PageRenderTime 35ms CodeModel.GetById 17ms app.highlight 11ms RepoModel.GetById 2ms app.codeStats 0ms

/security/nss/lib/util/pkcs11n.h

http://github.com/zpao/v8monkey
C Header | 458 lines | 204 code | 53 blank | 201 comment | 3 complexity | 480b4e0b2c4861cdfad0a515615f5643 MD5 | raw file
  1/* ***** BEGIN LICENSE BLOCK *****
  2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3 *
  4 * The contents of this file are subject to the Mozilla Public License Version
  5 * 1.1 (the "License"); you may not use this file except in compliance with
  6 * the License. You may obtain a copy of the License at
  7 * http://www.mozilla.org/MPL/
  8 *
  9 * Software distributed under the License is distributed on an "AS IS" basis,
 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
 11 * for the specific language governing rights and limitations under the
 12 * License.
 13 *
 14 * The Original Code is the Netscape security libraries.
 15 *
 16 * The Initial Developer of the Original Code is
 17 * Netscape Communications Corporation.
 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
 19 * the Initial Developer. All Rights Reserved.
 20 *
 21 * Contributor(s):
 22 *   Dr Stephen Henson <stephen.henson@gemplus.com>
 23 *
 24 * Alternatively, the contents of this file may be used under the terms of
 25 * either the GNU General Public License Version 2 or later (the "GPL"), or
 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
 27 * in which case the provisions of the GPL or the LGPL are applicable instead
 28 * of those above. If you wish to allow use of your version of this file only
 29 * under the terms of either the GPL or the LGPL, and not to allow others to
 30 * use your version of this file under the terms of the MPL, indicate your
 31 * decision by deleting the provisions above and replace them with the notice
 32 * and other provisions required by the GPL or the LGPL. If you do not delete
 33 * the provisions above, a recipient may use your version of this file under
 34 * the terms of any one of the MPL, the GPL or the LGPL.
 35 *
 36 * ***** END LICENSE BLOCK ***** */
 37
 38#ifndef _PKCS11N_H_
 39#define _PKCS11N_H_
 40
 41#ifdef DEBUG
 42static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.27 $ $Date: 2011/11/24 12:26:35 $";
 43#endif /* DEBUG */
 44
 45/*
 46 * pkcs11n.h
 47 *
 48 * This file contains the NSS-specific type definitions for Cryptoki
 49 * (PKCS#11).
 50 */
 51
 52/*
 53 * NSSCK_VENDOR_NSS
 54 *
 55 * Cryptoki reserves the high half of all the number spaces for
 56 * vendor-defined use.  I'd like to keep all of our NSS-
 57 * specific values together, but not in the oh-so-obvious
 58 * 0x80000001, 0x80000002, etc. area.  So I've picked an offset,
 59 * and constructed values for the beginnings of our spaces.
 60 *
 61 * Note that some "historical" Netscape values don't fall within
 62 * this range.
 63 */
 64#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
 65
 66/*
 67 * NSS-defined object classes
 68 * 
 69 */
 70#define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 71
 72#define CKO_NSS_CRL                (CKO_NSS + 1)
 73#define CKO_NSS_SMIME              (CKO_NSS + 2)
 74#define CKO_NSS_TRUST              (CKO_NSS + 3)
 75#define CKO_NSS_BUILTIN_ROOT_LIST  (CKO_NSS + 4)
 76#define CKO_NSS_NEWSLOT            (CKO_NSS + 5)
 77#define CKO_NSS_DELSLOT            (CKO_NSS + 6)
 78
 79
 80/*
 81 * NSS-defined key types
 82 *
 83 */
 84#define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 85
 86#define CKK_NSS_PKCS8              (CKK_NSS + 1)
 87
 88#define CKK_NSS_JPAKE_ROUND1       (CKK_NSS + 2)
 89#define CKK_NSS_JPAKE_ROUND2       (CKK_NSS + 3)
 90
 91/*
 92 * NSS-defined certificate types
 93 *
 94 */
