PageRenderTime 38ms CodeModel.GetById 19ms RepoModel.GetById 0ms app.codeStats 0ms

/gecko_api/include/pkcs11n.h

http://firefox-mac-pdf.googlecode.com/
C Header | 289 lines | 125 code | 38 blank | 126 comment | 0 complexity | 36adede5fea53b0e91f389d5efd1cace MD5 | raw file
  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Dr Stephen Henson <stephen.henson@gemplus.com>
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. #ifndef _PKCS11N_H_
  38. #define _PKCS11N_H_
  39. #ifdef DEBUG
  40. static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ $Date: 2007/11/09 23:43:34 $";
  41. #endif /* DEBUG */
  42. /*
  43. * pkcs11n.h
  44. *
  45. * This file contains the NSS-specific type definitions for Cryptoki
  46. * (PKCS#11).
  47. */
  48. /*
  49. * NSSCK_VENDOR_NSS
  50. *
  51. * Cryptoki reserves the high half of all the number spaces for
  52. * vendor-defined use. I'd like to keep all of our NSS-
  53. * specific values together, but not in the oh-so-obvious
  54. * 0x80000001, 0x80000002, etc. area. So I've picked an offset,
  55. * and constructed values for the beginnings of our spaces.
  56. *
  57. * Note that some "historical" Netscape values don't fall within
  58. * this range.
  59. */
  60. #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
  61. /*
  62. * NSS-defined object classes
  63. *
  64. */
  65. #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  66. #define CKO_NSS_CRL (CKO_NSS + 1)
  67. #define CKO_NSS_SMIME (CKO_NSS + 2)
  68. #define CKO_NSS_TRUST (CKO_NSS + 3)
  69. #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
  70. #define CKO_NSS_NEWSLOT (CKO_NSS + 5)
  71. #define CKO_NSS_DELSLOT (CKO_NSS + 6)
  72. /*
  73. * NSS-defined key types
  74. *
  75. */
  76. #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  77. #define CKK_NSS_PKCS8 (CKK_NSS + 1)
  78. /*
  79. * NSS-defined certificate types
  80. *
  81. */
  82. #define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  83. /* FAKE PKCS #11 defines */
  84. #define CKA_DIGEST 0x81000000L
  85. #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
  86. /*
  87. * NSS-defined object attributes
  88. *
  89. */
  90. #define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  91. #define CKA_NSS_URL (CKA_NSS + 1)
  92. #define CKA_NSS_EMAIL (CKA_NSS + 2)
  93. #define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
  94. #define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
  95. #define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
  96. #define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
  97. #define CKA_NSS_EXPIRES (CKA_NSS + 7)
  98. #define CKA_NSS_KRL (CKA_NSS + 8)
  99. #define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
  100. #define CKA_NSS_PQG_SEED (CKA_NSS + 21)
  101. #define CKA_NSS_PQG_H (CKA_NSS + 22)
  102. #define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
  103. #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
  104. #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
  105. /*
  106. * Trust attributes:
  107. *
  108. * If trust goes standard, these probably will too. So I'll
  109. * put them all in one place.
  110. */
  111. #define CKA_TRUST (CKA_NSS + 0x2000)
  112. /* "Usage" key information */
  113. #define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
  114. #define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
  115. #define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
  116. #define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
  117. #define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
  118. #define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
  119. #define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
  120. /* "Purpose" trust information */
  121. #define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
  122. #define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
  123. #define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
  124. #define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
  125. #define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
  126. #define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
  127. #define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
  128. #define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
  129. #define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
  130. #define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
  131. #define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
  132. /* NSS trust stuff */
  133. /* XXX fgmr new ones here-- step-up, etc. */
  134. /* HISTORICAL: define used to pass in the database key for DSA private keys */
  135. #define CKA_NETSCAPE_DB 0xD5A0DB00L
  136. #define CKA_NETSCAPE_TRUST 0x80000001L
  137. /* FAKE PKCS #11 defines */
  138. #define CKM_FAKE_RANDOM 0x80000efeUL
  139. #define CKM_INVALID_MECHANISM 0xffffffffUL
  140. /*
  141. * NSS-defined crypto mechanisms
  142. *
  143. */
  144. #define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  145. #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
  146. #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
  147. /*
  148. * HISTORICAL:
  149. * Do not attempt to use these. They are only used by NETSCAPE's internal
  150. * PKCS #11 interface. Most of these are place holders for other mechanism
  151. * and will change in the future.
