/security/nss/lib/util/pkcs11n.h
C Header | 458 lines | 204 code | 53 blank | 201 comment | 3 complexity | 480b4e0b2c4861cdfad0a515615f5643 MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is 17 * Netscape Communications Corporation. 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000 19 * the Initial Developer. All Rights Reserved. 20 * 21 * Contributor(s): 22 * Dr Stephen Henson <stephen.henson@gemplus.com> 23 * 24 * Alternatively, the contents of this file may be used under the terms of 25 * either the GNU General Public License Version 2 or later (the "GPL"), or 26 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 27 * in which case the provisions of the GPL or the LGPL are applicable instead 28 * of those above. If you wish to allow use of your version of this file only 29 * under the terms of either the GPL or the LGPL, and not to allow others to 30 * use your version of this file under the terms of the MPL, indicate your 31 * decision by deleting the provisions above and replace them with the notice 32 * and other provisions required by the GPL or the LGPL. If you do not delete 33 * the provisions above, a recipient may use your version of this file under 34 * the terms of any one of the MPL, the GPL or the LGPL. 35 * 36 * ***** END LICENSE BLOCK ***** */ 37 38#ifndef _PKCS11N_H_ 39#define _PKCS11N_H_ 40 41#ifdef DEBUG 42static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.27 $ $Date: 2011/11/24 12:26:35 $"; 43#endif /* DEBUG */ 44 45/* 46 * pkcs11n.h 47 * 48 * This file contains the NSS-specific type definitions for Cryptoki 49 * (PKCS#11). 50 */ 51 52/* 53 * NSSCK_VENDOR_NSS 54 * 55 * Cryptoki reserves the high half of all the number spaces for 56 * vendor-defined use. I'd like to keep all of our NSS- 57 * specific values together, but not in the oh-so-obvious 58 * 0x80000001, 0x80000002, etc. area. So I've picked an offset, 59 * and constructed values for the beginnings of our spaces. 60 * 61 * Note that some "historical" Netscape values don't fall within 62 * this range. 63 */ 64#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */ 65 66/* 67 * NSS-defined object classes 68 * 69 */ 70#define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 71 72#define CKO_NSS_CRL (CKO_NSS + 1) 73#define CKO_NSS_SMIME (CKO_NSS + 2) 74#define CKO_NSS_TRUST (CKO_NSS + 3) 75#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) 76#define CKO_NSS_NEWSLOT (CKO_NSS + 5) 77#define CKO_NSS_DELSLOT (CKO_NSS + 6) 78 79 80/* 81 * NSS-defined key types 82 * 83 */ 84#define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 85 86#define CKK_NSS_PKCS8 (CKK_NSS + 1) 87 88#define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) 89#define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) 90 91/* 92 * NSS-defined certificate types 93 * 94 */ 95#define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 96 97/* FAKE PKCS #11 defines */ 98#define CKA_DIGEST 0x81000000L 99#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ 100 101/* 102 * NSS-defined object attributes 103 * 104 */ 105#define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 106 107#define CKA_NSS_URL (CKA_NSS + 1) 108#define CKA_NSS_EMAIL (CKA_NSS + 2) 109#define CKA_NSS_SMIME_INFO (CKA_NSS + 3) 110#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4) 111#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5) 112#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6) 113#define CKA_NSS_EXPIRES (CKA_NSS + 7) 114#define CKA_NSS_KRL (CKA_NSS + 8) 115 116#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20) 117#define CKA_NSS_PQG_SEED (CKA_NSS + 21) 118#define CKA_NSS_PQG_H (CKA_NSS + 22) 119#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23) 120#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) 121#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) 122 123#define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26) 124#define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27) 125#define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28) 126#define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29) 127#define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30) 128#define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31) 129#define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) 130#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) 131 132/* 133 * Trust attributes: 134 * 135 * If trust goes standard, these probably will too. So I'll 136 * put them all in one place. 137 */ 138 139#define CKA_TRUST (CKA_NSS + 0x2000) 140 141/* "Usage" key information */ 142#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1) 143#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2) 144#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3) 145#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4) 146#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5) 147#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6) 148#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7) 149 150/* "Purpose" trust information */ 151#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8) 152#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9) 153#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10) 154#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11) 155#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12) 156#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13) 157#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14) 158#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15) 159#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16) 160 161#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100) 162#define CKA_CERT_MD5_HASH (CKA_TRUST + 101) 163 164/* NSS trust stuff */ 165 166/* HISTORICAL: define used to pass in the database key for DSA private keys */ 167#define CKA_NETSCAPE_DB 0xD5A0DB00L 168#define CKA_NETSCAPE_TRUST 0x80000001L 169 170/* FAKE PKCS #11 defines */ 171#define CKM_FAKE_RANDOM 0x80000efeUL 172#define CKM_INVALID_MECHANISM 0xffffffffUL 173 174/* 175 * NSS-defined crypto mechanisms 176 * 177 */ 178#define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 179 180#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) 181#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) 182 183/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ 184#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) 185#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) 186#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) 187#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) 188 189/* J-PAKE round 1 key generation mechanisms. 