From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- security/nss/lib/util/pkcs11n.h | 745 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 745 insertions(+) create mode 100644 security/nss/lib/util/pkcs11n.h (limited to 'security/nss/lib/util/pkcs11n.h') diff --git a/security/nss/lib/util/pkcs11n.h b/security/nss/lib/util/pkcs11n.h new file mode 100644 index 0000000000..8c33b8719b --- /dev/null +++ b/security/nss/lib/util/pkcs11n.h @@ -0,0 +1,745 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _PKCS11N_H_ +#define _PKCS11N_H_ + +/* + * pkcs11n.h + * + * This file contains the NSS-specific type definitions for Cryptoki + * (PKCS#11). + */ + +/* + * NSSCK_VENDOR_NSS + * + * Cryptoki reserves the high half of all the number spaces for + * vendor-defined use. I'd like to keep all of our NSS- + * specific values together, but not in the oh-so-obvious + * 0x80000001, 0x80000002, etc. area. So I've picked an offset, + * and constructed values for the beginnings of our spaces. + * + * Note that some "historical" Netscape values don't fall within + * this range. + */ +#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */ + +/* + * NSS-defined object classes + * + */ +#define CKO_NSS (CKO_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +#define CKO_NSS_CRL (CKO_NSS + 1) +#define CKO_NSS_SMIME (CKO_NSS + 2) +#define CKO_NSS_TRUST (CKO_NSS + 3) +#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4) +#define CKO_NSS_NEWSLOT (CKO_NSS + 5) +#define CKO_NSS_DELSLOT (CKO_NSS + 6) +#define CKO_NSS_VALIDATION (CKO_NSS + 7) + +#define CKV_NSS_FIPS_140 (CKO_NSS + 1) + +/* + * NSS-defined key types + * + */ +#define CKK_NSS (CKK_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +#define CKK_NSS_PKCS8 (CKK_NSS + 1) + +#define CKK_NSS_JPAKE_ROUND1 (CKK_NSS + 2) +#define CKK_NSS_JPAKE_ROUND2 (CKK_NSS + 3) + +#define CKK_NSS_CHACHA20 (CKK_NSS + 4) + +#define CKK_NSS_KYBER (CKK_NSS + 5) + +/* + * NSS-defined certificate types + * + */ +#define CKC_NSS (CKC_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +/* FAKE PKCS #11 defines */ +#define CKA_DIGEST 0x81000000L +#define CKA_NSS_MESSAGE 0x82000000L +#define CKA_NSS_MESSAGE_MASK 0xff000000L +#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */ + +/* + * NSS-defined object attributes + * + */ +#define CKA_NSS (CKA_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +#define CKA_NSS_URL (CKA_NSS + 1) +#define CKA_NSS_EMAIL (CKA_NSS + 2) +#define CKA_NSS_SMIME_INFO (CKA_NSS + 3) +#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4) +#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5) +#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6) +#define CKA_NSS_EXPIRES (CKA_NSS + 7) +#define CKA_NSS_KRL (CKA_NSS + 8) + +#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20) +#define CKA_NSS_PQG_SEED (CKA_NSS + 21) +#define CKA_NSS_PQG_H (CKA_NSS + 22) +#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23) +#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24) +#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25) + +#define CKA_NSS_JPAKE_SIGNERID (CKA_NSS + 26) +#define CKA_NSS_JPAKE_PEERID (CKA_NSS + 27) +#define CKA_NSS_JPAKE_GX1 (CKA_NSS + 28) +#define CKA_NSS_JPAKE_GX2 (CKA_NSS + 29) +#define CKA_NSS_JPAKE_GX3 (CKA_NSS + 30) +#define CKA_NSS_JPAKE_GX4 (CKA_NSS + 31) +#define CKA_NSS_JPAKE_X2 (CKA_NSS + 32) +#define CKA_NSS_JPAKE_X2S (CKA_NSS + 33) + +#define CKA_NSS_MOZILLA_CA_POLICY (CKA_NSS + 34) +#define CKA_NSS_SERVER_DISTRUST_AFTER (CKA_NSS + 35) +#define CKA_NSS_EMAIL_DISTRUST_AFTER (CKA_NSS + 36) + +#define CKA_NSS_VALIDATION_TYPE (CKA_NSS + 36) +#define CKA_NSS_VALIDATION_VERSION (CKA_NSS + 37) +#define CKA_NSS_VALIDATION_LEVEL (CKA_NSS + 38) +#define CKA_NSS_VALIDATION_MODULE_ID (CKA_NSS + 39) + +#define CKA_NSS_PARAMETER_SET (CKA_NSS + 40) + +/* + * Trust attributes: + * + * If trust goes standard, these probably will too. So I'll + * put them all in one place. + */ + +#define CKA_TRUST (CKA_NSS + 0x2000) + +/* "Usage" key information */ +#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1) +#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2) +#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3) +#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4) +#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5) +#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6) +#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7) + +/* "Purpose" trust information */ +#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8) +#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9) +#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10) +#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11) +#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12) +#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13) +#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14) +#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15) +#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16) + +#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100) +#define CKA_CERT_MD5_HASH (CKA_TRUST + 101) + +/* NSS trust stuff */ + +/* HISTORICAL: define used to pass in the database key for DSA private keys */ +#define CKA_NSS_DB 0xD5A0DB00L +#define CKA_NSS_TRUST 0x80000001L + +/* FAKE PKCS #11 defines */ +#define CKM_FAKE_RANDOM 0x80000efeUL +#define CKM_INVALID_MECHANISM 0xffffffffUL +#define CKT_INVALID_TYPE 0xffffffffUL + +/* + * NSS-defined crypto mechanisms + * + */ +#define CKM_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1) +#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) + +/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ +#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) +#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) +#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) +#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) + +/* J-PAKE round 1 key generation mechanisms. + * + * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, + * CKA_NSS_JPAKE_SIGNERID + * Output key type: CKK_NSS_JPAKE_ROUND1 + * Output key class: CKO_PRIVATE_KEY + * Parameter type: CK_NSS_JPAKERound1Params + * + */ +#define CKM_NSS_JPAKE_ROUND1_SHA1 (CKM_NSS + 7) +#define CKM_NSS_JPAKE_ROUND1_SHA256 (CKM_NSS + 8) +#define CKM_NSS_JPAKE_ROUND1_SHA384 (CKM_NSS + 9) +#define CKM_NSS_JPAKE_ROUND1_SHA512 (CKM_NSS + 10) + +/* J-PAKE round 2 key derivation mechanisms. + * + * Required template attributes: CKA_NSS_JPAKE_PEERID + * Input key type: CKK_NSS_JPAKE_ROUND1 + * Output key type: CKK_NSS_JPAKE_ROUND2 + * Output key class: CKO_PRIVATE_KEY + * Parameter type: CK_NSS_JPAKERound2Params + */ +#define CKM_NSS_JPAKE_ROUND2_SHA1 (CKM_NSS + 11) +#define CKM_NSS_JPAKE_ROUND2_SHA256 (CKM_NSS + 12) +#define CKM_NSS_JPAKE_ROUND2_SHA384 (CKM_NSS + 13) +#define CKM_NSS_JPAKE_ROUND2_SHA512 (CKM_NSS + 14) + +/* J-PAKE final key material derivation mechanisms + * + * Input key type: CKK_NSS_JPAKE_ROUND2 + * Output key type: CKK_GENERIC_SECRET + * Output key class: CKO_SECRET_KEY + * Parameter type: CK_NSS_JPAKEFinalParams + * + * You must apply a KDF (e.g. CKM_NSS_HKDF_*) to resultant keying material + * to get a key with uniformly distributed bits. + */ +#define CKM_NSS_JPAKE_FINAL_SHA1 (CKM_NSS + 15) +#define CKM_NSS_JPAKE_FINAL_SHA256 (CKM_NSS + 16) +#define CKM_NSS_JPAKE_FINAL_SHA384 (CKM_NSS + 17) +#define CKM_NSS_JPAKE_FINAL_SHA512 (CKM_NSS + 18) + +/* Constant-time MAC mechanisms: + * + * These operations verify a padded, MAC-then-encrypt block of data in + * constant-time. Because of the order of operations, the padding bytes are not + * protected by the MAC. However, disclosing the value of the padding bytes + * gives an attacker the ability to decrypt ciphertexts. Such disclosure can be + * as subtle as taking slightly less time to perform the MAC when the padding + * is one byte longer. See https://www.isg.rhul.ac.uk/tls/ + * + * CKM_NSS_HMAC_CONSTANT_TIME: performs an HMAC authentication. + * CKM_NSS_SSL3_MAC_CONSTANT_TIME: performs an authentication with SSLv3 MAC. + * + * Parameter type: CK_NSS_MAC_CONSTANT_TIME_PARAMS + */ +#define