 95#define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
 96
 97/* FAKE PKCS #11 defines */
 98#define CKA_DIGEST            0x81000000L
 99#define CKA_FLAGS_ONLY        0 /* CKA_CLASS */
100
101/*
102 * NSS-defined object attributes
103 *
104 */
105#define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
106
107#define CKA_NSS_URL                (CKA_NSS +  1)
108#define CKA_NSS_EMAIL              (CKA_NSS +  2)
109#define CKA_NSS_SMIME_INFO         (CKA_NSS +  3)
110#define CKA_NSS_SMIME_TIMESTAMP    (CKA_NSS +  4)
111#define CKA_NSS_PKCS8_SALT         (CKA_NSS +  5)
112#define CKA_NSS_PASSWORD_CHECK     (CKA_NSS +  6)
113#define CKA_NSS_EXPIRES            (CKA_NSS +  7)
114#define CKA_NSS_KRL                (CKA_NSS +  8)
115
116#define CKA_NSS_PQG_COUNTER        (CKA_NSS +  20)
117#define CKA_NSS_PQG_SEED           (CKA_NSS +  21)
118#define CKA_NSS_PQG_H              (CKA_NSS +  22)
119#define CKA_NSS_PQG_SEED_BITS      (CKA_NSS +  23)
120#define CKA_NSS_MODULE_SPEC        (CKA_NSS +  24)
121#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS +  25)
122
123#define CKA_NSS_JPAKE_SIGNERID     (CKA_NSS +  26)
124#define CKA_NSS_JPAKE_PEERID       (CKA_NSS +  27)
125#define CKA_NSS_JPAKE_GX1          (CKA_NSS +  28)
126#define CKA_NSS_JPAKE_GX2          (CKA_NSS +  29)
127#define CKA_NSS_JPAKE_GX3          (CKA_NSS +  30)
128#define CKA_NSS_JPAKE_GX4          (CKA_NSS +  31)
129#define CKA_NSS_JPAKE_X2           (CKA_NSS +  32)
130#define CKA_NSS_JPAKE_X2S          (CKA_NSS +  33)
131
132/*
133 * Trust attributes:
134 *
135 * If trust goes standard, these probably will too.  So I'll
136 * put them all in one place.
137 */
138
139#define CKA_TRUST (CKA_NSS + 0x2000)
140
141/* "Usage" key information */
142#define CKA_TRUST_DIGITAL_SIGNATURE     (CKA_TRUST +  1)
143#define CKA_TRUST_NON_REPUDIATION       (CKA_TRUST +  2)
144#define CKA_TRUST_KEY_ENCIPHERMENT      (CKA_TRUST +  3)
145#define CKA_TRUST_DATA_ENCIPHERMENT     (CKA_TRUST +  4)
146#define CKA_TRUST_KEY_AGREEMENT         (CKA_TRUST +  5)
147#define CKA_TRUST_KEY_CERT_SIGN         (CKA_TRUST +  6)
148#define CKA_TRUST_CRL_SIGN              (CKA_TRUST +  7)
149
150/* "Purpose" trust information */
151#define CKA_TRUST_SERVER_AUTH           (CKA_TRUST +  8)
152#define CKA_TRUST_CLIENT_AUTH           (CKA_TRUST +  9)
153#define CKA_TRUST_CODE_SIGNING          (CKA_TRUST + 10)
154#define CKA_TRUST_EMAIL_PROTECTION      (CKA_TRUST + 11)
155#define CKA_TRUST_IPSEC_END_SYSTEM      (CKA_TRUST + 12)
156#define CKA_TRUST_IPSEC_TUNNEL          (CKA_TRUST + 13)
157#define CKA_TRUST_IPSEC_USER            (CKA_TRUST + 14)
158#define CKA_TRUST_TIME_STAMPING         (CKA_TRUST + 15)
159#define CKA_TRUST_STEP_UP_APPROVED      (CKA_TRUST + 16)
160
161#define CKA_CERT_SHA1_HASH	        (CKA_TRUST + 100)
162#define CKA_CERT_MD5_HASH		(CKA_TRUST + 101)
163
164/* NSS trust stuff */
165
166/* HISTORICAL: define used to pass in the database key for DSA private keys */
167#define CKA_NETSCAPE_DB                 0xD5A0DB00L
168#define CKA_NETSCAPE_TRUST              0x80000001L
169
170/* FAKE PKCS #11 defines */
171#define CKM_FAKE_RANDOM       0x80000efeUL
172#define CKM_INVALID_MECHANISM 0xffffffffUL
173
174/*
175 * NSS-defined crypto mechanisms
176 *
177 */
178#define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
179
180#define CKM_NSS_AES_KEY_WRAP      (CKM_NSS + 1)
181#define CKM_NSS_AES_KEY_WRAP_PAD  (CKM_NSS + 2)
182
183/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
184#define CKM_NSS_HKDF_SHA1         (CKM_NSS + 3)
185#define CKM_NSS_HKDF_SHA256       (CKM_NSS + 4)
186#define CKM_NSS_HKDF_SHA384       (CKM_NSS + 5)
187#define CKM_NSS_HKDF_SHA512       (CKM_NSS + 6)
188
189/* J-PAKE round 1 key generation mechanisms.
