInstance,
896 CK_USER_TYPE userType, 880 CK_USER_TYPE userType,
897 NSSItem *pin, 881 NSSItem *pin,
898 CK_STATE oldState, 882 CK_STATE oldState,
899 CK_STATE newState 883 CK_STATE newState);
900 ); 884
901 885 /*
902 /* 886 * This routine is used to log out a user from the token. This
903 * This routine is used to log out a user from the token. This 887 * routine is optional, since the Framework's NSSCKFWSession
904 * routine is optional, since the Framework's NSSCKFWSession 888 * object keeps track of the login state.
905 * object keeps track of the login state. 889 */
906 */ 890 CK_RV(PR_CALLBACK *Logout)
907 CK_RV (PR_CALLBACK *Logout)( 891 (
908 NSSCKMDSession *mdSession, 892 NSSCKMDSession *mdSession,
909 NSSCKFWSession *fwSession, 893 NSSCKFWSession *fwSession,
910 NSSCKMDToken *mdToken, 894 NSSCKMDToken *mdToken,
911 NSSCKFWToken *fwToken, 895 NSSCKFWToken *fwToken,
912 NSSCKMDInstance *mdInstance, 896 NSSCKMDInstance *mdInstance,
913 NSSCKFWInstance *fwInstance, 897 NSSCKFWInstance *fwInstance,
914 CK_STATE oldState, 898 CK_STATE oldState,
915 CK_STATE newState 899 CK_STATE newState);
916 ); 900
917 901 /*
918 /* 902 * This routine is used to initialize the normal user's PIN or
919 * This routine is used to initialize the normal user's PIN or 903 * password. This will only be called in the "read/write
920 * password. This will only be called in the "read/write 904 * security officer functions" state. If this token has a
921 * security officer functions" state. If this token has a 905 * protected authentication path, then the pin argument will
922 * protected authentication path, then the pin argument will 906 * be NULL. This routine is optional; if unimplemented, the
923 * be NULL. This routine is optional; if unimplemented, the 907 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
924 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. 908 */
925 */ 909 CK_RV(PR_CALLBACK *InitPIN)
926 CK_RV (PR_CALLBACK *InitPIN)( 910 (
927 NSSCKMDSession *mdSession, 911 NSSCKMDSession *mdSession,
928 NSSCKFWSession *fwSession, 912 NSSCKFWSession *fwSession,
929 NSSCKMDToken *mdToken, 913 NSSCKMDToken *mdToken,
930 NSSCKFWToken *fwToken, 914 NSSCKFWToken *fwToken,
931 NSSCKMDInstance *mdInstance, 915 NSSCKMDInstance *mdInstance,
932 NSSCKFWInstance *fwInstance, 916 NSSCKFWInstance *fwInstance,
933 NSSItem *pin 917 NSSItem *pin);
934 ); 918
935 919 /*
936 /* 920 * This routine is used to modify a user's PIN or password. This
937 * This routine is used to modify a user's PIN or password. This 921 * routine will only be called in the "read/write security officer
938 * routine will only be called in the "read/write security officer 922 * functions" or "read/write user functions" state. If this token
939 * functions" or "read/write user functions" state. If this token 923 * has a protected authentication path, then the pin arguments
940 * has a protected authentication path, then the pin arguments 924 * will be NULL. This routine is optional; if unimplemented, the
941 * will be NULL. This routine is optional; if unimplemented, the 925 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
942 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. 926 */
943 */ 927 CK_RV(PR_CALLBACK *SetPIN)
944 CK_RV (PR_CALLBACK *SetPIN)( 928 (
945 NSSCKMDSession *mdSession, 929 NSSCKMDSession *mdSession,
946 NSSCKFWSession *fwSession, 930 NSSCKFWSession *fwSession,
947 NSSCKMDToken *mdToken, 931 NSSCKMDToken *mdToken,
948 NSSCKFWToken *fwToken, 932 NSSCKFWToken *fwToken,
949 NSSCKMDInstance *mdInstance, 933 NSSCKMDInstance *mdInstance,
950 NSSCKFWInstance *fwInstance, 934 NSSCKFWInstance *fwInstance,
951 NSSItem *oldPin, 935 NSSItem *oldPin,
952 NSSItem *newPin 936 NSSItem *newPin);
953 ); 937
954 938 /*
955 /* 939 * This routine is used to find out how much space would be required
956 * This routine is used to find out how much space would be required 940 * to save the current operational state. This routine is optional;
957 * to save the current operational state. This routine is optional; 941 * if unimplemented, the Framework will reject any attempts to save
958 * if unimplemented, the Framework will reject any attempts to save 942 * the operational state with the error CKR_STATE_UNSAVEABLE. This
959 * the operational state with the error CKR_STATE_UNSAVEABLE. This 943 * routine may return zero on error.
960 * routine may return zero on error. 944 */
961 */ 945 CK_ULONG(PR_CALLBACK *GetOperationStateLen)
962 CK_ULONG (PR_CALLBACK *GetOperationStateLen)( 946 (
963 NSSCKMDSession *mdSession, 947 NSSCKMDSession *mdSession,
964 NSSCKFWSession *fwSession, 948 NSSCKFWSession *fwSession,
965 NSSCKMDToken *mdToken, 949 NSSCKMDToken *mdToken,
966 NSSCKFWToken *fwToken, 950 NSSCKFWToken *fwToken,
967 NSSCKMDInstance *mdInstance, 951 NSSCKMDInstance *mdInstance,
968 NSSCKFWInstance *fwInstance, 952 NSSCKFWInstance *fwInstance,
969 CK_RV *pError 953 CK_RV *pError);
970 ); 954
971 955 /*
972 /* 956 * This routine is used to store the current operational state. This
973 * This routine is used to store the current operational state. This 957 * routine is only required if GetOperationStateLen is implemented
974 * routine is only required if GetOperationStateLen is implemented 958 * and can return a nonzero value. The buffer in the specified item
975 * and can return a nonzero value. The buffer in the specified item 959 * will be pre-allocated, and the length will specify the amount of
976 * will be pre-allocated, and the length will specify the amount of 960 * space available (which may be more than GetOperationStateLen
977 * space available (which may be more than GetOperationStateLen 961 * asked for, but which will not be smaller).
978 * asked for, but which will not be smaller). 962 */
979 */ 963 CK_RV(PR_CALLBACK *GetOperationState)
980 CK_RV (PR_CALLBACK *GetOperationState)( 964 (
981 NSSCKMDSession *mdSession, 965 NSSCKMDSession *mdSession,
982 NSSCKFWSession *fwSession, 966 NSSCKFWSession *fwSession,
983 NSSCKMDToken *mdToken, 967 NSSCKMDToken *mdToken,
984 NSSCKFWToken *fwToken, 968 NSSCKFWToken *fwToken,
985 NSSCKMDInstance *mdInstance, 969 NSSCKMDInstance *mdInstance,
986 NSSCKFWInstance *fwInstance, 970 NSSCKFWInstance *fwInstance,
987 NSSItem *buffer 971 NSSItem *buffer);
988 ); 972
989 973 /*
990 /* 974 * This routine is used to restore an operational state previously
991 * This routine is used to restore an operational state previously 975 * obtained with GetOperationState. The Framework will take pains
992 * obtained with GetOperationState. The Framework will take pains 976 * to be sure that the state is (or was at one point) valid; if the
993 * to be sure that the state is (or was at one point) valid; if the 977 * Module notices that the state is invalid, it should return an
994 * Module notices that the state is invalid, it should return an 978 * error, but it is not required to be paranoid about the issue.
995 * error, but it is not required to be paranoid about the issue. 979 * [XXX fgmr-- should (can?) the framework verify the keys match up?]
996 * [XXX fgmr-- should (can?) the framework verify the keys match up?] 980 * This routine is required only if GetOperationState is implemented.
997 * This routine is required only if GetOperationState is implemented. 981 */
998 */ 982 CK_RV(PR_CALLBACK *SetOperationState)
999 CK_RV (PR_CALLBACK *SetOperationState)( 983 (
1000 NSSCKMDSession *mdSession, 984 NSSCKMDSession *mdSession,
1001 NSSCKFWSession *fwSession, 985 NSSCKFWSession *fwSession,
1002 NSSCKMDToken *mdToken, 986 NSSCKMDToken *mdToken,
1003 NSSCKFWToken *fwToken, 987 NSSCKFWToken *fwToken,
1004 NSSCKMDInstance *mdInstance, 988 NSSCKMDInstance *mdInstance,
1005 NSSCKFWInstance *fwInstance, 989 NSSCKFWInstance *fwInstance,
1006 NSSItem *state, 990 NSSItem *state,
1007 NSSCKMDObject *mdEncryptionKey, 991 NSSCKMDObject *mdEncryptionKey,
1008 NSSCKFWObject *fwEncryptionKey, 992 NSSCKFWObject *fwEncryptionKey,
1009 NSSCKMDObject *mdAuthenticationKey, 993 NSSCKMDObject *mdAuthenticationKey,
1010 NSSCKFWObject *fwAuthenticationKey 994 NSSCKFWObject *fwAuthenticationKey);
1011 ); 995
1012 996 /*
1013 /* 997 * This routine is used to create an object. The specified template
1014 * This routine is used to create an object. The specified template 998 * will only specify a session object if the Module has indicated
1015 * will only specify a session object if the Module has indicated 999 * that it wishes to handle its own session objects. This routine
1016 * that it wishes to handle its own session objects. This routine 1000 * is optional; if unimplemented, the Framework will reject the
1017 * is optional; if unimplemented, the Framework will reject the 1001 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1018 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for 1002 * token objects should come from the NSSArena available from the
1019 * token objects should come from the NSSArena available from the 1003 * NSSCKFWToken object; space for session objects (if supported)
1020 * NSSCKFWToken object; space for session objects (if supported) 1004 * should come from the NSSArena available from the NSSCKFWSession
1021 * should come from the NSSArena available from the NSSCKFWSession 1005 * object. The appropriate NSSArena pointer will, as a convenience,
1022 * object. The appropriate NSSArena pointer will, as a convenience, 1006 * be passed as the handyArenaPointer argument. This routine may
1023 * be passed as the handyArenaPointer argument. This routine may 1007 * return NULL upon error.
