Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(420)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: nss/lib/ckfw/nssckmdt.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/ckfw/nssckg.h ('k') | nss/lib/ckfw/nssckt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef NSSCKMDT_H
6 #define NSSCKMDT_H
7
8 /*
9 * nssckmdt.h
10 *
11 * This file specifies the basic types that must be implemented by
12 * any Module using the NSS Cryptoki Framework.
13 */
14
15 #ifndef NSSBASET_H
16 #include "nssbaset.h"
17 #endif /* NSSBASET_H */
18
19 #ifndef NSSCKT_H
20 #include "nssckt.h"
21 #endif /* NSSCKT_H */
22
23 #ifndef NSSCKFWT_H
24 #include "nssckfwt.h"
25 #endif /* NSSCKFWT_H */
26
27 typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
28 typedef struct NSSCKMDSlotStr NSSCKMDSlot;
29 typedef struct NSSCKMDTokenStr NSSCKMDToken;
30 typedef struct NSSCKMDSessionStr NSSCKMDSession;
31 typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
32 typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
33 typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
34 typedef struct NSSCKMDObjectStr NSSCKMDObject;
35
36 /*
37 * NSSCKFWItem
38 *
39 * This is a structure used by modules to return object attributes.
40 * The needsFreeing bit indicates whether the object needs to be freed.
41 * If so, the framework will call the FreeAttribute function on the item
42 * after it is done using it.
43 *
44 */
45
46 typedef struct {
47 PRBool needsFreeing;
48 NSSItem *item;
49 } NSSCKFWItem;
50
51 /*
52 * NSSCKMDInstance
53 *
54 * This is the basic handle for an instance of a PKCS#11 Module.
55 * It is returned by the Module's CreateInstance routine, and
56 * may be obtained from the corresponding NSSCKFWInstance object.
57 * It contains a pointer for use by the Module, to store any
58 * instance-related data, and it contains the EPV for a set of
59 * routines which the Module may implement for use by the Framework.
60 * Some of these routines are optional; others are mandatory.
61 */
62
63 struct NSSCKMDInstanceStr {
64 /*
65 * The Module may use this pointer for its own purposes.
66 */
67 void *etc;
68
69 /*
70 * This routine is called by the Framework to initialize
71 * the Module. This routine is optional; if unimplemented,
72 * it won't be called. If this routine returns an error,
73 * then the initialization will fail.
74 */
75 CK_RV(PR_CALLBACK *Initialize)
76 (
77 NSSCKMDInstance *mdInstance,
78 NSSCKFWInstance *fwInstance,
79 NSSUTF8 *configurationData);
80
81 /*
82 * This routine is called when the Framework is finalizing
83 * the PKCS#11 Module. It is the last thing called before
84 * the NSSCKFWInstance's NSSArena is destroyed. This routine
85 * is optional; if unimplemented, it merely won't be called.
86 */
87 void(PR_CALLBACK *Finalize)(
88 NSSCKMDInstance *mdInstance,
89 NSSCKFWInstance *fwInstance);
90
91 /*
92 * This routine gets the number of slots. This value must
93 * never change, once the instance is initialized. This
94 * routine must be implemented. It may return zero on error.
95 */
96 CK_ULONG(PR_CALLBACK *GetNSlots)
97 (
98 NSSCKMDInstance *mdInstance,
99 NSSCKFWInstance *fwInstance,
100 CK_RV *pError);
101
102 /*
103 * This routine returns the version of the Cryptoki standard
104 * to which this Module conforms. This routine is optional;
105 * if unimplemented, the Framework uses the version to which
106 * ~it~ was implemented.
107 */
108 CK_VERSION(PR_CALLBACK *GetCryptokiVersion)
109 (
110 NSSCKMDInstance *mdInstance,
111 NSSCKFWInstance *fwInstance);
112
113 /*
114 * This routine returns a pointer to a UTF8-encoded string
115 * containing the manufacturer ID for this Module. Only
116 * the characters completely encoded in the first thirty-
117 * two bytes are significant. This routine is optional.
118 * The string returned is never freed; if dynamically generated,
119 * the space for it should be allocated from the NSSArena
120 * that may be obtained from the NSSCKFWInstance. This
121 * routine may return NULL upon error; however if *pError
122 * is CKR_OK, the NULL will be considered the valid response.
123 */
124 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
125 NSSCKMDInstance *mdInstance,
126 NSSCKFWInstance *fwInstance,
127 CK_RV *pError);
128
129 /*
130 * This routine returns a pointer to a UTF8-encoded string
131 * containing a description of this Module library. Only
132 * the characters completely encoded in the first thirty-
133 * two bytes are significant. This routine is optional.
134 * The string returned is never freed; if dynamically generated,
135 * the space for it should be allocated from the NSSArena
136 * that may be obtained from the NSSCKFWInstance. This
137 * routine may return NULL upon error; however if *pError
138 * is CKR_OK, the NULL will be considered the valid response.
139 */
140 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
141 NSSCKMDInstance *mdInstance,
142 NSSCKFWInstance *fwInstance,
143 CK_RV *pError);
144
145 /*
146 * This routine returns the version of this Module library.
147 * This routine is optional; if unimplemented, the Framework
148 * will assume a Module library version of 0.1.
149 */
150 CK_VERSION(PR_CALLBACK *GetLibraryVersion)
151 (
152 NSSCKMDInstance *mdInstance,
153 NSSCKFWInstance *fwInstance);
154
155 /*
156 * This routine returns CK_TRUE if the Module wishes to
157 * handle session objects. This routine is optional.
158 * If this routine is NULL, or if it exists but returns
159 * CK_FALSE, the Framework will assume responsibility
160 * for managing session objects.
161 */
162 CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects)
163 (
164 NSSCKMDInstance *mdInstance,
165 NSSCKFWInstance *fwInstance);
166
167 /*
168 * This routine stuffs pointers to NSSCKMDSlot objects into
169 * the specified array; one for each slot supported by this
170 * instance. The Framework will determine the size needed
171 * for the array by calling GetNSlots. This routine is
172 * required.
173 */
174 CK_RV(PR_CALLBACK *GetSlots)
175 (
176 NSSCKMDInstance *mdInstance,
177 NSSCKFWInstance *fwInstance,
178 NSSCKMDSlot *slots[]);
179
180 /*
181 * This call returns a pointer to the slot in which an event
182 * has occurred. If the block argument is CK_TRUE, the call
183 * should block until a slot event occurs; if CK_FALSE, it
184 * should check to see if an event has occurred, occurred,
185 * but return NULL (and set *pError to CK_NO_EVENT) if one
186 * hasn't. This routine is optional; if unimplemented, the
187 * Framework will assume that no event has happened. This
188 * routine may return NULL upon error.
189 */
190 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
191 NSSCKMDInstance *mdInstance,
192 NSSCKFWInstance *fwInstance,
193 CK_BBOOL block,
194 CK_RV *pError);
195
196 /*
197 * This object may be extended in future versions of the
198 * NSS Cryptoki Framework. To allow for some flexibility
199 * in the area of binary compatibility, this field should
200 * be NULL.
201 */
202 void *null;
203 };
204
205 /*
206 * NSSCKMDSlot
207 *
208 * This is the basic handle for a PKCS#11 Module Slot. It is
209 * created by the NSSCKMDInstance->GetSlots call, and may be
210 * obtained from the Framework's corresponding NSSCKFWSlot
211 * object. It contains a pointer for use by the Module, to
212 * store any slot-related data, and it contains the EPV for
213 * a set of routines which the Module may implement for use
214 * by the Framework. Some of these routines are optional.
215 */
216
217 struct NSSCKMDSlotStr {
218 /*
219 * The Module may use this pointer for its own purposes.
220 */
221 void *etc;
222
223 /*
224 * This routine is called during the Framework initialization
225 * step, after the Framework Instance has obtained the list
226 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
227 * specific initialization can be done here. This routine is
228 * optional; if unimplemented, it won't be called. Note that
229 * if this routine returns an error, the entire Framework
230 * initialization for this Module will fail.
231 */
232 CK_RV(PR_CALLBACK *Initialize)
233 (
234 NSSCKMDSlot *mdSlot,
235 NSSCKFWSlot *fwSlot,
236 NSSCKMDInstance *mdInstance,
237 NSSCKFWInstance *fwInstance);
238
239 /*
240 * This routine is called when the Framework is finalizing
241 * the PKCS#11 Module. This call (for each of the slots)
242 * is the last thing called before NSSCKMDInstance->Finalize.
243 * This routine is optional; if unimplemented, it merely
244 * won't be called. Note: In the rare circumstance that
245 * the Framework initialization cannot complete (due to,
246 * for example, memory limitations), this can be called with
247 * a NULL value for fwSlot.
248 */
249 void(PR_CALLBACK *Destroy)(
250 NSSCKMDSlot *mdSlot,
251 NSSCKFWSlot *fwSlot,
252 NSSCKMDInstance *mdInstance,
253 NSSCKFWInstance *fwInstance);
254
255 /*
256 * This routine returns a pointer to a UTF8-encoded string
257 * containing a description of this slot. Only the characters
258 * completely encoded in the first sixty-four bytes are
259 * significant. This routine is optional. The string
260 * returned is never freed; if dynamically generated,
261 * the space for it should be allocated from the NSSArena
262 * that may be obtained from the NSSCKFWInstance. This
263 * routine may return NULL upon error; however if *pError
264 * is CKR_OK, the NULL will be considered the valid response.
