/gecko_api/include/pkcs11n.h
C++ Header | 289 lines | 125 code | 38 blank | 126 comment | 0 complexity | 36adede5fea53b0e91f389d5efd1cace MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is 17 * Netscape Communications Corporation. 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000 19 * the Initial Developer. All Rights Reserved. 20 * 21 * Contributor(s): 22 * Dr Stephen Henson <stephen.henson@gemplus.com> 23 * 24 * Alternatively, the contents of this file may be used under the terms of 25 * either the GNU General Public License Version 2 or later (the "GPL"), or 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 27 * in which case the provisions of the GPL or the LGPL are applicable instead 28 * of those above. If you wish to allow use of your version of this file only 29 * under the terms of either the GPL or the LGPL, and not to allow others to 30 * use your version of this file under the terms of the MPL, indicate your 31 * decision by deleting the provisions above and replace them with the notice 32 * and other provisions required by the GPL or the LGPL. If you do not delete 33 * the provisions above, a recipient may use your version of this file under 34 * the terms of any one of the MPL, the GPL or the LGPL. 35 * 36 * ***** END LICENSE BLOCK ***** */ 37 38#ifndef _PKCS11N_H_ 39#define _PKCS11N_H_ 40 41#ifdef DEBUG 42static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ $Date: 2007/11/09 23:43:34 $"; 43#endif /* DEBUG */ 44 45/* 46 * pkcs11n.h 47 * 48 * This file contains the NSS-specific type definitions for Cryptoki 49 * (PKCS#11). 50 */ 51 52/* 53 * NSSCK_VENDOR_NSS 54 * 55 * Cryptoki reserves the high half of all the number spaces for 56 * vendor-defined use. I'd like to keep all of our NSS- 57 * specific values together, but not in the oh-so-obvious 58 * 0x80000001, 0x80000002, etc. area. So I've picked an offset, 59 * and constructed values for the beginnings of our spaces. 60 * 61 * Note that some "historical" Netscape values don't fall within 62 * this range. 63 */ 64#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */ 65 66/* 67 * NSS-defined object classes 68 * 69 */ 70#define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 71 72#define CKO_NSS_CRL (CKO_NSS + 1) 73#define CKO_NSS_SMIME (CKO_NSS + 2) 74#define CKO_NSS_TRUST (CKO_NSS + 3) 75#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) 76#define CKO_NSS_NEWSLOT (CKO_NSS + 5) 77#define CKO_NSS_DELSLOT (CKO_NSS + 6) 78 79 80/* 81 * NSS-defined key types 82 * 83 */ 84#define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 85 86#define CKK_NSS_PKCS8 (CKK_NSS + 1) 87/* 88 * NSS-defined certificate types 89 * 90 */ 91#define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 92 93/* FAKE PKCS #11 defines */ 94#define CKA_DIGEST 0x81000000L 95#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ 96 97/* 98 * NSS-defined object attributes 99 * 100 */ 101#define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 102 103#define CKA_NSS_URL (CKA_NSS + 1) 104#define CKA_NSS_EMAIL (CKA_NSS + 2) 105#define CKA_NSS_SMIME_INFO (CKA_NSS + 3) 106#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4) 107#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5) 108#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6) 109#define CKA_NSS_EXPIRES (CKA_NSS + 7) 110#define CKA_NSS_KRL (CKA_NSS + 8) 111 112#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20) 113#define CKA_NSS_PQG_SEED (CKA_NSS + 21) 114#define CKA_NSS_PQG_H (CKA_NSS + 22) 115#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23) 116#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) 117#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) 118 119/* 120 * Trust attributes: 121 * 122 * If trust goes standard, these probably will too. So I'll 123 * put them all in one place. 124 */ 125 126#define CKA_TRUST (CKA_NSS + 0x2000) 127 128/* "Usage" key information */ 129#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1) 130#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2) 131#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3) 132#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4) 133#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5) 134#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6) 135#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7) 136 137/* "Purpose" trust information */ 138#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8) 139#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9) 140#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10) 141#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11) 142#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12) 143#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13) 144#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14) 145#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15) 146#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16) 147 148#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100) 149#define CKA_CERT_MD5_HASH (CKA_TRUST + 101) 150 151/* NSS trust stuff */ 152/* XXX fgmr new ones here-- step-up, etc. */ 153 154/* HISTORICAL: define used to pass in the database key for DSA private keys */ 155#define CKA_NETSCAPE_DB 0xD5A0DB00L 156#define CKA_NETSCAPE_TRUST 0x80000001L 157 158/* FAKE PKCS #11 defines */ 159#define CKM_FAKE_RANDOM 0x80000efeUL 160#define CKM_INVALID_MECHANISM 0xffffffffUL 161 162/* 163 * NSS-defined crypto mechanisms 164 * 165 */ 166#define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 167 168#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) 169#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) 170 171/* 172 * HISTORICAL: 173 * Do not attempt to use these. They are only used by NETSCAPE's internal 174 * PKCS #11 interface. Most of these are place holders for other mechanism 175 * and will change in the future. 