1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/nss/lib/ckfw/nssckmdt.h Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,1945 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#ifndef NSSCKMDT_H
1.9 +#define NSSCKMDT_H
1.10 +
1.11 +/*
1.12 + * nssckmdt.h
1.13 + *
1.14 + * This file specifies the basic types that must be implemented by
1.15 + * any Module using the NSS Cryptoki Framework.
1.16 + */
1.17 +
1.18 +#ifndef NSSBASET_H
1.19 +#include "nssbaset.h"
1.20 +#endif /* NSSBASET_H */
1.21 +
1.22 +#ifndef NSSCKT_H
1.23 +#include "nssckt.h"
1.24 +#endif /* NSSCKT_H */
1.25 +
1.26 +#ifndef NSSCKFWT_H
1.27 +#include "nssckfwt.h"
1.28 +#endif /* NSSCKFWT_H */
1.29 +
1.30 +typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
1.31 +typedef struct NSSCKMDSlotStr NSSCKMDSlot;
1.32 +typedef struct NSSCKMDTokenStr NSSCKMDToken;
1.33 +typedef struct NSSCKMDSessionStr NSSCKMDSession;
1.34 +typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
1.35 +typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
1.36 +typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
1.37 +typedef struct NSSCKMDObjectStr NSSCKMDObject;
1.38 +
1.39 +/*
1.40 + * NSSCKFWItem
1.41 + *
1.42 + * This is a structure used by modules to return object attributes.
1.43 + * The needsFreeing bit indicates whether the object needs to be freed.
1.44 + * If so, the framework will call the FreeAttribute function on the item
1.45 + * after it is done using it.
1.46 + *
1.47 + */
1.48 +
1.49 +typedef struct {
1.50 + PRBool needsFreeing;
1.51 + NSSItem* item;
1.52 +} NSSCKFWItem ;
1.53 +
1.54 +/*
1.55 + * NSSCKMDInstance
1.56 + *
1.57 + * This is the basic handle for an instance of a PKCS#11 Module.
1.58 + * It is returned by the Module's CreateInstance routine, and
1.59 + * may be obtained from the corresponding NSSCKFWInstance object.
1.60 + * It contains a pointer for use by the Module, to store any
1.61 + * instance-related data, and it contains the EPV for a set of
1.62 + * routines which the Module may implement for use by the Framework.
1.63 + * Some of these routines are optional; others are mandatory.
1.64 + */
1.65 +
1.66 +struct NSSCKMDInstanceStr {
1.67 + /*
1.68 + * The Module may use this pointer for its own purposes.
1.69 + */
1.70 + void *etc;
1.71 +
1.72 + /*
1.73 + * This routine is called by the Framework to initialize
1.74 + * the Module. This routine is optional; if unimplemented,
1.75 + * it won't be called. If this routine returns an error,
1.76 + * then the initialization will fail.
1.77 + */
1.78 + CK_RV (PR_CALLBACK *Initialize)(
1.79 + NSSCKMDInstance *mdInstance,
1.80 + NSSCKFWInstance *fwInstance,
1.81 + NSSUTF8 *configurationData
1.82 + );
1.83 +
1.84 + /*
1.85 + * This routine is called when the Framework is finalizing
1.86 + * the PKCS#11 Module. It is the last thing called before
1.87 + * the NSSCKFWInstance's NSSArena is destroyed. This routine
1.88 + * is optional; if unimplemented, it merely won't be called.
1.89 + */
1.90 + void (PR_CALLBACK *Finalize)(
1.91 + NSSCKMDInstance *mdInstance,
1.92 + NSSCKFWInstance *fwInstance
1.93 + );
1.94 +
1.95 + /*
1.96 + * This routine gets the number of slots. This value must
1.97 + * never change, once the instance is initialized. This
1.98 + * routine must be implemented. It may return zero on error.
1.99 + */
1.100 + CK_ULONG (PR_CALLBACK *GetNSlots)(
1.101 + NSSCKMDInstance *mdInstance,
1.102 + NSSCKFWInstance *fwInstance,
1.103 + CK_RV *pError
1.104 + );
1.105 +
1.106 + /*
1.107 + * This routine returns the version of the Cryptoki standard
1.108 + * to which this Module conforms. This routine is optional;
1.109 + * if unimplemented, the Framework uses the version to which
1.110 + * ~it~ was implemented.
1.111 + */
1.112 + CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
1.113 + NSSCKMDInstance *mdInstance,
1.114 + NSSCKFWInstance *fwInstance
1.115 + );
1.116 +
1.117 + /*
1.118 + * This routine returns a pointer to a UTF8-encoded string
1.119 + * containing the manufacturer ID for this Module. Only
1.120 + * the characters completely encoded in the first thirty-
1.121 + * two bytes are significant. This routine is optional.
1.122 + * The string returned is never freed; if dynamically generated,
1.123 + * the space for it should be allocated from the NSSArena
1.124 + * that may be obtained from the NSSCKFWInstance. This
1.125 + * routine may return NULL upon error; however if *pError
1.126 + * is CKR_OK, the NULL will be considered the valid response.
1.127 + */
1.128 + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
1.129 + NSSCKMDInstance *mdInstance,
1.130 + NSSCKFWInstance *fwInstance,
1.131 + CK_RV *pError
1.132 + );
1.133 +
1.134 + /*
1.135 + * This routine returns a pointer to a UTF8-encoded string
1.136 + * containing a description of this Module library. Only
1.137 + * the characters completely encoded in the first thirty-
1.138 + * two bytes are significant. This routine is optional.
1.139 + * The string returned is never freed; if dynamically generated,
1.140 + * the space for it should be allocated from the NSSArena
1.141 + * that may be obtained from the NSSCKFWInstance. This
1.142 + * routine may return NULL upon error; however if *pError
1.143 + * is CKR_OK, the NULL will be considered the valid response.
1.144 + */
1.145 + NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
1.146 + NSSCKMDInstance *mdInstance,
1.147 + NSSCKFWInstance *fwInstance,
1.148 + CK_RV *pError
1.149 + );
1.150 +
1.151 + /*
1.152 + * This routine returns the version of this Module library.
1.153 + * This routine is optional; if unimplemented, the Framework
1.154 + * will assume a Module library version of 0.1.
1.155 + */
1.156 + CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
1.157 + NSSCKMDInstance *mdInstance,
1.158 + NSSCKFWInstance *fwInstance
1.159 + );
1.160 +
1.161 + /*
1.162 + * This routine returns CK_TRUE if the Module wishes to
1.163 + * handle session objects. This routine is optional.
1.164 + * If this routine is NULL, or if it exists but returns
1.165 + * CK_FALSE, the Framework will assume responsibility
1.166 + * for managing session objects.
1.167 + */
1.168 + CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
1.169 + NSSCKMDInstance *mdInstance,
1.170 + NSSCKFWInstance *fwInstance
1.171 + );
1.172 +
1.173 + /*
1.174 + * This routine stuffs pointers to NSSCKMDSlot objects into
1.175 + * the specified array; one for each slot supported by this
1.176 + * instance. The Framework will determine the size needed
1.177 + * for the array by calling GetNSlots. This routine is
1.178 + * required.
1.179 + */
1.180 + CK_RV (PR_CALLBACK *GetSlots)(
1.181 + NSSCKMDInstance *mdInstance,
1.182 + NSSCKFWInstance *fwInstance,
1.183 + NSSCKMDSlot *slots[]
1.184 + );
1.185 +
1.186 + /*
1.187 + * This call returns a pointer to the slot in which an event
1.188 + * has occurred. If the block argument is CK_TRUE, the call
1.189 + * should block until a slot event occurs; if CK_FALSE, it
1.190 + * should check to see if an event has occurred, occurred,
1.191 + * but return NULL (and set *pError to CK_NO_EVENT) if one
1.192 + * hasn't. This routine is optional; if unimplemented, the
1.193 + * Framework will assume that no event has happened. This
1.194 + * routine may return NULL upon error.
1.195 + */
1.196 + NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
1.197 + NSSCKMDInstance *mdInstance,
1.198 + NSSCKFWInstance *fwInstance,
1.199 + CK_BBOOL block,
1.200 + CK_RV *pError
1.201 + );
1.202 +
1.203 + /*
1.204 + * This object may be extended in future versions of the
1.205 + * NSS Cryptoki Framework. To allow for some flexibility
1.206 + * in the area of binary compatibility, this field should
1.207 + * be NULL.
1.208 + */
1.209 + void *null;
1.210 +};
1.211 +
1.212 +
1.213 +/*
1.214 + * NSSCKMDSlot
1.215 + *
1.216 + * This is the basic handle for a PKCS#11 Module Slot. It is
1.217 + * created by the NSSCKMDInstance->GetSlots call, and may be
1.218 + * obtained from the Framework's corresponding NSSCKFWSlot
1.219 + * object. It contains a pointer for use by the Module, to
1.220 + * store any slot-related data, and it contains the EPV for
1.221 + * a set of routines which the Module may implement for use
1.222 + * by the Framework. Some of these routines are optional.
1.223 + */
1.224 +
1.225 +struct NSSCKMDSlotStr {
1.226 + /*
1.227 + * The Module may use this pointer for its own purposes.
1.228 + */
1.229 + void *etc;
1.230 +
1.231 + /*
1.232 + * This routine is called during the Framework initialization
1.233 + * step, after the Framework Instance has obtained the list
1.234 + * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
1.235 + * specific initialization can be done here. This routine is
1.236 + * optional; if unimplemented, it won't be called. Note that
1.237 + * if this routine returns an error, the entire Framework
1.238 + * initialization for this Module will fail.