1024 * return NULL upon error. 1008 */
1025 */ 1009 NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1026 NSSCKMDObject *(PR_CALLBACK *CreateObject)( 1010 NSSCKMDSession *mdSession,
1027 NSSCKMDSession *mdSession, 1011 NSSCKFWSession *fwSession,
1028 NSSCKFWSession *fwSession, 1012 NSSCKMDToken *mdToken,
1029 NSSCKMDToken *mdToken, 1013 NSSCKFWToken *fwToken,
1030 NSSCKFWToken *fwToken, 1014 NSSCKMDInstance *mdInstance,
1031 NSSCKMDInstance *mdInstance, 1015 NSSCKFWInstance *fwInstance,
1032 NSSCKFWInstance *fwInstance, 1016 NSSArena *handyArenaPointer,
1033 NSSArena *handyArenaPointer, 1017 CK_ATTRIBUTE_PTR pTemplate,
1034 CK_ATTRIBUTE_PTR pTemplate, 1018 CK_ULONG ulAttributeCount,
1035 CK_ULONG ulAttributeCount, 1019 CK_RV *pError);
1036 CK_RV *pError 1020
1037 ); 1021 /*
1038 1022 * This routine is used to make a copy of an object. It is entirely
1039 /* 1023 * optional; if unimplemented, the Framework will try to use
1040 * This routine is used to make a copy of an object. It is entirely 1024 * CreateObject instead. If the Module has indicated that it does
1041 * optional; if unimplemented, the Framework will try to use 1025 * not wish to handle session objects, then this routine will only
1042 * CreateObject instead. If the Module has indicated that it does 1026 * be called to copy a token object to another token object.
1043 * not wish to handle session objects, then this routine will only 1027 * Otherwise, either the original object or the new may be of
1044 * be called to copy a token object to another token object. 1028 * either the token or session variety. As with CreateObject, the
1045 * Otherwise, either the original object or the new may be of 1029 * handyArenaPointer will point to the appropriate arena for the
1046 * either the token or session variety. As with CreateObject, the 1030 * new object. This routine may return NULL upon error.
1047 * handyArenaPointer will point to the appropriate arena for the 1031 */
1048 * new object. This routine may return NULL upon error. 1032 NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1049 */ 1033 NSSCKMDSession *mdSession,
1050 NSSCKMDObject *(PR_CALLBACK *CopyObject)( 1034 NSSCKFWSession *fwSession,
1051 NSSCKMDSession *mdSession, 1035 NSSCKMDToken *mdToken,
1052 NSSCKFWSession *fwSession, 1036 NSSCKFWToken *fwToken,
1053 NSSCKMDToken *mdToken, 1037 NSSCKMDInstance *mdInstance,
1054 NSSCKFWToken *fwToken, 1038 NSSCKFWInstance *fwInstance,
1055 NSSCKMDInstance *mdInstance, 1039 NSSCKMDObject *mdOldObject,
1056 NSSCKFWInstance *fwInstance, 1040 NSSCKFWObject *fwOldObject,
1057 NSSCKMDObject *mdOldObject, 1041 NSSArena *handyArenaPointer,
1058 NSSCKFWObject *fwOldObject, 1042 CK_ATTRIBUTE_PTR pTemplate,
1059 NSSArena *handyArenaPointer, 1043 CK_ULONG ulAttributeCount,
1060 CK_ATTRIBUTE_PTR pTemplate, 1044 CK_RV *pError);
1061 CK_ULONG ulAttributeCount, 1045
1062 CK_RV *pError 1046 /*
1063 ); 1047 * This routine is used to begin an object search. This routine may
1064 1048 * be unimplemented only if the Module does not handle session
1065 /* 1049 * objects, and if none of its tokens have token objects. The
1066 * This routine is used to begin an object search. This routine may 1050 * NSSCKFWFindObjects pointer has an NSSArena that may be used for
1067 * be unimplemented only if the Module does not handle session 1051 * storage for the life of this "find" operation. This routine may
1068 * objects, and if none of its tokens have token objects. The 1052 * return NULL upon error. If the Module can determine immediately
1069 * NSSCKFWFindObjects pointer has an NSSArena that may be used for 1053 * that the search will not find any matching objects, it may return
1070 * storage for the life of this "find" operation. This routine may 1054 * NULL, and specify CKR_OK as the error.
1071 * return NULL upon error. If the Module can determine immediately 1055 */
1072 * that the search will not find any matching objects, it may return 1056 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1073 * NULL, and specify CKR_OK as the error. 1057 NSSCKMDSession *mdSession,
1074 */ 1058 NSSCKFWSession *fwSession,
1075 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( 1059 NSSCKMDToken *mdToken,
1076 NSSCKMDSession *mdSession, 1060 NSSCKFWToken *fwToken,
1077 NSSCKFWSession *fwSession, 1061 NSSCKMDInstance *mdInstance,
1078 NSSCKMDToken *mdToken, 1062 NSSCKFWInstance *fwInstance,
1079 NSSCKFWToken *fwToken, 1063 CK_ATTRIBUTE_PTR pTemplate,
1080 NSSCKMDInstance *mdInstance, 1064 CK_ULONG ulAttributeCount,
1081 NSSCKFWInstance *fwInstance, 1065 CK_RV *pError);
1082 CK_ATTRIBUTE_PTR pTemplate, 1066
1083 CK_ULONG ulAttributeCount, 1067 /*
1084 CK_RV *pError 1068 * This routine seeds the random-number generator. It is
1085 ); 1069 * optional, even if GetRandom is implemented. If unimplemented,
1086 1070 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1087 /* 1071 */
1088 * This routine seeds the random-number generator. It is 1072 CK_RV(PR_CALLBACK *SeedRandom)
1089 * optional, even if GetRandom is implemented. If unimplemented, 1073 (
1090 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. 1074 NSSCKMDSession *mdSession,
1091 */ 1075 NSSCKFWSession *fwSession,
1092 CK_RV (PR_CALLBACK *SeedRandom)( 1076 NSSCKMDToken *mdToken,
1093 NSSCKMDSession *mdSession, 1077 NSSCKFWToken *fwToken,
1094 NSSCKFWSession *fwSession, 1078 NSSCKMDInstance *mdInstance,
1095 NSSCKMDToken *mdToken, 1079 NSSCKFWInstance *fwInstance,
1096 NSSCKFWToken *fwToken, 1080 NSSItem *seed);
1097 NSSCKMDInstance *mdInstance, 1081
1098 NSSCKFWInstance *fwInstance, 1082 /*
1099 NSSItem *seed 1083 * This routine gets random data. It is optional. If unimplemented,
1100 ); 1084 * the Framework will issue the error CKR_RANDOM_NO_RNG.
1101 1085 */
1102 /* 1086 CK_RV(PR_CALLBACK *GetRandom)
1103 * This routine gets random data. It is optional. If unimplemented, 1087 (
1104 * the Framework will issue the error CKR_RANDOM_NO_RNG. 1088 NSSCKMDSession *mdSession,
1105 */ 1089 NSSCKFWSession *fwSession,
1106 CK_RV (PR_CALLBACK *GetRandom)( 1090 NSSCKMDToken *mdToken,
1107 NSSCKMDSession *mdSession, 1091 NSSCKFWToken *fwToken,
1108 NSSCKFWSession *fwSession, 1092 NSSCKMDInstance *mdInstance,
1109 NSSCKMDToken *mdToken, 1093 NSSCKFWInstance *fwInstance,
1110 NSSCKFWToken *fwToken, 1094 NSSItem *buffer);
1111 NSSCKMDInstance *mdInstance, 1095
1112 NSSCKFWInstance *fwInstance, 1096 /*
1113 NSSItem *buffer 1097 * This object may be extended in future versions of the
1114 ); 1098 * NSS Cryptoki Framework. To allow for some flexibility
1115 1099 * in the area of binary compatibility, this field should
1116 /* 1100 * be NULL.
1117 * This object may be extended in future versions of the 1101 */
1118 * NSS Cryptoki Framework. To allow for some flexibility 1102 void *null;
1119 * in the area of binary compatibility, this field should
1120 * be NULL.
1121 */
1122 void *null;
1123 }; 1103 };
1124 1104
1125 /* 1105 /*
1126 * NSSCKMDFindObjects 1106 * NSSCKMDFindObjects
1127 * 1107 *
1128 * This is the basic handle for an object search. It is 1108 * This is the basic handle for an object search. It is
1129 * created by NSSCKMDSession->FindObjectsInit, and may be 1109 * created by NSSCKMDSession->FindObjectsInit, and may be
1130 * obtained from the Framework's corresponding object. 1110 * obtained from the Framework's corresponding object.
1131 * It contains a pointer for use by the Module, to store 1111 * It contains a pointer for use by the Module, to store
1132 * any search-related data, and it contains the EPV for a 1112 * any search-related data, and it contains the EPV for a
1133 * set of routines which the Module may implement for use 1113 * set of routines which the Module may implement for use
1134 * by the Framework. Some of these routines are optional. 1114 * by the Framework. Some of these routines are optional.
1135 */ 1115 */
1136 1116
1137 struct NSSCKMDFindObjectsStr { 1117 struct NSSCKMDFindObjectsStr {
1138 /* 1118 /*
1139 * The Module may use this pointer for its own purposes. 1119 * The Module may use this pointer for its own purposes.
1140 */ 1120 */
1141 void *etc; 1121 void *etc;
1142 1122
1143 /* 1123 /*
1144 * This routine is called by the Framework to finish a 1124 * This routine is called by the Framework to finish a
1145 * search operation. Note that the Framework may finish 1125 * search operation. Note that the Framework may finish
1146 * a search before it has completed. This routine is 1126 * a search before it has completed. This routine is
1147 * optional; if unimplemented, it merely won't be called. 1127 * optional; if unimplemented, it merely won't be called.
1148 */ 1128 */
1149 void (PR_CALLBACK *Final)( 1129 void(PR_CALLBACK *Final)(
1150 NSSCKMDFindObjects *mdFindObjects, 1130 NSSCKMDFindObjects *mdFindObjects,
1151 NSSCKFWFindObjects *fwFindObjects, 1131 NSSCKFWFindObjects *fwFindObjects,
1152 NSSCKMDSession *mdSession, 1132 NSSCKMDSession *mdSession,
1153 NSSCKFWSession *fwSession, 1133 NSSCKFWSession *fwSession,
1154 NSSCKMDToken *mdToken, 1134 NSSCKMDToken *mdToken,
1155 NSSCKFWToken *fwToken, 1135 NSSCKFWToken *fwToken,
1156 NSSCKMDInstance *mdInstance, 1136 NSSCKMDInstance *mdInstance,
1157 NSSCKFWInstance *fwInstance 1137 NSSCKFWInstance *fwInstance);
1158 );
1159 1138
1160 /* 1139 /*
1161 * This routine is used to obtain another pointer to an 1140 * This routine is used to obtain another pointer to an
1162 * object matching the search criteria. This routine is 1141 * object matching the search criteria. This routine is
1163 * required. If no (more) objects match the search, it 1142 * required. If no (more) objects match the search, it
1164 * should return NULL and set the error to CKR_OK. 1143 * should return NULL and set the error to CKR_OK.