265 */
266 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
267 NSSCKMDSlot *mdSlot,
268 NSSCKFWSlot *fwSlot,
269 NSSCKMDInstance *mdInstance,
270 NSSCKFWInstance *fwInstance,
271 CK_RV *pError);
272
273 /*
274 * This routine returns a pointer to a UTF8-encoded string
275 * containing a description of the manufacturer of this slot.
276 * Only the characters completely encoded in the first thirty-
277 * two bytes are significant. This routine is optional.
278 * The string returned is never freed; if dynamically generated,
279 * the space for it should be allocated from the NSSArena
280 * that may be obtained from the NSSCKFWInstance. This
281 * routine may return NULL upon error; however if *pError
282 * is CKR_OK, the NULL will be considered the valid response.
283 */
284 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
285 NSSCKMDSlot *mdSlot,
286 NSSCKFWSlot *fwSlot,
287 NSSCKMDInstance *mdInstance,
288 NSSCKFWInstance *fwInstance,
289 CK_RV *pError);
290
291 /*
292 * This routine returns CK_TRUE if a token is present in this
293 * slot. This routine is optional; if unimplemented, CK_TRUE
294 * is assumed.
295 */
296 CK_BBOOL(PR_CALLBACK *GetTokenPresent)
297 (
298 NSSCKMDSlot *mdSlot,
299 NSSCKFWSlot *fwSlot,
300 NSSCKMDInstance *mdInstance,
301 NSSCKFWInstance *fwInstance);
302
303 /*
304 * This routine returns CK_TRUE if the slot supports removable
305 * tokens. This routine is optional; if unimplemented, CK_FALSE
306 * is assumed.
307 */
308 CK_BBOOL(PR_CALLBACK *GetRemovableDevice)
309 (
310 NSSCKMDSlot *mdSlot,
311 NSSCKFWSlot *fwSlot,
312 NSSCKMDInstance *mdInstance,
313 NSSCKFWInstance *fwInstance);
314
315 /*
316 * This routine returns CK_TRUE if this slot is a hardware
317 * device, or CK_FALSE if this slot is a software device. This
318 * routine is optional; if unimplemented, CK_FALSE is assumed.
319 */
320 CK_BBOOL(PR_CALLBACK *GetHardwareSlot)
321 (
322 NSSCKMDSlot *mdSlot,
323 NSSCKFWSlot *fwSlot,
324 NSSCKMDInstance *mdInstance,
325 NSSCKFWInstance *fwInstance);
326
327 /*
328 * This routine returns the version of this slot's hardware.
329 * This routine is optional; if unimplemented, the Framework
330 * will assume a hardware version of 0.1.
331 */
332 CK_VERSION(PR_CALLBACK *GetHardwareVersion)
333 (
334 NSSCKMDSlot *mdSlot,
335 NSSCKFWSlot *fwSlot,
336 NSSCKMDInstance *mdInstance,
337 NSSCKFWInstance *fwInstance);
338
339 /*
340 * This routine returns the version of this slot's firmware.
341 * This routine is optional; if unimplemented, the Framework
342 * will assume a hardware version of 0.1.
343 */
344 CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
345 (
346 NSSCKMDSlot *mdSlot,
347 NSSCKFWSlot *fwSlot,
348 NSSCKMDInstance *mdInstance,
349 NSSCKFWInstance *fwInstance);
350
351 /*
352 * This routine should return a pointer to an NSSCKMDToken
353 * object corresponding to the token in the specified slot.
354 * The NSSCKFWToken object passed in has an NSSArena
355 * available which is dedicated for this token. This routine
356 * must be implemented. This routine may return NULL upon
357 * error.
358 */
359 NSSCKMDToken *(PR_CALLBACK *GetToken)(
360 NSSCKMDSlot *mdSlot,
361 NSSCKFWSlot *fwSlot,
362 NSSCKMDInstance *mdInstance,
363 NSSCKFWInstance *fwInstance,
364 CK_RV *pError);
365
366 /*
367 * This object may be extended in future versions of the
368 * NSS Cryptoki Framework. To allow for some flexibility
369 * in the area of binary compatibility, this field should
370 * be NULL.
371 */
372 void *null;
373 };
374
375 /*
376 * NSSCKMDToken
377 *
378 * This is the basic handle for a PKCS#11 Token. It is created by
379 * the NSSCKMDSlot->GetToken call, and may be obtained from the
380 * Framework's corresponding NSSCKFWToken object. It contains a
381 * pointer for use by the Module, to store any token-related
382 * data, and it contains the EPV for a set of routines which the
383 * Module may implement for use by the Framework. Some of these
384 * routines are optional.
385 */
386
387 struct NSSCKMDTokenStr {
388 /*
389 * The Module may use this pointer for its own purposes.
390 */
391 void *etc;
392
393 /*
394 * This routine is used to prepare a Module token object for
395 * use. It is called after the NSSCKMDToken object is obtained
396 * from NSSCKMDSlot->GetToken. It is named "Setup" here because
397 * Cryptoki already defines "InitToken" to do the process of
398 * wiping out any existing state on a token and preparing it for
399 * a new use. This routine is optional; if unimplemented, it
400 * merely won't be called.
401 */
402 CK_RV(PR_CALLBACK *Setup)
403 (
404 NSSCKMDToken *mdToken,
405 NSSCKFWToken *fwToken,
406 NSSCKMDInstance *mdInstance,
407 NSSCKFWInstance *fwInstance);
408
409 /*
410 * This routine is called by the Framework whenever it notices
411 * that the token object is invalid. (Typically this is when a
412 * routine indicates an error such as CKR_DEVICE_REMOVED). This
413 * call is the last thing called before the NSSArena in the
414 * corresponding NSSCKFWToken is destroyed. This routine is
415 * optional; if unimplemented, it merely won't be called.
416 */
417 void(PR_CALLBACK *Invalidate)(
418 NSSCKMDToken *mdToken,
419 NSSCKFWToken *fwToken,
420 NSSCKMDInstance *mdInstance,
421 NSSCKFWInstance *fwInstance);
422
423 /*
424 * This routine initialises the token in the specified slot.
425 * This routine is optional; if unimplemented, the Framework
426 * will fail this operation with an error of CKR_DEVICE_ERROR.
427 */
428
429 CK_RV(PR_CALLBACK *InitToken)
430 (
431 NSSCKMDToken *mdToken,
432 NSSCKFWToken *fwToken,
433 NSSCKMDInstance *mdInstance,
434 NSSCKFWInstance *fwInstance,
435 NSSItem *pin,
436 NSSUTF8 *label);
437
438 /*
439 * This routine returns a pointer to a UTF8-encoded string
440 * containing this token's label. Only the characters
441 * completely encoded in the first thirty-two bytes are
442 * significant. This routine is optional. The string
443 * returned is never freed; if dynamically generated,
444 * the space for it should be allocated from the NSSArena
445 * that may be obtained from the NSSCKFWInstance. This
446 * routine may return NULL upon error; however if *pError
447 * is CKR_OK, the NULL will be considered the valid response.
448 */
449 NSSUTF8 *(PR_CALLBACK *GetLabel)(
450 NSSCKMDToken *mdToken,
451 NSSCKFWToken *fwToken,
452 NSSCKMDInstance *mdInstance,
453 NSSCKFWInstance *fwInstance,
454 CK_RV *pError);
455
456 /*
457 * This routine returns a pointer to a UTF8-encoded string
458 * containing this token's manufacturer ID. Only the characters
459 * completely encoded in the first thirty-two bytes are
460 * significant. This routine is optional. The string
461 * returned is never freed; if dynamically generated,
462 * the space for it should be allocated from the NSSArena
463 * that may be obtained from the NSSCKFWInstance. This
464 * routine may return NULL upon error; however if *pError
465 * is CKR_OK, the NULL will be considered the valid response.
466 */
467 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
468 NSSCKMDToken *mdToken,
469 NSSCKFWToken *fwToken,
470 NSSCKMDInstance *mdInstance,
471 NSSCKFWInstance *fwInstance,
472 CK_RV *pError);
473
474 /*
475 * This routine returns a pointer to a UTF8-encoded string
476 * containing this token's model name. Only the characters
477 * completely encoded in the first thirty-two bytes are
478 * significant. This routine is optional. The string
479 * returned is never freed; if dynamically generated,
480 * the space for it should be allocated from the NSSArena
481 * that may be obtained from the NSSCKFWInstance. This
482 * routine may return NULL upon error; however if *pError
483 * is CKR_OK, the NULL will be considered the valid response.
484 */
485 NSSUTF8 *(PR_CALLBACK *GetModel)(
486 NSSCKMDToken *mdToken,
487 NSSCKFWToken *fwToken,
488 NSSCKMDInstance *mdInstance,
489 NSSCKFWInstance *fwInstance,
490 CK_RV *pError);
491
492 /*
493 * This routine returns a pointer to a UTF8-encoded string
494 * containing this token's serial number. Only the characters
495 * completely encoded in the first thirty-two bytes are
496 * significant. This routine is optional. The string
497 * returned is never freed; if dynamically generated,
498 * the space for it should be allocated from the NSSArena
499 * that may be obtained from the NSSCKFWInstance. This
500 * routine may return NULL upon error; however if *pError
501 * is CKR_OK, the NULL will be considered the valid response.
