1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef NSSCKMDT_H 6 #define NSSCKMDT_H 7 8 /* 9 * nssckmdt.h 10 * 11 * This file specifies the basic types that must be implemented by 12 * any Module using the NSS Cryptoki Framework. 13 */ 14 15 #ifndef NSSBASET_H 16 #include "nssbaset.h" 17 #endif /* NSSBASET_H */ 18 19 #ifndef NSSCKT_H 20 #include "nssckt.h" 21 #endif /* NSSCKT_H */ 22 23 #ifndef NSSCKFWT_H 24 #include "nssckfwt.h" 25 #endif /* NSSCKFWT_H */ 26 27 typedef struct NSSCKMDInstanceStr NSSCKMDInstance; 28 typedef struct NSSCKMDSlotStr NSSCKMDSlot; 29 typedef struct NSSCKMDTokenStr NSSCKMDToken; 30 typedef struct NSSCKMDSessionStr NSSCKMDSession; 31 typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation; 32 typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects; 33 typedef struct NSSCKMDMechanismStr NSSCKMDMechanism; 34 typedef struct NSSCKMDObjectStr NSSCKMDObject; 35 36 /* 37 * NSSCKFWItem 38 * 39 * This is a structure used by modules to return object attributes. 40 * The needsFreeing bit indicates whether the object needs to be freed. 41 * If so, the framework will call the FreeAttribute function on the item 42 * after it is done using it. 43 * 44 */ 45 46 typedef struct { 47 PRBool needsFreeing; 48 NSSItem *item; 49 } NSSCKFWItem; 50 51 /* 52 * NSSCKMDInstance 53 * 54 * This is the basic handle for an instance of a PKCS#11 Module. 55 * It is returned by the Module's CreateInstance routine, and 56 * may be obtained from the corresponding NSSCKFWInstance object. 57 * It contains a pointer for use by the Module, to store any 58 * instance-related data, and it contains the EPV for a set of 59 * routines which the Module may implement for use by the Framework. 60 * Some of these routines are optional; others are mandatory. 61 */ 62 63 struct NSSCKMDInstanceStr { 64 /* 65 * The Module may use this pointer for its own purposes. 66 */ 67 void *etc; 68 69 /* 70 * This routine is called by the Framework to initialize 71 * the Module. This routine is optional; if unimplemented, 72 * it won't be called. If this routine returns an error, 73 * then the initialization will fail. 74 */ 75 CK_RV(PR_CALLBACK *Initialize) 76 ( 77 NSSCKMDInstance *mdInstance, 78 NSSCKFWInstance *fwInstance, 79 NSSUTF8 *configurationData); 80 81 /* 82 * This routine is called when the Framework is finalizing 83 * the PKCS#11 Module. It is the last thing called before 84 * the NSSCKFWInstance's NSSArena is destroyed. This routine 85 * is optional; if unimplemented, it merely won't be called. 86 */ 87 void(PR_CALLBACK *Finalize)( 88 NSSCKMDInstance *mdInstance, 89 NSSCKFWInstance *fwInstance); 90 91 /* 92 * This routine gets the number of slots. This value must 93 * never change, once the instance is initialized. This 94 * routine must be implemented. It may return zero on error. 95 */ 96 CK_ULONG(PR_CALLBACK *GetNSlots) 97 ( 98 NSSCKMDInstance *mdInstance, 99 NSSCKFWInstance *fwInstance, 100 CK_RV *pError); 101 102 /* 103 * This routine returns the version of the Cryptoki standard 104 * to which this Module conforms. This routine is optional; 105 * if unimplemented, the Framework uses the version to which 106 * ~it~ was implemented. 107 */ 108 CK_VERSION(PR_CALLBACK *GetCryptokiVersion) 109 ( 110 NSSCKMDInstance *mdInstance, 111 NSSCKFWInstance *fwInstance); 112 113 /* 114 * This routine returns a pointer to a UTF8-encoded string 115 * containing the manufacturer ID for this Module. Only 116 * the characters completely encoded in the first thirty- 117 * two bytes are significant. This routine is optional. 118 * The string returned is never freed; if dynamically generated, 119 * the space for it should be allocated from the NSSArena 120 * that may be obtained from the NSSCKFWInstance. This 121 * routine may return NULL upon error; however if *pError 122 * is CKR_OK, the NULL will be considered the valid response. 123 */ 124 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 125 NSSCKMDInstance *mdInstance, 126 NSSCKFWInstance *fwInstance, 127 CK_RV *pError); 128 129 /* 130 * This routine returns a pointer to a UTF8-encoded string 131 * containing a description of this Module library. Only 132 * the characters completely encoded in the first thirty- 133 * two bytes are significant. This routine is optional. 134 * The string returned is never freed; if dynamically generated, 135 * the space for it should be allocated from the NSSArena 136 * that may be obtained from the NSSCKFWInstance. This 137 * routine may return NULL upon error; however if *pError 138 * is CKR_OK, the NULL will be considered the valid response. 139 */ 140 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( 141 NSSCKMDInstance *mdInstance, 142 NSSCKFWInstance *fwInstance, 143 CK_RV *pError); 144 145 /* 146 * This routine returns the version of this Module library. 147 * This routine is optional; if unimplemented, the Framework 148 * will assume a Module library version of 0.1. 149 */ 150 CK_VERSION(PR_CALLBACK *GetLibraryVersion) 151 ( 152 NSSCKMDInstance *mdInstance, 153 NSSCKFWInstance *fwInstance); 154 155 /* 156 * This routine returns CK_TRUE if the Module wishes to 157 * handle session objects. This routine is optional. 158 * If this routine is NULL, or if it exists but returns 159 * CK_FALSE, the Framework will assume responsibility 160 * for managing session objects. 161 */ 162 CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) 163 ( 164 NSSCKMDInstance *mdInstance, 165 NSSCKFWInstance *fwInstance); 166 167 /* 168 * This routine stuffs pointers to NSSCKMDSlot objects into 169 * the specified array; one for each slot supported by this 170 * instance. The Framework will determine the size needed 171 * for the array by calling GetNSlots. This routine is 172 * required. 173 */ 174 CK_RV(PR_CALLBACK *GetSlots) 175 ( 176 NSSCKMDInstance *mdInstance, 177 NSSCKFWInstance *fwInstance, 178 NSSCKMDSlot *slots[]); 179 180 /* 181 * This call returns a pointer to the slot in which an event 182 * has occurred. If the block argument is CK_TRUE, the call 183 * should block until a slot event occurs; if CK_FALSE, it 184 * should check to see if an event has occurred, occurred, 185 * but return NULL (and set *pError to CK_NO_EVENT) if one 186 * hasn't. This routine is optional; if unimplemented, the 187 * Framework will assume that no event has happened. This 188 * routine may return NULL upon error. 189 */ 190 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( 191 NSSCKMDInstance *mdInstance, 192 NSSCKFWInstance *fwInstance, 193 CK_BBOOL block, 194 CK_RV *pError); 195 196 /* 197 * This object may be extended in future versions of the 198 * NSS Cryptoki Framework. To allow for some flexibility 199 * in the area of binary compatibility, this field should 200 * be NULL. 201 */ 202 void *null; 203 }; 204 205 /* 206 * NSSCKMDSlot 207 * 208 * This is the basic handle for a PKCS#11 Module Slot. It is 209 * created by the NSSCKMDInstance->GetSlots call, and may be 210 * obtained from the Framework's corresponding NSSCKFWSlot 211 * object. It contains a pointer for use by the Module, to 212 * store any slot-related data, and it contains the EPV for 213 * a set of routines which the Module may implement for use 214 * by the Framework. Some of these routines are optional. 215 */ 216 217 struct NSSCKMDSlotStr { 218 /* 219 * The Module may use this pointer for its own purposes. 220 */ 221 void *etc; 222 223 /* 224 * This routine is called during the Framework initialization 225 * step, after the Framework Instance has obtained the list 226 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- 227 * specific initialization can be done here. This routine is 228 * optional; if unimplemented, it won't be called. Note that 229 * if this routine returns an error, the entire Framework 230 * initialization for this Module will fail. 231 */ 232 CK_RV(PR_CALLBACK *Initialize) 233 ( 234 NSSCKMDSlot *mdSlot, 235 NSSCKFWSlot *fwSlot, 236 NSSCKMDInstance *mdInstance, 237 NSSCKFWInstance *fwInstance); 238 239 /* 240 * This routine is called when the Framework is finalizing 241 * the PKCS#11 Module. This call (for each of the slots) 242 * is the last thing called before NSSCKMDInstance->Finalize. 