190 *
191 * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
192 *                               CKA_NSS_JPAKE_SIGNERID
193 * Output key type: CKK_NSS_JPAKE_ROUND1
194 * Output key class: CKO_PRIVATE_KEY
195 * Parameter type: CK_NSS_JPAKERound1Params
196 *
197 */
198#define CKM_NSS_JPAKE_ROUND1_SHA1   (CKM_NSS + 7)
199#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8)
200#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9)
201#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10)
202
203/* J-PAKE round 2 key derivation mechanisms.
204 * 
205 * Required template attributes: CKA_NSS_JPAKE_PEERID
206 * Input key type:  CKK_NSS_JPAKE_ROUND1
207 * Output key type: CKK_NSS_JPAKE_ROUND2
208 * Output key class: CKO_PRIVATE_KEY
209 * Parameter type: CK_NSS_JPAKERound2Params
210 */
211#define CKM_NSS_JPAKE_ROUND2_SHA1   (CKM_NSS + 11)
212#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12)
213#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13)
214#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14)
215
216/* J-PAKE final key material derivation mechanisms 
217 *
218 * Input key type:  CKK_NSS_JPAKE_ROUND2
219 * Output key type: CKK_GENERIC_SECRET
220 * Output key class: CKO_SECRET_KEY
221 * Parameter type: CK_NSS_JPAKEFinalParams
222 *
223 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 
224 * to get a key with uniformly distributed bits.
225 */
226#define CKM_NSS_JPAKE_FINAL_SHA1    (CKM_NSS + 15)
227#define CKM_NSS_JPAKE_FINAL_SHA256  (CKM_NSS + 16)
228#define CKM_NSS_JPAKE_FINAL_SHA384  (CKM_NSS + 17)
229#define CKM_NSS_JPAKE_FINAL_SHA512  (CKM_NSS + 18)
230
231/*
232 * HISTORICAL:
233 * Do not attempt to use these. They are only used by NETSCAPE's internal
234 * PKCS #11 interface. Most of these are place holders for other mechanism
235 * and will change in the future.
236 */
237#define CKM_NETSCAPE_PBE_SHA1_DES_CBC           0x80000002UL
238#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC    0x80000003UL
239#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC    0x80000004UL
240#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC   0x80000005UL
241#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4        0x80000006UL
242#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4       0x80000007UL
243#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC   0x80000008UL
244#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN      0x80000009UL
245#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN       0x8000000aUL
246#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN       0x8000000bUL
247
248#define CKM_TLS_PRF_GENERAL                     0x80000373UL
249
250typedef struct CK_NSS_JPAKEPublicValue {
251    CK_BYTE * pGX;
252    CK_ULONG ulGXLen;
253    CK_BYTE * pGV;
254    CK_ULONG ulGVLen;
255    CK_BYTE * pR;
256    CK_ULONG ulRLen;
257} CK_NSS_JPAKEPublicValue;
258
259typedef struct CK_NSS_JPAKERound1Params {
260    CK_NSS_JPAKEPublicValue gx1; /* out */
261    CK_NSS_JPAKEPublicValue gx2; /* out */
262} CK_NSS_JPAKERound1Params;
263
264typedef struct CK_NSS_JPAKERound2Params {
265    CK_BYTE * pSharedKey;        /* in */
266    CK_ULONG ulSharedKeyLen;     /* in */
267    CK_NSS_JPAKEPublicValue gx3; /* in */
268    CK_NSS_JPAKEPublicValue gx4; /* in */
269    CK_NSS_JPAKEPublicValue A;   /* out */
270} CK_NSS_JPAKERound2Params;
271
272typedef struct CK_NSS_JPAKEFinalParams {
273    CK_NSS_JPAKEPublicValue B; /* in */
274} CK_NSS_JPAKEFinalParams;
275
276/*
277 * NSS-defined return values
278 *
279 */
280#define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
281
282#define CKR_NSS_CERTDB_FAILED      (CKR_NSS + 1)
283#define CKR_NSS_KEYDB_FAILED       (CKR_NSS + 2)
284
285/* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms.
286   See RFC 5869.
287   
288    bExtract: If set, HKDF-Extract will be applied to the input key. If
289              the optional salt is given, it is used; otherwise, the salt is
290              set to a sequence of zeros equal in length to the HMAC output.