502 */
503 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
504 NSSCKMDToken *mdToken,
505 NSSCKFWToken *fwToken,
506 NSSCKMDInstance *mdInstance,
507 NSSCKFWInstance *fwInstance,
508 CK_RV *pError);
509
510 /*
511 * This routine returns CK_TRUE if the token has its own
512 * random number generator. This routine is optional; if
513 * unimplemented, CK_FALSE is assumed.
514 */
515 CK_BBOOL(PR_CALLBACK *GetHasRNG)
516 (
517 NSSCKMDToken *mdToken,
518 NSSCKFWToken *fwToken,
519 NSSCKMDInstance *mdInstance,
520 NSSCKFWInstance *fwInstance);
521
522 /*
523 * This routine returns CK_TRUE if this token is write-protected.
524 * This routine is optional; if unimplemented, CK_FALSE is
525 * assumed.
526 */
527 CK_BBOOL(PR_CALLBACK *GetIsWriteProtected)
528 (
529 NSSCKMDToken *mdToken,
530 NSSCKFWToken *fwToken,
531 NSSCKMDInstance *mdInstance,
532 NSSCKFWInstance *fwInstance);
533
534 /*
535 * This routine returns CK_TRUE if this token requires a login.
536 * This routine is optional; if unimplemented, CK_FALSE is
537 * assumed.
538 */
539 CK_BBOOL(PR_CALLBACK *GetLoginRequired)
540 (
541 NSSCKMDToken *mdToken,
542 NSSCKFWToken *fwToken,
543 NSSCKMDInstance *mdInstance,
544 NSSCKFWInstance *fwInstance);
545
546 /*
547 * This routine returns CK_TRUE if the normal user's PIN on this
548 * token has been initialised. This routine is optional; if
549 * unimplemented, CK_FALSE is assumed.
550 */
551 CK_BBOOL(PR_CALLBACK *GetUserPinInitialized)
552 (
553 NSSCKMDToken *mdToken,
554 NSSCKFWToken *fwToken,
555 NSSCKMDInstance *mdInstance,
556 NSSCKFWInstance *fwInstance);
557
558 /*
559 * This routine returns CK_TRUE if a successful save of a
560 * session's cryptographic operations state ~always~ contains
561 * all keys needed to restore the state of the session. This
562 * routine is optional; if unimplemented, CK_FALSE is assumed.
563 */
564 CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded)
565 (
566 NSSCKMDToken *mdToken,
567 NSSCKFWToken *fwToken,
568 NSSCKMDInstance *mdInstance,
569 NSSCKFWInstance *fwInstance);
570
571 /*
572 * This routine returns CK_TRUE if the token has its own
573 * hardware clock. This routine is optional; if unimplemented,
574 * CK_FALSE is assumed.
575 */
576 CK_BBOOL(PR_CALLBACK *GetHasClockOnToken)
577 (
578 NSSCKMDToken *mdToken,
579 NSSCKFWToken *fwToken,
580 NSSCKMDInstance *mdInstance,
581 NSSCKFWInstance *fwInstance);
582
583 /*
584 * This routine returns CK_TRUE if the token has a protected
585 * authentication path. This routine is optional; if
586 * unimplemented, CK_FALSE is assumed.
587 */
588 CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath)
589 (
590 NSSCKMDToken *mdToken,
591 NSSCKFWToken *fwToken,
592 NSSCKMDInstance *mdInstance,
593 NSSCKFWInstance *fwInstance);
594
595 /*
596 * This routine returns CK_TRUE if the token supports dual
597 * cryptographic operations within a single session. This
598 * routine is optional; if unimplemented, CK_FALSE is assumed.
599 */
600 CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations)
601 (
602 NSSCKMDToken *mdToken,
603 NSSCKFWToken *fwToken,
604 NSSCKMDInstance *mdInstance,
605 NSSCKFWInstance *fwInstance);
606
607 /*
608 * XXX fgmr-- should we have a call to return all the flags
609 * at once, for folks who already know about Cryptoki?
610 */
611
612 /*
613 * This routine returns the maximum number of sessions that
614 * may be opened on this token. This routine is optional;
615 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
616 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
617 */
618 CK_ULONG(PR_CALLBACK *GetMaxSessionCount)
619 (
620 NSSCKMDToken *mdToken,
621 NSSCKFWToken *fwToken,
622 NSSCKMDInstance *mdInstance,
623 NSSCKFWInstance *fwInstance);
624
625 /*
626 * This routine returns the maximum number of read/write
627 * sesisons that may be opened on this token. This routine
628 * is optional; if unimplemented, the special value
629 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
630 * CK_EFFECTIVELY_INFINITE?
631 */
632 CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount)
633 (
634 NSSCKMDToken *mdToken,
635 NSSCKFWToken *fwToken,
636 NSSCKMDInstance *mdInstance,
637 NSSCKFWInstance *fwInstance);
638
639 /*
640 * This routine returns the maximum PIN code length that is
641 * supported on this token. This routine is optional;
642 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
643 * is assumed.
644 */
645 CK_ULONG(PR_CALLBACK *GetMaxPinLen)
646 (
647 NSSCKMDToken *mdToken,
648 NSSCKFWToken *fwToken,
649 NSSCKMDInstance *mdInstance,
650 NSSCKFWInstance *fwInstance);
651
652 /*
653 * This routine returns the minimum PIN code length that is
654 * supported on this token. This routine is optional; if
655 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
656 * is assumed. XXX fgmr-- or 0?
657 */
658 CK_ULONG(PR_CALLBACK *GetMinPinLen)
659 (
660 NSSCKMDToken *mdToken,
661 NSSCKFWToken *fwToken,
662 NSSCKMDInstance *mdInstance,
663 NSSCKFWInstance *fwInstance);
664
665 /*
666 * This routine returns the total amount of memory on the token
667 * in which public objects may be stored. This routine is
668 * optional; if unimplemented, the special value
669 * CK_UNAVAILABLE_INFORMATION is assumed.
670 */
671 CK_ULONG(PR_CALLBACK *GetTotalPublicMemory)
672 (
673 NSSCKMDToken *mdToken,
674 NSSCKFWToken *fwToken,
675 NSSCKMDInstance *mdInstance,
676 NSSCKFWInstance *fwInstance);
677
678 /*
679 * This routine returns the amount of unused memory on the
680 * token in which public objects may be stored. This routine
681 * is optional; if unimplemented, the special value
682 * CK_UNAVAILABLE_INFORMATION is assumed.
683 */
684 CK_ULONG(PR_CALLBACK *GetFreePublicMemory)
685 (
686 NSSCKMDToken *mdToken,
687 NSSCKFWToken *fwToken,
688 NSSCKMDInstance *mdInstance,
689 NSSCKFWInstance *fwInstance);
690
691 /*
692 * This routine returns the total amount of memory on the token
693 * in which private objects may be stored. This routine is
694 * optional; if unimplemented, the special value
695 * CK_UNAVAILABLE_INFORMATION is assumed.
696 */
697 CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory)
698 (
699 NSSCKMDToken *mdToken,
700 NSSCKFWToken *fwToken,
701 NSSCKMDInstance *mdInstance,
702 NSSCKFWInstance *fwInstance);
703
704 /*
705 * This routine returns the amount of unused memory on the
706 * token in which private objects may be stored. This routine
707 * is optional; if unimplemented, the special value
708 * CK_UNAVAILABLE_INFORMATION is assumed.
709 */
710 CK_ULONG(PR_CALLBACK *GetFreePrivateMemory)
711 (
712 NSSCKMDToken *mdToken,
713 NSSCKFWToken *fwToken,
714 NSSCKMDInstance *mdInstance,
715 NSSCKFWInstance *fwInstance);
716
717 /*
718 * This routine returns the version number of this token's
719 * hardware. This routine is optional; if unimplemented,
720 * the value 0.1 is assumed.
721 */
722 CK_VERSION(PR_CALLBACK *GetHardwareVersion)
723 (
724 NSSCKMDToken *mdToken,
725 NSSCKFWToken *fwToken,
726 NSSCKMDInstance *mdInstance,
727 NSSCKFWInstance *fwInstance);
728
729 /*
730 * This routine returns the version number of this token's
731 * firmware. This routine is optional; if unimplemented,
732 * the value 0.1 is assumed.
733 */
734 CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
735 (
736 NSSCKMDToken *mdToken,
737 NSSCKFWToken *fwToken,
738 NSSCKMDInstance *mdInstance,
739 NSSCKFWInstance *fwInstance);
740
741 /*
742 * This routine stuffs the current UTC time, as obtained from
743 * the token, into the sixteen-byte buffer in the form
744 * YYYYMMDDhhmmss00. This routine need only be implemented
745 * by token which indicate that they have a real-time clock.
746 * XXX fgmr-- think about time formats.
