1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef _PKCS11N_H_ 6 #define _PKCS11N_H_ 7 8 /* 9 * pkcs11n.h 10 * 11 * This file contains the NSS-specific type definitions for Cryptoki 12 * (PKCS#11). 13 */ 14 15 /* 16 * NSSCK_VENDOR_NSS 17 * 18 * Cryptoki reserves the high half of all the number spaces for 19 * vendor-defined use. I'd like to keep all of our NSS- 20 * specific values together, but not in the oh-so-obvious 21 * 0x80000001, 0x80000002, etc. area. So I've picked an offset, 22 * and constructed values for the beginnings of our spaces. 23 * 24 * Note that some "historical" Netscape values don't fall within 25 * this range. 26 */ 27 #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */ 28 29 /* 30 * NSS-defined object classes 31 * 32 */ 33 #define CKO_NSS (CKO_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 34 35 #define CKO_NSS_CRL (CKO_NSS + 1) 36 #define CKO_NSS_SMIME (CKO_NSS + 2) 37 #define CKO_NSS_TRUST (CKO_NSS + 3) 38 #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) 39 #define CKO_NSS_NEWSLOT (CKO_NSS + 5) 40 #define CKO_NSS_DELSLOT (CKO_NSS + 6) 41 #define CKO_NSS_VALIDATION (CKO_NSS + 7) 42 43 #define CKV_NSS_FIPS_140 (CKO_NSS + 1) 44 45 /* 46 * NSS-defined key types 47 * 48 */ 49 #define CKK_NSS (CKK_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 50 51 #define CKK_NSS_PKCS8 (CKK_NSS + 1) 52 53 #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) 54 #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) 55 56 #define CKK_NSS_CHACHA20 (CKK_NSS + 4) 57 58 /* 59 * NSS-defined certificate types 60 * 61 */ 62 #define CKC_NSS (CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 63 64 /* FAKE PKCS #11 defines */ 65 #define CKA_DIGEST 0x81000000L 66 #define CKA_NSS_MESSAGE 0x82000000L 67 #define CKA_NSS_MESSAGE_MASK 0xff000000L 68 #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ 69 70 /* 71 * NSS-defined object attributes 72 * 73 */ 74 #define CKA_NSS (CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 75 76 #define CKA_NSS_URL (CKA_NSS + 1) 77 #define CKA_NSS_EMAIL (CKA_NSS + 2) 78 #define CKA_NSS_SMIME_INFO (CKA_NSS + 3) 79 #define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4) 80 #define CKA_NSS_PKCS8_SALT (CKA_NSS + 5) 81 #define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6) 82 #define CKA_NSS_EXPIRES (CKA_NSS + 7) 83 #define CKA_NSS_KRL (CKA_NSS + 8) 84 85 #define CKA_NSS_PQG_COUNTER (CKA_NSS + 20) 86 #define CKA_NSS_PQG_SEED (CKA_NSS + 21) 87 #define CKA_NSS_PQG_H (CKA_NSS + 22) 88 #define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23) 89 #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) 90 #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) 91 92 #define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26) 93 #define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27) 94 #define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28) 95 #define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29) 96 #define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30) 97 #define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31) 98 #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) 99 #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) 100 101 #define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34) 102 #define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35) 103 #define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36) 104 105 #define CKA_NSS_VALIDATION_TYPE (CKA_NSS + 36) 106 #define CKA_NSS_VALIDATION_VERSION (CKA_NSS + 37) 107 #define CKA_NSS_VALIDATION_LEVEL (CKA_NSS + 38) 108 #define CKA_NSS_VALIDATION_MODULE_ID (CKA_NSS + 39) 109 110 /* 111 * Trust attributes: 112 * 113 * If trust goes standard, these probably will too. So I'll 114 * put them all in one place. 115 */ 116 117 #define CKA_TRUST (CKA_NSS + 0x2000) 118 119 /* "Usage" key information */ 120 #define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1) 121 #define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2) 122 #define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3) 123 #define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4) 124 #define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5) 125 #define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6) 126 #define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7) 127 128 /* "Purpose" trust information */ 129 #define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8) 130 #define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9) 131 #define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10) 132 #define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11) 133 #define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12) 134 #define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13) 135 #define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14) 136 #define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15) 137 #define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16) 138 139 #define CKA_CERT_SHA1_HASH (CKA_TRUST + 100) 140 #define CKA_CERT_MD5_HASH (CKA_TRUST + 101) 141 142 /* NSS trust stuff */ 143 144 /* HISTORICAL: define used to pass in the database key for DSA private keys */ 145 #define CKA_NSS_DB 0xD5A0DB00L 146 #define CKA_NSS_TRUST 0x80000001L 147 148 /* FAKE PKCS #11 defines */ 149 #define CKM_FAKE_RANDOM 0x80000efeUL 150 #define CKM_INVALID_MECHANISM 0xffffffffUL 151 #define CKT_INVALID_TYPE 0xffffffffUL 152 153 /* 154 * NSS-defined crypto mechanisms 155 * 156 */ 157 #define CKM_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 158 159 #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) 160 #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) 161 162 /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ 163 #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) 164 #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) 165 #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) 166 #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) 167 168 /* J-PAKE round 1 key generation mechanisms. 169 * 170 * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, 171 * CKA_NSS_JPAKE_SIGNERID 172 * Output key type: CKK_NSS_JPAKE_ROUND1 173 * Output key class: CKO_PRIVATE_KEY 174 * Parameter type: CK_NSS_JPAKERound1Params 175 * 176 */ 177 #define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7) 178 #define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8) 179 #define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9) 180 #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) 181 182 /* J-PAKE round 2 key derivation mechanisms. 183 * 184 * Required template attributes: CKA_NSS_JPAKE_PEERID 185 * Input key type: CKK_NSS_JPAKE_ROUND1 186 * Output key type: CKK_NSS_JPAKE_ROUND2 187 * Output key class: CKO_PRIVATE_KEY 188 * Parameter type: CK_NSS_JPAKERound2Params 189 */ 190 #define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11) 191 #define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12) 192 #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) 193 #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) 194 195 /* J-PAKE final key material derivation mechanisms 196 * 197 * Input key type: CKK_NSS_JPAKE_ROUND2 198 * Output key type: CKK_GENERIC_SECRET 199 * Output key class: CKO_SECRET_KEY 200 * Parameter type: CK_NSS_JPAKEFinalParams 201 * 202 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 203 * to get a key with uniformly distributed bits. 204 */ 205 #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) 206 #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) 207 #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) 208 #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) 209 210 /* Constant-time MAC mechanisms: 211 * 212 * These operations verify a padded, MAC-then-encrypt block of data in 213 * constant-time. Because of the order of operations, the padding bytes are not 214 * protected by the MAC. However, disclosing the value of the padding bytes 215 * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be 216 * as subtle as taking slightly less time to perform the MAC when the padding 217 * is one byte longer. See https://www.isg.rhul.ac.uk/tls/ 218 * 219 * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication. 220 * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC. 221 * 222 * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS 223 */ 224 #define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) 225 #define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) 226 227 /* TLS 1.2 mechanisms */ 228 #define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) 229 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) 230 #define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) 231 #define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) 232 233 /* TLS extended master secret derivation */ 234 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) 235 #define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) 236 237 #define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) 238 #define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) 239 240 /* Additional PKCS #12 PBE algorithms defined in v1.1 */ 241 #define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29) 242 #define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30) 243 #define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31) 244 #define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32) 245 246 #define CKM_NSS_CHACHA20_CTR (CKM_NSS + 33) 247 248 /* IKE mechanism (to be proposed to PKCS #11 */ 249 #define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 34) 250 #define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 35) 251 #define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 36) 252 #define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 37) 253 254 #define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40) 255 256 /* SP800-108 NSS mechanism with support for data object derivation */ 257 #define CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA (CKM_NSS + 42) 258 #define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43) 259 #define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44) 260 261 /* 262 * HISTORICAL: 263 * Do not attempt to use these. They are only used by NSS's internal 264 * PKCS #11 interface. Most of these are place holders for other mechanism 265 * and will change in the future. 