PageRenderTime 40ms CodeModel.GetById 13ms RepoModel.GetById 1ms app.codeStats 0ms

/gecko_api/include/nssckmdt.h

http://firefox-mac-pdf.googlecode.com/
C Header | 1981 lines | 954 code | 146 blank | 881 comment | 0 complexity | a3414c36f2039c601927cb0ae598264d MD5 | raw file
  1. /* ***** BEGIN LICENSE BLOCK *****
  2. * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  3. *
  4. * The contents of this file are subject to the Mozilla Public License Version
  5. * 1.1 (the "License"); you may not use this file except in compliance with
  6. * the License. You may obtain a copy of the License at
  7. * http://www.mozilla.org/MPL/
  8. *
  9. * Software distributed under the License is distributed on an "AS IS" basis,
  10. * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11. * for the specific language governing rights and limitations under the
  12. * License.
  13. *
  14. * The Original Code is the Netscape security libraries.
  15. *
  16. * The Initial Developer of the Original Code is
  17. * Netscape Communications Corporation.
  18. * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19. * the Initial Developer. All Rights Reserved.
  20. *
  21. * Contributor(s):
  22. *
  23. * Alternatively, the contents of this file may be used under the terms of
  24. * either the GNU General Public License Version 2 or later (the "GPL"), or
  25. * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26. * in which case the provisions of the GPL or the LGPL are applicable instead
  27. * of those above. If you wish to allow use of your version of this file only
  28. * under the terms of either the GPL or the LGPL, and not to allow others to
  29. * use your version of this file under the terms of the MPL, indicate your
  30. * decision by deleting the provisions above and replace them with the notice
  31. * and other provisions required by the GPL or the LGPL. If you do not delete
  32. * the provisions above, a recipient may use your version of this file under
  33. * the terms of any one of the MPL, the GPL or the LGPL.
  34. *
  35. * ***** END LICENSE BLOCK ***** */
  36. #ifndef NSSCKMDT_H
  37. #define NSSCKMDT_H
  38. #ifdef DEBUG
  39. static const char NSSCKMDT_CVS_ID[] = "@(#) $RCSfile: nssckmdt.h,v $ $Revision: 1.6 $ $Date: 2005/12/16 00:48:01 $";
  40. #endif /* DEBUG */
  41. /*
  42. * nssckmdt.h
  43. *
  44. * This file specifies the basic types that must be implemented by
  45. * any Module using the NSS Cryptoki Framework.
  46. */
  47. #ifndef NSSBASET_H
  48. #include "nssbaset.h"
  49. #endif /* NSSBASET_H */
  50. #ifndef NSSCKT_H
  51. #include "nssckt.h"
  52. #endif /* NSSCKT_H */
  53. #ifndef NSSCKFWT_H
  54. #include "nssckfwt.h"
  55. #endif /* NSSCKFWT_H */
  56. typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
  57. typedef struct NSSCKMDSlotStr NSSCKMDSlot;
  58. typedef struct NSSCKMDTokenStr NSSCKMDToken;
  59. typedef struct NSSCKMDSessionStr NSSCKMDSession;
  60. typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
  61. typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
  62. typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
  63. typedef struct NSSCKMDObjectStr NSSCKMDObject;
  64. /*
  65. * NSSCKFWItem
  66. *
  67. * This is a structure used by modules to return object attributes.
  68. * The needsFreeing bit indicates whether the object needs to be freed.
  69. * If so, the framework will call the FreeAttribute function on the item
  70. * after it is done using it.
  71. *
  72. */
  73. typedef struct {
  74. PRBool needsFreeing;
  75. NSSItem* item;
  76. } NSSCKFWItem ;
  77. /*
  78. * NSSCKMDInstance
  79. *
  80. * This is the basic handle for an instance of a PKCS#11 Module.
  81. * It is returned by the Module's CreateInstance routine, and
  82. * may be obtained from the corresponding NSSCKFWInstance object.
  83. * It contains a pointer for use by the Module, to store any
  84. * instance-related data, and it contains the EPV for a set of
  85. * routines which the Module may implement for use by the Framework.
  86. * Some of these routines are optional; others are mandatory.
  87. */
  88. struct NSSCKMDInstanceStr {
  89. /*
  90. * The Module may use this pointer for its own purposes.
  91. */
  92. void *etc;
  93. /*
  94. * This routine is called by the Framework to initialize
  95. * the Module. This routine is optional; if unimplemented,
  96. * it won't be called. If this routine returns an error,
  97. * then the initialization will fail.
  98. */
  99. CK_RV (PR_CALLBACK *Initialize)(
  100. NSSCKMDInstance *mdInstance,
  101. NSSCKFWInstance *fwInstance,
  102. NSSUTF8 *configurationData
  103. );
  104. /*
  105. * This routine is called when the Framework is finalizing
  106. * the PKCS#11 Module. It is the last thing called before
  107. * the NSSCKFWInstance's NSSArena is destroyed. This routine
  108. * is optional; if unimplemented, it merely won't be called.
  109. */
  110. void (PR_CALLBACK *Finalize)(
  111. NSSCKMDInstance *mdInstance,
  112. NSSCKFWInstance *fwInstance
  113. );
  114. /*
  115. * This routine gets the number of slots. This value must
  116. * never change, once the instance is initialized. This
  117. * routine must be implemented. It may return zero on error.
  118. */
  119. CK_ULONG (PR_CALLBACK *GetNSlots)(
  120. NSSCKMDInstance *mdInstance,
  121. NSSCKFWInstance *fwInstance,
  122. CK_RV *pError
  123. );
  124. /*
  125. * This routine returns the version of the Cryptoki standard
  126. * to which this Module conforms. This routine is optional;
  127. * if unimplemented, the Framework uses the version to which
  128. * ~it~ was implemented.
  129. */
  130. CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
  131. NSSCKMDInstance *mdInstance,
  132. NSSCKFWInstance *fwInstance
  133. );
  134. /*
  135. * This routine returns a pointer to a UTF8-encoded string
  136. * containing the manufacturer ID for this Module. Only
  137. * the characters completely encoded in the first thirty-
  138. * two bytes are significant. This routine is optional.
  139. * The string returned is never freed; if dynamically generated,
  140. * the space for it should be allocated from the NSSArena
  141. * that may be obtained from the NSSCKFWInstance. This
  142. * routine may return NULL upon error; however if *pError
  143. * is CKR_OK, the NULL will be considered the valid response.
  144. */
  145. NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
  146. NSSCKMDInstance *mdInstance,
  147. NSSCKFWInstance *fwInstance,
  148. CK_RV *pError
  149. );
  150. /*
  151. * This routine returns a pointer to a UTF8-encoded string
  152. * containing a description of this Module library. Only
  153. * the characters completely encoded in the first thirty-
  154. * two bytes are significant. This routine is optional.
  155. * The string returned is never freed; if dynamically generated,
  156. * the space for it should be allocated from the NSSArena
  157. * that may be obtained from the NSSCKFWInstance. This
  158. * routine may return NULL upon error; however if *pError
  159. * is CKR_OK, the NULL will be considered the valid response.
  160. */
  161. NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
  162. NSSCKMDInstance *mdInstance,
  163. NSSCKFWInstance *fwInstance,
  164. CK_RV *pError
  165. );
  166. /*
  167. * This routine returns the version of this Module library.
  168. * This routine is optional; if unimplemented, the Framework
  169. * will assume a Module library version of 0.1.
  170. */
  171. CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
  172. NSSCKMDInstance *mdInstance,
  173. NSSCKFWInstance *fwInstance
  174. );
  175. /*
  176. * This routine returns CK_TRUE if the Module wishes to
  177. * handle session objects. This routine is optional.
  178. * If this routine is NULL, or if it exists but returns
  179. * CK_FALSE, the Framework will assume responsibility
  180. * for managing session objects.
  181. */
  182. CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
  183. NSSCKMDInstance *mdInstance,
  184. NSSCKFWInstance *fwInstance
  185. );
  186. /*
  187. * This routine stuffs pointers to NSSCKMDSlot objects into
  188. * the specified array; one for each slot supported by this
  189. * instance. The Framework will determine the size needed
  190. * for the array by calling GetNSlots. This routine is
  191. * required.
  192. */
  193. CK_RV (PR_CALLBACK *GetSlots)(
  194. NSSCKMDInstance *mdInstance,
  195. NSSCKFWInstance *fwInstance,
  196. NSSCKMDSlot *slots[]
  197. );
  198. /*
  199. * This call returns a pointer to the slot in which an event
  200. * has occurred. If the block argument is CK_TRUE, the call
  201. * should block until a slot event occurs; if CK_FALSE, it
  202. * should check to see if an event has occurred, occurred,
  203. * but return NULL (and set *pError to CK_NO_EVENT) if one
  204. * hasn't. This routine is optional; if unimplemented, the
  205. * Framework will assume that no event has happened. This
  206. * routine may return NULL upon error.
  207. */
  208. NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
  209. NSSCKMDInstance *mdInstance,
  210. NSSCKFWInstance *fwInstance,
  211. CK_BBOOL block,
  212. CK_RV *pError
  213. );
  214. /*
  215. * This object may be extended in future versions of the
  216. * NSS Cryptoki Framework. To allow for some flexibility
  217. * in the area of binary compatibility, this field should
  218. * be NULL.
  219. */
  220. void *null;
  221. };
  222. /*
  223. * NSSCKMDSlot
  224. *
  225. * This is the basic handle for a PKCS#11 Module Slot. It is
  226. * created by the NSSCKMDInstance->GetSlots call, and may be
  227. * obtained from the Framework's corresponding NSSCKFWSlot
  228. * object. It contains a pointer for use by the Module, to
  229. * store any slot-related data, and it contains the EPV for
  230. * a set of routines which the Module may implement for use
  231. * by the Framework. Some of these routines are optional.
