OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 | |
5 #ifndef NSSCKMDT_H | |
6 #define NSSCKMDT_H | |
7 | |
8 /* | |
9 * nssckmdt.h | |
10 * | |
11 * This file specifies the basic types that must be implemented by | |
12 * any Module using the NSS Cryptoki Framework. | |
13 */ | |
14 | |
15 #ifndef NSSBASET_H | |
16 #include "nssbaset.h" | |
17 #endif /* NSSBASET_H */ | |
18 | |
19 #ifndef NSSCKT_H | |
20 #include "nssckt.h" | |
21 #endif /* NSSCKT_H */ | |
22 | |
23 #ifndef NSSCKFWT_H | |
24 #include "nssckfwt.h" | |
25 #endif /* NSSCKFWT_H */ | |
26 | |
27 typedef struct NSSCKMDInstanceStr NSSCKMDInstance; | |
28 typedef struct NSSCKMDSlotStr NSSCKMDSlot; | |
29 typedef struct NSSCKMDTokenStr NSSCKMDToken; | |
30 typedef struct NSSCKMDSessionStr NSSCKMDSession; | |
31 typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation; | |
32 typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects; | |
33 typedef struct NSSCKMDMechanismStr NSSCKMDMechanism; | |
34 typedef struct NSSCKMDObjectStr NSSCKMDObject; | |
35 | |
36 /* | |
37 * NSSCKFWItem | |
38 * | |
39 * This is a structure used by modules to return object attributes. | |
40 * The needsFreeing bit indicates whether the object needs to be freed. | |
41 * If so, the framework will call the FreeAttribute function on the item | |
42 * after it is done using it. | |
43 * | |
44 */ | |
45 | |
46 typedef struct { | |
47 PRBool needsFreeing; | |
48 NSSItem *item; | |
49 } NSSCKFWItem; | |
50 | |
51 /* | |
52 * NSSCKMDInstance | |
53 * | |
54 * This is the basic handle for an instance of a PKCS#11 Module. | |
55 * It is returned by the Module's CreateInstance routine, and | |
56 * may be obtained from the corresponding NSSCKFWInstance object. | |
57 * It contains a pointer for use by the Module, to store any | |
58 * instance-related data, and it contains the EPV for a set of | |
59 * routines which the Module may implement for use by the Framework. | |
60 * Some of these routines are optional; others are mandatory. | |
61 */ | |
62 | |
63 struct NSSCKMDInstanceStr { | |
64 /* | |
65 * The Module may use this pointer for its own purposes. | |
66 */ | |
67 void *etc; | |
68 | |
69 /* | |
70 * This routine is called by the Framework to initialize | |
71 * the Module. This routine is optional; if unimplemented, | |
72 * it won't be called. If this routine returns an error, | |
73 * then the initialization will fail. | |
74 */ | |
75 CK_RV(PR_CALLBACK *Initialize) | |
76 ( | |
77 NSSCKMDInstance *mdInstance, | |
78 NSSCKFWInstance *fwInstance, | |
79 NSSUTF8 *configurationData); | |
80 | |
81 /* | |
82 * This routine is called when the Framework is finalizing | |
83 * the PKCS#11 Module. It is the last thing called before | |
84 * the NSSCKFWInstance's NSSArena is destroyed. This routine | |
85 * is optional; if unimplemented, it merely won't be called. | |
86 */ | |
87 void(PR_CALLBACK *Finalize)( | |
88 NSSCKMDInstance *mdInstance, | |
89 NSSCKFWInstance *fwInstance); | |
90 | |
91 /* | |
92 * This routine gets the number of slots. This value must | |
93 * never change, once the instance is initialized. This | |
94 * routine must be implemented. It may return zero on error. | |
95 */ | |
96 CK_ULONG(PR_CALLBACK *GetNSlots) | |
97 ( | |
98 NSSCKMDInstance *mdInstance, | |
99 NSSCKFWInstance *fwInstance, | |
100 CK_RV *pError); | |
101 | |
102 /* | |
103 * This routine returns the version of the Cryptoki standard | |
104 * to which this Module conforms. This routine is optional; | |
105 * if unimplemented, the Framework uses the version to which | |
106 * ~it~ was implemented. | |
107 */ | |
108 CK_VERSION(PR_CALLBACK *GetCryptokiVersion) | |
109 ( | |
110 NSSCKMDInstance *mdInstance, | |
111 NSSCKFWInstance *fwInstance); | |
112 | |
113 /* | |
114 * This routine returns a pointer to a UTF8-encoded string | |
115 * containing the manufacturer ID for this Module. Only | |
116 * the characters completely encoded in the first thirty- | |
117 * two bytes are significant. This routine is optional. | |
118 * The string returned is never freed; if dynamically generated, | |
119 * the space for it should be allocated from the NSSArena | |
120 * that may be obtained from the NSSCKFWInstance. This | |
121 * routine may return NULL upon error; however if *pError | |
122 * is CKR_OK, the NULL will be considered the valid response. | |
123 */ | |
124 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( | |
125 NSSCKMDInstance *mdInstance, | |
126 NSSCKFWInstance *fwInstance, | |
127 CK_RV *pError); | |
128 | |
129 /* | |
130 * This routine returns a pointer to a UTF8-encoded string | |
131 * containing a description of this Module library. Only | |
132 * the characters completely encoded in the first thirty- | |
133 * two bytes are significant. This routine is optional. | |
134 * The string returned is never freed; if dynamically generated, | |
135 * the space for it should be allocated from the NSSArena | |
136 * that may be obtained from the NSSCKFWInstance. This | |
137 * routine may return NULL upon error; however if *pError | |
138 * is CKR_OK, the NULL will be considered the valid response. | |
139 */ | |
140 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( | |
141 NSSCKMDInstance *mdInstance, | |
142 NSSCKFWInstance *fwInstance, | |
143 CK_RV *pError); | |
144 | |
145 /* | |
146 * This routine returns the version of this Module library. | |
147 * This routine is optional; if unimplemented, the Framework | |
148 * will assume a Module library version of 0.1. | |
149 */ | |
150 CK_VERSION(PR_CALLBACK *GetLibraryVersion) | |
151 ( | |
152 NSSCKMDInstance *mdInstance, | |
153 NSSCKFWInstance *fwInstance); | |
154 | |
155 /* | |
156 * This routine returns CK_TRUE if the Module wishes to | |
157 * handle session objects. This routine is optional. | |
158 * If this routine is NULL, or if it exists but returns | |
159 * CK_FALSE, the Framework will assume responsibility | |
160 * for managing session objects. | |
161 */ | |
162 CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) | |
163 ( | |
164 NSSCKMDInstance *mdInstance, | |
165 NSSCKFWInstance *fwInstance); | |
166 | |
167 /* | |
168 * This routine stuffs pointers to NSSCKMDSlot objects into | |
169 * the specified array; one for each slot supported by this | |
170 * instance. The Framework will determine the size needed | |
171 * for the array by calling GetNSlots. This routine is | |
172 * required. | |
173 */ | |
174 CK_RV(PR_CALLBACK *GetSlots) | |
175 ( | |
176 NSSCKMDInstance *mdInstance, | |
177 NSSCKFWInstance *fwInstance, | |
178 NSSCKMDSlot *slots[]); | |
179 | |
180 /* | |
181 * This call returns a pointer to the slot in which an event | |
182 * has occurred. If the block argument is CK_TRUE, the call | |
183 * should block until a slot event occurs; if CK_FALSE, it | |
184 * should check to see if an event has occurred, occurred, | |
185 * but return NULL (and set *pError to CK_NO_EVENT) if one | |
186 * hasn't. This routine is optional; if unimplemented, the | |
187 * Framework will assume that no event has happened. This | |
188 * routine may return NULL upon error. | |
189 */ | |
190 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( | |
191 NSSCKMDInstance *mdInstance, | |
192 NSSCKFWInstance *fwInstance, | |
193 CK_BBOOL block, | |
194 CK_RV *pError); | |
195 | |
196 /* | |
197 * This object may be extended in future versions of the | |
198 * NSS Cryptoki Framework. To allow for some flexibility | |
199 * in the area of binary compatibility, this field should | |
200 * be NULL. | |
201 */ | |
202 void *null; | |
203 }; | |
204 | |
205 /* | |
206 * NSSCKMDSlot | |
207 * | |
208 * This is the basic handle for a PKCS#11 Module Slot. It is | |
209 * created by the NSSCKMDInstance->GetSlots call, and may be | |
210 * obtained from the Framework's corresponding NSSCKFWSlot | |
211 * object. It contains a pointer for use by the Module, to | |
212 * store any slot-related data, and it contains the EPV for | |
213 * a set of routines which the Module may implement for use | |
214 * by the Framework. Some of these routines are optional. | |
215 */ | |
216 | |
217 struct NSSCKMDSlotStr { | |
218 /* | |
219 * The Module may use this pointer for its own purposes. | |
220 */ | |
221 void *etc; | |
222 | |
223 /* | |
224 * This routine is called during the Framework initialization | |
225 * step, after the Framework Instance has obtained the list | |
226 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- | |
227 * specific initialization can be done here. This routine is | |
228 * optional; if unimplemented, it won't be called. Note that | |
229 * if this routine returns an error, the entire Framework | |
230 * initialization for this Module will fail. | |
231 */ | |
232 CK_RV(PR_CALLBACK *Initialize) | |
233 ( | |
234 NSSCKMDSlot *mdSlot, | |