1.239 + */
1.240 + CK_RV (PR_CALLBACK *Initialize)(
1.241 + NSSCKMDSlot *mdSlot,
1.242 + NSSCKFWSlot *fwSlot,
1.243 + NSSCKMDInstance *mdInstance,
1.244 + NSSCKFWInstance *fwInstance
1.245 + );
1.246 +
1.247 + /*
1.248 + * This routine is called when the Framework is finalizing
1.249 + * the PKCS#11 Module. This call (for each of the slots)
1.250 + * is the last thing called before NSSCKMDInstance->Finalize.
1.251 + * This routine is optional; if unimplemented, it merely
1.252 + * won't be called. Note: In the rare circumstance that
1.253 + * the Framework initialization cannot complete (due to,
1.254 + * for example, memory limitations), this can be called with
1.255 + * a NULL value for fwSlot.
1.256 + */
1.257 + void (PR_CALLBACK *Destroy)(
1.258 + NSSCKMDSlot *mdSlot,
1.259 + NSSCKFWSlot *fwSlot,
1.260 + NSSCKMDInstance *mdInstance,
1.261 + NSSCKFWInstance *fwInstance
1.262 + );
1.263 +
1.264 + /*
1.265 + * This routine returns a pointer to a UTF8-encoded string
1.266 + * containing a description of this slot. Only the characters
1.267 + * completely encoded in the first sixty-four bytes are
1.268 + * significant. This routine is optional. The string
1.269 + * returned is never freed; if dynamically generated,
1.270 + * the space for it should be allocated from the NSSArena
1.271 + * that may be obtained from the NSSCKFWInstance. This
1.272 + * routine may return NULL upon error; however if *pError
1.273 + * is CKR_OK, the NULL will be considered the valid response.
1.274 + */
1.275 + NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
1.276 + NSSCKMDSlot *mdSlot,
1.277 + NSSCKFWSlot *fwSlot,
1.278 + NSSCKMDInstance *mdInstance,
1.279 + NSSCKFWInstance *fwInstance,
1.280 + CK_RV *pError
1.281 + );
1.282 +
1.283 + /*
1.284 + * This routine returns a pointer to a UTF8-encoded string
1.285 + * containing a description of the manufacturer of this slot.
1.286 + * Only the characters completely encoded in the first thirty-
1.287 + * two bytes are significant. This routine is optional.
1.288 + * The string returned is never freed; if dynamically generated,
1.289 + * the space for it should be allocated from the NSSArena
1.290 + * that may be obtained from the NSSCKFWInstance. This
1.291 + * routine may return NULL upon error; however if *pError
1.292 + * is CKR_OK, the NULL will be considered the valid response.
1.293 + */
1.294 + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
1.295 + NSSCKMDSlot *mdSlot,
1.296 + NSSCKFWSlot *fwSlot,
1.297 + NSSCKMDInstance *mdInstance,
1.298 + NSSCKFWInstance *fwInstance,
1.299 + CK_RV *pError
1.300 + );
1.301 +
1.302 + /*
1.303 + * This routine returns CK_TRUE if a token is present in this
1.304 + * slot. This routine is optional; if unimplemented, CK_TRUE
1.305 + * is assumed.
1.306 + */
1.307 + CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
1.308 + NSSCKMDSlot *mdSlot,
1.309 + NSSCKFWSlot *fwSlot,
1.310 + NSSCKMDInstance *mdInstance,
1.311 + NSSCKFWInstance *fwInstance
1.312 + );
1.313 +
1.314 + /*
1.315 + * This routine returns CK_TRUE if the slot supports removable
1.316 + * tokens. This routine is optional; if unimplemented, CK_FALSE
1.317 + * is assumed.
1.318 + */
1.319 + CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
1.320 + NSSCKMDSlot *mdSlot,
1.321 + NSSCKFWSlot *fwSlot,
1.322 + NSSCKMDInstance *mdInstance,
1.323 + NSSCKFWInstance *fwInstance
1.324 + );
1.325 +
1.326 + /*
1.327 + * This routine returns CK_TRUE if this slot is a hardware
1.328 + * device, or CK_FALSE if this slot is a software device. This
1.329 + * routine is optional; if unimplemented, CK_FALSE is assumed.
1.330 + */
1.331 + CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
1.332 + NSSCKMDSlot *mdSlot,
1.333 + NSSCKFWSlot *fwSlot,
1.334 + NSSCKMDInstance *mdInstance,
1.335 + NSSCKFWInstance *fwInstance
1.336 + );
1.337 +
1.338 + /*
1.339 + * This routine returns the version of this slot's hardware.
1.340 + * This routine is optional; if unimplemented, the Framework
1.341 + * will assume a hardware version of 0.1.
1.342 + */
1.343 + CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
1.344 + NSSCKMDSlot *mdSlot,
1.345 + NSSCKFWSlot *fwSlot,
1.346 + NSSCKMDInstance *mdInstance,
1.347 + NSSCKFWInstance *fwInstance
1.348 + );
1.349 +
1.350 + /*
1.351 + * This routine returns the version of this slot's firmware.
1.352 + * This routine is optional; if unimplemented, the Framework
1.353 + * will assume a hardware version of 0.1.
1.354 + */
1.355 + CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
1.356 + NSSCKMDSlot *mdSlot,
1.357 + NSSCKFWSlot *fwSlot,
1.358 + NSSCKMDInstance *mdInstance,
1.359 + NSSCKFWInstance *fwInstance
1.360 + );
1.361 +
1.362 + /*
1.363 + * This routine should return a pointer to an NSSCKMDToken
1.364 + * object corresponding to the token in the specified slot.
1.365 + * The NSSCKFWToken object passed in has an NSSArena
1.366 + * available which is dedicated for this token. This routine
1.367 + * must be implemented. This routine may return NULL upon
1.368 + * error.
1.369 + */
1.370 + NSSCKMDToken *(PR_CALLBACK *GetToken)(
1.371 + NSSCKMDSlot *mdSlot,
1.372 + NSSCKFWSlot *fwSlot,
1.373 + NSSCKMDInstance *mdInstance,
1.374 + NSSCKFWInstance *fwInstance,
1.375 + CK_RV *pError
1.376 + );
1.377 +
1.378 + /*
1.379 + * This object may be extended in future versions of the
1.380 + * NSS Cryptoki Framework. To allow for some flexibility
1.381 + * in the area of binary compatibility, this field should
1.382 + * be NULL.
1.383 + */
1.384 + void *null;
1.385 +};
1.386 +
1.387 +/*
1.388 + * NSSCKMDToken
1.389 + *
1.390 + * This is the basic handle for a PKCS#11 Token. It is created by
1.391 + * the NSSCKMDSlot->GetToken call, and may be obtained from the
1.392 + * Framework's corresponding NSSCKFWToken object. It contains a
1.393 + * pointer for use by the Module, to store any token-related
1.394 + * data, and it contains the EPV for a set of routines which the
1.395 + * Module may implement for use by the Framework. Some of these
1.396 + * routines are optional.
1.397 + */
1.398 +
1.399 +struct NSSCKMDTokenStr {
1.400 + /*
1.401 + * The Module may use this pointer for its own purposes.
1.402 + */
1.403 + void *etc;
1.404 +
1.405 + /*
1.406 + * This routine is used to prepare a Module token object for
1.407 + * use. It is called after the NSSCKMDToken object is obtained
1.408 + * from NSSCKMDSlot->GetToken. It is named "Setup" here because
1.409 + * Cryptoki already defines "InitToken" to do the process of
1.410 + * wiping out any existing state on a token and preparing it for
1.411 + * a new use. This routine is optional; if unimplemented, it
1.412 + * merely won't be called.
1.413 + */
1.414 + CK_RV (PR_CALLBACK *Setup)(
1.415 + NSSCKMDToken *mdToken,
1.416 + NSSCKFWToken *fwToken,
1.417 + NSSCKMDInstance *mdInstance,
1.418 + NSSCKFWInstance *fwInstance
1.419 + );
1.420 +
1.421 + /*
1.422 + * This routine is called by the Framework whenever it notices
1.423 + * that the token object is invalid. (Typically this is when a
1.424 + * routine indicates an error such as CKR_DEVICE_REMOVED). This
1.425 + * call is the last thing called before the NSSArena in the
1.426 + * corresponding NSSCKFWToken is destroyed. This routine is
1.427 + * optional; if unimplemented, it merely won't be called.
1.428 + */
1.429 + void (PR_CALLBACK *Invalidate)(
1.430 + NSSCKMDToken *mdToken,
1.431 + NSSCKFWToken *fwToken,
1.432 + NSSCKMDInstance *mdInstance,
1.433 + NSSCKFWInstance *fwInstance
1.434 + );
1.435 +
1.436 + /*
1.437 + * This routine initialises the token in the specified slot.
1.438 + * This routine is optional; if unimplemented, the Framework
1.439 + * will fail this operation with an error of CKR_DEVICE_ERROR.