  232. */
  233. struct NSSCKMDSlotStr {
  234. /*
  235. * The Module may use this pointer for its own purposes.
  236. */
  237. void *etc;
  238. /*
  239. * This routine is called during the Framework initialization
  240. * step, after the Framework Instance has obtained the list
  241. * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
  242. * specific initialization can be done here. This routine is
  243. * optional; if unimplemented, it won't be called. Note that
  244. * if this routine returns an error, the entire Framework
  245. * initialization for this Module will fail.
  246. */
  247. CK_RV (PR_CALLBACK *Initialize)(
  248. NSSCKMDSlot *mdSlot,
  249. NSSCKFWSlot *fwSlot,
  250. NSSCKMDInstance *mdInstance,
  251. NSSCKFWInstance *fwInstance
  252. );
  253. /*
  254. * This routine is called when the Framework is finalizing
  255. * the PKCS#11 Module. This call (for each of the slots)
  256. * is the last thing called before NSSCKMDInstance->Finalize.
  257. * This routine is optional; if unimplemented, it merely
  258. * won't be called. Note: In the rare circumstance that
  259. * the Framework initialization cannot complete (due to,
  260. * for example, memory limitations), this can be called with
  261. * a NULL value for fwSlot.
  262. */
  263. void (PR_CALLBACK *Destroy)(
  264. NSSCKMDSlot *mdSlot,
  265. NSSCKFWSlot *fwSlot,
  266. NSSCKMDInstance *mdInstance,
  267. NSSCKFWInstance *fwInstance
  268. );
  269. /*
  270. * This routine returns a pointer to a UTF8-encoded string
  271. * containing a description of this slot. Only the characters
  272. * completely encoded in the first sixty-four bytes are
  273. * significant. This routine is optional. The string
  274. * returned is never freed; if dynamically generated,
  275. * the space for it should be allocated from the NSSArena
  276. * that may be obtained from the NSSCKFWInstance. This
  277. * routine may return NULL upon error; however if *pError
  278. * is CKR_OK, the NULL will be considered the valid response.
  279. */
  280. NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
  281. NSSCKMDSlot *mdSlot,
  282. NSSCKFWSlot *fwSlot,
  283. NSSCKMDInstance *mdInstance,
  284. NSSCKFWInstance *fwInstance,
  285. CK_RV *pError
  286. );
  287. /*
  288. * This routine returns a pointer to a UTF8-encoded string
  289. * containing a description of the manufacturer of this slot.
  290. * Only the characters completely encoded in the first thirty-
  291. * two bytes are significant. This routine is optional.
  292. * The string returned is never freed; if dynamically generated,
  293. * the space for it should be allocated from the NSSArena
  294. * that may be obtained from the NSSCKFWInstance. This
  295. * routine may return NULL upon error; however if *pError
  296. * is CKR_OK, the NULL will be considered the valid response.
  297. */
  298. NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
  299. NSSCKMDSlot *mdSlot,
  300. NSSCKFWSlot *fwSlot,
  301. NSSCKMDInstance *mdInstance,
  302. NSSCKFWInstance *fwInstance,
  303. CK_RV *pError
  304. );
  305. /*
  306. * This routine returns CK_TRUE if a token is present in this
  307. * slot. This routine is optional; if unimplemented, CK_TRUE
  308. * is assumed.
  309. */
  310. CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
  311. NSSCKMDSlot *mdSlot,
  312. NSSCKFWSlot *fwSlot,
  313. NSSCKMDInstance *mdInstance,
  314. NSSCKFWInstance *fwInstance
  315. );
  316. /*
  317. * This routine returns CK_TRUE if the slot supports removable
  318. * tokens. This routine is optional; if unimplemented, CK_FALSE
  319. * is assumed.
  320. */
  321. CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
  322. NSSCKMDSlot *mdSlot,
  323. NSSCKFWSlot *fwSlot,
  324. NSSCKMDInstance *mdInstance,
  325. NSSCKFWInstance *fwInstance
  326. );
  327. /*
  328. * This routine returns CK_TRUE if this slot is a hardware
  329. * device, or CK_FALSE if this slot is a software device. This
  330. * routine is optional; if unimplemented, CK_FALSE is assumed.
  331. */
  332. CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
  333. NSSCKMDSlot *mdSlot,
  334. NSSCKFWSlot *fwSlot,
  335. NSSCKMDInstance *mdInstance,
  336. NSSCKFWInstance *fwInstance
  337. );
  338. /*
  339. * This routine returns the version of this slot's hardware.
  340. * This routine is optional; if unimplemented, the Framework
  341. * will assume a hardware version of 0.1.
  342. */
  343. CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
  344. NSSCKMDSlot *mdSlot,
  345. NSSCKFWSlot *fwSlot,
  346. NSSCKMDInstance *mdInstance,
  347. NSSCKFWInstance *fwInstance
  348. );
  349. /*
  350. * This routine returns the version of this slot's firmware.
  351. * This routine is optional; if unimplemented, the Framework
  352. * will assume a hardware version of 0.1.
  353. */
  354. CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
  355. NSSCKMDSlot *mdSlot,
  356. NSSCKFWSlot *fwSlot,
  357. NSSCKMDInstance *mdInstance,
  358. NSSCKFWInstance *fwInstance
  359. );
  360. /*
  361. * This routine should return a pointer to an NSSCKMDToken
  362. * object corresponding to the token in the specified slot.
  363. * The NSSCKFWToken object passed in has an NSSArena
  364. * available which is dedicated for this token. This routine
  365. * must be implemented. This routine may return NULL upon
  366. * error.
  367. */
  368. NSSCKMDToken *(PR_CALLBACK *GetToken)(
  369. NSSCKMDSlot *mdSlot,
  370. NSSCKFWSlot *fwSlot,
  371. NSSCKMDInstance *mdInstance,
  372. NSSCKFWInstance *fwInstance,
  373. CK_RV *pError
  374. );
  375. /*
  376. * This object may be extended in future versions of the
  377. * NSS Cryptoki Framework. To allow for some flexibility
  378. * in the area of binary compatibility, this field should
  379. * be NULL.
  380. */
  381. void *null;
  382. };
  383. /*
  384. * NSSCKMDToken
  385. *
  386. * This is the basic handle for a PKCS#11 Token. It is created by
  387. * the NSSCKMDSlot->GetToken call, and may be obtained from the
  388. * Framework's corresponding NSSCKFWToken object. It contains a
  389. * pointer for use by the Module, to store any token-related
  390. * data, and it contains the EPV for a set of routines which the
  391. * Module may implement for use by the Framework. Some of these
  392. * routines are optional.
  393. */
  394. struct NSSCKMDTokenStr {
  395. /*
  396. * The Module may use this pointer for its own purposes.
  397. */
  398. void *etc;
  399. /*
  400. * This routine is used to prepare a Module token object for
  401. * use. It is called after the NSSCKMDToken object is obtained
  402. * from NSSCKMDSlot->GetToken. It is named "Setup" here because
  403. * Cryptoki already defines "InitToken" to do the process of
  404. * wiping out any existing state on a token and preparing it for
  405. * a new use. This routine is optional; if unimplemented, it
  406. * merely won't be called.
  407. */
  408. CK_RV (PR_CALLBACK *Setup)(
  409. NSSCKMDToken *mdToken,
  410. NSSCKFWToken *fwToken,
  411. NSSCKMDInstance *mdInstance,
  412. NSSCKFWInstance *fwInstance
  413. );
  414. /*
  415. * This routine is called by the Framework whenever it notices
  416. * that the token object is invalid. (Typically this is when a
  417. * routine indicates an error such as CKR_DEVICE_REMOVED). This
  418. * call is the last thing called before the NSSArena in the
  419. * corresponding NSSCKFWToken is destroyed. This routine is
  420. * optional; if unimplemented, it merely won't be called.
  421. */
  422. void (PR_CALLBACK *Invalidate)(
  423. NSSCKMDToken *mdToken,
  424. NSSCKFWToken *fwToken,
  425. NSSCKMDInstance *mdInstance,
  426. NSSCKFWInstance *fwInstance
  427. );
  428. /*
  429. * This routine initialises the token in the specified slot.
  430. * This routine is optional; if unimplemented, the Framework
  431. * will fail this operation with an error of CKR_DEVICE_ERROR.
  432. */
  433. CK_RV (PR_CALLBACK *InitToken)(
  434. NSSCKMDToken *mdToken,
  435. NSSCKFWToken *fwToken,
  436. NSSCKMDInstance *mdInstance,
  437. NSSCKFWInstance *fwInstance,
  438. NSSItem *pin,
  439. NSSUTF8 *label
  440. );
  441. /*
  442. * This routine returns a pointer to a UTF8-encoded string
  443. * containing this token's label. Only the characters
  444. * completely encoded in the first thirty-two bytes are
  445. * significant. This routine is optional. The string
  446. * returned is never freed; if dynamically generated,
  447. * the space for it should be allocated from the NSSArena
  448. * that may be obtained from the NSSCKFWInstance. This
  449. * routine may return NULL upon error; however if *pError
  450. * is CKR_OK, the NULL will be considered the valid response.
  451. */
  452. NSSUTF8 *(PR_CALLBACK *GetLabel)(
  453. NSSCKMDToken *mdToken,
  454. NSSCKFWToken *fwToken,
  455. NSSCKMDInstance *mdInstance,
  456. NSSCKFWInstance *fwInstance,
  457. CK_RV *pError
  458. );
  459. /*
  460. * This routine returns a pointer to a UTF8-encoded string
  461. * containing this token's manufacturer ID. Only the characters
  462. * completely encoded in the first thirty-two bytes are
  463. * significant. This routine is optional. The string
  464. * returned is never freed; if dynamically generated,
  465. * the space for it should be allocated from the NSSArena
  466. * that may be obtained from the NSSCKFWInstance. This
  467. * routine may return NULL upon error; however if *pError
  468. * is CKR_OK, the NULL will be considered the valid response.