243 * This routine is optional; if unimplemented, it merely 244 * won't be called. Note: In the rare circumstance that 245 * the Framework initialization cannot complete (due to, 246 * for example, memory limitations), this can be called with 247 * a NULL value for fwSlot. 248 */ 249 void(PR_CALLBACK *Destroy)( 250 NSSCKMDSlot *mdSlot, 251 NSSCKFWSlot *fwSlot, 252 NSSCKMDInstance *mdInstance, 253 NSSCKFWInstance *fwInstance); 254 255 /* 256 * This routine returns a pointer to a UTF8-encoded string 257 * containing a description of this slot. Only the characters 258 * completely encoded in the first sixty-four bytes are 259 * significant. This routine is optional. The string 260 * returned is never freed; if dynamically generated, 261 * the space for it should be allocated from the NSSArena 262 * that may be obtained from the NSSCKFWInstance. This 263 * routine may return NULL upon error; however if *pError 264 * is CKR_OK, the NULL will be considered the valid response. 265 */ 266 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( 267 NSSCKMDSlot *mdSlot, 268 NSSCKFWSlot *fwSlot, 269 NSSCKMDInstance *mdInstance, 270 NSSCKFWInstance *fwInstance, 271 CK_RV *pError); 272 273 /* 274 * This routine returns a pointer to a UTF8-encoded string 275 * containing a description of the manufacturer of this slot. 276 * Only the characters completely encoded in the first thirty- 277 * two bytes are significant. This routine is optional. 278 * The string returned is never freed; if dynamically generated, 279 * the space for it should be allocated from the NSSArena 280 * that may be obtained from the NSSCKFWInstance. This 281 * routine may return NULL upon error; however if *pError 282 * is CKR_OK, the NULL will be considered the valid response. 283 */ 284 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 285 NSSCKMDSlot *mdSlot, 286 NSSCKFWSlot *fwSlot, 287 NSSCKMDInstance *mdInstance, 288 NSSCKFWInstance *fwInstance, 289 CK_RV *pError); 290 291 /* 292 * This routine returns CK_TRUE if a token is present in this 293 * slot. This routine is optional; if unimplemented, CK_TRUE 294 * is assumed. 295 */ 296 CK_BBOOL(PR_CALLBACK *GetTokenPresent) 297 ( 298 NSSCKMDSlot *mdSlot, 299 NSSCKFWSlot *fwSlot, 300 NSSCKMDInstance *mdInstance, 301 NSSCKFWInstance *fwInstance); 302 303 /* 304 * This routine returns CK_TRUE if the slot supports removable 305 * tokens. This routine is optional; if unimplemented, CK_FALSE 306 * is assumed. 307 */ 308 CK_BBOOL(PR_CALLBACK *GetRemovableDevice) 309 ( 310 NSSCKMDSlot *mdSlot, 311 NSSCKFWSlot *fwSlot, 312 NSSCKMDInstance *mdInstance, 313 NSSCKFWInstance *fwInstance); 314 315 /* 316 * This routine returns CK_TRUE if this slot is a hardware 317 * device, or CK_FALSE if this slot is a software device. This 318 * routine is optional; if unimplemented, CK_FALSE is assumed. 319 */ 320 CK_BBOOL(PR_CALLBACK *GetHardwareSlot) 321 ( 322 NSSCKMDSlot *mdSlot, 323 NSSCKFWSlot *fwSlot, 324 NSSCKMDInstance *mdInstance, 325 NSSCKFWInstance *fwInstance); 326 327 /* 328 * This routine returns the version of this slot's hardware. 329 * This routine is optional; if unimplemented, the Framework 330 * will assume a hardware version of 0.1. 331 */ 332 CK_VERSION(PR_CALLBACK *GetHardwareVersion) 333 ( 334 NSSCKMDSlot *mdSlot, 335 NSSCKFWSlot *fwSlot, 336 NSSCKMDInstance *mdInstance, 337 NSSCKFWInstance *fwInstance); 338 339 /* 340 * This routine returns the version of this slot's firmware. 341 * This routine is optional; if unimplemented, the Framework 342 * will assume a hardware version of 0.1. 343 */ 344 CK_VERSION(PR_CALLBACK *GetFirmwareVersion) 345 ( 346 NSSCKMDSlot *mdSlot, 347 NSSCKFWSlot *fwSlot, 348 NSSCKMDInstance *mdInstance, 349 NSSCKFWInstance *fwInstance); 350 351 /* 352 * This routine should return a pointer to an NSSCKMDToken 353 * object corresponding to the token in the specified slot. 354 * The NSSCKFWToken object passed in has an NSSArena 355 * available which is dedicated for this token. This routine 356 * must be implemented. This routine may return NULL upon 357 * error. 358 */ 359 NSSCKMDToken *(PR_CALLBACK *GetToken)( 360 NSSCKMDSlot *mdSlot, 361 NSSCKFWSlot *fwSlot, 362 NSSCKMDInstance *mdInstance, 363 NSSCKFWInstance *fwInstance, 364 CK_RV *pError); 365 366 /* 367 * This object may be extended in future versions of the 368 * NSS Cryptoki Framework. To allow for some flexibility 369 * in the area of binary compatibility, this field should 370 * be NULL. 371 */ 372 void *null; 373 }; 374 375 /* 376 * NSSCKMDToken 377 * 378 * This is the basic handle for a PKCS#11 Token. It is created by 379 * the NSSCKMDSlot->GetToken call, and may be obtained from the 380 * Framework's corresponding NSSCKFWToken object. It contains a 381 * pointer for use by the Module, to store any token-related 382 * data, and it contains the EPV for a set of routines which the 383 * Module may implement for use by the Framework. Some of these 384 * routines are optional. 385 */ 386 387 struct NSSCKMDTokenStr { 388 /* 389 * The Module may use this pointer for its own purposes. 390 */ 391 void *etc; 392 393 /* 394 * This routine is used to prepare a Module token object for 395 * use. It is called after the NSSCKMDToken object is obtained 396 * from NSSCKMDSlot->GetToken. It is named "Setup" here because 397 * Cryptoki already defines "InitToken" to do the process of 398 * wiping out any existing state on a token and preparing it for 399 * a new use. This routine is optional; if unimplemented, it 400 * merely won't be called. 401 */ 402 CK_RV(PR_CALLBACK *Setup) 403 ( 404 NSSCKMDToken *mdToken, 405 NSSCKFWToken *fwToken, 406 NSSCKMDInstance *mdInstance, 407 NSSCKFWInstance *fwInstance); 408 409 /* 410 * This routine is called by the Framework whenever it notices 411 * that the token object is invalid. (Typically this is when a 412 * routine indicates an error such as CKR_DEVICE_REMOVED). This 413 * call is the last thing called before the NSSArena in the 414 * corresponding NSSCKFWToken is destroyed. This routine is 415 * optional; if unimplemented, it merely won't be called. 416 */ 417 void(PR_CALLBACK *Invalidate)( 418 NSSCKMDToken *mdToken, 419 NSSCKFWToken *fwToken, 420 NSSCKMDInstance *mdInstance, 421 NSSCKFWInstance *fwInstance); 422 423 /* 424 * This routine initialises the token in the specified slot. 425 * This routine is optional; if unimplemented, the Framework 426 * will fail this operation with an error of CKR_DEVICE_ERROR. 427 */ 428 429 CK_RV(PR_CALLBACK *InitToken) 430 ( 431 NSSCKMDToken *mdToken, 432 NSSCKFWToken *fwToken, 433 NSSCKMDInstance *mdInstance, 434 NSSCKFWInstance *fwInstance, 435 NSSItem *pin, 436 NSSUTF8 *label); 437 438 /* 439 * This routine returns a pointer to a UTF8-encoded string 440 * containing this token's label. Only the characters 441 * completely encoded in the first thirty-two bytes are 442 * significant. This routine is optional. The string 443 * returned is never freed; if dynamically generated, 444 * the space for it should be allocated from the NSSArena 445 * that may be obtained from the NSSCKFWInstance. This 446 * routine may return NULL upon error; however if *pError 447 * is CKR_OK, the NULL will be considered the valid response. 