1.440 + */
1.441 +
1.442 + CK_RV (PR_CALLBACK *InitToken)(
1.443 + NSSCKMDToken *mdToken,
1.444 + NSSCKFWToken *fwToken,
1.445 + NSSCKMDInstance *mdInstance,
1.446 + NSSCKFWInstance *fwInstance,
1.447 + NSSItem *pin,
1.448 + NSSUTF8 *label
1.449 + );
1.450 +
1.451 + /*
1.452 + * This routine returns a pointer to a UTF8-encoded string
1.453 + * containing this token's label. Only the characters
1.454 + * completely encoded in the first thirty-two bytes are
1.455 + * significant. This routine is optional. The string
1.456 + * returned is never freed; if dynamically generated,
1.457 + * the space for it should be allocated from the NSSArena
1.458 + * that may be obtained from the NSSCKFWInstance. This
1.459 + * routine may return NULL upon error; however if *pError
1.460 + * is CKR_OK, the NULL will be considered the valid response.
1.461 + */
1.462 + NSSUTF8 *(PR_CALLBACK *GetLabel)(
1.463 + NSSCKMDToken *mdToken,
1.464 + NSSCKFWToken *fwToken,
1.465 + NSSCKMDInstance *mdInstance,
1.466 + NSSCKFWInstance *fwInstance,
1.467 + CK_RV *pError
1.468 + );
1.469 +
1.470 + /*
1.471 + * This routine returns a pointer to a UTF8-encoded string
1.472 + * containing this token's manufacturer ID. Only the characters
1.473 + * completely encoded in the first thirty-two bytes are
1.474 + * significant. This routine is optional. The string
1.475 + * returned is never freed; if dynamically generated,
1.476 + * the space for it should be allocated from the NSSArena
1.477 + * that may be obtained from the NSSCKFWInstance. This
1.478 + * routine may return NULL upon error; however if *pError
1.479 + * is CKR_OK, the NULL will be considered the valid response.
1.480 + */
1.481 + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
1.482 + NSSCKMDToken *mdToken,
1.483 + NSSCKFWToken *fwToken,
1.484 + NSSCKMDInstance *mdInstance,
1.485 + NSSCKFWInstance *fwInstance,
1.486 + CK_RV *pError
1.487 + );
1.488 +
1.489 + /*
1.490 + * This routine returns a pointer to a UTF8-encoded string
1.491 + * containing this token's model name. Only the characters
1.492 + * completely encoded in the first thirty-two bytes are
1.493 + * significant. This routine is optional. The string
1.494 + * returned is never freed; if dynamically generated,
1.495 + * the space for it should be allocated from the NSSArena
1.496 + * that may be obtained from the NSSCKFWInstance. This
1.497 + * routine may return NULL upon error; however if *pError
1.498 + * is CKR_OK, the NULL will be considered the valid response.
1.499 + */
1.500 + NSSUTF8 *(PR_CALLBACK *GetModel)(
1.501 + NSSCKMDToken *mdToken,
1.502 + NSSCKFWToken *fwToken,
1.503 + NSSCKMDInstance *mdInstance,
1.504 + NSSCKFWInstance *fwInstance,
1.505 + CK_RV *pError
1.506 + );
1.507 +
1.508 + /*
1.509 + * This routine returns a pointer to a UTF8-encoded string
1.510 + * containing this token's serial number. Only the characters
1.511 + * completely encoded in the first thirty-two bytes are
1.512 + * significant. This routine is optional. The string
1.513 + * returned is never freed; if dynamically generated,
1.514 + * the space for it should be allocated from the NSSArena
1.515 + * that may be obtained from the NSSCKFWInstance. This
1.516 + * routine may return NULL upon error; however if *pError
1.517 + * is CKR_OK, the NULL will be considered the valid response.
1.518 + */
1.519 + NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
1.520 + NSSCKMDToken *mdToken,
1.521 + NSSCKFWToken *fwToken,
1.522 + NSSCKMDInstance *mdInstance,
1.523 + NSSCKFWInstance *fwInstance,
1.524 + CK_RV *pError
1.525 + );
1.526 +
1.527 + /*
1.528 + * This routine returns CK_TRUE if the token has its own
1.529 + * random number generator. This routine is optional; if
1.530 + * unimplemented, CK_FALSE is assumed.
1.531 + */
1.532 + CK_BBOOL (PR_CALLBACK *GetHasRNG)(
1.533 + NSSCKMDToken *mdToken,
1.534 + NSSCKFWToken *fwToken,
1.535 + NSSCKMDInstance *mdInstance,
1.536 + NSSCKFWInstance *fwInstance
1.537 + );
1.538 +
1.539 + /*
1.540 + * This routine returns CK_TRUE if this token is write-protected.
1.541 + * This routine is optional; if unimplemented, CK_FALSE is
1.542 + * assumed.
1.543 + */
1.544 + CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
1.545 + NSSCKMDToken *mdToken,
1.546 + NSSCKFWToken *fwToken,
1.547 + NSSCKMDInstance *mdInstance,
1.548 + NSSCKFWInstance *fwInstance
1.549 + );
1.550 +
1.551 + /*
1.552 + * This routine returns CK_TRUE if this token requires a login.
1.553 + * This routine is optional; if unimplemented, CK_FALSE is
1.554 + * assumed.
1.555 + */
1.556 + CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
1.557 + NSSCKMDToken *mdToken,
1.558 + NSSCKFWToken *fwToken,
1.559 + NSSCKMDInstance *mdInstance,
1.560 + NSSCKFWInstance *fwInstance
1.561 + );
1.562 +
1.563 + /*
1.564 + * This routine returns CK_TRUE if the normal user's PIN on this
1.565 + * token has been initialised. This routine is optional; if
1.566 + * unimplemented, CK_FALSE is assumed.
1.567 + */
1.568 + CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
1.569 + NSSCKMDToken *mdToken,
1.570 + NSSCKFWToken *fwToken,
1.571 + NSSCKMDInstance *mdInstance,
1.572 + NSSCKFWInstance *fwInstance
1.573 + );
1.574 +
1.575 + /*
1.576 + * This routine returns CK_TRUE if a successful save of a
1.577 + * session's cryptographic operations state ~always~ contains
1.578 + * all keys needed to restore the state of the session. This
1.579 + * routine is optional; if unimplemented, CK_FALSE is assumed.
1.580 + */
1.581 + CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
1.582 + NSSCKMDToken *mdToken,
1.583 + NSSCKFWToken *fwToken,
1.584 + NSSCKMDInstance *mdInstance,
1.585 + NSSCKFWInstance *fwInstance
1.586 + );
1.587 +
1.588 + /*
1.589 + * This routine returns CK_TRUE if the token has its own
1.590 + * hardware clock. This routine is optional; if unimplemented,
1.591 + * CK_FALSE is assumed.
1.592 + */
1.593 + CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
1.594 + NSSCKMDToken *mdToken,
1.595 + NSSCKFWToken *fwToken,
1.596 + NSSCKMDInstance *mdInstance,
1.597 + NSSCKFWInstance *fwInstance
1.598 + );
1.599 +
1.600 + /*
1.601 + * This routine returns CK_TRUE if the token has a protected
1.602 + * authentication path. This routine is optional; if
1.603 + * unimplemented, CK_FALSE is assumed.
1.604 + */
1.605 + CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
1.606 + NSSCKMDToken *mdToken,
1.607 + NSSCKFWToken *fwToken,
1.608 + NSSCKMDInstance *mdInstance,
1.609 + NSSCKFWInstance *fwInstance
1.610 + );
1.611 +
1.612 + /*
1.613 + * This routine returns CK_TRUE if the token supports dual
1.614 + * cryptographic operations within a single session. This
1.615 + * routine is optional; if unimplemented, CK_FALSE is assumed.
1.616 + */
1.617 + CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
1.618 + NSSCKMDToken *mdToken,
1.619 + NSSCKFWToken *fwToken,
1.620 + NSSCKMDInstance *mdInstance,
1.621 + NSSCKFWInstance *fwInstance
1.622 + );
1.623 +
1.624 + /*
1.625 + * XXX fgmr-- should we have a call to return all the flags
1.626 + * at once, for folks who already know about Cryptoki?
1.627 + */
1.628 +
1.629 + /*
1.630 + * This routine returns the maximum number of sessions that
1.631 + * may be opened on this token. This routine is optional;
1.632 + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
1.633 + * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
1.634 + */
1.635 + CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
1.636 + NSSCKMDToken *mdToken,
1.637 + NSSCKFWToken *fwToken,
1.638 + NSSCKMDInstance *mdInstance,
1.639 + NSSCKFWInstance *fwInstance
1.640 + );
1.641 +
1.642 + /*
1.643 + * This routine returns the maximum number of read/write
1.644 + * sesisons that may be opened on this token. This routine
1.645 + * is optional; if unimplemented, the special value
1.646 + * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
1.647 + * CK_EFFECTIVELY_INFINITE?
1.648 + */
1.649 + CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
1.650 + NSSCKMDToken *mdToken,
1.651 + NSSCKFWToken *fwToken,
1.652 + NSSCKMDInstance *mdInstance,
1.653 + NSSCKFWInstance *fwInstance
1.654 + );
1.655 +
1.656 + /*
1.657 + * This routine returns the maximum PIN code length that is
1.658 + * supported on this token. This routine is optional;
1.659 + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
1.660 + * is assumed.
1.661 + */
1.662 + CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
1.663 + NSSCKMDToken *mdToken,
1.664 + NSSCKFWToken *fwToken,
1.665 + NSSCKMDInstance *mdInstance,
1.666 + NSSCKFWInstance *fwInstance
1.667 + );
1.668 +
1.669 + /*
1.670 + * This routine returns the minimum PIN code length that is
1.671 + * supported on this token. This routine is optional; if
1.672 + * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
1.673 + * is assumed. XXX fgmr-- or 0?