CKM_NSS_HMAC_CONSTANT_TIME (CKM_NSS + 19) +#define CKM_NSS_SSL3_MAC_CONSTANT_TIME (CKM_NSS + 20) + +/* TLS 1.2 mechanisms */ +#define CKM_NSS_TLS_PRF_GENERAL_SHA256 (CKM_NSS + 21) +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256 (CKM_NSS + 22) +#define CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256 (CKM_NSS + 23) +#define CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256 (CKM_NSS + 24) + +/* TLS extended master secret derivation */ +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE (CKM_NSS + 25) +#define CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH (CKM_NSS + 26) + +#define CKM_NSS_CHACHA20_KEY_GEN (CKM_NSS + 27) +#define CKM_NSS_CHACHA20_POLY1305 (CKM_NSS + 28) + +/* Additional PKCS #12 PBE algorithms defined in v1.1 */ +#define CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN (CKM_NSS + 29) +#define CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN (CKM_NSS + 30) +#define CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN (CKM_NSS + 31) +#define CKM_NSS_PKCS12_PBE_SHA512_HMAC_KEY_GEN (CKM_NSS + 32) + +#define CKM_NSS_CHACHA20_CTR (CKM_NSS + 33) + +/* IKE mechanism (to be proposed to PKCS #11 */ +#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 34) +#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 35) +#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 36) +#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 37) + +#define CKM_NSS_PUB_FROM_PRIV (CKM_NSS + 40) + +/* SP800-108 NSS mechanism with support for data object derivation */ +#define CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA (CKM_NSS + 42) +#define CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA (CKM_NSS + 43) +#define CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA (CKM_NSS + 44) + +/* Kyber */ +#define CKM_NSS_KYBER_KEY_PAIR_GEN (CKM_NSS + 45) +#define CKM_NSS_KYBER (CKM_NSS + 46) + +/* + * HISTORICAL: + * Do not attempt to use these. They are only used by NSS's internal + * PKCS #11 interface. Most of these are place holders for other mechanism + * and will change in the future. + */ +#define CKM_NSS_PBE_SHA1_DES_CBC 0x80000002UL +#define CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL +#define CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL +#define CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL +#define CKM_NSS_PBE_SHA1_40_BIT_RC4 0x80000006UL +#define CKM_NSS_PBE_SHA1_128_BIT_RC4 0x80000007UL +#define CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL +#define CKM_NSS_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL +#define CKM_NSS_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL +#define CKM_NSS_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL + +#define CKM_TLS_PRF_GENERAL 0x80000373UL + +/* Parameter set identifiers */ +#define CKP_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS) +#define CKP_NSS_KYBER_768_ROUND3 (CKP_NSS + 1) + +/* FIPS Indicator defines */ +#define CKS_NSS_UNINITIALIZED 0xffffffffUL +#define CKS_NSS_FIPS_NOT_OK 0UL +#define CKS_NSS_FIPS_OK 1UL + +#define CKT_NSS_SESSION_CHECK 1UL +#define CKT_NSS_OBJECT_CHECK 2UL +#define CKT_NSS_BOTH_CHECK 3UL +#define CKT_NSS_SESSION_LAST_CHECK 4UL + +typedef struct CK_NSS_JPAKEPublicValue { + CK_BYTE *pGX; + CK_ULONG ulGXLen; + CK_BYTE *pGV; + CK_ULONG ulGVLen; + CK_BYTE *pR; + CK_ULONG ulRLen; +} CK_NSS_JPAKEPublicValue; + +typedef struct CK_NSS_JPAKERound1Params { + CK_NSS_JPAKEPublicValue gx1; /* out */ + CK_NSS_JPAKEPublicValue gx2; /* out */ +} CK_NSS_JPAKERound1Params; + +typedef struct CK_NSS_JPAKERound2Params { + CK_BYTE *pSharedKey; /* in */ + CK_ULONG ulSharedKeyLen; /* in */ + CK_NSS_JPAKEPublicValue gx3; /* in */ + CK_NSS_JPAKEPublicValue gx4; /* in */ + CK_NSS_JPAKEPublicValue A; /* out */ +} CK_NSS_JPAKERound2Params; + +typedef struct CK_NSS_JPAKEFinalParams { + CK_NSS_JPAKEPublicValue B; /* in */ +} CK_NSS_JPAKEFinalParams; + +/* macAlg: the MAC algorithm to use. This determines the hash function used in + * the HMAC/SSLv3 MAC calculations. + * ulBodyTotalLen: the total length of the