176 */ 177#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL 178#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL 179#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL 180#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL 181#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL 182#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL 183#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL 184#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL 185#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL 186#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL 187 188#define CKM_TLS_PRF_GENERAL 0x80000373UL 189 190/* 191 * NSS-defined return values 192 * 193 */ 194#define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 195 196#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) 197#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) 198 199/* 200 * Trust info 201 * 202 * This isn't part of the Cryptoki standard (yet), so I'm putting 203 * all the definitions here. Some of this would move to nssckt.h 204 * if trust info were made part of the standard. In view of this 205 * possibility, I'm putting my (NSS) values in the NSS 206 * vendor space, like everything else. 207 */ 208 209typedef CK_ULONG CK_TRUST; 210 211/* The following trust types are defined: */ 212#define CKT_VENDOR_DEFINED 0x80000000 213 214#define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 215 216/* If trust goes standard, these'll probably drop out of vendor space. */ 217#define CKT_NSS_TRUSTED (CKT_NSS + 1) 218#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2) 219#define CKT_NSS_UNTRUSTED (CKT_NSS + 3) 220#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) 221#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ 222 223/* 224 * These may well remain NSS-specific; I'm only using them 225 * to cache resolution data. 226 */ 227#define CKT_NSS_VALID (CKT_NSS + 10) 228#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) 229 230/* don't leave old programs in a lurch just yet, give them the old NETSCAPE 231 * synonym */ 232#define CKO_NETSCAPE_CRL CKO_NSS_CRL 233#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME 234#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST 235#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST 236#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT 237#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT 238#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8 239#define CKA_NETSCAPE_URL CKA_NSS_URL 240#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL 241#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO 242#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP 243#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT 244#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK 245#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES 246#define CKA_NETSCAPE_KRL CKA_NSS_KRL 247#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER 248#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED 249#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H 250#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS 251#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC 252#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP 253#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD 254#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED 255#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED 256#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED 257#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR 258#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED 259#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY 260#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN 261#define CKT_NETSCAPE_VALID CKT_NSS_VALID 262#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR 263 264/* 265 * These are not really PKCS #11 values specifically. They are the 'loadable' 266 * module spec NSS uses. The are available for others to use as well, but not 267 * part of the formal PKCS #11 spec. 268 * 269 * The function 'FIND' returns an array of PKCS #11 initialization strings 270 * The function 'ADD' takes a PKCS #11 initialization string and stores it. 271 * The function 'DEL' takes a 'name= library=' value and deletes the associated 272 * string. 273 * The function 'RELEASE' frees the array returned by 'FIND' 274 */ 275#define SECMOD_MODULE_DB_FUNCTION_FIND 0 276#define SECMOD_MODULE_DB_FUNCTION_ADD 1 277#define SECMOD_MODULE_DB_FUNCTION_DEL 2 278#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 279typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, 280 char *parameters, void *moduleSpec); 281 282/* softoken slot ID's */ 283#define SFTK_MIN_USER_SLOT_ID 4 284#define SFTK_MAX_USER_SLOT_ID 100 285#define SFTK_MIN_FIPS_USER_SLOT_ID 101 286#define SFTK_MAX_FIPS_USER_SLOT_ID 127 287 288 289#endif /* _PKCS11N_H_ */