747 */
748 CK_RV(PR_CALLBACK *GetUTCTime)
749 (
750 NSSCKMDToken *mdToken,
751 NSSCKFWToken *fwToken,
752 NSSCKMDInstance *mdInstance,
753 NSSCKFWInstance *fwInstance,
754 CK_CHAR utcTime[16]);
755
756 /*
757 * This routine creates a session on the token, and returns
758 * the corresponding NSSCKMDSession object. The value of
759 * rw will be CK_TRUE if the session is to be a read/write
760 * session, or CK_FALSE otherwise. An NSSArena dedicated to
761 * the new session is available from the specified NSSCKFWSession.
762 * This routine may return NULL upon error.
763 */
764 NSSCKMDSession *(PR_CALLBACK *OpenSession)(
765 NSSCKMDToken *mdToken,
766 NSSCKFWToken *fwToken,
767 NSSCKMDInstance *mdInstance,
768 NSSCKFWInstance *fwInstance,
769 NSSCKFWSession *fwSession,
770 CK_BBOOL rw,
771 CK_RV *pError);
772
773 /*
774 * This routine returns the number of PKCS#11 Mechanisms
775 * supported by this token. This routine is optional; if
776 * unimplemented, zero is assumed.
777 */
778 CK_ULONG(PR_CALLBACK *GetMechanismCount)
779 (
780 NSSCKMDToken *mdToken,
781 NSSCKFWToken *fwToken,
782 NSSCKMDInstance *mdInstance,
783 NSSCKFWInstance *fwInstance);
784
785 /*
786 * This routine stuffs into the specified array the types
787 * of the mechanisms supported by this token. The Framework
788 * determines the size of the array by calling GetMechanismCount.
789 */
790 CK_RV(PR_CALLBACK *GetMechanismTypes)
791 (
792 NSSCKMDToken *mdToken,
793 NSSCKFWToken *fwToken,
794 NSSCKMDInstance *mdInstance,
795 NSSCKFWInstance *fwInstance,
796 CK_MECHANISM_TYPE types[]);
797
798 /*
799 * This routine returns a pointer to a Module mechanism
800 * object corresponding to a specified type. This routine
801 * need only exist for tokens implementing at least one
802 * mechanism.
803 */
804 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
805 NSSCKMDToken *mdToken,
806 NSSCKFWToken *fwToken,
807 NSSCKMDInstance *mdInstance,
808 NSSCKFWInstance *fwInstance,
809 CK_MECHANISM_TYPE which,
810 CK_RV *pError);
811
812 /*
813 * This object may be extended in future versions of the
814 * NSS Cryptoki Framework. To allow for some flexibility
815 * in the area of binary compatibility, this field should
816 * be NULL.
817 */
818 void *null;
819 };
820
821 /*
822 * NSSCKMDSession
823 *
824 * This is the basic handle for a session on a PKCS#11 Token. It
825 * is created by NSSCKMDToken->OpenSession, and may be obtained
826 * from the Framework's corresponding NSSCKFWSession object. It
827 * contains a pointer for use by the Module, to store any session-
828 * realted data, and it contains the EPV for a set of routines
829 * which the Module may implement for use by the Framework. Some
830 * of these routines are optional.
831 */
832
833 struct NSSCKMDSessionStr {
834 /*
835 * The Module may use this pointer for its own purposes.
836 */
837 void *etc;
838
839 /*
840 * This routine is called by the Framework when a session is
841 * closed. This call is the last thing called before the
842 * NSSArena in the correspoinding NSSCKFWSession is destroyed.
843 * This routine is optional; if unimplemented, it merely won't
844 * be called.
845 */
846 void(PR_CALLBACK *Close)(
847 NSSCKMDSession *mdSession,
848 NSSCKFWSession *fwSession,
849 NSSCKMDToken *mdToken,
850 NSSCKFWToken *fwToken,
851 NSSCKMDInstance *mdInstance,
852 NSSCKFWInstance *fwInstance);
853
854 /*
855 * This routine is used to get any device-specific error.
856 * This routine is optional.
857 */
858 CK_ULONG(PR_CALLBACK *GetDeviceError)
859 (
860 NSSCKMDSession *mdSession,
861 NSSCKFWSession *fwSession,
862 NSSCKMDToken *mdToken,
863 NSSCKFWToken *fwToken,
864 NSSCKMDInstance *mdInstance,
865 NSSCKFWInstance *fwInstance);
866
867 /*
868 * This routine is used to log in a user to the token. This
869 * routine is optional, since the Framework's NSSCKFWSession
870 * object keeps track of the login state.
871 */
872 CK_RV(PR_CALLBACK *Login)
873 (
874 NSSCKMDSession *mdSession,
875 NSSCKFWSession *fwSession,
876 NSSCKMDToken *mdToken,
877 NSSCKFWToken *fwToken,
878 NSSCKMDInstance *mdInstance,
879 NSSCKFWInstance *fwInstance,
880 CK_USER_TYPE userType,
881 NSSItem *pin,
882 CK_STATE oldState,
883 CK_STATE newState);
884
885 /*
886 * This routine is used to log out a user from the token. This
887 * routine is optional, since the Framework's NSSCKFWSession
888 * object keeps track of the login state.
889 */
890 CK_RV(PR_CALLBACK *Logout)
891 (
892 NSSCKMDSession *mdSession,
893 NSSCKFWSession *fwSession,
894 NSSCKMDToken *mdToken,
895 NSSCKFWToken *fwToken,
896 NSSCKMDInstance *mdInstance,
897 NSSCKFWInstance *fwInstance,
898 CK_STATE oldState,
899 CK_STATE newState);
900
901 /*
902 * This routine is used to initialize the normal user's PIN or
903 * password. This will only be called in the "read/write
904 * security officer functions" state. If this token has a
905 * protected authentication path, then the pin argument will
906 * be NULL. This routine is optional; if unimplemented, the
907 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
908 */
909 CK_RV(PR_CALLBACK *InitPIN)
910 (
911 NSSCKMDSession *mdSession,
912 NSSCKFWSession *fwSession,
913 NSSCKMDToken *mdToken,
914 NSSCKFWToken *fwToken,
915 NSSCKMDInstance *mdInstance,
916 NSSCKFWInstance *fwInstance,
917 NSSItem *pin);
918
919 /*
920 * This routine is used to modify a user's PIN or password. This
921 * routine will only be called in the "read/write security officer
922 * functions" or "read/write user functions" state. If this token
923 * has a protected authentication path, then the pin arguments
924 * will be NULL. This routine is optional; if unimplemented, the
925 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
926 */
927 CK_RV(PR_CALLBACK *SetPIN)
928 (
929 NSSCKMDSession *mdSession,
930 NSSCKFWSession *fwSession,
931 NSSCKMDToken *mdToken,
932 NSSCKFWToken *fwToken,
933 NSSCKMDInstance *mdInstance,
934 NSSCKFWInstance *fwInstance,
935 NSSItem *oldPin,
936 NSSItem *newPin);
937
938 /*
939 * This routine is used to find out how much space would be required
940 * to save the current operational state. This routine is optional;
941 * if unimplemented, the Framework will reject any attempts to save
942 * the operational state with the error CKR_STATE_UNSAVEABLE. This
943 * routine may return zero on error.
944 */
945 CK_ULONG(PR_CALLBACK *GetOperationStateLen)
946 (
947 NSSCKMDSession *mdSession,
948 NSSCKFWSession *fwSession,
949 NSSCKMDToken *mdToken,
950 NSSCKFWToken *fwToken,
951 NSSCKMDInstance *mdInstance,
952 NSSCKFWInstance *fwInstance,
953 CK_RV *pError);
954
955 /*
956 * This routine is used to store the current operational state. This
957 * routine is only required if GetOperationStateLen is implemented
958 * and can return a nonzero value. The buffer in the specified item
959 * will be pre-allocated, and the length will specify the amount of
960 * space available (which may be more than GetOperationStateLen
961 * asked for, but which will not be smaller).
962 */
963 CK_RV(PR_CALLBACK *GetOperationState)
964 (
965 NSSCKMDSession *mdSession,
966 NSSCKFWSession *fwSession,
967 NSSCKMDToken *mdToken,
968 NSSCKFWToken *fwToken,
969 NSSCKMDInstance *mdInstance,
970 NSSCKFWInstance *fwInstance,
971 NSSItem *buffer);
972
973 /*
974 * This routine is used to restore an operational state previously
975 * obtained with GetOperationState. The Framework will take pains
976 * to be sure that the state is (or was at one point) valid; if the
977 * Module notices that the state is invalid, it should return an
978 * error, but it is not required to be paranoid about the issue.
979 * [XXX fgmr-- should (can?) the framework verify the keys match up?]
980 * This routine is required only if GetOperationState is implemented.
981 */
982 CK_RV(PR_CALLBACK *SetOperationState)
983 (
984 NSSCKMDSession *mdSession,
985 NSSCKFWSession *fwSession,
986 NSSCKMDToken *mdToken,
987 NSSCKFWToken *fwToken,
988 NSSCKMDInstance *mdInstance,
989 NSSCKFWInstance *fwInstance,
990 NSSItem *state,
991 NSSCKMDObject *mdEncryptionKey,
992 NSSCKFWObject *fwEncryptionKey,
993 NSSCKMDObject *mdAuthenticationKey,
994 NSSCKFWObject *fwAuthenticationKey);
995
996 /*
997 * This routine is used to create an object. The specified template
998 * will only specify a session object if the Module has indicated
999 * that it wishes to handle its own session objects. This routine
1000 * is optional; if unimplemented, the Framework will reject the
1001 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1002 * token objects should come from the NSSArena available from the
1003 * NSSCKFWToken object; space for session objects (if supported)
1004 * should come from the NSSArena available from the NSSCKFWSession
1005 * object. The appropriate NSSArena pointer will, as a convenience,
1006 * be passed as the handyArenaPointer argument. This routine may
1007 * return NULL upon error.
