pkcs11n.h source code [include/nss/pkcs11n.h]

1	/ This Source Code Form is subject to the terms of the Mozilla Public*
2	* License, v. 2.0. If a copy of the MPL was not distributed with this
3	* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5	#ifndef _PKCS11N_H_
6	#define _PKCS11N_H_
7
8	/*
9	* pkcs11n.h
10	*
11	* This file contains the NSS-specific type definitions for Cryptoki
12	* (PKCS#11).
13	*/
14
15	/*
16	* NSSCK_VENDOR_NSS
17	*
18	* Cryptoki reserves the high half of all the number spaces for
19	* vendor-defined use. I'd like to keep all of our NSS-
20	* specific values together, but not in the oh-so-obvious
21	* 0x80000001, 0x80000002, etc. area. So I've picked an offset,
22	* and constructed values for the beginnings of our spaces.
23	*
24	* Note that some "historical" Netscape values don't fall within
25	* this range.
26	*/
27	#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
28
29	/*
30	* NSS-defined object classes
31	*
32	*/
33	#define CKO_NSS (CKO_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
34
35	#define CKO_NSS_CRL (CKO_NSS + 1)
36	#define CKO_NSS_SMIME (CKO_NSS + 2)
37	#define CKO_NSS_TRUST (CKO_NSS + 3)
38	#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
39	#define CKO_NSS_NEWSLOT (CKO_NSS + 5)
40	#define CKO_NSS_DELSLOT (CKO_NSS + 6)
41	#define CKO_NSS_VALIDATION (CKO_NSS + 7)
42
43	#define CKV_NSS_FIPS_140 (CKO_NSS + 1)
44
45	/*
46	* NSS-defined key types
47	*
48	*/
49	#define CKK_NSS (CKK_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
50
51	#define CKK_NSS_PKCS8 (CKK_NSS + 1)
52
53	#define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2)
54	#define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3)
55
56	#define CKK_NSS_CHACHA20 (CKK_NSS + 4)
57
58	#define CKK_NSS_KYBER (CKK_NSS + 5)
59
60	/*
61	* NSS-defined certificate types
62	*
63	*/
64	#define CKC_NSS (CKC_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
65
66	/ FAKE PKCS #11 defines /
67	#define CKA_DIGEST 0x81000000L
68	#define CKA_NSS_MESSAGE 0x82000000L
69	#define CKA_NSS_MESSAGE_MASK 0xff000000L
70	#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
71
72	/*
73	* NSS-defined object attributes
74	*
75	*/
76	#define CKA_NSS (CKA_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
77
78	#define CKA_NSS_URL (CKA_NSS + 1)
79	#define CKA_NSS_EMAIL (CKA_NSS + 2)
80	#define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
81	#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
82	#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
83	#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
84	#define CKA_NSS_EXPIRES (CKA_NSS + 7)
85	#define CKA_NSS_KRL (CKA_NSS + 8)
86
87	#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
88	#define CKA_NSS_PQG_SEED (CKA_NSS + 21)
89	#define CKA_NSS_PQG_H (CKA_NSS + 22)
90	#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
91	#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
92	#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
93
94	#define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26)
95	#define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27)
96	#define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28)
97	#define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29)
98	#define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30)
99	#define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31)
100	#define CKA_NSS_JPAKE_X2 (CKA_NSS + 32)
101	#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
102
103	#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34)
104	#define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35)
105	#define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36)
106
107	#define CKA_NSS_VALIDATION_TYPE (CKA_NSS + 36)
108	#define CKA_NSS_VALIDATION_VERSION (CKA_NSS + 37)
109	#define CKA_NSS_VALIDATION_LEVEL (CKA_NSS + 38)
110	#define CKA_NSS_VALIDATION_MODULE_ID (CKA_NSS + 39)
111
112	#define CKA_NSS_PARAMETER_SET (CKA_NSS + 40)
113
114	/*
115	* Trust attributes:
116	*
117	* If trust goes standard, these probably will too. So I'll
118	* put them all in one place.