266 */ 267 #define CKM_NSS_PBE_SHA1_DES_CBC 0x80000002UL 268 #define CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL 269 #define CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL 270 #define CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL 271 #define CKM_NSS_PBE_SHA1_40_BIT_RC4 0x80000006UL 272 #define CKM_NSS_PBE_SHA1_128_BIT_RC4 0x80000007UL 273 #define CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL 274 #define CKM_NSS_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL 275 #define CKM_NSS_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL 276 #define CKM_NSS_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL 277 278 #define CKM_TLS_PRF_GENERAL 0x80000373UL 279 280 /* FIPS Indicator defines */ 281 #define CKS_NSS_UNINITIALIZED 0xffffffffUL 282 #define CKS_NSS_FIPS_NOT_OK 0UL 283 #define CKS_NSS_FIPS_OK 1UL 284 285 #define CKT_NSS_SESSION_CHECK 1UL 286 #define CKT_NSS_OBJECT_CHECK 2UL 287 #define CKT_NSS_BOTH_CHECK 3UL 288 #define CKT_NSS_SESSION_LAST_CHECK 4UL 289 290 typedef struct CK_NSS_JPAKEPublicValue { 291 CK_BYTE *pGX; 292 CK_ULONG ulGXLen; 293 CK_BYTE *pGV; 294 CK_ULONG ulGVLen; 295 CK_BYTE *pR; 296 CK_ULONG ulRLen; 297 } CK_NSS_JPAKEPublicValue; 298 299 typedef struct CK_NSS_JPAKERound1Params { 300 CK_NSS_JPAKEPublicValue gx1; /* out */ 301 CK_NSS_JPAKEPublicValue gx2; /* out */ 302 } CK_NSS_JPAKERound1Params; 303 304 typedef struct CK_NSS_JPAKERound2Params { 305 CK_BYTE *pSharedKey; /* in */ 306 CK_ULONG ulSharedKeyLen; /* in */ 307 CK_NSS_JPAKEPublicValue gx3; /* in */ 308 CK_NSS_JPAKEPublicValue gx4; /* in */ 309 CK_NSS_JPAKEPublicValue A; /* out */ 310 } CK_NSS_JPAKERound2Params; 311 312 typedef struct CK_NSS_JPAKEFinalParams { 313 CK_NSS_JPAKEPublicValue B; /* in */ 314 } CK_NSS_JPAKEFinalParams; 315 316 /* macAlg: the MAC algorithm to use. This determines the hash function used in 317 * the HMAC/SSLv3 MAC calculations. 318 * ulBodyTotalLen: the total length of the data, including padding bytes and 319 * padding length. 320 * pHeader: points to a block of data that contains additional data to 321 * authenticate. For TLS this includes the sequence number etc. For SSLv3, 322 * this also includes the initial padding bytes. 323 * 324 * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and 325 * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen 326 * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an 327 * unsigned int variable to represent the length in bits. This should not 328 * be a problem because the SSL/TLS protocol limits the size of an SSL 329 * record to something considerably less than 2^32 bytes. 330 */ 331 typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { 332 CK_MECHANISM_TYPE macAlg; /* in */ 333 CK_ULONG ulBodyTotalLen; /* in */ 334 CK_BYTE *pHeader; /* in */ 335 CK_ULONG ulHeaderLen; /* in */ 336 } CK_NSS_MAC_CONSTANT_TIME_PARAMS; 337 338 typedef struct CK_NSS_AEAD_PARAMS { 339 CK_BYTE_PTR pNonce; 340 CK_ULONG ulNonceLen; 341 CK_BYTE_PTR pAAD; 342 CK_ULONG ulAADLen; 343 CK_ULONG ulTagLen; 344 } CK_NSS_AEAD_PARAMS; 345 346 /* 347 * NSS-defined return values 348 * 349 */ 350 #define CKR_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 351 352 #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) 353 #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) 354 355 /* NSS specific types */ 356 typedef CK_ULONG CK_NSS_VALIDATION_TYPE; 357 358 /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. 359 See RFC 5869. 360 361 bExtract: If set, HKDF-Extract will be applied to the input key. If 362 the optional salt is given, it is used; otherwise, the salt is 363 set to a sequence of zeros equal in length to the HMAC output. 364 If bExpand is not set, then the key template given to 365 C_DeriveKey must indicate an output key size less than or equal 366 to the output size of the HMAC. 367 368 bExpand: If set, HKDF-Expand will be applied to the input key (if 369 bExtract is not set) or to the result of HKDF-Extract (if 370 bExtract is set). Any info given in the optional pInfo field will 371 be included in the calculation. 372 373 The size of the output key must be specified in the template passed to 374 C_DeriveKey. 