/security/nss/lib/util/pkcs11n.h

http://github.com/zpao/v8monkey · C Header · 458 lines · 204 code · 53 blank · 201 comment · 3 complexity · 480b4e0b2c4861cdfad0a515615f5643 MD5 · raw file

  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. * Dr Stephen Henson <stephen.henson@gemplus.com>
  23. *
  24. * Alternatively, the contents of this file may be used under the terms of
  25. * either the GNU General Public License Version 2 or later (the "GPL"), or
  26. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  27. * in which case the provisions of the GPL or the LGPL are applicable instead
  28. * of those above. If you wish to allow use of your version of this file only
  29. * under the terms of either the GPL or the LGPL, and not to allow others to
  30. * use your version of this file under the terms of the MPL, indicate your
  31. * decision by deleting the provisions above and replace them with the notice
  32. * and other provisions required by the GPL or the LGPL. If you do not delete
  33. * the provisions above, a recipient may use your version of this file under
  34. * the terms of any one of the MPL, the GPL or the LGPL.
  35. *
  36. * ***** END LICENSE BLOCK ***** */
  37. #ifndef _PKCS11N_H_
  38. #define _PKCS11N_H_
  39. #ifdef DEBUG
  40. static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.27 $ $Date: 2011/11/24 12:26:35 $";
  41. #endif /* DEBUG */
  42. /*
  43. * pkcs11n.h
  44. *
  45. * This file contains the NSS-specific type definitions for Cryptoki
  46. * (PKCS#11).
  47. */
  48. /*
  49. * NSSCK_VENDOR_NSS
  50. *
  51. * Cryptoki reserves the high half of all the number spaces for
  52. * vendor-defined use. I'd like to keep all of our NSS-
  53. * specific values together, but not in the oh-so-obvious
  54. * 0x80000001, 0x80000002, etc. area. So I've picked an offset,
  55. * and constructed values for the beginnings of our spaces.
  56. *
  57. * Note that some "historical" Netscape values don't fall within
  58. * this range.
  59. */
  60. #define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
  61. /*
  62. * NSS-defined object classes
  63. *
  64. */
  65. #define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  66. #define CKO_NSS_CRL (CKO_NSS + 1)
  67. #define CKO_NSS_SMIME (CKO_NSS + 2)
  68. #define CKO_NSS_TRUST (CKO_NSS + 3)
  69. #define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
  70. #define CKO_NSS_NEWSLOT (CKO_NSS + 5)
  71. #define CKO_NSS_DELSLOT (CKO_NSS + 6)
  72. /*
  73. * NSS-defined key types
  74. *
  75. */
  76. #define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  77. #define CKK_NSS_PKCS8 (CKK_NSS + 1)
  78. #define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2)
  79. #define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3)
  80. /*
  81. * NSS-defined certificate types
  82. *
  83. */
  84. #define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  85. /* FAKE PKCS #11 defines */
  86. #define CKA_DIGEST 0x81000000L
  87. #define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
  88. /*
  89. * NSS-defined object attributes
  90. *
  91. */
  92. #define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  93. #define CKA_NSS_URL (CKA_NSS + 1)
  94. #define CKA_NSS_EMAIL (CKA_NSS + 2)
  95. #define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
  96. #define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
  97. #define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
  98. #define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
  99. #define CKA_NSS_EXPIRES (CKA_NSS + 7)
  100. #define CKA_NSS_KRL (CKA_NSS + 8)
  101. #define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
  102. #define CKA_NSS_PQG_SEED (CKA_NSS + 21)
  103. #define CKA_NSS_PQG_H (CKA_NSS + 22)
  104. #define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
  105. #define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
  106. #define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
  107. #define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26)
  108. #define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27)
  109. #define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28)
  110. #define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29)
  111. #define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30)
  112. #define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31)
  113. #define CKA_NSS_JPAKE_X2 (CKA_NSS + 32)
  114. #define CKA_NSS_JPAKE_X2S (CKA_NSS + 33)
  115. /*
  116. * Trust attributes:
  117. *
  118. * If trust goes standard, these probably will too. So I'll
  119. * put them all in one place.
  120. */
  121. #define CKA_TRUST (CKA_NSS + 0x2000)
  122. /* "Usage" key information */
  123. #define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
  124. #define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
  125. #define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
  126. #define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
  127. #define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
  128. #define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
  129. #define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
  130. /* "Purpose" trust information */
  131. #define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
  132. #define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
  133. #define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
  134. #define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
  135. #define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
  136. #define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
  137. #define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
  138. #define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
  139. #define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
  140. #define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
  141. #define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
  142. /* NSS trust stuff */
  143. /* HISTORICAL: define used to pass in the database key for DSA private keys */
  144. #define CKA_NETSCAPE_DB 0xD5A0DB00L
  145. #define CKA_NETSCAPE_TRUST 0x80000001L
  146. /* FAKE PKCS #11 defines */
  147. #define CKM_FAKE_RANDOM 0x80000efeUL
  148. #define CKM_INVALID_MECHANISM 0xffffffffUL
  149. /*
  150. * NSS-defined crypto mechanisms
  151. *
  152. */
  153. #define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  154. #define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
  155. #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
  156. /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
  157. #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
  158. #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
  159. #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
  160. #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
  161. /* J-PAKE round 1 key generation mechanisms.