291              If bExpand is not set, then the key template given to
292              C_DeriveKey must indicate an output key size less than or equal
293              to the output size of the HMAC.
294
295    bExpand:  If set, HKDF-Expand will be applied to the input key (if
296              bExtract is not set) or to the result of HKDF-Extract (if
297              bExtract is set). Any info given in the optional pInfo field will
298              be included in the calculation.
299
300    The size of the output key must be specified in the template passed to
301    C_DeriveKey.
302*/
303typedef struct CK_NSS_HKDFParams {
304    CK_BBOOL bExtract;
305    CK_BYTE_PTR pSalt;
306    CK_ULONG ulSaltLen;
307    CK_BBOOL bExpand;
308    CK_BYTE_PTR pInfo;
309    CK_ULONG ulInfoLen;
310} CK_NSS_HKDFParams;
311
312/*
313 * Trust info
314 *
315 * This isn't part of the Cryptoki standard (yet), so I'm putting
316 * all the definitions here.  Some of this would move to nssckt.h
317 * if trust info were made part of the standard.  In view of this
318 * possibility, I'm putting my (NSS) values in the NSS
319 * vendor space, like everything else.
320 */
321
322typedef CK_ULONG          CK_TRUST;
323
324/* The following trust types are defined: */
325#define CKT_VENDOR_DEFINED     0x80000000
326
327#define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
328
329/* If trust goes standard, these'll probably drop out of vendor space. */
330#define CKT_NSS_TRUSTED            (CKT_NSS + 1)
331#define CKT_NSS_TRUSTED_DELEGATOR  (CKT_NSS + 2)
332#define CKT_NSS_MUST_VERIFY_TRUST  (CKT_NSS + 3)
333#define CKT_NSS_NOT_TRUSTED        (CKT_NSS + 10)
334#define CKT_NSS_TRUST_UNKNOWN      (CKT_NSS + 5) /* default */
335
336/* 
337 * These may well remain NSS-specific; I'm only using them
338 * to cache resolution data.
339 */
340#define CKT_NSS_VALID_DELEGATOR    (CKT_NSS + 11)
341
342
343/*
344 * old definitions. They still exist, but the plain meaning of the
345 * labels have never been accurate to what was really implemented.
346 * The new labels correctly reflect what the values effectively mean.
347 */
348#if defined(__GNUC__) && (__GNUC__ > 3)
349/* make GCC warn when we use these #defines */
350/*
351 *  This is really painful because GCC doesn't allow us to mark random
352 *  #defines as deprecated. We can only mark the following:
353 *      functions, variables, and types.
354 *  const variables will create extra storage for everyone including this
355 *       header file, so it's undesirable.
356 *  functions could be inlined to prevent storage creation, but will fail
357 *       when constant values are expected (like switch statements).
358 *  enum types do not seem to pay attention to the deprecated attribute.
359 *
360 *  That leaves typedefs. We declare new types that we then deprecate, then
361 *  cast the resulting value to the deprecated type in the #define, thus
362 *  producting the warning when the #define is used.