1008 */
1009 NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1010 NSSCKMDSession *mdSession,
1011 NSSCKFWSession *fwSession,
1012 NSSCKMDToken *mdToken,
1013 NSSCKFWToken *fwToken,
1014 NSSCKMDInstance *mdInstance,
1015 NSSCKFWInstance *fwInstance,
1016 NSSArena *handyArenaPointer,
1017 CK_ATTRIBUTE_PTR pTemplate,
1018 CK_ULONG ulAttributeCount,
1019 CK_RV *pError);
1020
1021 /*
1022 * This routine is used to make a copy of an object. It is entirely
1023 * optional; if unimplemented, the Framework will try to use
1024 * CreateObject instead. If the Module has indicated that it does
1025 * not wish to handle session objects, then this routine will only
1026 * be called to copy a token object to another token object.
1027 * Otherwise, either the original object or the new may be of
1028 * either the token or session variety. As with CreateObject, the
1029 * handyArenaPointer will point to the appropriate arena for the
1030 * new object. This routine may return NULL upon error.
1031 */
1032 NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1033 NSSCKMDSession *mdSession,
1034 NSSCKFWSession *fwSession,
1035 NSSCKMDToken *mdToken,
1036 NSSCKFWToken *fwToken,
1037 NSSCKMDInstance *mdInstance,
1038 NSSCKFWInstance *fwInstance,
1039 NSSCKMDObject *mdOldObject,
1040 NSSCKFWObject *fwOldObject,
1041 NSSArena *handyArenaPointer,
1042 CK_ATTRIBUTE_PTR pTemplate,
1043 CK_ULONG ulAttributeCount,
1044 CK_RV *pError);
1045
1046 /*
1047 * This routine is used to begin an object search. This routine may
1048 * be unimplemented only if the Module does not handle session
1049 * objects, and if none of its tokens have token objects. The
1050 * NSSCKFWFindObjects pointer has an NSSArena that may be used for
1051 * storage for the life of this "find" operation. This routine may
1052 * return NULL upon error. If the Module can determine immediately
1053 * that the search will not find any matching objects, it may return
1054 * NULL, and specify CKR_OK as the error.
1055 */
1056 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1057 NSSCKMDSession *mdSession,
1058 NSSCKFWSession *fwSession,
1059 NSSCKMDToken *mdToken,
1060 NSSCKFWToken *fwToken,
1061 NSSCKMDInstance *mdInstance,
1062 NSSCKFWInstance *fwInstance,
1063 CK_ATTRIBUTE_PTR pTemplate,
1064 CK_ULONG ulAttributeCount,
1065 CK_RV *pError);
1066
1067 /*
1068 * This routine seeds the random-number generator. It is
1069 * optional, even if GetRandom is implemented. If unimplemented,
1070 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1071 */
1072 CK_RV(PR_CALLBACK *SeedRandom)
1073 (
1074 NSSCKMDSession *mdSession,
1075 NSSCKFWSession *fwSession,
1076 NSSCKMDToken *mdToken,
1077 NSSCKFWToken *fwToken,
1078 NSSCKMDInstance *mdInstance,
1079 NSSCKFWInstance *fwInstance,
1080 NSSItem *seed);
1081
1082 /*
1083 * This routine gets random data. It is optional. If unimplemented,
1084 * the Framework will issue the error CKR_RANDOM_NO_RNG.
1085 */
1086 CK_RV(PR_CALLBACK *GetRandom)
1087 (
1088 NSSCKMDSession *mdSession,
1089 NSSCKFWSession *fwSession,
1090 NSSCKMDToken *mdToken,
1091 NSSCKFWToken *fwToken,
1092 NSSCKMDInstance *mdInstance,
1093 NSSCKFWInstance *fwInstance,
1094 NSSItem *buffer);
1095
1096 /*
1097 * This object may be extended in future versions of the
1098 * NSS Cryptoki Framework. To allow for some flexibility
1099 * in the area of binary compatibility, this field should
1100 * be NULL.
1101 */
1102 void *null;
1103 };
1104
1105 /*
1106 * NSSCKMDFindObjects
1107 *
1108 * This is the basic handle for an object search. It is
1109 * created by NSSCKMDSession->FindObjectsInit, and may be
1110 * obtained from the Framework's corresponding object.
1111 * It contains a pointer for use by the Module, to store
1112 * any search-related data, and it contains the EPV for a
1113 * set of routines which the Module may implement for use
1114 * by the Framework. Some of these routines are optional.
1115 */
1116
1117 struct NSSCKMDFindObjectsStr {
1118 /*
1119 * The Module may use this pointer for its own purposes.
1120 */
1121 void *etc;
1122
1123 /*
1124 * This routine is called by the Framework to finish a
1125 * search operation. Note that the Framework may finish
1126 * a search before it has completed. This routine is
1127 * optional; if unimplemented, it merely won't be called.
1128 */
1129 void(PR_CALLBACK *Final)(
1130 NSSCKMDFindObjects *mdFindObjects,
1131 NSSCKFWFindObjects *fwFindObjects,
1132 NSSCKMDSession *mdSession,
1133 NSSCKFWSession *fwSession,
1134 NSSCKMDToken *mdToken,
1135 NSSCKFWToken *fwToken,
1136 NSSCKMDInstance *mdInstance,
1137 NSSCKFWInstance *fwInstance);
1138
1139 /*
1140 * This routine is used to obtain another pointer to an
1141 * object matching the search criteria. This routine is
1142 * required. If no (more) objects match the search, it
1143 * should return NULL and set the error to CKR_OK.
1144 */
1145 NSSCKMDObject *(PR_CALLBACK *Next)(
1146 NSSCKMDFindObjects *mdFindObjects,
1147 NSSCKFWFindObjects *fwFindObjects,
1148 NSSCKMDSession *mdSession,
1149 NSSCKFWSession *fwSession,
1150 NSSCKMDToken *mdToken,
1151 NSSCKFWToken *fwToken,
1152 NSSCKMDInstance *mdInstance,
1153 NSSCKFWInstance *fwInstance,
1154 NSSArena *arena,
1155 CK_RV *pError);
1156
1157 /*
1158 * This object may be extended in future versions of the
1159 * NSS Cryptoki Framework. To allow for some flexibility
1160 * in the area of binary compatibility, this field should
1161 * be NULL.
1162 */
1163 void *null;
1164 };
1165
1166 /*
1167 * NSSCKMDCryptoOperaion
1168 *
1169 * This is the basic handle for an encryption, decryption,
1170 * sign, verify, or hash opertion.
1171 * created by NSSCKMDMechanism->XXXXInit, and may be
1172 * obtained from the Framework's corresponding object.
1173 * It contains a pointer for use by the Module, to store
1174 * any intermediate data, and it contains the EPV for a
1175 * set of routines which the Module may implement for use
1176 * by the Framework. Some of these routines are optional.
1177 */
1178
1179 struct NSSCKMDCryptoOperationStr {
1180 /*
1181 * The Module may use this pointer for its own purposes.
1182 */
1183 void *etc;
1184
1185 /*
1186 * This routine is called by the Framework clean up the mdCryptoOperation
1187 * structure.
1188 * This routine is optional; if unimplemented, it will be ignored.
1189 */
1190 void(PR_CALLBACK *Destroy)(
1191 NSSCKMDCryptoOperation *mdCryptoOperation,
1192 NSSCKFWCryptoOperation *fwCryptoOperation,
1193 NSSCKMDInstance *mdInstance,
1194 NSSCKFWInstance *fwInstance);
1195
1196 /*
1197 * how many bytes do we need to finish this buffer?
1198 * must be implemented if Final is implemented.
1199 */
1200 CK_ULONG(PR_CALLBACK *GetFinalLength)
1201 (
1202 NSSCKMDCryptoOperation *mdCryptoOperation,
1203 NSSCKFWCryptoOperation *fwCryptoOperation,
1204 NSSCKMDSession *mdSession,
1205 NSSCKFWSession *fwSession,
1206 NSSCKMDToken *mdToken,
1207 NSSCKFWToken *fwToken,
1208 NSSCKMDInstance *mdInstance,
1209 NSSCKFWInstance *fwInstance,
1210 CK_RV *pError);
1211
1212 /*
1213 * how many bytes do we need to complete the next operation.
1214 * used in both Update and UpdateFinal.
