Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(301)

Side by Side Diff: nss/lib/util/pkcs11n.h

Issue 2078763002: Delete bundled copy of NSS and replace with README. (Closed) Base URL: https://chromium.googlesource.com/chromium/deps/nss@master
Patch Set: Delete bundled copy of NSS and replace with README. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « nss/lib/util/pkcs11f.h ('k') | nss/lib/util/pkcs11p.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5 #ifndef _PKCS11N_H_
6 #define _PKCS11N_H_
7
8 /*
9 * pkcs11n.h
10 *
11 * This file contains the NSS-specific type definitions for Cryptoki
12 * (PKCS#11).
13 */
14
15 /*
16 * NSSCK_VENDOR_NSS
17 *
18 * Cryptoki reserves the high half of all the number spaces for
19 * vendor-defined use. I'd like to keep all of our NSS-
20 * specific values together, but not in the oh-so-obvious
21 * 0x80000001, 0x80000002, etc. area. So I've picked an offset,
22 * and constructed values for the beginnings of our spaces.
23 *
24 * Note that some "historical" Netscape values don't fall within
25 * this range.
26 */
27 #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
28
29 /*
30 * NSS-defined object classes
31 *
32 */
33 #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
34
35 #define CKO_NSS_CRL (CKO_NSS + 1)
36 #define CKO_NSS_SMIME (CKO_NSS + 2)
37 #define CKO_NSS_TRUST (CKO_NSS + 3)
38 #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
39 #define CKO_NSS_NEWSLOT (CKO_NSS + 5)
40 #define CKO_NSS_DELSLOT (CKO_NSS + 6)
41
42
43 /*
44 * NSS-defined key types
45 *
46 */
47 #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
48
49 #define CKK_NSS_PKCS8 (CKK_NSS + 1)
50
51 #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2)
52 #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3)
53
54 #define CKK_NSS_CHACHA20 (CKK_NSS + 4)
55
56 /*
57 * NSS-defined certificate types
58 *
59 */
60 #define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
61
62 /* FAKE PKCS #11 defines */
63 #define CKA_DIGEST 0x81000000L
64 #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
65
66 /*
67 * NSS-defined object attributes
68 *
69 */
70 #define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
71
72 #define CKA_NSS_URL (CKA_NSS + 1)
73 #define CKA_NSS_EMAIL (CKA_NSS + 2)
74 #define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
75 #define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
76 #define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
77 #define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
78 #define CKA_NSS_EXPIRES (CKA_NSS + 7)
79 #define CKA_NSS_KRL (CKA_NSS + 8)
80
81 #define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
82 #define CKA_NSS_PQG_SEED (CKA_NSS + 21)
83 #define CKA_NSS_PQG_H (CKA_NSS + 22)
84 #define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
85 #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
86 #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
87
88 #define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26)
89 #define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27)
90 #define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28)
91 #define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29)
92 #define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30)
93 #define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31)
94 #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32)
95 #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
96
97 /*
98 * Trust attributes:
99 *
100 * If trust goes standard, these probably will too. So I'll
101 * put them all in one place.
102 */
103
104 #define CKA_TRUST (CKA_NSS + 0x2000)
105
106 /* "Usage" key information */
107 #define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
108 #define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
109 #define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
110 #define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
111 #define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
112 #define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
113 #define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
114
115 /* "Purpose" trust information */
116 #define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
117 #define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
118 #define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
119 #define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
120 #define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
121 #define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
122 #define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
123 #define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
124 #define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
125
126 #define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
127 #define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
128
129 /* NSS trust stuff */
130
131 /* HISTORICAL: define used to pass in the database key for DSA private keys */
132 #define CKA_NETSCAPE_DB 0xD5A0DB00L
133 #define CKA_NETSCAPE_TRUST 0x80000001L
134
135 /* FAKE PKCS #11 defines */
136 #define CKM_FAKE_RANDOM 0x80000efeUL
137 #define CKM_INVALID_MECHANISM 0xffffffffUL
138
139 /*
140 * NSS-defined crypto mechanisms
141 *
142 */
143 #define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
144
145 #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
146 #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
147
148 /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
149 #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
150 #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
151 #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
152 #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
153
154 /* J-PAKE round 1 key generation mechanisms.