190 * 191 * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, 192 * CKA_NSS_JPAKE_SIGNERID 193 * Output key type: CKK_NSS_JPAKE_ROUND1 194 * Output key class: CKO_PRIVATE_KEY 195 * Parameter type: CK_NSS_JPAKERound1Params 196 * 197 */ 198#define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7) 199#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8) 200#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9) 201#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) 202 203/* J-PAKE round 2 key derivation mechanisms. 204 * 205 * Required template attributes: CKA_NSS_JPAKE_PEERID 206 * Input key type: CKK_NSS_JPAKE_ROUND1 207 * Output key type: CKK_NSS_JPAKE_ROUND2 208 * Output key class: CKO_PRIVATE_KEY 209 * Parameter type: CK_NSS_JPAKERound2Params 210 */ 211#define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11) 212#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12) 213#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) 214#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) 215 216/* J-PAKE final key material derivation mechanisms 217 * 218 * Input key type: CKK_NSS_JPAKE_ROUND2 219 * Output key type: CKK_GENERIC_SECRET 220 * Output key class: CKO_SECRET_KEY 221 * Parameter type: CK_NSS_JPAKEFinalParams 222 * 223 * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material 224 * to get a key with uniformly distributed bits. 225 */ 226#define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) 227#define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) 228#define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) 229#define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) 230 231/* 232 * HISTORICAL: 233 * Do not attempt to use these. They are only used by NETSCAPE's internal 234 * PKCS #11 interface. Most of these are place holders for other mechanism 235 * and will change in the future. 236 */ 237#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL 238#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL 239#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL 240#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL 241#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL 242#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL 243#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL 244#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL 245#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL 246#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL 247 248#define CKM_TLS_PRF_GENERAL 0x80000373UL 249 250typedef struct CK_NSS_JPAKEPublicValue { 251 CK_BYTE * pGX; 252 CK_ULONG ulGXLen; 253 CK_BYTE * pGV; 254 CK_ULONG ulGVLen; 255 CK_BYTE * pR; 256 CK_ULONG ulRLen; 257} CK_NSS_JPAKEPublicValue; 258 259typedef struct CK_NSS_JPAKERound1Params { 260 CK_NSS_JPAKEPublicValue gx1; /* out */ 261 CK_NSS_JPAKEPublicValue gx2; /* out */ 262} CK_NSS_JPAKERound1Params; 263 264typedef struct CK_NSS_JPAKERound2Params { 265 CK_BYTE * pSharedKey; /* in */ 266 CK_ULONG ulSharedKeyLen; /* in */ 267 CK_NSS_JPAKEPublicValue gx3; /* in */ 268 CK_NSS_JPAKEPublicValue gx4; /* in */ 269 CK_NSS_JPAKEPublicValue A; /* out */ 270} CK_NSS_JPAKERound2Params; 271 272typedef struct CK_NSS_JPAKEFinalParams { 273 CK_NSS_JPAKEPublicValue B; /* in */ 274} CK_NSS_JPAKEFinalParams; 275 276/* 277 * NSS-defined return values 278 * 279 */ 280#define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 281 282#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) 283#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) 284 285/* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. 286 See RFC 5869. 287 288 bExtract: If set, HKDF-Extract will be applied to the input key. If 289 the optional salt is given, it is used; otherwise, the salt is 290 set to a sequence of zeros equal in length to the HMAC output. 291 If bExpand is not set, then the key template given to 292 C_DeriveKey must indicate an output key size less than or equal 293 to the output size of the HMAC. 294 295 bExpand: If set, HKDF-Expand will be applied to the input key (if 296 bExtract is not set) or to the result of HKDF-Extract (if 297 bExtract is set). Any info given in the optional pInfo field will 298 be included in the calculation. 299 300 The size of the output key must be specified in the template passed to 301 C_DeriveKey. 302*/ 303typedef struct CK_NSS_HKDFParams { 304 CK_BBOOL bExtract; 305 CK_BYTE_PTR pSalt; 306 CK_ULONG ulSaltLen; 307 CK_BBOOL bExpand; 308 CK_BYTE_PTR pInfo; 309 CK_ULONG ulInfoLen; 310} CK_NSS_HKDFParams; 311 312/* 313 * Trust info 314 * 315 * This isn't part of the Cryptoki standard (yet), so I'm putting 316 * all the definitions here. Some of this would move to nssckt.h 317 * if trust info were made part of the standard. In view of this 318 * possibility, I'm putting my (NSS) values in the NSS 319 * vendor space, like everything else. 320 */ 321 322typedef CK_ULONG CK_TRUST; 323 324/* The following trust types are defined: */ 325#define CKT_VENDOR_DEFINED 0x80000000 326 327#define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS) 328 329/* If trust goes standard, these'll probably drop out of vendor space. */ 330#define CKT_NSS_TRUSTED (CKT_NSS + 1) 331#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2) 332#define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3) 333#define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) 334#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ 335 336/* 337 * These may well remain NSS-specific; I'm only using them 338 * to cache resolution data. 339 */ 340#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) 341 342 343/* 344 * old definitions. They still exist, but the plain meaning of the 345 * labels have never been accurate to what was really implemented. 