119	*/
120
121	#define CKA_TRUST (CKA_NSS + 0x2000)
122
123	/ "Usage" key information /
124	#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
125	#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
126	#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
127	#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
128	#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
129	#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
130	#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
131
132	/ "Purpose" trust information /
133	#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
134	#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
135	#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
136	#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
137	#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
138	#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
139	#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
140	#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
141	#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
142
143	#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
144	#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
145
146	/ NSS trust stuff /
147
148	/ HISTORICAL: define used to pass in the database key for DSA private keys /
149	#define CKA_NSS_DB 0xD5A0DB00L
150	#define CKA_NSS_TRUST 0x80000001L
151
152	/ FAKE PKCS #11 defines /
153	#define CKM_FAKE_RANDOM 0x80000efeUL
154	#define CKM_INVALID_MECHANISM 0xffffffffUL
155	#define CKT_INVALID_TYPE 0xffffffffUL
156
157	/*
158	* NSS-defined crypto mechanisms
159	*
160	*/
161	#define CKM_NSS (CKM_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
162
163	#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
164	#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
165
166	/ HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. /
167	#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
168	#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
169	#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
170	#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
171
172	/ J-PAKE round 1 key generation mechanisms.*
173	*
174	* Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
175	* CKA_NSS_JPAKE_SIGNERID
176	* Output key type: CKK_NSS_JPAKE_ROUND1
177	* Output key class: CKO_PRIVATE_KEY
178	* Parameter type: CK_NSS_JPAKERound1Params
179	*
180	*/
181	#define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7)
182	#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
183	#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
184	#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
185
186	/ J-PAKE round 2 key derivation mechanisms.*
187	*
188	* Required template attributes: CKA_NSS_JPAKE_PEERID
189	* Input key type: CKK_NSS_JPAKE_ROUND1
190	* Output key type: CKK_NSS_JPAKE_ROUND2
191	* Output key class: CKO_PRIVATE_KEY
192	* Parameter type: CK_NSS_JPAKERound2Params
193	*/
194	#define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11)
195	#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
196	#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
197	#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
198
199	/ J-PAKE final key material derivation mechanisms*
200	*
201	* Input key type: CKK_NSS_JPAKE_ROUND2
202	* Output key type: CKK_GENERIC_SECRET
203	* Output key class: CKO_SECRET_KEY
204	* Parameter type: CK_NSS_JPAKEFinalParams
205	*
206	* You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
207	* to get a key with uniformly distributed bits.
208	*/
209	#define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15)
210	#define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16)
211	#define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17)
212	#define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18)
213
214	/ Constant-time MAC mechanisms:*
215	*
216	* These operations verify a padded, MAC-then-encrypt block of data in
217	* constant-time. Because of the order of operations, the padding bytes are not
218	* protected by the MAC. However, disclosing the value of the padding bytes
219	* gives an attacker the ability to decrypt ciphertexts. Such disclosure can be
220	* as subtle as taking slightly less time to perform the MAC when the padding
221	* is one byte longer. See https://www.isg.rhul.ac.uk/tls/
222	*
223	* CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication.
224	* CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC.
225	*
226	* Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS
227	*/
228	#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19)
229	#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20)
230
231	/ TLS 1.2 mechanisms /
232	#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21)
233	#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22)
234	#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23)
235	#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24)
236
237	/ TLS extended master secret derivation /
238	#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25)
239	#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26)
240
241	#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27)
242	#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28)
243
244	/ Additional PKCS #12 PBE algorithms defined in v1.1 /
245	#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29)
246	#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30)
247	#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31)
248	#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32)
249
250	#define CKM_NSS_CHACHA20_CTR (CKM_NSS + 33)
251
252	/ IKE mechanism (to be proposed to PKCS #11 /
253	#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 34)
254	#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 35)
255	#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 36)
256	#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 37)
257
258	#define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40)
259
260	/ SP800-108 NSS mechanism with support for data object derivation /
261	#define CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA (CKM_NSS + 42)
262	#define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43)
263	#define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44)
264
265	/ Kyber /
266	#define CKM_NSS_KYBER_KEY_PAIR_GEN (CKM_NSS + 45)
267	#define CKM_NSS_KYBER (CKM_NSS + 46)
268
269	/*
270	* HISTORICAL:
271	* Do not attempt to use these. They are only used by NSS's internal
272	* PKCS #11 interface. Most of these are place holders for other mechanism
273	* and will change in the future.