data, including padding bytes and + * padding length. + * pHeader: points to a block of data that contains additional data to + * authenticate. For TLS this includes the sequence number etc. For SSLv3, + * this also includes the initial padding bytes. + * + * NOTE: the softoken's implementation of CKM_NSS_HMAC_CONSTANT_TIME and + * CKM_NSS_SSL3_MAC_CONSTANT_TIME requires that the sum of ulBodyTotalLen + * and ulHeaderLen be much smaller than 2^32 / 8 bytes because it uses an + * unsigned int variable to represent the length in bits. This should not + * be a problem because the SSL/TLS protocol limits the size of an SSL + * record to something considerably less than 2^32 bytes. + */ +typedef struct CK_NSS_MAC_CONSTANT_TIME_PARAMS { + CK_MECHANISM_TYPE macAlg; /* in */ + CK_ULONG ulBodyTotalLen; /* in */ + CK_BYTE *pHeader; /* in */ + CK_ULONG ulHeaderLen; /* in */ +} CK_NSS_MAC_CONSTANT_TIME_PARAMS; + +typedef struct CK_NSS_AEAD_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagLen; +} CK_NSS_AEAD_PARAMS; + +/* + * NSS-defined return values + * + */ +#define CKR_NSS (CKM_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1) +#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2) + +/* NSS specific types */ +typedef CK_ULONG CK_NSS_VALIDATION_TYPE; + +typedef CK_ULONG CK_NSS_KEM_PARAMETER_SET_TYPE; + +/* Mandatory parameter for the CKM_NSS_HKDF_* key deriviation mechanisms. + See RFC 5869. + + bExtract: If set, HKDF-Extract will be applied to the input key. If + the optional salt is given, it is used; otherwise, the salt is + set to a sequence of zeros equal in length to the HMAC output. + If bExpand is not set, then the key template given to + C_DeriveKey must indicate an output key size less than or equal + to the output size of the HMAC. + + bExpand: If set, HKDF-Expand will be applied to the input key (if + bExtract is not set) or to the result of HKDF-Extract (if + bExtract is set). Any info given in the optional pInfo field will + be included in the calculation. + + The size of the output key must be specified in the template passed to + C_DeriveKey. +*/ +typedef struct CK_NSS_HKDFParams { + CK_BBOOL bExtract; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_BBOOL bExpand; + CK_BYTE_PTR pInfo; + CK_ULONG ulInfoLen; +} CK_NSS_HKDFParams; + +/* + * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to + * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism. + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bHasSeedKey hSeed key is present. + * hSeedKey optional seed from key + * pSeedData optional seed from data. + * ulSeedDataLen length of optional seed data. + * If no seed data is present this value is NULL. + */ +typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasSeedKey; + CK_OBJECT_HANDLE hSeedKey; + CK_BYTE_PTR pSeedData; + CK_ULONG ulSeedDataLen; +} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS; + +/* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to + * the CKM_NSS_IKE_PRF_DERIVE mechanism. + * + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bRekey hNewKey is present. + * pNi Ni value + * ulNiLen length of Ni + * pNr Nr value + * ulNrLen length of Nr + * hNewKey New key value to drive the rekey. + */ +typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bDataAsKey; + CK_BBOOL bRekey; + CK_BYTE_PTR pNi; + CK_ULONG ulNiLen; + CK_BYTE_PTR pNr; + CK_ULONG ulNrLen; + CK_OBJECT_HANDLE hNewKey; +} CK_NSS_IKE_PRF_DERIVE_PARAMS; + +/* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters + * to the CKM_NSS_IKE_PRF_DERIVE mechanism. + * + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bRekey hNewKey is present. + * pCKYi CKYi value + * ulCKYiLen length of CKYi + * pCKYr CKYr value + * ulCKYrLen length of CKYr + * hNewKey New key value to drive the rekey. + */ +typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasPrevKey; + CK_OBJECT_HANDLE hKeygxy; + CK_OBJECT_HANDLE hPrevKey; + CK_BYTE_PTR pCKYi; + CK_ULONG ulCKYiLen; + CK_BYTE_PTR pCKYr; + CK_ULONG ulCKYrLen; + CK_BYTE