1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
23
* Alternatively, the contents of this file may be used under the terms of
24
* either the GNU General Public License Version 2 or later (the "GPL"), or
25
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26
* in which case the provisions of the GPL or the LGPL are applicable instead
27
* of those above. If you wish to allow use of your version of this file only
28
* under the terms of either the GPL or the LGPL, and not to allow others to
29
* use your version of this file under the terms of the MPL, indicate your
30
* decision by deleting the provisions above and replace them with the notice
31
* and other provisions required by the GPL or the LGPL. If you do not delete
32
* the provisions above, a recipient may use your version of this file under
33
* the terms of any one of the MPL, the GPL or the LGPL.
35
* ***** END LICENSE BLOCK ***** */
41
static const char NSSCKMDT_CVS_ID[] = "@(#) $RCSfile: nssckmdt.h,v $ $Revision: 1.5 $ $Date: 2005/01/20 02:25:45 $";
47
* This file specifies the basic types that must be implemented by
48
* any Module using the NSS Cryptoki Framework.
53
#endif /* NSSBASET_H */
61
#endif /* NSSCKFWT_H */
63
typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
64
typedef struct NSSCKMDSlotStr NSSCKMDSlot;
65
typedef struct NSSCKMDTokenStr NSSCKMDToken;
66
typedef struct NSSCKMDSessionStr NSSCKMDSession;
67
typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
68
typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
69
typedef struct NSSCKMDObjectStr NSSCKMDObject;
74
* This is a structure used by modules to return object attributes.
75
* The needsFreeing bit indicates whether the object needs to be freed.
76
* If so, the framework will call the FreeAttribute function on the item
77
* after it is done using it.
89
* This is the basic handle for an instance of a PKCS#11 Module.
90
* It is returned by the Module's CreateInstance routine, and
91
* may be obtained from the corresponding NSSCKFWInstance object.
92
* It contains a pointer for use by the Module, to store any
93
* instance-related data, and it contains the EPV for a set of
94
* routines which the Module may implement for use by the Framework.
95
* Some of these routines are optional; others are mandatory.
98
struct NSSCKMDInstanceStr {
100
* The Module may use this pointer for its own purposes.
105
* This routine is called by the Framework to initialize
106
* the Module. This routine is optional; if unimplemented,
107
* it won't be called. If this routine returns an error,
108
* then the initialization will fail.
110
CK_RV (PR_CALLBACK *Initialize)(
111
NSSCKMDInstance *mdInstance,
112
NSSCKFWInstance *fwInstance,
113
NSSUTF8 *configurationData
117
* This routine is called when the Framework is finalizing
118
* the PKCS#11 Module. It is the last thing called before
119
* the NSSCKFWInstance's NSSArena is destroyed. This routine
120
* is optional; if unimplemented, it merely won't be called.
122
void (PR_CALLBACK *Finalize)(
123
NSSCKMDInstance *mdInstance,
124
NSSCKFWInstance *fwInstance
128
* This routine gets the number of slots. This value must
129
* never change, once the instance is initialized. This
130
* routine must be implemented. It may return zero on error.
132
CK_ULONG (PR_CALLBACK *GetNSlots)(
133
NSSCKMDInstance *mdInstance,
134
NSSCKFWInstance *fwInstance,
139
* This routine returns the version of the Cryptoki standard
140
* to which this Module conforms. This routine is optional;
141
* if unimplemented, the Framework uses the version to which
142
* ~it~ was implemented.
144
CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
145
NSSCKMDInstance *mdInstance,
146
NSSCKFWInstance *fwInstance
150
* This routine returns a pointer to a UTF8-encoded string
151
* containing the manufacturer ID for this Module. Only
152
* the characters completely encoded in the first thirty-
153
* two bytes are significant. This routine is optional.
154
* The string returned is never freed; if dynamically generated,
155
* the space for it should be allocated from the NSSArena
156
* that may be obtained from the NSSCKFWInstance. This
157
* routine may return NULL upon error; however if *pError
158
* is CKR_OK, the NULL will be considered the valid response.
160
NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
161
NSSCKMDInstance *mdInstance,
162
NSSCKFWInstance *fwInstance,
167
* This routine returns a pointer to a UTF8-encoded string
168
* containing a description of this Module library. Only
169
* the characters completely encoded in the first thirty-
170
* two bytes are significant. This routine is optional.
171
* The string returned is never freed; if dynamically generated,
172
* the space for it should be allocated from the NSSArena
173
* that may be obtained from the NSSCKFWInstance. This
174
* routine may return NULL upon error; however if *pError
175
* is CKR_OK, the NULL will be considered the valid response.
177
NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
178
NSSCKMDInstance *mdInstance,
179
NSSCKFWInstance *fwInstance,
184
* This routine returns the version of this Module library.
185
* This routine is optional; if unimplemented, the Framework
186
* will assume a Module library version of 0.1.
188
CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
189
NSSCKMDInstance *mdInstance,
190
NSSCKFWInstance *fwInstance
194
* This routine returns CK_TRUE if the Module wishes to
195
* handle session objects. This routine is optional.
196
* If this routine is NULL, or if it exists but returns
197
* CK_FALSE, the Framework will assume responsibility
198
* for managing session objects.
200
CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
201
NSSCKMDInstance *mdInstance,
202
NSSCKFWInstance *fwInstance
206
* This routine stuffs pointers to NSSCKMDSlot objects into
207
* the specified array; one for each slot supported by this
208
* instance. The Framework will determine the size needed
209
* for the array by calling GetNSlots. This routine is
212
CK_RV (PR_CALLBACK *GetSlots)(
213
NSSCKMDInstance *mdInstance,
214
NSSCKFWInstance *fwInstance,
219
* This call returns a pointer to the slot in which an event
220
* has occurred. If the block argument is CK_TRUE, the call
221
* should block until a slot event occurs; if CK_FALSE, it
222
* should check to see if an event has occurred, occurred,
223
* but return NULL (and set *pError to CK_NO_EVENT) if one
224
* hasn't. This routine is optional; if unimplemented, the
225
* Framework will assume that no event has happened. This
226
* routine may return NULL upon error.
228
NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
229
NSSCKMDInstance *mdInstance,
230
NSSCKFWInstance *fwInstance,
236
* This object may be extended in future versions of the
237
* NSS Cryptoki Framework. To allow for some flexibility
238
* in the area of binary compatibility, this field should
248
* This is the basic handle for a PKCS#11 Module Slot. It is
249
* created by the NSSCKMDInstance->GetSlots call, and may be
250
* obtained from the Framework's corresponding NSSCKFWSlot
251
* object. It contains a pointer for use by the Module, to
252
* store any slot-related data, and it contains the EPV for
253
* a set of routines which the Module may implement for use
254
* by the Framework. Some of these routines are optional.
257
struct NSSCKMDSlotStr {
259
* The Module may use this pointer for its own purposes.
264
* This routine is called during the Framework initialization
265
* step, after the Framework Instance has obtained the list
266
* of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
267
* specific initialization can be done here. This routine is
268
* optional; if unimplemented, it won't be called. Note that
269
* if this routine returns an error, the entire Framework
270
* initialization for this Module will fail.
272
CK_RV (PR_CALLBACK *Initialize)(
275
NSSCKMDInstance *mdInstance,
276
NSSCKFWInstance *fwInstance
280
* This routine is called when the Framework is finalizing
281
* the PKCS#11 Module. This call (for each of the slots)
282
* is the last thing called before NSSCKMDInstance->Finalize.
283
* This routine is optional; if unimplemented, it merely
284
* won't be called. Note: In the rare circumstance that
285
* the Framework initialization cannot complete (due to,
286
* for example, memory limitations), this can be called with
287
* a NULL value for fwSlot.
289
void (PR_CALLBACK *Destroy)(
292
NSSCKMDInstance *mdInstance,
293
NSSCKFWInstance *fwInstance
297
* This routine returns a pointer to a UTF8-encoded string
298
* containing a description of this slot. Only the characters
299
* completely encoded in the first sixty-four bytes are
300
* significant. This routine is optional. The string
301
* returned is never freed; if dynamically generated,
302
* the space for it should be allocated from the NSSArena
303
* that may be obtained from the NSSCKFWInstance. This
304
* routine may return NULL upon error; however if *pError
305
* is CKR_OK, the NULL will be considered the valid response.