274	*/
275	#define CKM_NSS_PBE_SHA1_DES_CBC 0x80000002UL
276	#define CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
277	#define CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
278	#define CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
279	#define CKM_NSS_PBE_SHA1_40_BIT_RC4 0x80000006UL
280	#define CKM_NSS_PBE_SHA1_128_BIT_RC4 0x80000007UL
281	#define CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
282	#define CKM_NSS_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
283	#define CKM_NSS_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
284	#define CKM_NSS_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
285
286	#define CKM_TLS_PRF_GENERAL 0x80000373UL
287
288	/ Parameter set identifiers /
289	#define CKP_NSS (CKM_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
290	#define CKP_NSS_KYBER_768_ROUND3 (CKP_NSS + 1)
291
292	/ FIPS Indicator defines /
293	#define CKS_NSS_UNINITIALIZED 0xffffffffUL
294	#define CKS_NSS_FIPS_NOT_OK 0UL
295	#define CKS_NSS_FIPS_OK 1UL
296
297	#define CKT_NSS_SESSION_CHECK 1UL
298	#define CKT_NSS_OBJECT_CHECK 2UL
299	#define CKT_NSS_BOTH_CHECK 3UL
300	#define CKT_NSS_SESSION_LAST_CHECK 4UL
301
302	typedef struct CK_NSS_JPAKEPublicValue {
303	CK_BYTE *pGX;
304	CK_ULONG ulGXLen;
305	CK_BYTE *pGV;
306	CK_ULONG ulGVLen;
307	CK_BYTE *pR;
308	CK_ULONG ulRLen;
309	} CK_NSS_JPAKEPublicValue;
310
311	typedef struct CK_NSS_JPAKERound1Params {
312	CK_NSS_JPAKEPublicValue gx1; / out /
313	CK_NSS_JPAKEPublicValue gx2; / out /
314	} CK_NSS_JPAKERound1Params;
315
316	typedef struct CK_NSS_JPAKERound2Params {
317	CK_BYTE pSharedKey; /* in /
318	CK_ULONG ulSharedKeyLen; / in /
319	CK_NSS_JPAKEPublicValue gx3; / in /
320	CK_NSS_JPAKEPublicValue gx4; / in /
321	CK_NSS_JPAKEPublicValue A; / out /
322	} CK_NSS_JPAKERound2Params;
323
324	typedef struct CK_NSS_JPAKEFinalParams {
325	CK_NSS_JPAKEPublicValue B; / in /
326	} CK_NSS_JPAKEFinalParams;
327
328	/ macAlg: the MAC algorithm to use. This determines the hash function used in*
329	* the HMAC/SSLv3 MAC calculations.
330	* ulBodyTotalLen: the total length of the data, including padding bytes and
331	* padding length.
332	* pHeader: points to a block of data that contains additional data to
333	* authenticate. For TLS this includes the sequence number etc. For SSLv3,
334	* this also includes the initial padding bytes.
335	*
336	* NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and
337	* CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen
338	* and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an
339	* unsigned int variable to represent the length in bits. This should not
340	* be a problem because the SSL/TLS protocol limits the size of an SSL
341	* record to something considerably less than 2^32 bytes.