448 */ 449 NSSUTF8 *(PR_CALLBACK *GetLabel)( 450 NSSCKMDToken *mdToken, 451 NSSCKFWToken *fwToken, 452 NSSCKMDInstance *mdInstance, 453 NSSCKFWInstance *fwInstance, 454 CK_RV *pError); 455 456 /* 457 * This routine returns a pointer to a UTF8-encoded string 458 * containing this token's manufacturer ID. Only the characters 459 * completely encoded in the first thirty-two bytes are 460 * significant. This routine is optional. The string 461 * returned is never freed; if dynamically generated, 462 * the space for it should be allocated from the NSSArena 463 * that may be obtained from the NSSCKFWInstance. This 464 * routine may return NULL upon error; however if *pError 465 * is CKR_OK, the NULL will be considered the valid response. 466 */ 467 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( 468 NSSCKMDToken *mdToken, 469 NSSCKFWToken *fwToken, 470 NSSCKMDInstance *mdInstance, 471 NSSCKFWInstance *fwInstance, 472 CK_RV *pError); 473 474 /* 475 * This routine returns a pointer to a UTF8-encoded string 476 * containing this token's model name. Only the characters 477 * completely encoded in the first thirty-two bytes are 478 * significant. This routine is optional. The string 479 * returned is never freed; if dynamically generated, 480 * the space for it should be allocated from the NSSArena 481 * that may be obtained from the NSSCKFWInstance. This 482 * routine may return NULL upon error; however if *pError 483 * is CKR_OK, the NULL will be considered the valid response. 484 */ 485 NSSUTF8 *(PR_CALLBACK *GetModel)( 486 NSSCKMDToken *mdToken, 487 NSSCKFWToken *fwToken, 488 NSSCKMDInstance *mdInstance, 489 NSSCKFWInstance *fwInstance, 490 CK_RV *pError); 491 492 /* 493 * This routine returns a pointer to a UTF8-encoded string 494 * containing this token's serial number. Only the characters 495 * completely encoded in the first thirty-two bytes are 496 * significant. This routine is optional. The string 497 * returned is never freed; if dynamically generated, 498 * the space for it should be allocated from the NSSArena 499 * that may be obtained from the NSSCKFWInstance. This 500 * routine may return NULL upon error; however if *pError 501 * is CKR_OK, the NULL will be considered the valid response. 502 */ 503 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( 504 NSSCKMDToken *mdToken, 505 NSSCKFWToken *fwToken, 506 NSSCKMDInstance *mdInstance, 507 NSSCKFWInstance *fwInstance, 508 CK_RV *pError); 509 510 /* 511 * This routine returns CK_TRUE if the token has its own 512 * random number generator. This routine is optional; if 513 * unimplemented, CK_FALSE is assumed. 514 */ 515 CK_BBOOL(PR_CALLBACK *GetHasRNG) 516 ( 517 NSSCKMDToken *mdToken, 518 NSSCKFWToken *fwToken, 519 NSSCKMDInstance *mdInstance, 520 NSSCKFWInstance *fwInstance); 521 522 /* 523 * This routine returns CK_TRUE if this token is write-protected. 524 * This routine is optional; if unimplemented, CK_FALSE is 525 * assumed. 526 */ 527 CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) 528 ( 529 NSSCKMDToken *mdToken, 530 NSSCKFWToken *fwToken, 531 NSSCKMDInstance *mdInstance, 532 NSSCKFWInstance *fwInstance); 533 534 /* 535 * This routine returns CK_TRUE if this token requires a login. 536 * This routine is optional; if unimplemented, CK_FALSE is 537 * assumed. 538 */ 539 CK_BBOOL(PR_CALLBACK *GetLoginRequired) 540 ( 541 NSSCKMDToken *mdToken, 542 NSSCKFWToken *fwToken, 543 NSSCKMDInstance *mdInstance, 544 NSSCKFWInstance *fwInstance); 545 546 /* 547 * This routine returns CK_TRUE if the normal user's PIN on this 548 * token has been initialised. This routine is optional; if 549 * unimplemented, CK_FALSE is assumed. 550 */ 551 CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) 552 ( 553 NSSCKMDToken *mdToken, 554 NSSCKFWToken *fwToken, 555 NSSCKMDInstance *mdInstance, 556 NSSCKFWInstance *fwInstance); 557 558 /* 559 * This routine returns CK_TRUE if a successful save of a 560 * session's cryptographic operations state ~always~ contains 561 * all keys needed to restore the state of the session. This 562 * routine is optional; if unimplemented, CK_FALSE is assumed. 563 */ 564 CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) 565 ( 566 NSSCKMDToken *mdToken, 567 NSSCKFWToken *fwToken, 568 NSSCKMDInstance *mdInstance, 569 NSSCKFWInstance *fwInstance); 570 571 /* 572 * This routine returns CK_TRUE if the token has its own 573 * hardware clock. This routine is optional; if unimplemented, 574 * CK_FALSE is assumed. 575 */ 576 CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) 577 ( 578 NSSCKMDToken *mdToken, 579 NSSCKFWToken *fwToken, 580 NSSCKMDInstance *mdInstance, 581 NSSCKFWInstance *fwInstance); 582 583 /* 584 * This routine returns CK_TRUE if the token has a protected 585 * authentication path. This routine is optional; if 586 * unimplemented, CK_FALSE is assumed. 587 */ 588 CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) 589 ( 590 NSSCKMDToken *mdToken, 591 NSSCKFWToken *fwToken, 592 NSSCKMDInstance *mdInstance, 593 NSSCKFWInstance *fwInstance); 594 595 /* 596 * This routine returns CK_TRUE if the token supports dual 597 * cryptographic operations within a single session. This 598 * routine is optional; if unimplemented, CK_FALSE is assumed. 599 */ 600 CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) 601 ( 602 NSSCKMDToken *mdToken, 603 NSSCKFWToken *fwToken, 604 NSSCKMDInstance *mdInstance, 605 NSSCKFWInstance *fwInstance); 606 607 /* 608 * XXX fgmr-- should we have a call to return all the flags 609 * at once, for folks who already know about Cryptoki? 610 */ 611 612 /* 613 * This routine returns the maximum number of sessions that 614 * may be opened on this token. This routine is optional; 615 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION 616 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? 617 */ 618 CK_ULONG(PR_CALLBACK *GetMaxSessionCount) 619 ( 620 NSSCKMDToken *mdToken, 621 NSSCKFWToken *fwToken, 622 NSSCKMDInstance *mdInstance, 623 NSSCKFWInstance *fwInstance); 624 625 /* 626 * This routine returns the maximum number of read/write 627 * sesisons that may be opened on this token. This routine 628 * is optional; if unimplemented, the special value 629 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or 630 * CK_EFFECTIVELY_INFINITE? 631 */ 632 CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) 633 ( 634 NSSCKMDToken *mdToken, 635 NSSCKFWToken *fwToken, 636 NSSCKMDInstance *mdInstance, 637 NSSCKFWInstance *fwInstance); 638 639 /* 640 * This routine returns the maximum PIN code length that is 641 * supported on this token. This routine is optional; 642 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION 643 * is assumed. 644 */ 645 CK_ULONG(PR_CALLBACK *GetMaxPinLen) 646 ( 647 NSSCKMDToken *mdToken, 648 NSSCKFWToken *fwToken, 649 NSSCKMDInstance *mdInstance, 650 NSSCKFWInstance *fwInstance); 651 652 /* 653 * This routine returns the minimum PIN code length that is 654 * supported on this token. This routine is optional; if 655 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION 656 * is assumed. XXX fgmr-- or 0? 657 */ 658 CK_ULONG(PR_CALLBACK *GetMinPinLen) 659 ( 660 NSSCKMDToken *mdToken, 661 NSSCKFWToken *fwToken, 662 NSSCKMDInstance *mdInstance, 663 NSSCKFWInstance *fwInstance); 664 665 /* 666 * This routine returns the total amount of memory on the token 667 * in which public objects may be stored. This routine is 668 * optional; if unimplemented, the special value 669 * CK_UNAVAILABLE_INFORMATION is assumed. 670 */ 671 CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) 672 ( 673 NSSCKMDToken *mdToken, 674 NSSCKFWToken *fwToken, 675 NSSCKMDInstance *mdInstance, 676 NSSCKFWInstance *fwInstance); 677 678 /* 679 * This routine returns the amount of unused memory on the 680 * token in which public objects may be stored. This routine 681 * is optional; if unimplemented, the special value 682 * CK_UNAVAILABLE_INFORMATION is assumed. 683 */ 684 CK_ULONG(PR_CALLBACK *GetFreePublicMemory) 685 ( 686 NSSCKMDToken *mdToken, 687 NSSCKFWToken *fwToken, 688 NSSCKMDInstance *mdInstance, 689 NSSCKFWInstance *fwInstance); 690 691 /* 692 * This routine returns the total amount of memory on the token 693 * in which private objects may be stored. This routine is 694 * optional; if unimplemented, the special value 695 * CK_UNAVAILABLE_INFORMATION is assumed. 