  162. *
  163. * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
  164. * CKA_NSS_JPAKE_SIGNERID
  165. * Output key type: CKK_NSS_JPAKE_ROUND1
  166. * Output key class: CKO_PRIVATE_KEY
  167. * Parameter type: CK_NSS_JPAKERound1Params
  168. *
  169. */
  170. #define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7)
  171. #define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
  172. #define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
  173. #define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
  174. /* J-PAKE round 2 key derivation mechanisms.
  175. *
  176. * Required template attributes: CKA_NSS_JPAKE_PEERID
  177. * Input key type: CKK_NSS_JPAKE_ROUND1
  178. * Output key type: CKK_NSS_JPAKE_ROUND2
  179. * Output key class: CKO_PRIVATE_KEY
  180. * Parameter type: CK_NSS_JPAKERound2Params
  181. */
  182. #define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11)
  183. #define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
  184. #define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
  185. #define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
  186. /* J-PAKE final key material derivation mechanisms
  187. *
  188. * Input key type: CKK_NSS_JPAKE_ROUND2
  189. * Output key type: CKK_GENERIC_SECRET
  190. * Output key class: CKO_SECRET_KEY
  191. * Parameter type: CK_NSS_JPAKEFinalParams
  192. *
  193. * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material
  194. * to get a key with uniformly distributed bits.
  195. */
  196. #define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15)
  197. #define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16)
  198. #define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17)
  199. #define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18)
  200. /*
  201. * HISTORICAL:
  202. * Do not attempt to use these. They are only used by NETSCAPE's internal
  203. * PKCS #11 interface. Most of these are place holders for other mechanism
  204. * and will change in the future.
  205. */
  206. #define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
  207. #define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
  208. #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
  209. #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
  210. #define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL
  211. #define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL
  212. #define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
  213. #define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
  214. #define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
  215. #define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
  216. #define CKM_TLS_PRF_GENERAL 0x80000373UL
  217. typedef struct CK_NSS_JPAKEPublicValue {
  218. CK_BYTE * pGX;
  219. CK_ULONG ulGXLen;
  220. CK_BYTE * pGV;
  221. CK_ULONG ulGVLen;
  222. CK_BYTE * pR;
  223. CK_ULONG ulRLen;
  224. } CK_NSS_JPAKEPublicValue;
  225. typedef struct CK_NSS_JPAKERound1Params {
  226. CK_NSS_JPAKEPublicValue gx1; /* out */
  227. CK_NSS_JPAKEPublicValue gx2; /* out */
  228. } CK_NSS_JPAKERound1Params;
  229. typedef struct CK_NSS_JPAKERound2Params {
  230. CK_BYTE * pSharedKey; /* in */
  231. CK_ULONG ulSharedKeyLen; /* in */
  232. CK_NSS_JPAKEPublicValue gx3; /* in */
  233. CK_NSS_JPAKEPublicValue gx4; /* in */
  234. CK_NSS_JPAKEPublicValue A; /* out */
  235. } CK_NSS_JPAKERound2Params;
  236. typedef struct CK_NSS_JPAKEFinalParams {
  237. CK_NSS_JPAKEPublicValue B; /* in */
  238. } CK_NSS_JPAKEFinalParams;
  239. /*
  240. * NSS-defined return values
  241. *
  242. */
  243. #define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  244. #define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
  245. #define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
  246. /* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
  247. See RFC 5869.
  248. bExtract: If set, HKDF-Extract will be applied to the input key. If
  249. the optional salt is given, it is used; otherwise, the salt is
  250. set to a sequence of zeros equal in length to the HMAC output.
  251. If bExpand is not set, then the key template given to
  252. C_DeriveKey must indicate an output key size less than or equal
  253. to the output size of the HMAC.
  254. bExpand: If set, HKDF-Expand will be applied to the input key (if
  255. bExtract is not set) or to the result of HKDF-Extract (if
  256. bExtract is set). Any info given in the optional pInfo field will
  257. be included in the calculation.
  258. The size of the output key must be specified in the template passed to
  259. C_DeriveKey.
  260. */
  261. typedef struct CK_NSS_HKDFParams {
  262. CK_BBOOL bExtract;
  263. CK_BYTE_PTR pSalt;
  264. CK_ULONG ulSaltLen;
  265. CK_BBOOL bExpand;
  266. CK_BYTE_PTR pInfo;
  267. CK_ULONG ulInfoLen;
  268. } CK_NSS_HKDFParams;
  269. /*
  270. * Trust info
  271. *
  272. * This isn't part of the Cryptoki standard (yet), so I'm putting
  273. * all the definitions here. Some of this would move to nssckt.h
  274. * if trust info were made part of the standard. In view of this
  275. * possibility, I'm putting my (NSS) values in the NSS
  276. * vendor space, like everything else.