307
NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
310
NSSCKMDInstance *mdInstance,
311
NSSCKFWInstance *fwInstance,
316
* This routine returns a pointer to a UTF8-encoded string
317
* containing a description of the manufacturer of this slot.
318
* Only the characters completely encoded in the first thirty-
319
* two bytes are significant. This routine is optional.
320
* The string returned is never freed; if dynamically generated,
321
* the space for it should be allocated from the NSSArena
322
* that may be obtained from the NSSCKFWInstance. This
323
* routine may return NULL upon error; however if *pError
324
* is CKR_OK, the NULL will be considered the valid response.
326
NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
329
NSSCKMDInstance *mdInstance,
330
NSSCKFWInstance *fwInstance,
335
* This routine returns CK_TRUE if a token is present in this
336
* slot. This routine is optional; if unimplemented, CK_TRUE
339
CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
342
NSSCKMDInstance *mdInstance,
343
NSSCKFWInstance *fwInstance
347
* This routine returns CK_TRUE if the slot supports removable
348
* tokens. This routine is optional; if unimplemented, CK_FALSE
351
CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
354
NSSCKMDInstance *mdInstance,
355
NSSCKFWInstance *fwInstance
359
* This routine returns CK_TRUE if this slot is a hardware
360
* device, or CK_FALSE if this slot is a software device. This
361
* routine is optional; if unimplemented, CK_FALSE is assumed.
363
CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
366
NSSCKMDInstance *mdInstance,
367
NSSCKFWInstance *fwInstance
371
* This routine returns the version of this slot's hardware.
372
* This routine is optional; if unimplemented, the Framework
373
* will assume a hardware version of 0.1.
375
CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
378
NSSCKMDInstance *mdInstance,
379
NSSCKFWInstance *fwInstance
383
* This routine returns the version of this slot's firmware.
384
* This routine is optional; if unimplemented, the Framework
385
* will assume a hardware version of 0.1.
387
CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
390
NSSCKMDInstance *mdInstance,
391
NSSCKFWInstance *fwInstance
395
* This routine should return a pointer to an NSSCKMDToken
396
* object corresponding to the token in the specified slot.
397
* The NSSCKFWToken object passed in has an NSSArena
398
* available which is dedicated for this token. This routine
399
* must be implemented. This routine may return NULL upon
402
NSSCKMDToken *(PR_CALLBACK *GetToken)(
405
NSSCKMDInstance *mdInstance,
406
NSSCKFWInstance *fwInstance,
411
* This object may be extended in future versions of the
412
* NSS Cryptoki Framework. To allow for some flexibility
413
* in the area of binary compatibility, this field should
422
* This is the basic handle for a PKCS#11 Token. It is created by
423
* the NSSCKMDSlot->GetToken call, and may be obtained from the
424
* Framework's corresponding NSSCKFWToken object. It contains a
425
* pointer for use by the Module, to store any token-related
426
* data, and it contains the EPV for a set of routines which the
427
* Module may implement for use by the Framework. Some of these
428
* routines are optional.
431
struct NSSCKMDTokenStr {
433
* The Module may use this pointer for its own purposes.
438
* This routine is used to prepare a Module token object for
439
* use. It is called after the NSSCKMDToken object is obtained
440
* from NSSCKMDSlot->GetToken. It is named "Setup" here because
441
* Cryptoki already defines "InitToken" to do the process of
442
* wiping out any existing state on a token and preparing it for
443
* a new use. This routine is optional; if unimplemented, it
444
* merely won't be called.
446
CK_RV (PR_CALLBACK *Setup)(
447
NSSCKMDToken *mdToken,
448
NSSCKFWToken *fwToken,
449
NSSCKMDInstance *mdInstance,
450
NSSCKFWInstance *fwInstance
454
* This routine is called by the Framework whenever it notices
455
* that the token object is invalid. (Typically this is when a
456
* routine indicates an error such as CKR_DEVICE_REMOVED). This
457
* call is the last thing called before the NSSArena in the
458
* corresponding NSSCKFWToken is destroyed. This routine is
459
* optional; if unimplemented, it merely won't be called.
461
void (PR_CALLBACK *Invalidate)(
462
NSSCKMDToken *mdToken,
463
NSSCKFWToken *fwToken,
464
NSSCKMDInstance *mdInstance,
465
NSSCKFWInstance *fwInstance
469
* This routine initialises the token in the specified slot.
470
* This routine is optional; if unimplemented, the Framework
471
* will fail this operation with an error of CKR_DEVICE_ERROR.
474
CK_RV (PR_CALLBACK *InitToken)(
475
NSSCKMDToken *mdToken,
476
NSSCKFWToken *fwToken,
477
NSSCKMDInstance *mdInstance,
478
NSSCKFWInstance *fwInstance,
484
* This routine returns a pointer to a UTF8-encoded string
485
* containing this token's label. Only the characters
486
* completely encoded in the first thirty-two bytes are
487
* significant. This routine is optional. The string
488
* returned is never freed; if dynamically generated,
489
* the space for it should be allocated from the NSSArena
490
* that may be obtained from the NSSCKFWInstance. This
491
* routine may return NULL upon error; however if *pError
492
* is CKR_OK, the NULL will be considered the valid response.
494
NSSUTF8 *(PR_CALLBACK *GetLabel)(
495
NSSCKMDToken *mdToken,
496
NSSCKFWToken *fwToken,
497
NSSCKMDInstance *mdInstance,
498
NSSCKFWInstance *fwInstance,
503
* This routine returns a pointer to a UTF8-encoded string
504
* containing this token's manufacturer ID. Only the characters
505
* completely encoded in the first thirty-two bytes are
506
* significant. This routine is optional. The string
507
* returned is never freed; if dynamically generated,
508
* the space for it should be allocated from the NSSArena
509
* that may be obtained from the NSSCKFWInstance. This
510
* routine may return NULL upon error; however if *pError
511
* is CKR_OK, the NULL will be considered the valid response.
513
NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
514
NSSCKMDToken *mdToken,
515
NSSCKFWToken *fwToken,
516
NSSCKMDInstance *mdInstance,
517
NSSCKFWInstance *fwInstance,
522
* This routine returns a pointer to a UTF8-encoded string
523
* containing this token's model name. Only the characters
524
* completely encoded in the first thirty-two bytes are
525
* significant. This routine is optional. The string
526
* returned is never freed; if dynamically generated,
527
* the space for it should be allocated from the NSSArena
528
* that may be obtained from the NSSCKFWInstance. This
529
* routine may return NULL upon error; however if *pError
530
* is CKR_OK, the NULL will be considered the valid response.
532
NSSUTF8 *(PR_CALLBACK *GetModel)(
533
NSSCKMDToken *mdToken,
534
NSSCKFWToken *fwToken,
535
NSSCKMDInstance *mdInstance,
536
NSSCKFWInstance *fwInstance,
541
* This routine returns a pointer to a UTF8-encoded string
542
* containing this token's serial number. Only the characters
543
* completely encoded in the first thirty-two bytes are
544
* significant. This routine is optional. The string
545
* returned is never freed; if dynamically generated,
546
* the space for it should be allocated from the NSSArena
547
* that may be obtained from the NSSCKFWInstance. This
548
* routine may return NULL upon error; however if *pError
549
* is CKR_OK, the NULL will be considered the valid response.
551
NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
552
NSSCKMDToken *mdToken,
553
NSSCKFWToken *fwToken,
554
NSSCKMDInstance *mdInstance,
555
NSSCKFWInstance *fwInstance,
560
* This routine returns CK_TRUE if the token has its own
561
* random number generator. This routine is optional; if
562
* unimplemented, CK_FALSE is assumed.
564
CK_BBOOL (PR_CALLBACK *GetHasRNG)(
565
NSSCKMDToken *mdToken,
566
NSSCKFWToken *fwToken,
567
NSSCKMDInstance *mdInstance,
568
NSSCKFWInstance *fwInstance
572
* This routine returns CK_TRUE if this token is write-protected.