342	*/
343	typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS {
344	CK_MECHANISM_TYPE macAlg; / in /
345	CK_ULONG ulBodyTotalLen; / in /
346	CK_BYTE pHeader; /* in /
347	CK_ULONG ulHeaderLen; / in /
348	} CK_NSS_MAC_CONSTANT_TIME_PARAMS;
349
350	typedef struct CK_NSS_AEAD_PARAMS {
351	CK_BYTE_PTR pNonce;
352	CK_ULONG ulNonceLen;
353	CK_BYTE_PTR pAAD;
354	CK_ULONG ulAADLen;
355	CK_ULONG ulTagLen;
356	} CK_NSS_AEAD_PARAMS;
357
358	/*
359	* NSS-defined return values
360	*
361	*/
362	#define CKR_NSS (CKM_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
363
364	#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
365	#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
366
367	/ NSS specific types /
368	typedef CK_ULONG CK_NSS_VALIDATION_TYPE;
369
370	typedef CK_ULONG CK_NSS_KEM_PARAMETER_SET_TYPE;
371
372	/ Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.*
373	See RFC 5869.
374
375	bExtract: If set, HKDF-Extract will be applied to the input key. If
376	the optional salt is given, it is used; otherwise, the salt is
377	set to a sequence of zeros equal in length to the HMAC output.
378	If bExpand is not set, then the key template given to
379	C_DeriveKey must indicate an output key size less than or equal
380	to the output size of the HMAC.
381
382	bExpand: If set, HKDF-Expand will be applied to the input key (if
383	bExtract is not set) or to the result of HKDF-Extract (if
384	bExtract is set). Any info given in the optional pInfo field will
385	be included in the calculation.
386
387	The size of the output key must be specified in the template passed to
388	C_DeriveKey.
389	*/
390	typedef struct CK_NSS_HKDFParams {
391	CK_BBOOL bExtract;
392	CK_BYTE_PTR pSalt;
393	CK_ULONG ulSaltLen;
394	CK_BBOOL bExpand;
395	CK_BYTE_PTR pInfo;
396	CK_ULONG ulInfoLen;
397	} CK_NSS_HKDFParams;
398
399	/*
400	* CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to
401	* the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism.
402	* The fields of the structure have the following meanings:
403	* prfMechanism underlying MAC mechanism used to generate the prf.
404	* bHasSeedKey hSeed key is present.
405	* hSeedKey optional seed from key
406	* pSeedData optional seed from data.
407	* ulSeedDataLen length of optional seed data.
408	* If no seed data is present this value is NULL.
409	*/
410	typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS {
411	CK_MECHANISM_TYPE prfMechanism;
412	CK_BBOOL bHasSeedKey;
413	CK_OBJECT_HANDLE hSeedKey;
414	CK_BYTE_PTR pSeedData;
415	CK_ULONG ulSeedDataLen;
416	} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS;
417
418	/ CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to*
419	* the CKM_NSS_IKE_PRF_DERIVE mechanism.
420	*
421	* The fields of the structure have the following meanings:
422	* prfMechanism underlying MAC mechanism used to generate the prf.
423	* bRekey hNewKey is present.
424	* pNi Ni value
425	* ulNiLen length of Ni
426	* pNr Nr value
427	* ulNrLen length of Nr
428	* hNewKey New key value to drive the rekey.
429	*/
430	typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS {
431	CK_MECHANISM_TYPE prfMechanism;
432	CK_BBOOL bDataAsKey;
433	CK_BBOOL bRekey;
434	CK_BYTE_PTR pNi;
435	CK_ULONG ulNiLen;
436	CK_BYTE_PTR pNr;
437	CK_ULONG ulNrLen;
438	CK_OBJECT_HANDLE hNewKey;
439	} CK_NSS_IKE_PRF_DERIVE_PARAMS;
440
441	/ CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters*
442	* to the CKM_NSS_IKE_PRF_DERIVE mechanism.
443	*
444	* The fields of the structure have the following meanings:
445	* prfMechanism underlying MAC mechanism used to generate the prf.
446	* bRekey hNewKey is present.
447	* pCKYi CKYi value
448	* ulCKYiLen length of CKYi
449	* pCKYr CKYr value
450	* ulCKYrLen length of CKYr
451	* hNewKey New key value to drive the rekey.