1.674 + */
1.675 + CK_ULONG (PR_CALLBACK *GetMinPinLen)(
1.676 + NSSCKMDToken *mdToken,
1.677 + NSSCKFWToken *fwToken,
1.678 + NSSCKMDInstance *mdInstance,
1.679 + NSSCKFWInstance *fwInstance
1.680 + );
1.681 +
1.682 + /*
1.683 + * This routine returns the total amount of memory on the token
1.684 + * in which public objects may be stored. This routine is
1.685 + * optional; if unimplemented, the special value
1.686 + * CK_UNAVAILABLE_INFORMATION is assumed.
1.687 + */
1.688 + CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
1.689 + NSSCKMDToken *mdToken,
1.690 + NSSCKFWToken *fwToken,
1.691 + NSSCKMDInstance *mdInstance,
1.692 + NSSCKFWInstance *fwInstance
1.693 + );
1.694 +
1.695 + /*
1.696 + * This routine returns the amount of unused memory on the
1.697 + * token in which public objects may be stored. This routine
1.698 + * is optional; if unimplemented, the special value
1.699 + * CK_UNAVAILABLE_INFORMATION is assumed.
1.700 + */
1.701 + CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
1.702 + NSSCKMDToken *mdToken,
1.703 + NSSCKFWToken *fwToken,
1.704 + NSSCKMDInstance *mdInstance,
1.705 + NSSCKFWInstance *fwInstance
1.706 + );
1.707 +
1.708 + /*
1.709 + * This routine returns the total amount of memory on the token
1.710 + * in which private objects may be stored. This routine is
1.711 + * optional; if unimplemented, the special value
1.712 + * CK_UNAVAILABLE_INFORMATION is assumed.
1.713 + */
1.714 + CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
1.715 + NSSCKMDToken *mdToken,
1.716 + NSSCKFWToken *fwToken,
1.717 + NSSCKMDInstance *mdInstance,
1.718 + NSSCKFWInstance *fwInstance
1.719 + );
1.720 +
1.721 + /*
1.722 + * This routine returns the amount of unused memory on the
1.723 + * token in which private objects may be stored. This routine
1.724 + * is optional; if unimplemented, the special value
1.725 + * CK_UNAVAILABLE_INFORMATION is assumed.
1.726 + */
1.727 + CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
1.728 + NSSCKMDToken *mdToken,
1.729 + NSSCKFWToken *fwToken,
1.730 + NSSCKMDInstance *mdInstance,
1.731 + NSSCKFWInstance *fwInstance
1.732 + );
1.733 +
1.734 + /*
1.735 + * This routine returns the version number of this token's
1.736 + * hardware. This routine is optional; if unimplemented,
1.737 + * the value 0.1 is assumed.
1.738 + */
1.739 + CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
1.740 + NSSCKMDToken *mdToken,
1.741 + NSSCKFWToken *fwToken,
1.742 + NSSCKMDInstance *mdInstance,
1.743 + NSSCKFWInstance *fwInstance
1.744 + );
1.745 +
1.746 + /*
1.747 + * This routine returns the version number of this token's
1.748 + * firmware. This routine is optional; if unimplemented,
1.749 + * the value 0.1 is assumed.
1.750 + */
1.751 + CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
1.752 + NSSCKMDToken *mdToken,
1.753 + NSSCKFWToken *fwToken,
1.754 + NSSCKMDInstance *mdInstance,
1.755 + NSSCKFWInstance *fwInstance
1.756 + );
1.757 +
1.758 + /*
1.759 + * This routine stuffs the current UTC time, as obtained from
1.760 + * the token, into the sixteen-byte buffer in the form
1.761 + * YYYYMMDDhhmmss00. This routine need only be implemented
1.762 + * by token which indicate that they have a real-time clock.
1.763 + * XXX fgmr-- think about time formats.
1.764 + */
1.765 + CK_RV (PR_CALLBACK *GetUTCTime)(
1.766 + NSSCKMDToken *mdToken,
1.767 + NSSCKFWToken *fwToken,
1.768 + NSSCKMDInstance *mdInstance,
1.769 + NSSCKFWInstance *fwInstance,
1.770 + CK_CHAR utcTime[16]
1.771 + );
1.772 +
1.773 + /*
1.774 + * This routine creates a session on the token, and returns
1.775 + * the corresponding NSSCKMDSession object. The value of
1.776 + * rw will be CK_TRUE if the session is to be a read/write
1.777 + * session, or CK_FALSE otherwise. An NSSArena dedicated to
1.778 + * the new session is available from the specified NSSCKFWSession.
1.779 + * This routine may return NULL upon error.
1.780 + */
1.781 + NSSCKMDSession *(PR_CALLBACK *OpenSession)(
1.782 + NSSCKMDToken *mdToken,
1.783 + NSSCKFWToken *fwToken,
1.784 + NSSCKMDInstance *mdInstance,
1.785 + NSSCKFWInstance *fwInstance,
1.786 + NSSCKFWSession *fwSession,
1.787 + CK_BBOOL rw,
1.788 + CK_RV *pError
1.789 + );
1.790 +
1.791 + /*
1.792 + * This routine returns the number of PKCS#11 Mechanisms
1.793 + * supported by this token. This routine is optional; if
1.794 + * unimplemented, zero is assumed.
1.795 + */
1.796 + CK_ULONG (PR_CALLBACK *GetMechanismCount)(
1.797 + NSSCKMDToken *mdToken,
1.798 + NSSCKFWToken *fwToken,
1.799 + NSSCKMDInstance *mdInstance,
1.800 + NSSCKFWInstance *fwInstance
1.801 + );
1.802 +
1.803 + /*
1.804 + * This routine stuffs into the specified array the types
1.805 + * of the mechanisms supported by this token. The Framework
1.806 + * determines the size of the array by calling GetMechanismCount.
1.807 + */
1.808 + CK_RV (PR_CALLBACK *GetMechanismTypes)(
1.809 + NSSCKMDToken *mdToken,
1.810 + NSSCKFWToken *fwToken,
1.811 + NSSCKMDInstance *mdInstance,
1.812 + NSSCKFWInstance *fwInstance,
1.813 + CK_MECHANISM_TYPE types[]
1.814 + );
1.815 +
1.816 + /*
1.817 + * This routine returns a pointer to a Module mechanism
1.818 + * object corresponding to a specified type. This routine
1.819 + * need only exist for tokens implementing at least one
1.820 + * mechanism.
1.821 + */
1.822 + NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
1.823 + NSSCKMDToken *mdToken,
1.824 + NSSCKFWToken *fwToken,
1.825 + NSSCKMDInstance *mdInstance,
1.826 + NSSCKFWInstance *fwInstance,
1.827 + CK_MECHANISM_TYPE which,
1.828 + CK_RV *pError
1.829 + );
1.830 +
1.831 + /*
1.832 + * This object may be extended in future versions of the
1.833 + * NSS Cryptoki Framework. To allow for some flexibility
1.834 + * in the area of binary compatibility, this field should
1.835 + * be NULL.
1.836 + */
1.837 + void *null;
1.838 +};
1.839 +
1.840 +/*
1.841 + * NSSCKMDSession
1.842 + *
1.843 + * This is the basic handle for a session on a PKCS#11 Token. It
1.844 + * is created by NSSCKMDToken->OpenSession, and may be obtained
1.845 + * from the Framework's corresponding NSSCKFWSession object. It
1.846 + * contains a pointer for use by the Module, to store any session-
1.847 + * realted data, and it contains the EPV for a set of routines
1.848 + * which the Module may implement for use by the Framework. Some
1.849 + * of these routines are optional.
1.850 + */
1.851 +
1.852 +struct NSSCKMDSessionStr {
1.853 + /*
1.854 + * The Module may use this pointer for its own purposes.
1.855 + */
1.856 + void *etc;
1.857 +
1.858 + /*
1.859 + * This routine is called by the Framework when a session is
1.860 + * closed. This call is the last thing called before the
1.861 + * NSSArena in the correspoinding NSSCKFWSession is destroyed.
1.862 + * This routine is optional; if unimplemented, it merely won't
1.863 + * be called.
1.864 + */
1.865 + void (PR_CALLBACK *Close)(
1.866 + NSSCKMDSession *mdSession,
1.867 + NSSCKFWSession *fwSession,
1.868 + NSSCKMDToken *mdToken,
1.869 + NSSCKFWToken *fwToken,
1.870 + NSSCKMDInstance *mdInstance,
1.871 + NSSCKFWInstance *fwInstance
1.872 + );
1.873 +
1.874 + /*
1.875 + * This routine is used to get any device-specific error.
1.876 + * This routine is optional.
1.877 + */
1.878 + CK_ULONG (PR_CALLBACK *GetDeviceError)(
1.879 + NSSCKMDSession *mdSession,
1.880 + NSSCKFWSession *fwSession,
1.881 + NSSCKMDToken *mdToken,
1.882 + NSSCKFWToken *fwToken,
1.883 + NSSCKMDInstance *mdInstance,
1.884 + NSSCKFWInstance *fwInstance
1.885 + );
1.886 +
1.887 + /*
1.888 + * This routine is used to log in a user to the token. This
1.889 + * routine is optional, since the Framework's NSSCKFWSession
1.890 + * object keeps track of the login state.