1165 */ 1144 */
1166 NSSCKMDObject *(PR_CALLBACK *Next)( 1145 NSSCKMDObject *(PR_CALLBACK *Next)(
1167 NSSCKMDFindObjects *mdFindObjects, 1146 NSSCKMDFindObjects *mdFindObjects,
1168 NSSCKFWFindObjects *fwFindObjects, 1147 NSSCKFWFindObjects *fwFindObjects,
1169 NSSCKMDSession *mdSession, 1148 NSSCKMDSession *mdSession,
1170 NSSCKFWSession *fwSession, 1149 NSSCKFWSession *fwSession,
1171 NSSCKMDToken *mdToken, 1150 NSSCKMDToken *mdToken,
1172 NSSCKFWToken *fwToken, 1151 NSSCKFWToken *fwToken,
1173 NSSCKMDInstance *mdInstance, 1152 NSSCKMDInstance *mdInstance,
1174 NSSCKFWInstance *fwInstance, 1153 NSSCKFWInstance *fwInstance,
1175 NSSArena *arena, 1154 NSSArena *arena,
1176 CK_RV *pError 1155 CK_RV *pError);
1177 );
1178 1156
1179 /* 1157 /*
1180 * This object may be extended in future versions of the 1158 * This object may be extended in future versions of the
1181 * NSS Cryptoki Framework. To allow for some flexibility 1159 * NSS Cryptoki Framework. To allow for some flexibility
1182 * in the area of binary compatibility, this field should 1160 * in the area of binary compatibility, this field should
1183 * be NULL. 1161 * be NULL.
1184 */ 1162 */
1185 void *null; 1163 void *null;
1186 }; 1164 };
1187 1165
1188 /* 1166 /*
1189 * NSSCKMDCryptoOperaion 1167 * NSSCKMDCryptoOperaion
1190 * 1168 *
1191 * This is the basic handle for an encryption, decryption, 1169 * This is the basic handle for an encryption, decryption,
1192 * sign, verify, or hash opertion. 1170 * sign, verify, or hash opertion.
1193 * created by NSSCKMDMechanism->XXXXInit, and may be 1171 * created by NSSCKMDMechanism->XXXXInit, and may be
1194 * obtained from the Framework's corresponding object. 1172 * obtained from the Framework's corresponding object.
1195 * It contains a pointer for use by the Module, to store 1173 * It contains a pointer for use by the Module, to store
1196 * any intermediate data, and it contains the EPV for a 1174 * any intermediate data, and it contains the EPV for a
1197 * set of routines which the Module may implement for use 1175 * set of routines which the Module may implement for use
1198 * by the Framework. Some of these routines are optional. 1176 * by the Framework. Some of these routines are optional.
1199 */ 1177 */
1200 1178
1201 struct NSSCKMDCryptoOperationStr { 1179 struct NSSCKMDCryptoOperationStr {
1202 /* 1180 /*
1203 * The Module may use this pointer for its own purposes. 1181 * The Module may use this pointer for its own purposes.
1204 */ 1182 */
1205 void *etc; 1183 void *etc;
1206 1184
1207 /* 1185 /*
1208 * This routine is called by the Framework clean up the mdCryptoOperation 1186 * This routine is called by the Framework clean up the mdCryptoOperation
1209 * structure. 1187 * structure.
1210 * This routine is optional; if unimplemented, it will be ignored. 1188 * This routine is optional; if unimplemented, it will be ignored.
1211 */ 1189 */
1212 void (PR_CALLBACK *Destroy)( 1190 void(PR_CALLBACK *Destroy)(
1213 NSSCKMDCryptoOperation *mdCryptoOperation, 1191 NSSCKMDCryptoOperation *mdCryptoOperation,
1214 NSSCKFWCryptoOperation *fwCryptoOperation, 1192 NSSCKFWCryptoOperation *fwCryptoOperation,
1215 NSSCKMDInstance *mdInstance, 1193 NSSCKMDInstance *mdInstance,
1216 NSSCKFWInstance *fwInstance 1194 NSSCKFWInstance *fwInstance);
1217 );
1218 1195
1196 /*
1197 * how many bytes do we need to finish this buffer?
1198 * must be implemented if Final is implemented.
1199 */
1200 CK_ULONG(PR_CALLBACK *GetFinalLength)
1201 (
1202 NSSCKMDCryptoOperation *mdCryptoOperation,
1203 NSSCKFWCryptoOperation *fwCryptoOperation,
1204 NSSCKMDSession *mdSession,
1205 NSSCKFWSession *fwSession,
1206 NSSCKMDToken *mdToken,
1207 NSSCKFWToken *fwToken,
1208 NSSCKMDInstance *mdInstance,
1209 NSSCKFWInstance *fwInstance,
1210 CK_RV *pError);
1219 1211
1220 /* 1212 /*
1221 * how many bytes do we need to finish this buffer? 1213 * how many bytes do we need to complete the next operation.
1222 * must be implemented if Final is implemented. 1214 * used in both Update and UpdateFinal.
1223 */ 1215 */
1224 CK_ULONG (PR_CALLBACK *GetFinalLength)( 1216 CK_ULONG(PR_CALLBACK *GetOperationLength)
1225 NSSCKMDCryptoOperation *mdCryptoOperation, 1217 (
1226 NSSCKFWCryptoOperation *fwCryptoOperation, 1218 NSSCKMDCryptoOperation *mdCryptoOperation,
1227 NSSCKMDSession *mdSession, 1219 NSSCKFWCryptoOperation *fwCryptoOperation,
1228 NSSCKFWSession *fwSession, 1220 NSSCKMDSession *mdSession,
1229 NSSCKMDToken *mdToken, 1221 NSSCKFWSession *fwSession,
1230 NSSCKFWToken *fwToken, 1222 NSSCKMDToken *mdToken,
1231 NSSCKMDInstance *mdInstance, 1223 NSSCKFWToken *fwToken,
1232 NSSCKFWInstance *fwInstance, 1224 NSSCKMDInstance *mdInstance,
1233 CK_RV *pError 1225 NSSCKFWInstance *fwInstance,
1234 ); 1226 const NSSItem *inputBuffer,
1227 CK_RV *pError);
1235 1228
1236 /* 1229 /*
1237 * how many bytes do we need to complete the next operation. 1230 * This routine is called by the Framework to finish a
1238 * used in both Update and UpdateFinal. 1231 * search operation. Note that the Framework may finish
1239 */ 1232 * a search before it has completed. This routine is
1240 CK_ULONG (PR_CALLBACK *GetOperationLength)( 1233 * optional; if unimplemented, it merely won't be called.
1241 NSSCKMDCryptoOperation *mdCryptoOperation, 1234 * The respective final call with fail with CKR_FUNCTION_FAILED
1242 NSSCKFWCryptoOperation *fwCryptoOperation, 1235 * Final should not free the mdCryptoOperation.
1243 NSSCKMDSession *mdSession, 1236 */
1244 NSSCKFWSession *fwSession, 1237 CK_RV(PR_CALLBACK *Final)
1245 NSSCKMDToken *mdToken, 1238 (
1246 NSSCKFWToken *fwToken, 1239 NSSCKMDCryptoOperation *mdCryptoOperation,
1247 NSSCKMDInstance *mdInstance, 1240 NSSCKFWCryptoOperation *fwCryptoOperation,
1248 NSSCKFWInstance *fwInstance, 1241 NSSCKMDSession *mdSession,
1249 const NSSItem *inputBuffer, 1242 NSSCKFWSession *fwSession,
1250 CK_RV *pError 1243 NSSCKMDToken *mdToken,
1251 ); 1244 NSSCKFWToken *fwToken,
1245 NSSCKMDInstance *mdInstance,
1246 NSSCKFWInstance *fwInstance,
1247 NSSItem *outputBuffer);
1252 1248
1253 /* 1249 /*
1254 * This routine is called by the Framework to finish a 1250 * This routine is called by the Framework to complete the
1255 * search operation. Note that the Framework may finish 1251 * next step in an encryption/decryption operation.
1256 * a search before it has completed. This routine is 1252 * This routine is optional; if unimplemented, the respective
1257 * optional; if unimplemented, it merely won't be called. 1253 * update call with fail with CKR_FUNCTION_FAILED.
1258 * The respective final call with fail with CKR_FUNCTION_FAILED 1254 * Update should not be implemented for signing/verification/digest
1259 * Final should not free the mdCryptoOperation. 1255 * mechanisms.
1260 */ 1256 */
1261 CK_RV(PR_CALLBACK *Final)( 1257 CK_RV(PR_CALLBACK *Update)
1262 NSSCKMDCryptoOperation *mdCryptoOperation, 1258 (
1263 NSSCKFWCryptoOperation *fwCryptoOperation, 1259 NSSCKMDCryptoOperation *mdCryptoOperation,
1264 NSSCKMDSession *mdSession, 1260 NSSCKFWCryptoOperation *fwCryptoOperation,
1265 NSSCKFWSession *fwSession, 1261 NSSCKMDSession *mdSession,
1266 NSSCKMDToken *mdToken, 1262 NSSCKFWSession *fwSession,
1267 NSSCKFWToken *fwToken, 1263 NSSCKMDToken *mdToken,
1268 NSSCKMDInstance *mdInstance, 1264 NSSCKFWToken *fwToken,
1269 NSSCKFWInstance *fwInstance, 1265 NSSCKMDInstance *mdInstance,
1270 NSSItem *outputBuffer 1266 NSSCKFWInstance *fwInstance,
1271 ); 1267 const NSSItem *inputBuffer,
1268 NSSItem *outputBuffer);
1272 1269
1270 /*
1271 * This routine is called by the Framework to complete the
1272 * next step in a signing/verification/digest operation.
1273 * This routine is optional; if unimplemented, the respective
1274 * update call with fail with CKR_FUNCTION_FAILED
1275 * Update should not be implemented for encryption/decryption
1276 * mechanisms.