452	*/
453	typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS {
454	CK_MECHANISM_TYPE prfMechanism;
455	CK_BBOOL bHasPrevKey;
456	CK_OBJECT_HANDLE hKeygxy;
457	CK_OBJECT_HANDLE hPrevKey;
458	CK_BYTE_PTR pCKYi;
459	CK_ULONG ulCKYiLen;
460	CK_BYTE_PTR pCKYr;
461	CK_ULONG ulCKYrLen;
462	CK_BYTE keyNumber;
463	} CK_NSS_IKE1_PRF_DERIVE_PARAMS;
464
465	/ CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS is a structure that provides the*
466	* parameters to the CKM_NSS_IKE_APP_B_PRF_DERIVE mechanism.
467	*
468	* The fields of the structure have the following meanings:
469	* prfMechanism underlying MAC mechanism used to generate the prf.
470	* bHasKeygxy hKeygxy exists
471	* hKeygxy optional key to hash in the prf
472	* pExtraData optional extra data to hash in the prf
473	* ulExtraData length of the optional extra data.
474	*
475	* CK_NSS_IKE_APP_B_PRF_DERIVE can take wither CK_NSS_IKE1_APP_B_PRF_DRIVE_PARAMS
476	* or a single CK_MECHANISM_TYPE. In the latter cases bHashKeygx is assumed to
477	* be false and ulExtraDataLen is assumed to be '0'.
478	*/
479	typedef struct CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS {
480	CK_MECHANISM_TYPE prfMechanism;
481	CK_BBOOL bHasKeygxy;
482	CK_OBJECT_HANDLE hKeygxy;
483	CK_BYTE_PTR pExtraData;
484	CK_ULONG ulExtraDataLen;
485	} CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS;
486
487	/*
488	* Parameter for the TLS extended master secret key derivation mechanisms:
489	*
490	* * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
491	* * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
492	*
493	* For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
494	* function used. For earlier versions of the PRF, set the prfHashMechanism
495	* value to CKM_TLS_PRF.
496	*
497	* The session hash input is expected to be the output of the same hash
498	* function as the PRF uses (as required by draft-ietf-tls-session-hash). So
499	* the ulSessionHashLen member must be equal the output length of the hash
500	* function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF,
501	* the length of concatenated MD5 and SHA-1 digests).
502	*
503	*/
504	typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS {
505	CK_MECHANISM_TYPE prfHashMechanism;
506	CK_BYTE_PTR pSessionHash;
507	CK_ULONG ulSessionHashLen;
508	CK_VERSION_PTR pVersion;
509	} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS;
510
511	/*
512	* Trust info
513	*
514	* This isn't part of the Cryptoki standard (yet), so I'm putting
515	* all the definitions here. Some of this would move to nssckt.h
516	* if trust info were made part of the standard. In view of this
517	* possibility, I'm putting my (NSS) values in the NSS
518	* vendor space, like everything else.
519	*/
520
521	typedef CK_ULONG CK_TRUST;
522
523	/ The following trust types are defined: /
524	#define CKT_VENDOR_DEFINED 0x80000000
525
526	#define CKT_NSS (CKT_VENDOR_DEFINED \| NSSCK_VENDOR_NSS)
527
528	/ If trust goes standard, these'll probably drop out of vendor space. /
529	#define CKT_NSS_TRUSTED (CKT_NSS + 1)
530	#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
531	#define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3)
532	#define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10)
533	#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
534
535	/*
536	* These may well remain NSS-specific; I'm only using them
537	* to cache resolution data.
538	*/
539	#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
540
541	/*
542	* old definitions. They still exist, but the plain meaning of the
543	* labels have never been accurate to what was really implemented.
544	* The new labels correctly reflect what the values effectively mean.
545	*/
546	#if defined(__GNUC__) && (__GNUC__ > 3)
547	/ make GCC warn when we use these #defines /
548	/*
549	* This is really painful because GCC doesn't allow us to mark random
550	* #defines as deprecated. We can only mark the following:
551	* functions, variables, and types.
552	* const variables will create extra storage for everyone including this
553	* header file, so it's undesirable.
554	* functions could be inlined to prevent storage creation, but will fail
555	* when constant values are expected (like switch statements).
556	* enum types do not seem to pay attention to the deprecated attribute.
557	*
558	* That leaves typedefs. We declare new types that we then deprecate, then
559	* cast the resulting value to the deprecated type in the #define, thus
560	* producting the warning when the #define is used.