  469. */
  470. NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
  471. NSSCKMDToken *mdToken,
  472. NSSCKFWToken *fwToken,
  473. NSSCKMDInstance *mdInstance,
  474. NSSCKFWInstance *fwInstance,
  475. CK_RV *pError
  476. );
  477. /*
  478. * This routine returns a pointer to a UTF8-encoded string
  479. * containing this token's model name. Only the characters
  480. * completely encoded in the first thirty-two bytes are
  481. * significant. This routine is optional. The string
  482. * returned is never freed; if dynamically generated,
  483. * the space for it should be allocated from the NSSArena
  484. * that may be obtained from the NSSCKFWInstance. This
  485. * routine may return NULL upon error; however if *pError
  486. * is CKR_OK, the NULL will be considered the valid response.
  487. */
  488. NSSUTF8 *(PR_CALLBACK *GetModel)(
  489. NSSCKMDToken *mdToken,
  490. NSSCKFWToken *fwToken,
  491. NSSCKMDInstance *mdInstance,
  492. NSSCKFWInstance *fwInstance,
  493. CK_RV *pError
  494. );
  495. /*
  496. * This routine returns a pointer to a UTF8-encoded string
  497. * containing this token's serial number. Only the characters
  498. * completely encoded in the first thirty-two bytes are
  499. * significant. This routine is optional. The string
  500. * returned is never freed; if dynamically generated,
  501. * the space for it should be allocated from the NSSArena
  502. * that may be obtained from the NSSCKFWInstance. This
  503. * routine may return NULL upon error; however if *pError
  504. * is CKR_OK, the NULL will be considered the valid response.
  505. */
  506. NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
  507. NSSCKMDToken *mdToken,
  508. NSSCKFWToken *fwToken,
  509. NSSCKMDInstance *mdInstance,
  510. NSSCKFWInstance *fwInstance,
  511. CK_RV *pError
  512. );
  513. /*
  514. * This routine returns CK_TRUE if the token has its own
  515. * random number generator. This routine is optional; if
  516. * unimplemented, CK_FALSE is assumed.
  517. */
  518. CK_BBOOL (PR_CALLBACK *GetHasRNG)(
  519. NSSCKMDToken *mdToken,
  520. NSSCKFWToken *fwToken,
  521. NSSCKMDInstance *mdInstance,
  522. NSSCKFWInstance *fwInstance
  523. );
  524. /*
  525. * This routine returns CK_TRUE if this token is write-protected.
  526. * This routine is optional; if unimplemented, CK_FALSE is
  527. * assumed.
  528. */
  529. CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
  530. NSSCKMDToken *mdToken,
  531. NSSCKFWToken *fwToken,
  532. NSSCKMDInstance *mdInstance,
  533. NSSCKFWInstance *fwInstance
  534. );
  535. /*
  536. * This routine returns CK_TRUE if this token requires a login.
  537. * This routine is optional; if unimplemented, CK_FALSE is
  538. * assumed.
  539. */
  540. CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
  541. NSSCKMDToken *mdToken,
  542. NSSCKFWToken *fwToken,
  543. NSSCKMDInstance *mdInstance,
  544. NSSCKFWInstance *fwInstance
  545. );
  546. /*
  547. * This routine returns CK_TRUE if the normal user's PIN on this
  548. * token has been initialised. This routine is optional; if
  549. * unimplemented, CK_FALSE is assumed.
  550. */
  551. CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
  552. NSSCKMDToken *mdToken,
  553. NSSCKFWToken *fwToken,
  554. NSSCKMDInstance *mdInstance,
  555. NSSCKFWInstance *fwInstance
  556. );
  557. /*
  558. * This routine returns CK_TRUE if a successful save of a
  559. * session's cryptographic operations state ~always~ contains
  560. * all keys needed to restore the state of the session. This
  561. * routine is optional; if unimplemented, CK_FALSE is assumed.
  562. */
  563. CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
  564. NSSCKMDToken *mdToken,
  565. NSSCKFWToken *fwToken,
  566. NSSCKMDInstance *mdInstance,
  567. NSSCKFWInstance *fwInstance
  568. );
  569. /*
  570. * This routine returns CK_TRUE if the token has its own
  571. * hardware clock. This routine is optional; if unimplemented,
  572. * CK_FALSE is assumed.
  573. */
  574. CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
  575. NSSCKMDToken *mdToken,
  576. NSSCKFWToken *fwToken,
  577. NSSCKMDInstance *mdInstance,
  578. NSSCKFWInstance *fwInstance
  579. );
  580. /*
  581. * This routine returns CK_TRUE if the token has a protected
  582. * authentication path. This routine is optional; if
  583. * unimplemented, CK_FALSE is assumed.
  584. */
  585. CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
  586. NSSCKMDToken *mdToken,
  587. NSSCKFWToken *fwToken,
  588. NSSCKMDInstance *mdInstance,
  589. NSSCKFWInstance *fwInstance
  590. );
  591. /*
  592. * This routine returns CK_TRUE if the token supports dual
  593. * cryptographic operations within a single session. This
  594. * routine is optional; if unimplemented, CK_FALSE is assumed.
  595. */
  596. CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
  597. NSSCKMDToken *mdToken,
  598. NSSCKFWToken *fwToken,
  599. NSSCKMDInstance *mdInstance,
  600. NSSCKFWInstance *fwInstance
  601. );
  602. /*
  603. * XXX fgmr-- should we have a call to return all the flags
  604. * at once, for folks who already know about Cryptoki?
  605. */
  606. /*
  607. * This routine returns the maximum number of sessions that
  608. * may be opened on this token. This routine is optional;
  609. * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
  610. * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
  611. */
  612. CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
  613. NSSCKMDToken *mdToken,
  614. NSSCKFWToken *fwToken,
  615. NSSCKMDInstance *mdInstance,
  616. NSSCKFWInstance *fwInstance
  617. );
  618. /*
  619. * This routine returns the maximum number of read/write
  620. * sesisons that may be opened on this token. This routine
  621. * is optional; if unimplemented, the special value
  622. * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
  623. * CK_EFFECTIVELY_INFINITE?
  624. */
  625. CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
  626. NSSCKMDToken *mdToken,
  627. NSSCKFWToken *fwToken,
  628. NSSCKMDInstance *mdInstance,
  629. NSSCKFWInstance *fwInstance
  630. );
  631. /*
  632. * This routine returns the maximum PIN code length that is
  633. * supported on this token. This routine is optional;
  634. * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
  635. * is assumed.
  636. */
  637. CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
  638. NSSCKMDToken *mdToken,
  639. NSSCKFWToken *fwToken,
  640. NSSCKMDInstance *mdInstance,
  641. NSSCKFWInstance *fwInstance
  642. );
  643. /*
  644. * This routine returns the minimum PIN code length that is
  645. * supported on this token. This routine is optional; if
  646. * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
  647. * is assumed. XXX fgmr-- or 0?
  648. */
  649. CK_ULONG (PR_CALLBACK *GetMinPinLen)(
  650. NSSCKMDToken *mdToken,
  651. NSSCKFWToken *fwToken,
  652. NSSCKMDInstance *mdInstance,
  653. NSSCKFWInstance *fwInstance
  654. );
  655. /*
  656. * This routine returns the total amount of memory on the token
  657. * in which public objects may be stored. This routine is
  658. * optional; if unimplemented, the special value
  659. * CK_UNAVAILABLE_INFORMATION is assumed.
  660. */
  661. CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
  662. NSSCKMDToken *mdToken,
  663. NSSCKFWToken *fwToken,
  664. NSSCKMDInstance *mdInstance,
  665. NSSCKFWInstance *fwInstance
  666. );
  667. /*
  668. * This routine returns the amount of unused memory on the
  669. * token in which public objects may be stored. This routine
  670. * is optional; if unimplemented, the special value
  671. * CK_UNAVAILABLE_INFORMATION is assumed.
  672. */
  673. CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
  674. NSSCKMDToken *mdToken,
  675. NSSCKFWToken *fwToken,
  676. NSSCKMDInstance *mdInstance,
  677. NSSCKFWInstance *fwInstance
  678. );
  679. /*
  680. * This routine returns the total amount of memory on the token
  681. * in which private objects may be stored. This routine is
  682. * optional; if unimplemented, the special value
  683. * CK_UNAVAILABLE_INFORMATION is assumed.
  684. */
  685. CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
  686. NSSCKMDToken *mdToken,
  687. NSSCKFWToken *fwToken,
  688. NSSCKMDInstance *mdInstance,
  689. NSSCKFWInstance *fwInstance
  690. );
  691. /*
  692. * This routine returns the amount of unused memory on the
  693. * token in which private objects may be stored. This routine
  694. * is optional; if unimplemented, the special value
  695. * CK_UNAVAILABLE_INFORMATION is assumed.
  696. */
  697. CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
  698. NSSCKMDToken *mdToken,
  699. NSSCKFWToken *fwToken,
  700. NSSCKMDInstance *mdInstance,
  701. NSSCKFWInstance *fwInstance
  702. );
  703. /*
  704. * This routine returns the version number of this token's
  705. * hardware. This routine is optional; if unimplemented,
  706. * the value 0.1 is assumed.
  707. */
  708. CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
  709. NSSCKMDToken *mdToken,
  710. NSSCKFWToken *fwToken,
  711. NSSCKMDInstance *mdInstance,
  712. NSSCKFWInstance *fwInstance
  713. );
  714. /*
  715. * This routine returns the version number of this token's
  716. * firmware. This routine is optional; if unimplemented,
  717. * the value 0.1 is assumed.