1277 */
1278 CK_RV(PR_CALLBACK *DigestUpdate)
1279 (
1280 NSSCKMDCryptoOperation *mdCryptoOperation,
1281 NSSCKFWCryptoOperation *fwCryptoOperation,
1282 NSSCKMDSession *mdSession,
1283 NSSCKFWSession *fwSession,
1284 NSSCKMDToken *mdToken,
1285 NSSCKFWToken *fwToken,
1286 NSSCKMDInstance *mdInstance,
1287 NSSCKFWInstance *fwInstance,
1288 const NSSItem *inputBuffer);
1273 1289
1274 /* 1290 /*
1275 * This routine is called by the Framework to complete the 1291 * This routine is called by the Framework to complete a
1276 * next step in an encryption/decryption operation. 1292 * single step operation. This routine is optional; if unimplemented,
1277 * This routine is optional; if unimplemented, the respective 1293 * the framework will use the Update and Final functions to complete
1278 * update call with fail with CKR_FUNCTION_FAILED. 1294 * the operation.
1279 * Update should not be implemented for signing/verification/digest 1295 */
1280 * mechanisms. 1296 CK_RV(PR_CALLBACK *UpdateFinal)
1281 */ 1297 (
1282 CK_RV(PR_CALLBACK *Update)( 1298 NSSCKMDCryptoOperation *mdCryptoOperation,
1283 NSSCKMDCryptoOperation *mdCryptoOperation, 1299 NSSCKFWCryptoOperation *fwCryptoOperation,
1284 NSSCKFWCryptoOperation *fwCryptoOperation, 1300 NSSCKMDSession *mdSession,
1285 NSSCKMDSession *mdSession, 1301 NSSCKFWSession *fwSession,
1286 NSSCKFWSession *fwSession, 1302 NSSCKMDToken *mdToken,
1287 NSSCKMDToken *mdToken, 1303 NSSCKFWToken *fwToken,
1288 NSSCKFWToken *fwToken, 1304 NSSCKMDInstance *mdInstance,
1289 NSSCKMDInstance *mdInstance, 1305 NSSCKFWInstance *fwInstance,
1290 NSSCKFWInstance *fwInstance, 1306 const NSSItem *inputBuffer,
1291 const NSSItem *inputBuffer, 1307 NSSItem *outputBuffer);
1292 NSSItem *outputBuffer
1293 );
1294 1308
1295 /* 1309 /*
1296 * This routine is called by the Framework to complete the 1310 * This routine is called by the Framework to complete next
1297 * next step in a signing/verification/digest operation. 1311 * step in a combined operation. The Decrypt/Encrypt mechanism
1298 * This routine is optional; if unimplemented, the respective 1312 * should define and drive the combo step.
1299 * update call with fail with CKR_FUNCTION_FAILED 1313 * This routine is optional; if unimplemented,
1300 * Update should not be implemented for encryption/decryption 1314 * the framework will use the appropriate Update functions to complete
1301 * mechanisms. 1315 * the operation.
1302 */ 1316 */
1303 CK_RV(PR_CALLBACK *DigestUpdate)( 1317 CK_RV(PR_CALLBACK *UpdateCombo)
1304 NSSCKMDCryptoOperation *mdCryptoOperation, 1318 (
1305 NSSCKFWCryptoOperation *fwCryptoOperation, 1319 NSSCKMDCryptoOperation *mdCryptoOperation,
1306 NSSCKMDSession *mdSession, 1320 NSSCKFWCryptoOperation *fwCryptoOperation,
1307 NSSCKFWSession *fwSession, 1321 NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1308 NSSCKMDToken *mdToken, 1322 NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1309 NSSCKFWToken *fwToken, 1323 NSSCKMDSession *mdSession,
1310 NSSCKMDInstance *mdInstance, 1324 NSSCKFWSession *fwSession,
1311 NSSCKFWInstance *fwInstance, 1325 NSSCKMDToken *mdToken,
1312 const NSSItem *inputBuffer 1326 NSSCKFWToken *fwToken,
1313 ); 1327 NSSCKMDInstance *mdInstance,
1328 NSSCKFWInstance *fwInstance,
1329 const NSSItem *inputBuffer,
1330 NSSItem *outputBuffer);
1314 1331
1315 /* 1332 /*
1316 * This routine is called by the Framework to complete a 1333 * Hash a key directly into the digest
1317 * single step operation. This routine is optional; if unimplemented, 1334 */
1318 * the framework will use the Update and Final functions to complete 1335 CK_RV(PR_CALLBACK *DigestKey)
1319 * the operation. 1336 (
1320 */ 1337 NSSCKMDCryptoOperation *mdCryptoOperation,
1321 CK_RV(PR_CALLBACK *UpdateFinal)( 1338 NSSCKFWCryptoOperation *fwCryptoOperation,
1322 NSSCKMDCryptoOperation *mdCryptoOperation, 1339 NSSCKMDToken *mdToken,
1323 NSSCKFWCryptoOperation *fwCryptoOperation, 1340 NSSCKFWToken *fwToken,
1324 NSSCKMDSession *mdSession, 1341 NSSCKMDInstance *mdInstance,
1325 NSSCKFWSession *fwSession, 1342 NSSCKFWInstance *fwInstance,
1326 NSSCKMDToken *mdToken, 1343 NSSCKMDObject *mdKey,
1327 NSSCKFWToken *fwToken, 1344 NSSCKFWObject *fwKey);
1328 NSSCKMDInstance *mdInstance,
1329 NSSCKFWInstance *fwInstance,
1330 const NSSItem *inputBuffer,
1331 NSSItem *outputBuffer
1332 );
1333 1345
1334 /* 1346 /*
1335 * This routine is called by the Framework to complete next 1347 * This object may be extended in future versions of the
1336 * step in a combined operation. The Decrypt/Encrypt mechanism 1348 * NSS Cryptoki Framework. To allow for some flexibility
1337 * should define and drive the combo step. 1349 * in the area of binary compatibility, this field should
1338 * This routine is optional; if unimplemented, 1350 * be NULL.
1339 * the framework will use the appropriate Update functions to complete 1351 */
1340 * the operation. 1352 void *null;
1341 */
1342 CK_RV(PR_CALLBACK *UpdateCombo)(
1343 NSSCKMDCryptoOperation *mdCryptoOperation,
1344 NSSCKFWCryptoOperation *fwCryptoOperation,
1345 NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1346 NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1347 NSSCKMDSession *mdSession,
1348 NSSCKFWSession *fwSession,
1349 NSSCKMDToken *mdToken,
1350 NSSCKFWToken *fwToken,
1351 NSSCKMDInstance *mdInstance,
1352 NSSCKFWInstance *fwInstance,
1353 const NSSItem *inputBuffer,
1354 NSSItem *outputBuffer
1355 );
1356
1357 /*
1358 * Hash a key directly into the digest
1359 */
1360 CK_RV(PR_CALLBACK *DigestKey)(
1361 NSSCKMDCryptoOperation *mdCryptoOperation,
1362 NSSCKFWCryptoOperation *fwCryptoOperation,
1363 NSSCKMDToken *mdToken,
1364 NSSCKFWToken *fwToken,
1365 NSSCKMDInstance *mdInstance,
1366 NSSCKFWInstance *fwInstance,
1367 NSSCKMDObject *mdKey,
1368 NSSCKFWObject *fwKey
1369 );
1370
1371 /*
1372 * This object may be extended in future versions of the
1373 * NSS Cryptoki Framework. To allow for some flexibility
1374 * in the area of binary compatibility, this field should
1375 * be NULL.
1376 */
1377 void *null;
1378 }; 1353 };
1379 1354
1380 /* 1355 /*
1381 * NSSCKMDMechanism 1356 * NSSCKMDMechanism
1382 * 1357 *
1383 */ 1358 */
1384 1359
1385 struct NSSCKMDMechanismStr { 1360 struct NSSCKMDMechanismStr {
1386 /* 1361 /*
1387 * The Module may use this pointer for its own purposes. 1362 * The Module may use this pointer for its own purposes.
1388 */ 1363 */
1389 void *etc; 1364 void *etc;
1390 1365
1391 /* 1366 /*
1392 * This also frees the fwMechanism if appropriate. 1367 * This also frees the fwMechanism if appropriate.
1393 * If it is not supplied, the Framework will assume that the Token 1368 * If it is not supplied, the Framework will assume that the Token
1394 * Manages a static list of mechanisms and the function will not be called. 1369 * Manages a static list of mechanisms and the function will not be called.
1395 */ 1370 */
1396 void (PR_CALLBACK *Destroy)( 1371 void(PR_CALLBACK *Destroy)(
1397 NSSCKMDMechanism *mdMechanism, 1372 NSSCKMDMechanism *mdMechanism,
1398 NSSCKFWMechanism *fwMechanism, 1373 NSSCKFWMechanism *fwMechanism,
1399 NSSCKMDInstance *mdInstance, 1374 NSSCKMDInstance *mdInstance,
1400 NSSCKFWInstance *fwInstance 1375 NSSCKFWInstance *fwInstance);
1401 ); 1376
1402 1377 /*
1403 1378 * This routine returns the minimum key size allowed for
1404 /* 1379 * this mechanism. This routine is optional; if unimplemented,
1405 * This routine returns the minimum key size allowed for 1380 * zero will be assumed. This routine may return zero on
1406 * this mechanism. This routine is optional; if unimplemented, 1381 * error; if the error is CKR_OK, zero will be accepted as
1407 * zero will be assumed. This routine may return zero on 1382 * a valid response.
1408 * error; if the error is CKR_OK, zero will be accepted as 1383 */
1409 * a valid response. 1384 CK_ULONG(PR_CALLBACK *GetMinKeySize)
1410 */ 1385 (
1411 CK_ULONG (PR_CALLBACK *GetMinKeySize)( 1386 NSSCKMDMechanism *mdMechanism,
1412 NSSCKMDMechanism *mdMechanism, 1387 NSSCKFWMechanism *fwMechanism,
1413 NSSCKFWMechanism *fwMechanism, 1388 NSSCKMDToken *mdToken,
1414 NSSCKMDToken *mdToken, 1389 NSSCKFWToken *fwToken,
1415 NSSCKFWToken *fwToken, 1390 NSSCKMDInstance *mdInstance,
1416 NSSCKMDInstance *mdInstance, 1391 NSSCKFWInstance *fwInstance,
1417 NSSCKFWInstance *fwInstance, 1392 CK_RV *pError);
1418 CK_RV *pError 1393
1419 ); 1394 /*
1420 1395 * This routine returns the maximum key size allowed for
1421 /* 1396 * this mechanism. This routine is optional; if unimplemented,
1422 * This routine returns the maximum key size allowed for 1397 * zero will be assumed. This routine may return zero on
1423 * this mechanism. This routine is optional; if unimplemented, 1398 * error; if the error is CKR_OK, zero will be accepted as
1424 * zero will be assumed. This routine may return zero on 1399 * a valid response.