155 *
156 * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
157 * CKA_NSS_JPAKE_SIGNERID
158 * Output key type: CKK_NSS_JPAKE_ROUND1
159 * Output key class: CKO_PRIVATE_KEY
160 * Parameter type: CK_NSS_JPAKERound1Params
161 *
162 */
163 #define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7)
164 #define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
165 #define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
166 #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
167
168 /* J-PAKE round 2 key derivation mechanisms.
169 *
170 * Required template attributes: CKA_NSS_JPAKE_PEERID
171 * Input key type: CKK_NSS_JPAKE_ROUND1
172 * Output key type: CKK_NSS_JPAKE_ROUND2
173 * Output key class: CKO_PRIVATE_KEY
174 * Parameter type: CK_NSS_JPAKERound2Params
175 */
176 #define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11)
177 #define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
178 #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
179 #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
180
181 /* J-PAKE final key material derivation mechanisms
182 *
183 * Input key type: CKK_NSS_JPAKE_ROUND2
184 * Output key type: CKK_GENERIC_SECRET
185 * Output key class: CKO_SECRET_KEY
186 * Parameter type: CK_NSS_JPAKEFinalParams
187 *
188 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
189 * to get a key with uniformly distributed bits.
190 */
191 #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15)
192 #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16)
193 #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17)
194 #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18)
195
196 /* Constant-time MAC mechanisms:
197 *
198 * These operations verify a padded, MAC-then-encrypt block of data in
199 * constant-time. Because of the order of operations, the padding bytes are not
200 * protected by the MAC. However, disclosing the value of the padding bytes
201 * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
202 * as subtle as taking slightly less time to perform the MAC when the padding
203 * is one byte longer. See https://www.isg.rhul.ac.uk/tls/
204 *
205 * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
206 * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
207 *
208 * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
209 */
210 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
211 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
212
213 /* TLS 1.2 mechanisms */
214 #define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
215 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
216 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
217 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
218
219 /* TLS extended master secret derivation */
220 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25)
221 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
222
223 #define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27)
224 #define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28)
225
226 /*
227 * HISTORICAL:
228 * Do not attempt to use these. They are only used by NETSCAPE's internal
229 * PKCS #11 interface. Most of these are place holders for other mechanism
230 * and will change in the future.
231 */
232 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
233 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
234 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
235 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
236 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL
237 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL
238 #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
239 #define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
240 #define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
241 #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
242
243 #define CKM_TLS_PRF_GENERAL 0x80000373UL
244
245 typedef struct CK_NSS_JPAKEPublicValue {
246 CK_BYTE * pGX;
247 CK_ULONG ulGXLen;
248 CK_BYTE * pGV;
249 CK_ULONG ulGVLen;
250 CK_BYTE * pR;
251 CK_ULONG ulRLen;
252 } CK_NSS_JPAKEPublicValue;
253
254 typedef struct CK_NSS_JPAKERound1Params {
255 CK_NSS_JPAKEPublicValue gx1; /* out */
256 CK_NSS_JPAKEPublicValue gx2; /* out */
257 } CK_NSS_JPAKERound1Params;
258
259 typedef struct CK_NSS_JPAKERound2Params {
260 CK_BYTE * pSharedKey; /* in */
261 CK_ULONG ulSharedKeyLen; /* in */
262 CK_NSS_JPAKEPublicValue gx3; /* in */
263 CK_NSS_JPAKEPublicValue gx4; /* in */
264 CK_NSS_JPAKEPublicValue A; /* out */
265 } CK_NSS_JPAKERound2Params;
266
267 typedef struct CK_NSS_JPAKEFinalParams {
268 CK_NSS_JPAKEPublicValue B; /* in */
269 } CK_NSS_JPAKEFinalParams;
270
271 /* macAlg: the MAC algorithm to use. This determines the hash function used in
272 * the HMAC/SSLv3 MAC calculations.