235 NSSCKFWSlot *fwSlot, | |
236 NSSCKMDInstance *mdInstance, | |
237 NSSCKFWInstance *fwInstance); | |
238 | |
239 /* | |
240 * This routine is called when the Framework is finalizing | |
241 * the PKCS#11 Module. This call (for each of the slots) | |
242 * is the last thing called before NSSCKMDInstance->Finalize. | |
243 * This routine is optional; if unimplemented, it merely | |
244 * won't be called. Note: In the rare circumstance that | |
245 * the Framework initialization cannot complete (due to, | |
246 * for example, memory limitations), this can be called with | |
247 * a NULL value for fwSlot. | |
248 */ | |
249 void(PR_CALLBACK *Destroy)( | |
250 NSSCKMDSlot *mdSlot, | |
251 NSSCKFWSlot *fwSlot, | |
252 NSSCKMDInstance *mdInstance, | |
253 NSSCKFWInstance *fwInstance); | |
254 | |
255 /* | |
256 * This routine returns a pointer to a UTF8-encoded string | |
257 * containing a description of this slot. Only the characters | |
258 * completely encoded in the first sixty-four bytes are | |
259 * significant. This routine is optional. The string | |
260 * returned is never freed; if dynamically generated, | |
261 * the space for it should be allocated from the NSSArena | |
262 * that may be obtained from the NSSCKFWInstance. This | |
263 * routine may return NULL upon error; however if *pError | |
264 * is CKR_OK, the NULL will be considered the valid response. | |
265 */ | |
266 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( | |
267 NSSCKMDSlot *mdSlot, | |
268 NSSCKFWSlot *fwSlot, | |
269 NSSCKMDInstance *mdInstance, | |
270 NSSCKFWInstance *fwInstance, | |
271 CK_RV *pError); | |
272 | |
273 /* | |
274 * This routine returns a pointer to a UTF8-encoded string | |
275 * containing a description of the manufacturer of this slot. | |
276 * Only the characters completely encoded in the first thirty- | |
277 * two bytes are significant. This routine is optional. | |
278 * The string returned is never freed; if dynamically generated, | |
279 * the space for it should be allocated from the NSSArena | |
280 * that may be obtained from the NSSCKFWInstance. This | |
281 * routine may return NULL upon error; however if *pError | |
282 * is CKR_OK, the NULL will be considered the valid response. | |
283 */ | |
284 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( | |
285 NSSCKMDSlot *mdSlot, | |
286 NSSCKFWSlot *fwSlot, | |
287 NSSCKMDInstance *mdInstance, | |
288 NSSCKFWInstance *fwInstance, | |
289 CK_RV *pError); | |
290 | |
291 /* | |
292 * This routine returns CK_TRUE if a token is present in this | |
293 * slot. This routine is optional; if unimplemented, CK_TRUE | |
294 * is assumed. | |
295 */ | |
296 CK_BBOOL(PR_CALLBACK *GetTokenPresent) | |
297 ( | |
298 NSSCKMDSlot *mdSlot, | |
299 NSSCKFWSlot *fwSlot, | |
300 NSSCKMDInstance *mdInstance, | |
301 NSSCKFWInstance *fwInstance); | |
302 | |
303 /* | |
304 * This routine returns CK_TRUE if the slot supports removable | |
305 * tokens. This routine is optional; if unimplemented, CK_FALSE | |
306 * is assumed. | |
307 */ | |
308 CK_BBOOL(PR_CALLBACK *GetRemovableDevice) | |
309 ( | |
310 NSSCKMDSlot *mdSlot, | |
311 NSSCKFWSlot *fwSlot, | |
312 NSSCKMDInstance *mdInstance, | |
313 NSSCKFWInstance *fwInstance); | |
314 | |
315 /* | |
316 * This routine returns CK_TRUE if this slot is a hardware | |
317 * device, or CK_FALSE if this slot is a software device. This | |
318 * routine is optional; if unimplemented, CK_FALSE is assumed. | |
319 */ | |
320 CK_BBOOL(PR_CALLBACK *GetHardwareSlot) | |
321 ( | |
322 NSSCKMDSlot *mdSlot, | |
323 NSSCKFWSlot *fwSlot, | |
324 NSSCKMDInstance *mdInstance, | |
325 NSSCKFWInstance *fwInstance); | |
326 | |
327 /* | |
328 * This routine returns the version of this slot's hardware. | |
329 * This routine is optional; if unimplemented, the Framework | |
330 * will assume a hardware version of 0.1. | |
331 */ | |
332 CK_VERSION(PR_CALLBACK *GetHardwareVersion) | |
333 ( | |
334 NSSCKMDSlot *mdSlot, | |
335 NSSCKFWSlot *fwSlot, | |
336 NSSCKMDInstance *mdInstance, | |
337 NSSCKFWInstance *fwInstance); | |
338 | |
339 /* | |
340 * This routine returns the version of this slot's firmware. | |
341 * This routine is optional; if unimplemented, the Framework | |
342 * will assume a hardware version of 0.1. | |
343 */ | |
344 CK_VERSION(PR_CALLBACK *GetFirmwareVersion) | |
345 ( | |
346 NSSCKMDSlot *mdSlot, | |
347 NSSCKFWSlot *fwSlot, | |
348 NSSCKMDInstance *mdInstance, | |
349 NSSCKFWInstance *fwInstance); | |
350 | |
351 /* | |
352 * This routine should return a pointer to an NSSCKMDToken | |
353 * object corresponding to the token in the specified slot. | |
354 * The NSSCKFWToken object passed in has an NSSArena | |
355 * available which is dedicated for this token. This routine | |
356 * must be implemented. This routine may return NULL upon | |
357 * error. | |
358 */ | |
359 NSSCKMDToken *(PR_CALLBACK *GetToken)( | |
360 NSSCKMDSlot *mdSlot, | |
361 NSSCKFWSlot *fwSlot, | |
362 NSSCKMDInstance *mdInstance, | |
363 NSSCKFWInstance *fwInstance, | |
364 CK_RV *pError); | |
365 | |
366 /* | |
367 * This object may be extended in future versions of the | |
368 * NSS Cryptoki Framework. To allow for some flexibility | |
369 * in the area of binary compatibility, this field should | |
370 * be NULL. | |
371 */ | |
372 void *null; | |
373 }; | |
374 | |
375 /* | |
376 * NSSCKMDToken | |
377 * | |
378 * This is the basic handle for a PKCS#11 Token. It is created by | |
379 * the NSSCKMDSlot->GetToken call, and may be obtained from the | |
380 * Framework's corresponding NSSCKFWToken object. It contains a | |
381 * pointer for use by the Module, to store any token-related | |
382 * data, and it contains the EPV for a set of routines which the | |
383 * Module may implement for use by the Framework. Some of these | |
384 * routines are optional. | |
385 */ | |
386 | |
387 struct NSSCKMDTokenStr { | |
388 /* | |
389 * The Module may use this pointer for its own purposes. | |
390 */ | |
391 void *etc; | |
392 | |
393 /* | |
394 * This routine is used to prepare a Module token object for | |
395 * use. It is called after the NSSCKMDToken object is obtained | |
396 * from NSSCKMDSlot->GetToken. It is named "Setup" here because | |
397 * Cryptoki already defines "InitToken" to do the process of | |
398 * wiping out any existing state on a token and preparing it for | |
399 * a new use. This routine is optional; if unimplemented, it | |
400 * merely won't be called. | |
401 */ | |
402 CK_RV(PR_CALLBACK *Setup) | |
403 ( | |
404 NSSCKMDToken *mdToken, | |
405 NSSCKFWToken *fwToken, | |
406 NSSCKMDInstance *mdInstance, | |
407 NSSCKFWInstance *fwInstance); | |
408 | |
409 /* | |
410 * This routine is called by the Framework whenever it notices | |
411 * that the token object is invalid. (Typically this is when a | |
412 * routine indicates an error such as CKR_DEVICE_REMOVED). This | |
413 * call is the last thing called before the NSSArena in the | |
414 * corresponding NSSCKFWToken is destroyed. This routine is | |
415 * optional; if unimplemented, it merely won't be called. | |
416 */ | |
417 void(PR_CALLBACK *Invalidate)( | |
418 NSSCKMDToken *mdToken, | |
419 NSSCKFWToken *fwToken, | |
420 NSSCKMDInstance *mdInstance, | |
421 NSSCKFWInstance *fwInstance); | |
422 | |
423 /* | |
424 * This routine initialises the token in the specified slot. | |
425 * This routine is optional; if unimplemented, the Framework | |
426 * will fail this operation with an error of CKR_DEVICE_ERROR. | |
427 */ | |
428 | |
429 CK_RV(PR_CALLBACK *InitToken) | |
430 ( | |
431 NSSCKMDToken *mdToken, | |
432 NSSCKFWToken *fwToken, | |
433 NSSCKMDInstance *mdInstance, | |
434 NSSCKFWInstance *fwInstance, | |
435 NSSItem *pin, | |
436 NSSUTF8 *label); | |
437 | |
438 /* | |
439 * This routine returns a pointer to a UTF8-encoded string | |
440 * containing this token's label. Only the characters | |
441 * completely encoded in the first thirty-two bytes are | |
442 * significant. This routine is optional. The string | |
443 * returned is never freed; if dynamically generated, | |
444 * the space for it should be allocated from the NSSArena | |
445 * that may be obtained from the NSSCKFWInstance. This | |
446 * routine may return NULL upon error; however if *pError | |
447 * is CKR_OK, the NULL will be considered the valid response. | |
448 */ | |
449 NSSUTF8 *(PR_CALLBACK *GetLabel)( | |
450 NSSCKMDToken *mdToken, | |
451 NSSCKFWToken *fwToken, | |
452 NSSCKMDInstance *mdInstance, | |
453 NSSCKFWInstance *fwInstance, | |
454 CK_RV *pError); | |
455 | |
456 /* | |
457 * This routine returns a pointer to a UTF8-encoded string | |
458 * containing this token's manufacturer ID. Only the characters | |
459 * completely encoded in the first thirty-two bytes are | |
460 * significant. This routine is optional. The string | |