573
* This routine is optional; if unimplemented, CK_FALSE is
576
CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
577
NSSCKMDToken *mdToken,
578
NSSCKFWToken *fwToken,
579
NSSCKMDInstance *mdInstance,
580
NSSCKFWInstance *fwInstance
584
* This routine returns CK_TRUE if this token requires a login.
585
* This routine is optional; if unimplemented, CK_FALSE is
588
CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
589
NSSCKMDToken *mdToken,
590
NSSCKFWToken *fwToken,
591
NSSCKMDInstance *mdInstance,
592
NSSCKFWInstance *fwInstance
596
* This routine returns CK_TRUE if the normal user's PIN on this
597
* token has been initialised. This routine is optional; if
598
* unimplemented, CK_FALSE is assumed.
600
CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
601
NSSCKMDToken *mdToken,
602
NSSCKFWToken *fwToken,
603
NSSCKMDInstance *mdInstance,
604
NSSCKFWInstance *fwInstance
608
* This routine returns CK_TRUE if a successful save of a
609
* session's cryptographic operations state ~always~ contains
610
* all keys needed to restore the state of the session. This
611
* routine is optional; if unimplemented, CK_FALSE is assumed.
613
CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
614
NSSCKMDToken *mdToken,
615
NSSCKFWToken *fwToken,
616
NSSCKMDInstance *mdInstance,
617
NSSCKFWInstance *fwInstance
621
* This routine returns CK_TRUE if the token has its own
622
* hardware clock. This routine is optional; if unimplemented,
623
* CK_FALSE is assumed.
625
CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
626
NSSCKMDToken *mdToken,
627
NSSCKFWToken *fwToken,
628
NSSCKMDInstance *mdInstance,
629
NSSCKFWInstance *fwInstance
633
* This routine returns CK_TRUE if the token has a protected
634
* authentication path. This routine is optional; if
635
* unimplemented, CK_FALSE is assumed.
637
CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
638
NSSCKMDToken *mdToken,
639
NSSCKFWToken *fwToken,
640
NSSCKMDInstance *mdInstance,
641
NSSCKFWInstance *fwInstance
645
* This routine returns CK_TRUE if the token supports dual
646
* cryptographic operations within a single session. This
647
* routine is optional; if unimplemented, CK_FALSE is assumed.
649
CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
650
NSSCKMDToken *mdToken,
651
NSSCKFWToken *fwToken,
652
NSSCKMDInstance *mdInstance,
653
NSSCKFWInstance *fwInstance
657
* XXX fgmr-- should we have a call to return all the flags
658
* at once, for folks who already know about Cryptoki?
662
* This routine returns the maximum number of sessions that
663
* may be opened on this token. This routine is optional;
664
* if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
665
* is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
667
CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
668
NSSCKMDToken *mdToken,
669
NSSCKFWToken *fwToken,
670
NSSCKMDInstance *mdInstance,
671
NSSCKFWInstance *fwInstance
675
* This routine returns the maximum number of read/write
676
* sesisons that may be opened on this token. This routine
677
* is optional; if unimplemented, the special value
678
* CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
679
* CK_EFFECTIVELY_INFINITE?
681
CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
682
NSSCKMDToken *mdToken,
683
NSSCKFWToken *fwToken,
684
NSSCKMDInstance *mdInstance,
685
NSSCKFWInstance *fwInstance
689
* This routine returns the maximum PIN code length that is
690
* supported on this token. This routine is optional;
691
* if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
694
CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
695
NSSCKMDToken *mdToken,
696
NSSCKFWToken *fwToken,
697
NSSCKMDInstance *mdInstance,
698
NSSCKFWInstance *fwInstance
702
* This routine returns the minimum PIN code length that is
703
* supported on this token. This routine is optional; if
704
* unimplemented, the special value CK_UNAVAILABLE_INFORMATION
705
* is assumed. XXX fgmr-- or 0?
707
CK_ULONG (PR_CALLBACK *GetMinPinLen)(
708
NSSCKMDToken *mdToken,
709
NSSCKFWToken *fwToken,
710
NSSCKMDInstance *mdInstance,
711
NSSCKFWInstance *fwInstance
715
* This routine returns the total amount of memory on the token
716
* in which public objects may be stored. This routine is
717
* optional; if unimplemented, the special value
718
* CK_UNAVAILABLE_INFORMATION is assumed.
720
CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
721
NSSCKMDToken *mdToken,
722
NSSCKFWToken *fwToken,
723
NSSCKMDInstance *mdInstance,
724
NSSCKFWInstance *fwInstance
728
* This routine returns the amount of unused memory on the
729
* token in which public objects may be stored. This routine
730
* is optional; if unimplemented, the special value
731
* CK_UNAVAILABLE_INFORMATION is assumed.
733
CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
734
NSSCKMDToken *mdToken,
735
NSSCKFWToken *fwToken,
736
NSSCKMDInstance *mdInstance,
737
NSSCKFWInstance *fwInstance
741
* This routine returns the total amount of memory on the token
742
* in which private objects may be stored. This routine is
743
* optional; if unimplemented, the special value
744
* CK_UNAVAILABLE_INFORMATION is assumed.
746
CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
747
NSSCKMDToken *mdToken,
748
NSSCKFWToken *fwToken,
749
NSSCKMDInstance *mdInstance,
750
NSSCKFWInstance *fwInstance
754
* This routine returns the amount of unused memory on the
755
* token in which private objects may be stored. This routine
756
* is optional; if unimplemented, the special value
757
* CK_UNAVAILABLE_INFORMATION is assumed.
759
CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
760
NSSCKMDToken *mdToken,
761
NSSCKFWToken *fwToken,
762
NSSCKMDInstance *mdInstance,
763
NSSCKFWInstance *fwInstance
767
* This routine returns the version number of this token's
768
* hardware. This routine is optional; if unimplemented,
769
* the value 0.1 is assumed.
771
CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
772
NSSCKMDToken *mdToken,
773
NSSCKFWToken *fwToken,
774
NSSCKMDInstance *mdInstance,
775
NSSCKFWInstance *fwInstance
779
* This routine returns the version number of this token's
780
* firmware. This routine is optional; if unimplemented,
781
* the value 0.1 is assumed.
783
CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
784
NSSCKMDToken *mdToken,
785
NSSCKFWToken *fwToken,
786
NSSCKMDInstance *mdInstance,
787
NSSCKFWInstance *fwInstance
791
* This routine stuffs the current UTC time, as obtained from
792
* the token, into the sixteen-byte buffer in the form
793
* YYYYMMDDhhmmss00. This routine need only be implemented
794
* by token which indicate that they have a real-time clock.
795
* XXX fgmr-- think about time formats.
797
CK_RV (PR_CALLBACK *GetUTCTime)(
798
NSSCKMDToken *mdToken,
799
NSSCKFWToken *fwToken,
800
NSSCKMDInstance *mdInstance,
801
NSSCKFWInstance *fwInstance,
806
* This routine creates a session on the token, and returns
807
* the corresponding NSSCKMDSession object. The value of
808
* rw will be CK_TRUE if the session is to be a read/write
809
* session, or CK_FALSE otherwise. An NSSArena dedicated to
810
* the new session is available from the specified NSSCKFWSession.
811
* This routine may return NULL upon error.
813
NSSCKMDSession *(PR_CALLBACK *OpenSession)(
814
NSSCKMDToken *mdToken,
815
NSSCKFWToken *fwToken,
816
NSSCKMDInstance *mdInstance,
817
NSSCKFWInstance *fwInstance,
818
NSSCKFWSession *fwSession,
824
* This routine returns the number of PKCS#11 Mechanisms
825
* supported by this token. This routine is optional; if
826
* unimplemented, zero is assumed.
828
CK_ULONG (PR_CALLBACK *GetMechanismCount)(
829
NSSCKMDToken *mdToken,
830
NSSCKFWToken *fwToken,
831
NSSCKMDInstance *mdInstance,
832
NSSCKFWInstance *fwInstance
836
* This routine stuffs into the specified array the types
837
* of the mechanisms supported by this token. The Framework
838
* determines the size of the array by calling GetMechanismCount.