1215 */
1216 CK_ULONG(PR_CALLBACK *GetOperationLength)
1217 (
1218 NSSCKMDCryptoOperation *mdCryptoOperation,
1219 NSSCKFWCryptoOperation *fwCryptoOperation,
1220 NSSCKMDSession *mdSession,
1221 NSSCKFWSession *fwSession,
1222 NSSCKMDToken *mdToken,
1223 NSSCKFWToken *fwToken,
1224 NSSCKMDInstance *mdInstance,
1225 NSSCKFWInstance *fwInstance,
1226 const NSSItem *inputBuffer,
1227 CK_RV *pError);
1228
1229 /*
1230 * This routine is called by the Framework to finish a
1231 * search operation. Note that the Framework may finish
1232 * a search before it has completed. This routine is
1233 * optional; if unimplemented, it merely won't be called.
1234 * The respective final call with fail with CKR_FUNCTION_FAILED
1235 * Final should not free the mdCryptoOperation.
1236 */
1237 CK_RV(PR_CALLBACK *Final)
1238 (
1239 NSSCKMDCryptoOperation *mdCryptoOperation,
1240 NSSCKFWCryptoOperation *fwCryptoOperation,
1241 NSSCKMDSession *mdSession,
1242 NSSCKFWSession *fwSession,
1243 NSSCKMDToken *mdToken,
1244 NSSCKFWToken *fwToken,
1245 NSSCKMDInstance *mdInstance,
1246 NSSCKFWInstance *fwInstance,
1247 NSSItem *outputBuffer);
1248
1249 /*
1250 * This routine is called by the Framework to complete the
1251 * next step in an encryption/decryption operation.
1252 * This routine is optional; if unimplemented, the respective
1253 * update call with fail with CKR_FUNCTION_FAILED.
1254 * Update should not be implemented for signing/verification/digest
1255 * mechanisms.
1256 */
1257 CK_RV(PR_CALLBACK *Update)
1258 (
1259 NSSCKMDCryptoOperation *mdCryptoOperation,
1260 NSSCKFWCryptoOperation *fwCryptoOperation,
1261 NSSCKMDSession *mdSession,
1262 NSSCKFWSession *fwSession,
1263 NSSCKMDToken *mdToken,
1264 NSSCKFWToken *fwToken,
1265 NSSCKMDInstance *mdInstance,
1266 NSSCKFWInstance *fwInstance,
1267 const NSSItem *inputBuffer,
1268 NSSItem *outputBuffer);
1269
1270 /*
1271 * This routine is called by the Framework to complete the
1272 * next step in a signing/verification/digest operation.
1273 * This routine is optional; if unimplemented, the respective
1274 * update call with fail with CKR_FUNCTION_FAILED
1275 * Update should not be implemented for encryption/decryption
1276 * mechanisms.
1277 */
1278 CK_RV(PR_CALLBACK *DigestUpdate)
1279 (
1280 NSSCKMDCryptoOperation *mdCryptoOperation,
1281 NSSCKFWCryptoOperation *fwCryptoOperation,
1282 NSSCKMDSession *mdSession,
1283 NSSCKFWSession *fwSession,
1284 NSSCKMDToken *mdToken,
1285 NSSCKFWToken *fwToken,
1286 NSSCKMDInstance *mdInstance,
1287 NSSCKFWInstance *fwInstance,
1288 const NSSItem *inputBuffer);
1289
1290 /*
1291 * This routine is called by the Framework to complete a
1292 * single step operation. This routine is optional; if unimplemented,
1293 * the framework will use the Update and Final functions to complete
1294 * the operation.
1295 */
1296 CK_RV(PR_CALLBACK *UpdateFinal)
1297 (
1298 NSSCKMDCryptoOperation *mdCryptoOperation,
1299 NSSCKFWCryptoOperation *fwCryptoOperation,
1300 NSSCKMDSession *mdSession,
1301 NSSCKFWSession *fwSession,
1302 NSSCKMDToken *mdToken,
1303 NSSCKFWToken *fwToken,
1304 NSSCKMDInstance *mdInstance,
1305 NSSCKFWInstance *fwInstance,
1306 const NSSItem *inputBuffer,
1307 NSSItem *outputBuffer);
1308
1309 /*
1310 * This routine is called by the Framework to complete next
1311 * step in a combined operation. The Decrypt/Encrypt mechanism
1312 * should define and drive the combo step.
1313 * This routine is optional; if unimplemented,
1314 * the framework will use the appropriate Update functions to complete
1315 * the operation.
1316 */
1317 CK_RV(PR_CALLBACK *UpdateCombo)
1318 (
1319 NSSCKMDCryptoOperation *mdCryptoOperation,
1320 NSSCKFWCryptoOperation *fwCryptoOperation,
1321 NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1322 NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1323 NSSCKMDSession *mdSession,
1324 NSSCKFWSession *fwSession,
1325 NSSCKMDToken *mdToken,
1326 NSSCKFWToken *fwToken,
1327 NSSCKMDInstance *mdInstance,
1328 NSSCKFWInstance *fwInstance,
1329 const NSSItem *inputBuffer,
1330 NSSItem *outputBuffer);
1331
1332 /*
1333 * Hash a key directly into the digest
1334 */
1335 CK_RV(PR_CALLBACK *DigestKey)
1336 (
1337 NSSCKMDCryptoOperation *mdCryptoOperation,
1338 NSSCKFWCryptoOperation *fwCryptoOperation,
1339 NSSCKMDToken *mdToken,
1340 NSSCKFWToken *fwToken,
1341 NSSCKMDInstance *mdInstance,
1342 NSSCKFWInstance *fwInstance,
1343 NSSCKMDObject *mdKey,
1344 NSSCKFWObject *fwKey);
1345
1346 /*
1347 * This object may be extended in future versions of the
1348 * NSS Cryptoki Framework. To allow for some flexibility
1349 * in the area of binary compatibility, this field should
1350 * be NULL.
1351 */
1352 void *null;
1353 };
1354
1355 /*
1356 * NSSCKMDMechanism
1357 *
1358 */
1359
1360 struct NSSCKMDMechanismStr {
1361 /*
1362 * The Module may use this pointer for its own purposes.
1363 */
1364 void *etc;
1365
1366 /*
1367 * This also frees the fwMechanism if appropriate.
1368 * If it is not supplied, the Framework will assume that the Token
1369 * Manages a static list of mechanisms and the function will not be called.
1370 */
1371 void(PR_CALLBACK *Destroy)(
1372 NSSCKMDMechanism *mdMechanism,
1373 NSSCKFWMechanism *fwMechanism,
1374 NSSCKMDInstance *mdInstance,
1375 NSSCKFWInstance *fwInstance);
1376
1377 /*
1378 * This routine returns the minimum key size allowed for
1379 * this mechanism. This routine is optional; if unimplemented,
1380 * zero will be assumed. This routine may return zero on
1381 * error; if the error is CKR_OK, zero will be accepted as
1382 * a valid response.
1383 */
1384 CK_ULONG(PR_CALLBACK *GetMinKeySize)
1385 (
1386 NSSCKMDMechanism *mdMechanism,
1387 NSSCKFWMechanism *fwMechanism,
1388 NSSCKMDToken *mdToken,
1389 NSSCKFWToken *fwToken,
1390 NSSCKMDInstance *mdInstance,
1391 NSSCKFWInstance *fwInstance,
1392 CK_RV *pError);
1393
1394 /*
1395 * This routine returns the maximum key size allowed for
1396 * this mechanism. This routine is optional; if unimplemented,
1397 * zero will be assumed. This routine may return zero on
1398 * error; if the error is CKR_OK, zero will be accepted as
1399 * a valid response.
1400 */
1401 CK_ULONG(PR_CALLBACK *GetMaxKeySize)
1402 (
1403 NSSCKMDMechanism *mdMechanism,
1404 NSSCKFWMechanism *fwMechanism,
1405 NSSCKMDToken *mdToken,
1406 NSSCKFWToken *fwToken,
1407 NSSCKMDInstance *mdInstance,
1408 NSSCKFWInstance *fwInstance,
1409 CK_RV *pError);
1410
1411 /*
1412 * This routine is called to determine if the mechanism is
1413 * implemented in hardware or software. It returns CK_TRUE
1414 * if it is done in hardware.
1415 */
1416 CK_BBOOL(PR_CALLBACK *GetInHardware)
1417 (
1418 NSSCKMDMechanism *mdMechanism,
1419 NSSCKFWMechanism *fwMechanism,
1420 NSSCKMDToken *mdToken,
1421 NSSCKFWToken *fwToken,
1422 NSSCKMDInstance *mdInstance,
1423 NSSCKFWInstance *fwInstance,
1424 CK_RV *pError);
1425
1426 /*
1427 * The crypto routines themselves. Most crypto operations may
1428 * be performed in two ways, streaming and single-part. The
1429 * streaming operations involve the use of (typically) three
1430 * calls-- an Init method to set up the operation, an Update
1431 * method to feed data to the operation, and a Final method to
1432 * obtain the final result. Single-part operations involve
1433 * one method, to perform the crypto operation all at once.
1434 *
1435 * The NSS Cryptoki Framework can implement the single-part
1436 * operations in terms of the streaming operations on behalf
1437 * of the Module. There are a few variances.
1438 *
1439 * Only the Init Functions are defined by the mechanism. Each
1440 * init function will return a NSSCKFWCryptoOperation which
1441 * can supply update, final, the single part updateFinal, and
1442 * the combo updateCombo functions.