1.891 + */
1.892 + CK_RV (PR_CALLBACK *Login)(
1.893 + NSSCKMDSession *mdSession,
1.894 + NSSCKFWSession *fwSession,
1.895 + NSSCKMDToken *mdToken,
1.896 + NSSCKFWToken *fwToken,
1.897 + NSSCKMDInstance *mdInstance,
1.898 + NSSCKFWInstance *fwInstance,
1.899 + CK_USER_TYPE userType,
1.900 + NSSItem *pin,
1.901 + CK_STATE oldState,
1.902 + CK_STATE newState
1.903 + );
1.904 +
1.905 + /*
1.906 + * This routine is used to log out a user from the token. This
1.907 + * routine is optional, since the Framework's NSSCKFWSession
1.908 + * object keeps track of the login state.
1.909 + */
1.910 + CK_RV (PR_CALLBACK *Logout)(
1.911 + NSSCKMDSession *mdSession,
1.912 + NSSCKFWSession *fwSession,
1.913 + NSSCKMDToken *mdToken,
1.914 + NSSCKFWToken *fwToken,
1.915 + NSSCKMDInstance *mdInstance,
1.916 + NSSCKFWInstance *fwInstance,
1.917 + CK_STATE oldState,
1.918 + CK_STATE newState
1.919 + );
1.920 +
1.921 + /*
1.922 + * This routine is used to initialize the normal user's PIN or
1.923 + * password. This will only be called in the "read/write
1.924 + * security officer functions" state. If this token has a
1.925 + * protected authentication path, then the pin argument will
1.926 + * be NULL. This routine is optional; if unimplemented, the
1.927 + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
1.928 + */
1.929 + CK_RV (PR_CALLBACK *InitPIN)(
1.930 + NSSCKMDSession *mdSession,
1.931 + NSSCKFWSession *fwSession,
1.932 + NSSCKMDToken *mdToken,
1.933 + NSSCKFWToken *fwToken,
1.934 + NSSCKMDInstance *mdInstance,
1.935 + NSSCKFWInstance *fwInstance,
1.936 + NSSItem *pin
1.937 + );
1.938 +
1.939 + /*
1.940 + * This routine is used to modify a user's PIN or password. This
1.941 + * routine will only be called in the "read/write security officer
1.942 + * functions" or "read/write user functions" state. If this token
1.943 + * has a protected authentication path, then the pin arguments
1.944 + * will be NULL. This routine is optional; if unimplemented, the
1.945 + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
1.946 + */
1.947 + CK_RV (PR_CALLBACK *SetPIN)(
1.948 + NSSCKMDSession *mdSession,
1.949 + NSSCKFWSession *fwSession,
1.950 + NSSCKMDToken *mdToken,
1.951 + NSSCKFWToken *fwToken,
1.952 + NSSCKMDInstance *mdInstance,
1.953 + NSSCKFWInstance *fwInstance,
1.954 + NSSItem *oldPin,
1.955 + NSSItem *newPin
1.956 + );
1.957 +
1.958 + /*
1.959 + * This routine is used to find out how much space would be required
1.960 + * to save the current operational state. This routine is optional;
1.961 + * if unimplemented, the Framework will reject any attempts to save
1.962 + * the operational state with the error CKR_STATE_UNSAVEABLE. This
1.963 + * routine may return zero on error.
1.964 + */
1.965 + CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
1.966 + NSSCKMDSession *mdSession,
1.967 + NSSCKFWSession *fwSession,
1.968 + NSSCKMDToken *mdToken,
1.969 + NSSCKFWToken *fwToken,
1.970 + NSSCKMDInstance *mdInstance,
1.971 + NSSCKFWInstance *fwInstance,
1.972 + CK_RV *pError
1.973 + );
1.974 +
1.975 + /*
1.976 + * This routine is used to store the current operational state. This
1.977 + * routine is only required if GetOperationStateLen is implemented
1.978 + * and can return a nonzero value. The buffer in the specified item
1.979 + * will be pre-allocated, and the length will specify the amount of
1.980 + * space available (which may be more than GetOperationStateLen
1.981 + * asked for, but which will not be smaller).
1.982 + */
1.983 + CK_RV (PR_CALLBACK *GetOperationState)(
1.984 + NSSCKMDSession *mdSession,
1.985 + NSSCKFWSession *fwSession,
1.986 + NSSCKMDToken *mdToken,
1.987 + NSSCKFWToken *fwToken,
1.988 + NSSCKMDInstance *mdInstance,
1.989 + NSSCKFWInstance *fwInstance,
1.990 + NSSItem *buffer
1.991 + );
1.992 +
1.993 + /*
1.994 + * This routine is used to restore an operational state previously
1.995 + * obtained with GetOperationState. The Framework will take pains
1.996 + * to be sure that the state is (or was at one point) valid; if the
1.997 + * Module notices that the state is invalid, it should return an
1.998 + * error, but it is not required to be paranoid about the issue.
1.999 + * [XXX fgmr-- should (can?) the framework verify the keys match up?]
1.1000 + * This routine is required only if GetOperationState is implemented.
1.1001 + */
1.1002 + CK_RV (PR_CALLBACK *SetOperationState)(
1.1003 + NSSCKMDSession *mdSession,
1.1004 + NSSCKFWSession *fwSession,
1.1005 + NSSCKMDToken *mdToken,
1.1006 + NSSCKFWToken *fwToken,
1.1007 + NSSCKMDInstance *mdInstance,
1.1008 + NSSCKFWInstance *fwInstance,
1.1009 + NSSItem *state,
1.1010 + NSSCKMDObject *mdEncryptionKey,
1.1011 + NSSCKFWObject *fwEncryptionKey,
1.1012 + NSSCKMDObject *mdAuthenticationKey,
1.1013 + NSSCKFWObject *fwAuthenticationKey
1.1014 + );
1.1015 +
1.1016 + /*
1.1017 + * This routine is used to create an object. The specified template
1.1018 + * will only specify a session object if the Module has indicated
1.1019 + * that it wishes to handle its own session objects. This routine
1.1020 + * is optional; if unimplemented, the Framework will reject the
1.1021 + * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1.1022 + * token objects should come from the NSSArena available from the
1.1023 + * NSSCKFWToken object; space for session objects (if supported)
1.1024 + * should come from the NSSArena available from the NSSCKFWSession
1.1025 + * object. The appropriate NSSArena pointer will, as a convenience,
1.1026 + * be passed as the handyArenaPointer argument. This routine may
1.1027 + * return NULL upon error.
1.1028 + */
1.1029 + NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1.1030 + NSSCKMDSession *mdSession,
1.1031 + NSSCKFWSession *fwSession,
1.1032 + NSSCKMDToken *mdToken,
1.1033 + NSSCKFWToken *fwToken,
1.1034 + NSSCKMDInstance *mdInstance,
1.1035 + NSSCKFWInstance *fwInstance,
1.1036 + NSSArena *handyArenaPointer,
1.1037 + CK_ATTRIBUTE_PTR pTemplate,
1.1038 + CK_ULONG ulAttributeCount,
1.1039 + CK_RV *pError
1.1040 + );
1.1041 +
1.1042 + /*
1.1043 + * This routine is used to make a copy of an object. It is entirely
1.1044 + * optional; if unimplemented, the Framework will try to use
1.1045 + * CreateObject instead. If the Module has indicated that it does
1.1046 + * not wish to handle session objects, then this routine will only
1.1047 + * be called to copy a token object to another token object.
1.1048 + * Otherwise, either the original object or the new may be of
1.1049 + * either the token or session variety. As with CreateObject, the
1.1050 + * handyArenaPointer will point to the appropriate arena for the
1.1051 + * new object. This routine may return NULL upon error.
1.1052 + */
1.1053 + NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1.1054 + NSSCKMDSession *mdSession,
1.1055 + NSSCKFWSession *fwSession,
1.1056 + NSSCKMDToken *mdToken,
1.1057 + NSSCKFWToken *fwToken,
1.1058 + NSSCKMDInstance *mdInstance,
1.1059 + NSSCKFWInstance *fwInstance,
1.1060 + NSSCKMDObject *mdOldObject,
1.1061 + NSSCKFWObject *fwOldObject,
1.1062 + NSSArena *handyArenaPointer,
1.1063 + CK_ATTRIBUTE_PTR pTemplate,
1.1064 + CK_ULONG ulAttributeCount,
1.1065 + CK_RV *pError
1.1066 + );
1.1067 +
1.1068 + /*
1.1069 + * This routine is used to begin an object search. This routine may
1.1070 + * be unimplemented only if the Module does not handle session
1.1071 + * objects, and if none of its tokens have token objects. The
1.1072 + * NSSCKFWFindObjects pointer has an NSSArena that may be used for
1.1073 + * storage for the life of this "find" operation. This routine may
1.1074 + * return NULL upon error. If the Module can determine immediately
1.1075 + * that the search will not find any matching objects, it may return
1.1076 + * NULL, and specify CKR_OK as the error.