273 * ulBodyTotalLen: the total length of the data, including padding bytes and
274 * padding length.
275 * pHeader: points to a block of data that contains additional data to
276 * authenticate. For TLS this includes the sequence number etc. For SSLv3,
277 * this also includes the initial padding bytes.
278 *
279 * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
280 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
281 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
282 * unsigned int variable to represent the length in bits. This should not
283 * be a problem because the SSL/TLS protocol limits the size of an SSL
284 * record to something considerably less than 2^32 bytes.
285 */
286 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
287 CK_MECHANISM_TYPE macAlg; /* in */
288 CK_ULONG ulBodyTotalLen; /* in */
289 CK_BYTE * pHeader; /* in */
290 CK_ULONG ulHeaderLen; /* in */
291 } CK_NSS_MAC_CONSTANT_TIME_PARAMS;
292
293 typedef struct CK_NSS_AEAD_PARAMS {
294 CK_BYTE_PTR pNonce;
295 CK_ULONG ulNonceLen;
296 CK_BYTE_PTR pAAD;
297 CK_ULONG ulAADLen;
298 CK_ULONG ulTagLen;
299 } CK_NSS_AEAD_PARAMS;
300
301 /*
302 * NSS-defined return values
303 *
304 */
305 #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
306
307 #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
308 #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
309
310 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
311 See RFC 5869.
312
313 bExtract: If set, HKDF-Extract will be applied to the input key. If
314 the optional salt is given, it is used; otherwise, the salt is
315 set to a sequence of zeros equal in length to the HMAC output.
316 If bExpand is not set, then the key template given to
317 C_DeriveKey must indicate an output key size less than or equal
318 to the output size of the HMAC.
319
320 bExpand: If set, HKDF-Expand will be applied to the input key (if
321 bExtract is not set) or to the result of HKDF-Extract (if
322 bExtract is set). Any info given in the optional pInfo field will
323 be included in the calculation.
324
325 The size of the output key must be specified in the template passed to
326 C_DeriveKey.
327 */
328 typedef struct CK_NSS_HKDFParams {
329 CK_BBOOL bExtract;
330 CK_BYTE_PTR pSalt;
331 CK_ULONG ulSaltLen;
332 CK_BBOOL bExpand;
333 CK_BYTE_PTR pInfo;
334 CK_ULONG ulInfoLen;
335 } CK_NSS_HKDFParams;
336
337 /*
338 * Parameter for the TLS extended master secret key derivation mechanisms:
339 *
340 * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
341 * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
342 *
343 * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
344 * function used. For earlier versions of the PRF, set the prfHashMechanism
345 * value to CKM_TLS_PRF.
346 *
347 * The session hash input is expected to be the output of the same hash
348 * function as the PRF uses (as required by draft-ietf-tls-session-hash). So
349 * the ulSessionHashLen member must be equal the output length of the hash
350 * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF,
351 * the length of concatenated MD5 and SHA-1 digests).
352 *
353 */
354 typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
355 CK_MECHANISM_TYPE prfHashMechanism;
356 CK_BYTE_PTR pSessionHash;
357 CK_ULONG ulSessionHashLen;
358 CK_VERSION_PTR pVersion;
359 } CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
360
361
362 /*
363 * Trust info
364 *
365 * This isn't part of the Cryptoki standard (yet), so I'm putting
366 * all the definitions here. Some of this would move to nssckt.h
367 * if trust info were made part of the standard. In view of this
368 * possibility, I'm putting my (NSS) values in the NSS
369 * vendor space, like everything else.
370 */
371
372 typedef CK_ULONG CK_TRUST;
373
374 /* The following trust types are defined: */
375 #define CKT_VENDOR_DEFINED 0x80000000
376
377 #define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
378
379 /* If trust goes standard, these'll probably drop out of vendor space. */
380 #define CKT_NSS_TRUSTED (CKT_NSS + 1)
381 #define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
382 #define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3)
383 #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10)
384 #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
385
386 /*
387 * These may well remain NSS-specific; I'm only using them
388 * to cache resolution data.