375 */ 376 typedef struct CK_NSS_HKDFParams { 377 CK_BBOOL bExtract; 378 CK_BYTE_PTR pSalt; 379 CK_ULONG ulSaltLen; 380 CK_BBOOL bExpand; 381 CK_BYTE_PTR pInfo; 382 CK_ULONG ulInfoLen; 383 } CK_NSS_HKDFParams; 384 385 /* 386 * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to 387 * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism. 388 * The fields of the structure have the following meanings: 389 * prfMechanism underlying MAC mechanism used to generate the prf. 390 * bHasSeedKey hSeed key is present. 391 * hSeedKey optional seed from key 392 * pSeedData optional seed from data. 393 * ulSeedDataLen length of optional seed data. 394 * If no seed data is present this value is NULL. 395 */ 396 typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS { 397 CK_MECHANISM_TYPE prfMechanism; 398 CK_BBOOL bHasSeedKey; 399 CK_OBJECT_HANDLE hSeedKey; 400 CK_BYTE_PTR pSeedData; 401 CK_ULONG ulSeedDataLen; 402 } CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS; 403 404 /* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to 405 * the CKM_NSS_IKE_PRF_DERIVE mechanism. 406 * 407 * The fields of the structure have the following meanings: 408 * prfMechanism underlying MAC mechanism used to generate the prf. 409 * bRekey hNewKey is present. 410 * pNi Ni value 411 * ulNiLen length of Ni 412 * pNr Nr value 413 * ulNrLen length of Nr 414 * hNewKey New key value to drive the rekey. 415 */ 416 typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS { 417 CK_MECHANISM_TYPE prfMechanism; 418 CK_BBOOL bDataAsKey; 419 CK_BBOOL bRekey; 420 CK_BYTE_PTR pNi; 421 CK_ULONG ulNiLen; 422 CK_BYTE_PTR pNr; 423 CK_ULONG ulNrLen; 424 CK_OBJECT_HANDLE hNewKey; 425 } CK_NSS_IKE_PRF_DERIVE_PARAMS; 426 427 /* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters 428 * to the CKM_NSS_IKE_PRF_DERIVE mechanism. 429 * 430 * The fields of the structure have the following meanings: 431 * prfMechanism underlying MAC mechanism used to generate the prf. 432 * bRekey hNewKey is present. 433 * pCKYi CKYi value 434 * ulCKYiLen length of CKYi 435 * pCKYr CKYr value 436 * ulCKYrLen length of CKYr 437 * hNewKey New key value to drive the rekey. 438 */ 439 typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS { 440 CK_MECHANISM_TYPE prfMechanism; 441 CK_BBOOL bHasPrevKey; 442 CK_OBJECT_HANDLE hKeygxy; 443 CK_OBJECT_HANDLE hPrevKey; 444 CK_BYTE_PTR pCKYi; 445 CK_ULONG ulCKYiLen; 446 CK_BYTE_PTR pCKYr; 447 CK_ULONG ulCKYrLen; 448 CK_BYTE keyNumber; 449 } CK_NSS_IKE1_PRF_DERIVE_PARAMS; 450 451 /* CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS is a structure that provides the 452 * parameters to the CKM_NSS_IKE_APP_B_PRF_DERIVE mechanism. 453 * 454 * The fields of the structure have the following meanings: 455 * prfMechanism underlying MAC mechanism used to generate the prf. 456 * bHasKeygxy hKeygxy exists 457 * hKeygxy optional key to hash in the prf 458 * pExtraData optional extra data to hash in the prf 459 * ulExtraData length of the optional extra data. 460 * 461 * CK_NSS_IKE_APP_B_PRF_DERIVE can take wither CK_NSS_IKE1_APP_B_PRF_DRIVE_PARAMS 462 * or a single CK_MECHANISM_TYPE. In the latter cases bHashKeygx is assumed to 463 * be false and ulExtraDataLen is assumed to be '0'. 464 */ 465 typedef struct CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS { 466 CK_MECHANISM_TYPE prfMechanism; 467 CK_BBOOL bHasKeygxy; 468 CK_OBJECT_HANDLE hKeygxy; 469 CK_BYTE_PTR pExtraData; 470 CK_ULONG ulExtraDataLen; 471 } CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS; 472 473 /* 474 * Parameter for the TLS extended master secret key derivation mechanisms: 475 * 476 * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE 477 * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH 478 * 479 * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash 480 * function used. For earlier versions of the PRF, set the prfHashMechanism 481 * value to CKM_TLS_PRF. 482 * 483 * The session hash input is expected to be the output of the same hash 484 * function as the PRF uses (as required by draft-ietf-tls-session-hash). So 485 * the ulSessionHashLen member must be equal the output length of the hash 486 * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF, 487 * the length of concatenated MD5 and SHA-1 digests). 