461 * returned is never freed; if dynamically generated, | |
462 * the space for it should be allocated from the NSSArena | |
463 * that may be obtained from the NSSCKFWInstance. This | |
464 * routine may return NULL upon error; however if *pError | |
465 * is CKR_OK, the NULL will be considered the valid response. | |
466 */ | |
467 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( | |
468 NSSCKMDToken *mdToken, | |
469 NSSCKFWToken *fwToken, | |
470 NSSCKMDInstance *mdInstance, | |
471 NSSCKFWInstance *fwInstance, | |
472 CK_RV *pError); | |
473 | |
474 /* | |
475 * This routine returns a pointer to a UTF8-encoded string | |
476 * containing this token's model name. Only the characters | |
477 * completely encoded in the first thirty-two bytes are | |
478 * significant. This routine is optional. The string | |
479 * returned is never freed; if dynamically generated, | |
480 * the space for it should be allocated from the NSSArena | |
481 * that may be obtained from the NSSCKFWInstance. This | |
482 * routine may return NULL upon error; however if *pError | |
483 * is CKR_OK, the NULL will be considered the valid response. | |
484 */ | |
485 NSSUTF8 *(PR_CALLBACK *GetModel)( | |
486 NSSCKMDToken *mdToken, | |
487 NSSCKFWToken *fwToken, | |
488 NSSCKMDInstance *mdInstance, | |
489 NSSCKFWInstance *fwInstance, | |
490 CK_RV *pError); | |
491 | |
492 /* | |
493 * This routine returns a pointer to a UTF8-encoded string | |
494 * containing this token's serial number. Only the characters | |
495 * completely encoded in the first thirty-two bytes are | |
496 * significant. This routine is optional. The string | |
497 * returned is never freed; if dynamically generated, | |
498 * the space for it should be allocated from the NSSArena | |
499 * that may be obtained from the NSSCKFWInstance. This | |
500 * routine may return NULL upon error; however if *pError | |
501 * is CKR_OK, the NULL will be considered the valid response. | |
502 */ | |
503 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( | |
504 NSSCKMDToken *mdToken, | |
505 NSSCKFWToken *fwToken, | |
506 NSSCKMDInstance *mdInstance, | |
507 NSSCKFWInstance *fwInstance, | |
508 CK_RV *pError); | |
509 | |
510 /* | |
511 * This routine returns CK_TRUE if the token has its own | |
512 * random number generator. This routine is optional; if | |
513 * unimplemented, CK_FALSE is assumed. | |
514 */ | |
515 CK_BBOOL(PR_CALLBACK *GetHasRNG) | |
516 ( | |
517 NSSCKMDToken *mdToken, | |
518 NSSCKFWToken *fwToken, | |
519 NSSCKMDInstance *mdInstance, | |
520 NSSCKFWInstance *fwInstance); | |
521 | |
522 /* | |
523 * This routine returns CK_TRUE if this token is write-protected. | |
524 * This routine is optional; if unimplemented, CK_FALSE is | |
525 * assumed. | |
526 */ | |
527 CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) | |
528 ( | |
529 NSSCKMDToken *mdToken, | |
530 NSSCKFWToken *fwToken, | |
531 NSSCKMDInstance *mdInstance, | |
532 NSSCKFWInstance *fwInstance); | |
533 | |
534 /* | |
535 * This routine returns CK_TRUE if this token requires a login. | |
536 * This routine is optional; if unimplemented, CK_FALSE is | |
537 * assumed. | |
538 */ | |
539 CK_BBOOL(PR_CALLBACK *GetLoginRequired) | |
540 ( | |
541 NSSCKMDToken *mdToken, | |
542 NSSCKFWToken *fwToken, | |
543 NSSCKMDInstance *mdInstance, | |
544 NSSCKFWInstance *fwInstance); | |
545 | |
546 /* | |
547 * This routine returns CK_TRUE if the normal user's PIN on this | |
548 * token has been initialised. This routine is optional; if | |
549 * unimplemented, CK_FALSE is assumed. | |
550 */ | |
551 CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) | |
552 ( | |
553 NSSCKMDToken *mdToken, | |
554 NSSCKFWToken *fwToken, | |
555 NSSCKMDInstance *mdInstance, | |
556 NSSCKFWInstance *fwInstance); | |
557 | |
558 /* | |
559 * This routine returns CK_TRUE if a successful save of a | |
560 * session's cryptographic operations state ~always~ contains | |
561 * all keys needed to restore the state of the session. This | |
562 * routine is optional; if unimplemented, CK_FALSE is assumed. | |
563 */ | |
564 CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) | |
565 ( | |
566 NSSCKMDToken *mdToken, | |
567 NSSCKFWToken *fwToken, | |
568 NSSCKMDInstance *mdInstance, | |
569 NSSCKFWInstance *fwInstance); | |
570 | |
571 /* | |
572 * This routine returns CK_TRUE if the token has its own | |
573 * hardware clock. This routine is optional; if unimplemented, | |
574 * CK_FALSE is assumed. | |
575 */ | |
576 CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) | |
577 ( | |
578 NSSCKMDToken *mdToken, | |
579 NSSCKFWToken *fwToken, | |
580 NSSCKMDInstance *mdInstance, | |
581 NSSCKFWInstance *fwInstance); | |
582 | |
583 /* | |
584 * This routine returns CK_TRUE if the token has a protected | |
585 * authentication path. This routine is optional; if | |
586 * unimplemented, CK_FALSE is assumed. | |
587 */ | |
588 CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) | |
589 ( | |
590 NSSCKMDToken *mdToken, | |
591 NSSCKFWToken *fwToken, | |
592 NSSCKMDInstance *mdInstance, | |
593 NSSCKFWInstance *fwInstance); | |
594 | |
595 /* | |
596 * This routine returns CK_TRUE if the token supports dual | |
597 * cryptographic operations within a single session. This | |
598 * routine is optional; if unimplemented, CK_FALSE is assumed. | |
599 */ | |
600 CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) | |
601 ( | |
602 NSSCKMDToken *mdToken, | |
603 NSSCKFWToken *fwToken, | |
604 NSSCKMDInstance *mdInstance, | |
605 NSSCKFWInstance *fwInstance); | |
606 | |
607 /* | |
608 * XXX fgmr-- should we have a call to return all the flags | |
609 * at once, for folks who already know about Cryptoki? | |
610 */ | |
611 | |
612 /* | |
613 * This routine returns the maximum number of sessions that | |
614 * may be opened on this token. This routine is optional; | |
615 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION | |
616 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? | |
617 */ | |
618 CK_ULONG(PR_CALLBACK *GetMaxSessionCount) | |
619 ( | |
620 NSSCKMDToken *mdToken, | |
621 NSSCKFWToken *fwToken, | |
622 NSSCKMDInstance *mdInstance, | |
623 NSSCKFWInstance *fwInstance); | |
624 | |
625 /* | |
626 * This routine returns the maximum number of read/write | |
627 * sesisons that may be opened on this token. This routine | |
628 * is optional; if unimplemented, the special value | |
629 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or | |
630 * CK_EFFECTIVELY_INFINITE? | |
631 */ | |
632 CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) | |
633 ( | |
634 NSSCKMDToken *mdToken, | |
635 NSSCKFWToken *fwToken, | |
636 NSSCKMDInstance *mdInstance, | |
637 NSSCKFWInstance *fwInstance); | |
638 | |
639 /* | |
640 * This routine returns the maximum PIN code length that is | |
641 * supported on this token. This routine is optional; | |
642 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION | |
643 * is assumed. | |
644 */ | |
645 CK_ULONG(PR_CALLBACK *GetMaxPinLen) | |
646 ( | |
647 NSSCKMDToken *mdToken, | |
648 NSSCKFWToken *fwToken, | |
649 NSSCKMDInstance *mdInstance, | |
650 NSSCKFWInstance *fwInstance); | |
651 | |
652 /* | |
653 * This routine returns the minimum PIN code length that is | |
654 * supported on this token. This routine is optional; if | |
655 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION | |
656 * is assumed. XXX fgmr-- or 0? | |
657 */ | |
658 CK_ULONG(PR_CALLBACK *GetMinPinLen) | |
659 ( | |
660 NSSCKMDToken *mdToken, | |
661 NSSCKFWToken *fwToken, | |
662 NSSCKMDInstance *mdInstance, | |
663 NSSCKFWInstance *fwInstance); | |
664 | |
665 /* | |
666 * This routine returns the total amount of memory on the token | |
667 * in which public objects may be stored. This routine is | |
668 * optional; if unimplemented, the special value | |
669 * CK_UNAVAILABLE_INFORMATION is assumed. | |
670 */ | |
671 CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) | |
672 ( | |
673 NSSCKMDToken *mdToken, | |
674 NSSCKFWToken *fwToken, | |
675 NSSCKMDInstance *mdInstance, | |
676 NSSCKFWInstance *fwInstance); | |
677 | |
678 /* | |
679 * This routine returns the amount of unused memory on the | |
680 * token in which public objects may be stored. This routine | |
681 * is optional; if unimplemented, the special value | |
682 * CK_UNAVAILABLE_INFORMATION is assumed. | |
683 */ | |
684 CK_ULONG(PR_CALLBACK *GetFreePublicMemory) | |
685 ( | |
686 NSSCKMDToken *mdToken, | |
687 NSSCKFWToken *fwToken, | |
688 NSSCKMDInstance *mdInstance, | |
689 NSSCKFWInstance *fwInstance); | |
690 | |
691 /* | |
692 * This routine returns the total amount of memory on the token | |
693 * in which private objects may be stored. This routine is | |
694 * optional; if unimplemented, the special value | |
