1 /*
2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3  *
4  * This Source Code Form is subject to the terms of the Mozilla Public
5  * License, v. 2.0. If a copy of the MPL was not distributed with this
6  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
7  *
8  * See the COPYRIGHT file distributed with this work for additional
9  * information regarding copyright ownership.
10  */
11 
12 /* The documentation about this file is in README.site */
13 
14 #ifndef PK11_SITE_H
15 #define PK11_SITE_H 1
16 
17 /*! \file pk11/site.h */
18 
19 /*\brief Put here specific PKCS#11 tweaks
20  *
21  *\li PK11_<mechanism>_SKIP:
22  *	Don't consider the lack of this mechanism as a fatal error.
23  *
24  *\li PK11_<mechanism>_REPLACE:
25  *      Same as SKIP, and implement the mechanism using lower-level steps.
26  *
27  *\li PK11_<algorithm>_DISABLE:
28  *	Same as SKIP, and disable support for the algorithm.
29  *
30  *\li PK11_PAD_HMAC_KEYS:
31  *	Extend HMAC keys shorter than digest length.
32  */
33 
34 /* current implemented flags are:
35 PK11_DH_PKCS_PARAMETER_GEN_SKIP
36 PK11_DSA_PARAMETER_GEN_SKIP
37 PK11_RSA_PKCS_REPLACE
38 PK11_MD5_HMAC_REPLACE
39 PK11_SHA_1_HMAC_REPLACE
40 PK11_SHA224_HMAC_REPLACE
41 PK11_SHA256_HMAC_REPLACE
42 PK11_SHA384_HMAC_REPLACE
43 PK11_SHA512_HMAC_REPLACE
44 PK11_MD5_DISABLE
45 PK11_DSA_DISABLE
46 PK11_DH_DISABLE
47 PK11_PAD_HMAC_KEYS
48 */
49 
50 /*
51  * Predefined flavors
52  */
53 /* Thales nCipher */
54 #define PK11_THALES_FLAVOR 0
55 /* SoftHSMv1 with SHA224 */
56 #define PK11_SOFTHSMV1_FLAVOR 1
57 /* SoftHSMv2 */
58 #define PK11_SOFTHSMV2_FLAVOR 2
59 /* Cryptech */
60 #define PK11_CRYPTECH_FLAVOR 3
61 /* AEP Keyper */
62 #define PK11_AEP_FLAVOR 4
63 /* Utimaco HSM */
64 #define PK11_UTIMACO_FLAVOR 5
65 
66 /* Default is for Thales nCipher */
67 #ifndef PK11_FLAVOR
68 #define PK11_FLAVOR PK11_THALES_FLAVOR
69 #endif
70 
71 #if PK11_FLAVOR == PK11_THALES_FLAVOR
72 #define PK11_DH_PKCS_PARAMETER_GEN_SKIP
73 /* doesn't work but supported #define PK11_DSA_PARAMETER_GEN_SKIP */
74 #define PK11_MD5_HMAC_REPLACE
75 #endif
76 
77 #if PK11_FLAVOR == PK11_SOFTHSMV1_FLAVOR
78 #define PK11_PAD_HMAC_KEYS
79 #endif
80 
81 #if PK11_FLAVOR == PK11_SOFTHSMV2_FLAVOR
82 /* SoftHSMv2 was updated to enforce minimal key sizes... argh! */
83 #define PK11_MD5_HMAC_REPLACE
84 #define PK11_SHA_1_HMAC_REPLACE
85 #define PK11_SHA224_HMAC_REPLACE
86 #define PK11_SHA256_HMAC_REPLACE
87 #define PK11_SHA384_HMAC_REPLACE
88 #define PK11_SHA512_HMAC_REPLACE
89 #endif
90 
91 #if PK11_FLAVOR == PK11_CRYPTECH_FLAVOR
92 #define PK11_DH_DISABLE
93 #define PK11_DSA_DISABLE
94 #define PK11_MD5_DISABLE
95 #define PK11_SHA_1_HMAC_REPLACE
96 #define PK11_SHA224_HMAC_REPLACE
97 #define PK11_SHA256_HMAC_REPLACE
98 #define PK11_SHA384_HMAC_REPLACE
99 #define PK11_SHA512_HMAC_REPLACE
100 #endif
101 
102 #if PK11_FLAVOR == PK11_AEP_FLAVOR
103 #define PK11_DH_DISABLE
104 #define PK11_DSA_DISABLE
105 #define PK11_RSA_PKCS_REPLACE
106 #define PK11_MD5_HMAC_REPLACE
107 #define PK11_SHA_1_HMAC_REPLACE
108 #define PK11_SHA224_HMAC_REPLACE
109 #define PK11_SHA256_HMAC_REPLACE
110 #define PK11_SHA384_HMAC_REPLACE
111 #define PK11_SHA512_HMAC_REPLACE
112 #endif
113 
114 #endif /* PK11_SITE_H */
115