389 */
390 #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
391
392
393 /*
394 * old definitions. They still exist, but the plain meaning of the
395 * labels have never been accurate to what was really implemented.
396 * The new labels correctly reflect what the values effectively mean.
397 */
398 #if defined(__GNUC__) && (__GNUC__ > 3)
399 /* make GCC warn when we use these #defines */
400 /*
401 * This is really painful because GCC doesn't allow us to mark random
402 * #defines as deprecated. We can only mark the following:
403 * functions, variables, and types.
404 * const variables will create extra storage for everyone including this
405 * header file, so it's undesirable.
406 * functions could be inlined to prevent storage creation, but will fail
407 * when constant values are expected (like switch statements).
408 * enum types do not seem to pay attention to the deprecated attribute.
409 *
410 * That leaves typedefs. We declare new types that we then deprecate, then
411 * cast the resulting value to the deprecated type in the #define, thus
412 * producting the warning when the #define is used.
413 */
414 #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
415 /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
416 * is a gcc version issue rather than mac or ppc specific */
417 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
418 typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated));
419 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
420 #else
421 /* when possible, get a full deprecation warning. This works on gcc 4.5
422 * it may work on earlier versions of gcc */
423 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated
424 ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
425 typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated
426 ("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED")));
427 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated
428 ("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN")));
429 #endif
430 #define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST)
431 #define CKT_NSS_VALID ((__CKT_NSS_VALID) CKT_NSS_NOT_TRUSTED)
432 /* keep the old value for compatibility reasons*/
433 #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS +4))
434 #else
435 #ifdef _WIN32
436 /* This magic gets the windows compiler to give us a deprecation
437 * warning */
438 #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID)
439 #endif
440 /* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */
441 #define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST
442 /* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */
443 #define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED
444 /* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */
445 #define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/
446 #endif
447
448 /* don't leave old programs in a lurch just yet, give them the old NETSCAPE
449 * synonym */
450 #define CKO_NETSCAPE_CRL CKO_NSS_CRL
451 #define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
452 #define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
453 #define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
454 #define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
455 #define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
456 #define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
457 #define CKA_NETSCAPE_URL CKA_NSS_URL
458 #define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
459 #define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
460 #define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
461 #define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
462 #define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
463 #define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
464 #define CKA_NETSCAPE_KRL CKA_NSS_KRL
465 #define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
466 #define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
467 #define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
468 #define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
469 #define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
470 #define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
471 #define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
472 #define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
473 #define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
474
475 #define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
476 #define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
477 #define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
478 #define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
479 #define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
480 #define CKT_NETSCAPE_VALID CKT_NSS_VALID
481 #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
482
483 /*
484 * These are not really PKCS #11 values specifically. They are the 'loadable'
485 * module spec NSS uses. The are available for others to use as well, but not
486 * part of the formal PKCS #11 spec.
487 *
488 * The function 'FIND' returns an array of PKCS #11 initialization strings
489 * The function 'ADD' takes a PKCS #11 initialization string and stores it.
490 * The function 'DEL' takes a 'name= library=' value and deletes the associated
491 * string.
492 * The function 'RELEASE' frees the array returned by 'FIND'
493 */
494 #define SECMOD_MODULE_DB_FUNCTION_FIND 0
495 #define SECMOD_MODULE_DB_FUNCTION_ADD 1
496 #define SECMOD_MODULE_DB_FUNCTION_DEL 2
497 #define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
498 typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
499 char *parameters, void *moduleSpec);
500
501 /* softoken slot ID's */
502 #define SFTK_MIN_USER_SLOT_ID 4
503 #define SFTK_MAX_USER_SLOT_ID 100
504 #define SFTK_MIN_FIPS_USER_SLOT_ID 101
505 #define SFTK_MAX_FIPS_USER_SLOT_ID 127
506
507
508 #endif /* _PKCS11N_H_ */
OLDNEW
« no previous file with comments | « nss/lib/util/pkcs11f.h ('k') | nss/lib/util/pkcs11p.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698