561	*/
562	#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
563	/ The mac doesn't like the friendlier deprecate messages. I'm assuming this*
564	* is a gcc version issue rather than mac or ppc specific */
565	typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
566	typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated));
567	typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
568	#else
569	/ when possible, get a full deprecation warning. This works on gcc 4.5*
570	* it may work on earlier versions of gcc */
571	typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
572	typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED")));
573	typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN")));
574	#endif
575	#define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST)
576	#define CKT_NSS_VALID ((__CKT_NSS_VALID)CKT_NSS_NOT_TRUSTED)
577	/ keep the old value for compatibility reasons/
578	#define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4))
579	#else
580	#ifdef _WIN32
581	/ This magic gets the windows compiler to give us a deprecation*
582	* warning */
583	#pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID)
584	#endif
585	/ CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST /
586	#define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST
587	/ CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED /
588	#define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED
589	/ CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN /
590	#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /really means trust unknown/
591	#endif
592
593	/*
594	* These are not really PKCS #11 values specifically. They are the 'loadable'
595	* module spec NSS uses. They are available for others to use as well, but not
596	* part of the formal PKCS #11 spec.
597	*
598	* The function 'FIND' returns an array of PKCS #11 initialization strings
599	* The function 'ADD' takes a PKCS #11 initialization string and stores it.
600	* The function 'DEL' takes a 'name= library=' value and deletes the associated
601	* string.
602	* The function 'RELEASE' frees the array returned by 'FIND'
603	*/
604	#define SECMOD_MODULE_DB_FUNCTION_FIND 0
605	#define SECMOD_MODULE_DB_FUNCTION_ADD 1
606	#define SECMOD_MODULE_DB_FUNCTION_DEL 2
607	#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
608	typedef char *(PR_CALLBACK SECMODModuleDBFunc)(unsigned long function,
609	char parameters, void* *moduleSpec);
610
611	/ softoken slot ID's /
612	#define SFTK_MIN_USER_SLOT_ID 4
613	#define SFTK_MAX_USER_SLOT_ID 100
614	#define SFTK_MIN_FIPS_USER_SLOT_ID 101
615	#define SFTK_MAX_FIPS_USER_SLOT_ID 127
616
617	/ Module Interface. This is the old NSS private module interface, now exported*
618	* as a PKCS #11 v3 interface. It's interface name is
619	* "Vendor NSS Module Interface" */
620	typedef char *(CK_NSS_ModuleDBFunc)(unsigned long function,
621	char parameters, void* *args);
622	typedef struct CK_NSS_MODULE_FUNCTIONS {
623	CK_VERSION version;
624	CK_NSS_ModuleDBFunc NSC_ModuleDBFunc;
625	} CK_NSS_MODULE_FUNCTIONS;
626
627	/ FIPS Indicator Interface. This may move to the normal PKCS #11 table*
628	* in the future. For now it's called "Vendor NSS FIPS Interface" */
629	typedef CK_RV (*CK_NSS_GetFIPSStatus)(CK_SESSION_HANDLE hSession,
630	CK_OBJECT_HANDLE hObject,
631	CK_ULONG ulOperationType,
632	CK_ULONG *pulFIPSStatus);
633
634	typedef struct CK_NSS_FIPS_FUNCTIONS {
635	CK_VERSION version;
636	CK_NSS_GetFIPSStatus NSC_NSSGetFIPSStatus;
637	} CK_NSS_FIPS_FUNCTIONS;
638
639	/ KEM interface. This may move to the normal PKCS #11 table in the future. For*
640	* now it's called "Vendor NSS KEM Interface" */
641	typedef CK_RV (*CK_NSS_Encapsulate)(CK_SESSION_HANDLE hSession,
642	CK_MECHANISM_PTR pMechanism,
643	CK_OBJECT_HANDLE hPublicKey,
644	CK_ATTRIBUTE_PTR pTemplate,
645	CK_ULONG ulAttributeCount,
646	CK_OBJECT_HANDLE_PTR phKey,
647	CK_BYTE_PTR pCiphertext,
648	CK_ULONG_PTR pulCiphertextLen);
649
650	typedef CK_RV (*CK_NSS_Decapsulate)(CK_SESSION_HANDLE hSession,
651	CK_MECHANISM_PTR pMechanism,
652	CK_OBJECT_HANDLE hPrivateKey,
653	CK_BYTE_PTR pCiphertext,
654	CK_ULONG ulCiphertextLen,
655	CK_ATTRIBUTE_PTR pTemplate,
656	CK_ULONG ulAttributeCount,
657	CK_OBJECT_HANDLE_PTR phKey);
658
659	typedef struct CK_NSS_KEM_FUNCTIONS {