  718. */
  719. CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
  720. NSSCKMDToken *mdToken,
  721. NSSCKFWToken *fwToken,
  722. NSSCKMDInstance *mdInstance,
  723. NSSCKFWInstance *fwInstance
  724. );
  725. /*
  726. * This routine stuffs the current UTC time, as obtained from
  727. * the token, into the sixteen-byte buffer in the form
  728. * YYYYMMDDhhmmss00. This routine need only be implemented
  729. * by token which indicate that they have a real-time clock.
  730. * XXX fgmr-- think about time formats.
  731. */
  732. CK_RV (PR_CALLBACK *GetUTCTime)(
  733. NSSCKMDToken *mdToken,
  734. NSSCKFWToken *fwToken,
  735. NSSCKMDInstance *mdInstance,
  736. NSSCKFWInstance *fwInstance,
  737. CK_CHAR utcTime[16]
  738. );
  739. /*
  740. * This routine creates a session on the token, and returns
  741. * the corresponding NSSCKMDSession object. The value of
  742. * rw will be CK_TRUE if the session is to be a read/write
  743. * session, or CK_FALSE otherwise. An NSSArena dedicated to
  744. * the new session is available from the specified NSSCKFWSession.
  745. * This routine may return NULL upon error.
  746. */
  747. NSSCKMDSession *(PR_CALLBACK *OpenSession)(
  748. NSSCKMDToken *mdToken,
  749. NSSCKFWToken *fwToken,
  750. NSSCKMDInstance *mdInstance,
  751. NSSCKFWInstance *fwInstance,
  752. NSSCKFWSession *fwSession,
  753. CK_BBOOL rw,
  754. CK_RV *pError
  755. );
  756. /*
  757. * This routine returns the number of PKCS#11 Mechanisms
  758. * supported by this token. This routine is optional; if
  759. * unimplemented, zero is assumed.
  760. */
  761. CK_ULONG (PR_CALLBACK *GetMechanismCount)(
  762. NSSCKMDToken *mdToken,
  763. NSSCKFWToken *fwToken,
  764. NSSCKMDInstance *mdInstance,
  765. NSSCKFWInstance *fwInstance
  766. );
  767. /*
  768. * This routine stuffs into the specified array the types
  769. * of the mechanisms supported by this token. The Framework
  770. * determines the size of the array by calling GetMechanismCount.
  771. */
  772. CK_RV (PR_CALLBACK *GetMechanismTypes)(
  773. NSSCKMDToken *mdToken,
  774. NSSCKFWToken *fwToken,
  775. NSSCKMDInstance *mdInstance,
  776. NSSCKFWInstance *fwInstance,
  777. CK_MECHANISM_TYPE types[]
  778. );
  779. /*
  780. * This routine returns a pointer to a Module mechanism
  781. * object corresponding to a specified type. This routine
  782. * need only exist for tokens implementing at least one
  783. * mechanism.
  784. */
  785. NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
  786. NSSCKMDToken *mdToken,
  787. NSSCKFWToken *fwToken,
  788. NSSCKMDInstance *mdInstance,
  789. NSSCKFWInstance *fwInstance,
  790. CK_MECHANISM_TYPE which,
  791. CK_RV *pError
  792. );
  793. /*
  794. * This object may be extended in future versions of the
  795. * NSS Cryptoki Framework. To allow for some flexibility
  796. * in the area of binary compatibility, this field should
  797. * be NULL.
  798. */
  799. void *null;
  800. };
  801. /*
  802. * NSSCKMDSession
  803. *
  804. * This is the basic handle for a session on a PKCS#11 Token. It
  805. * is created by NSSCKMDToken->OpenSession, and may be obtained
  806. * from the Framework's corresponding NSSCKFWSession object. It
  807. * contains a pointer for use by the Module, to store any session-
  808. * realted data, and it contains the EPV for a set of routines
  809. * which the Module may implement for use by the Framework. Some
  810. * of these routines are optional.
  811. */
  812. struct NSSCKMDSessionStr {
  813. /*
  814. * The Module may use this pointer for its own purposes.
  815. */
  816. void *etc;
  817. /*
  818. * This routine is called by the Framework when a session is
  819. * closed. This call is the last thing called before the
  820. * NSSArena in the correspoinding NSSCKFWSession is destroyed.
  821. * This routine is optional; if unimplemented, it merely won't
  822. * be called.
  823. */
  824. void (PR_CALLBACK *Close)(
  825. NSSCKMDSession *mdSession,
  826. NSSCKFWSession *fwSession,
  827. NSSCKMDToken *mdToken,
  828. NSSCKFWToken *fwToken,
  829. NSSCKMDInstance *mdInstance,
  830. NSSCKFWInstance *fwInstance
  831. );
  832. /*
  833. * This routine is used to get any device-specific error.
  834. * This routine is optional.
  835. */
  836. CK_ULONG (PR_CALLBACK *GetDeviceError)(
  837. NSSCKMDSession *mdSession,
  838. NSSCKFWSession *fwSession,
  839. NSSCKMDToken *mdToken,
  840. NSSCKFWToken *fwToken,
  841. NSSCKMDInstance *mdInstance,
  842. NSSCKFWInstance *fwInstance
  843. );
  844. /*
  845. * This routine is used to log in a user to the token. This
  846. * routine is optional, since the Framework's NSSCKFWSession
  847. * object keeps track of the login state.
  848. */
  849. CK_RV (PR_CALLBACK *Login)(
  850. NSSCKMDSession *mdSession,
  851. NSSCKFWSession *fwSession,
  852. NSSCKMDToken *mdToken,
  853. NSSCKFWToken *fwToken,
  854. NSSCKMDInstance *mdInstance,
  855. NSSCKFWInstance *fwInstance,
  856. CK_USER_TYPE userType,
  857. NSSItem *pin,
  858. CK_STATE oldState,
  859. CK_STATE newState
  860. );
  861. /*
  862. * This routine is used to log out a user from the token. This
  863. * routine is optional, since the Framework's NSSCKFWSession
  864. * object keeps track of the login state.
  865. */
  866. CK_RV (PR_CALLBACK *Logout)(
  867. NSSCKMDSession *mdSession,
  868. NSSCKFWSession *fwSession,
  869. NSSCKMDToken *mdToken,
  870. NSSCKFWToken *fwToken,
  871. NSSCKMDInstance *mdInstance,
  872. NSSCKFWInstance *fwInstance,
  873. CK_STATE oldState,
  874. CK_STATE newState
  875. );
  876. /*
  877. * This routine is used to initialize the normal user's PIN or
  878. * password. This will only be called in the "read/write
  879. * security officer functions" state. If this token has a
  880. * protected authentication path, then the pin argument will
  881. * be NULL. This routine is optional; if unimplemented, the
  882. * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
  883. */
  884. CK_RV (PR_CALLBACK *InitPIN)(
  885. NSSCKMDSession *mdSession,
  886. NSSCKFWSession *fwSession,
  887. NSSCKMDToken *mdToken,
  888. NSSCKFWToken *fwToken,
  889. NSSCKMDInstance *mdInstance,
  890. NSSCKFWInstance *fwInstance,
  891. NSSItem *pin
  892. );
  893. /*
  894. * This routine is used to modify a user's PIN or password. This
  895. * routine will only be called in the "read/write security officer
  896. * functions" or "read/write user functions" state. If this token
  897. * has a protected authentication path, then the pin arguments
  898. * will be NULL. This routine is optional; if unimplemented, the
  899. * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
  900. */
  901. CK_RV (PR_CALLBACK *SetPIN)(
  902. NSSCKMDSession *mdSession,
  903. NSSCKFWSession *fwSession,
  904. NSSCKMDToken *mdToken,
  905. NSSCKFWToken *fwToken,
  906. NSSCKMDInstance *mdInstance,
  907. NSSCKFWInstance *fwInstance,
  908. NSSItem *oldPin,
  909. NSSItem *newPin
  910. );
  911. /*
  912. * This routine is used to find out how much space would be required
  913. * to save the current operational state. This routine is optional;
  914. * if unimplemented, the Framework will reject any attempts to save
  915. * the operational state with the error CKR_STATE_UNSAVEABLE. This
  916. * routine may return zero on error.
  917. */
  918. CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
  919. NSSCKMDSession *mdSession,
  920. NSSCKFWSession *fwSession,
  921. NSSCKMDToken *mdToken,
  922. NSSCKFWToken *fwToken,
  923. NSSCKMDInstance *mdInstance,
  924. NSSCKFWInstance *fwInstance,
  925. CK_RV *pError
  926. );
  927. /*
  928. * This routine is used to store the current operational state. This
  929. * routine is only required if GetOperationStateLen is implemented
  930. * and can return a nonzero value. The buffer in the specified item
  931. * will be pre-allocated, and the length will specify the amount of
  932. * space available (which may be more than GetOperationStateLen
  933. * asked for, but which will not be smaller).
  934. */
  935. CK_RV (PR_CALLBACK *GetOperationState)(
  936. NSSCKMDSession *mdSession,
  937. NSSCKFWSession *fwSession,
  938. NSSCKMDToken *mdToken,
  939. NSSCKFWToken *fwToken,
  940. NSSCKMDInstance *mdInstance,
  941. NSSCKFWInstance *fwInstance,
  942. NSSItem *buffer
  943. );
  944. /*
  945. * This routine is used to restore an operational state previously
  946. * obtained with GetOperationState. The Framework will take pains
  947. * to be sure that the state is (or was at one point) valid; if the
  948. * Module notices that the state is invalid, it should return an
  949. * error, but it is not required to be paranoid about the issue.
  950. * [XXX fgmr-- should (can?) the framework verify the keys match up?]
  951. * This routine is required only if GetOperationState is implemented.