696 */ 697 CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) 698 ( 699 NSSCKMDToken *mdToken, 700 NSSCKFWToken *fwToken, 701 NSSCKMDInstance *mdInstance, 702 NSSCKFWInstance *fwInstance); 703 704 /* 705 * This routine returns the amount of unused memory on the 706 * token in which private objects may be stored. This routine 707 * is optional; if unimplemented, the special value 708 * CK_UNAVAILABLE_INFORMATION is assumed. 709 */ 710 CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) 711 ( 712 NSSCKMDToken *mdToken, 713 NSSCKFWToken *fwToken, 714 NSSCKMDInstance *mdInstance, 715 NSSCKFWInstance *fwInstance); 716 717 /* 718 * This routine returns the version number of this token's 719 * hardware. This routine is optional; if unimplemented, 720 * the value 0.1 is assumed. 721 */ 722 CK_VERSION(PR_CALLBACK *GetHardwareVersion) 723 ( 724 NSSCKMDToken *mdToken, 725 NSSCKFWToken *fwToken, 726 NSSCKMDInstance *mdInstance, 727 NSSCKFWInstance *fwInstance); 728 729 /* 730 * This routine returns the version number of this token's 731 * firmware. This routine is optional; if unimplemented, 732 * the value 0.1 is assumed. 733 */ 734 CK_VERSION(PR_CALLBACK *GetFirmwareVersion) 735 ( 736 NSSCKMDToken *mdToken, 737 NSSCKFWToken *fwToken, 738 NSSCKMDInstance *mdInstance, 739 NSSCKFWInstance *fwInstance); 740 741 /* 742 * This routine stuffs the current UTC time, as obtained from 743 * the token, into the sixteen-byte buffer in the form 744 * YYYYMMDDhhmmss00. This routine need only be implemented 745 * by token which indicate that they have a real-time clock. 746 * XXX fgmr-- think about time formats. 747 */ 748 CK_RV(PR_CALLBACK *GetUTCTime) 749 ( 750 NSSCKMDToken *mdToken, 751 NSSCKFWToken *fwToken, 752 NSSCKMDInstance *mdInstance, 753 NSSCKFWInstance *fwInstance, 754 CK_CHAR utcTime[16]); 755 756 /* 757 * This routine creates a session on the token, and returns 758 * the corresponding NSSCKMDSession object. The value of 759 * rw will be CK_TRUE if the session is to be a read/write 760 * session, or CK_FALSE otherwise. An NSSArena dedicated to 761 * the new session is available from the specified NSSCKFWSession. 762 * This routine may return NULL upon error. 763 */ 764 NSSCKMDSession *(PR_CALLBACK *OpenSession)( 765 NSSCKMDToken *mdToken, 766 NSSCKFWToken *fwToken, 767 NSSCKMDInstance *mdInstance, 768 NSSCKFWInstance *fwInstance, 769 NSSCKFWSession *fwSession, 770 CK_BBOOL rw, 771 CK_RV *pError); 772 773 /* 774 * This routine returns the number of PKCS#11 Mechanisms 775 * supported by this token. This routine is optional; if 776 * unimplemented, zero is assumed. 777 */ 778 CK_ULONG(PR_CALLBACK *GetMechanismCount) 779 ( 780 NSSCKMDToken *mdToken, 781 NSSCKFWToken *fwToken, 782 NSSCKMDInstance *mdInstance, 783 NSSCKFWInstance *fwInstance); 784 785 /* 786 * This routine stuffs into the specified array the types 787 * of the mechanisms supported by this token. The Framework 788 * determines the size of the array by calling GetMechanismCount. 789 */ 790 CK_RV(PR_CALLBACK *GetMechanismTypes) 791 ( 792 NSSCKMDToken *mdToken, 793 NSSCKFWToken *fwToken, 794 NSSCKMDInstance *mdInstance, 795 NSSCKFWInstance *fwInstance, 796 CK_MECHANISM_TYPE types[]); 797 798 /* 799 * This routine returns a pointer to a Module mechanism 800 * object corresponding to a specified type. This routine 801 * need only exist for tokens implementing at least one 802 * mechanism. 803 */ 804 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( 805 NSSCKMDToken *mdToken, 806 NSSCKFWToken *fwToken, 807 NSSCKMDInstance *mdInstance, 808 NSSCKFWInstance *fwInstance, 809 CK_MECHANISM_TYPE which, 810 CK_RV *pError); 811 812 /* 813 * This object may be extended in future versions of the 814 * NSS Cryptoki Framework. To allow for some flexibility 815 * in the area of binary compatibility, this field should 816 * be NULL. 817 */ 818 void *null; 819 }; 820 821 /* 822 * NSSCKMDSession 823 * 824 * This is the basic handle for a session on a PKCS#11 Token. It 825 * is created by NSSCKMDToken->OpenSession, and may be obtained 826 * from the Framework's corresponding NSSCKFWSession object. It 827 * contains a pointer for use by the Module, to store any session- 828 * realted data, and it contains the EPV for a set of routines 829 * which the Module may implement for use by the Framework. Some 830 * of these routines are optional. 831 */ 832 833 struct NSSCKMDSessionStr { 834 /* 835 * The Module may use this pointer for its own purposes. 836 */ 837 void *etc; 838 839 /* 840 * This routine is called by the Framework when a session is 841 * closed. This call is the last thing called before the 842 * NSSArena in the correspoinding NSSCKFWSession is destroyed. 843 * This routine is optional; if unimplemented, it merely won't 844 * be called. 845 */ 846 void(PR_CALLBACK *Close)( 847 NSSCKMDSession *mdSession, 848 NSSCKFWSession *fwSession, 849 NSSCKMDToken *mdToken, 850 NSSCKFWToken *fwToken, 851 NSSCKMDInstance *mdInstance, 852 NSSCKFWInstance *fwInstance); 853 854 /* 855 * This routine is used to get any device-specific error. 856 * This routine is optional. 857 */ 858 CK_ULONG(PR_CALLBACK *GetDeviceError) 859 ( 860 NSSCKMDSession *mdSession, 861 NSSCKFWSession *fwSession, 862 NSSCKMDToken *mdToken, 863 NSSCKFWToken *fwToken, 864 NSSCKMDInstance *mdInstance, 865 NSSCKFWInstance *fwInstance); 866 867 /* 868 * This routine is used to log in a user to the token. This 869 * routine is optional, since the Framework's NSSCKFWSession 870 * object keeps track of the login state. 871 */ 872 CK_RV(PR_CALLBACK *Login) 873 ( 874 NSSCKMDSession *mdSession, 875 NSSCKFWSession *fwSession, 876 NSSCKMDToken *mdToken, 877 NSSCKFWToken *fwToken, 878 NSSCKMDInstance *mdInstance, 879 NSSCKFWInstance *fwInstance, 880 CK_USER_TYPE userType, 881 NSSItem *pin, 882 CK_STATE oldState, 883 CK_STATE newState); 884 885 /* 886 * This routine is used to log out a user from the token. This 887 * routine is optional, since the Framework's NSSCKFWSession 888 * object keeps track of the login state. 889 */ 890 CK_RV(PR_CALLBACK *Logout) 891 ( 892 NSSCKMDSession *mdSession, 893 NSSCKFWSession *fwSession, 894 NSSCKMDToken *mdToken, 895 NSSCKFWToken *fwToken, 896 NSSCKMDInstance *mdInstance, 897 NSSCKFWInstance *fwInstance, 898 CK_STATE oldState, 899 CK_STATE newState); 900 901 /* 902 * This routine is used to initialize the normal user's PIN or 903 * password. This will only be called in the "read/write 904 * security officer functions" state. If this token has a 905 * protected authentication path, then the pin argument will 906 * be NULL. This routine is optional; if unimplemented, the 907 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. 908 */ 909 CK_RV(PR_CALLBACK *InitPIN) 910 ( 911 NSSCKMDSession *mdSession, 912 NSSCKFWSession *fwSession, 913 NSSCKMDToken *mdToken, 914 NSSCKFWToken *fwToken, 915 NSSCKMDInstance *mdInstance, 916 NSSCKFWInstance *fwInstance, 917 NSSItem *pin); 918 919 /* 920 * This routine is used to modify a user's PIN or password. This 921 * routine will only be called in the "read/write security officer 922 * functions" or "read/write user functions" state. If this token 923 * has a protected authentication path, then the pin arguments 924 * will be NULL. This routine is optional; if unimplemented, the 925 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. 926 */ 927 CK_RV(PR_CALLBACK *SetPIN) 928 ( 929 NSSCKMDSession *mdSession, 930 NSSCKFWSession *fwSession, 931 NSSCKMDToken *mdToken, 932 NSSCKFWToken *fwToken, 933 NSSCKMDInstance *mdInstance, 934 NSSCKFWInstance *fwInstance, 935 NSSItem *oldPin, 936 NSSItem *newPin); 937 938 /* 939 * This routine is used to find out how much space would be required 940 * to save the current operational state. This routine is optional; 941 * if unimplemented, the Framework will reject any attempts to save 942 * the operational state with the error CKR_STATE_UNSAVEABLE. This 943 * routine may return zero on error. 