660	CK_VERSION version;
661	CK_NSS_Encapsulate C_Encapsulate;
662	CK_NSS_Decapsulate C_Decapsulate;
663	} CK_NSS_KEM_FUNCTIONS;
664
665	/ There was an inconsistency between the spec and the header file in defining*
666	* the CK_GCM_PARAMS structure. The authoritative reference is the header file,
667	* but NSS used the spec when adding it to its own header. In V3 we've
668	* corrected it, but we need to handle the old case for devices that followed
669	* us in using the incorrect specification. */
670	typedef struct CK_NSS_GCM_PARAMS {
671	CK_BYTE_PTR pIv;
672	CK_ULONG ulIvLen;
673	CK_BYTE_PTR pAAD;
674	CK_ULONG ulAADLen;
675	CK_ULONG ulTagBits;
676	} CK_NSS_GCM_PARAMS;
677
678	typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR;
679
680	/ deprecated #defines. Drop in future NSS releases /
681	#ifdef NSS_PKCS11_2_0_COMPAT
682
683	/ defines that were changed between NSS's PKCS #11 and the Oasis headers /
684	#define CKF_EC_FP CKF_EC_F_P
685	#define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS
686	#define CK_INVALID_SESSION CK_INVALID_HANDLE
687	#define CKR_KEY_PARAMS_INVALID 0x0000006B
688
689	/ use the old wrong CK_GCM_PARAMS if NSS_PCKS11_2_0_COMPAT is defined /
690	typedef struct CK_NSS_GCM_PARAMS CK_GCM_PARAMS;
691	typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
692
693	/ don't leave old programs in a lurch just yet, give them the old NETSCAPE*
694	* synonym if NSS_PKCS11_2_0_COMPAT is defined*/
695	#define CKO_NETSCAPE_CRL CKO_NSS_CRL
696	#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
697	#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
698	#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
699	#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
700	#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
701	#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
702	#define CKA_NETSCAPE_URL CKA_NSS_URL
703	#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
704	#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
705	#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
706	#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
707	#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
708	#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
709	#define CKA_NETSCAPE_KRL CKA_NSS_KRL
710	#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
711	#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
712	#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
713	#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
714	#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
715	#define CKA_NETSCAPE_DB CKA_NSS_DB
716	#define CKA_NETSCAPE_TRUST CKA_NSS_TRUST
717	#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
718	#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
719	#define CKM_NETSCAPE_PBE_SHA1_DES_CBC CKM_NSS_PBE_SHA1_DES_CBC
720	#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC
721	#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC
722	#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC
723	#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 CKM_NSS_PBE_SHA1_40_BIT_RC4
724	#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 CKM_NSS_PBE_SHA1_128_BIT_RC4
725	#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC
726	#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN CKM_NSS_PBE_SHA1_HMAC_KEY_GEN
727	#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN CKM_NSS_PBE_MD5_HMAC_KEY_GEN
728	#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN CKM_NSS_PBE_MD2_HMAC_KEY_GEN
729	#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
730	#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
731
732	#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
733	#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
734	#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
735	#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
736	#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
737	#define CKT_NETSCAPE_VALID CKT_NSS_VALID
738	#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
739	#else
740	/ use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined /
741	typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS;
742	typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR;
743	#endif
744
745	#endif /* _PKCS11N_H_ */
746

source code of include/nss/pkcs11n.h