1.1077 + */
1.1078 + NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1.1079 + NSSCKMDSession *mdSession,
1.1080 + NSSCKFWSession *fwSession,
1.1081 + NSSCKMDToken *mdToken,
1.1082 + NSSCKFWToken *fwToken,
1.1083 + NSSCKMDInstance *mdInstance,
1.1084 + NSSCKFWInstance *fwInstance,
1.1085 + CK_ATTRIBUTE_PTR pTemplate,
1.1086 + CK_ULONG ulAttributeCount,
1.1087 + CK_RV *pError
1.1088 + );
1.1089 +
1.1090 + /*
1.1091 + * This routine seeds the random-number generator. It is
1.1092 + * optional, even if GetRandom is implemented. If unimplemented,
1.1093 + * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1.1094 + */
1.1095 + CK_RV (PR_CALLBACK *SeedRandom)(
1.1096 + NSSCKMDSession *mdSession,
1.1097 + NSSCKFWSession *fwSession,
1.1098 + NSSCKMDToken *mdToken,
1.1099 + NSSCKFWToken *fwToken,
1.1100 + NSSCKMDInstance *mdInstance,
1.1101 + NSSCKFWInstance *fwInstance,
1.1102 + NSSItem *seed
1.1103 + );
1.1104 +
1.1105 + /*
1.1106 + * This routine gets random data. It is optional. If unimplemented,
1.1107 + * the Framework will issue the error CKR_RANDOM_NO_RNG.
1.1108 + */
1.1109 + CK_RV (PR_CALLBACK *GetRandom)(
1.1110 + NSSCKMDSession *mdSession,
1.1111 + NSSCKFWSession *fwSession,
1.1112 + NSSCKMDToken *mdToken,
1.1113 + NSSCKFWToken *fwToken,
1.1114 + NSSCKMDInstance *mdInstance,
1.1115 + NSSCKFWInstance *fwInstance,
1.1116 + NSSItem *buffer
1.1117 + );
1.1118 +
1.1119 + /*
1.1120 + * This object may be extended in future versions of the
1.1121 + * NSS Cryptoki Framework. To allow for some flexibility
1.1122 + * in the area of binary compatibility, this field should
1.1123 + * be NULL.
1.1124 + */
1.1125 + void *null;
1.1126 +};
1.1127 +
1.1128 +/*
1.1129 + * NSSCKMDFindObjects
1.1130 + *
1.1131 + * This is the basic handle for an object search. It is
1.1132 + * created by NSSCKMDSession->FindObjectsInit, and may be
1.1133 + * obtained from the Framework's corresponding object.
1.1134 + * It contains a pointer for use by the Module, to store
1.1135 + * any search-related data, and it contains the EPV for a
1.1136 + * set of routines which the Module may implement for use
1.1137 + * by the Framework. Some of these routines are optional.
1.1138 + */
1.1139 +
1.1140 +struct NSSCKMDFindObjectsStr {
1.1141 + /*
1.1142 + * The Module may use this pointer for its own purposes.
1.1143 + */
1.1144 + void *etc;
1.1145 +
1.1146 + /*
1.1147 + * This routine is called by the Framework to finish a
1.1148 + * search operation. Note that the Framework may finish
1.1149 + * a search before it has completed. This routine is
1.1150 + * optional; if unimplemented, it merely won't be called.
1.1151 + */
1.1152 + void (PR_CALLBACK *Final)(
1.1153 + NSSCKMDFindObjects *mdFindObjects,
1.1154 + NSSCKFWFindObjects *fwFindObjects,
1.1155 + NSSCKMDSession *mdSession,
1.1156 + NSSCKFWSession *fwSession,
1.1157 + NSSCKMDToken *mdToken,
1.1158 + NSSCKFWToken *fwToken,
1.1159 + NSSCKMDInstance *mdInstance,
1.1160 + NSSCKFWInstance *fwInstance
1.1161 + );
1.1162 +
1.1163 + /*
1.1164 + * This routine is used to obtain another pointer to an
1.1165 + * object matching the search criteria. This routine is
1.1166 + * required. If no (more) objects match the search, it
1.1167 + * should return NULL and set the error to CKR_OK.
1.1168 + */
1.1169 + NSSCKMDObject *(PR_CALLBACK *Next)(
1.1170 + NSSCKMDFindObjects *mdFindObjects,
1.1171 + NSSCKFWFindObjects *fwFindObjects,
1.1172 + NSSCKMDSession *mdSession,
1.1173 + NSSCKFWSession *fwSession,
1.1174 + NSSCKMDToken *mdToken,
1.1175 + NSSCKFWToken *fwToken,
1.1176 + NSSCKMDInstance *mdInstance,
1.1177 + NSSCKFWInstance *fwInstance,
1.1178 + NSSArena *arena,
1.1179 + CK_RV *pError
1.1180 + );
1.1181 +
1.1182 + /*
1.1183 + * This object may be extended in future versions of the
1.1184 + * NSS Cryptoki Framework. To allow for some flexibility
1.1185 + * in the area of binary compatibility, this field should
1.1186 + * be NULL.
1.1187 + */
1.1188 + void *null;
1.1189 +};
1.1190 +
1.1191 +/*
1.1192 + * NSSCKMDCryptoOperaion
1.1193 + *
1.1194 + * This is the basic handle for an encryption, decryption,
1.1195 + * sign, verify, or hash opertion.
1.1196 + * created by NSSCKMDMechanism->XXXXInit, and may be
1.1197 + * obtained from the Framework's corresponding object.
1.1198 + * It contains a pointer for use by the Module, to store
1.1199 + * any intermediate data, and it contains the EPV for a
1.1200 + * set of routines which the Module may implement for use
1.1201 + * by the Framework. Some of these routines are optional.
1.1202 + */
1.1203 +
1.1204 +struct NSSCKMDCryptoOperationStr {
1.1205 + /*
1.1206 + * The Module may use this pointer for its own purposes.
1.1207 + */
1.1208 + void *etc;
1.1209 +
1.1210 + /*
1.1211 + * This routine is called by the Framework clean up the mdCryptoOperation
1.1212 + * structure.
1.1213 + * This routine is optional; if unimplemented, it will be ignored.
1.1214 + */
1.1215 + void (PR_CALLBACK *Destroy)(
1.1216 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1217 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1218 + NSSCKMDInstance *mdInstance,
1.1219 + NSSCKFWInstance *fwInstance
1.1220 + );
1.1221 +
1.1222 +
1.1223 + /*
1.1224 + * how many bytes do we need to finish this buffer?
1.1225 + * must be implemented if Final is implemented.
1.1226 + */
1.1227 + CK_ULONG (PR_CALLBACK *GetFinalLength)(
1.1228 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1229 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1230 + NSSCKMDSession *mdSession,
1.1231 + NSSCKFWSession *fwSession,
1.1232 + NSSCKMDToken *mdToken,
1.1233 + NSSCKFWToken *fwToken,
1.1234 + NSSCKMDInstance *mdInstance,
1.1235 + NSSCKFWInstance *fwInstance,
1.1236 + CK_RV *pError
1.1237 + );
1.1238 +
1.1239 + /*
1.1240 + * how many bytes do we need to complete the next operation.
1.1241 + * used in both Update and UpdateFinal.
1.1242 + */
1.1243 + CK_ULONG (PR_CALLBACK *GetOperationLength)(
1.1244 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1245 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1246 + NSSCKMDSession *mdSession,
1.1247 + NSSCKFWSession *fwSession,
1.1248 + NSSCKMDToken *mdToken,
1.1249 + NSSCKFWToken *fwToken,
1.1250 + NSSCKMDInstance *mdInstance,
1.1251 + NSSCKFWInstance *fwInstance,
1.1252 + const NSSItem *inputBuffer,
1.1253 + CK_RV *pError
1.1254 + );
1.1255 +
1.1256 + /*
1.1257 + * This routine is called by the Framework to finish a
1.1258 + * search operation. Note that the Framework may finish
1.1259 + * a search before it has completed. This routine is
1.1260 + * optional; if unimplemented, it merely won't be called.
1.1261 + * The respective final call with fail with CKR_FUNCTION_FAILED
1.1262 + * Final should not free the mdCryptoOperation.
1.1263 + */
1.1264 + CK_RV(PR_CALLBACK *Final)(
1.1265 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1266 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1267 + NSSCKMDSession *mdSession,
1.1268 + NSSCKFWSession *fwSession,
1.1269 + NSSCKMDToken *mdToken,
1.1270 + NSSCKFWToken *fwToken,
1.1271 + NSSCKMDInstance *mdInstance,
1.1272 + NSSCKFWInstance *fwInstance,
1.1273 + NSSItem *outputBuffer
1.1274 + );
1.1275 +
1.1276 +
1.1277 + /*
1.1278 + * This routine is called by the Framework to complete the
1.1279 + * next step in an encryption/decryption operation.
1.1280 + * This routine is optional; if unimplemented, the respective
1.1281 + * update call with fail with CKR_FUNCTION_FAILED.
1.1282 + * Update should not be implemented for signing/verification/digest
1.1283 + * mechanisms.
1.1284 + */
1.1285 + CK_RV(PR_CALLBACK *Update)(
1.1286 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1287 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1288 + NSSCKMDSession *mdSession,
1.1289 + NSSCKFWSession *fwSession,
1.1290 + NSSCKMDToken *mdToken,
1.1291 + NSSCKFWToken *fwToken,
1.1292 + NSSCKMDInstance *mdInstance,
1.1293 + NSSCKFWInstance *fwInstance,
1.1294 + const NSSItem *inputBuffer,
1.1295 + NSSItem *outputBuffer
1.1296 + );
1.1297 +
1.1298 + /*
1.1299 + * This routine is called by the Framework to complete the
1.1300 + * next step in a signing/verification/digest operation.
1.1301 + * This routine is optional; if unimplemented, the respective
1.1302 + * update call with fail with CKR_FUNCTION_FAILED
1.1303 + * Update should not be implemented for encryption/decryption
1.1304 + * mechanisms.