  952. */
  953. CK_RV (PR_CALLBACK *SetOperationState)(
  954. NSSCKMDSession *mdSession,
  955. NSSCKFWSession *fwSession,
  956. NSSCKMDToken *mdToken,
  957. NSSCKFWToken *fwToken,
  958. NSSCKMDInstance *mdInstance,
  959. NSSCKFWInstance *fwInstance,
  960. NSSItem *state,
  961. NSSCKMDObject *mdEncryptionKey,
  962. NSSCKFWObject *fwEncryptionKey,
  963. NSSCKMDObject *mdAuthenticationKey,
  964. NSSCKFWObject *fwAuthenticationKey
  965. );
  966. /*
  967. * This routine is used to create an object. The specified template
  968. * will only specify a session object if the Module has indicated
  969. * that it wishes to handle its own session objects. This routine
  970. * is optional; if unimplemented, the Framework will reject the
  971. * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
  972. * token objects should come from the NSSArena available from the
  973. * NSSCKFWToken object; space for session objects (if supported)
  974. * should come from the NSSArena available from the NSSCKFWSession
  975. * object. The appropriate NSSArena pointer will, as a convenience,
  976. * be passed as the handyArenaPointer argument. This routine may
  977. * return NULL upon error.
  978. */
  979. NSSCKMDObject *(PR_CALLBACK *CreateObject)(
  980. NSSCKMDSession *mdSession,
  981. NSSCKFWSession *fwSession,
  982. NSSCKMDToken *mdToken,
  983. NSSCKFWToken *fwToken,
  984. NSSCKMDInstance *mdInstance,
  985. NSSCKFWInstance *fwInstance,
  986. NSSArena *handyArenaPointer,
  987. CK_ATTRIBUTE_PTR pTemplate,
  988. CK_ULONG ulAttributeCount,
  989. CK_RV *pError
  990. );
  991. /*
  992. * This routine is used to make a copy of an object. It is entirely
  993. * optional; if unimplemented, the Framework will try to use
  994. * CreateObject instead. If the Module has indicated that it does
  995. * not wish to handle session objects, then this routine will only
  996. * be called to copy a token object to another token object.
  997. * Otherwise, either the original object or the new may be of
  998. * either the token or session variety. As with CreateObject, the
  999. * handyArenaPointer will point to the appropriate arena for the
  1000. * new object. This routine may return NULL upon error.
  1001. */
  1002. NSSCKMDObject *(PR_CALLBACK *CopyObject)(
  1003. NSSCKMDSession *mdSession,
  1004. NSSCKFWSession *fwSession,
  1005. NSSCKMDToken *mdToken,
  1006. NSSCKFWToken *fwToken,
  1007. NSSCKMDInstance *mdInstance,
  1008. NSSCKFWInstance *fwInstance,
  1009. NSSCKMDObject *mdOldObject,
  1010. NSSCKFWObject *fwOldObject,
  1011. NSSArena *handyArenaPointer,
  1012. CK_ATTRIBUTE_PTR pTemplate,
  1013. CK_ULONG ulAttributeCount,
  1014. CK_RV *pError
  1015. );
  1016. /*
  1017. * This routine is used to begin an object search. This routine may
  1018. * be unimplemented only if the Module does not handle session
  1019. * objects, and if none of its tokens have token objects. The
  1020. * NSSCKFWFindObjects pointer has an NSSArena that may be used for
  1021. * storage for the life of this "find" operation. This routine may
  1022. * return NULL upon error. If the Module can determine immediately
  1023. * that the search will not find any matching objects, it may return
  1024. * NULL, and specify CKR_OK as the error.
  1025. */
  1026. NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
  1027. NSSCKMDSession *mdSession,
  1028. NSSCKFWSession *fwSession,
  1029. NSSCKMDToken *mdToken,
  1030. NSSCKFWToken *fwToken,
  1031. NSSCKMDInstance *mdInstance,
  1032. NSSCKFWInstance *fwInstance,
  1033. CK_ATTRIBUTE_PTR pTemplate,
  1034. CK_ULONG ulAttributeCount,
  1035. CK_RV *pError
  1036. );
  1037. /*
  1038. * This routine seeds the random-number generator. It is
  1039. * optional, even if GetRandom is implemented. If unimplemented,
  1040. * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
  1041. */
  1042. CK_RV (PR_CALLBACK *SeedRandom)(
  1043. NSSCKMDSession *mdSession,
  1044. NSSCKFWSession *fwSession,
  1045. NSSCKMDToken *mdToken,
  1046. NSSCKFWToken *fwToken,
  1047. NSSCKMDInstance *mdInstance,
  1048. NSSCKFWInstance *fwInstance,
  1049. NSSItem *seed
  1050. );
  1051. /*
  1052. * This routine gets random data. It is optional. If unimplemented,
  1053. * the Framework will issue the error CKR_RANDOM_NO_RNG.
  1054. */
  1055. CK_RV (PR_CALLBACK *GetRandom)(
  1056. NSSCKMDSession *mdSession,
  1057. NSSCKFWSession *fwSession,
  1058. NSSCKMDToken *mdToken,
  1059. NSSCKFWToken *fwToken,
  1060. NSSCKMDInstance *mdInstance,
  1061. NSSCKFWInstance *fwInstance,
  1062. NSSItem *buffer
  1063. );
  1064. /*
  1065. * This object may be extended in future versions of the
  1066. * NSS Cryptoki Framework. To allow for some flexibility
  1067. * in the area of binary compatibility, this field should
  1068. * be NULL.
  1069. */
  1070. void *null;
  1071. };
  1072. /*
  1073. * NSSCKMDFindObjects
  1074. *
  1075. * This is the basic handle for an object search. It is
  1076. * created by NSSCKMDSession->FindObjectsInit, and may be
  1077. * obtained from the Framework's corresponding object.
  1078. * It contains a pointer for use by the Module, to store
  1079. * any search-related data, and it contains the EPV for a
  1080. * set of routines which the Module may implement for use
  1081. * by the Framework. Some of these routines are optional.
  1082. */
  1083. struct NSSCKMDFindObjectsStr {
  1084. /*
  1085. * The Module may use this pointer for its own purposes.
  1086. */
  1087. void *etc;
  1088. /*
  1089. * This routine is called by the Framework to finish a
  1090. * search operation. Note that the Framework may finish
  1091. * a search before it has completed. This routine is
  1092. * optional; if unimplemented, it merely won't be called.
  1093. */
  1094. void (PR_CALLBACK *Final)(
  1095. NSSCKMDFindObjects *mdFindObjects,
  1096. NSSCKFWFindObjects *fwFindObjects,
  1097. NSSCKMDSession *mdSession,
  1098. NSSCKFWSession *fwSession,
  1099. NSSCKMDToken *mdToken,
  1100. NSSCKFWToken *fwToken,
  1101. NSSCKMDInstance *mdInstance,
  1102. NSSCKFWInstance *fwInstance
  1103. );
  1104. /*
  1105. * This routine is used to obtain another pointer to an
  1106. * object matching the search criteria. This routine is
  1107. * required. If no (more) objects match the search, it
  1108. * should return NULL and set the error to CKR_OK.
  1109. */
  1110. NSSCKMDObject *(PR_CALLBACK *Next)(
  1111. NSSCKMDFindObjects *mdFindObjects,
  1112. NSSCKFWFindObjects *fwFindObjects,
  1113. NSSCKMDSession *mdSession,
  1114. NSSCKFWSession *fwSession,
  1115. NSSCKMDToken *mdToken,
  1116. NSSCKFWToken *fwToken,
  1117. NSSCKMDInstance *mdInstance,
  1118. NSSCKFWInstance *fwInstance,
  1119. NSSArena *arena,
  1120. CK_RV *pError
  1121. );
  1122. /*
  1123. * This object may be extended in future versions of the
  1124. * NSS Cryptoki Framework. To allow for some flexibility
  1125. * in the area of binary compatibility, this field should
  1126. * be NULL.
  1127. */
  1128. void *null;
  1129. };
  1130. /*
  1131. * NSSCKMDCryptoOperaion
  1132. *
  1133. * This is the basic handle for an encryption, decryption,
  1134. * sign, verify, or hash opertion.
  1135. * created by NSSCKMDMechanism->XXXXInit, and may be
  1136. * obtained from the Framework's corresponding object.
  1137. * It contains a pointer for use by the Module, to store
  1138. * any intermediate data, and it contains the EPV for a
  1139. * set of routines which the Module may implement for use
  1140. * by the Framework. Some of these routines are optional.
  1141. */
  1142. struct NSSCKMDCryptoOperationStr {
  1143. /*
  1144. * The Module may use this pointer for its own purposes.
  1145. */
  1146. void *etc;
  1147. /*
  1148. * This routine is called by the Framework clean up the mdCryptoOperation
  1149. * structure.
  1150. * This routine is optional; if unimplemented, it will be ignored.
  1151. */
  1152. void (PR_CALLBACK *Destroy)(
  1153. NSSCKMDCryptoOperation *mdCryptoOperation,
  1154. NSSCKFWCryptoOperation *fwCryptoOperation,
  1155. NSSCKMDInstance *mdInstance,
  1156. NSSCKFWInstance *fwInstance
  1157. );
  1158. /*
  1159. * how many bytes do we need to finish this buffer?
  1160. * must be implemented if Final is implemented.
  1161. */
  1162. CK_ULONG (PR_CALLBACK *GetFinalLength)(
  1163. NSSCKMDCryptoOperation *mdCryptoOperation,
  1164. NSSCKFWCryptoOperation *fwCryptoOperation,
  1165. NSSCKMDSession *mdSession,
  1166. NSSCKFWSession *fwSession,
  1167. NSSCKMDToken *mdToken,
  1168. NSSCKFWToken *fwToken,
  1169. NSSCKMDInstance *mdInstance,
  1170. NSSCKFWInstance *fwInstance,
  1171. CK_RV *pError
  1172. );
  1173. /*
  1174. * how many bytes do we need to complete the next operation.
  1175. * used in both Update and UpdateFinal.