1425 * error; if the error is CKR_OK, zero will be accepted as 1400 */
1426 * a valid response. 1401 CK_ULONG(PR_CALLBACK *GetMaxKeySize)
1427 */ 1402 (
1428 CK_ULONG (PR_CALLBACK *GetMaxKeySize)( 1403 NSSCKMDMechanism *mdMechanism,
1429 NSSCKMDMechanism *mdMechanism, 1404 NSSCKFWMechanism *fwMechanism,
1430 NSSCKFWMechanism *fwMechanism, 1405 NSSCKMDToken *mdToken,
1431 NSSCKMDToken *mdToken, 1406 NSSCKFWToken *fwToken,
1432 NSSCKFWToken *fwToken, 1407 NSSCKMDInstance *mdInstance,
1433 NSSCKMDInstance *mdInstance, 1408 NSSCKFWInstance *fwInstance,
1434 NSSCKFWInstance *fwInstance, 1409 CK_RV *pError);
1435 CK_RV *pError 1410
1436 ); 1411 /*
1437 1412 * This routine is called to determine if the mechanism is
1438 /* 1413 * implemented in hardware or software. It returns CK_TRUE
1439 * This routine is called to determine if the mechanism is 1414 * if it is done in hardware.
1440 * implemented in hardware or software. It returns CK_TRUE 1415 */
1441 * if it is done in hardware. 1416 CK_BBOOL(PR_CALLBACK *GetInHardware)
1442 */ 1417 (
1443 CK_BBOOL (PR_CALLBACK *GetInHardware)( 1418 NSSCKMDMechanism *mdMechanism,
1444 NSSCKMDMechanism *mdMechanism, 1419 NSSCKFWMechanism *fwMechanism,
1445 NSSCKFWMechanism *fwMechanism, 1420 NSSCKMDToken *mdToken,
1446 NSSCKMDToken *mdToken, 1421 NSSCKFWToken *fwToken,
1447 NSSCKFWToken *fwToken, 1422 NSSCKMDInstance *mdInstance,
1448 NSSCKMDInstance *mdInstance, 1423 NSSCKFWInstance *fwInstance,
1449 NSSCKFWInstance *fwInstance, 1424 CK_RV *pError);
1450 CK_RV *pError 1425
1451 ); 1426 /*
1452 1427 * The crypto routines themselves. Most crypto operations may
1453 /* 1428 * be performed in two ways, streaming and single-part. The
1454 * The crypto routines themselves. Most crypto operations may 1429 * streaming operations involve the use of (typically) three
1455 * be performed in two ways, streaming and single-part. The 1430 * calls-- an Init method to set up the operation, an Update
1456 * streaming operations involve the use of (typically) three 1431 * method to feed data to the operation, and a Final method to
1457 * calls-- an Init method to set up the operation, an Update 1432 * obtain the final result. Single-part operations involve
1458 * method to feed data to the operation, and a Final method to 1433 * one method, to perform the crypto operation all at once.
1459 * obtain the final result. Single-part operations involve 1434 *
1460 * one method, to perform the crypto operation all at once. 1435 * The NSS Cryptoki Framework can implement the single-part
1461 * 1436 * operations in terms of the streaming operations on behalf
1462 * The NSS Cryptoki Framework can implement the single-part 1437 * of the Module. There are a few variances.
1463 * operations in terms of the streaming operations on behalf 1438 *
1464 * of the Module. There are a few variances. 1439 * Only the Init Functions are defined by the mechanism. Each
1465 * 1440 * init function will return a NSSCKFWCryptoOperation which
1466 * Only the Init Functions are defined by the mechanism. Each 1441 * can supply update, final, the single part updateFinal, and
1467 * init function will return a NSSCKFWCryptoOperation which 1442 * the combo updateCombo functions.
1468 * can supply update, final, the single part updateFinal, and 1443 *
1469 * the combo updateCombo functions. 1444 * For simplicity, the routines are listed in summary here:
1470 * 1445 *
1471 * For simplicity, the routines are listed in summary here: 1446 * EncryptInit,
1472 * 1447 * DecryptInit,
1473 * EncryptInit, 1448 * DigestInit,
1474 * DecryptInit, 1449 * SignInit,
1475 * DigestInit, 1450 * SignRecoverInit;
1476 * SignInit, 1451 * VerifyInit,
1477 * SignRecoverInit; 1452 * VerifyRecoverInit;
1478 * VerifyInit, 1453 *
1479 * VerifyRecoverInit; 1454 * The key-management routines are
1480 * 1455 *
1481 * The key-management routines are 1456 * GenerateKey
1482 * 1457 * GenerateKeyPair
1483 * GenerateKey 1458 * WrapKey
1484 * GenerateKeyPair 1459 * UnwrapKey
1485 * WrapKey 1460 * DeriveKey
1486 * UnwrapKey 1461 *
1487 * DeriveKey 1462 * All of these routines based on the Cryptoki API;
1488 * 1463 * see PKCS#11 for further information.
1489 * All of these routines based on the Cryptoki API; 1464 */
1490 * see PKCS#11 for further information. 1465
1491 */ 1466 /*
1492 1467 */
1493 /* 1468 NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)(
1494 */ 1469 NSSCKMDMechanism *mdMechanism,
1495 NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( 1470 NSSCKFWMechanism *fwMechanism,
1496 NSSCKMDMechanism *mdMechanism, 1471 CK_MECHANISM_PTR pMechanism,
1497 NSSCKFWMechanism *fwMechanism, 1472 NSSCKMDSession *mdSession,
1498 CK_MECHANISM_PTR pMechanism, 1473 NSSCKFWSession *fwSession,
1499 NSSCKMDSession *mdSession, 1474 NSSCKMDToken *mdToken,
1500 NSSCKFWSession *fwSession, 1475 NSSCKFWToken *fwToken,
1501 NSSCKMDToken *mdToken, 1476 NSSCKMDInstance *mdInstance,
1502 NSSCKFWToken *fwToken, 1477 NSSCKFWInstance *fwInstance,
1503 NSSCKMDInstance *mdInstance, 1478 NSSCKMDObject *mdKey,
1504 NSSCKFWInstance *fwInstance, 1479 NSSCKFWObject *fwKey,
1505 NSSCKMDObject *mdKey, 1480 CK_RV *pError);
1506 NSSCKFWObject *fwKey, 1481
1507 CK_RV *pError 1482 /*
1508 ); 1483 */
1509 1484 NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)(
1510 /* 1485 NSSCKMDMechanism *mdMechanism,
1511 */ 1486 NSSCKFWMechanism *fwMechanism,
1512 NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( 1487 CK_MECHANISM_PTR pMechanism,
1513 NSSCKMDMechanism *mdMechanism, 1488 NSSCKMDSession *mdSession,
1514 NSSCKFWMechanism *fwMechanism, 1489 NSSCKFWSession *fwSession,
1515 CK_MECHANISM_PTR pMechanism, 1490 NSSCKMDToken *mdToken,
1516 NSSCKMDSession *mdSession, 1491 NSSCKFWToken *fwToken,
1517 NSSCKFWSession *fwSession, 1492 NSSCKMDInstance *mdInstance,
1518 NSSCKMDToken *mdToken, 1493 NSSCKFWInstance *fwInstance,
1519 NSSCKFWToken *fwToken, 1494 NSSCKMDObject *mdKey,
1520 NSSCKMDInstance *mdInstance, 1495 NSSCKFWObject *fwKey,
1521 NSSCKFWInstance *fwInstance, 1496 CK_RV *pError);
1522 NSSCKMDObject *mdKey, 1497
1523 NSSCKFWObject *fwKey, 1498 /*
1524 CK_RV *pError 1499 */
1525 ); 1500 NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)(
1526 1501 NSSCKMDMechanism *mdMechanism,
1527 /* 1502 NSSCKFWMechanism *fwMechanism,
1528 */ 1503 CK_MECHANISM_PTR pMechanism,
1529 NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( 1504 NSSCKMDSession *mdSession,
1530 NSSCKMDMechanism *mdMechanism, 1505 NSSCKFWSession *fwSession,
1531 NSSCKFWMechanism *fwMechanism, 1506 NSSCKMDToken *mdToken,