944 */ 945 CK_ULONG(PR_CALLBACK *GetOperationStateLen) 946 ( 947 NSSCKMDSession *mdSession, 948 NSSCKFWSession *fwSession, 949 NSSCKMDToken *mdToken, 950 NSSCKFWToken *fwToken, 951 NSSCKMDInstance *mdInstance, 952 NSSCKFWInstance *fwInstance, 953 CK_RV *pError); 954 955 /* 956 * This routine is used to store the current operational state. This 957 * routine is only required if GetOperationStateLen is implemented 958 * and can return a nonzero value. The buffer in the specified item 959 * will be pre-allocated, and the length will specify the amount of 960 * space available (which may be more than GetOperationStateLen 961 * asked for, but which will not be smaller). 962 */ 963 CK_RV(PR_CALLBACK *GetOperationState) 964 ( 965 NSSCKMDSession *mdSession, 966 NSSCKFWSession *fwSession, 967 NSSCKMDToken *mdToken, 968 NSSCKFWToken *fwToken, 969 NSSCKMDInstance *mdInstance, 970 NSSCKFWInstance *fwInstance, 971 NSSItem *buffer); 972 973 /* 974 * This routine is used to restore an operational state previously 975 * obtained with GetOperationState. The Framework will take pains 976 * to be sure that the state is (or was at one point) valid; if the 977 * Module notices that the state is invalid, it should return an 978 * error, but it is not required to be paranoid about the issue. 979 * [XXX fgmr-- should (can?) the framework verify the keys match up?] 980 * This routine is required only if GetOperationState is implemented. 981 */ 982 CK_RV(PR_CALLBACK *SetOperationState) 983 ( 984 NSSCKMDSession *mdSession, 985 NSSCKFWSession *fwSession, 986 NSSCKMDToken *mdToken, 987 NSSCKFWToken *fwToken, 988 NSSCKMDInstance *mdInstance, 989 NSSCKFWInstance *fwInstance, 990 NSSItem *state, 991 NSSCKMDObject *mdEncryptionKey, 992 NSSCKFWObject *fwEncryptionKey, 993 NSSCKMDObject *mdAuthenticationKey, 994 NSSCKFWObject *fwAuthenticationKey); 995 996 /* 997 * This routine is used to create an object. The specified template 998 * will only specify a session object if the Module has indicated 999 * that it wishes to handle its own session objects. This routine 1000 * is optional; if unimplemented, the Framework will reject the 1001 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for 1002 * token objects should come from the NSSArena available from the 1003 * NSSCKFWToken object; space for session objects (if supported) 1004 * should come from the NSSArena available from the NSSCKFWSession 1005 * object. The appropriate NSSArena pointer will, as a convenience, 1006 * be passed as the handyArenaPointer argument. This routine may 1007 * return NULL upon error. 1008 */ 1009 NSSCKMDObject *(PR_CALLBACK *CreateObject)( 1010 NSSCKMDSession *mdSession, 1011 NSSCKFWSession *fwSession, 1012 NSSCKMDToken *mdToken, 1013 NSSCKFWToken *fwToken, 1014 NSSCKMDInstance *mdInstance, 1015 NSSCKFWInstance *fwInstance, 1016 NSSArena *handyArenaPointer, 1017 CK_ATTRIBUTE_PTR pTemplate, 1018 CK_ULONG ulAttributeCount, 1019 CK_RV *pError); 1020 1021 /* 1022 * This routine is used to make a copy of an object. It is entirely 1023 * optional; if unimplemented, the Framework will try to use 1024 * CreateObject instead. If the Module has indicated that it does 1025 * not wish to handle session objects, then this routine will only 1026 * be called to copy a token object to another token object. 1027 * Otherwise, either the original object or the new may be of 1028 * either the token or session variety. As with CreateObject, the 1029 * handyArenaPointer will point to the appropriate arena for the 1030 * new object. This routine may return NULL upon error. 1031 */ 1032 NSSCKMDObject *(PR_CALLBACK *CopyObject)( 1033 NSSCKMDSession *mdSession, 1034 NSSCKFWSession *fwSession, 1035 NSSCKMDToken *mdToken, 1036 NSSCKFWToken *fwToken, 1037 NSSCKMDInstance *mdInstance, 1038 NSSCKFWInstance *fwInstance, 1039 NSSCKMDObject *mdOldObject, 1040 NSSCKFWObject *fwOldObject, 1041 NSSArena *handyArenaPointer, 1042 CK_ATTRIBUTE_PTR pTemplate, 1043 CK_ULONG ulAttributeCount, 1044 CK_RV *pError); 1045 1046 /* 1047 * This routine is used to begin an object search. This routine may 1048 * be unimplemented only if the Module does not handle session 1049 * objects, and if none of its tokens have token objects. The 1050 * NSSCKFWFindObjects pointer has an NSSArena that may be used for 1051 * storage for the life of this "find" operation. This routine may 1052 * return NULL upon error. If the Module can determine immediately 1053 * that the search will not find any matching objects, it may return 1054 * NULL, and specify CKR_OK as the error. 1055 */ 1056 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( 1057 NSSCKMDSession *mdSession, 1058 NSSCKFWSession *fwSession, 1059 NSSCKMDToken *mdToken, 1060 NSSCKFWToken *fwToken, 1061 NSSCKMDInstance *mdInstance, 1062 NSSCKFWInstance *fwInstance, 1063 CK_ATTRIBUTE_PTR pTemplate, 1064 CK_ULONG ulAttributeCount, 1065 CK_RV *pError); 1066 1067 /* 1068 * This routine seeds the random-number generator. It is 1069 * optional, even if GetRandom is implemented. If unimplemented, 1070 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. 1071 */ 1072 CK_RV(PR_CALLBACK *SeedRandom) 1073 ( 1074 NSSCKMDSession *mdSession, 1075 NSSCKFWSession *fwSession, 1076 NSSCKMDToken *mdToken, 1077 NSSCKFWToken *fwToken, 1078 NSSCKMDInstance *mdInstance, 1079 NSSCKFWInstance *fwInstance, 1080 NSSItem *seed); 1081 1082 /* 1083 * This routine gets random data. It is optional. If unimplemented, 1084 * the Framework will issue the error CKR_RANDOM_NO_RNG. 1085 */ 1086 CK_RV(PR_CALLBACK *GetRandom) 1087 ( 1088 NSSCKMDSession *mdSession, 1089 NSSCKFWSession *fwSession, 1090 NSSCKMDToken *mdToken, 1091 NSSCKFWToken *fwToken, 1092 NSSCKMDInstance *mdInstance, 1093 NSSCKFWInstance *fwInstance, 1094 NSSItem *buffer); 1095 1096 /* 1097 * This object may be extended in future versions of the 1098 * NSS Cryptoki Framework. To allow for some flexibility 1099 * in the area of binary compatibility, this field should 1100 * be NULL. 1101 */ 1102 void *null; 1103 }; 1104 1105 /* 1106 * NSSCKMDFindObjects 1107 * 1108 * This is the basic handle for an object search. It is 1109 * created by NSSCKMDSession->FindObjectsInit, and may be 1110 * obtained from the Framework's corresponding object. 1111 * It contains a pointer for use by the Module, to store 1112 * any search-related data, and it contains the EPV for a 1113 * set of routines which the Module may implement for use 1114 * by the Framework. Some of these routines are optional. 1115 */ 1116 1117 struct NSSCKMDFindObjectsStr { 1118 /* 1119 * The Module may use this pointer for its own purposes. 1120 */ 1121 void *etc; 1122 1123 /* 1124 * This routine is called by the Framework to finish a 1125 * search operation. Note that the Framework may finish 1126 * a search before it has completed. This routine is 1127 * optional; if unimplemented, it merely won't be called. 1128 */ 1129 void(PR_CALLBACK *Final)( 1130 NSSCKMDFindObjects *mdFindObjects, 1131 NSSCKFWFindObjects *fwFindObjects, 1132 NSSCKMDSession *mdSession, 1133 NSSCKFWSession *fwSession, 1134 NSSCKMDToken *mdToken, 1135 NSSCKFWToken *fwToken, 1136 NSSCKMDInstance *mdInstance, 1137 NSSCKFWInstance *fwInstance); 1138 1139 /* 1140 * This routine is used to obtain another pointer to an 1141 * object matching the search criteria. This routine is 1142 * required. If no (more) objects match the search, it 1143 * should return NULL and set the error to CKR_OK. 1144 */ 1145 NSSCKMDObject *(PR_CALLBACK *Next)( 1146 NSSCKMDFindObjects *mdFindObjects, 1147 NSSCKFWFindObjects *fwFindObjects, 1148 NSSCKMDSession *mdSession, 1149 NSSCKFWSession *fwSession, 1150 NSSCKMDToken *mdToken, 1151 NSSCKFWToken *fwToken, 1152 NSSCKMDInstance *mdInstance, 1153 NSSCKFWInstance *fwInstance, 1154 NSSArena *arena, 1155 CK_RV *pError); 1156 1157 /* 1158 * This object may be extended in future versions of the 1159 * NSS Cryptoki Framework. To allow for some flexibility 1160 * in the area of binary compatibility, this field should 1161 * be NULL. 1162 */ 1163 void *null; 1164 }; 1165 1166 /* 1167 * NSSCKMDCryptoOperaion 1168 * 1169 * This is the basic handle for an encryption, decryption, 1170 * sign, verify, or hash opertion. 