keyNumber; +} CK_NSS_IKE1_PRF_DERIVE_PARAMS; + +/* CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS is a structure that provides the + * parameters to the CKM_NSS_IKE_APP_B_PRF_DERIVE mechanism. + * + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bHasKeygxy hKeygxy exists + * hKeygxy optional key to hash in the prf + * pExtraData optional extra data to hash in the prf + * ulExtraData length of the optional extra data. + * + * CK_NSS_IKE_APP_B_PRF_DERIVE can take wither CK_NSS_IKE1_APP_B_PRF_DRIVE_PARAMS + * or a single CK_MECHANISM_TYPE. In the latter cases bHashKeygx is assumed to + * be false and ulExtraDataLen is assumed to be '0'. + */ +typedef struct CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasKeygxy; + CK_OBJECT_HANDLE hKeygxy; + CK_BYTE_PTR pExtraData; + CK_ULONG ulExtraDataLen; +} CK_NSS_IKE1_APP_B_PRF_DERIVE_PARAMS; + +/* + * Parameter for the TLS extended master secret key derivation mechanisms: + * + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE + * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH + * + * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash + * function used. For earlier versions of the PRF, set the prfHashMechanism + * value to CKM_TLS_PRF. + * + * The session hash input is expected to be the output of the same hash + * function as the PRF uses (as required by draft-ietf-tls-session-hash). So + * the ulSessionHashLen member must be equal the output length of the hash + * function specified by the prfHashMechanism member (or, for pre-TLS 1.2 PRF, + * the length of concatenated MD5 and SHA-1 digests). + * + */ +typedef struct CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfHashMechanism; + CK_BYTE_PTR pSessionHash; + CK_ULONG ulSessionHashLen; + CK_VERSION_PTR pVersion; +} CK_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_PARAMS; + +/* + * Trust info + * + * This isn't part of the Cryptoki standard (yet), so I'm putting + * all the definitions here. Some of this would move to nssckt.h + * if trust info were made part of the standard. In view of this + * possibility, I'm putting my (NSS) values in the NSS + * vendor space, like everything else. + */ + +typedef CK_ULONG CK_TRUST; + +/* The following trust types are defined: */ +#define CKT_VENDOR_DEFINED 0x80000000 + +#define CKT_NSS (CKT_VENDOR_DEFINED | NSSCK_VENDOR_NSS) + +/* If trust goes standard, these'll probably drop out of vendor space. */ +#define CKT_NSS_TRUSTED (CKT_NSS + 1) +#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2) +#define CKT_NSS_MUST_VERIFY_TRUST (CKT_NSS + 3) +#define CKT_NSS_NOT_TRUSTED (CKT_NSS + 10) +#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */ + +/* + * These may well remain NSS-specific; I'm only using them + * to cache resolution data. + */ +#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11) + +/* + * old definitions. They still exist, but the plain meaning of the + * labels have never been accurate to what was really implemented. + * The new labels correctly reflect what the values effectively mean. + */ +#if defined(__GNUC__) && (__GNUC__ > 3) +/* make GCC warn when we use these #defines */ +/* + * This is really painful because GCC doesn't allow us to mark random + * #defines as deprecated. We can only mark the following: + * functions, variables, and types. + * const variables will create extra storage for everyone including this + * header file, so it's undesirable. + * functions could be inlined to prevent storage creation, but will fail + * when constant values are expected (like switch statements). + * enum types do not seem to pay attention to the deprecated attribute. + * + * That leaves typedefs. We declare new types that we then deprecate, then + * cast the resulting value to the deprecated type in the #define, thus + * producting the warning when the #define is used. + */ +#if (__GNUC__ == 4) && (__GNUC_MINOR__ < 5) +/* The mac doesn't like the friendlier deprecate messages. I'm assuming this + * is a gcc version issue rather than mac or ppc specific */ +typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated)); +typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated)); +typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated)); +#else +/* when possible, get a full deprecation warning. This works on gcc 4.5 + * it may work on earlier versions of gcc */ +typedef CK_TRUST __CKT_NSS_UNTRUSTED __attribute__((deprecated("CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST"))); +typedef CK_TRUST __CKT_NSS_VALID __attribute__((deprecated("CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED"))); +typedef CK_TRUST __CKT_NSS_MUST_VERIFY __attribute__((deprecated("CKT_NSS_MUST_VERIFY really functions as CKT_NSS_TRUST_UNKNOWN"))); +#endif +#define CKT_NSS_UNTRUSTED ((__CKT_NSS_UNTRUSTED)CKT_NSS_MUST_VERIFY_TRUST) +#define CKT_NSS_VALID ((__CKT_NSS_VALID)CKT_NSS_NOT_TRUSTED) +/* keep the old value for compatibility reasons*/ +#define CKT_NSS_MUST_VERIFY ((__CKT_NSS_MUST_VERIFY)(CKT_NSS + 4)) +#else +#ifdef _WIN32 +/* This magic gets the windows compiler to give us a deprecation + * warning */ +#pragma deprecated(CKT_NSS_UNTRUSTED, CKT_NSS_MUST_VERIFY, CKT_NSS_VALID) +#endif +/* CKT_NSS_UNTRUSTED really means CKT_NSS_MUST_VERIFY_TRUST */ +#define CKT_NSS_UNTRUSTED CKT_NSS_MUST_VERIFY_TRUST +/* CKT_NSS_VALID really means CKT_NSS_NOT_TRUSTED */ +#define CKT_NSS_VALID CKT_NSS_NOT_TRUSTED +/* CKT_NSS_MUST_VERIFY was always treated as CKT_NSS_TRUST_UNKNOWN */ +#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4) /*really means trust unknown*/ +#endif + +/* + * These are not really PKCS #11 values specifically. They are the 'loadable' + * module spec NSS uses. They are available for others to use as well, but not + * part of the formal PKCS #11 spec. + * + * The function 'FIND' returns an array of PKCS #11 initialization strings + * The function 'ADD' takes a PKCS #11 initialization string and stores it. + * The function 'DEL' takes a 'name= library=' value and deletes the associated + * string. + * The function 'RELEASE' frees the array returned by 'FIND' + */ +#define SECMOD_MODULE_DB_FUNCTION_FIND 0 +#define SECMOD_MODULE_DB_FUNCTION_ADD 1 +#define SECMOD_MODULE_DB_FUNCTION_DEL 2 +#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3 +typedef char **(PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function, + char *parameters, void *moduleSpec); + +/* softoken slot ID's */ +#define SFTK_MIN_USER_SLOT_ID 4 +#define SFTK_MAX_USER_SLOT_ID 100 +#define SFTK_MIN_FIPS_USER_SLOT_ID 101 +#define SFTK_MAX_FIPS_USER_SLOT_ID 127 + +/* Module Interface. This is the old NSS private module interface, now exported + * as a PKCS #11 v3 interface. It's interface name is + * "Vendor NSS Module Interface" */ +typedef char **(*CK_NSS_ModuleDBFunc)(unsigned long function, + char *parameters, void *args); +typedef struct CK_NSS_MODULE_FUNCTIONS { + CK_VERSION version; + CK_NSS_ModuleDBFunc NSC_ModuleDBFunc; +} CK_NSS_MODULE_FUNCTIONS; + +/* FIPS Indicator Interface. This may move to the normal PKCS #11 table + * in the future. For now it's called "Vendor NSS FIPS Interface" */ +typedef CK_RV (*CK_NSS_GetFIPSStatus)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG ulOperationType, + CK_ULONG *pulFIPSStatus); + +typedef struct CK_NSS_FIPS_FUNCTIONS { + CK_VERSION version; + CK_NSS_GetFIPSStatus NSC_NSSGetFIPSStatus; +} CK_NSS_FIPS_FUNCTIONS; + +/* KEM interface. This may move to the normal PKCS #11 table in the future. For + * now it's called "Vendor NSS KEM Interface" */ +typedef CK_RV (*CK_NSS_Encapsulate)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hPublicKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey, + CK_BYTE_PTR pCiphertext, + CK_ULONG_PTR pulCiphertextLen); + +typedef CK_RV (*CK_NSS_Decapsulate)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hPrivateKey, + CK_BYTE_PTR pCiphertext, + CK_ULONG ulCiphertextLen, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_OBJECT_HANDLE_PTR phKey); + +typedef struct CK_NSS_KEM_FUNCTIONS { + CK_VERSION version; + CK_NSS_Encapsulate C_Encapsulate; + CK_NSS_Decapsulate C_Decapsulate; +} CK_NSS_KEM_FUNCTIONS; + +/* There was