840
CK_RV (PR_CALLBACK *GetMechanismTypes)(
841
NSSCKMDToken *mdToken,
842
NSSCKFWToken *fwToken,
843
NSSCKMDInstance *mdInstance,
844
NSSCKFWInstance *fwInstance,
845
CK_MECHANISM_TYPE types[]
849
* This routine returns a pointer to a Module mechanism
850
* object corresponding to a specified type. This routine
851
* need only exist for tokens implementing at least one
854
NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
855
NSSCKMDToken *mdToken,
856
NSSCKFWToken *fwToken,
857
NSSCKMDInstance *mdInstance,
858
NSSCKFWInstance *fwInstance,
859
NSSCKFWMechanism *fwMechanism,
860
CK_MECHANISM_TYPE which
864
* This object may be extended in future versions of the
865
* NSS Cryptoki Framework. To allow for some flexibility
866
* in the area of binary compatibility, this field should
875
* This is the basic handle for a session on a PKCS#11 Token. It
876
* is created by NSSCKMDToken->OpenSession, and may be obtained
877
* from the Framework's corresponding NSSCKFWSession object. It
878
* contains a pointer for use by the Module, to store any session-
879
* realted data, and it contains the EPV for a set of routines
880
* which the Module may implement for use by the Framework. Some
881
* of these routines are optional.
884
struct NSSCKMDSessionStr {
886
* The Module may use this pointer for its own purposes.
891
* This routine is called by the Framework when a session is
892
* closed. This call is the last thing called before the
893
* NSSArena in the correspoinding NSSCKFWSession is destroyed.
894
* This routine is optional; if unimplemented, it merely won't
897
void (PR_CALLBACK *Close)(
898
NSSCKMDSession *mdSession,
899
NSSCKFWSession *fwSession,
900
NSSCKMDToken *mdToken,
901
NSSCKFWToken *fwToken,
902
NSSCKMDInstance *mdInstance,
903
NSSCKFWInstance *fwInstance
907
* This routine is used to get any device-specific error.
908
* This routine is optional.
910
CK_ULONG (PR_CALLBACK *GetDeviceError)(
911
NSSCKMDSession *mdSession,
912
NSSCKFWSession *fwSession,
913
NSSCKMDToken *mdToken,
914
NSSCKFWToken *fwToken,
915
NSSCKMDInstance *mdInstance,
916
NSSCKFWInstance *fwInstance
920
* This routine is used to log in a user to the token. This
921
* routine is optional, since the Framework's NSSCKFWSession
922
* object keeps track of the login state.
924
CK_RV (PR_CALLBACK *Login)(
925
NSSCKMDSession *mdSession,
926
NSSCKFWSession *fwSession,
927
NSSCKMDToken *mdToken,
928
NSSCKFWToken *fwToken,
929
NSSCKMDInstance *mdInstance,
930
NSSCKFWInstance *fwInstance,
931
CK_USER_TYPE userType,
938
* This routine is used to log out a user from the token. This
939
* routine is optional, since the Framework's NSSCKFWSession
940
* object keeps track of the login state.
942
CK_RV (PR_CALLBACK *Logout)(
943
NSSCKMDSession *mdSession,
944
NSSCKFWSession *fwSession,
945
NSSCKMDToken *mdToken,
946
NSSCKFWToken *fwToken,
947
NSSCKMDInstance *mdInstance,
948
NSSCKFWInstance *fwInstance,
954
* This routine is used to initialize the normal user's PIN or
955
* password. This will only be called in the "read/write
956
* security officer functions" state. If this token has a
957
* protected authentication path, then the pin argument will
958
* be NULL. This routine is optional; if unimplemented, the
959
* Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
961
CK_RV (PR_CALLBACK *InitPIN)(
962
NSSCKMDSession *mdSession,
963
NSSCKFWSession *fwSession,
964
NSSCKMDToken *mdToken,
965
NSSCKFWToken *fwToken,
966
NSSCKMDInstance *mdInstance,
967
NSSCKFWInstance *fwInstance,
972
* This routine is used to modify a user's PIN or password. This
973
* routine will only be called in the "read/write security officer
974
* functions" or "read/write user functions" state. If this token
975
* has a protected authentication path, then the pin arguments
976
* will be NULL. This routine is optional; if unimplemented, the
977
* Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
979
CK_RV (PR_CALLBACK *SetPIN)(
980
NSSCKMDSession *mdSession,
981
NSSCKFWSession *fwSession,
982
NSSCKMDToken *mdToken,
983
NSSCKFWToken *fwToken,
984
NSSCKMDInstance *mdInstance,
985
NSSCKFWInstance *fwInstance,
991
* This routine is used to find out how much space would be required
992
* to save the current operational state. This routine is optional;
993
* if unimplemented, the Framework will reject any attempts to save
994
* the operational state with the error CKR_STATE_UNSAVEABLE. This
995
* routine may return zero on error.
997
CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
998
NSSCKMDSession *mdSession,
999
NSSCKFWSession *fwSession,
1000
NSSCKMDToken *mdToken,
1001
NSSCKFWToken *fwToken,
1002
NSSCKMDInstance *mdInstance,
1003
NSSCKFWInstance *fwInstance,
1008
* This routine is used to store the current operational state. This
1009
* routine is only required if GetOperationStateLen is implemented
1010
* and can return a nonzero value. The buffer in the specified item
1011
* will be pre-allocated, and the length will specify the amount of
1012
* space available (which may be more than GetOperationStateLen
1013
* asked for, but which will not be smaller).
1015
CK_RV (PR_CALLBACK *GetOperationState)(
1016
NSSCKMDSession *mdSession,
1017
NSSCKFWSession *fwSession,
1018
NSSCKMDToken *mdToken,
1019
NSSCKFWToken *fwToken,
1020
NSSCKMDInstance *mdInstance,
1021
NSSCKFWInstance *fwInstance,
1026
* This routine is used to restore an operational state previously
1027
* obtained with GetOperationState. The Framework will take pains
1028
* to be sure that the state is (or was at one point) valid; if the
1029
* Module notices that the state is invalid, it should return an
1030
* error, but it is not required to be paranoid about the issue.
1031
* [XXX fgmr-- should (can?) the framework verify the keys match up?]
1032
* This routine is required only if GetOperationState is implemented.
1034
CK_RV (PR_CALLBACK *SetOperationState)(
1035
NSSCKMDSession *mdSession,
1036
NSSCKFWSession *fwSession,
1037
NSSCKMDToken *mdToken,
1038
NSSCKFWToken *fwToken,
1039
NSSCKMDInstance *mdInstance,
1040
NSSCKFWInstance *fwInstance,
1042
NSSCKMDObject *mdEncryptionKey,
1043
NSSCKFWObject *fwEncryptionKey,
1044
NSSCKMDObject *mdAuthenticationKey,
1045
NSSCKFWObject *fwAuthenticationKey
1049
* This routine is used to create an object. The specified template
1050
* will only specify a session object if the Module has indicated
1051
* that it wishes to handle its own session objects. This routine
1052
* is optional; if unimplemented, the Framework will reject the
1053
* operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1054
* token objects should come from the NSSArena available from the
1055
* NSSCKFWToken object; space for session objects (if supported)
1056
* should come from the NSSArena available from the NSSCKFWSession
1057
* object. The appropriate NSSArena pointer will, as a convenience,
1058
* be passed as the handyArenaPointer argument. This routine may
1059
* return NULL upon error.
1061
NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1062
NSSCKMDSession *mdSession,
1063
NSSCKFWSession *fwSession,
1064
NSSCKMDToken *mdToken,
1065
NSSCKFWToken *fwToken,
1066
NSSCKMDInstance *mdInstance,
1067
NSSCKFWInstance *fwInstance,
1068
NSSArena *handyArenaPointer,
1069
CK_ATTRIBUTE_PTR pTemplate,
1070
CK_ULONG ulAttributeCount,
1075
* This routine is used to make a copy of an object. It is entirely
1076
* optional; if unimplemented, the Framework will try to use
1077
* CreateObject instead. If the Module has indicated that it does
1078
* not wish to handle session objects, then this routine will only
1079
* be called to copy a token object to another token object.