363 */
364#if (__GNUC__  == 4) && (__GNUC_MINOR__ < 5)
365/* The mac doesn't like the friendlier deprecate messages. I'm assuming this
366 * is a gcc version issue rather than mac or ppc specific */
367typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated));
368typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated));
369typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated));
370#else
371/* when possible, get a full deprecation warning. This works on gcc 4.5
372 * it may work on earlier versions of gcc */
373typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated
374    ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST")));
375typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated
376    ("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED")));
377typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated
378    ("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN")));
379#endif
380#define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST)
381#define CKT_NSS_VALID     ((__CKT_NSS_VALID) CKT_NSS_NOT_TRUSTED)
382/* keep the old value for compatibility reasons*/
383#define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS +4))
384#else
385#ifdef _WIN32
386/* This magic gets the windows compiler to give us a deprecation
387 * warning */
388#pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID)
389#endif
390/* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */
391#define CKT_NSS_UNTRUSTED          CKT_NSS_MUST_VERIFY_TRUST
392/* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */
393#define CKT_NSS_VALID              CKT_NSS_NOT_TRUSTED
394/* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */
395#define CKT_NSS_MUST_VERIFY        (CKT_NSS + 4)  /*really means trust unknown*/
396#endif
397
398/* don't leave old programs in a lurch just yet, give them the old NETSCAPE
399 * synonym */
400#define CKO_NETSCAPE_CRL                CKO_NSS_CRL
401#define CKO_NETSCAPE_SMIME              CKO_NSS_SMIME
402#define CKO_NETSCAPE_TRUST              CKO_NSS_TRUST
403#define CKO_NETSCAPE_BUILTIN_ROOT_LIST  CKO_NSS_BUILTIN_ROOT_LIST
404#define CKO_NETSCAPE_NEWSLOT            CKO_NSS_NEWSLOT
405#define CKO_NETSCAPE_DELSLOT            CKO_NSS_DELSLOT
406#define CKK_NETSCAPE_PKCS8              CKK_NSS_PKCS8
407#define CKA_NETSCAPE_URL                CKA_NSS_URL
408#define CKA_NETSCAPE_EMAIL              CKA_NSS_EMAIL
409#define CKA_NETSCAPE_SMIME_INFO         CKA_NSS_SMIME_INFO
410#define CKA_NETSCAPE_SMIME_TIMESTAMP    CKA_NSS_SMIME_TIMESTAMP
411#define CKA_NETSCAPE_PKCS8_SALT         CKA_NSS_PKCS8_SALT
412#define CKA_NETSCAPE_PASSWORD_CHECK     CKA_NSS_PASSWORD_CHECK
413#define CKA_NETSCAPE_EXPIRES            CKA_NSS_EXPIRES
414#define CKA_NETSCAPE_KRL                CKA_NSS_KRL
415#define CKA_NETSCAPE_PQG_COUNTER        CKA_NSS_PQG_COUNTER
416#define CKA_NETSCAPE_PQG_SEED           CKA_NSS_PQG_SEED
417#define CKA_NETSCAPE_PQG_H              CKA_NSS_PQG_H
418#define CKA_NETSCAPE_PQG_SEED_BITS      CKA_NSS_PQG_SEED_BITS
419#define CKA_NETSCAPE_MODULE_SPEC        CKA_NSS_MODULE_SPEC
420#define CKM_NETSCAPE_AES_KEY_WRAP	CKM_NSS_AES_KEY_WRAP
421#define CKM_NETSCAPE_AES_KEY_WRAP_PAD	CKM_NSS_AES_KEY_WRAP_PAD
422#define CKR_NETSCAPE_CERTDB_FAILED      CKR_NSS_CERTDB_FAILED
423#define CKR_NETSCAPE_KEYDB_FAILED       CKR_NSS_KEYDB_FAILED
424
425#define CKT_NETSCAPE_TRUSTED            CKT_NSS_TRUSTED
426#define CKT_NETSCAPE_TRUSTED_DELEGATOR  CKT_NSS_TRUSTED_DELEGATOR
427#define CKT_NETSCAPE_UNTRUSTED          CKT_NSS_UNTRUSTED
428#define CKT_NETSCAPE_MUST_VERIFY        CKT_NSS_MUST_VERIFY
429#define CKT_NETSCAPE_TRUST_UNKNOWN      CKT_NSS_TRUST_UNKNOWN
430#define CKT_NETSCAPE_VALID              CKT_NSS_VALID
431#define CKT_NETSCAPE_VALID_DELEGATOR    CKT_NSS_VALID_DELEGATOR
432
433/*
434 * These are not really PKCS #11 values specifically. They are the 'loadable'
435 * module spec NSS uses. The are available for others to use as well, but not
436 * part of the formal PKCS #11 spec.
437 *
438 * The function 'FIND' returns an array of PKCS #11 initialization strings
439 * The function 'ADD' takes a PKCS #11 initialization string and stores it.
440 * The function 'DEL' takes a 'name= library=' value and deletes the associated
441 *  string.
442 * The function 'RELEASE' frees the array returned by 'FIND'
443 */
444#define SECMOD_MODULE_DB_FUNCTION_FIND  0
445#define SECMOD_MODULE_DB_FUNCTION_ADD   1
446#define SECMOD_MODULE_DB_FUNCTION_DEL   2
447#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 
448typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
449                                        char *parameters, void *moduleSpec);
450
451/* softoken slot ID's */
452#define SFTK_MIN_USER_SLOT_ID 4
453#define SFTK_MAX_USER_SLOT_ID 100
454#define SFTK_MIN_FIPS_USER_SLOT_ID 101
455#define SFTK_MAX_FIPS_USER_SLOT_ID 127
456
457
458#endif /* _PKCS11N_H_ */