695 * CK_UNAVAILABLE_INFORMATION is assumed. | |
696 */ | |
697 CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) | |
698 ( | |
699 NSSCKMDToken *mdToken, | |
700 NSSCKFWToken *fwToken, | |
701 NSSCKMDInstance *mdInstance, | |
702 NSSCKFWInstance *fwInstance); | |
703 | |
704 /* | |
705 * This routine returns the amount of unused memory on the | |
706 * token in which private objects may be stored. This routine | |
707 * is optional; if unimplemented, the special value | |
708 * CK_UNAVAILABLE_INFORMATION is assumed. | |
709 */ | |
710 CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) | |
711 ( | |
712 NSSCKMDToken *mdToken, | |
713 NSSCKFWToken *fwToken, | |
714 NSSCKMDInstance *mdInstance, | |
715 NSSCKFWInstance *fwInstance); | |
716 | |
717 /* | |
718 * This routine returns the version number of this token's | |
719 * hardware. This routine is optional; if unimplemented, | |
720 * the value 0.1 is assumed. | |
721 */ | |
722 CK_VERSION(PR_CALLBACK *GetHardwareVersion) | |
723 ( | |
724 NSSCKMDToken *mdToken, | |
725 NSSCKFWToken *fwToken, | |
726 NSSCKMDInstance *mdInstance, | |
727 NSSCKFWInstance *fwInstance); | |
728 | |
729 /* | |
730 * This routine returns the version number of this token's | |
731 * firmware. This routine is optional; if unimplemented, | |
732 * the value 0.1 is assumed. | |
733 */ | |
734 CK_VERSION(PR_CALLBACK *GetFirmwareVersion) | |
735 ( | |
736 NSSCKMDToken *mdToken, | |
737 NSSCKFWToken *fwToken, | |
738 NSSCKMDInstance *mdInstance, | |
739 NSSCKFWInstance *fwInstance); | |
740 | |
741 /* | |
742 * This routine stuffs the current UTC time, as obtained from | |
743 * the token, into the sixteen-byte buffer in the form | |
744 * YYYYMMDDhhmmss00. This routine need only be implemented | |
745 * by token which indicate that they have a real-time clock. | |
746 * XXX fgmr-- think about time formats. | |
747 */ | |
748 CK_RV(PR_CALLBACK *GetUTCTime) | |
749 ( | |
750 NSSCKMDToken *mdToken, | |
751 NSSCKFWToken *fwToken, | |
752 NSSCKMDInstance *mdInstance, | |
753 NSSCKFWInstance *fwInstance, | |
754 CK_CHAR utcTime[16]); | |
755 | |
756 /* | |
757 * This routine creates a session on the token, and returns | |
758 * the corresponding NSSCKMDSession object. The value of | |
759 * rw will be CK_TRUE if the session is to be a read/write | |
760 * session, or CK_FALSE otherwise. An NSSArena dedicated to | |
761 * the new session is available from the specified NSSCKFWSession. | |
762 * This routine may return NULL upon error. | |
763 */ | |
764 NSSCKMDSession *(PR_CALLBACK *OpenSession)( | |
765 NSSCKMDToken *mdToken, | |
766 NSSCKFWToken *fwToken, | |
767 NSSCKMDInstance *mdInstance, | |
768 NSSCKFWInstance *fwInstance, | |
769 NSSCKFWSession *fwSession, | |
770 CK_BBOOL rw, | |
771 CK_RV *pError); | |
772 | |
773 /* | |
774 * This routine returns the number of PKCS#11 Mechanisms | |
775 * supported by this token. This routine is optional; if | |
776 * unimplemented, zero is assumed. | |
777 */ | |
778 CK_ULONG(PR_CALLBACK *GetMechanismCount) | |
779 ( | |
780 NSSCKMDToken *mdToken, | |
781 NSSCKFWToken *fwToken, | |
782 NSSCKMDInstance *mdInstance, | |
783 NSSCKFWInstance *fwInstance); | |
784 | |
785 /* | |
786 * This routine stuffs into the specified array the types | |
787 * of the mechanisms supported by this token. The Framework | |
788 * determines the size of the array by calling GetMechanismCount. | |
789 */ | |
790 CK_RV(PR_CALLBACK *GetMechanismTypes) | |
791 ( | |
792 NSSCKMDToken *mdToken, | |
793 NSSCKFWToken *fwToken, | |
794 NSSCKMDInstance *mdInstance, | |
795 NSSCKFWInstance *fwInstance, | |
796 CK_MECHANISM_TYPE types[]); | |
797 | |
798 /* | |
799 * This routine returns a pointer to a Module mechanism | |
800 * object corresponding to a specified type. This routine | |
801 * need only exist for tokens implementing at least one | |
802 * mechanism. | |
803 */ | |
804 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( | |
805 NSSCKMDToken *mdToken, | |
806 NSSCKFWToken *fwToken, | |
807 NSSCKMDInstance *mdInstance, | |
808 NSSCKFWInstance *fwInstance, | |
809 CK_MECHANISM_TYPE which, | |
810 CK_RV *pError); | |
811 | |
812 /* | |
813 * This object may be extended in future versions of the | |
814 * NSS Cryptoki Framework. To allow for some flexibility | |
815 * in the area of binary compatibility, this field should | |
816 * be NULL. | |
817 */ | |
818 void *null; | |
819 }; | |
820 | |
821 /* | |
822 * NSSCKMDSession | |
823 * | |
824 * This is the basic handle for a session on a PKCS#11 Token. It | |
825 * is created by NSSCKMDToken->OpenSession, and may be obtained | |
826 * from the Framework's corresponding NSSCKFWSession object. It | |
827 * contains a pointer for use by the Module, to store any session- | |
828 * realted data, and it contains the EPV for a set of routines | |
829 * which the Module may implement for use by the Framework. Some | |
830 * of these routines are optional. | |
831 */ | |
832 | |
833 struct NSSCKMDSessionStr { | |
834 /* | |
835 * The Module may use this pointer for its own purposes. | |
836 */ | |
837 void *etc; | |
838 | |
839 /* | |
840 * This routine is called by the Framework when a session is | |
841 * closed. This call is the last thing called before the | |
842 * NSSArena in the correspoinding NSSCKFWSession is destroyed. | |
843 * This routine is optional; if unimplemented, it merely won't | |
844 * be called. | |
845 */ | |
846 void(PR_CALLBACK *Close)( | |
847 NSSCKMDSession *mdSession, | |
848 NSSCKFWSession *fwSession, | |
849 NSSCKMDToken *mdToken, | |
850 NSSCKFWToken *fwToken, | |
851 NSSCKMDInstance *mdInstance, | |
852 NSSCKFWInstance *fwInstance); | |
853 | |
854 /* | |
855 * This routine is used to get any device-specific error. | |
856 * This routine is optional. | |
857 */ | |
858 CK_ULONG(PR_CALLBACK *GetDeviceError) | |
859 ( | |
860 NSSCKMDSession *mdSession, | |
861 NSSCKFWSession *fwSession, | |
862 NSSCKMDToken *mdToken, | |
863 NSSCKFWToken *fwToken, | |
864 NSSCKMDInstance *mdInstance, | |
865 NSSCKFWInstance *fwInstance); | |
866 | |
867 /* | |
868 * This routine is used to log in a user to the token. This | |
869 * routine is optional, since the Framework's NSSCKFWSession | |
870 * object keeps track of the login state. | |
871 */ | |
872 CK_RV(PR_CALLBACK *Login) | |
873 ( | |
874 NSSCKMDSession *mdSession, | |
875 NSSCKFWSession *fwSession, | |
876 NSSCKMDToken *mdToken, | |
877 NSSCKFWToken *fwToken, | |
878 NSSCKMDInstance *mdInstance, | |
879 NSSCKFWInstance *fwInstance, | |
880 CK_USER_TYPE userType, | |
881 NSSItem *pin, | |
882 CK_STATE oldState, | |
883 CK_STATE newState); | |
884 | |
885 /* | |
886 * This routine is used to log out a user from the token. This | |
887 * routine is optional, since the Framework's NSSCKFWSession | |
888 * object keeps track of the login state. | |
889 */ | |
890 CK_RV(PR_CALLBACK *Logout) | |
891 ( | |
892 NSSCKMDSession *mdSession, | |
893 NSSCKFWSession *fwSession, | |
894 NSSCKMDToken *mdToken, | |
895 NSSCKFWToken *fwToken, | |
896 NSSCKMDInstance *mdInstance, | |
897 NSSCKFWInstance *fwInstance, | |
898 CK_STATE oldState, | |
899 CK_STATE newState); | |
900 | |
901 /* | |
902 * This routine is used to initialize the normal user's PIN or | |
903 * password. This will only be called in the "read/write | |
904 * security officer functions" state. If this token has a | |
905 * protected authentication path, then the pin argument will | |
906 * be NULL. This routine is optional; if unimplemented, the | |
907 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. | |
908 */ | |
909 CK_RV(PR_CALLBACK *InitPIN) | |
910 ( | |
911 NSSCKMDSession *mdSession, | |
912 NSSCKFWSession *fwSession, | |
913 NSSCKMDToken *mdToken, | |
914 NSSCKFWToken *fwToken, | |
915 NSSCKMDInstance *mdInstance, | |
916 NSSCKFWInstance *fwInstance, | |
917 NSSItem *pin); | |
918 | |
919 /* | |
920 * This routine is used to modify a user's PIN or password. This | |
921 * routine will only be called in the "read/write security officer | |
922 * functions" or "read/write user functions" state. If this token | |
923 * has a protected authentication path, then the pin arguments | |
924 * will be NULL. This routine is optional; if unimplemented, the | |
925 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. | |
926 */ | |
927 CK_RV(PR_CALLBACK *SetPIN) | |
928 ( | |
929 NSSCKMDSession *mdSession, | |
930 NSSCKFWSession *fwSession, | |
931 NSSCKMDToken *mdToken, | |
932 NSSCKFWToken *fwToken, | |
933 NSSCKMDInstance *mdInstance, | |
934 NSSCKFWInstance *fwInstance, | |
935 NSSItem *oldPin, | |
936 NSSItem *newPin); | |
937 | |
938 /* | |
939 * This routine is used to find out how much space would be required | |
940 * to save the current operational state. This routine is optional; | |
941 * if unimplemented, the Framework will reject any attempts to save | |