1532 CK_MECHANISM_PTR pMechanism, 1507 NSSCKFWToken *fwToken,
1533 NSSCKMDSession *mdSession, 1508 NSSCKMDInstance *mdInstance,
1534 NSSCKFWSession *fwSession, 1509 NSSCKFWInstance *fwInstance,
1535 NSSCKMDToken *mdToken, 1510 CK_RV *pError);
1536 NSSCKFWToken *fwToken, 1511
1537 NSSCKMDInstance *mdInstance, 1512 /*
1538 NSSCKFWInstance *fwInstance, 1513 */
1539 CK_RV *pError 1514 NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)(
1540 ); 1515 NSSCKMDMechanism *mdMechanism,
1541 1516 NSSCKFWMechanism *fwMechanism,
1542 1517 CK_MECHANISM_PTR pMechanism,
1543 /* 1518 NSSCKMDSession *mdSession,
1544 */ 1519 NSSCKFWSession *fwSession,
1545 NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( 1520 NSSCKMDToken *mdToken,
1546 NSSCKMDMechanism *mdMechanism, 1521 NSSCKFWToken *fwToken,
1547 NSSCKFWMechanism *fwMechanism, 1522 NSSCKMDInstance *mdInstance,
1548 CK_MECHANISM_PTR pMechanism, 1523 NSSCKFWInstance *fwInstance,
1549 NSSCKMDSession *mdSession, 1524 NSSCKMDObject *mdKey,
1550 NSSCKFWSession *fwSession, 1525 NSSCKFWObject *fwKey,
1551 NSSCKMDToken *mdToken, 1526 CK_RV *pError);
1552 NSSCKFWToken *fwToken, 1527
1553 NSSCKMDInstance *mdInstance, 1528 /*
1554 NSSCKFWInstance *fwInstance, 1529 */
1555 NSSCKMDObject *mdKey, 1530 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)(
1556 NSSCKFWObject *fwKey, 1531 NSSCKMDMechanism *mdMechanism,
1557 CK_RV *pError 1532 NSSCKFWMechanism *fwMechanism,
1558 ); 1533 CK_MECHANISM_PTR pMechanism,
1559 1534 NSSCKMDSession *mdSession,
1560 /* 1535 NSSCKFWSession *fwSession,
1561 */ 1536 NSSCKMDToken *mdToken,
1562 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( 1537 NSSCKFWToken *fwToken,
1563 NSSCKMDMechanism *mdMechanism, 1538 NSSCKMDInstance *mdInstance,
1564 NSSCKFWMechanism *fwMechanism, 1539 NSSCKFWInstance *fwInstance,
1565 CK_MECHANISM_PTR pMechanism, 1540 NSSCKMDObject *mdKey,
1566 NSSCKMDSession *mdSession, 1541 NSSCKFWObject *fwKey,
1567 NSSCKFWSession *fwSession, 1542 CK_RV *pError);
1568 NSSCKMDToken *mdToken, 1543
1569 NSSCKFWToken *fwToken, 1544 /*
1570 NSSCKMDInstance *mdInstance, 1545 */
1571 NSSCKFWInstance *fwInstance, 1546 NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)(
1572 NSSCKMDObject *mdKey, 1547 NSSCKMDMechanism *mdMechanism,
1573 NSSCKFWObject *fwKey, 1548 NSSCKFWMechanism *fwMechanism,
1574 CK_RV *pError 1549 CK_MECHANISM_PTR pMechanism,
1575 ); 1550 NSSCKMDSession *mdSession,
1576 1551 NSSCKFWSession *fwSession,
1577 /* 1552 NSSCKMDToken *mdToken,
1578 */ 1553 NSSCKFWToken *fwToken,
1579 NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( 1554 NSSCKMDInstance *mdInstance,
1580 NSSCKMDMechanism *mdMechanism, 1555 NSSCKFWInstance *fwInstance,
1581 NSSCKFWMechanism *fwMechanism, 1556 NSSCKMDObject *mdKey,
1582 CK_MECHANISM_PTR pMechanism, 1557 NSSCKFWObject *fwKey,
1583 NSSCKMDSession *mdSession, 1558 CK_RV *pError);
1584 NSSCKFWSession *fwSession, 1559
1585 NSSCKMDToken *mdToken, 1560 /*
1586 NSSCKFWToken *fwToken, 1561 */
1587 NSSCKMDInstance *mdInstance, 1562 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)(
1588 NSSCKFWInstance *fwInstance, 1563 NSSCKMDMechanism *mdMechanism,
1589 NSSCKMDObject *mdKey, 1564 NSSCKFWMechanism *fwMechanism,
1590 NSSCKFWObject *fwKey, 1565 CK_MECHANISM_PTR pMechanism,
1591 CK_RV *pError 1566 NSSCKMDSession *mdSession,
1592 ); 1567 NSSCKFWSession *fwSession,
1593 1568 NSSCKMDToken *mdToken,
1594 /* 1569 NSSCKFWToken *fwToken,
1595 */ 1570 NSSCKMDInstance *mdInstance,
1596 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( 1571 NSSCKFWInstance *fwInstance,
1597 NSSCKMDMechanism *mdMechanism, 1572 NSSCKMDObject *mdKey,
1598 NSSCKFWMechanism *fwMechanism, 1573 NSSCKFWObject *fwKey,
1599 CK_MECHANISM_PTR pMechanism, 1574 CK_RV *pError);
1600 NSSCKMDSession *mdSession, 1575
1601 NSSCKFWSession *fwSession, 1576 /*
1602 NSSCKMDToken *mdToken, 1577 * Key management operations.
1603 NSSCKFWToken *fwToken, 1578 */
1604 NSSCKMDInstance *mdInstance, 1579
1605 NSSCKFWInstance *fwInstance, 1580 /*
1606 NSSCKMDObject *mdKey, 1581 * This routine generates a key. This routine may return NULL
1607 NSSCKFWObject *fwKey, 1582 * upon error.
1608 CK_RV *pError 1583 */
1609 ); 1584 NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1610 1585 NSSCKMDMechanism *mdMechanism,
1611 /* 1586 NSSCKFWMechanism *fwMechanism,
1612 * Key management operations. 1587 CK_MECHANISM_PTR pMechanism,
1613 */ 1588 NSSCKMDSession *mdSession,
1614 1589 NSSCKFWSession *fwSession,
1615 /* 1590 NSSCKMDToken *mdToken,
1616 * This routine generates a key. This routine may return NULL 1591 NSSCKFWToken *fwToken,
1617 * upon error. 1592 NSSCKMDInstance *mdInstance,
1618 */ 1593 NSSCKFWInstance *fwInstance,
1619 NSSCKMDObject *(PR_CALLBACK *GenerateKey)( 1594 CK_ATTRIBUTE_PTR pTemplate,
1620 NSSCKMDMechanism *mdMechanism, 1595 CK_ULONG ulAttributeCount,
1621 NSSCKFWMechanism *fwMechanism, 1596 CK_RV *pError);
1622 CK_MECHANISM_PTR pMechanism, 1597
1623 NSSCKMDSession *mdSession, 1598 /*
1624 NSSCKFWSession *fwSession, 1599 * This routine generates a key pair.
1625 NSSCKMDToken *mdToken, 1600 */
1626 NSSCKFWToken *fwToken, 1601 CK_RV(PR_CALLBACK *GenerateKeyPair)
1627 NSSCKMDInstance *mdInstance, 1602 (
1628 NSSCKFWInstance *fwInstance, 1603 NSSCKMDMechanism *mdMechanism,
1629 CK_ATTRIBUTE_PTR pTemplate, 1604 NSSCKFWMechanism *fwMechanism,
1630 CK_ULONG ulAttributeCount, 1605 CK_MECHANISM_PTR pMechanism,
1631 CK_RV *pError 1606 NSSCKMDSession *mdSession,
1632 ); 1607 NSSCKFWSession *fwSession,
1633 1608 NSSCKMDToken *mdToken,
1634 /* 1609 NSSCKFWToken *fwToken,
1635 * This routine generates a key pair. 1610 NSSCKMDInstance *mdInstance,
1636 */ 1611 NSSCKFWInstance *fwInstance,
1637 CK_RV (PR_CALLBACK *GenerateKeyPair)( 1612 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1638 NSSCKMDMechanism *mdMechanism, 1613 CK_ULONG ulPublicKeyAttributeCount,
1639 NSSCKFWMechanism *fwMechanism, 1614 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1640 CK_MECHANISM_PTR pMechanism, 1615 CK_ULONG ulPrivateKeyAttributeCount,
1641 NSSCKMDSession *mdSession, 1616 NSSCKMDObject **pPublicKey,
1642 NSSCKFWSession *fwSession, 1617 NSSCKMDObject **pPrivateKey);
1643 NSSCKMDToken *mdToken, 1618
1644 NSSCKFWToken *fwToken, 1619 /*
1645 NSSCKMDInstance *mdInstance, 1620 * This routine wraps a key.
1646 NSSCKFWInstance *fwInstance, 1621 */
1647 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 1622 CK_ULONG(PR_CALLBACK *GetWrapKeyLength)
1648 CK_ULONG ulPublicKeyAttributeCount, 1623 (
1649 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 1624 NSSCKMDMechanism *mdMechanism,