1.1305 + */
1.1306 + CK_RV(PR_CALLBACK *DigestUpdate)(
1.1307 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1308 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1309 + NSSCKMDSession *mdSession,
1.1310 + NSSCKFWSession *fwSession,
1.1311 + NSSCKMDToken *mdToken,
1.1312 + NSSCKFWToken *fwToken,
1.1313 + NSSCKMDInstance *mdInstance,
1.1314 + NSSCKFWInstance *fwInstance,
1.1315 + const NSSItem *inputBuffer
1.1316 + );
1.1317 +
1.1318 + /*
1.1319 + * This routine is called by the Framework to complete a
1.1320 + * single step operation. This routine is optional; if unimplemented,
1.1321 + * the framework will use the Update and Final functions to complete
1.1322 + * the operation.
1.1323 + */
1.1324 + CK_RV(PR_CALLBACK *UpdateFinal)(
1.1325 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1326 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1327 + NSSCKMDSession *mdSession,
1.1328 + NSSCKFWSession *fwSession,
1.1329 + NSSCKMDToken *mdToken,
1.1330 + NSSCKFWToken *fwToken,
1.1331 + NSSCKMDInstance *mdInstance,
1.1332 + NSSCKFWInstance *fwInstance,
1.1333 + const NSSItem *inputBuffer,
1.1334 + NSSItem *outputBuffer
1.1335 + );
1.1336 +
1.1337 + /*
1.1338 + * This routine is called by the Framework to complete next
1.1339 + * step in a combined operation. The Decrypt/Encrypt mechanism
1.1340 + * should define and drive the combo step.
1.1341 + * This routine is optional; if unimplemented,
1.1342 + * the framework will use the appropriate Update functions to complete
1.1343 + * the operation.
1.1344 + */
1.1345 + CK_RV(PR_CALLBACK *UpdateCombo)(
1.1346 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1347 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1348 + NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1.1349 + NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1.1350 + NSSCKMDSession *mdSession,
1.1351 + NSSCKFWSession *fwSession,
1.1352 + NSSCKMDToken *mdToken,
1.1353 + NSSCKFWToken *fwToken,
1.1354 + NSSCKMDInstance *mdInstance,
1.1355 + NSSCKFWInstance *fwInstance,
1.1356 + const NSSItem *inputBuffer,
1.1357 + NSSItem *outputBuffer
1.1358 + );
1.1359 +
1.1360 + /*
1.1361 + * Hash a key directly into the digest
1.1362 + */
1.1363 + CK_RV(PR_CALLBACK *DigestKey)(
1.1364 + NSSCKMDCryptoOperation *mdCryptoOperation,
1.1365 + NSSCKFWCryptoOperation *fwCryptoOperation,
1.1366 + NSSCKMDToken *mdToken,
1.1367 + NSSCKFWToken *fwToken,
1.1368 + NSSCKMDInstance *mdInstance,
1.1369 + NSSCKFWInstance *fwInstance,
1.1370 + NSSCKMDObject *mdKey,
1.1371 + NSSCKFWObject *fwKey
1.1372 + );
1.1373 +
1.1374 + /*
1.1375 + * This object may be extended in future versions of the
1.1376 + * NSS Cryptoki Framework. To allow for some flexibility
1.1377 + * in the area of binary compatibility, this field should
1.1378 + * be NULL.
1.1379 + */
1.1380 + void *null;
1.1381 +};
1.1382 +
1.1383 +/*
1.1384 + * NSSCKMDMechanism
1.1385 + *
1.1386 + */
1.1387 +
1.1388 +struct NSSCKMDMechanismStr {
1.1389 + /*
1.1390 + * The Module may use this pointer for its own purposes.
1.1391 + */
1.1392 + void *etc;
1.1393 +
1.1394 + /*
1.1395 + * This also frees the fwMechanism if appropriate.
1.1396 + * If it is not supplied, the Framework will assume that the Token
1.1397 + * Manages a static list of mechanisms and the function will not be called.
1.1398 + */
1.1399 + void (PR_CALLBACK *Destroy)(
1.1400 + NSSCKMDMechanism *mdMechanism,
1.1401 + NSSCKFWMechanism *fwMechanism,
1.1402 + NSSCKMDInstance *mdInstance,
1.1403 + NSSCKFWInstance *fwInstance
1.1404 + );
1.1405 +
1.1406 +
1.1407 + /*
1.1408 + * This routine returns the minimum key size allowed for
1.1409 + * this mechanism. This routine is optional; if unimplemented,
1.1410 + * zero will be assumed. This routine may return zero on
1.1411 + * error; if the error is CKR_OK, zero will be accepted as
1.1412 + * a valid response.
1.1413 + */
1.1414 + CK_ULONG (PR_CALLBACK *GetMinKeySize)(
1.1415 + NSSCKMDMechanism *mdMechanism,
1.1416 + NSSCKFWMechanism *fwMechanism,
1.1417 + NSSCKMDToken *mdToken,
1.1418 + NSSCKFWToken *fwToken,
1.1419 + NSSCKMDInstance *mdInstance,
1.1420 + NSSCKFWInstance *fwInstance,
1.1421 + CK_RV *pError
1.1422 + );
1.1423 +
1.1424 + /*
1.1425 + * This routine returns the maximum key size allowed for
1.1426 + * this mechanism. This routine is optional; if unimplemented,
1.1427 + * zero will be assumed. This routine may return zero on
1.1428 + * error; if the error is CKR_OK, zero will be accepted as
1.1429 + * a valid response.
1.1430 + */
1.1431 + CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
1.1432 + NSSCKMDMechanism *mdMechanism,
1.1433 + NSSCKFWMechanism *fwMechanism,
1.1434 + NSSCKMDToken *mdToken,
1.1435 + NSSCKFWToken *fwToken,
1.1436 + NSSCKMDInstance *mdInstance,
1.1437 + NSSCKFWInstance *fwInstance,
1.1438 + CK_RV *pError
1.1439 + );
1.1440 +
1.1441 + /*
1.1442 + * This routine is called to determine if the mechanism is
1.1443 + * implemented in hardware or software. It returns CK_TRUE
1.1444 + * if it is done in hardware.
1.1445 + */
1.1446 + CK_BBOOL (PR_CALLBACK *GetInHardware)(
1.1447 + NSSCKMDMechanism *mdMechanism,
1.1448 + NSSCKFWMechanism *fwMechanism,
1.1449 + NSSCKMDToken *mdToken,
1.1450 + NSSCKFWToken *fwToken,
1.1451 + NSSCKMDInstance *mdInstance,
1.1452 + NSSCKFWInstance *fwInstance,
1.1453 + CK_RV *pError
1.1454 + );
1.1455 +
1.1456 + /*
1.1457 + * The crypto routines themselves. Most crypto operations may
1.1458 + * be performed in two ways, streaming and single-part. The
1.1459 + * streaming operations involve the use of (typically) three
1.1460 + * calls-- an Init method to set up the operation, an Update
1.1461 + * method to feed data to the operation, and a Final method to
1.1462 + * obtain the final result. Single-part operations involve
1.1463 + * one method, to perform the crypto operation all at once.
1.1464 + *
1.1465 + * The NSS Cryptoki Framework can implement the single-part
1.1466 + * operations in terms of the streaming operations on behalf
1.1467 + * of the Module. There are a few variances.
1.1468 + *
1.1469 + * Only the Init Functions are defined by the mechanism. Each
1.1470 + * init function will return a NSSCKFWCryptoOperation which
1.1471 + * can supply update, final, the single part updateFinal, and
1.1472 + * the combo updateCombo functions.
1.1473 + *
1.1474 + * For simplicity, the routines are listed in summary here:
1.1475 + *
1.1476 + * EncryptInit,
1.1477 + * DecryptInit,
1.1478 + * DigestInit,
1.1479 + * SignInit,
1.1480 + * SignRecoverInit;
1.1481 + * VerifyInit,
1.1482 + * VerifyRecoverInit;
1.1483 + *
1.1484 + * The key-management routines are
1.1485 + *
1.1486 + * GenerateKey
1.1487 + * GenerateKeyPair
1.1488 + * WrapKey
1.1489 + * UnwrapKey
1.1490 + * DeriveKey
1.1491 + *
1.1492 + * All of these routines based on the Cryptoki API;
1.1493 + * see PKCS#11 for further information.