an inconsistency between the spec and the header file in defining + * the CK_GCM_PARAMS structure. The authoritative reference is the header file, + * but NSS used the spec when adding it to its own header. In V3 we've + * corrected it, but we need to handle the old case for devices that followed + * us in using the incorrect specification. */ +typedef struct CK_NSS_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_NSS_GCM_PARAMS; + +typedef CK_NSS_GCM_PARAMS CK_PTR CK_NSS_GCM_PARAMS_PTR; + +/* deprecated #defines. Drop in future NSS releases */ +#ifdef NSS_PKCS11_2_0_COMPAT + +/* defines that were changed between NSS's PKCS #11 and the Oasis headers */ +#define CKF_EC_FP CKF_EC_F_P +#define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS +#define CK_INVALID_SESSION CK_INVALID_HANDLE +#define CKR_KEY_PARAMS_INVALID 0x0000006B + +/* use the old wrong CK_GCM_PARAMS if NSS_PCKS11_2_0_COMPAT is defined */ +typedef struct CK_NSS_GCM_PARAMS CK_GCM_PARAMS; +typedef CK_NSS_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; + +/* don't leave old programs in a lurch just yet, give them the old NETSCAPE + * synonym if NSS_PKCS11_2_0_COMPAT is defined*/ +#define CKO_NETSCAPE_CRL CKO_NSS_CRL +#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME +#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST +#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST +#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT +#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT +#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8 +#define CKA_NETSCAPE_URL CKA_NSS_URL +#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL +#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO +#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP +#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT +#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK +#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES +#define CKA_NETSCAPE_KRL CKA_NSS_KRL +#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER +#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED +#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H +#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS +#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC +#define CKA_NETSCAPE_DB CKA_NSS_DB +#define CKA_NETSCAPE_TRUST CKA_NSS_TRUST +#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP +#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD +#define CKM_NETSCAPE_PBE_SHA1_DES_CBC CKM_NSS_PBE_SHA1_DES_CBC +#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC CKM_NSS_PBE_SHA1_TRIPLE_DES_CBC +#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC CKM_NSS_PBE_SHA1_40_BIT_RC2_CBC +#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC CKM_NSS_PBE_SHA1_128_BIT_RC2_CBC +#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 CKM_NSS_PBE_SHA1_40_BIT_RC4 +#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 CKM_NSS_PBE_SHA1_128_BIT_RC4 +#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC CKM_NSS_PBE_SHA1_FAULTY_3DES_CBC +#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN CKM_NSS_PBE_SHA1_HMAC_KEY_GEN +#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN CKM_NSS_PBE_MD5_HMAC_KEY_GEN +#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN CKM_NSS_PBE_MD2_HMAC_KEY_GEN +#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED +#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED + +#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED +#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR +#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED +#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY +#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN +#define CKT_NETSCAPE_VALID CKT_NSS_VALID +#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR +#else +/* use the new CK_GCM_PARAMS if NSS_PKCS11_2_0_COMPAT is not defined */ +typedef struct CK_GCM_PARAMS_V3 CK_GCM_PARAMS; +typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_PTR; +#endif + +#endif /* _PKCS11N_H_ */ -- cgit v1.2.3