346 * The new labels correctly reflect what the values effectively mean. 347 */ 348#if defined(__GNUC__) && (__GNUC__ > 3) 349/* make GCC warn when we use these #defines */ 350/* 351 * This is really painful because GCC doesn't allow us to mark random 352 * #defines as deprecated. We can only mark the following: 353 * functions, variables, and types. 354 * const variables will create extra storage for everyone including this 355 * header file, so it's undesirable. 356 * functions could be inlined to prevent storage creation, but will fail 357 * when constant values are expected (like switch statements). 358 * enum types do not seem to pay attention to the deprecated attribute. 359 * 360 * That leaves typedefs. We declare new types that we then deprecate, then 361 * cast the resulting value to the deprecated type in the #define, thus 362 * producting the warning when the #define is used. 363 */ 364#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) 365/* The mac doesn't like the friendlier deprecate messages. I'm assuming this 366 * is a gcc version issue rather than mac or ppc specific */ 367typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); 368typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated)); 369typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated)); 370#else 371/* when possible, get a full deprecation warning. This works on gcc 4.5 372 * it may work on earlier versions of gcc */ 373typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated 374 ("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST"))); 375typedef CK_TRUST __CKT_NSS_VALID __attribute__ ((deprecated 376 ("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED"))); 377typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated 378 ("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN"))); 379#endif 380#define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST) 381#define CKT_NSS_VALID ((__CKT_NSS_VALID) CKT_NSS_NOT_TRUSTED) 382/* keep the old value for compatibility reasons*/ 383#define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS +4)) 384#else 385#ifdef _WIN32 386/* This magic gets the windows compiler to give us a deprecation 387 * warning */ 388#pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) 389#endif 390/* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */ 391#define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST 392/* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */ 393#define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED 394/* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */ 395#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/ 396#endif 397 398/* don't leave old programs in a lurch just yet, give them the old NETSCAPE 399 * synonym */ 400#define CKO_NETSCAPE_CRL CKO_NSS_CRL 401#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME 402#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST 403#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST 404#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT 405#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT 406#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8 407#define CKA_NETSCAPE_URL CKA_NSS_URL 408#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL 409#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO 410#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP 411#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT 412#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK 413#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES 414#define CKA_NETSCAPE_KRL CKA_NSS_KRL 415#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER 416#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED 417#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H 418#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS 419#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC 420#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP 421#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD 422#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED 423#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED 424 425#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED 426#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR 427#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED 428#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY 429#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN 430#define CKT_NETSCAPE_VALID CKT_NSS_VALID 431#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR 432 433/* 434 * These are not really PKCS #11 values specifically. They are the 'loadable' 435 * module spec NSS uses. The are available for others to use as well, but not 436 * part of the formal PKCS #11 spec. 437 * 438 * The function 'FIND' returns an array of PKCS #11 initialization strings 439 * The function 'ADD' takes a PKCS #11 initialization string and stores it. 440 * The function 'DEL' takes a 'name= library=' value and deletes the associated 441 * string. 442 * The function 'RELEASE' frees the array returned by 'FIND' 443 */ 444#define SECMOD_MODULE_DB_FUNCTION_FIND 0 445#define SECMOD_MODULE_DB_FUNCTION_ADD 1 446#define SECMOD_MODULE_DB_FUNCTION_DEL 2 447#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 448typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, 449 char *parameters, void *moduleSpec); 450 451/* softoken slot ID's */ 452#define SFTK_MIN_USER_SLOT_ID 4 453#define SFTK_MAX_USER_SLOT_ID 100 454#define SFTK_MIN_FIPS_USER_SLOT_ID 101 455#define SFTK_MAX_FIPS_USER_SLOT_ID 127 456 457 458#endif /* _PKCS11N_H_ */