488 * 489 */ 490 typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS { 491 CK_MECHANISM_TYPE prfHashMechanism; 492 CK_BYTE_PTR pSessionHash; 493 CK_ULONG ulSessionHashLen; 494 CK_VERSION_PTR pVersion; 495 } CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS; 496 497 /* 498 * Trust info 499 * 500 * This isn't part of the Cryptoki standard (yet), so I'm putting 501 * all the definitions here. Some of this would move to nssckt.h 502 * if trust info were made part of the standard. In view of this 503 * possibility, I'm putting my (NSS) values in the NSS 504 * vendor space, like everything else. 505 */ 506 507 typedef CK_ULONG CK_TRUST; 508 509 /* The following trust types are defined: */ 510 #define CKT_VENDOR_DEFINED 0x80000000 511 512 #define CKT_NSS (CKT_VENDOR_DEFINED | NSSCK_VENDOR_NSS) 513 514 /* If trust goes standard, these'll probably drop out of vendor space. */ 515 #define CKT_NSS_TRUSTED (CKT_NSS + 1) 516 #define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2) 517 #define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3) 518 #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) 519 #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ 520 521 /* 522 * These may well remain NSS-specific; I'm only using them 523 * to cache resolution data. 524 */ 525 #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) 526 527 /* 528 * old definitions. They still exist, but the plain meaning of the 529 * labels have never been accurate to what was really implemented. 530 * The new labels correctly reflect what the values effectively mean. 531 */ 532 #if defined(__GNUC__) && (__GNUC__ > 3) 533 /* make GCC warn when we use these #defines */ 534 /* 535 * This is really painful because GCC doesn't allow us to mark random 536 * #defines as deprecated. We can only mark the following: 537 * functions, variables, and types. 538 * const variables will create extra storage for everyone including this 539 * header file, so it's undesirable. 540 * functions could be inlined to prevent storage creation, but will fail 541 * when constant values are expected (like switch statements). 542 * enum types do not seem to pay attention to the deprecated attribute. 543 * 544 * That leaves typedefs. We declare new types that we then deprecate, then 545 * cast the resulting value to the deprecated type in the #define, thus 546 * producting the warning when the #define is used. 547 */ 548 #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) 549 /* The mac doesn't like the friendlier deprecate messages. I'm assuming this 550 * is a gcc version issue rather than mac or ppc specific */ 551 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); 552 typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated)); 553 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated)); 554 #else 555 /* when possible, get a full deprecation warning. This works on gcc 4.5 556 * it may work on earlier versions of gcc */ 557 typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST"))); 558 typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED"))); 559 typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN"))); 560 #endif 561 #define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST) 562 #define CKT_NSS_VALID ((__CKT_NSS_VALID)CKT_NSS_NOT_TRUSTED) 563 /* keep the old value for compatibility reasons*/ 564 #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4)) 565 #else 566 #ifdef _WIN32 567 /* This magic gets the windows compiler to give us a deprecation 568 * warning */ 569 #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) 570 #endif 571 /* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */ 572 #define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST 573 /* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */ 574 #define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED 575 /* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */ 576 #define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/ 577 #endif 578 579 /* 580 * These are not really PKCS #11 values specifically. They are the 'loadable' 581 * module spec NSS uses. They are available for others to use as well, but not 582 * part of the formal PKCS #11 spec. 583 * 584 * The function 'FIND' returns an array of PKCS #11 initialization strings 585 * The function 'ADD' takes a PKCS #11 initialization string and stores it. 586 * The function 'DEL' takes a 'name= library=' value and deletes the associated 587 * string. 588 * The function 'RELEASE' frees the array returned by 'FIND' 589 */ 590 #define SECMOD_MODULE_DB_FUNCTION_FIND 0 591 #define SECMOD_MODULE_DB_FUNCTION_ADD 1 592 #define SECMOD_MODULE_DB_FUNCTION_DEL 2 593 #define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 594 typedef char **(PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, 595 char *parameters, void *moduleSpec); 596 597 /* softoken slot ID's */ 598 #define SFTK_MIN_USER_SLOT_ID 4 599 #define SFTK_MAX_USER_SLOT_ID 100 600 #define SFTK_MIN_FIPS_USER_SLOT_ID 101 601 #define SFTK_MAX_FIPS_USER_SLOT_ID 127 602 603 /* Module Interface. This is the old NSS private module interface, now exported 604 * as a PKCS #11 v3 interface. It's interface name is 605 * "Vendor NSS Module Interface" */ 606 typedef char **(*CK_NSS_ModuleDBFunc)(unsigned long function, 607 char *parameters, void *args); 608 typedef struct CK_NSS_MODULE_FUNCTIONS { 609 CK_VERSION version; 610 