1080
* Otherwise, either the original object or the new may be of
1081
* either the token or session variety. As with CreateObject, the
1082
* handyArenaPointer will point to the appropriate arena for the
1083
* new object. This routine may return NULL upon error.
1085
NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1086
NSSCKMDSession *mdSession,
1087
NSSCKFWSession *fwSession,
1088
NSSCKMDToken *mdToken,
1089
NSSCKFWToken *fwToken,
1090
NSSCKMDInstance *mdInstance,
1091
NSSCKFWInstance *fwInstance,
1092
NSSCKMDObject *mdOldObject,
1093
NSSCKFWObject *fwOldObject,
1094
NSSArena *handyArenaPointer,
1095
CK_ATTRIBUTE_PTR pTemplate,
1096
CK_ULONG ulAttributeCount,
1101
* This routine is used to begin an object search. This routine may
1102
* be unimplemented only if the Module does not handle session
1103
* objects, and if none of its tokens have token objects. The
1104
* NSSCKFWFindObjects pointer has an NSSArena that may be used for
1105
* storage for the life of this "find" operation. This routine may
1106
* return NULL upon error. If the Module can determine immediately
1107
* that the search will not find any matching objects, it may return
1108
* NULL, and specify CKR_OK as the error.
1110
NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1111
NSSCKMDSession *mdSession,
1112
NSSCKFWSession *fwSession,
1113
NSSCKMDToken *mdToken,
1114
NSSCKFWToken *fwToken,
1115
NSSCKMDInstance *mdInstance,
1116
NSSCKFWInstance *fwInstance,
1117
CK_ATTRIBUTE_PTR pTemplate,
1118
CK_ULONG ulAttributeCount,
1123
* This routine seeds the random-number generator. It is
1124
* optional, even if GetRandom is implemented. If unimplemented,
1125
* the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1127
CK_RV (PR_CALLBACK *SeedRandom)(
1128
NSSCKMDSession *mdSession,
1129
NSSCKFWSession *fwSession,
1130
NSSCKMDToken *mdToken,
1131
NSSCKFWToken *fwToken,
1132
NSSCKMDInstance *mdInstance,
1133
NSSCKFWInstance *fwInstance,
1138
* This routine gets random data. It is optional. If unimplemented,
1139
* the Framework will issue the error CKR_RANDOM_NO_RNG.
1141
CK_RV (PR_CALLBACK *GetRandom)(
1142
NSSCKMDSession *mdSession,
1143
NSSCKFWSession *fwSession,
1144
NSSCKMDToken *mdToken,
1145
NSSCKFWToken *fwToken,
1146
NSSCKMDInstance *mdInstance,
1147
NSSCKFWInstance *fwInstance,
1152
* This object may be extended in future versions of the
1153
* NSS Cryptoki Framework. To allow for some flexibility
1154
* in the area of binary compatibility, this field should
1161
* NSSCKMDFindObjects
1163
* This is the basic handle for an object search. It is
1164
* created by NSSCKMDSession->FindObjectsInit, and may be
1165
* obtained from the Framework's corresponding object.
1166
* It contains a pointer for use by the Module, to store
1167
* any search-related data, and it contains the EPV for a
1168
* set of routines which the Module may implement for use
1169
* by the Framework. Some of these routines are optional.
1172
struct NSSCKMDFindObjectsStr {
1174
* The Module may use this pointer for its own purposes.
1179
* This routine is called by the Framework to finish a
1180
* search operation. Note that the Framework may finish
1181
* a search before it has completed. This routine is
1182
* optional; if unimplemented, it merely won't be called.
1184
void (PR_CALLBACK *Final)(
1185
NSSCKMDFindObjects *mdFindObjects,
1186
NSSCKFWFindObjects *fwFindObjects,
1187
NSSCKMDSession *mdSession,
1188
NSSCKFWSession *fwSession,
1189
NSSCKMDToken *mdToken,
1190
NSSCKFWToken *fwToken,
1191
NSSCKMDInstance *mdInstance,
1192
NSSCKFWInstance *fwInstance
1196
* This routine is used to obtain another pointer to an
1197
* object matching the search criteria. This routine is
1198
* required. If no (more) objects match the search, it
1199
* should return NULL and set the error to CKR_OK.
1201
NSSCKMDObject *(PR_CALLBACK *Next)(
1202
NSSCKMDFindObjects *mdFindObjects,
1203
NSSCKFWFindObjects *fwFindObjects,
1204
NSSCKMDSession *mdSession,
1205
NSSCKFWSession *fwSession,
1206
NSSCKMDToken *mdToken,
1207
NSSCKFWToken *fwToken,
1208
NSSCKMDInstance *mdInstance,
1209
NSSCKFWInstance *fwInstance,
1215
* This object may be extended in future versions of the
1216
* NSS Cryptoki Framework. To allow for some flexibility
1217
* in the area of binary compatibility, this field should
1228
struct NSSCKMDMechanismStr {
1230
* The Module may use this pointer for its own purposes.
1235
* This routine returns the minimum key size allowed for
1236
* this mechanism. This routine is optional; if unimplemented,
1237
* zero will be assumed. This routine may return zero on
1238
* error; if the error is CKR_OK, zero will be accepted as
1241
CK_ULONG (PR_CALLBACK *GetMinKeySize)(
1242
NSSCKMDMechanism *mdMechanism,
1243
NSSCKFWMechanism *fwMechanism,
1244
NSSCKMDToken *mdToken,
1245
NSSCKFWToken *fwToken,
1246
NSSCKMDInstance *mdInstance,
1247
NSSCKFWInstance *fwInstance,
1252
* This routine returns the maximum key size allowed for
1253
* this mechanism. This routine is optional; if unimplemented,
1254
* zero will be assumed. This routine may return zero on
1255
* error; if the error is CKR_OK, zero will be accepted as
1258
CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
1259
NSSCKMDMechanism *mdMechanism,
1260
NSSCKFWMechanism *fwMechanism,
1261
NSSCKMDToken *mdToken,
1262
NSSCKFWToken *fwToken,
1263
NSSCKMDInstance *mdInstance,
1264
NSSCKFWInstance *fwInstance,
1269
* This routine is called to determine if the mechanism is
1270
* implemented in hardware or software. It returns CK_TRUE
1271
* if it is done in hardware.
1273
CK_BBOOL (PR_CALLBACK *GetInHardware)(
1274
NSSCKMDMechanism *mdMechanism,
1275
NSSCKFWMechanism *fwMechanism,
1276
NSSCKMDToken *mdToken,
1277
NSSCKFWToken *fwToken,
1278
NSSCKMDInstance *mdInstance,
1279
NSSCKFWInstance *fwInstance,
1284
* The crypto routines themselves. Most crypto operations may
1285
* be performed in two ways, streaming and single-part. The
1286
* streaming operations involve the use of (typically) three
1287
* calls-- an Init method to set up the operation, an Update
1288
* method to feed data to the operation, and a Final method to
1289
* obtain the final result. Single-part operations involve
1290
* one method, to perform the crypto operation all at once.
1291
* The NSS Cryptoki Framework can implement the single-part
1292
* operations in terms of the streaming operations on behalf
1293
* of the Module. There are a few variances.
1295
* For simplicity, the routines are listed in summary here:
1297
* EncryptInit, EncryptUpdate, EncryptFinal; Encrypt
1298
* DecryptInit, DecryptUpdate, DecryptFinal; Decrypt
1299
* DigestInit, DigestUpdate, DigestKey, DigestFinal; Digest
1300
* SignInit, SignUpdate, SignFinal; Sign
1301
* SignRecoverInit; SignRecover
1302
* VerifyInit, VerifyUpdate, VerifyFinal; Verify
1303
* VerifyRecoverInit; VerifyRecover
1305
* Also, there are some combined-operation calls:
1307
* DigestEncryptUpdate
1308
* DecryptDigestUpdate
1310
* DecryptVerifyUpdate
1312
* The key-management routines are
1320
* All of these routines based directly on the Cryptoki API;
1321
* see PKCS#11 for further information.
