1
/* ***** BEGIN LICENSE BLOCK *****
2
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
4
* The contents of this file are subject to the Mozilla Public License Version
5
* 1.1 (the "License"); you may not use this file except in compliance with
6
* the License. You may obtain a copy of the License at
7
* http://www.mozilla.org/MPL/
9
* Software distributed under the License is distributed on an "AS IS" basis,
10
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11
* for the specific language governing rights and limitations under the
14
* The Original Code is the Netscape security libraries.
16
* The Initial Developer of the Original Code is
17
* Netscape Communications Corporation.
18
* Portions created by the Initial Developer are Copyright (C) 1994-2000
19
* the Initial Developer. All Rights Reserved.
22
* Dr Stephen Henson <stephen.henson@gemplus.com>
24
* Alternatively, the contents of this file may be used under the terms of
25
* either the GNU General Public License Version 2 or later (the "GPL"), or
26
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
27
* in which case the provisions of the GPL or the LGPL are applicable instead
28
* of those above. If you wish to allow use of your version of this file only
29
* under the terms of either the GPL or the LGPL, and not to allow others to
30
* use your version of this file under the terms of the MPL, indicate your
31
* decision by deleting the provisions above and replace them with the notice
32
* and other provisions required by the GPL or the LGPL. If you do not delete
33
* the provisions above, a recipient may use your version of this file under
34
* the terms of any one of the MPL, the GPL or the LGPL.
36
* ***** END LICENSE BLOCK ***** */
42
static const char CKT_CVS_ID[] = "@(#) $RCSfile: pkcs11n.h,v $ $Revision: 1.19 $ $Date: 2007/11/09 23:43:34 $";
48
* This file contains the NSS-specific type definitions for Cryptoki
55
* Cryptoki reserves the high half of all the number spaces for
56
* vendor-defined use. I'd like to keep all of our NSS-
57
* specific values together, but not in the oh-so-obvious
58
* 0x80000001, 0x80000002, etc. area. So I've picked an offset,
59
* and constructed values for the beginnings of our spaces.
61
* Note that some "historical" Netscape values don't fall within
64
#define NSSCK_VENDOR_NSS 0x4E534350 /* NSCP */
67
* NSS-defined object classes
70
#define CKO_NSS (CKO_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
72
#define CKO_NSS_CRL (CKO_NSS + 1)
73
#define CKO_NSS_SMIME (CKO_NSS + 2)
74
#define CKO_NSS_TRUST (CKO_NSS + 3)
75
#define CKO_NSS_BUILTIN_ROOT_LIST (CKO_NSS + 4)
76
#define CKO_NSS_NEWSLOT (CKO_NSS + 5)
77
#define CKO_NSS_DELSLOT (CKO_NSS + 6)
81
* NSS-defined key types
84
#define CKK_NSS (CKK_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
86
#define CKK_NSS_PKCS8 (CKK_NSS + 1)
88
* NSS-defined certificate types
91
#define CKC_NSS (CKC_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
93
/* FAKE PKCS #11 defines */
94
#define CKA_DIGEST 0x81000000L
95
#define CKA_FLAGS_ONLY 0 /* CKA_CLASS */
98
* NSS-defined object attributes
101
#define CKA_NSS (CKA_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
103
#define CKA_NSS_URL (CKA_NSS + 1)
104
#define CKA_NSS_EMAIL (CKA_NSS + 2)
105
#define CKA_NSS_SMIME_INFO (CKA_NSS + 3)
106
#define CKA_NSS_SMIME_TIMESTAMP (CKA_NSS + 4)
107
#define CKA_NSS_PKCS8_SALT (CKA_NSS + 5)
108
#define CKA_NSS_PASSWORD_CHECK (CKA_NSS + 6)
109
#define CKA_NSS_EXPIRES (CKA_NSS + 7)
110
#define CKA_NSS_KRL (CKA_NSS + 8)
112
#define CKA_NSS_PQG_COUNTER (CKA_NSS + 20)
113
#define CKA_NSS_PQG_SEED (CKA_NSS + 21)
114
#define CKA_NSS_PQG_H (CKA_NSS + 22)
115
#define CKA_NSS_PQG_SEED_BITS (CKA_NSS + 23)
116
#define CKA_NSS_MODULE_SPEC (CKA_NSS + 24)
117
#define CKA_NSS_OVERRIDE_EXTENSIONS (CKA_NSS + 25)
122
* If trust goes standard, these probably will too. So I'll
123
* put them all in one place.