  1176. */
  1177. CK_ULONG (PR_CALLBACK *GetOperationLength)(
  1178. NSSCKMDCryptoOperation *mdCryptoOperation,
  1179. NSSCKFWCryptoOperation *fwCryptoOperation,
  1180. NSSCKMDSession *mdSession,
  1181. NSSCKFWSession *fwSession,
  1182. NSSCKMDToken *mdToken,
  1183. NSSCKFWToken *fwToken,
  1184. NSSCKMDInstance *mdInstance,
  1185. NSSCKFWInstance *fwInstance,
  1186. const NSSItem *inputBuffer,
  1187. CK_RV *pError
  1188. );
  1189. /*
  1190. * This routine is called by the Framework to finish a
  1191. * search operation. Note that the Framework may finish
  1192. * a search before it has completed. This routine is
  1193. * optional; if unimplemented, it merely won't be called.
  1194. * The respective final call with fail with CKR_FUNCTION_FAILED
  1195. * Final should not free the mdCryptoOperation.
  1196. */
  1197. CK_RV(PR_CALLBACK *Final)(
  1198. NSSCKMDCryptoOperation *mdCryptoOperation,
  1199. NSSCKFWCryptoOperation *fwCryptoOperation,
  1200. NSSCKMDSession *mdSession,
  1201. NSSCKFWSession *fwSession,
  1202. NSSCKMDToken *mdToken,
  1203. NSSCKFWToken *fwToken,
  1204. NSSCKMDInstance *mdInstance,
  1205. NSSCKFWInstance *fwInstance,
  1206. NSSItem *outputBuffer
  1207. );
  1208. /*
  1209. * This routine is called by the Framework to complete the
  1210. * next step in an encryption/decryption operation.
  1211. * This routine is optional; if unimplemented, the respective
  1212. * update call with fail with CKR_FUNCTION_FAILED.
  1213. * Update should not be implemented for signing/verification/digest
  1214. * mechanisms.
  1215. */
  1216. CK_RV(PR_CALLBACK *Update)(
  1217. NSSCKMDCryptoOperation *mdCryptoOperation,
  1218. NSSCKFWCryptoOperation *fwCryptoOperation,
  1219. NSSCKMDSession *mdSession,
  1220. NSSCKFWSession *fwSession,
  1221. NSSCKMDToken *mdToken,
  1222. NSSCKFWToken *fwToken,
  1223. NSSCKMDInstance *mdInstance,
  1224. NSSCKFWInstance *fwInstance,
  1225. const NSSItem *inputBuffer,
  1226. NSSItem *outputBuffer
  1227. );
  1228. /*
  1229. * This routine is called by the Framework to complete the
  1230. * next step in a signing/verification/digest operation.
  1231. * This routine is optional; if unimplemented, the respective
  1232. * update call with fail with CKR_FUNCTION_FAILED
  1233. * Update should not be implemented for encryption/decryption
  1234. * mechanisms.
  1235. */
  1236. CK_RV(PR_CALLBACK *DigestUpdate)(
  1237. NSSCKMDCryptoOperation *mdCryptoOperation,
  1238. NSSCKFWCryptoOperation *fwCryptoOperation,
  1239. NSSCKMDSession *mdSession,
  1240. NSSCKFWSession *fwSession,
  1241. NSSCKMDToken *mdToken,
  1242. NSSCKFWToken *fwToken,
  1243. NSSCKMDInstance *mdInstance,
  1244. NSSCKFWInstance *fwInstance,
  1245. const NSSItem *inputBuffer
  1246. );
  1247. /*
  1248. * This routine is called by the Framework to complete a
  1249. * single step operation. This routine is optional; if unimplemented,
  1250. * the framework will use the Update and Final functions to complete
  1251. * the operation.
  1252. */
  1253. CK_RV(PR_CALLBACK *UpdateFinal)(
  1254. NSSCKMDCryptoOperation *mdCryptoOperation,
  1255. NSSCKFWCryptoOperation *fwCryptoOperation,
  1256. NSSCKMDSession *mdSession,
  1257. NSSCKFWSession *fwSession,
  1258. NSSCKMDToken *mdToken,
  1259. NSSCKFWToken *fwToken,
  1260. NSSCKMDInstance *mdInstance,
  1261. NSSCKFWInstance *fwInstance,
  1262. const NSSItem *inputBuffer,
  1263. NSSItem *outputBuffer
  1264. );
  1265. /*
  1266. * This routine is called by the Framework to complete next
  1267. * step in a combined operation. The Decrypt/Encrypt mechanism
  1268. * should define and drive the combo step.
  1269. * This routine is optional; if unimplemented,
  1270. * the framework will use the appropriate Update functions to complete
  1271. * the operation.
  1272. */
  1273. CK_RV(PR_CALLBACK *UpdateCombo)(
  1274. NSSCKMDCryptoOperation *mdCryptoOperation,
  1275. NSSCKFWCryptoOperation *fwCryptoOperation,
  1276. NSSCKMDCryptoOperation *mdPeerCryptoOperation,
  1277. NSSCKFWCryptoOperation *fwPeerCryptoOperation,
  1278. NSSCKMDSession *mdSession,
  1279. NSSCKFWSession *fwSession,
  1280. NSSCKMDToken *mdToken,
  1281. NSSCKFWToken *fwToken,
  1282. NSSCKMDInstance *mdInstance,
  1283. NSSCKFWInstance *fwInstance,
  1284. const NSSItem *inputBuffer,
  1285. NSSItem *outputBuffer
  1286. );
  1287. /*
  1288. * Hash a key directly into the digest
  1289. */
  1290. CK_RV(PR_CALLBACK *DigestKey)(
  1291. NSSCKMDCryptoOperation *mdCryptoOperation,
  1292. NSSCKFWCryptoOperation *fwCryptoOperation,
  1293. NSSCKMDToken *mdToken,
  1294. NSSCKFWToken *fwToken,
  1295. NSSCKMDInstance *mdInstance,
  1296. NSSCKFWInstance *fwInstance,
  1297. NSSCKMDObject *mdKey,
  1298. NSSCKFWObject *fwKey
  1299. );
  1300. /*
  1301. * This object may be extended in future versions of the
  1302. * NSS Cryptoki Framework. To allow for some flexibility
  1303. * in the area of binary compatibility, this field should
  1304. * be NULL.
  1305. */
  1306. void *null;
  1307. };
  1308. /*
  1309. * NSSCKMDMechanism
  1310. *
  1311. */
  1312. struct NSSCKMDMechanismStr {
  1313. /*
  1314. * The Module may use this pointer for its own purposes.
  1315. */
  1316. void *etc;
  1317. /*
  1318. * This also frees the fwMechanism if appropriate.
  1319. * If it is not supplied, the Framework will assume that the Token
  1320. * Manages a static list of mechanisms and the function will not be called.
  1321. */
  1322. void (PR_CALLBACK *Destroy)(
  1323. NSSCKMDMechanism *mdMechanism,
  1324. NSSCKFWMechanism *fwMechanism,
  1325. NSSCKMDInstance *mdInstance,
  1326. NSSCKFWInstance *fwInstance
  1327. );
  1328. /*
  1329. * This routine returns the minimum key size allowed for
  1330. * this mechanism. This routine is optional; if unimplemented,
  1331. * zero will be assumed. This routine may return zero on
  1332. * error; if the error is CKR_OK, zero will be accepted as
  1333. * a valid response.
  1334. */
  1335. CK_ULONG (PR_CALLBACK *GetMinKeySize)(
  1336. NSSCKMDMechanism *mdMechanism,
  1337. NSSCKFWMechanism *fwMechanism,
  1338. NSSCKMDToken *mdToken,
  1339. NSSCKFWToken *fwToken,
  1340. NSSCKMDInstance *mdInstance,
  1341. NSSCKFWInstance *fwInstance,
  1342. CK_RV *pError
  1343. );
  1344. /*
  1345. * This routine returns the maximum key size allowed for
  1346. * this mechanism. This routine is optional; if unimplemented,
  1347. * zero will be assumed. This routine may return zero on
  1348. * error; if the error is CKR_OK, zero will be accepted as
  1349. * a valid response.
  1350. */
  1351. CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
  1352. NSSCKMDMechanism *mdMechanism,
  1353. NSSCKFWMechanism *fwMechanism,
  1354. NSSCKMDToken *mdToken,
  1355. NSSCKFWToken *fwToken,
  1356. NSSCKMDInstance *mdInstance,
  1357. NSSCKFWInstance *fwInstance,
  1358. CK_RV *pError
  1359. );
  1360. /*
  1361. * This routine is called to determine if the mechanism is
  1362. * implemented in hardware or software. It returns CK_TRUE
  1363. * if it is done in hardware.
  1364. */
  1365. CK_BBOOL (PR_CALLBACK *GetInHardware)(
  1366. NSSCKMDMechanism *mdMechanism,
  1367. NSSCKFWMechanism *fwMechanism,
  1368. NSSCKMDToken *mdToken,
  1369. NSSCKFWToken *fwToken,
  1370. NSSCKMDInstance *mdInstance,
  1371. NSSCKFWInstance *fwInstance,
  1372. CK_RV *pError
  1373. );
  1374. /*
  1375. * The crypto routines themselves. Most crypto operations may
  1376. * be performed in two ways, streaming and single-part. The
  1377. * streaming operations involve the use of (typically) three
  1378. * calls-- an Init method to set up the operation, an Update
  1379. * method to feed data to the operation, and a Final method to
  1380. * obtain the final result. Single-part operations involve
  1381. * one method, to perform the crypto operation all at once.
  1382. *
  1383. * The NSS Cryptoki Framework can implement the single-part
  1384. * operations in terms of the streaming operations on behalf
  1385. * of the Module. There are a few variances.