1326
CK_RV (PR_CALLBACK *EncryptInit)(
1327
NSSCKMDMechanism *mdMechanism,
1328
NSSCKFWMechanism *fwMechanism,
1329
NSSCKMDSession *mdSession,
1330
NSSCKFWSession *fwSession,
1331
NSSCKMDToken *mdToken,
1332
NSSCKFWToken *fwToken,
1333
NSSCKMDInstance *mdInstance,
1334
NSSCKFWInstance *fwInstance,
1335
NSSCKMDObject *mdKey,
1336
NSSCKFWObject *fwKey
1341
CK_RV (PR_CALLBACK *EncryptUpdate)(
1342
NSSCKMDMechanism *mdMechanism,
1343
NSSCKFWMechanism *fwMechanism,
1344
NSSCKMDSession *mdSession,
1345
NSSCKFWSession *fwSession,
1346
NSSCKMDToken *mdToken,
1347
NSSCKFWToken *fwToken,
1348
NSSCKMDInstance *mdInstance,
1349
NSSCKFWInstance *fwInstance,
1356
CK_RV (PR_CALLBACK *EncryptFinal)(
1357
NSSCKMDMechanism *mdMechanism,
1358
NSSCKFWMechanism *fwMechanism,
1359
NSSCKMDSession *mdSession,
1360
NSSCKFWSession *fwSession,
1361
NSSCKMDToken *mdToken,
1362
NSSCKFWToken *fwToken,
1363
NSSCKMDInstance *mdInstance,
1364
NSSCKFWInstance *fwInstance,
1370
CK_RV (PR_CALLBACK *Encrypt)(
1371
NSSCKMDMechanism *mdMechanism,
1372
NSSCKFWMechanism *fwMechanism,
1373
NSSCKMDSession *mdSession,
1374
NSSCKFWSession *fwSession,
1375
NSSCKMDToken *mdToken,
1376
NSSCKFWToken *fwToken,
1377
NSSCKMDInstance *mdInstance,
1378
NSSCKFWInstance *fwInstance,
1379
NSSCKMDObject *mdKey,
1380
NSSCKFWObject *fwKey,
1387
CK_RV (PR_CALLBACK *DecryptInit)(
1388
NSSCKMDMechanism *mdMechanism,
1389
NSSCKFWMechanism *fwMechanism,
1390
NSSCKMDSession *mdSession,
1391
NSSCKFWSession *fwSession,
1392
NSSCKMDToken *mdToken,
1393
NSSCKFWToken *fwToken,
1394
NSSCKMDInstance *mdInstance,
1395
NSSCKFWInstance *fwInstance,
1396
NSSCKMDObject *mdKey,
1397
NSSCKFWObject *fwKey
1402
CK_RV (PR_CALLBACK *DecryptUpdate)(
1403
NSSCKMDMechanism *mdMechanism,
1404
NSSCKFWMechanism *fwMechanism,
1405
NSSCKMDSession *mdSession,
1406
NSSCKFWSession *fwSession,
1407
NSSCKMDToken *mdToken,
1408
NSSCKFWToken *fwToken,
1409
NSSCKMDInstance *mdInstance,
1410
NSSCKFWInstance *fwInstance,
1417
CK_RV (PR_CALLBACK *DecryptFinal)(
1418
NSSCKMDMechanism *mdMechanism,
1419
NSSCKFWMechanism *fwMechanism,
1420
NSSCKMDSession *mdSession,
1421
NSSCKFWSession *fwSession,
1422
NSSCKMDToken *mdToken,
1423
NSSCKFWToken *fwToken,
1424
NSSCKMDInstance *mdInstance,
1425
NSSCKFWInstance *fwInstance,
1431
CK_RV (PR_CALLBACK *Decrypt)(
1432
NSSCKMDMechanism *mdMechanism,
1433
NSSCKFWMechanism *fwMechanism,
1434
NSSCKMDSession *mdSession,
1435
NSSCKFWSession *fwSession,
1436
NSSCKMDToken *mdToken,
1437
NSSCKFWToken *fwToken,
1438
NSSCKMDInstance *mdInstance,
1439
NSSCKFWInstance *fwInstance,
1440
NSSCKMDObject *mdKey,
1441
NSSCKFWObject *fwKey,
1448
CK_RV (PR_CALLBACK *DigestInit)(
1449
NSSCKMDMechanism *mdMechanism,
1450
NSSCKFWMechanism *fwMechanism,
1451
NSSCKMDSession *mdSession,
1452
NSSCKFWSession *fwSession,
1453
NSSCKMDToken *mdToken,
1454
NSSCKFWToken *fwToken,
1455
NSSCKMDInstance *mdInstance,
1456
NSSCKFWInstance *fwInstance
1461
CK_RV (PR_CALLBACK *DigestUpdate)(
1462
NSSCKMDMechanism *mdMechanism,
1463
NSSCKFWMechanism *fwMechanism,
1464
NSSCKMDSession *mdSession,
1465
NSSCKFWSession *fwSession,
1466
NSSCKMDToken *mdToken,
1467
NSSCKFWToken *fwToken,
1468
NSSCKMDInstance *mdInstance,
1469
NSSCKFWInstance *fwInstance,
1475
CK_RV (PR_CALLBACK *DigestKey)(
1476
NSSCKMDMechanism *mdMechanism,
1477
NSSCKFWMechanism *fwMechanism,
1478
NSSCKMDSession *mdSession,
1479
NSSCKFWSession *fwSession,
1480
NSSCKMDToken *mdToken,
1481
NSSCKFWToken *fwToken,
1482
NSSCKMDInstance *mdInstance,
1483
NSSCKFWInstance *fwInstance,
1484
NSSCKMDObject *mdKey,
1485
NSSCKFWObject *fwKey
1490
CK_RV (PR_CALLBACK *DigestFinal)(
1491
NSSCKMDMechanism *mdMechanism,
1492
NSSCKFWMechanism *fwMechanism,
1493
NSSCKMDSession *mdSession,
1494
NSSCKFWSession *fwSession,
1495
NSSCKMDToken *mdToken,
1496
NSSCKFWToken *fwToken,
1497
NSSCKMDInstance *mdInstance,
1498
NSSCKFWInstance *fwInstance,
1504
CK_RV (PR_CALLBACK *Digest)(
1505
NSSCKMDMechanism *mdMechanism,
1506
NSSCKFWMechanism *fwMechanism,
1507
NSSCKMDSession *mdSession,
1508
NSSCKFWSession *fwSession,
1509
NSSCKMDToken *mdToken,
1510
NSSCKFWToken *fwToken,
1511
NSSCKMDInstance *mdInstance,
1512
NSSCKFWInstance *fwInstance,
1519
CK_RV (PR_CALLBACK *SignInit)(
1520
NSSCKMDMechanism *mdMechanism,
1521
NSSCKFWMechanism *fwMechanism,
1522
NSSCKMDSession *mdSession,
1523
NSSCKFWSession *fwSession,
1524
NSSCKMDToken *mdToken,
1525
NSSCKFWToken *fwToken,
1526
NSSCKMDInstance *mdInstance,
1527
NSSCKFWInstance *fwInstance,
1528
NSSCKMDObject *mdKey,
1529
NSSCKFWObject *fwKey
1534
CK_RV (PR_CALLBACK *SignUpdate)(
1535
NSSCKMDMechanism *mdMechanism,
1536
NSSCKFWMechanism *fwMechanism,
1537
NSSCKMDSession *mdSession,
1538
NSSCKFWSession *fwSession,
1539
NSSCKMDToken *mdToken,
1540
NSSCKFWToken *fwToken,
1541
NSSCKMDInstance *mdInstance,
1542
NSSCKFWInstance *fwInstance,
1549
CK_RV (PR_CALLBACK *SignFinal)(
1550