942 * the operational state with the error CKR_STATE_UNSAVEABLE. This | |
943 * routine may return zero on error. | |
944 */ | |
945 CK_ULONG(PR_CALLBACK *GetOperationStateLen) | |
946 ( | |
947 NSSCKMDSession *mdSession, | |
948 NSSCKFWSession *fwSession, | |
949 NSSCKMDToken *mdToken, | |
950 NSSCKFWToken *fwToken, | |
951 NSSCKMDInstance *mdInstance, | |
952 NSSCKFWInstance *fwInstance, | |
953 CK_RV *pError); | |
954 | |
955 /* | |
956 * This routine is used to store the current operational state. This | |
957 * routine is only required if GetOperationStateLen is implemented | |
958 * and can return a nonzero value. The buffer in the specified item | |
959 * will be pre-allocated, and the length will specify the amount of | |
960 * space available (which may be more than GetOperationStateLen | |
961 * asked for, but which will not be smaller). | |
962 */ | |
963 CK_RV(PR_CALLBACK *GetOperationState) | |
964 ( | |
965 NSSCKMDSession *mdSession, | |
966 NSSCKFWSession *fwSession, | |
967 NSSCKMDToken *mdToken, | |
968 NSSCKFWToken *fwToken, | |
969 NSSCKMDInstance *mdInstance, | |
970 NSSCKFWInstance *fwInstance, | |
971 NSSItem *buffer); | |
972 | |
973 /* | |
974 * This routine is used to restore an operational state previously | |
975 * obtained with GetOperationState. The Framework will take pains | |
976 * to be sure that the state is (or was at one point) valid; if the | |
977 * Module notices that the state is invalid, it should return an | |
978 * error, but it is not required to be paranoid about the issue. | |
979 * [XXX fgmr-- should (can?) the framework verify the keys match up?] | |
980 * This routine is required only if GetOperationState is implemented. | |
981 */ | |
982 CK_RV(PR_CALLBACK *SetOperationState) | |
983 ( | |
984 NSSCKMDSession *mdSession, | |
985 NSSCKFWSession *fwSession, | |
986 NSSCKMDToken *mdToken, | |
987 NSSCKFWToken *fwToken, | |
988 NSSCKMDInstance *mdInstance, | |
989 NSSCKFWInstance *fwInstance, | |
990 NSSItem *state, | |
991 NSSCKMDObject *mdEncryptionKey, | |
992 NSSCKFWObject *fwEncryptionKey, | |
993 NSSCKMDObject *mdAuthenticationKey, | |
994 NSSCKFWObject *fwAuthenticationKey); | |
995 | |
996 /* | |
997 * This routine is used to create an object. The specified template | |
998 * will only specify a session object if the Module has indicated | |
999 * that it wishes to handle its own session objects. This routine | |
1000 * is optional; if unimplemented, the Framework will reject the | |
1001 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for | |
1002 * token objects should come from the NSSArena available from the | |
1003 * NSSCKFWToken object; space for session objects (if supported) | |
1004 * should come from the NSSArena available from the NSSCKFWSession | |
1005 * object. The appropriate NSSArena pointer will, as a convenience, | |
1006 * be passed as the handyArenaPointer argument. This routine may | |
1007 * return NULL upon error. | |
1008 */ | |
1009 NSSCKMDObject *(PR_CALLBACK *CreateObject)( | |
1010 NSSCKMDSession *mdSession, | |
1011 NSSCKFWSession *fwSession, | |
1012 NSSCKMDToken *mdToken, | |
1013 NSSCKFWToken *fwToken, | |
1014 NSSCKMDInstance *mdInstance, | |
1015 NSSCKFWInstance *fwInstance, | |
1016 NSSArena *handyArenaPointer, | |
1017 CK_ATTRIBUTE_PTR pTemplate, | |
1018 CK_ULONG ulAttributeCount, | |
1019 CK_RV *pError); | |
1020 | |
1021 /* | |
1022 * This routine is used to make a copy of an object. It is entirely | |
1023 * optional; if unimplemented, the Framework will try to use | |
1024 * CreateObject instead. If the Module has indicated that it does | |
1025 * not wish to handle session objects, then this routine will only | |
1026 * be called to copy a token object to another token object. | |
1027 * Otherwise, either the original object or the new may be of | |
1028 * either the token or session variety. As with CreateObject, the | |
1029 * handyArenaPointer will point to the appropriate arena for the | |
1030 * new object. This routine may return NULL upon error. | |
1031 */ | |
1032 NSSCKMDObject *(PR_CALLBACK *CopyObject)( | |
1033 NSSCKMDSession *mdSession, | |
1034 NSSCKFWSession *fwSession, | |
1035 NSSCKMDToken *mdToken, | |
1036 NSSCKFWToken *fwToken, | |
1037 NSSCKMDInstance *mdInstance, | |
1038 NSSCKFWInstance *fwInstance, | |
1039 NSSCKMDObject *mdOldObject, | |
1040 NSSCKFWObject *fwOldObject, | |
1041 NSSArena *handyArenaPointer, | |
1042 CK_ATTRIBUTE_PTR pTemplate, | |
1043 CK_ULONG ulAttributeCount, | |
1044 CK_RV *pError); | |
1045 | |
1046 /* | |
1047 * This routine is used to begin an object search. This routine may | |
1048 * be unimplemented only if the Module does not handle session | |
1049 * objects, and if none of its tokens have token objects. The | |
1050 * NSSCKFWFindObjects pointer has an NSSArena that may be used for | |
1051 * storage for the life of this "find" operation. This routine may | |
1052 * return NULL upon error. If the Module can determine immediately | |
1053 * that the search will not find any matching objects, it may return | |
1054 * NULL, and specify CKR_OK as the error. | |
1055 */ | |
1056 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( | |
1057 NSSCKMDSession *mdSession, | |
1058 NSSCKFWSession *fwSession, | |
1059 NSSCKMDToken *mdToken, | |
1060 NSSCKFWToken *fwToken, | |
1061 NSSCKMDInstance *mdInstance, | |
1062 NSSCKFWInstance *fwInstance, | |
1063 CK_ATTRIBUTE_PTR pTemplate, | |
1064 CK_ULONG ulAttributeCount, | |
1065 CK_RV *pError); | |
1066 | |
1067 /* | |
1068 * This routine seeds the random-number generator. It is | |
1069 * optional, even if GetRandom is implemented. If unimplemented, | |
1070 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. | |
1071 */ | |
1072 CK_RV(PR_CALLBACK *SeedRandom) | |
1073 ( | |
1074 NSSCKMDSession *mdSession, | |
1075 NSSCKFWSession *fwSession, | |
1076 NSSCKMDToken *mdToken, | |
1077 NSSCKFWToken *fwToken, | |
1078 NSSCKMDInstance *mdInstance, | |
1079 NSSCKFWInstance *fwInstance, | |
1080 NSSItem *seed); | |
1081 | |
1082 /* | |
1083 * This routine gets random data. It is optional. If unimplemented, | |
1084 * the Framework will issue the error CKR_RANDOM_NO_RNG. | |
1085 */ | |
1086 CK_RV(PR_CALLBACK *GetRandom) | |
1087 ( | |
1088 NSSCKMDSession *mdSession, | |
1089 NSSCKFWSession *fwSession, | |
1090 NSSCKMDToken *mdToken, | |
1091 NSSCKFWToken *fwToken, | |
1092 NSSCKMDInstance *mdInstance, | |
1093 NSSCKFWInstance *fwInstance, | |
1094 NSSItem *buffer); | |
1095 | |
1096 /* | |
1097 * This object may be extended in future versions of the | |
1098 * NSS Cryptoki Framework. To allow for some flexibility | |
1099 * in the area of binary compatibility, this field should | |
1100 * be NULL. | |
1101 */ | |
1102 void *null; | |
1103 }; | |
1104 | |
1105 /* | |
1106 * NSSCKMDFindObjects | |
1107 * | |
1108 * This is the basic handle for an object search. It is | |
1109 * created by NSSCKMDSession->FindObjectsInit, and may be | |
1110 * obtained from the Framework's corresponding object. | |
1111 * It contains a pointer for use by the Module, to store | |
1112 * any search-related data, and it contains the EPV for a | |
1113 * set of routines which the Module may implement for use | |
1114 * by the Framework. Some of these routines are optional. | |
1115 */ | |
1116 | |
1117 struct NSSCKMDFindObjectsStr { | |
1118 /* | |
1119 * The Module may use this pointer for its own purposes. | |
1120 */ | |
1121 void *etc; | |
1122 | |
1123 /* | |
1124 * This routine is called by the Framework to finish a | |
1125 * search operation. Note that the Framework may finish | |
1126 * a search before it has completed. This routine is | |
1127 * optional; if unimplemented, it merely won't be called. | |
1128 */ | |
1129 void(PR_CALLBACK *Final)( | |
1130 NSSCKMDFindObjects *mdFindObjects, | |
1131 NSSCKFWFindObjects *fwFindObjects, | |
1132 NSSCKMDSession *mdSession, | |
1133 NSSCKFWSession *fwSession, | |
1134 NSSCKMDToken *mdToken, | |
1135 NSSCKFWToken *fwToken, | |
1136 NSSCKMDInstance *mdInstance, | |
1137 NSSCKFWInstance *fwInstance); | |
1138 | |
1139 /* | |
1140 * This routine is used to obtain another pointer to an | |
1141 * object matching the search criteria. This routine is | |
1142 * required. If no (more) objects match the search, it | |
1143 * should return NULL and set the error to CKR_OK. | |
1144 */ | |
1145 NSSCKMDObject *(PR_CALLBACK *Next)( | |
1146 NSSCKMDFindObjects *mdFindObjects, | |
1147 NSSCKFWFindObjects *fwFindObjects, | |
1148 NSSCKMDSession *mdSession, | |
1149 NSSCKFWSession *fwSession, | |
1150 NSSCKMDToken *mdToken, | |
1151 NSSCKFWToken *fwToken, | |
1152 NSSCKMDInstance *mdInstance, | |
1153 NSSCKFWInstance *fwInstance, | |
1154 NSSArena *arena, | |
1155 CK_RV *pError); | |
1156 | |
1157 /* | |