  152. */
  153. #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
  154. #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
  155. #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
  156. #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
  157. #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL
  158. #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL
  159. #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
  160. #define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
  161. #define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
  162. #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
  163. #define CKM_TLS_PRF_GENERAL 0x80000373UL
  164. /*
  165. * NSS-defined return values
  166. *
  167. */
  168. #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  169. #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
  170. #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
  171. /*
  172. * Trust info
  173. *
  174. * This isn't part of the Cryptoki standard (yet), so I'm putting
  175. * all the definitions here. Some of this would move to nssckt.h
  176. * if trust info were made part of the standard. In view of this
  177. * possibility, I'm putting my (NSS) values in the NSS
  178. * vendor space, like everything else.
  179. */
  180. typedef CK_ULONG CK_TRUST;
  181. /* The following trust types are defined: */
  182. #define CKT_VENDOR_DEFINED 0x80000000
  183. #define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  184. /* If trust goes standard, these'll probably drop out of vendor space. */
  185. #define CKT_NSS_TRUSTED (CKT_NSS + 1)
  186. #define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
  187. #define CKT_NSS_UNTRUSTED (CKT_NSS + 3)
  188. #define CKT_NSS_MUST_VERIFY (CKT_NSS + 4)
  189. #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
  190. /*
  191. * These may well remain NSS-specific; I'm only using them
  192. * to cache resolution data.
  193. */
  194. #define CKT_NSS_VALID (CKT_NSS + 10)
  195. #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
  196. /* don't leave old programs in a lurch just yet, give them the old NETSCAPE
  197. * synonym */
  198. #define CKO_NETSCAPE_CRL CKO_NSS_CRL
  199. #define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
  200. #define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
  201. #define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
  202. #define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
  203. #define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
  204. #define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
  205. #define CKA_NETSCAPE_URL CKA_NSS_URL
  206. #define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
  207. #define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
  208. #define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
  209. #define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
  210. #define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
  211. #define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
  212. #define CKA_NETSCAPE_KRL CKA_NSS_KRL
  213. #define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
  214. #define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
  215. #define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
  216. #define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
  217. #define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
  218. #define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
  219. #define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
  220. #define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
  221. #define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
  222. #define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
  223. #define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
  224. #define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
  225. #define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
  226. #define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
  227. #define CKT_NETSCAPE_VALID CKT_NSS_VALID
  228. #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
  229. /*
  230. * These are not really PKCS #11 values specifically. They are the 'loadable'
  231. * module spec NSS uses. The are available for others to use as well, but not
  232. * part of the formal PKCS #11 spec.
  233. *
  234. * The function 'FIND' returns an array of PKCS #11 initialization strings
  235. * The function 'ADD' takes a PKCS #11 initialization string and stores it.
  236. * The function 'DEL' takes a 'name= library=' value and deletes the associated
  237. * string.
  238. * The function 'RELEASE' frees the array returned by 'FIND'
  239. */
  240. #define SECMOD_MODULE_DB_FUNCTION_FIND 0
  241. #define SECMOD_MODULE_DB_FUNCTION_ADD 1
  242. #define SECMOD_MODULE_DB_FUNCTION_DEL 2
  243. #define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
  244. typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
  245. char *parameters, void *moduleSpec);
  246. /* softoken slot ID's */
  247. #define SFTK_MIN_USER_SLOT_ID 4
  248. #define SFTK_MAX_USER_SLOT_ID 100
  249. #define SFTK_MIN_FIPS_USER_SLOT_ID 101
  250. #define SFTK_MAX_FIPS_USER_SLOT_ID 127
  251. #endif /* _PKCS11N_H_ */