1171 * created by NSSCKMDMechanism->XXXXInit, and may be 1172 * obtained from the Framework's corresponding object. 1173 * It contains a pointer for use by the Module, to store 1174 * any intermediate data, and it contains the EPV for a 1175 * set of routines which the Module may implement for use 1176 * by the Framework. Some of these routines are optional. 1177 */ 1178 1179 struct NSSCKMDCryptoOperationStr { 1180 /* 1181 * The Module may use this pointer for its own purposes. 1182 */ 1183 void *etc; 1184 1185 /* 1186 * This routine is called by the Framework clean up the mdCryptoOperation 1187 * structure. 1188 * This routine is optional; if unimplemented, it will be ignored. 1189 */ 1190 void(PR_CALLBACK *Destroy)( 1191 NSSCKMDCryptoOperation *mdCryptoOperation, 1192 NSSCKFWCryptoOperation *fwCryptoOperation, 1193 NSSCKMDInstance *mdInstance, 1194 NSSCKFWInstance *fwInstance); 1195 1196 /* 1197 * how many bytes do we need to finish this buffer? 1198 * must be implemented if Final is implemented. 1199 */ 1200 CK_ULONG(PR_CALLBACK *GetFinalLength) 1201 ( 1202 NSSCKMDCryptoOperation *mdCryptoOperation, 1203 NSSCKFWCryptoOperation *fwCryptoOperation, 1204 NSSCKMDSession *mdSession, 1205 NSSCKFWSession *fwSession, 1206 NSSCKMDToken *mdToken, 1207 NSSCKFWToken *fwToken, 1208 NSSCKMDInstance *mdInstance, 1209 NSSCKFWInstance *fwInstance, 1210 CK_RV *pError); 1211 1212 /* 1213 * how many bytes do we need to complete the next operation. 1214 * used in both Update and UpdateFinal. 1215 */ 1216 CK_ULONG(PR_CALLBACK *GetOperationLength) 1217 ( 1218 NSSCKMDCryptoOperation *mdCryptoOperation, 1219 NSSCKFWCryptoOperation *fwCryptoOperation, 1220 NSSCKMDSession *mdSession, 1221 NSSCKFWSession *fwSession, 1222 NSSCKMDToken *mdToken, 1223 NSSCKFWToken *fwToken, 1224 NSSCKMDInstance *mdInstance, 1225 NSSCKFWInstance *fwInstance, 1226 const NSSItem *inputBuffer, 1227 CK_RV *pError); 1228 1229 /* 1230 * This routine is called by the Framework to finish a 1231 * search operation. Note that the Framework may finish 1232 * a search before it has completed. This routine is 1233 * optional; if unimplemented, it merely won't be called. 1234 * The respective final call with fail with CKR_FUNCTION_FAILED 1235 * Final should not free the mdCryptoOperation. 1236 */ 1237 CK_RV(PR_CALLBACK *Final) 1238 ( 1239 NSSCKMDCryptoOperation *mdCryptoOperation, 1240 NSSCKFWCryptoOperation *fwCryptoOperation, 1241 NSSCKMDSession *mdSession, 1242 NSSCKFWSession *fwSession, 1243 NSSCKMDToken *mdToken, 1244 NSSCKFWToken *fwToken, 1245 NSSCKMDInstance *mdInstance, 1246 NSSCKFWInstance *fwInstance, 1247 NSSItem *outputBuffer); 1248 1249 /* 1250 * This routine is called by the Framework to complete the 1251 * next step in an encryption/decryption operation. 1252 * This routine is optional; if unimplemented, the respective 1253 * update call with fail with CKR_FUNCTION_FAILED. 1254 * Update should not be implemented for signing/verification/digest 1255 * mechanisms. 1256 */ 1257 CK_RV(PR_CALLBACK *Update) 1258 ( 1259 NSSCKMDCryptoOperation *mdCryptoOperation, 1260 NSSCKFWCryptoOperation *fwCryptoOperation, 1261 NSSCKMDSession *mdSession, 1262 NSSCKFWSession *fwSession, 1263 NSSCKMDToken *mdToken, 1264 NSSCKFWToken *fwToken, 1265 NSSCKMDInstance *mdInstance, 1266 NSSCKFWInstance *fwInstance, 1267 const NSSItem *inputBuffer, 1268 NSSItem *outputBuffer); 1269 1270 /* 1271 * This routine is called by the Framework to complete the 1272 * next step in a signing/verification/digest operation. 1273 * This routine is optional; if unimplemented, the respective 1274 * update call with fail with CKR_FUNCTION_FAILED 1275 * Update should not be implemented for encryption/decryption 1276 * mechanisms. 1277 */ 1278 CK_RV(PR_CALLBACK *DigestUpdate) 1279 ( 1280 NSSCKMDCryptoOperation *mdCryptoOperation, 1281 NSSCKFWCryptoOperation *fwCryptoOperation, 1282 NSSCKMDSession *mdSession, 1283 NSSCKFWSession *fwSession, 1284 NSSCKMDToken *mdToken, 1285 NSSCKFWToken *fwToken, 1286 NSSCKMDInstance *mdInstance, 1287 NSSCKFWInstance *fwInstance, 1288 const NSSItem *inputBuffer); 1289 1290 /* 1291 * This routine is called by the Framework to complete a 1292 * single step operation. This routine is optional; if unimplemented, 1293 * the framework will use the Update and Final functions to complete 1294 * the operation. 1295 */ 1296 CK_RV(PR_CALLBACK *UpdateFinal) 1297 ( 1298 NSSCKMDCryptoOperation *mdCryptoOperation, 1299 NSSCKFWCryptoOperation *fwCryptoOperation, 1300 NSSCKMDSession *mdSession, 1301 NSSCKFWSession *fwSession, 1302 NSSCKMDToken *mdToken, 1303 NSSCKFWToken *fwToken, 1304 NSSCKMDInstance *mdInstance, 1305 NSSCKFWInstance *fwInstance, 1306 const NSSItem *inputBuffer, 1307 NSSItem *outputBuffer); 1308 1309 /* 1310 * This routine is called by the Framework to complete next 1311 * step in a combined operation. The Decrypt/Encrypt mechanism 1312 * should define and drive the combo step. 1313 * This routine is optional; if unimplemented, 1314 * the framework will use the appropriate Update functions to complete 1315 * the operation. 1316 */ 1317 CK_RV(PR_CALLBACK *UpdateCombo) 1318 ( 1319 NSSCKMDCryptoOperation *mdCryptoOperation, 1320 NSSCKFWCryptoOperation *fwCryptoOperation, 1321 NSSCKMDCryptoOperation *mdPeerCryptoOperation, 1322 NSSCKFWCryptoOperation *fwPeerCryptoOperation, 1323 NSSCKMDSession *mdSession, 1324 NSSCKFWSession *fwSession, 1325 NSSCKMDToken *mdToken, 1326 NSSCKFWToken *fwToken, 1327 NSSCKMDInstance *mdInstance, 1328 NSSCKFWInstance *fwInstance, 1329 const NSSItem *inputBuffer, 1330 NSSItem *outputBuffer); 1331 1332 /* 1333 * Hash a key directly into the digest 1334 */ 1335 CK_RV(PR_CALLBACK *DigestKey) 1336 ( 1337 NSSCKMDCryptoOperation *mdCryptoOperation, 1338 NSSCKFWCryptoOperation *fwCryptoOperation, 1339 NSSCKMDToken *mdToken, 1340 NSSCKFWToken *fwToken, 1341 NSSCKMDInstance *mdInstance, 1342 NSSCKFWInstance *fwInstance, 1343 NSSCKMDObject *mdKey, 1344 NSSCKFWObject *fwKey); 1345 1346 /* 1347 * This object may be extended in future versions of the 1348 * NSS Cryptoki Framework. To allow for some flexibility 1349 * in the area of binary compatibility, this field should 1350 * be NULL. 1351 */ 1352 void *null; 1353 }; 1354 1355 /* 1356 * NSSCKMDMechanism 1357 * 1358 */ 1359 1360 struct NSSCKMDMechanismStr { 1361 /* 1362 * The Module may use this pointer for its own purposes. 1363 */ 1364 void *etc; 1365 1366 /* 1367 * This also frees the fwMechanism if appropriate. 1368 * If it is not supplied, the Framework will assume that the Token 1369 * Manages a static list of mechanisms and the function will not be called. 1370 */ 1371 void(PR_CALLBACK *Destroy)( 1372 NSSCKMDMechanism *mdMechanism, 1373 NSSCKFWMechanism *fwMechanism, 1374 NSSCKMDInstance *mdInstance, 1375 NSSCKFWInstance *fwInstance); 1376 1377 /* 1378 * This routine returns the minimum key size allowed for 1379 * this mechanism. This routine is optional; if unimplemented, 1380 * zero will be assumed. This routine may return zero on 1381 * error; if the error is CKR_OK, zero will be accepted as 1382 * a valid response. 