1158 * This object may be extended in future versions of the | |
1159 * NSS Cryptoki Framework. To allow for some flexibility | |
1160 * in the area of binary compatibility, this field should | |
1161 * be NULL. | |
1162 */ | |
1163 void *null; | |
1164 }; | |
1165 | |
1166 /* | |
1167 * NSSCKMDCryptoOperaion | |
1168 * | |
1169 * This is the basic handle for an encryption, decryption, | |
1170 * sign, verify, or hash opertion. | |
1171 * created by NSSCKMDMechanism->XXXXInit, and may be | |
1172 * obtained from the Framework's corresponding object. | |
1173 * It contains a pointer for use by the Module, to store | |
1174 * any intermediate data, and it contains the EPV for a | |
1175 * set of routines which the Module may implement for use | |
1176 * by the Framework. Some of these routines are optional. | |
1177 */ | |
1178 | |
1179 struct NSSCKMDCryptoOperationStr { | |
1180 /* | |
1181 * The Module may use this pointer for its own purposes. | |
1182 */ | |
1183 void *etc; | |
1184 | |
1185 /* | |
1186 * This routine is called by the Framework clean up the mdCryptoOperation | |
1187 * structure. | |
1188 * This routine is optional; if unimplemented, it will be ignored. | |
1189 */ | |
1190 void(PR_CALLBACK *Destroy)( | |
1191 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1192 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1193 NSSCKMDInstance *mdInstance, | |
1194 NSSCKFWInstance *fwInstance); | |
1195 | |
1196 /* | |
1197 * how many bytes do we need to finish this buffer? | |
1198 * must be implemented if Final is implemented. | |
1199 */ | |
1200 CK_ULONG(PR_CALLBACK *GetFinalLength) | |
1201 ( | |
1202 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1203 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1204 NSSCKMDSession *mdSession, | |
1205 NSSCKFWSession *fwSession, | |
1206 NSSCKMDToken *mdToken, | |
1207 NSSCKFWToken *fwToken, | |
1208 NSSCKMDInstance *mdInstance, | |
1209 NSSCKFWInstance *fwInstance, | |
1210 CK_RV *pError); | |
1211 | |
1212 /* | |
1213 * how many bytes do we need to complete the next operation. | |
1214 * used in both Update and UpdateFinal. | |
1215 */ | |
1216 CK_ULONG(PR_CALLBACK *GetOperationLength) | |
1217 ( | |
1218 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1219 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1220 NSSCKMDSession *mdSession, | |
1221 NSSCKFWSession *fwSession, | |
1222 NSSCKMDToken *mdToken, | |
1223 NSSCKFWToken *fwToken, | |
1224 NSSCKMDInstance *mdInstance, | |
1225 NSSCKFWInstance *fwInstance, | |
1226 const NSSItem *inputBuffer, | |
1227 CK_RV *pError); | |
1228 | |
1229 /* | |
1230 * This routine is called by the Framework to finish a | |
1231 * search operation. Note that the Framework may finish | |
1232 * a search before it has completed. This routine is | |
1233 * optional; if unimplemented, it merely won't be called. | |
1234 * The respective final call with fail with CKR_FUNCTION_FAILED | |
1235 * Final should not free the mdCryptoOperation. | |
1236 */ | |
1237 CK_RV(PR_CALLBACK *Final) | |
1238 ( | |
1239 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1240 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1241 NSSCKMDSession *mdSession, | |
1242 NSSCKFWSession *fwSession, | |
1243 NSSCKMDToken *mdToken, | |
1244 NSSCKFWToken *fwToken, | |
1245 NSSCKMDInstance *mdInstance, | |
1246 NSSCKFWInstance *fwInstance, | |
1247 NSSItem *outputBuffer); | |
1248 | |
1249 /* | |
1250 * This routine is called by the Framework to complete the | |
1251 * next step in an encryption/decryption operation. | |
1252 * This routine is optional; if unimplemented, the respective | |
1253 * update call with fail with CKR_FUNCTION_FAILED. | |
1254 * Update should not be implemented for signing/verification/digest | |
1255 * mechanisms. | |
1256 */ | |
1257 CK_RV(PR_CALLBACK *Update) | |
1258 ( | |
1259 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1260 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1261 NSSCKMDSession *mdSession, | |
1262 NSSCKFWSession *fwSession, | |
1263 NSSCKMDToken *mdToken, | |
1264 NSSCKFWToken *fwToken, | |
1265 NSSCKMDInstance *mdInstance, | |
1266 NSSCKFWInstance *fwInstance, | |
1267 const NSSItem *inputBuffer, | |
1268 NSSItem *outputBuffer); | |
1269 | |
1270 /* | |
1271 * This routine is called by the Framework to complete the | |
1272 * next step in a signing/verification/digest operation. | |
1273 * This routine is optional; if unimplemented, the respective | |
1274 * update call with fail with CKR_FUNCTION_FAILED | |
1275 * Update should not be implemented for encryption/decryption | |
1276 * mechanisms. | |
1277 */ | |
1278 CK_RV(PR_CALLBACK *DigestUpdate) | |
1279 ( | |
1280 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1281 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1282 NSSCKMDSession *mdSession, | |
1283 NSSCKFWSession *fwSession, | |
1284 NSSCKMDToken *mdToken, | |
1285 NSSCKFWToken *fwToken, | |
1286 NSSCKMDInstance *mdInstance, | |
1287 NSSCKFWInstance *fwInstance, | |
1288 const NSSItem *inputBuffer); | |
1289 | |
1290 /* | |
1291 * This routine is called by the Framework to complete a | |
1292 * single step operation. This routine is optional; if unimplemented, | |
1293 * the framework will use the Update and Final functions to complete | |
1294 * the operation. | |
1295 */ | |
1296 CK_RV(PR_CALLBACK *UpdateFinal) | |
1297 ( | |
1298 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1299 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1300 NSSCKMDSession *mdSession, | |
1301 NSSCKFWSession *fwSession, | |
1302 NSSCKMDToken *mdToken, | |
1303 NSSCKFWToken *fwToken, | |
1304 NSSCKMDInstance *mdInstance, | |
1305 NSSCKFWInstance *fwInstance, | |
1306 const NSSItem *inputBuffer, | |
1307 NSSItem *outputBuffer); | |
1308 | |
1309 /* | |
1310 * This routine is called by the Framework to complete next | |
1311 * step in a combined operation. The Decrypt/Encrypt mechanism | |
1312 * should define and drive the combo step. | |
1313 * This routine is optional; if unimplemented, | |
1314 * the framework will use the appropriate Update functions to complete | |
1315 * the operation. | |
1316 */ | |
1317 CK_RV(PR_CALLBACK *UpdateCombo) | |
1318 ( | |
1319 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1320 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1321 NSSCKMDCryptoOperation *mdPeerCryptoOperation, | |
1322 NSSCKFWCryptoOperation *fwPeerCryptoOperation, | |
1323 NSSCKMDSession *mdSession, | |
1324 NSSCKFWSession *fwSession, | |
1325 NSSCKMDToken *mdToken, | |
1326 NSSCKFWToken *fwToken, | |
1327 NSSCKMDInstance *mdInstance, | |
1328 NSSCKFWInstance *fwInstance, | |
1329 const NSSItem *inputBuffer, | |
1330 NSSItem *outputBuffer); | |
1331 | |
1332 /* | |
1333 * Hash a key directly into the digest | |
1334 */ | |
1335 CK_RV(PR_CALLBACK *DigestKey) | |
1336 ( | |
1337 NSSCKMDCryptoOperation *mdCryptoOperation, | |
1338 NSSCKFWCryptoOperation *fwCryptoOperation, | |
1339 NSSCKMDToken *mdToken, | |
1340 NSSCKFWToken *fwToken, | |
1341 NSSCKMDInstance *mdInstance, | |
1342 NSSCKFWInstance *fwInstance, | |
1343 NSSCKMDObject *mdKey, | |
1344 NSSCKFWObject *fwKey); | |
1345 | |
1346 /* | |
1347 * This object may be extended in future versions of the | |
1348 * NSS Cryptoki Framework. To allow for some flexibility | |
1349 * in the area of binary compatibility, this field should | |
1350 * be NULL. | |
1351 */ | |
1352 void *null; | |
1353 }; | |
1354 | |
1355 /* | |
1356 * NSSCKMDMechanism | |
1357 * | |
1358 */ | |
1359 | |
1360 struct NSSCKMDMechanismStr { | |
1361 /* | |
1362 * The Module may use this pointer for its own purposes. | |
1363 */ | |
1364 void *etc; | |
1365 | |
1366 /* | |
1367 * This also frees the fwMechanism if appropriate. | |
1368 * If it is not supplied, the Framework will assume that the Token | |
1369 * Manages a static list of mechanisms and the function will not be called. | |
1370 */ | |
1371 void(PR_CALLBACK *Destroy)( | |
1372 NSSCKMDMechanism *mdMechanism, | |
1373 NSSCKFWMechanism *fwMechanism, | |
1374 NSSCKMDInstance *mdInstance, | |
1375 NSSCKFWInstance *fwInstance); | |
1376 | |
1377 /* | |
1378 * This routine returns the minimum key size allowed for | |
1379 * this mechanism. This routine is optional; if unimplemented, | |
1380 * zero will be assumed. This routine may return zero on | |
1381 * error; if the error is CKR_OK, zero will be accepted as | |
1382 * a valid response. | |
1383 */ | |
1384 CK_ULONG(PR_CALLBACK *GetMinKeySize) | |
1385 ( | |
1386 NSSCKMDMechanism *mdMechanism, | |
1387 NSSCKFWMechanism *fwMechanism, | |
1388 NSSCKMDToken *mdToken, | |
1389 NSSCKFWToken *fwToken, | |
1390 NSSCKMDInstance *mdInstance, | |
1391 NSSCKFWInstance *fwInstance, | |
1392 CK_RV *pError); | |
1393 | |
1394 /* | |
1395 * This routine returns the maximum key size allowed for | |