  1386. *
  1387. * Only the Init Functions are defined by the mechanism. Each
  1388. * init function will return a NSSCKFWCryptoOperation which
  1389. * can supply update, final, the single part updateFinal, and
  1390. * the combo updateCombo functions.
  1391. *
  1392. * For simplicity, the routines are listed in summary here:
  1393. *
  1394. * EncryptInit,
  1395. * DecryptInit,
  1396. * DigestInit,
  1397. * SignInit,
  1398. * SignRecoverInit;
  1399. * VerifyInit,
  1400. * VerifyRecoverInit;
  1401. *
  1402. * The key-management routines are
  1403. *
  1404. * GenerateKey
  1405. * GenerateKeyPair
  1406. * WrapKey
  1407. * UnwrapKey
  1408. * DeriveKey
  1409. *
  1410. * All of these routines based on the Cryptoki API;
  1411. * see PKCS#11 for further information.
  1412. */
  1413. /*
  1414. */
  1415. NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)(
  1416. NSSCKMDMechanism *mdMechanism,
  1417. NSSCKFWMechanism *fwMechanism,
  1418. CK_MECHANISM_PTR pMechanism,
  1419. NSSCKMDSession *mdSession,
  1420. NSSCKFWSession *fwSession,
  1421. NSSCKMDToken *mdToken,
  1422. NSSCKFWToken *fwToken,
  1423. NSSCKMDInstance *mdInstance,
  1424. NSSCKFWInstance *fwInstance,
  1425. NSSCKMDObject *mdKey,
  1426. NSSCKFWObject *fwKey,
  1427. CK_RV *pError
  1428. );
  1429. /*
  1430. */
  1431. NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)(
  1432. NSSCKMDMechanism *mdMechanism,
  1433. NSSCKFWMechanism *fwMechanism,
  1434. CK_MECHANISM_PTR pMechanism,
  1435. NSSCKMDSession *mdSession,
  1436. NSSCKFWSession *fwSession,
  1437. NSSCKMDToken *mdToken,
  1438. NSSCKFWToken *fwToken,
  1439. NSSCKMDInstance *mdInstance,
  1440. NSSCKFWInstance *fwInstance,
  1441. NSSCKMDObject *mdKey,
  1442. NSSCKFWObject *fwKey,
  1443. CK_RV *pError
  1444. );
  1445. /*
  1446. */
  1447. NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)(
  1448. NSSCKMDMechanism *mdMechanism,
  1449. NSSCKFWMechanism *fwMechanism,
  1450. CK_MECHANISM_PTR pMechanism,
  1451. NSSCKMDSession *mdSession,
  1452. NSSCKFWSession *fwSession,
  1453. NSSCKMDToken *mdToken,
  1454. NSSCKFWToken *fwToken,
  1455. NSSCKMDInstance *mdInstance,
  1456. NSSCKFWInstance *fwInstance,
  1457. CK_RV *pError
  1458. );
  1459. /*
  1460. */
  1461. NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)(
  1462. NSSCKMDMechanism *mdMechanism,
  1463. NSSCKFWMechanism *fwMechanism,
  1464. CK_MECHANISM_PTR pMechanism,
  1465. NSSCKMDSession *mdSession,
  1466. NSSCKFWSession *fwSession,
  1467. NSSCKMDToken *mdToken,
  1468. NSSCKFWToken *fwToken,
  1469. NSSCKMDInstance *mdInstance,
  1470. NSSCKFWInstance *fwInstance,
  1471. NSSCKMDObject *mdKey,
  1472. NSSCKFWObject *fwKey,
  1473. CK_RV *pError
  1474. );
  1475. /*
  1476. */
  1477. NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)(
  1478. NSSCKMDMechanism *mdMechanism,
  1479. NSSCKFWMechanism *fwMechanism,
  1480. CK_MECHANISM_PTR pMechanism,
  1481. NSSCKMDSession *mdSession,
  1482. NSSCKFWSession *fwSession,
  1483. NSSCKMDToken *mdToken,
  1484. NSSCKFWToken *fwToken,
  1485. NSSCKMDInstance *mdInstance,
  1486. NSSCKFWInstance *fwInstance,
  1487. NSSCKMDObject *mdKey,
  1488. NSSCKFWObject *fwKey,
  1489. CK_RV *pError
  1490. );
  1491. /*
  1492. */
  1493. NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)(
  1494. NSSCKMDMechanism *mdMechanism,
  1495. NSSCKFWMechanism *fwMechanism,
  1496. CK_MECHANISM_PTR pMechanism,
  1497. NSSCKMDSession *mdSession,
  1498. NSSCKFWSession *fwSession,
  1499. NSSCKMDToken *mdToken,
  1500. NSSCKFWToken *fwToken,
  1501. NSSCKMDInstance *mdInstance,
  1502. NSSCKFWInstance *fwInstance,
  1503. NSSCKMDObject *mdKey,
  1504. NSSCKFWObject *fwKey,
  1505. CK_RV *pError
  1506. );
  1507. /*
  1508. */
  1509. NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)(
  1510. NSSCKMDMechanism *mdMechanism,
  1511. NSSCKFWMechanism *fwMechanism,
  1512. CK_MECHANISM_PTR pMechanism,
  1513. NSSCKMDSession *mdSession,
  1514. NSSCKFWSession *fwSession,
  1515. NSSCKMDToken *mdToken,
  1516. NSSCKFWToken *fwToken,
  1517. NSSCKMDInstance *mdInstance,
  1518. NSSCKFWInstance *fwInstance,
  1519. NSSCKMDObject *mdKey,
  1520. NSSCKFWObject *fwKey,
  1521. CK_RV *pError
  1522. );
  1523. /*
  1524. * Key management operations.
  1525. */
  1526. /*
  1527. * This routine generates a key. This routine may return NULL
  1528. * upon error.
  1529. */
  1530. NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
  1531. NSSCKMDMechanism *mdMechanism,
  1532. NSSCKFWMechanism *fwMechanism,
  1533. CK_MECHANISM_PTR pMechanism,
  1534. NSSCKMDSession *mdSession,
  1535. NSSCKFWSession *fwSession,
  1536. NSSCKMDToken *mdToken,
  1537. NSSCKFWToken *fwToken,
  1538. NSSCKMDInstance *mdInstance,
  1539. NSSCKFWInstance *fwInstance,
  1540. CK_ATTRIBUTE_PTR pTemplate,
  1541. CK_ULONG ulAttributeCount,
  1542. CK_RV *pError
  1543. );
  1544. /*
  1545. * This routine generates a key pair.
  1546. */
  1547. CK_RV (PR_CALLBACK *GenerateKeyPair)(
  1548. NSSCKMDMechanism *mdMechanism,
  1549. NSSCKFWMechanism *fwMechanism,
  1550. CK_MECHANISM_PTR pMechanism,
  1551. NSSCKMDSession *mdSession,
  1552. NSSCKFWSession *fwSession,
  1553. NSSCKMDToken *mdToken,
  1554. NSSCKFWToken *fwToken,
  1555. NSSCKMDInstance *mdInstance,
  1556. NSSCKFWInstance *fwInstance,
  1557. CK_ATTRIBUTE_PTR pPublicKeyTemplate,
  1558. CK_ULONG ulPublicKeyAttributeCount,
  1559. CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
  1560. CK_ULONG ulPrivateKeyAttributeCount,
  1561. NSSCKMDObject **pPublicKey,
  1562. NSSCKMDObject **pPrivateKey
  1563. );
  1564. /*
  1565. * This routine wraps a key.
  1566. */
  1567. CK_ULONG (PR_CALLBACK *GetWrapKeyLength)(
  1568. NSSCKMDMechanism *mdMechanism,
  1569. NSSCKFWMechanism *fwMechanism,
  1570. CK_MECHANISM_PTR pMechanism,
  1571. NSSCKMDSession *mdSession,
  1572. NSSCKFWSession *fwSession,
  1573. NSSCKMDToken *mdToken,
  1574. NSSCKFWToken *fwToken,
  1575. NSSCKMDInstance *mdInstance,
  1576. NSSCKFWInstance *fwInstance,
  1577. NSSCKMDObject *mdWrappingKey,
  1578. NSSCKFWObject *fwWrappingKey,
  1579. NSSCKMDObject *mdWrappedKey,
  1580. NSSCKFWObject *fwWrappedKey,
  1581. CK_RV *pError
  1582. );
  1583. /*
  1584. * This routine wraps a key.
  1585. */
  1586. CK_RV (PR_CALLBACK *WrapKey)(
  1587. NSSCKMDMechanism *mdMechanism,
  1588. NSSCKFWMechanism *fwMechanism,
  1589. CK_MECHANISM_PTR pMechanism,
  1590. NSSCKMDSession *mdSession,
  1591. NSSCKFWSession *fwSession,
  1592. NSSCKMDToken *mdToken,
  1593. NSSCKFWToken *fwToken,
  1594. NSSCKMDInstance *mdInstance,
  1595. NSSCKFWInstance *fwInstance,
  1596. NSSCKMDObject *mdWrappingKey,
  1597. NSSCKFWObject *fwWrappingKey,
  1598. NSSCKMDObject *mdKeyObject,
  1599. NSSCKFWObject *fwKeyObject,
  1600. NSSItem *wrappedKey
  1601. );
  1602. /*
  1603. * This routine unwraps a key. This routine may return NULL
  1604. * upon error.
  1605. */
  1606. NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
  1607. NSSCKMDMechanism *mdMechanism,
  1608. NSSCKFWMechanism *fwMechanism,
  1609. CK_MECHANISM_PTR pMechanism,
  1610. NSSCKMDSession *mdSession,
  1611. NSSCKFWSession *fwSession,
  1612. NSSCKMDToken *mdToken,
  1613. NSSCKFWToken *fwToken,
  1614. NSSCKMDInstance *mdInstance,
  1615. NSSCKFWInstance *fwInstance,
  1616. NSSCKMDObject *mdWrappingKey,
  1617. NSSCKFWObject *fwWrappingKey,
  1618. NSSItem *wrappedKey,
  1619. CK_ATTRIBUTE_PTR pTemplate,
  1620. CK_ULONG ulAttributeCount,
  1621. CK_RV *pError
  1622. );
  1623. /*
  1624. * This routine derives a key. This routine may return NULL
  1625. * upon error.