126
#define CKA_TRUST (CKA_NSS + 0x2000)
128
/* "Usage" key information */
129
#define CKA_TRUST_DIGITAL_SIGNATURE (CKA_TRUST + 1)
130
#define CKA_TRUST_NON_REPUDIATION (CKA_TRUST + 2)
131
#define CKA_TRUST_KEY_ENCIPHERMENT (CKA_TRUST + 3)
132
#define CKA_TRUST_DATA_ENCIPHERMENT (CKA_TRUST + 4)
133
#define CKA_TRUST_KEY_AGREEMENT (CKA_TRUST + 5)
134
#define CKA_TRUST_KEY_CERT_SIGN (CKA_TRUST + 6)
135
#define CKA_TRUST_CRL_SIGN (CKA_TRUST + 7)
137
/* "Purpose" trust information */
138
#define CKA_TRUST_SERVER_AUTH (CKA_TRUST + 8)
139
#define CKA_TRUST_CLIENT_AUTH (CKA_TRUST + 9)
140
#define CKA_TRUST_CODE_SIGNING (CKA_TRUST + 10)
141
#define CKA_TRUST_EMAIL_PROTECTION (CKA_TRUST + 11)
142
#define CKA_TRUST_IPSEC_END_SYSTEM (CKA_TRUST + 12)
143
#define CKA_TRUST_IPSEC_TUNNEL (CKA_TRUST + 13)
144
#define CKA_TRUST_IPSEC_USER (CKA_TRUST + 14)
145
#define CKA_TRUST_TIME_STAMPING (CKA_TRUST + 15)
146
#define CKA_TRUST_STEP_UP_APPROVED (CKA_TRUST + 16)
148
#define CKA_CERT_SHA1_HASH (CKA_TRUST + 100)
149
#define CKA_CERT_MD5_HASH (CKA_TRUST + 101)
151
/* NSS trust stuff */
152
/* XXX fgmr new ones here-- step-up, etc. */
154
/* HISTORICAL: define used to pass in the database key for DSA private keys */
155
#define CKA_NETSCAPE_DB 0xD5A0DB00L
156
#define CKA_NETSCAPE_TRUST 0x80000001L
158
/* FAKE PKCS #11 defines */
159
#define CKM_FAKE_RANDOM 0x80000efeUL
160
#define CKM_INVALID_MECHANISM 0xffffffffUL
163
* NSS-defined crypto mechanisms
166
#define CKM_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
168
#define CKM_NSS_AES_KEY_WRAP (CKM_NSS + 1)
169
#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
173
* Do not attempt to use these. They are only used by NETSCAPE's internal
174
* PKCS #11 interface. Most of these are place holders for other mechanism
175
* and will change in the future.
177
#define CKM_NETSCAPE_PBE_SHA1_DES_CBC 0x80000002UL
178
#define CKM_NETSCAPE_PBE_SHA1_TRIPLE_DES_CBC 0x80000003UL
179
#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC2_CBC 0x80000004UL
180
#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC2_CBC 0x80000005UL
181
#define CKM_NETSCAPE_PBE_SHA1_40_BIT_RC4 0x80000006UL
182
#define CKM_NETSCAPE_PBE_SHA1_128_BIT_RC4 0x80000007UL
183
#define CKM_NETSCAPE_PBE_SHA1_FAULTY_3DES_CBC 0x80000008UL
184
#define CKM_NETSCAPE_PBE_SHA1_HMAC_KEY_GEN 0x80000009UL
185
#define CKM_NETSCAPE_PBE_MD5_HMAC_KEY_GEN 0x8000000aUL
186
#define CKM_NETSCAPE_PBE_MD2_HMAC_KEY_GEN 0x8000000bUL
188
#define CKM_TLS_PRF_GENERAL 0x80000373UL
191
* NSS-defined return values
194
#define CKR_NSS (CKM_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
196
#define CKR_NSS_CERTDB_FAILED (CKR_NSS + 1)
197
#define CKR_NSS_KEYDB_FAILED (CKR_NSS + 2)
202
* This isn't part of the Cryptoki standard (yet), so I'm putting
203
* all the definitions here. Some of this would move to nssckt.h
204
* if trust info were made part of the standard. In view of this
205
* possibility, I'm putting my (NSS) values in the NSS
206
* vendor space, like everything else.
209
typedef CK_ULONG CK_TRUST;
211
/* The following trust types are defined: */
212
#define CKT_VENDOR_DEFINED 0x80000000
214
#define CKT_NSS (CKT_VENDOR_DEFINED|NSSCK_VENDOR_NSS)
216
/* If trust goes standard, these'll probably drop out of vendor space. */
217
#define CKT_NSS_TRUSTED (CKT_NSS + 1)
218
#define CKT_NSS_TRUSTED_DELEGATOR (CKT_NSS + 2)
219
#define CKT_NSS_UNTRUSTED (CKT_NSS + 3)
220
#define CKT_NSS_MUST_VERIFY (CKT_NSS + 4)
221
#define CKT_NSS_TRUST_UNKNOWN (CKT_NSS + 5) /* default */
224
* These may well remain NSS-specific; I'm only using them
225
* to cache resolution data.