1396 * this mechanism. This routine is optional; if unimplemented, | |
1397 * zero will be assumed. This routine may return zero on | |
1398 * error; if the error is CKR_OK, zero will be accepted as | |
1399 * a valid response. | |
1400 */ | |
1401 CK_ULONG(PR_CALLBACK *GetMaxKeySize) | |
1402 ( | |
1403 NSSCKMDMechanism *mdMechanism, | |
1404 NSSCKFWMechanism *fwMechanism, | |
1405 NSSCKMDToken *mdToken, | |
1406 NSSCKFWToken *fwToken, | |
1407 NSSCKMDInstance *mdInstance, | |
1408 NSSCKFWInstance *fwInstance, | |
1409 CK_RV *pError); | |
1410 | |
1411 /* | |
1412 * This routine is called to determine if the mechanism is | |
1413 * implemented in hardware or software. It returns CK_TRUE | |
1414 * if it is done in hardware. | |
1415 */ | |
1416 CK_BBOOL(PR_CALLBACK *GetInHardware) | |
1417 ( | |
1418 NSSCKMDMechanism *mdMechanism, | |
1419 NSSCKFWMechanism *fwMechanism, | |
1420 NSSCKMDToken *mdToken, | |
1421 NSSCKFWToken *fwToken, | |
1422 NSSCKMDInstance *mdInstance, | |
1423 NSSCKFWInstance *fwInstance, | |
1424 CK_RV *pError); | |
1425 | |
1426 /* | |
1427 * The crypto routines themselves. Most crypto operations may | |
1428 * be performed in two ways, streaming and single-part. The | |
1429 * streaming operations involve the use of (typically) three | |
1430 * calls-- an Init method to set up the operation, an Update | |
1431 * method to feed data to the operation, and a Final method to | |
1432 * obtain the final result. Single-part operations involve | |
1433 * one method, to perform the crypto operation all at once. | |
1434 * | |
1435 * The NSS Cryptoki Framework can implement the single-part | |
1436 * operations in terms of the streaming operations on behalf | |
1437 * of the Module. There are a few variances. | |
1438 * | |
1439 * Only the Init Functions are defined by the mechanism. Each | |
1440 * init function will return a NSSCKFWCryptoOperation which | |
1441 * can supply update, final, the single part updateFinal, and | |
1442 * the combo updateCombo functions. | |
1443 * | |
1444 * For simplicity, the routines are listed in summary here: | |
1445 * | |
1446 * EncryptInit, | |
1447 * DecryptInit, | |
1448 * DigestInit, | |
1449 * SignInit, | |
1450 * SignRecoverInit; | |
1451 * VerifyInit, | |
1452 * VerifyRecoverInit; | |
1453 * | |
1454 * The key-management routines are | |
1455 * | |
1456 * GenerateKey | |
1457 * GenerateKeyPair | |
1458 * WrapKey | |
1459 * UnwrapKey | |
1460 * DeriveKey | |
1461 * | |
1462 * All of these routines based on the Cryptoki API; | |
1463 * see PKCS#11 for further information. | |
1464 */ | |
1465 | |
1466 /* | |
1467 */ | |
1468 NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( | |
1469 NSSCKMDMechanism *mdMechanism, | |
1470 NSSCKFWMechanism *fwMechanism, | |
1471 CK_MECHANISM_PTR pMechanism, | |
1472 NSSCKMDSession *mdSession, | |
1473 NSSCKFWSession *fwSession, | |
1474 NSSCKMDToken *mdToken, | |
1475 NSSCKFWToken *fwToken, | |
1476 NSSCKMDInstance *mdInstance, | |
1477 NSSCKFWInstance *fwInstance, | |
1478 NSSCKMDObject *mdKey, | |
1479 NSSCKFWObject *fwKey, | |
1480 CK_RV *pError); | |
1481 | |
1482 /* | |
1483 */ | |
1484 NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( | |
1485 NSSCKMDMechanism *mdMechanism, | |
1486 NSSCKFWMechanism *fwMechanism, | |
1487 CK_MECHANISM_PTR pMechanism, | |
1488 NSSCKMDSession *mdSession, | |
1489 NSSCKFWSession *fwSession, | |
1490 NSSCKMDToken *mdToken, | |
1491 NSSCKFWToken *fwToken, | |
1492 NSSCKMDInstance *mdInstance, | |
1493 NSSCKFWInstance *fwInstance, | |
1494 NSSCKMDObject *mdKey, | |
1495 NSSCKFWObject *fwKey, | |
1496 CK_RV *pError); | |
1497 | |
1498 /* | |
1499 */ | |
1500 NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( | |
1501 NSSCKMDMechanism *mdMechanism, | |
1502 NSSCKFWMechanism *fwMechanism, | |
1503 CK_MECHANISM_PTR pMechanism, | |
1504 NSSCKMDSession *mdSession, | |
1505 NSSCKFWSession *fwSession, | |
1506 NSSCKMDToken *mdToken, | |
1507 NSSCKFWToken *fwToken, | |
1508 NSSCKMDInstance *mdInstance, | |
1509 NSSCKFWInstance *fwInstance, | |
1510 CK_RV *pError); | |
1511 | |
1512 /* | |
1513 */ | |
1514 NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( | |
1515 NSSCKMDMechanism *mdMechanism, | |
1516 NSSCKFWMechanism *fwMechanism, | |
1517 CK_MECHANISM_PTR pMechanism, | |
1518 NSSCKMDSession *mdSession, | |
1519 NSSCKFWSession *fwSession, | |
1520 NSSCKMDToken *mdToken, | |
1521 NSSCKFWToken *fwToken, | |
1522 NSSCKMDInstance *mdInstance, | |
1523 NSSCKFWInstance *fwInstance, | |
1524 NSSCKMDObject *mdKey, | |
1525 NSSCKFWObject *fwKey, | |
1526 CK_RV *pError); | |
1527 | |
1528 /* | |
1529 */ | |
1530 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( | |
1531 NSSCKMDMechanism *mdMechanism, | |
1532 NSSCKFWMechanism *fwMechanism, | |
1533 CK_MECHANISM_PTR pMechanism, | |
1534 NSSCKMDSession *mdSession, | |
1535 NSSCKFWSession *fwSession, | |
1536 NSSCKMDToken *mdToken, | |
1537 NSSCKFWToken *fwToken, | |
1538 NSSCKMDInstance *mdInstance, | |
1539 NSSCKFWInstance *fwInstance, | |
1540 NSSCKMDObject *mdKey, | |
1541 NSSCKFWObject *fwKey, | |
1542 CK_RV *pError); | |
1543 | |
1544 /* | |
1545 */ | |
1546 NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( | |
1547 NSSCKMDMechanism *mdMechanism, | |
1548 NSSCKFWMechanism *fwMechanism, | |
1549 CK_MECHANISM_PTR pMechanism, | |
1550 NSSCKMDSession *mdSession, | |
1551 NSSCKFWSession *fwSession, | |
1552 NSSCKMDToken *mdToken, | |
1553 NSSCKFWToken *fwToken, | |
1554 NSSCKMDInstance *mdInstance, | |
1555 NSSCKFWInstance *fwInstance, | |
1556 NSSCKMDObject *mdKey, | |
1557 NSSCKFWObject *fwKey, | |
1558 CK_RV *pError); | |
1559 | |
1560 /* | |
1561 */ | |
1562 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( | |
1563 NSSCKMDMechanism *mdMechanism, | |
1564 NSSCKFWMechanism *fwMechanism, | |
1565 CK_MECHANISM_PTR pMechanism, | |
1566 NSSCKMDSession *mdSession, | |
1567 NSSCKFWSession *fwSession, | |
1568 NSSCKMDToken *mdToken, | |
1569 NSSCKFWToken *fwToken, | |
1570 NSSCKMDInstance *mdInstance, | |
1571 NSSCKFWInstance *fwInstance, | |
1572 NSSCKMDObject *mdKey, | |
1573 NSSCKFWObject *fwKey, | |
1574 CK_RV *pError); | |
1575 | |
1576 /* | |
1577 * Key management operations. | |
1578 */ | |
1579 | |
1580 /* | |
1581 * This routine generates a key. This routine may return NULL | |
1582 * upon error. | |
1583 */ | |
1584 NSSCKMDObject *(PR_CALLBACK *GenerateKey)( | |
1585 NSSCKMDMechanism *mdMechanism, | |
1586 NSSCKFWMechanism *fwMechanism, | |
1587 CK_MECHANISM_PTR pMechanism, | |
1588 NSSCKMDSession *mdSession, | |
1589 NSSCKFWSession *fwSession, | |
1590 NSSCKMDToken *mdToken, | |
1591 NSSCKFWToken *fwToken, | |
1592 NSSCKMDInstance *mdInstance, | |
1593 NSSCKFWInstance *fwInstance, | |
1594 CK_ATTRIBUTE_PTR pTemplate, | |
1595 CK_ULONG ulAttributeCount, | |
1596 CK_RV *pError); | |
1597 | |
1598 /* | |
1599 * This routine generates a key pair. | |
1600 */ | |
1601 CK_RV(PR_CALLBACK *GenerateKeyPair) | |
1602 ( | |
1603 NSSCKMDMechanism *mdMechanism, | |
1604 NSSCKFWMechanism *fwMechanism, | |
1605 CK_MECHANISM_PTR pMechanism, | |
1606 NSSCKMDSession *mdSession, | |
1607 NSSCKFWSession *fwSession, | |
1608 NSSCKMDToken *mdToken, | |
1609 NSSCKFWToken *fwToken, | |
1610 NSSCKMDInstance *mdInstance, | |
1611 NSSCKFWInstance *fwInstance, | |
1612 CK_ATTRIBUTE_PTR pPublicKeyTemplate, | |
1613 CK_ULONG ulPublicKeyAttributeCount, | |
1614 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, | |
1615 CK_ULONG ulPrivateKeyAttributeCount, | |
1616 NSSCKMDObject **pPublicKey, | |
1617 NSSCKMDObject **pPrivateKey); | |
1618 | |
1619 /* | |
1620 * This routine wraps a key. | |
1621 */ | |
1622 CK_ULONG(PR_CALLBACK *GetWrapKeyLength) | |
1623 ( | |
1624 NSSCKMDMechanism *mdMechanism, | |
1625 NSSCKFWMechanism *fwMechanism, | |
1626 CK_MECHANISM_PTR pMechanism, | |
1627 NSSCKMDSession *mdSession, | |
1628 NSSCKFWSession *fwSession, | |
1629 NSSCKMDToken *mdToken, | |
1630 NSSCKFWToken *fwToken, | |
1631 NSSCKMDInstance *mdInstance, | |
1632 NSSCKFWInstance *fwInstance, | |
1633 NSSCKMDObject *mdWrappingKey, | |
1634 NSSCKFWObject *fwWrappingKey, | |
1635 NSSCKMDObject *mdWrappedKey, | |
1636 NSSCKFWObject *fwWrappedKey, | |
1637 CK_RV *pError); | |
1638 | |
1639 /* | |
1640 * This routine wraps a key. | |
1641 */ | |
1642 CK_RV(PR_CALLBACK *WrapKey) | |
1643 ( | |
1644 NSSCKMDMechanism *mdMechanism, | |
1645 NSSCKFWMechanism *fwMechanism, | |
1646 CK_MECHANISM_PTR pMechanism, | |
1647 NSSCKMDSession *mdSession, | |
1648 NSSCKFWSession *fwSession, | |
1649 NSSCKMDToken *mdToken, | |
1650 NSSCKFWToken *fwToken, | |
1651 NSSCKMDInstance *mdInstance, | |
1652 NSSCKFWInstance *fwInstance, | |
1653 NSSCKMDObject *mdWrappingKey, | |
1654 NSSCKFWObject *fwWrappingKey, | |
1655 NSSCKMDObject *mdKeyObject, | |
1656 NSSCKFWObject *fwKeyObject, | |
1657 NSSItem *wrappedKey); | |