1443 *
1444 * For simplicity, the routines are listed in summary here:
1445 *
1446 * EncryptInit,
1447 * DecryptInit,
1448 * DigestInit,
1449 * SignInit,
1450 * SignRecoverInit;
1451 * VerifyInit,
1452 * VerifyRecoverInit;
1453 *
1454 * The key-management routines are
1455 *
1456 * GenerateKey
1457 * GenerateKeyPair
1458 * WrapKey
1459 * UnwrapKey
1460 * DeriveKey
1461 *
1462 * All of these routines based on the Cryptoki API;
1463 * see PKCS#11 for further information.
1464 */
1465
1466 /*
1467 */
1468 NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)(
1469 NSSCKMDMechanism *mdMechanism,
1470 NSSCKFWMechanism *fwMechanism,
1471 CK_MECHANISM_PTR pMechanism,
1472 NSSCKMDSession *mdSession,
1473 NSSCKFWSession *fwSession,
1474 NSSCKMDToken *mdToken,
1475 NSSCKFWToken *fwToken,
1476 NSSCKMDInstance *mdInstance,
1477 NSSCKFWInstance *fwInstance,
1478 NSSCKMDObject *mdKey,
1479 NSSCKFWObject *fwKey,
1480 CK_RV *pError);
1481
1482 /*
1483 */
1484 NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)(
1485 NSSCKMDMechanism *mdMechanism,
1486 NSSCKFWMechanism *fwMechanism,
1487 CK_MECHANISM_PTR pMechanism,
1488 NSSCKMDSession *mdSession,
1489 NSSCKFWSession *fwSession,
1490 NSSCKMDToken *mdToken,
1491 NSSCKFWToken *fwToken,
1492 NSSCKMDInstance *mdInstance,
1493 NSSCKFWInstance *fwInstance,
1494 NSSCKMDObject *mdKey,
1495 NSSCKFWObject *fwKey,
1496 CK_RV *pError);
1497
1498 /*
1499 */
1500 NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)(
1501 NSSCKMDMechanism *mdMechanism,
1502 NSSCKFWMechanism *fwMechanism,
1503 CK_MECHANISM_PTR pMechanism,
1504 NSSCKMDSession *mdSession,
1505 NSSCKFWSession *fwSession,
1506 NSSCKMDToken *mdToken,
1507 NSSCKFWToken *fwToken,
1508 NSSCKMDInstance *mdInstance,
1509 NSSCKFWInstance *fwInstance,
1510 CK_RV *pError);
1511
1512 /*
1513 */
1514 NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)(
1515 NSSCKMDMechanism *mdMechanism,
1516 NSSCKFWMechanism *fwMechanism,
1517 CK_MECHANISM_PTR pMechanism,
1518 NSSCKMDSession *mdSession,
1519 NSSCKFWSession *fwSession,
1520 NSSCKMDToken *mdToken,
1521 NSSCKFWToken *fwToken,
1522 NSSCKMDInstance *mdInstance,
1523 NSSCKFWInstance *fwInstance,
1524 NSSCKMDObject *mdKey,
1525 NSSCKFWObject *fwKey,
1526 CK_RV *pError);
1527
1528 /*
1529 */
1530 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)(
1531 NSSCKMDMechanism *mdMechanism,
1532 NSSCKFWMechanism *fwMechanism,
1533 CK_MECHANISM_PTR pMechanism,
1534 NSSCKMDSession *mdSession,
1535 NSSCKFWSession *fwSession,
1536 NSSCKMDToken *mdToken,
1537 NSSCKFWToken *fwToken,
1538 NSSCKMDInstance *mdInstance,
1539 NSSCKFWInstance *fwInstance,
1540 NSSCKMDObject *mdKey,
1541 NSSCKFWObject *fwKey,
1542 CK_RV *pError);
1543
1544 /*
1545 */
1546 NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)(
1547 NSSCKMDMechanism *mdMechanism,
1548 NSSCKFWMechanism *fwMechanism,
1549 CK_MECHANISM_PTR pMechanism,
1550 NSSCKMDSession *mdSession,
1551 NSSCKFWSession *fwSession,
1552 NSSCKMDToken *mdToken,
1553 NSSCKFWToken *fwToken,
1554 NSSCKMDInstance *mdInstance,
1555 NSSCKFWInstance *fwInstance,
1556 NSSCKMDObject *mdKey,
1557 NSSCKFWObject *fwKey,
1558 CK_RV *pError);
1559
1560 /*
1561 */
1562 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)(
1563 NSSCKMDMechanism *mdMechanism,
1564 NSSCKFWMechanism *fwMechanism,
1565 CK_MECHANISM_PTR pMechanism,
1566 NSSCKMDSession *mdSession,
1567 NSSCKFWSession *fwSession,
1568 NSSCKMDToken *mdToken,
1569 NSSCKFWToken *fwToken,
1570 NSSCKMDInstance *mdInstance,
1571 NSSCKFWInstance *fwInstance,
1572 NSSCKMDObject *mdKey,
1573 NSSCKFWObject *fwKey,
1574 CK_RV *pError);
1575
1576 /*
1577 * Key management operations.
1578 */
1579
1580 /*
1581 * This routine generates a key. This routine may return NULL
1582 * upon error.
1583 */
1584 NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1585 NSSCKMDMechanism *mdMechanism,
1586 NSSCKFWMechanism *fwMechanism,
1587 CK_MECHANISM_PTR pMechanism,
1588 NSSCKMDSession *mdSession,
1589 NSSCKFWSession *fwSession,
1590 NSSCKMDToken *mdToken,
1591 NSSCKFWToken *fwToken,
1592 NSSCKMDInstance *mdInstance,
1593 NSSCKFWInstance *fwInstance,
1594 CK_ATTRIBUTE_PTR pTemplate,
1595 CK_ULONG ulAttributeCount,
1596 CK_RV *pError);
1597
1598 /*
1599 * This routine generates a key pair.
1600 */
1601 CK_RV(PR_CALLBACK *GenerateKeyPair)
1602 (
1603 NSSCKMDMechanism *mdMechanism,
1604 NSSCKFWMechanism *fwMechanism,
1605 CK_MECHANISM_PTR pMechanism,
1606 NSSCKMDSession *mdSession,
1607 NSSCKFWSession *fwSession,
1608 NSSCKMDToken *mdToken,
1609 NSSCKFWToken *fwToken,
1610 NSSCKMDInstance *mdInstance,
1611 NSSCKFWInstance *fwInstance,
1612 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1613 CK_ULONG ulPublicKeyAttributeCount,
1614 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1615 CK_ULONG ulPrivateKeyAttributeCount,
1616 NSSCKMDObject **pPublicKey,
1617 NSSCKMDObject **pPrivateKey);
1618
1619 /*
1620 * This routine wraps a key.
1621 */
1622 CK_ULONG(PR_CALLBACK *GetWrapKeyLength)
1623 (
1624 NSSCKMDMechanism *mdMechanism,
1625 NSSCKFWMechanism *fwMechanism,
1626 CK_MECHANISM_PTR pMechanism,
1627 NSSCKMDSession *mdSession,
1628 NSSCKFWSession *fwSession,
1629 NSSCKMDToken *mdToken,
1630 NSSCKFWToken *fwToken,
1631 NSSCKMDInstance *mdInstance,
1632 NSSCKFWInstance *fwInstance,
1633 NSSCKMDObject *mdWrappingKey,
1634 NSSCKFWObject *fwWrappingKey,
1635 NSSCKMDObject *mdWrappedKey,
1636 NSSCKFWObject *fwWrappedKey,
1637 CK_RV *pError);
1638
1639 /*
1640 * This routine wraps a key.
1641 */
1642 CK_RV(PR_CALLBACK *WrapKey)
1643 (
1644 NSSCKMDMechanism *mdMechanism,
1645 NSSCKFWMechanism *fwMechanism,
1646 CK_MECHANISM_PTR pMechanism,
1647 NSSCKMDSession *mdSession,
1648 NSSCKFWSession *fwSession,
1649 NSSCKMDToken *mdToken,
1650 NSSCKFWToken *fwToken,
1651 NSSCKMDInstance *mdInstance,
1652 NSSCKFWInstance *fwInstance,
1653 NSSCKMDObject *mdWrappingKey,
1654 NSSCKFWObject *fwWrappingKey,
1655 NSSCKMDObject *mdKeyObject,
1656 NSSCKFWObject *fwKeyObject,
1657 NSSItem *wrappedKey);
1658
1659 /*
1660 * This routine unwraps a key. This routine may return NULL
1661 * upon error.
1662 */
1663 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1664 NSSCKMDMechanism *mdMechanism,
1665 NSSCKFWMechanism *fwMechanism,
1666 CK_MECHANISM_PTR pMechanism,
1667 NSSCKMDSession *mdSession,
1668 NSSCKFWSession *fwSession,
1669 NSSCKMDToken *mdToken,
1670 NSSCKFWToken *fwToken,
1671 NSSCKMDInstance *mdInstance,
1672 NSSCKFWInstance *fwInstance,
1673 NSSCKMDObject *mdWrappingKey,
1674 NSSCKFWObject *fwWrappingKey,
1675 NSSItem *wrappedKey,
1676 CK_ATTRIBUTE_PTR pTemplate,
1677 CK_ULONG ulAttributeCount,
1678 CK_RV *pError);
1679
1680 /*
1681 * This routine derives a key. This routine may return NULL
1682 * upon error.