  277. */
  278. typedef CK_ULONG CK_TRUST;
  279. /* The following trust types are defined: */
  280. #define CKT_VENDOR_DEFINED 0x80000000
  281. #define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
  282. /* If trust goes standard, these'll probably drop out of vendor space. */
  283. #define CKT_NSS_TRUSTED (CKT_NSS + 1)
  284. #define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
  285. #define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3)
  286. #define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10)
  287. #define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
  288. /*
  289. * These may well remain NSS-specific; I'm only using them
  290. * to cache resolution data.
  291. */
  292. #define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
  293. /*
  294. * old definitions. They still exist, but the plain meaning of the
  295. * labels have never been accurate to what was really implemented.
  296. * The new labels correctly reflect what the values effectively mean.
  297. */
  298. #if defined(__GNUC__) && (__GNUC__ > 3)
  299. /* make GCC warn when we use these #defines */
  300. /*
  301. * This is really painful because GCC doesn't allow us to mark random
  302. * #defines as deprecated. We can only mark the following:
  303. * functions, variables, and types.
  304. * const variables will create extra storage for everyone including this
  305. * header file, so it's undesirable.
  306. * functions could be inlined to prevent storage creation, but will fail
  307. * when constant values are expected (like switch statements).
  308. * enum types do not seem to pay attention to the deprecated attribute.
  309. *
  310. * That leaves typedefs. We declare new types that we then deprecate, then
  311. * cast the resulting value to the deprecated type in the #define, thus
  312. * producting the warning when the #define is used.
  313. */
  314. #if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5)
  315. /* The mac doesn't like the friendlier deprecate messages. I'm assuming this
  316. * is a gcc version issue rather than mac or ppc specific */
  317. typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
  318. typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated));
  319. typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
  320. #else
  321. /* when possible, get a full deprecation warning. This works on gcc 4.5
  322. * it may work on earlier versions of gcc */
  323. typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated
  324. ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
  325. typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated
  326. ("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED")));
  327. typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated
  328. ("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN")));
  329. #endif
  330. #define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST)
  331. #define CKT_NSS_VALID ((__CKT_NSS_VALID) CKT_NSS_NOT_TRUSTED)
  332. /* keep the old value for compatibility reasons*/
  333. #define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS +4))
  334. #else
  335. #ifdef _WIN32
  336. /* This magic gets the windows compiler to give us a deprecation
  337. * warning */
  338. #pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID)
  339. #endif
  340. /* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */
  341. #define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST
  342. /* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */
  343. #define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED
  344. /* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */
  345. #define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/
  346. #endif
  347. /* don't leave old programs in a lurch just yet, give them the old NETSCAPE
  348. * synonym */
  349. #define CKO_NETSCAPE_CRL CKO_NSS_CRL
  350. #define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
  351. #define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
  352. #define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
  353. #define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
  354. #define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
  355. #define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
  356. #define CKA_NETSCAPE_URL CKA_NSS_URL
  357. #define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
  358. #define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
  359. #define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
  360. #define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
  361. #define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
  362. #define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
  363. #define CKA_NETSCAPE_KRL CKA_NSS_KRL
  364. #define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
  365. #define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
  366. #define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
  367. #define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
  368. #define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
  369. #define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
  370. #define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
  371. #define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
  372. #define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
  373. #define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
  374. #define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
  375. #define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
  376. #define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
  377. #define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
  378. #define CKT_NETSCAPE_VALID CKT_NSS_VALID
  379. #define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
  380. /*
  381. * These are not really PKCS #11 values specifically. They are the 'loadable'
  382. * module spec NSS uses. The are available for others to use as well, but not
  383. * part of the formal PKCS #11 spec.
  384. *
  385. * The function 'FIND' returns an array of PKCS #11 initialization strings
  386. * The function 'ADD' takes a PKCS #11 initialization string and stores it.
  387. * The function 'DEL' takes a 'name= library=' value and deletes the associated
  388. * string.
  389. * The function 'RELEASE' frees the array returned by 'FIND'
  390. */
  391. #define SECMOD_MODULE_DB_FUNCTION_FIND 0
  392. #define SECMOD_MODULE_DB_FUNCTION_ADD 1
  393. #define SECMOD_MODULE_DB_FUNCTION_DEL 2
  394. #define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
  395. typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
  396. char *parameters, void *moduleSpec);
  397. /* softoken slot ID's */
  398. #define SFTK_MIN_USER_SLOT_ID 4
  399. #define SFTK_MAX_USER_SLOT_ID 100
  400. #define SFTK_MIN_FIPS_USER_SLOT_ID 101
  401. #define SFTK_MAX_FIPS_USER_SLOT_ID 127
  402. #endif /* _PKCS11N_H_ */