1383 */ 1384 CK_ULONG(PR_CALLBACK *GetMinKeySize) 1385 ( 1386 NSSCKMDMechanism *mdMechanism, 1387 NSSCKFWMechanism *fwMechanism, 1388 NSSCKMDToken *mdToken, 1389 NSSCKFWToken *fwToken, 1390 NSSCKMDInstance *mdInstance, 1391 NSSCKFWInstance *fwInstance, 1392 CK_RV *pError); 1393 1394 /* 1395 * This routine returns the maximum key size allowed for 1396 * this mechanism. This routine is optional; if unimplemented, 1397 * zero will be assumed. This routine may return zero on 1398 * error; if the error is CKR_OK, zero will be accepted as 1399 * a valid response. 1400 */ 1401 CK_ULONG(PR_CALLBACK *GetMaxKeySize) 1402 ( 1403 NSSCKMDMechanism *mdMechanism, 1404 NSSCKFWMechanism *fwMechanism, 1405 NSSCKMDToken *mdToken, 1406 NSSCKFWToken *fwToken, 1407 NSSCKMDInstance *mdInstance, 1408 NSSCKFWInstance *fwInstance, 1409 CK_RV *pError); 1410 1411 /* 1412 * This routine is called to determine if the mechanism is 1413 * implemented in hardware or software. It returns CK_TRUE 1414 * if it is done in hardware. 1415 */ 1416 CK_BBOOL(PR_CALLBACK *GetInHardware) 1417 ( 1418 NSSCKMDMechanism *mdMechanism, 1419 NSSCKFWMechanism *fwMechanism, 1420 NSSCKMDToken *mdToken, 1421 NSSCKFWToken *fwToken, 1422 NSSCKMDInstance *mdInstance, 1423 NSSCKFWInstance *fwInstance, 1424 CK_RV *pError); 1425 1426 /* 1427 * The crypto routines themselves. Most crypto operations may 1428 * be performed in two ways, streaming and single-part. The 1429 * streaming operations involve the use of (typically) three 1430 * calls-- an Init method to set up the operation, an Update 1431 * method to feed data to the operation, and a Final method to 1432 * obtain the final result. Single-part operations involve 1433 * one method, to perform the crypto operation all at once. 1434 * 1435 * The NSS Cryptoki Framework can implement the single-part 1436 * operations in terms of the streaming operations on behalf 1437 * of the Module. There are a few variances. 1438 * 1439 * Only the Init Functions are defined by the mechanism. Each 1440 * init function will return a NSSCKFWCryptoOperation which 1441 * can supply update, final, the single part updateFinal, and 1442 * the combo updateCombo functions. 1443 * 1444 * For simplicity, the routines are listed in summary here: 1445 * 1446 * EncryptInit, 1447 * DecryptInit, 1448 * DigestInit, 1449 * SignInit, 1450 * SignRecoverInit; 1451 * VerifyInit, 1452 * VerifyRecoverInit; 1453 * 1454 * The key-management routines are 1455 * 1456 * GenerateKey 1457 * GenerateKeyPair 1458 * WrapKey 1459 * UnwrapKey 1460 * DeriveKey 1461 * 1462 * All of these routines based on the Cryptoki API; 1463 * see PKCS#11 for further information. 1464 */ 1465 1466 /* 1467 */ 1468 NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( 1469 NSSCKMDMechanism *mdMechanism, 1470 NSSCKFWMechanism *fwMechanism, 1471 CK_MECHANISM_PTR pMechanism, 1472 NSSCKMDSession *mdSession, 1473 NSSCKFWSession *fwSession, 1474 NSSCKMDToken *mdToken, 1475 NSSCKFWToken *fwToken, 1476 NSSCKMDInstance *mdInstance, 1477 NSSCKFWInstance *fwInstance, 1478 NSSCKMDObject *mdKey, 1479 NSSCKFWObject *fwKey, 1480 CK_RV *pError); 1481 1482 /* 1483 */ 1484 NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( 1485 NSSCKMDMechanism *mdMechanism, 1486 NSSCKFWMechanism *fwMechanism, 1487 CK_MECHANISM_PTR pMechanism, 1488 NSSCKMDSession *mdSession, 1489 NSSCKFWSession *fwSession, 1490 NSSCKMDToken *mdToken, 1491 NSSCKFWToken *fwToken, 1492 NSSCKMDInstance *mdInstance, 1493 NSSCKFWInstance *fwInstance, 1494 NSSCKMDObject *mdKey, 1495 NSSCKFWObject *fwKey, 1496 CK_RV *pError); 1497 1498 /* 1499 */ 1500 NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( 1501 NSSCKMDMechanism *mdMechanism, 1502 NSSCKFWMechanism *fwMechanism, 1503 CK_MECHANISM_PTR pMechanism, 1504 NSSCKMDSession *mdSession, 1505 NSSCKFWSession *fwSession, 1506 NSSCKMDToken *mdToken, 1507 NSSCKFWToken *fwToken, 1508 NSSCKMDInstance *mdInstance, 1509 NSSCKFWInstance *fwInstance, 1510 CK_RV *pError); 1511 1512 /* 1513 */ 1514 NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( 1515 NSSCKMDMechanism *mdMechanism, 1516 NSSCKFWMechanism *fwMechanism, 1517 CK_MECHANISM_PTR pMechanism, 1518 NSSCKMDSession *mdSession, 1519 NSSCKFWSession *fwSession, 1520 NSSCKMDToken *mdToken, 1521 NSSCKFWToken *fwToken, 1522 NSSCKMDInstance *mdInstance, 1523 NSSCKFWInstance *fwInstance, 1524 NSSCKMDObject *mdKey, 1525 NSSCKFWObject *fwKey, 1526 CK_RV *pError); 1527 1528 /* 1529 */ 1530 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( 1531 NSSCKMDMechanism *mdMechanism, 1532 NSSCKFWMechanism *fwMechanism, 1533 CK_MECHANISM_PTR pMechanism, 1534 NSSCKMDSession *mdSession, 1535 NSSCKFWSession *fwSession, 1536 NSSCKMDToken *mdToken, 1537 NSSCKFWToken *fwToken, 1538 NSSCKMDInstance *mdInstance, 1539 NSSCKFWInstance *fwInstance, 1540 NSSCKMDObject *mdKey, 1541 NSSCKFWObject *fwKey, 1542 CK_RV *pError); 1543 1544 /* 1545 */ 1546 NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( 1547 NSSCKMDMechanism *mdMechanism, 1548 NSSCKFWMechanism *fwMechanism, 1549 CK_MECHANISM_PTR pMechanism, 1550 NSSCKMDSession *mdSession, 1551 NSSCKFWSession *fwSession, 1552 NSSCKMDToken *mdToken, 1553 NSSCKFWToken *fwToken, 1554 NSSCKMDInstance *mdInstance, 1555 NSSCKFWInstance *fwInstance, 1556 NSSCKMDObject *mdKey, 1557 NSSCKFWObject *fwKey, 1558 CK_RV *pError); 1559 1560 /* 1561 */ 1562 NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( 1563 NSSCKMDMechanism *mdMechanism, 1564 NSSCKFWMechanism *fwMechanism, 1565 CK_MECHANISM_PTR pMechanism, 1566 NSSCKMDSession *mdSession, 1567 NSSCKFWSession *fwSession, 1568 NSSCKMDToken *mdToken, 1569 NSSCKFWToken *fwToken, 1570 NSSCKMDInstance *mdInstance, 1571 NSSCKFWInstance *fwInstance, 1572 NSSCKMDObject *mdKey, 1573 NSSCKFWObject *fwKey, 1574 CK_RV *pError); 1575 1576 /* 1577 * Key management operations. 1578 */ 1579 1580 /* 1581 * This routine generates a key. This routine may return NULL 1582 * upon error. 1583 */ 1584 NSSCKMDObject *(PR_CALLBACK *GenerateKey)( 1585 NSSCKMDMechanism *mdMechanism, 1586 NSSCKFWMechanism *fwMechanism, 1587 CK_MECHANISM_PTR pMechanism, 1588 NSSCKMDSession *mdSession, 1589 NSSCKFWSession *fwSession, 1590 NSSCKMDToken *mdToken, 1591 NSSCKFWToken *fwToken, 1592 NSSCKMDInstance *mdInstance, 1593 NSSCKFWInstance *fwInstance, 1594 CK_ATTRIBUTE_PTR pTemplate, 1595 CK_ULONG ulAttributeCount, 1596 CK_RV *pError); 1597 1598 /* 1599 * This routine generates a key pair. 1600 */ 1601 CK_RV(PR_CALLBACK *GenerateKeyPair) 1602 ( 1603 NSSCKMDMechanism *mdMechanism, 1604 NSSCKFWMechanism *fwMechanism, 1605 CK_MECHANISM_PTR pMechanism, 1606 NSSCKMDSession *mdSession, 1607 NSSCKFWSession *fwSession, 1608 NSSCKMDToken *mdToken, 1609 NSSCKFWToken *fwToken, 1610 NSSCKMDInstance *mdInstance, 1611 NSSCKFWInstance *fwInstance, 1612 CK_ATTRIBUTE_PTR pPublicKeyTemplate, 1613 CK_ULONG ulPublicKeyAttributeCount, 1614 CK_ATTRIBUTE_PTR pPrivateKeyTemplate, 1615 CK_ULONG ulPrivateKeyAttributeCount, 1616 NSSCKMDObject **pPublicKey, 1617 NSSCKMDObject **pPrivateKey); 1618 1619 /* 1620 * This routine wraps a key. 1621 */ 1622 CK_ULONG(PR_CALLBACK *GetWrapKeyLength) 1623 ( 1624 NSSCKMDMechanism *mdMechanism, 1625 NSSCKFWMechanism *fwMechanism, 1626 CK_MECHANISM_PTR pMechanism, 1627 NSSCKMDSession *mdSession, 1628 NSSCKFWSession *fwSession, 1629 NSSCKMDToken *mdToken, 1630 NSSCKFWToken *fwToken, 1631 NSSCKMDInstance *mdInstance, 1632 NSSCKFWInstance *fwInstance, 1633 NSSCKMDObject *mdWrappingKey, 1634 NSSCKFWObject *fwWrappingKey, 1635 NSSCKMDObject *mdWrappedKey, 1636 NSSCKFWObject *fwWrappedKey, 1637 CK_RV *pError); 1638 1639 /* 1640 * This routine wraps a key. 1641 */ 1642 CK_RV(PR_CALLBACK *WrapKey) 1643 ( 1644 NSSCKMDMechanism *mdMechanism, 1645 NSSCKFWMechanism *fwMechanism, 1646 CK_MECHANISM_PTR pMechanism, 1647 NSSCKMDSession *mdSession, 1648 NSSCKFWSession *fwSession, 1649 NSSCKMDToken *mdToken, 1650 NSSCKFWToken *fwToken, 1651 NSSCKMDInstance *mdInstance, 1652 NSSCKFWInstance *fwInstance, 1653 NSSCKMDObject *mdWrappingKey, 1654 NSSCKFWObject *fwWrappingKey, 1655 NSSCKMDObject *mdKeyObject, 1656 NSSCKFWObject *fwKeyObject, 1657 NSSItem *wrappedKey); 1658 1659 /* 1660 * This routine unwraps a key. This routine may return NULL 1661 * upon error. 