  1626. */
  1627. NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
  1628. NSSCKMDMechanism *mdMechanism,
  1629. NSSCKFWMechanism *fwMechanism,
  1630. CK_MECHANISM_PTR pMechanism,
  1631. NSSCKMDSession *mdSession,
  1632. NSSCKFWSession *fwSession,
  1633. NSSCKMDToken *mdToken,
  1634. NSSCKFWToken *fwToken,
  1635. NSSCKMDInstance *mdInstance,
  1636. NSSCKFWInstance *fwInstance,
  1637. NSSCKMDObject *mdBaseKey,
  1638. NSSCKFWObject *fwBaseKey,
  1639. CK_ATTRIBUTE_PTR pTemplate,
  1640. CK_ULONG ulAttributeCount,
  1641. CK_RV *pError
  1642. );
  1643. /*
  1644. * This object may be extended in future versions of the
  1645. * NSS Cryptoki Framework. To allow for some flexibility
  1646. * in the area of binary compatibility, this field should
  1647. * be NULL.
  1648. */
  1649. void *null;
  1650. };
  1651. /*
  1652. * NSSCKMDObject
  1653. *
  1654. * This is the basic handle for any object used by a PKCS#11 Module.
  1655. * Modules must implement it if they support their own objects, and
  1656. * the Framework supports it for Modules that do not handle session
  1657. * objects. This type contains a pointer for use by the implementor,
  1658. * to store any object-specific data, and it contains an EPV for a
  1659. * set of routines used to access the object.
  1660. */
  1661. struct NSSCKMDObjectStr {
  1662. /*
  1663. * The implementation my use this pointer for its own purposes.
  1664. */
  1665. void *etc;
  1666. /*
  1667. * This routine is called by the Framework when it is letting
  1668. * go of an object handle. It can be used by the Module to
  1669. * free any resources tied up by an object "in use." It is
  1670. * optional.
  1671. */
  1672. void (PR_CALLBACK *Finalize)(
  1673. NSSCKMDObject *mdObject,
  1674. NSSCKFWObject *fwObject,
  1675. NSSCKMDSession *mdSession,
  1676. NSSCKFWSession *fwSession,
  1677. NSSCKMDToken *mdToken,
  1678. NSSCKFWToken *fwToken,
  1679. NSSCKMDInstance *mdInstance,
  1680. NSSCKFWInstance *fwInstance
  1681. );
  1682. /*
  1683. * This routine is used to completely destroy an object.
  1684. * It is optional. The parameter fwObject might be NULL
  1685. * if the framework runs out of memory at the wrong moment.
  1686. */
  1687. CK_RV (PR_CALLBACK *Destroy)(
  1688. NSSCKMDObject *mdObject,
  1689. NSSCKFWObject *fwObject,
  1690. NSSCKMDSession *mdSession,
  1691. NSSCKFWSession *fwSession,
  1692. NSSCKMDToken *mdToken,
  1693. NSSCKFWToken *fwToken,
  1694. NSSCKMDInstance *mdInstance,
  1695. NSSCKFWInstance *fwInstance
  1696. );
  1697. /*
  1698. * This helper routine is used by the Framework, and is especially
  1699. * useful when it is managing session objects on behalf of the
  1700. * Module. This routine is optional; if unimplemented, the
  1701. * Framework will actually look up the CKA_TOKEN attribute. In the
  1702. * event of an error, just make something up-- the Framework will
  1703. * find out soon enough anyway.
  1704. */
  1705. CK_BBOOL (PR_CALLBACK *IsTokenObject)(
  1706. NSSCKMDObject *mdObject,
  1707. NSSCKFWObject *fwObject,
  1708. NSSCKMDSession *mdSession,
  1709. NSSCKFWSession *fwSession,
  1710. NSSCKMDToken *mdToken,
  1711. NSSCKFWToken *fwToken,
  1712. NSSCKMDInstance *mdInstance,
  1713. NSSCKFWInstance *fwInstance
  1714. );
  1715. /*
  1716. * This routine returns the number of attributes of which this
  1717. * object consists. It is mandatory. It can return zero on
  1718. * error.
  1719. */
  1720. CK_ULONG (PR_CALLBACK *GetAttributeCount)(
  1721. NSSCKMDObject *mdObject,
  1722. NSSCKFWObject *fwObject,
  1723. NSSCKMDSession *mdSession,
  1724. NSSCKFWSession *fwSession,
  1725. NSSCKMDToken *mdToken,
  1726. NSSCKFWToken *fwToken,
  1727. NSSCKMDInstance *mdInstance,
  1728. NSSCKFWInstance *fwInstance,
  1729. CK_RV *pError
  1730. );
  1731. /*
  1732. * This routine stuffs the attribute types into the provided array.
  1733. * The array size (as obtained from GetAttributeCount) is passed in
  1734. * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
  1735. * (either too big or too small).
  1736. */
  1737. CK_RV (PR_CALLBACK *GetAttributeTypes)(
  1738. NSSCKMDObject *mdObject,
  1739. NSSCKFWObject *fwObject,
  1740. NSSCKMDSession *mdSession,
  1741. NSSCKFWSession *fwSession,
  1742. NSSCKMDToken *mdToken,
  1743. NSSCKFWToken *fwToken,
  1744. NSSCKMDInstance *mdInstance,
  1745. NSSCKFWInstance *fwInstance,
  1746. CK_ATTRIBUTE_TYPE_PTR typeArray,
  1747. CK_ULONG ulCount
  1748. );
  1749. /*
  1750. * This routine returns the size (in bytes) of the specified
  1751. * attribute. It can return zero on error.
  1752. */
  1753. CK_ULONG (PR_CALLBACK *GetAttributeSize)(
  1754. NSSCKMDObject *mdObject,
  1755. NSSCKFWObject *fwObject,
  1756. NSSCKMDSession *mdSession,
  1757. NSSCKFWSession *fwSession,
  1758. NSSCKMDToken *mdToken,
  1759. NSSCKFWToken *fwToken,
  1760. NSSCKMDInstance *mdInstance,
  1761. NSSCKFWInstance *fwInstance,
  1762. CK_ATTRIBUTE_TYPE attribute,
  1763. CK_RV *pError
  1764. );
  1765. /*
  1766. * This routine returns an NSSCKFWItem structure.
  1767. * The item pointer points to an NSSItem containing the attribute value.
  1768. * The needsFreeing bit tells the framework whether to call the
  1769. * FreeAttribute function . Upon error, an NSSCKFWItem structure
  1770. * with a NULL NSSItem item pointer will be returned
  1771. */
  1772. NSSCKFWItem (PR_CALLBACK *GetAttribute)(
  1773. NSSCKMDObject *mdObject,
  1774. NSSCKFWObject *fwObject,
  1775. NSSCKMDSession *mdSession,
  1776. NSSCKFWSession *fwSession,
  1777. NSSCKMDToken *mdToken,
  1778. NSSCKFWToken *fwToken,
  1779. NSSCKMDInstance *mdInstance,
  1780. NSSCKFWInstance *fwInstance,
  1781. CK_ATTRIBUTE_TYPE attribute,
  1782. CK_RV *pError
  1783. );
  1784. /*
  1785. * This routine returns CKR_OK if the attribute could be freed.
  1786. */
  1787. CK_RV (PR_CALLBACK *FreeAttribute)(
  1788. NSSCKFWItem * item
  1789. );
  1790. /*
  1791. * This routine changes the specified attribute. If unimplemented,
  1792. * the object will be considered read-only.
  1793. */
  1794. CK_RV (PR_CALLBACK *SetAttribute)(
  1795. NSSCKMDObject *mdObject,
  1796. NSSCKFWObject *fwObject,
  1797. NSSCKMDSession *mdSession,
  1798. NSSCKFWSession *fwSession,
  1799. NSSCKMDToken *mdToken,
  1800. NSSCKFWToken *fwToken,
  1801. NSSCKMDInstance *mdInstance,
  1802. NSSCKFWInstance *fwInstance,
  1803. CK_ATTRIBUTE_TYPE attribute,
  1804. NSSItem *value
  1805. );
  1806. /*
  1807. * This routine returns the storage requirements of this object,
  1808. * in bytes. Cryptoki doesn't strictly define the definition,
  1809. * but it should relate to the values returned by the "Get Memory"
  1810. * routines of the NSSCKMDToken. This routine is optional; if
  1811. * unimplemented, the Framework will consider this information
  1812. * sensitive. This routine may return zero on error. If the
  1813. * specified error is CKR_OK, zero will be accepted as a valid
  1814. * response.
  1815. */
  1816. CK_ULONG (PR_CALLBACK *GetObjectSize)(
  1817. NSSCKMDObject *mdObject,
  1818. NSSCKFWObject *fwObject,
  1819. NSSCKMDSession *mdSession,
  1820. NSSCKFWSession *fwSession,
  1821. NSSCKMDToken *mdToken,
  1822. NSSCKFWToken *fwToken,
  1823. NSSCKMDInstance *mdInstance,
  1824. NSSCKFWInstance *fwInstance,
  1825. CK_RV *pError
  1826. );
  1827. /*
  1828. * This object may be extended in future versions of the
  1829. * NSS Cryptoki Framework. To allow for some flexibility
  1830. * in the area of binary compatibility, this field should
  1831. * be NULL.
  1832. */
  1833. void *null;
  1834. };
  1835. #endif /* NSSCKMDT_H */