1650 CK_ULONG ulPrivateKeyAttributeCount, 1625 NSSCKFWMechanism *fwMechanism,
1651 NSSCKMDObject **pPublicKey, 1626 CK_MECHANISM_PTR pMechanism,
1652 NSSCKMDObject **pPrivateKey 1627 NSSCKMDSession *mdSession,
1653 ); 1628 NSSCKFWSession *fwSession,
1654 1629 NSSCKMDToken *mdToken,
1655 /* 1630 NSSCKFWToken *fwToken,
1656 * This routine wraps a key. 1631 NSSCKMDInstance *mdInstance,
1657 */ 1632 NSSCKFWInstance *fwInstance,
1658 CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( 1633 NSSCKMDObject *mdWrappingKey,
1659 NSSCKMDMechanism *mdMechanism, 1634 NSSCKFWObject *fwWrappingKey,
1660 NSSCKFWMechanism *fwMechanism, 1635 NSSCKMDObject *mdWrappedKey,
1661 CK_MECHANISM_PTR pMechanism, 1636 NSSCKFWObject *fwWrappedKey,
1662 NSSCKMDSession *mdSession, 1637 CK_RV *pError);
1663 NSSCKFWSession *fwSession, 1638
1664 NSSCKMDToken *mdToken, 1639 /*
1665 NSSCKFWToken *fwToken, 1640 * This routine wraps a key.
1666 NSSCKMDInstance *mdInstance, 1641 */
1667 NSSCKFWInstance *fwInstance, 1642 CK_RV(PR_CALLBACK *WrapKey)
1668 NSSCKMDObject *mdWrappingKey, 1643 (
1669 NSSCKFWObject *fwWrappingKey, 1644 NSSCKMDMechanism *mdMechanism,
1670 NSSCKMDObject *mdWrappedKey, 1645 NSSCKFWMechanism *fwMechanism,
1671 NSSCKFWObject *fwWrappedKey, 1646 CK_MECHANISM_PTR pMechanism,
1672 CK_RV *pError 1647 NSSCKMDSession *mdSession,
1673 ); 1648 NSSCKFWSession *fwSession,
1674 1649 NSSCKMDToken *mdToken,
1675 /* 1650 NSSCKFWToken *fwToken,
1676 * This routine wraps a key. 1651 NSSCKMDInstance *mdInstance,
1677 */ 1652 NSSCKFWInstance *fwInstance,
1678 CK_RV (PR_CALLBACK *WrapKey)( 1653 NSSCKMDObject *mdWrappingKey,
1679 NSSCKMDMechanism *mdMechanism, 1654 NSSCKFWObject *fwWrappingKey,
1680 NSSCKFWMechanism *fwMechanism, 1655 NSSCKMDObject *mdKeyObject,
1681 CK_MECHANISM_PTR pMechanism, 1656 NSSCKFWObject *fwKeyObject,
1682 NSSCKMDSession *mdSession, 1657 NSSItem *wrappedKey);
1683 NSSCKFWSession *fwSession, 1658
1684 NSSCKMDToken *mdToken, 1659 /*
1685 NSSCKFWToken *fwToken, 1660 * This routine unwraps a key. This routine may return NULL
1686 NSSCKMDInstance *mdInstance, 1661 * upon error.
1687 NSSCKFWInstance *fwInstance, 1662 */
1688 NSSCKMDObject *mdWrappingKey, 1663 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1689 NSSCKFWObject *fwWrappingKey, 1664 NSSCKMDMechanism *mdMechanism,
1690 NSSCKMDObject *mdKeyObject, 1665 NSSCKFWMechanism *fwMechanism,
1691 NSSCKFWObject *fwKeyObject, 1666 CK_MECHANISM_PTR pMechanism,
1692 NSSItem *wrappedKey 1667 NSSCKMDSession *mdSession,
1693 ); 1668 NSSCKFWSession *fwSession,
1694 1669 NSSCKMDToken *mdToken,
1695 /* 1670 NSSCKFWToken *fwToken,
1696 * This routine unwraps a key. This routine may return NULL 1671 NSSCKMDInstance *mdInstance,
1697 * upon error. 1672 NSSCKFWInstance *fwInstance,
1698 */ 1673 NSSCKMDObject *mdWrappingKey,
1699 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( 1674 NSSCKFWObject *fwWrappingKey,
1700 NSSCKMDMechanism *mdMechanism, 1675 NSSItem *wrappedKey,
1701 NSSCKFWMechanism *fwMechanism, 1676 CK_ATTRIBUTE_PTR pTemplate,
1702 CK_MECHANISM_PTR pMechanism, 1677 CK_ULONG ulAttributeCount,
1703 NSSCKMDSession *mdSession, 1678 CK_RV *pError);
1704 NSSCKFWSession *fwSession, 1679
1705 NSSCKMDToken *mdToken, 1680 /*
1706 NSSCKFWToken *fwToken, 1681 * This routine derives a key. This routine may return NULL
1707 NSSCKMDInstance *mdInstance, 1682 * upon error.
1708 NSSCKFWInstance *fwInstance, 1683 */
1709 NSSCKMDObject *mdWrappingKey, 1684 NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1710 NSSCKFWObject *fwWrappingKey, 1685 NSSCKMDMechanism *mdMechanism,
1711 NSSItem *wrappedKey, 1686 NSSCKFWMechanism *fwMechanism,
1712 CK_ATTRIBUTE_PTR pTemplate, 1687 CK_MECHANISM_PTR pMechanism,
1713 CK_ULONG ulAttributeCount, 1688 NSSCKMDSession *mdSession,
1714 CK_RV *pError 1689 NSSCKFWSession *fwSession,
1715 ); 1690 NSSCKMDToken *mdToken,
1716 1691 NSSCKFWToken *fwToken,
1717 /* 1692 NSSCKMDInstance *mdInstance,
1718 * This routine derives a key. This routine may return NULL 1693 NSSCKFWInstance *fwInstance,
1719 * upon error. 1694 NSSCKMDObject *mdBaseKey,
1720 */ 1695 NSSCKFWObject *fwBaseKey,
1721 NSSCKMDObject *(PR_CALLBACK *DeriveKey)( 1696 CK_ATTRIBUTE_PTR pTemplate,
1722 NSSCKMDMechanism *mdMechanism, 1697 CK_ULONG ulAttributeCount,
1723 NSSCKFWMechanism *fwMechanism, 1698 CK_RV *pError);
1724 CK_MECHANISM_PTR pMechanism, 1699
1725 NSSCKMDSession *mdSession, 1700 /*
1726 NSSCKFWSession *fwSession, 1701 * This object may be extended in future versions of the
1727 NSSCKMDToken *mdToken, 1702 * NSS Cryptoki Framework. To allow for some flexibility
1728 NSSCKFWToken *fwToken, 1703 * in the area of binary compatibility, this field should
1729 NSSCKMDInstance *mdInstance, 1704 * be NULL.
1730 NSSCKFWInstance *fwInstance, 1705 */
1731 NSSCKMDObject *mdBaseKey, 1706 void *null;
1732 NSSCKFWObject *fwBaseKey,
1733 CK_ATTRIBUTE_PTR pTemplate,
1734 CK_ULONG ulAttributeCount,
1735 CK_RV *pError
1736 );
1737
1738 /*
1739 * This object may be extended in future versions of the
1740 * NSS Cryptoki Framework. To allow for some flexibility
1741 * in the area of binary compatibility, this field should
1742 * be NULL.
1743 */
1744 void *null;
1745 }; 1707 };
1746 1708
1747 /* 1709 /*
1748 * NSSCKMDObject 1710 * NSSCKMDObject
1749 * 1711 *
1750 * This is the basic handle for any object used by a PKCS#11 Module. 1712 * This is the basic handle for any object used by a PKCS#11 Module.
1751 * Modules must implement it if they support their own objects, and 1713 * Modules must implement it if they support their own objects, and
1752 * the Framework supports it for Modules that do not handle session 1714 * the Framework supports it for Modules that do not handle session
1753 * objects. This type contains a pointer for use by the implementor, 1715 * objects. This type contains a pointer for use by the implementor,
1754 * to store any object-specific data, and it contains an EPV for a 1716 * to store any object-specific data, and it contains an EPV for a
1755 * set of routines used to access the object. 1717 * set of routines used to access the object.
1756 */ 1718 */
1757 1719
1758 struct NSSCKMDObjectStr { 1720 struct NSSCKMDObjectStr {
1759 /* 1721 /*
1760 * The implementation my use this pointer for its own purposes. 1722 * The implementation my use this pointer for its own purposes.
1761 */ 1723 */
1762 void *etc; 1724 void *etc;
1763 1725
1764 /* 1726 /*
1765 * This routine is called by the Framework when it is letting 1727 * This routine is called by the Framework when it is letting
1766 * go of an object handle. It can be used by the Module to 1728 * go of an object handle. It can be used by the Module to
1767 * free any resources tied up by an object "in use." It is 1729 * free any resources tied up by an object "in use." It is
1768 * optional. 1730 * optional.
1769 */ 1731 */
1770 void (PR_CALLBACK *Finalize)( 1732 void(PR_CALLBACK *Finalize)(
1771 NSSCKMDObject *mdObject, 1733 NSSCKMDObject *mdObject,
1772 NSSCKFWObject *fwObject, 1734 NSSCKFWObject *fwObject,
1773 NSSCKMDSession *mdSession, 1735 NSSCKMDSession *mdSession,
1774 NSSCKFWSession *fwSession, 1736 NSSCKFWSession *fwSession,
1775 NSSCKMDToken *mdToken, 1737 NSSCKMDToken *mdToken,
1776 NSSCKFWToken *fwToken, 1738 NSSCKFWToken *fwToken,
1777 NSSCKMDInstance *mdInstance, 1739 NSSCKMDInstance *mdInstance,
1778 NSSCKFWInstance *fwInstance 1740 NSSCKFWInstance *fwInstance);
1779 );
1780 1741
1781 /* 1742 /*
1782 * This routine is used to completely destroy an object. 1743 * This routine is used to completely destroy an object.
1783 * It is optional. The parameter fwObject might be NULL 1744 * It is optional. The parameter fwObject might be NULL
1784 * if the framework runs out of memory at the wrong moment. 1745 * if the framework runs out of memory at the wrong moment.
1785 */ 1746 */
1786 CK_RV (PR_CALLBACK *Destroy)( 1747 CK_RV(PR_CALLBACK *Destroy)
1787 NSSCKMDObject *mdObject, 1748 (
1788 NSSCKFWObject *fwObject, 1749 NSSCKMDObject *mdObject,
1789 NSSCKMDSession *mdSession, 1750 NSSCKFWObject *fwObject,
1790 NSSCKFWSession *fwSession, 1751 NSSCKMDSession *mdSession,
1791 NSSCKMDToken *mdToken, 1752 NSSCKFWSession *fwSession,
1792 NSSCKFWToken *fwToken, 1753 NSSCKMDToken *mdToken,
1793 NSSCKMDInstance *mdInstance, 1754 NSSCKFWToken *fwToken,
1794 NSSCKFWInstance *fwInstance 1755 NSSCKMDInstance *mdInstance,
1795 ); 1756 NSSCKFWInstance *fwInstance);
1796 1757
1797 /* 1758 /*
1798 * This helper routine is used by the Framework, and is especially 1759 * This helper routine is used by the Framework, and is especially
1799 * useful when it is managing session objects on behalf of the 1760 * useful when it is managing session objects on behalf of the
1800 * Module. This routine is optional; if unimplemented, the 1761 * Module. This routine is optional; if unimplemented, the
1801 * Framework will actually look up the CKA_TOKEN attribute. In the 1762 * Framework will actually look up the CKA_TOKEN attribute. In the
1802 * event of an error, just make something up-- the Framework will 1763 * event of an error, just make something up-- the Framework will
1803 * find out soon enough anyway. 1764 * find out soon enough anyway.
1804 */ 1765 */
1805 CK_BBOOL (PR_CALLBACK *IsTokenObject)( 1766 CK_BBOOL(PR_CALLBACK *IsTokenObject)
1806 NSSCKMDObject *mdObject, 1767 (
1807 NSSCKFWObject *fwObject, 1768 NSSCKMDObject *mdObject,
1808 NSSCKMDSession *mdSession, 1769 NSSCKFWObject *fwObject,
1809 NSSCKFWSession *fwSession, 1770 NSSCKMDSession *mdSession,
1810 NSSCKMDToken *mdToken, 1771 NSSCKFWSession *fwSession,
1811 NSSCKFWToken *fwToken, 1772 NSSCKMDToken *mdToken,
1812 NSSCKMDInstance *mdInstance, 1773 NSSCKFWToken *fwToken,
1813 NSSCKFWInstance *fwInstance 1774 NSSCKMDInstance *mdInstance,
1814 ); 1775 NSSCKFWInstance *fwInstance);
1815 1776
1816 /* 1777 /*
1817 * This routine returns the number of attributes of which this 1778 * This routine returns the number of attributes of which this
1818 * object consists. It is mandatory. It can return zero on 1779 * object consists. It is mandatory. It can return zero on
1819 * error. 1780 * error.