CK_NSS_ModuleDBFunc NSC_ModuleDBFunc; 611 } CK_NSS_MODULE_FUNCTIONS; 612 613 /* FIPS Indicator Interface. This may move to the normal PKCS #11 table 614 * in the future. For now it's called "Vendor NSS FIPS Interface" */ 615 typedef CK_RV (*CK_NSS_GetFIPSStatus)(CK_SESSION_HANDLE hSession, 616 CK_OBJECT_HANDLE hObject, 617 CK_ULONG ulOperationType, 618 CK_ULONG *pulFIPSStatus); 619 620 typedef struct CK_NSS_FIPS_FUNCTIONS { 621 CK_VERSION version; 622 CK_NSS_GetFIPSStatus NSC_NSSGetFIPSStatus; 623 } CK_NSS_FIPS_FUNCTIONS; 624 625 /* There was an inconsistency between the spec and the header file in defining 626 * the CK_GCM_PARAMS structure. The authoritative reference is the header file, 627 * but NSS used the spec when adding it to its own header. In V3 we've 628 * corrected it, but we need to handle the old case for devices that followed 629 * us in using the incorrect specification. */ 630 typedef struct CK_NSS_GCM_PARAMS { 631 CK_BYTE_PTR pIv; 632 CK_ULONG ulIvLen; 633 CK_BYTE_PTR pAAD; 634 CK_ULONG ulAADLen; 635 CK_ULONG ulTagBits; 636 } CK_NSS_GCM_PARAMS; 637 638 typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR; 639 640 /* deprecated #defines. Drop in future NSS releases */ 641 #ifdef NSS_PKCS11_2_0_COMPAT 642 643 /* defines that were changed between NSS's PKCS #11 and the Oasis headers */ 644 #define CKF_EC_FP CKF_EC_F_P 645 #define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS 646 #define CK_INVALID_SESSION CK_INVALID_HANDLE 647 #define CKR_KEY_PARAMS_INVALID 0x0000006B 648 649 /* use the old wrong CK_GCM_PARAMS if NSS_PCKS11_2_0_COMPAT is defined */ 650 typedef struct CK_NSS_GCM_PARAMS CK_GCM_PARAMS; 651 typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; 652 653 /* don't leave old programs in a lurch just yet, give them the old NETSCAPE 654 * synonym if NSS_PKCS11_2_0_COMPAT is defined*/ 655 #define CKO_NETSCAPE_CRL CKO_NSS_CRL 656 #define CKO_NETSCAPE_SMIME CKO_NSS_SMIME 657 #define CKO_NETSCAPE_TRUST CKO_NSS_TRUST 658 #define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST 659 #define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT 660 #define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT 661 #define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8 662 #define CKA_NETSCAPE_URL CKA_NSS_URL 663 #define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL 664 #define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO 665 #define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP 666 #define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT 667 #define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK 668 #define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES 669 #define CKA_NETSCAPE_KRL CKA_NSS_KRL 670 #define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER 671 #define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED 672 #define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H 673 #define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS 674 #define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC 675 #define CKA_NETSCAPE_DB CKA_NSS_DB 676 #define CKA_NETSCAPE_TRUST CKA_NSS_TRUST 677 #define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP 678 #define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD 679 #define CKM_NETSCAPE_PBE_SHA1_DES_CBC CKM_NSS_PBE_SHA1_DES_CBC 680 #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC 681 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC 682 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC 683 #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 CKM_NSS_PBE_SHA1_40_BIT_RC4 684 #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 CKM_NSS_PBE_SHA1_128_BIT_RC4 685 #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC 686 #define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN CKM_NSS_PBE_SHA1_HMAC_KEY_GEN 687 #define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN CKM_NSS_PBE_MD5_HMAC_KEY_GEN 688 #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN CKM_NSS_PBE_MD2_HMAC_KEY_GEN 689 #define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED 690 #define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED 691 692 #define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED 693 #define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR 694 #define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED 695 #define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY 696 #define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN 697 #define CKT_NETSCAPE_VALID CKT_NSS_VALID 698 #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR 699 #else 700 /* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */ 701 typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS; 702 typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR; 703 #endif 704 705 #endif /* _PKCS11N_H_ */ 706