NSSCKMDMechanism *mdMechanism,
1551
NSSCKFWMechanism *fwMechanism,
1552
NSSCKMDSession *mdSession,
1553
NSSCKFWSession *fwSession,
1554
NSSCKMDToken *mdToken,
1555
NSSCKFWToken *fwToken,
1556
NSSCKMDInstance *mdInstance,
1557
NSSCKFWInstance *fwInstance,
1563
CK_RV (PR_CALLBACK *Sign)(
1564
NSSCKMDMechanism *mdMechanism,
1565
NSSCKFWMechanism *fwMechanism,
1566
NSSCKMDSession *mdSession,
1567
NSSCKFWSession *fwSession,
1568
NSSCKMDToken *mdToken,
1569
NSSCKFWToken *fwToken,
1570
NSSCKMDInstance *mdInstance,
1571
NSSCKFWInstance *fwInstance,
1572
NSSCKMDObject *mdKey,
1573
NSSCKFWObject *fwKey,
1580
CK_RV (PR_CALLBACK *VerifyInit)(
1581
NSSCKMDMechanism *mdMechanism,
1582
NSSCKFWMechanism *fwMechanism,
1583
NSSCKMDSession *mdSession,
1584
NSSCKFWSession *fwSession,
1585
NSSCKMDToken *mdToken,
1586
NSSCKFWToken *fwToken,
1587
NSSCKMDInstance *mdInstance,
1588
NSSCKFWInstance *fwInstance,
1594
CK_RV (PR_CALLBACK *VerifyUpdate)(
1595
NSSCKMDMechanism *mdMechanism,
1596
NSSCKFWMechanism *fwMechanism,
1597
NSSCKMDSession *mdSession,
1598
NSSCKFWSession *fwSession,
1599
NSSCKMDToken *mdToken,
1600
NSSCKFWToken *fwToken,
1601
NSSCKMDInstance *mdInstance,
1602
NSSCKFWInstance *fwInstance,
1608
CK_RV (PR_CALLBACK *VerifyFinish)(
1609
NSSCKMDMechanism *mdMechanism,
1610
NSSCKFWMechanism *fwMechanism,
1611
NSSCKMDSession *mdSession,
1612
NSSCKFWSession *fwSession,
1613
NSSCKMDToken *mdToken,
1614
NSSCKFWToken *fwToken,
1615
NSSCKMDInstance *mdInstance,
1616
NSSCKFWInstance *fwInstance,
1622
CK_RV (PR_CALLBACK *Verify)(
1623
NSSCKMDMechanism *mdMechanism,
1624
NSSCKFWMechanism *fwMechanism,
1625
NSSCKMDSession *mdSession,
1626
NSSCKFWSession *fwSession,
1627
NSSCKMDToken *mdToken,
1628
NSSCKFWToken *fwToken,
1629
NSSCKMDInstance *mdInstance,
1630
NSSCKFWInstance *fwInstance,
1638
CK_RV (PR_CALLBACK *SignRecover)(
1639
NSSCKMDMechanism *mdMechanism,
1640
NSSCKFWMechanism *fwMechanism,
1641
NSSCKMDSession *mdSession,
1642
NSSCKFWSession *fwSession,
1643
NSSCKMDToken *mdToken,
1644
NSSCKFWToken *fwToken,
1645
NSSCKMDInstance *mdInstance,
1646
NSSCKFWInstance *fwInstance,
1647
NSSCKMDObject *mdKey,
1648
NSSCKFWObject *fwKey,
1655
CK_RV (PR_CALLBACK *VerifyRecover)(
1656
NSSCKMDMechanism *mdMechanism,
1657
NSSCKFWMechanism *fwMechanism,
1658
NSSCKMDSession *mdSession,
1659
NSSCKFWSession *fwSession,
1660
NSSCKMDToken *mdToken,
1661
NSSCKFWToken *fwToken,
1662
NSSCKMDInstance *mdInstance,
1663
NSSCKFWInstance *fwInstance,
1664
NSSCKMDObject *mdKey,
1665
NSSCKFWObject *fwKey,
1672
CK_RV (PR_CALLBACK *DigestEncryptUpdate)(
1673
NSSCKMDMechanism *mdMechanism,
1674
NSSCKFWMechanism *fwMechanism,
1675
NSSCKMDSession *mdSession,
1676
NSSCKFWSession *fwSession,
1677
NSSCKMDToken *mdToken,
1678
NSSCKFWToken *fwToken,
1679
NSSCKMDInstance *mdInstance,
1680
NSSCKFWInstance *fwInstance,
1687
CK_RV (PR_CALLBACK *DecryptDigestUpdate)(
1688
NSSCKMDMechanism *mdMechanism,
1689
NSSCKFWMechanism *fwMechanism,
1690
NSSCKMDSession *mdSession,
1691
NSSCKFWSession *fwSession,
1692
NSSCKMDToken *mdToken,
1693
NSSCKFWToken *fwToken,
1694
NSSCKMDInstance *mdInstance,
1695
NSSCKFWInstance *fwInstance,
1702
CK_RV (PR_CALLBACK *SignEncryptUpdate)(
1703
NSSCKMDMechanism *mdMechanism,
1704
NSSCKFWMechanism *fwMechanism,
1705
NSSCKMDSession *mdSession,
1706
NSSCKFWSession *fwSession,
1707
NSSCKMDToken *mdToken,
1708
NSSCKFWToken *fwToken,
1709
NSSCKMDInstance *mdInstance,
1710
NSSCKFWInstance *fwInstance,
1717
CK_RV (PR_CALLBACK *DecryptVerifyUpdate)(
1718
NSSCKMDMechanism *mdMechanism,
1719
NSSCKFWMechanism *fwMechanism,
1720
NSSCKMDSession *mdSession,
1721
NSSCKFWSession *fwSession,
1722
NSSCKMDToken *mdToken,
1723
NSSCKFWToken *fwToken,
1724
NSSCKMDInstance *mdInstance,
1725
NSSCKFWInstance *fwInstance,
1731
* Key management operations.
1735
* This routine generates a key. This routine may return NULL
1738
NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1739
NSSCKMDMechanism *mdMechanism,
1740
NSSCKFWMechanism *fwMechanism,
1741
NSSCKMDSession *mdSession,
1742
NSSCKFWSession *fwSession,
1743
NSSCKMDToken *mdToken,
1744
NSSCKFWToken *fwToken,
1745
NSSCKMDInstance *mdInstance,
1746
NSSCKFWInstance *fwInstance,
1747
CK_ATTRIBUTE_PTR pTemplate,
1748
CK_ULONG ulAttributeCount,
1753
* This routine generates a key pair.
1755
CK_RV (PR_CALLBACK *GenerateKeyPair)(
1756
NSSCKMDMechanism *mdMechanism,
1757
NSSCKFWMechanism *fwMechanism,
1758
NSSCKMDSession *mdSession,
1759
NSSCKFWSession *fwSession,
1760
NSSCKMDToken *mdToken,
1761
NSSCKFWToken *fwToken,
1762
NSSCKMDInstance *mdInstance,
1763
NSSCKFWInstance *fwInstance,
1764
CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1765
CK_ULONG ulPublicKeyAttributeCount,
1766
CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1767
CK_ULONG ulPrivateKeyAttributeCount,
1768
NSSCKMDObject **pPublicKey,
1769
NSSCKMDObject **pPrivateKey
1773
* This routine wraps a key.