1662 */ 1663 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( 1664 NSSCKMDMechanism *mdMechanism, 1665 NSSCKFWMechanism *fwMechanism, 1666 CK_MECHANISM_PTR pMechanism, 1667 NSSCKMDSession *mdSession, 1668 NSSCKFWSession *fwSession, 1669 NSSCKMDToken *mdToken, 1670 NSSCKFWToken *fwToken, 1671 NSSCKMDInstance *mdInstance, 1672 NSSCKFWInstance *fwInstance, 1673 NSSCKMDObject *mdWrappingKey, 1674 NSSCKFWObject *fwWrappingKey, 1675 NSSItem *wrappedKey, 1676 CK_ATTRIBUTE_PTR pTemplate, 1677 CK_ULONG ulAttributeCount, 1678 CK_RV *pError); 1679 1680 /* 1681 * This routine derives a key. This routine may return NULL 1682 * upon error. 1683 */ 1684 NSSCKMDObject *(PR_CALLBACK *DeriveKey)( 1685 NSSCKMDMechanism *mdMechanism, 1686 NSSCKFWMechanism *fwMechanism, 1687 CK_MECHANISM_PTR pMechanism, 1688 NSSCKMDSession *mdSession, 1689 NSSCKFWSession *fwSession, 1690 NSSCKMDToken *mdToken, 1691 NSSCKFWToken *fwToken, 1692 NSSCKMDInstance *mdInstance, 1693 NSSCKFWInstance *fwInstance, 1694 NSSCKMDObject *mdBaseKey, 1695 NSSCKFWObject *fwBaseKey, 1696 CK_ATTRIBUTE_PTR pTemplate, 1697 CK_ULONG ulAttributeCount, 1698 CK_RV *pError); 1699 1700 /* 1701 * This object may be extended in future versions of the 1702 * NSS Cryptoki Framework. To allow for some flexibility 1703 * in the area of binary compatibility, this field should 1704 * be NULL. 1705 */ 1706 void *null; 1707 }; 1708 1709 /* 1710 * NSSCKMDObject 1711 * 1712 * This is the basic handle for any object used by a PKCS#11 Module. 1713 * Modules must implement it if they support their own objects, and 1714 * the Framework supports it for Modules that do not handle session 1715 * objects. This type contains a pointer for use by the implementor, 1716 * to store any object-specific data, and it contains an EPV for a 1717 * set of routines used to access the object. 1718 */ 1719 1720 struct NSSCKMDObjectStr { 1721 /* 1722 * The implementation my use this pointer for its own purposes. 1723 */ 1724 void *etc; 1725 1726 /* 1727 * This routine is called by the Framework when it is letting 1728 * go of an object handle. It can be used by the Module to 1729 * free any resources tied up by an object "in use." It is 1730 * optional. 1731 */ 1732 void(PR_CALLBACK *Finalize)( 1733 NSSCKMDObject *mdObject, 1734 NSSCKFWObject *fwObject, 1735 NSSCKMDSession *mdSession, 1736 NSSCKFWSession *fwSession, 1737 NSSCKMDToken *mdToken, 1738 NSSCKFWToken *fwToken, 1739 NSSCKMDInstance *mdInstance, 1740 NSSCKFWInstance *fwInstance); 1741 1742 /* 1743 * This routine is used to completely destroy an object. 1744 * It is optional. The parameter fwObject might be NULL 1745 * if the framework runs out of memory at the wrong moment. 1746 */ 1747 CK_RV(PR_CALLBACK *Destroy) 1748 ( 1749 NSSCKMDObject *mdObject, 1750 NSSCKFWObject *fwObject, 1751 NSSCKMDSession *mdSession, 1752 NSSCKFWSession *fwSession, 1753 NSSCKMDToken *mdToken, 1754 NSSCKFWToken *fwToken, 1755 NSSCKMDInstance *mdInstance, 1756 NSSCKFWInstance *fwInstance); 1757 1758 /* 1759 * This helper routine is used by the Framework, and is especially 1760 * useful when it is managing session objects on behalf of the 1761 * Module. This routine is optional; if unimplemented, the 1762 * Framework will actually look up the CKA_TOKEN attribute. In the 1763 * event of an error, just make something up-- the Framework will 1764 * find out soon enough anyway. 1765 */ 1766 CK_BBOOL(PR_CALLBACK *IsTokenObject) 1767 ( 1768 NSSCKMDObject *mdObject, 1769 NSSCKFWObject *fwObject, 1770 NSSCKMDSession *mdSession, 1771 NSSCKFWSession *fwSession, 1772 NSSCKMDToken *mdToken, 1773 NSSCKFWToken *fwToken, 1774 NSSCKMDInstance *mdInstance, 1775 NSSCKFWInstance *fwInstance); 1776 1777 /* 1778 * This routine returns the number of attributes of which this 1779 * object consists. It is mandatory. It can return zero on 1780 * error. 1781 */ 1782 CK_ULONG(PR_CALLBACK *GetAttributeCount) 1783 ( 1784 NSSCKMDObject *mdObject, 1785 NSSCKFWObject *fwObject, 1786 NSSCKMDSession *mdSession, 1787 NSSCKFWSession *fwSession, 1788 NSSCKMDToken *mdToken, 1789 NSSCKFWToken *fwToken, 1790 NSSCKMDInstance *mdInstance, 1791 NSSCKFWInstance *fwInstance, 1792 CK_RV *pError); 1793 1794 /* 1795 * This routine stuffs the attribute types into the provided array. 1796 * The array size (as obtained from GetAttributeCount) is passed in 1797 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong 1798 * (either too big or too small). 1799 */ 1800 CK_RV(PR_CALLBACK *GetAttributeTypes) 1801 ( 1802 NSSCKMDObject *mdObject, 1803 NSSCKFWObject *fwObject, 1804 NSSCKMDSession *mdSession, 1805 NSSCKFWSession *fwSession, 1806 NSSCKMDToken *mdToken, 1807 NSSCKFWToken *fwToken, 1808 NSSCKMDInstance *mdInstance, 1809 NSSCKFWInstance *fwInstance, 1810 CK_ATTRIBUTE_TYPE_PTR typeArray, 1811 CK_ULONG ulCount); 1812 1813 /* 1814 * This routine returns the size (in bytes) of the specified 1815 * attribute. It can return zero on error. 1816 */ 1817 CK_ULONG(PR_CALLBACK *GetAttributeSize) 1818 ( 1819 NSSCKMDObject *mdObject, 1820 NSSCKFWObject *fwObject, 1821 NSSCKMDSession *mdSession, 1822 NSSCKFWSession *fwSession, 1823 NSSCKMDToken *mdToken, 1824 NSSCKFWToken *fwToken, 1825 NSSCKMDInstance *mdInstance, 1826 NSSCKFWInstance *fwInstance, 1827 CK_ATTRIBUTE_TYPE attribute, 1828 CK_RV *pError); 1829 1830 /* 1831 * This routine returns an NSSCKFWItem structure. 1832 * The item pointer points to an NSSItem containing the attribute value. 1833 * The needsFreeing bit tells the framework whether to call the 1834 * FreeAttribute function . Upon error, an NSSCKFWItem structure 1835 * with a NULL NSSItem item pointer will be returned 1836 */ 1837 NSSCKFWItem(PR_CALLBACK *GetAttribute)( 1838 NSSCKMDObject *mdObject, 1839 NSSCKFWObject *fwObject, 1840 NSSCKMDSession *mdSession, 1841 NSSCKFWSession *fwSession, 1842 NSSCKMDToken *mdToken, 1843 NSSCKFWToken *fwToken, 1844 NSSCKMDInstance *mdInstance, 1845 NSSCKFWInstance *fwInstance, 1846 CK_ATTRIBUTE_TYPE attribute, 1847 CK_RV *pError); 1848 1849 /* 1850 * This routine returns CKR_OK if the attribute could be freed. 1851 */ 1852 CK_RV(PR_CALLBACK *FreeAttribute) 1853 ( 1854 NSSCKFWItem *item); 1855 1856 /* 1857 * This routine changes the specified attribute. If unimplemented, 1858 * the object will be considered read-only. 1859 */ 1860 CK_RV(PR_CALLBACK *SetAttribute) 1861 ( 1862 NSSCKMDObject *mdObject, 1863 NSSCKFWObject *fwObject, 1864 NSSCKMDSession *mdSession, 1865 NSSCKFWSession *fwSession, 1866 NSSCKMDToken *mdToken, 1867 NSSCKFWToken *fwToken, 1868 NSSCKMDInstance *mdInstance, 1869 NSSCKFWInstance *fwInstance, 1870 CK_ATTRIBUTE_TYPE attribute, 1871 NSSItem *value); 1872 1873 /* 1874 * This routine returns the storage requirements of this object, 1875 * in bytes. Cryptoki doesn't strictly define the definition, 1876 * but it should relate to the values returned by the "Get Memory" 1877 * routines of the NSSCKMDToken. This routine is optional; if 1878 * unimplemented, the Framework will consider this information 1879 * sensitive. This routine may return zero on error. If the 1880 * specified error is CKR_OK, zero will be accepted as a valid 1881 * response. 1882 */ 1883 CK_ULONG(PR_CALLBACK *GetObjectSize) 1884 ( 1885 NSSCKMDObject *mdObject, 1886 NSSCKFWObject *fwObject, 1887 NSSCKMDSession *mdSession, 1888 NSSCKFWSession *fwSession, 1889 NSSCKMDToken *mdToken, 1890 NSSCKFWToken *fwToken, 1891 NSSCKMDInstance *mdInstance, 1892 NSSCKFWInstance *fwInstance, 1893 CK_RV *pError); 1894 1895 /* 1896 * This object may be extended in future versions of the 1897 * NSS Cryptoki Framework. To allow for some flexibility 1898 * in the area of binary compatibility, this field should 1899 * be NULL. 1900 */ 1901 void *null; 1902 }; 1903 1904 #endif /* NSSCKMDT_H */ 1905