1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12 /* The documentation about this file is in README.site */ 13 14 #ifndef PK11_SITE_H 15 #define PK11_SITE_H 1 16 17 /*! \file pk11/site.h */ 18 19 /*\brief Put here specific PKCS#11 tweaks 20 * 21 *\li PK11_<mechanism>_SKIP: 22 * Don't consider the lack of this mechanism as a fatal error. 23 * 24 *\li PK11_<mechanism>_REPLACE: 25 * Same as SKIP, and implement the mechanism using lower-level steps. 26 * 27 *\li PK11_<algorithm>_DISABLE: 28 * Same as SKIP, and disable support for the algorithm. 29 * 30 *\li PK11_PAD_HMAC_KEYS: 31 * Extend HMAC keys shorter than digest length. 32 */ 33 34 /* current implemented flags are: 35 PK11_DH_PKCS_PARAMETER_GEN_SKIP 36 PK11_DSA_PARAMETER_GEN_SKIP 37 PK11_RSA_PKCS_REPLACE 38 PK11_MD5_HMAC_REPLACE 39 PK11_SHA_1_HMAC_REPLACE 40 PK11_SHA224_HMAC_REPLACE 41 PK11_SHA256_HMAC_REPLACE 42 PK11_SHA384_HMAC_REPLACE 43 PK11_SHA512_HMAC_REPLACE 44 PK11_MD5_DISABLE 45 PK11_DSA_DISABLE 46 PK11_DH_DISABLE 47 PK11_PAD_HMAC_KEYS 48 */ 49 50 /* 51 * Predefined flavors 52 */ 53 /* Thales nCipher */ 54 #define PK11_THALES_FLAVOR 0 55 /* SoftHSMv1 with SHA224 */ 56 #define PK11_SOFTHSMV1_FLAVOR 1 57 /* SoftHSMv2 */ 58 #define PK11_SOFTHSMV2_FLAVOR 2 59 /* Cryptech */ 60 #define PK11_CRYPTECH_FLAVOR 3 61 /* AEP Keyper */ 62 #define PK11_AEP_FLAVOR 4 63 /* Utimaco HSM */ 64 #define PK11_UTIMACO_FLAVOR 5 65 66 /* Default is for Thales nCipher */ 67 #ifndef PK11_FLAVOR 68 #define PK11_FLAVOR PK11_THALES_FLAVOR 69 #endif 70 71 #if PK11_FLAVOR == PK11_THALES_FLAVOR 72 #define PK11_DH_PKCS_PARAMETER_GEN_SKIP 73 /* doesn't work but supported #define PK11_DSA_PARAMETER_GEN_SKIP */ 74 #define PK11_MD5_HMAC_REPLACE 75 #endif 76 77 #if PK11_FLAVOR == PK11_SOFTHSMV1_FLAVOR 78 #define PK11_PAD_HMAC_KEYS 79 #endif 80 81 #if PK11_FLAVOR == PK11_SOFTHSMV2_FLAVOR 82 /* SoftHSMv2 was updated to enforce minimal key sizes... argh! */ 83 #define PK11_MD5_HMAC_REPLACE 84 #define PK11_SHA_1_HMAC_REPLACE 85 #define PK11_SHA224_HMAC_REPLACE 86 #define PK11_SHA256_HMAC_REPLACE 87 #define PK11_SHA384_HMAC_REPLACE 88 #define PK11_SHA512_HMAC_REPLACE 89 #endif 90 91 #if PK11_FLAVOR == PK11_CRYPTECH_FLAVOR 92 #define PK11_DH_DISABLE 93 #define PK11_DSA_DISABLE 94 #define PK11_MD5_DISABLE 95 #define PK11_SHA_1_HMAC_REPLACE 96 #define PK11_SHA224_HMAC_REPLACE 97 #define PK11_SHA256_HMAC_REPLACE 98 #define PK11_SHA384_HMAC_REPLACE 99 #define PK11_SHA512_HMAC_REPLACE 100 #endif 101 102 #if PK11_FLAVOR == PK11_AEP_FLAVOR 103 #define PK11_DH_DISABLE 104 #define PK11_DSA_DISABLE 105 #define PK11_RSA_PKCS_REPLACE 106 #define PK11_MD5_HMAC_REPLACE 107 #define PK11_SHA_1_HMAC_REPLACE 108 #define PK11_SHA224_HMAC_REPLACE 109 #define PK11_SHA256_HMAC_REPLACE 110 #define PK11_SHA384_HMAC_REPLACE 111 #define PK11_SHA512_HMAC_REPLACE 112 #endif 113 114 #endif /* PK11_SITE_H */ 115