227
#define CKT_NSS_VALID (CKT_NSS + 10)
228
#define CKT_NSS_VALID_DELEGATOR (CKT_NSS + 11)
230
/* don't leave old programs in a lurch just yet, give them the old NETSCAPE
232
#define CKO_NETSCAPE_CRL CKO_NSS_CRL
233
#define CKO_NETSCAPE_SMIME CKO_NSS_SMIME
234
#define CKO_NETSCAPE_TRUST CKO_NSS_TRUST
235
#define CKO_NETSCAPE_BUILTIN_ROOT_LIST CKO_NSS_BUILTIN_ROOT_LIST
236
#define CKO_NETSCAPE_NEWSLOT CKO_NSS_NEWSLOT
237
#define CKO_NETSCAPE_DELSLOT CKO_NSS_DELSLOT
238
#define CKK_NETSCAPE_PKCS8 CKK_NSS_PKCS8
239
#define CKA_NETSCAPE_URL CKA_NSS_URL
240
#define CKA_NETSCAPE_EMAIL CKA_NSS_EMAIL
241
#define CKA_NETSCAPE_SMIME_INFO CKA_NSS_SMIME_INFO
242
#define CKA_NETSCAPE_SMIME_TIMESTAMP CKA_NSS_SMIME_TIMESTAMP
243
#define CKA_NETSCAPE_PKCS8_SALT CKA_NSS_PKCS8_SALT
244
#define CKA_NETSCAPE_PASSWORD_CHECK CKA_NSS_PASSWORD_CHECK
245
#define CKA_NETSCAPE_EXPIRES CKA_NSS_EXPIRES
246
#define CKA_NETSCAPE_KRL CKA_NSS_KRL
247
#define CKA_NETSCAPE_PQG_COUNTER CKA_NSS_PQG_COUNTER
248
#define CKA_NETSCAPE_PQG_SEED CKA_NSS_PQG_SEED
249
#define CKA_NETSCAPE_PQG_H CKA_NSS_PQG_H
250
#define CKA_NETSCAPE_PQG_SEED_BITS CKA_NSS_PQG_SEED_BITS
251
#define CKA_NETSCAPE_MODULE_SPEC CKA_NSS_MODULE_SPEC
252
#define CKM_NETSCAPE_AES_KEY_WRAP CKM_NSS_AES_KEY_WRAP
253
#define CKM_NETSCAPE_AES_KEY_WRAP_PAD CKM_NSS_AES_KEY_WRAP_PAD
254
#define CKR_NETSCAPE_CERTDB_FAILED CKR_NSS_CERTDB_FAILED
255
#define CKR_NETSCAPE_KEYDB_FAILED CKR_NSS_KEYDB_FAILED
256
#define CKT_NETSCAPE_TRUSTED CKT_NSS_TRUSTED
257
#define CKT_NETSCAPE_TRUSTED_DELEGATOR CKT_NSS_TRUSTED_DELEGATOR
258
#define CKT_NETSCAPE_UNTRUSTED CKT_NSS_UNTRUSTED
259
#define CKT_NETSCAPE_MUST_VERIFY CKT_NSS_MUST_VERIFY
260
#define CKT_NETSCAPE_TRUST_UNKNOWN CKT_NSS_TRUST_UNKNOWN
261
#define CKT_NETSCAPE_VALID CKT_NSS_VALID
262
#define CKT_NETSCAPE_VALID_DELEGATOR CKT_NSS_VALID_DELEGATOR
265
* These are not really PKCS #11 values specifically. They are the 'loadable'
266
* module spec NSS uses. The are available for others to use as well, but not
267
* part of the formal PKCS #11 spec.
269
* The function 'FIND' returns an array of PKCS #11 initialization strings
270
* The function 'ADD' takes a PKCS #11 initialization string and stores it.
271
* The function 'DEL' takes a 'name= library=' value and deletes the associated
273
* The function 'RELEASE' frees the array returned by 'FIND'
275
#define SECMOD_MODULE_DB_FUNCTION_FIND 0
276
#define SECMOD_MODULE_DB_FUNCTION_ADD 1
277
#define SECMOD_MODULE_DB_FUNCTION_DEL 2
278
#define SECMOD_MODULE_DB_FUNCTION_RELEASE 3
279
typedef char ** (PR_CALLBACK *SECMODModuleDBFunc)(unsigned long function,
280
char *parameters, void *moduleSpec);
282
/* softoken slot ID's */
283
#define SFTK_MIN_USER_SLOT_ID 4
284
#define SFTK_MAX_USER_SLOT_ID 100
285
#define SFTK_MIN_FIPS_USER_SLOT_ID 101
286
#define SFTK_MAX_FIPS_USER_SLOT_ID 127
289
#endif /* _PKCS11N_H_ */