1658 | |
1659 /* | |
1660 * This routine unwraps a key. This routine may return NULL | |
1661 * upon error. | |
1662 */ | |
1663 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( | |
1664 NSSCKMDMechanism *mdMechanism, | |
1665 NSSCKFWMechanism *fwMechanism, | |
1666 CK_MECHANISM_PTR pMechanism, | |
1667 NSSCKMDSession *mdSession, | |
1668 NSSCKFWSession *fwSession, | |
1669 NSSCKMDToken *mdToken, | |
1670 NSSCKFWToken *fwToken, | |
1671 NSSCKMDInstance *mdInstance, | |
1672 NSSCKFWInstance *fwInstance, | |
1673 NSSCKMDObject *mdWrappingKey, | |
1674 NSSCKFWObject *fwWrappingKey, | |
1675 NSSItem *wrappedKey, | |
1676 CK_ATTRIBUTE_PTR pTemplate, | |
1677 CK_ULONG ulAttributeCount, | |
1678 CK_RV *pError); | |
1679 | |
1680 /* | |
1681 * This routine derives a key. This routine may return NULL | |
1682 * upon error. | |
1683 */ | |
1684 NSSCKMDObject *(PR_CALLBACK *DeriveKey)( | |
1685 NSSCKMDMechanism *mdMechanism, | |
1686 NSSCKFWMechanism *fwMechanism, | |
1687 CK_MECHANISM_PTR pMechanism, | |
1688 NSSCKMDSession *mdSession, | |
1689 NSSCKFWSession *fwSession, | |
1690 NSSCKMDToken *mdToken, | |
1691 NSSCKFWToken *fwToken, | |
1692 NSSCKMDInstance *mdInstance, | |
1693 NSSCKFWInstance *fwInstance, | |
1694 NSSCKMDObject *mdBaseKey, | |
1695 NSSCKFWObject *fwBaseKey, | |
1696 CK_ATTRIBUTE_PTR pTemplate, | |
1697 CK_ULONG ulAttributeCount, | |
1698 CK_RV *pError); | |
1699 | |
1700 /* | |
1701 * This object may be extended in future versions of the | |
1702 * NSS Cryptoki Framework. To allow for some flexibility | |
1703 * in the area of binary compatibility, this field should | |
1704 * be NULL. | |
1705 */ | |
1706 void *null; | |
1707 }; | |
1708 | |
1709 /* | |
1710 * NSSCKMDObject | |
1711 * | |
1712 * This is the basic handle for any object used by a PKCS#11 Module. | |
1713 * Modules must implement it if they support their own objects, and | |
1714 * the Framework supports it for Modules that do not handle session | |
1715 * objects. This type contains a pointer for use by the implementor, | |
1716 * to store any object-specific data, and it contains an EPV for a | |
1717 * set of routines used to access the object. | |
1718 */ | |
1719 | |
1720 struct NSSCKMDObjectStr { | |
1721 /* | |
1722 * The implementation my use this pointer for its own purposes. | |
1723 */ | |
1724 void *etc; | |
1725 | |
1726 /* | |
1727 * This routine is called by the Framework when it is letting | |
1728 * go of an object handle. It can be used by the Module to | |
1729 * free any resources tied up by an object "in use." It is | |
1730 * optional. | |
1731 */ | |
1732 void(PR_CALLBACK *Finalize)( | |
1733 NSSCKMDObject *mdObject, | |
1734 NSSCKFWObject *fwObject, | |
1735 NSSCKMDSession *mdSession, | |
1736 NSSCKFWSession *fwSession, | |
1737 NSSCKMDToken *mdToken, | |
1738 NSSCKFWToken *fwToken, | |
1739 NSSCKMDInstance *mdInstance, | |
1740 NSSCKFWInstance *fwInstance); | |
1741 | |
1742 /* | |
1743 * This routine is used to completely destroy an object. | |
1744 * It is optional. The parameter fwObject might be NULL | |
1745 * if the framework runs out of memory at the wrong moment. | |
1746 */ | |
1747 CK_RV(PR_CALLBACK *Destroy) | |
1748 ( | |
1749 NSSCKMDObject *mdObject, | |
1750 NSSCKFWObject *fwObject, | |
1751 NSSCKMDSession *mdSession, | |
1752 NSSCKFWSession *fwSession, | |
1753 NSSCKMDToken *mdToken, | |
1754 NSSCKFWToken *fwToken, | |
1755 NSSCKMDInstance *mdInstance, | |
1756 NSSCKFWInstance *fwInstance); | |
1757 | |
1758 /* | |
1759 * This helper routine is used by the Framework, and is especially | |
1760 * useful when it is managing session objects on behalf of the | |
1761 * Module. This routine is optional; if unimplemented, the | |
1762 * Framework will actually look up the CKA_TOKEN attribute. In the | |
1763 * event of an error, just make something up-- the Framework will | |
1764 * find out soon enough anyway. | |
1765 */ | |
1766 CK_BBOOL(PR_CALLBACK *IsTokenObject) | |
1767 ( | |
1768 NSSCKMDObject *mdObject, | |
1769 NSSCKFWObject *fwObject, | |
1770 NSSCKMDSession *mdSession, | |
1771 NSSCKFWSession *fwSession, | |
1772 NSSCKMDToken *mdToken, | |
1773 NSSCKFWToken *fwToken, | |
1774 NSSCKMDInstance *mdInstance, | |
1775 NSSCKFWInstance *fwInstance); | |
1776 | |
1777 /* | |
1778 * This routine returns the number of attributes of which this | |
1779 * object consists. It is mandatory. It can return zero on | |
1780 * error. | |
1781 */ | |
1782 CK_ULONG(PR_CALLBACK *GetAttributeCount) | |
1783 ( | |
1784 NSSCKMDObject *mdObject, | |
1785 NSSCKFWObject *fwObject, | |
1786 NSSCKMDSession *mdSession, | |
1787 NSSCKFWSession *fwSession, | |
1788 NSSCKMDToken *mdToken, | |
1789 NSSCKFWToken *fwToken, | |
1790 NSSCKMDInstance *mdInstance, | |
1791 NSSCKFWInstance *fwInstance, | |
1792 CK_RV *pError); | |
1793 | |
1794 /* | |
1795 * This routine stuffs the attribute types into the provided array. | |
1796 * The array size (as obtained from GetAttributeCount) is passed in | |
1797 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong | |
1798 * (either too big or too small). | |
1799 */ | |
1800 CK_RV(PR_CALLBACK *GetAttributeTypes) | |
1801 ( | |
1802 NSSCKMDObject *mdObject, | |
1803 NSSCKFWObject *fwObject, | |
1804 NSSCKMDSession *mdSession, | |
1805 NSSCKFWSession *fwSession, | |
1806 NSSCKMDToken *mdToken, | |
1807 NSSCKFWToken *fwToken, | |
1808 NSSCKMDInstance *mdInstance, | |
1809 NSSCKFWInstance *fwInstance, | |
1810 CK_ATTRIBUTE_TYPE_PTR typeArray, | |
1811 CK_ULONG ulCount); | |
1812 | |
1813 /* | |
1814 * This routine returns the size (in bytes) of the specified | |
1815 * attribute. It can return zero on error. | |
1816 */ | |
1817 CK_ULONG(PR_CALLBACK *GetAttributeSize) | |
1818 ( | |
1819 NSSCKMDObject *mdObject, | |
1820 NSSCKFWObject *fwObject, | |
1821 NSSCKMDSession *mdSession, | |
1822 NSSCKFWSession *fwSession, | |
1823 NSSCKMDToken *mdToken, | |
1824 NSSCKFWToken *fwToken, | |
1825 NSSCKMDInstance *mdInstance, | |
1826 NSSCKFWInstance *fwInstance, | |
1827 CK_ATTRIBUTE_TYPE attribute, | |
1828 CK_RV *pError); | |
1829 | |
1830 /* | |
1831 * This routine returns an NSSCKFWItem structure. | |
1832 * The item pointer points to an NSSItem containing the attribute value. | |
1833 * The needsFreeing bit tells the framework whether to call the | |
1834 * FreeAttribute function . Upon error, an NSSCKFWItem structure | |
1835 * with a NULL NSSItem item pointer will be returned | |
1836 */ | |
1837 NSSCKFWItem(PR_CALLBACK *GetAttribute)( | |
1838 NSSCKMDObject *mdObject, | |
1839 NSSCKFWObject *fwObject, | |
1840 NSSCKMDSession *mdSession, | |
1841 NSSCKFWSession *fwSession, | |
1842 NSSCKMDToken *mdToken, | |
1843 NSSCKFWToken *fwToken, | |
1844 NSSCKMDInstance *mdInstance, | |
1845 NSSCKFWInstance *fwInstance, | |
1846 CK_ATTRIBUTE_TYPE attribute, | |
1847 CK_RV *pError); | |
1848 | |
1849 /* | |
1850 * This routine returns CKR_OK if the attribute could be freed. | |
1851 */ | |
1852 CK_RV(PR_CALLBACK *FreeAttribute) | |
1853 ( | |
1854 NSSCKFWItem *item); | |
1855 | |
1856 /* | |
1857 * This routine changes the specified attribute. If unimplemented, | |
1858 * the object will be considered read-only. | |
1859 */ | |
1860 CK_RV(PR_CALLBACK *SetAttribute) | |
1861 ( | |
1862 NSSCKMDObject *mdObject, | |
1863 NSSCKFWObject *fwObject, | |
1864 NSSCKMDSession *mdSession, | |
1865 NSSCKFWSession *fwSession, | |
1866 NSSCKMDToken *mdToken, | |
1867 NSSCKFWToken *fwToken, | |
1868 NSSCKMDInstance *mdInstance, | |
1869 NSSCKFWInstance *fwInstance, | |
1870 CK_ATTRIBUTE_TYPE attribute, | |
1871 NSSItem *value); | |
1872 | |
1873 /* | |
1874 * This routine returns the storage requirements of this object, | |
1875 * in bytes. Cryptoki doesn't strictly define the definition, | |
1876 * but it should relate to the values returned by the "Get Memory" | |
1877 * routines of the NSSCKMDToken. This routine is optional; if | |
1878 * unimplemented, the Framework will consider this information | |
1879 * sensitive. This routine may return zero on error. If the | |
1880 * specified error is CKR_OK, zero will be accepted as a valid | |
1881 * response. | |
1882 */ | |
1883 CK_ULONG(PR_CALLBACK *GetObjectSize) | |
1884 ( | |
1885 NSSCKMDObject *mdObject, | |
1886 NSSCKFWObject *fwObject, | |
1887 NSSCKMDSession *mdSession, | |
1888 NSSCKFWSession *fwSession, | |
1889 NSSCKMDToken *mdToken, | |
1890 NSSCKFWToken *fwToken, | |
1891 NSSCKMDInstance *mdInstance, | |
1892 NSSCKFWInstance *fwInstance, | |
1893 CK_RV *pError); | |
1894 | |
1895 /* | |
1896 * This object may be extended in future versions of the | |
1897 * NSS Cryptoki Framework. To allow for some flexibility | |
1898 * in the area of binary compatibility, this field should | |
1899 * be NULL. | |
1900 */ | |
1901 void *null; | |
1902 }; | |
1903 | |
1904 #endif /* NSSCKMDT_H */ | |
OLD | NEW |