1775
CK_RV (PR_CALLBACK *WrapKey)(
1776
NSSCKMDMechanism *mdMechanism,
1777
NSSCKFWMechanism *fwMechanism,
1778
NSSCKMDSession *mdSession,
1779
NSSCKFWSession *fwSession,
1780
NSSCKMDToken *mdToken,
1781
NSSCKFWToken *fwToken,
1782
NSSCKMDInstance *mdInstance,
1783
NSSCKFWInstance *fwInstance,
1784
NSSCKMDObject *mdWrappingKey,
1785
NSSCKFWObject *fwWrappingKey,
1786
NSSCKMDObject *mdWrappedKey,
1787
NSSCKFWObject *fwWrappedKey,
1792
* This routine unwraps a key. This routine may return NULL
1795
NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1796
NSSCKMDMechanism *mdMechanism,
1797
NSSCKFWMechanism *fwMechanism,
1798
NSSCKMDSession *mdSession,
1799
NSSCKFWSession *fwSession,
1800
NSSCKMDToken *mdToken,
1801
NSSCKFWToken *fwToken,
1802
NSSCKMDInstance *mdInstance,
1803
NSSCKFWInstance *fwInstance,
1804
NSSCKMDObject *mdWrappingKey,
1805
NSSCKFWObject *fwWrappingKey,
1806
NSSItem *wrappedKey,
1807
CK_ATTRIBUTE_PTR pTemplate,
1808
CK_ULONG ulAttributeCount,
1813
* This routine derives a key. This routine may return NULL
1816
NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1817
NSSCKMDMechanism *mdMechanism,
1818
NSSCKFWMechanism *fwMechanism,
1819
NSSCKMDSession *mdSession,
1820
NSSCKFWSession *fwSession,
1821
NSSCKMDToken *mdToken,
1822
NSSCKFWToken *fwToken,
1823
NSSCKMDInstance *mdInstance,
1824
NSSCKFWInstance *fwInstance,
1825
NSSCKMDObject *mdBaseKey,
1826
NSSCKFWObject *fwBaseKey,
1827
CK_ATTRIBUTE_PTR pTemplate,
1828
CK_ULONG ulAttributeCount,
1833
* This object may be extended in future versions of the
1834
* NSS Cryptoki Framework. To allow for some flexibility
1835
* in the area of binary compatibility, this field should
1844
* This is the basic handle for any object used by a PKCS#11 Module.
1845
* Modules must implement it if they support their own objects, and
1846
* the Framework supports it for Modules that do not handle session
1847
* objects. This type contains a pointer for use by the implementor,
1848
* to store any object-specific data, and it contains an EPV for a
1849
* set of routines used to access the object.
1852
struct NSSCKMDObjectStr {
1854
* The implementation my use this pointer for its own purposes.
1859
* This routine is called by the Framework when it is letting
1860
* go of an object handle. It can be used by the Module to
1861
* free any resources tied up by an object "in use." It is
1864
void (PR_CALLBACK *Finalize)(
1865
NSSCKMDObject *mdObject,
1866
NSSCKFWObject *fwObject,
1867
NSSCKMDSession *mdSession,
1868
NSSCKFWSession *fwSession,
1869
NSSCKMDToken *mdToken,
1870
NSSCKFWToken *fwToken,
1871
NSSCKMDInstance *mdInstance,
1872
NSSCKFWInstance *fwInstance
1876
* This routine is used to completely destroy an object.
1877
* It is optional. The parameter fwObject might be NULL
1878
* if the framework runs out of memory at the wrong moment.
1880
CK_RV (PR_CALLBACK *Destroy)(
1881
NSSCKMDObject *mdObject,
1882
NSSCKFWObject *fwObject,
1883
NSSCKMDSession *mdSession,
1884
NSSCKFWSession *fwSession,
1885
NSSCKMDToken *mdToken,
1886
NSSCKFWToken *fwToken,
1887
NSSCKMDInstance *mdInstance,
1888
NSSCKFWInstance *fwInstance
1892
* This helper routine is used by the Framework, and is especially
1893
* useful when it is managing session objects on behalf of the
1894
* Module. This routine is optional; if unimplemented, the
1895
* Framework will actually look up the CKA_TOKEN attribute. In the
1896
* event of an error, just make something up-- the Framework will
1897
* find out soon enough anyway.
1899
CK_BBOOL (PR_CALLBACK *IsTokenObject)(
1900
NSSCKMDObject *mdObject,
1901
NSSCKFWObject *fwObject,
1902
NSSCKMDSession *mdSession,
1903
NSSCKFWSession *fwSession,
1904
NSSCKMDToken *mdToken,
1905
NSSCKFWToken *fwToken,
1906
NSSCKMDInstance *mdInstance,
1907
NSSCKFWInstance *fwInstance
1911
* This routine returns the number of attributes of which this
1912
* object consists. It is mandatory. It can return zero on
1915
CK_ULONG (PR_CALLBACK *GetAttributeCount)(
1916
NSSCKMDObject *mdObject,
1917
NSSCKFWObject *fwObject,
1918
NSSCKMDSession *mdSession,
1919
NSSCKFWSession *fwSession,
1920
NSSCKMDToken *mdToken,
1921
NSSCKFWToken *fwToken,
1922
NSSCKMDInstance *mdInstance,
1923
NSSCKFWInstance *fwInstance,
1928
* This routine stuffs the attribute types into the provided array.
1929
* The array size (as obtained from GetAttributeCount) is passed in
1930
* as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1931
* (either too big or too small).
1933
CK_RV (PR_CALLBACK *GetAttributeTypes)(
1934
NSSCKMDObject *mdObject,
1935
NSSCKFWObject *fwObject,
1936
NSSCKMDSession *mdSession,
1937
NSSCKFWSession *fwSession,
1938
NSSCKMDToken *mdToken,
1939
NSSCKFWToken *fwToken,
1940
NSSCKMDInstance *mdInstance,
1941
NSSCKFWInstance *fwInstance,
1942
CK_ATTRIBUTE_TYPE_PTR typeArray,
1947
* This routine returns the size (in bytes) of the specified
1948
* attribute. It can return zero on error.
1950
CK_ULONG (PR_CALLBACK *GetAttributeSize)(
1951
NSSCKMDObject *mdObject,
1952
NSSCKFWObject *fwObject,
1953
NSSCKMDSession *mdSession,
1954
NSSCKFWSession *fwSession,
1955
NSSCKMDToken *mdToken,
1956
NSSCKFWToken *fwToken,
1957
NSSCKMDInstance *mdInstance,
1958
NSSCKFWInstance *fwInstance,
1959
CK_ATTRIBUTE_TYPE attribute,
1964
* This routine returns an NSSCKFWItem structure.
1965
* The item pointer points to an NSSItem containing the attribute value.
1966
* The needsFreeing bit tells the framework whether to call the
1967
* FreeAttribute function . Upon error, an NSSCKFWItem structure
1968
* with a NULL NSSItem item pointer will be returned
1970
NSSCKFWItem (PR_CALLBACK *GetAttribute)(
1971
NSSCKMDObject *mdObject,
1972
NSSCKFWObject *fwObject,
1973
NSSCKMDSession *mdSession,
1974
NSSCKFWSession *fwSession,
1975
NSSCKMDToken *mdToken,
1976
NSSCKFWToken *fwToken,
1977
NSSCKMDInstance *mdInstance,
1978
NSSCKFWInstance *fwInstance,
1979
CK_ATTRIBUTE_TYPE attribute,
1984
* This routine returns CKR_OK if the attribute could be freed.
1986
CK_RV (PR_CALLBACK *FreeAttribute)(
1991
* This routine changes the specified attribute. If unimplemented,
1992
* the object will be considered read-only.
1994
CK_RV (PR_CALLBACK *SetAttribute)(
1995
NSSCKMDObject *mdObject,
1996
NSSCKFWObject *fwObject,
1997
NSSCKMDSession *mdSession,
1998
NSSCKFWSession *fwSession,
1999
NSSCKMDToken *mdToken,
2000
NSSCKFWToken *fwToken,
2001
NSSCKMDInstance *mdInstance,
2002
NSSCKFWInstance *fwInstance,
2003
CK_ATTRIBUTE_TYPE attribute,
2008
* This routine returns the storage requirements of this object,
2009
* in bytes. Cryptoki doesn't strictly define the definition,
2010
* but it should relate to the values returned by the "Get Memory"
2011
* routines of the NSSCKMDToken. This routine is optional; if
2012
* unimplemented, the Framework will consider this information
2013
* sensitive. This routine may return zero on error. If the
2014
* specified error is CKR_OK, zero will be accepted as a valid
2017
CK_ULONG (PR_CALLBACK *GetObjectSize)(
2018
NSSCKMDObject *mdObject,
2019
NSSCKFWObject *fwObject,
2020
NSSCKMDSession *mdSession,
2021
NSSCKFWSession *fwSession,
2022
NSSCKMDToken *mdToken,
2023
NSSCKFWToken *fwToken,
2024
NSSCKMDInstance *mdInstance,
2025
NSSCKFWInstance *fwInstance,
2030
* This object may be extended in future versions of the
2031
* NSS Cryptoki Framework. To allow for some flexibility
2032
* in the area of binary compatibility, this field should
2039
#endif /* NSSCKMDT_H */