1683 */
1684 NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1685 NSSCKMDMechanism *mdMechanism,
1686 NSSCKFWMechanism *fwMechanism,
1687 CK_MECHANISM_PTR pMechanism,
1688 NSSCKMDSession *mdSession,
1689 NSSCKFWSession *fwSession,
1690 NSSCKMDToken *mdToken,
1691 NSSCKFWToken *fwToken,
1692 NSSCKMDInstance *mdInstance,
1693 NSSCKFWInstance *fwInstance,
1694 NSSCKMDObject *mdBaseKey,
1695 NSSCKFWObject *fwBaseKey,
1696 CK_ATTRIBUTE_PTR pTemplate,
1697 CK_ULONG ulAttributeCount,
1698 CK_RV *pError);
1699
1700 /*
1701 * This object may be extended in future versions of the
1702 * NSS Cryptoki Framework. To allow for some flexibility
1703 * in the area of binary compatibility, this field should
1704 * be NULL.
1705 */
1706 void *null;
1707 };
1708
1709 /*
1710 * NSSCKMDObject
1711 *
1712 * This is the basic handle for any object used by a PKCS#11 Module.
1713 * Modules must implement it if they support their own objects, and
1714 * the Framework supports it for Modules that do not handle session
1715 * objects. This type contains a pointer for use by the implementor,
1716 * to store any object-specific data, and it contains an EPV for a
1717 * set of routines used to access the object.
1718 */
1719
1720 struct NSSCKMDObjectStr {
1721 /*
1722 * The implementation my use this pointer for its own purposes.
1723 */
1724 void *etc;
1725
1726 /*
1727 * This routine is called by the Framework when it is letting
1728 * go of an object handle. It can be used by the Module to
1729 * free any resources tied up by an object "in use." It is
1730 * optional.
1731 */
1732 void(PR_CALLBACK *Finalize)(
1733 NSSCKMDObject *mdObject,
1734 NSSCKFWObject *fwObject,
1735 NSSCKMDSession *mdSession,
1736 NSSCKFWSession *fwSession,
1737 NSSCKMDToken *mdToken,
1738 NSSCKFWToken *fwToken,
1739 NSSCKMDInstance *mdInstance,
1740 NSSCKFWInstance *fwInstance);
1741
1742 /*
1743 * This routine is used to completely destroy an object.
1744 * It is optional. The parameter fwObject might be NULL
1745 * if the framework runs out of memory at the wrong moment.
1746 */
1747 CK_RV(PR_CALLBACK *Destroy)
1748 (
1749 NSSCKMDObject *mdObject,
1750 NSSCKFWObject *fwObject,
1751 NSSCKMDSession *mdSession,
1752 NSSCKFWSession *fwSession,
1753 NSSCKMDToken *mdToken,
1754 NSSCKFWToken *fwToken,
1755 NSSCKMDInstance *mdInstance,
1756 NSSCKFWInstance *fwInstance);
1757
1758 /*
1759 * This helper routine is used by the Framework, and is especially
1760 * useful when it is managing session objects on behalf of the
1761 * Module. This routine is optional; if unimplemented, the
1762 * Framework will actually look up the CKA_TOKEN attribute. In the
1763 * event of an error, just make something up-- the Framework will
1764 * find out soon enough anyway.
1765 */
1766 CK_BBOOL(PR_CALLBACK *IsTokenObject)
1767 (
1768 NSSCKMDObject *mdObject,
1769 NSSCKFWObject *fwObject,
1770 NSSCKMDSession *mdSession,
1771 NSSCKFWSession *fwSession,
1772 NSSCKMDToken *mdToken,
1773 NSSCKFWToken *fwToken,
1774 NSSCKMDInstance *mdInstance,
1775 NSSCKFWInstance *fwInstance);
1776
1777 /*
1778 * This routine returns the number of attributes of which this
1779 * object consists. It is mandatory. It can return zero on
1780 * error.
1781 */
1782 CK_ULONG(PR_CALLBACK *GetAttributeCount)
1783 (
1784 NSSCKMDObject *mdObject,
1785 NSSCKFWObject *fwObject,
1786 NSSCKMDSession *mdSession,
1787 NSSCKFWSession *fwSession,
1788 NSSCKMDToken *mdToken,
1789 NSSCKFWToken *fwToken,
1790 NSSCKMDInstance *mdInstance,
1791 NSSCKFWInstance *fwInstance,
1792 CK_RV *pError);
1793
1794 /*
1795 * This routine stuffs the attribute types into the provided array.
1796 * The array size (as obtained from GetAttributeCount) is passed in
1797 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1798 * (either too big or too small).
1799 */
1800 CK_RV(PR_CALLBACK *GetAttributeTypes)
1801 (
1802 NSSCKMDObject *mdObject,
1803 NSSCKFWObject *fwObject,
1804 NSSCKMDSession *mdSession,
1805 NSSCKFWSession *fwSession,
1806 NSSCKMDToken *mdToken,
1807 NSSCKFWToken *fwToken,
1808 NSSCKMDInstance *mdInstance,
1809 NSSCKFWInstance *fwInstance,
1810 CK_ATTRIBUTE_TYPE_PTR typeArray,
1811 CK_ULONG ulCount);
1812
1813 /*
1814 * This routine returns the size (in bytes) of the specified
1815 * attribute. It can return zero on error.
1816 */
1817 CK_ULONG(PR_CALLBACK *GetAttributeSize)
1818 (
1819 NSSCKMDObject *mdObject,
1820 NSSCKFWObject *fwObject,
1821 NSSCKMDSession *mdSession,
1822 NSSCKFWSession *fwSession,
1823 NSSCKMDToken *mdToken,
1824 NSSCKFWToken *fwToken,
1825 NSSCKMDInstance *mdInstance,
1826 NSSCKFWInstance *fwInstance,
1827 CK_ATTRIBUTE_TYPE attribute,
1828 CK_RV *pError);
1829
1830 /*
1831 * This routine returns an NSSCKFWItem structure.
1832 * The item pointer points to an NSSItem containing the attribute value.
1833 * The needsFreeing bit tells the framework whether to call the
1834 * FreeAttribute function . Upon error, an NSSCKFWItem structure
1835 * with a NULL NSSItem item pointer will be returned
1836 */
1837 NSSCKFWItem(PR_CALLBACK *GetAttribute)(
1838 NSSCKMDObject *mdObject,
1839 NSSCKFWObject *fwObject,
1840 NSSCKMDSession *mdSession,
1841 NSSCKFWSession *fwSession,
1842 NSSCKMDToken *mdToken,
1843 NSSCKFWToken *fwToken,
1844 NSSCKMDInstance *mdInstance,
1845 NSSCKFWInstance *fwInstance,
1846 CK_ATTRIBUTE_TYPE attribute,
1847 CK_RV *pError);
1848
1849 /*
1850 * This routine returns CKR_OK if the attribute could be freed.
1851 */
1852 CK_RV(PR_CALLBACK *FreeAttribute)
1853 (
1854 NSSCKFWItem *item);
1855
1856 /*
1857 * This routine changes the specified attribute. If unimplemented,
1858 * the object will be considered read-only.
1859 */
1860 CK_RV(PR_CALLBACK *SetAttribute)
1861 (
1862 NSSCKMDObject *mdObject,
1863 NSSCKFWObject *fwObject,
1864 NSSCKMDSession *mdSession,
1865 NSSCKFWSession *fwSession,
1866 NSSCKMDToken *mdToken,
1867 NSSCKFWToken *fwToken,
1868 NSSCKMDInstance *mdInstance,
1869 NSSCKFWInstance *fwInstance,
1870 CK_ATTRIBUTE_TYPE attribute,
1871 NSSItem *value);
1872
1873 /*
1874 * This routine returns the storage requirements of this object,
1875 * in bytes. Cryptoki doesn't strictly define the definition,
1876 * but it should relate to the values returned by the "Get Memory"
1877 * routines of the NSSCKMDToken. This routine is optional; if
1878 * unimplemented, the Framework will consider this information
1879 * sensitive. This routine may return zero on error. If the
1880 * specified error is CKR_OK, zero will be accepted as a valid
1881 * response.
1882 */
1883 CK_ULONG(PR_CALLBACK *GetObjectSize)
1884 (
1885 NSSCKMDObject *mdObject,
1886 NSSCKFWObject *fwObject,
1887 NSSCKMDSession *mdSession,
1888 NSSCKFWSession *fwSession,
1889 NSSCKMDToken *mdToken,
1890 NSSCKFWToken *fwToken,
1891 NSSCKMDInstance *mdInstance,
1892 NSSCKFWInstance *fwInstance,
1893 CK_RV *pError);
1894
1895 /*
1896 * This object may be extended in future versions of the
1897 * NSS Cryptoki Framework. To allow for some flexibility
1898 * in the area of binary compatibility, this field should
1899 * be NULL.
1900 */
1901 void *null;
1902 };
1903
1904 #endif /* NSSCKMDT_H */
OLDNEW
« no previous file with comments | « nss/lib/ckfw/nssckg.h ('k') | nss/lib/ckfw/nssckt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698