1820 */ 1781 */
1821 CK_ULONG (PR_CALLBACK *GetAttributeCount)( 1782 CK_ULONG(PR_CALLBACK *GetAttributeCount)
1822 NSSCKMDObject *mdObject, 1783 (
1823 NSSCKFWObject *fwObject, 1784 NSSCKMDObject *mdObject,
1824 NSSCKMDSession *mdSession, 1785 NSSCKFWObject *fwObject,
1825 NSSCKFWSession *fwSession, 1786 NSSCKMDSession *mdSession,
1826 NSSCKMDToken *mdToken, 1787 NSSCKFWSession *fwSession,
1827 NSSCKFWToken *fwToken, 1788 NSSCKMDToken *mdToken,
1828 NSSCKMDInstance *mdInstance, 1789 NSSCKFWToken *fwToken,
1829 NSSCKFWInstance *fwInstance, 1790 NSSCKMDInstance *mdInstance,
1830 CK_RV *pError 1791 NSSCKFWInstance *fwInstance,
1831 ); 1792 CK_RV *pError);
1832 1793
1833 /* 1794 /*
1834 * This routine stuffs the attribute types into the provided array. 1795 * This routine stuffs the attribute types into the provided array.
1835 * The array size (as obtained from GetAttributeCount) is passed in 1796 * The array size (as obtained from GetAttributeCount) is passed in
1836 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong 1797 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1837 * (either too big or too small). 1798 * (either too big or too small).
1838 */ 1799 */
1839 CK_RV (PR_CALLBACK *GetAttributeTypes)( 1800 CK_RV(PR_CALLBACK *GetAttributeTypes)
1840 NSSCKMDObject *mdObject, 1801 (
1841 NSSCKFWObject *fwObject, 1802 NSSCKMDObject *mdObject,
1842 NSSCKMDSession *mdSession, 1803 NSSCKFWObject *fwObject,
1843 NSSCKFWSession *fwSession, 1804 NSSCKMDSession *mdSession,
1844 NSSCKMDToken *mdToken, 1805 NSSCKFWSession *fwSession,
1845 NSSCKFWToken *fwToken, 1806 NSSCKMDToken *mdToken,
1846 NSSCKMDInstance *mdInstance, 1807 NSSCKFWToken *fwToken,
1847 NSSCKFWInstance *fwInstance, 1808 NSSCKMDInstance *mdInstance,
1848 CK_ATTRIBUTE_TYPE_PTR typeArray, 1809 NSSCKFWInstance *fwInstance,
1849 CK_ULONG ulCount 1810 CK_ATTRIBUTE_TYPE_PTR typeArray,
1850 ); 1811 CK_ULONG ulCount);
1851 1812
1852 /* 1813 /*
1853 * This routine returns the size (in bytes) of the specified 1814 * This routine returns the size (in bytes) of the specified
1854 * attribute. It can return zero on error. 1815 * attribute. It can return zero on error.
1855 */ 1816 */
1856 CK_ULONG (PR_CALLBACK *GetAttributeSize)( 1817 CK_ULONG(PR_CALLBACK *GetAttributeSize)
1857 NSSCKMDObject *mdObject, 1818 (
1858 NSSCKFWObject *fwObject, 1819 NSSCKMDObject *mdObject,
1859 NSSCKMDSession *mdSession, 1820 NSSCKFWObject *fwObject,
1860 NSSCKFWSession *fwSession, 1821 NSSCKMDSession *mdSession,
1861 NSSCKMDToken *mdToken, 1822 NSSCKFWSession *fwSession,
1862 NSSCKFWToken *fwToken, 1823 NSSCKMDToken *mdToken,
1863 NSSCKMDInstance *mdInstance, 1824 NSSCKFWToken *fwToken,
1864 NSSCKFWInstance *fwInstance, 1825 NSSCKMDInstance *mdInstance,
1865 CK_ATTRIBUTE_TYPE attribute, 1826 NSSCKFWInstance *fwInstance,
1866 CK_RV *pError 1827 CK_ATTRIBUTE_TYPE attribute,
1867 ); 1828 CK_RV *pError);
1868 1829
1869 /* 1830 /*
1870 * This routine returns an NSSCKFWItem structure. 1831 * This routine returns an NSSCKFWItem structure.
1871 * The item pointer points to an NSSItem containing the attribute value. 1832 * The item pointer points to an NSSItem containing the attribute value.
1872 * The needsFreeing bit tells the framework whether to call the 1833 * The needsFreeing bit tells the framework whether to call the
1873 * FreeAttribute function . Upon error, an NSSCKFWItem structure 1834 * FreeAttribute function . Upon error, an NSSCKFWItem structure
1874 * with a NULL NSSItem item pointer will be returned 1835 * with a NULL NSSItem item pointer will be returned
1875 */ 1836 */
1876 NSSCKFWItem (PR_CALLBACK *GetAttribute)( 1837 NSSCKFWItem(PR_CALLBACK *GetAttribute)(
1877 NSSCKMDObject *mdObject, 1838 NSSCKMDObject *mdObject,
1878 NSSCKFWObject *fwObject, 1839 NSSCKFWObject *fwObject,
1879 NSSCKMDSession *mdSession, 1840 NSSCKMDSession *mdSession,
1880 NSSCKFWSession *fwSession, 1841 NSSCKFWSession *fwSession,
1881 NSSCKMDToken *mdToken, 1842 NSSCKMDToken *mdToken,
1882 NSSCKFWToken *fwToken, 1843 NSSCKFWToken *fwToken,
1883 NSSCKMDInstance *mdInstance, 1844 NSSCKMDInstance *mdInstance,
1884 NSSCKFWInstance *fwInstance, 1845 NSSCKFWInstance *fwInstance,
1885 CK_ATTRIBUTE_TYPE attribute, 1846 CK_ATTRIBUTE_TYPE attribute,
1886 CK_RV *pError 1847 CK_RV *pError);
1887 );
1888 1848
1889 /* 1849 /*
1890 * This routine returns CKR_OK if the attribute could be freed. 1850 * This routine returns CKR_OK if the attribute could be freed.
1891 */ 1851 */
1892 CK_RV (PR_CALLBACK *FreeAttribute)( 1852 CK_RV(PR_CALLBACK *FreeAttribute)
1893 NSSCKFWItem * item 1853 (
1894 ); 1854 NSSCKFWItem *item);
1895 1855
1896 /* 1856 /*
1897 * This routine changes the specified attribute. If unimplemented, 1857 * This routine changes the specified attribute. If unimplemented,
1898 * the object will be considered read-only. 1858 * the object will be considered read-only.
1899 */ 1859 */
1900 CK_RV (PR_CALLBACK *SetAttribute)( 1860 CK_RV(PR_CALLBACK *SetAttribute)
1901 NSSCKMDObject *mdObject, 1861 (
1902 NSSCKFWObject *fwObject, 1862 NSSCKMDObject *mdObject,
1903 NSSCKMDSession *mdSession, 1863 NSSCKFWObject *fwObject,
1904 NSSCKFWSession *fwSession, 1864 NSSCKMDSession *mdSession,
1905 NSSCKMDToken *mdToken, 1865 NSSCKFWSession *fwSession,
1906 NSSCKFWToken *fwToken, 1866 NSSCKMDToken *mdToken,
1907 NSSCKMDInstance *mdInstance, 1867 NSSCKFWToken *fwToken,
1908 NSSCKFWInstance *fwInstance, 1868 NSSCKMDInstance *mdInstance,
1909 CK_ATTRIBUTE_TYPE attribute, 1869 NSSCKFWInstance *fwInstance,
1910 NSSItem *value 1870 CK_ATTRIBUTE_TYPE attribute,
1911 ); 1871 NSSItem *value);
1912 1872
1913 /* 1873 /*
1914 * This routine returns the storage requirements of this object, 1874 * This routine returns the storage requirements of this object,
1915 * in bytes. Cryptoki doesn't strictly define the definition, 1875 * in bytes. Cryptoki doesn't strictly define the definition,
1916 * but it should relate to the values returned by the "Get Memory" 1876 * but it should relate to the values returned by the "Get Memory"
1917 * routines of the NSSCKMDToken. This routine is optional; if 1877 * routines of the NSSCKMDToken. This routine is optional; if
1918 * unimplemented, the Framework will consider this information 1878 * unimplemented, the Framework will consider this information
1919 * sensitive. This routine may return zero on error. If the 1879 * sensitive. This routine may return zero on error. If the
1920 * specified error is CKR_OK, zero will be accepted as a valid 1880 * specified error is CKR_OK, zero will be accepted as a valid
1921 * response. 1881 * response.
1922 */ 1882 */
1923 CK_ULONG (PR_CALLBACK *GetObjectSize)( 1883 CK_ULONG(PR_CALLBACK *GetObjectSize)
1924 NSSCKMDObject *mdObject, 1884 (
1925 NSSCKFWObject *fwObject, 1885 NSSCKMDObject *mdObject,
1926 NSSCKMDSession *mdSession, 1886 NSSCKFWObject *fwObject,
1927 NSSCKFWSession *fwSession, 1887 NSSCKMDSession *mdSession,
1928 NSSCKMDToken *mdToken, 1888 NSSCKFWSession *fwSession,
1929 NSSCKFWToken *fwToken, 1889 NSSCKMDToken *mdToken,
1930 NSSCKMDInstance *mdInstance, 1890 NSSCKFWToken *fwToken,
1931 NSSCKFWInstance *fwInstance, 1891 NSSCKMDInstance *mdInstance,
1932 CK_RV *pError 1892 NSSCKFWInstance *fwInstance,
1933 ); 1893 CK_RV *pError);
1934 1894
1935 /* 1895 /*
1936 * This object may be extended in future versions of the 1896 * This object may be extended in future versions of the
1937 * NSS Cryptoki Framework. To allow for some flexibility 1897 * NSS Cryptoki Framework. To allow for some flexibility
1938 * in the area of binary compatibility, this field should 1898 * in the area of binary compatibility, this field should
1939 * be NULL. 1899 * be NULL.
1940 */ 1900 */
1941 void *null; 1901 void *null;
1942 }; 1902 };
1943 1903
1944
1945 #endif /* NSSCKMDT_H */ 1904 #endif /* NSSCKMDT_H */
OLDNEW
« no previous file with comments | « nss/lib/ckfw/nssckfwt.h ('k') | nss/lib/ckfw/nssckt.h » ('j') | nss/lib/util/secoid.c » ('J')

Powered by Google App Engine
This is Rietveld 408576698