1.1494 + */
1.1495 +
1.1496 + /*
1.1497 + */
1.1498 + NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)(
1.1499 + NSSCKMDMechanism *mdMechanism,
1.1500 + NSSCKFWMechanism *fwMechanism,
1.1501 + CK_MECHANISM_PTR pMechanism,
1.1502 + NSSCKMDSession *mdSession,
1.1503 + NSSCKFWSession *fwSession,
1.1504 + NSSCKMDToken *mdToken,
1.1505 + NSSCKFWToken *fwToken,
1.1506 + NSSCKMDInstance *mdInstance,
1.1507 + NSSCKFWInstance *fwInstance,
1.1508 + NSSCKMDObject *mdKey,
1.1509 + NSSCKFWObject *fwKey,
1.1510 + CK_RV *pError
1.1511 + );
1.1512 +
1.1513 + /*
1.1514 + */
1.1515 + NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)(
1.1516 + NSSCKMDMechanism *mdMechanism,
1.1517 + NSSCKFWMechanism *fwMechanism,
1.1518 + CK_MECHANISM_PTR pMechanism,
1.1519 + NSSCKMDSession *mdSession,
1.1520 + NSSCKFWSession *fwSession,
1.1521 + NSSCKMDToken *mdToken,
1.1522 + NSSCKFWToken *fwToken,
1.1523 + NSSCKMDInstance *mdInstance,
1.1524 + NSSCKFWInstance *fwInstance,
1.1525 + NSSCKMDObject *mdKey,
1.1526 + NSSCKFWObject *fwKey,
1.1527 + CK_RV *pError
1.1528 + );
1.1529 +
1.1530 + /*
1.1531 + */
1.1532 + NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)(
1.1533 + NSSCKMDMechanism *mdMechanism,
1.1534 + NSSCKFWMechanism *fwMechanism,
1.1535 + CK_MECHANISM_PTR pMechanism,
1.1536 + NSSCKMDSession *mdSession,
1.1537 + NSSCKFWSession *fwSession,
1.1538 + NSSCKMDToken *mdToken,
1.1539 + NSSCKFWToken *fwToken,
1.1540 + NSSCKMDInstance *mdInstance,
1.1541 + NSSCKFWInstance *fwInstance,
1.1542 + CK_RV *pError
1.1543 + );
1.1544 +
1.1545 +
1.1546 + /*
1.1547 + */
1.1548 + NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)(
1.1549 + NSSCKMDMechanism *mdMechanism,
1.1550 + NSSCKFWMechanism *fwMechanism,
1.1551 + CK_MECHANISM_PTR pMechanism,
1.1552 + NSSCKMDSession *mdSession,
1.1553 + NSSCKFWSession *fwSession,
1.1554 + NSSCKMDToken *mdToken,
1.1555 + NSSCKFWToken *fwToken,
1.1556 + NSSCKMDInstance *mdInstance,
1.1557 + NSSCKFWInstance *fwInstance,
1.1558 + NSSCKMDObject *mdKey,
1.1559 + NSSCKFWObject *fwKey,
1.1560 + CK_RV *pError
1.1561 + );
1.1562 +
1.1563 + /*
1.1564 + */
1.1565 + NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)(
1.1566 + NSSCKMDMechanism *mdMechanism,
1.1567 + NSSCKFWMechanism *fwMechanism,
1.1568 + CK_MECHANISM_PTR pMechanism,
1.1569 + NSSCKMDSession *mdSession,
1.1570 + NSSCKFWSession *fwSession,
1.1571 + NSSCKMDToken *mdToken,
1.1572 + NSSCKFWToken *fwToken,
1.1573 + NSSCKMDInstance *mdInstance,
1.1574 + NSSCKFWInstance *fwInstance,
1.1575 + NSSCKMDObject *mdKey,
1.1576 + NSSCKFWObject *fwKey,
1.1577 + CK_RV *pError
1.1578 + );
1.1579 +
1.1580 + /*
1.1581 + */
1.1582 + NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)(
1.1583 + NSSCKMDMechanism *mdMechanism,
1.1584 + NSSCKFWMechanism *fwMechanism,
1.1585 + CK_MECHANISM_PTR pMechanism,
1.1586 + NSSCKMDSession *mdSession,
1.1587 + NSSCKFWSession *fwSession,
1.1588 + NSSCKMDToken *mdToken,
1.1589 + NSSCKFWToken *fwToken,
1.1590 + NSSCKMDInstance *mdInstance,
1.1591 + NSSCKFWInstance *fwInstance,
1.1592 + NSSCKMDObject *mdKey,
1.1593 + NSSCKFWObject *fwKey,
1.1594 + CK_RV *pError
1.1595 + );
1.1596 +
1.1597 + /*
1.1598 + */
1.1599 + NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)(
1.1600 + NSSCKMDMechanism *mdMechanism,
1.1601 + NSSCKFWMechanism *fwMechanism,
1.1602 + CK_MECHANISM_PTR pMechanism,
1.1603 + NSSCKMDSession *mdSession,
1.1604 + NSSCKFWSession *fwSession,
1.1605 + NSSCKMDToken *mdToken,
1.1606 + NSSCKFWToken *fwToken,
1.1607 + NSSCKMDInstance *mdInstance,
1.1608 + NSSCKFWInstance *fwInstance,
1.1609 + NSSCKMDObject *mdKey,
1.1610 + NSSCKFWObject *fwKey,
1.1611 + CK_RV *pError
1.1612 + );
1.1613 +
1.1614 + /*
1.1615 + * Key management operations.
1.1616 + */
1.1617 +
1.1618 + /*
1.1619 + * This routine generates a key. This routine may return NULL
1.1620 + * upon error.
1.1621 + */
1.1622 + NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1.1623 + NSSCKMDMechanism *mdMechanism,
1.1624 + NSSCKFWMechanism *fwMechanism,
1.1625 + CK_MECHANISM_PTR pMechanism,
1.1626 + NSSCKMDSession *mdSession,
1.1627 + NSSCKFWSession *fwSession,
1.1628 + NSSCKMDToken *mdToken,
1.1629 + NSSCKFWToken *fwToken,
1.1630 + NSSCKMDInstance *mdInstance,
1.1631 + NSSCKFWInstance *fwInstance,
1.1632 + CK_ATTRIBUTE_PTR pTemplate,
1.1633 + CK_ULONG ulAttributeCount,
1.1634 + CK_RV *pError
1.1635 + );
1.1636 +
1.1637 + /*
1.1638 + * This routine generates a key pair.
1.1639 + */
1.1640 + CK_RV (PR_CALLBACK *GenerateKeyPair)(
1.1641 + NSSCKMDMechanism *mdMechanism,
1.1642 + NSSCKFWMechanism *fwMechanism,
1.1643 + CK_MECHANISM_PTR pMechanism,
1.1644 + NSSCKMDSession *mdSession,
1.1645 + NSSCKFWSession *fwSession,
1.1646 + NSSCKMDToken *mdToken,
1.1647 + NSSCKFWToken *fwToken,
1.1648 + NSSCKMDInstance *mdInstance,
1.1649 + NSSCKFWInstance *fwInstance,
1.1650 + CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1.1651 + CK_ULONG ulPublicKeyAttributeCount,
1.1652 + CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1.1653 + CK_ULONG ulPrivateKeyAttributeCount,
1.1654 + NSSCKMDObject **pPublicKey,
1.1655 + NSSCKMDObject **pPrivateKey
1.1656 + );
1.1657 +
1.1658 + /*
1.1659 + * This routine wraps a key.
1.1660 + */
1.1661 + CK_ULONG (PR_CALLBACK *GetWrapKeyLength)(
1.1662 + NSSCKMDMechanism *mdMechanism,
1.1663 + NSSCKFWMechanism *fwMechanism,
1.1664 + CK_MECHANISM_PTR pMechanism,
1.1665 + NSSCKMDSession *mdSession,
1.1666 + NSSCKFWSession *fwSession,
1.1667 + NSSCKMDToken *mdToken,
1.1668 + NSSCKFWToken *fwToken,
1.1669 + NSSCKMDInstance *mdInstance,
1.1670 + NSSCKFWInstance *fwInstance,
1.1671 + NSSCKMDObject *mdWrappingKey,
1.1672 + NSSCKFWObject *fwWrappingKey,
1.1673 + NSSCKMDObject *mdWrappedKey,
1.1674 + NSSCKFWObject *fwWrappedKey,
1.1675 + CK_RV *pError
1.1676 + );
1.1677 +
1.1678 + /*
1.1679 + * This routine wraps a key.
1.1680 + */
1.1681 + CK_RV (PR_CALLBACK *WrapKey)(
1.1682 + NSSCKMDMechanism *mdMechanism,
1.1683 + NSSCKFWMechanism *fwMechanism,
1.1684 + CK_MECHANISM_PTR pMechanism,
1.1685 + NSSCKMDSession *mdSession,
1.1686 + NSSCKFWSession *fwSession,
1.1687 + NSSCKMDToken *mdToken,
1.1688 + NSSCKFWToken *fwToken,
1.1689 + NSSCKMDInstance *mdInstance,
1.1690 + NSSCKFWInstance *fwInstance,
1.1691 + NSSCKMDObject *mdWrappingKey,
1.1692 + NSSCKFWObject *fwWrappingKey,
1.1693 + NSSCKMDObject *mdKeyObject,
1.1694 + NSSCKFWObject *fwKeyObject,
1.1695 + NSSItem *wrappedKey
1.1696 + );
1.1697 +
1.1698 + /*
1.1699 + * This routine unwraps a key. This routine may return NULL
1.1700 + * upon error.
1.1701 + */
1.1702 + NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1.1703 + NSSCKMDMechanism *mdMechanism,
1.1704 + NSSCKFWMechanism *fwMechanism,
1.1705 + CK_MECHANISM_PTR pMechanism,
1.1706 + NSSCKMDSession *mdSession,
1.1707 + NSSCKFWSession *fwSession,
1.1708 + NSSCKMDToken *mdToken,
1.1709 + NSSCKFWToken *fwToken,
1.1710 + NSSCKMDInstance *mdInstance,
1.1711 + NSSCKFWInstance *fwInstance,
1.1712 + NSSCKMDObject *mdWrappingKey,
1.1713 + NSSCKFWObject *fwWrappingKey,
1.1714 + NSSItem *wrappedKey,
1.1715 + CK_ATTRIBUTE_PTR pTemplate,
1.1716 + CK_ULONG ulAttributeCount,
1.1717 + CK_RV *pError
1.1718 + );
1.1719 +
1.1720 + /*
1.1721 + * This routine derives a key. This routine may return NULL
1.1722 + * upon error.
1.1723 + */
1.1724 + NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1.1725 + NSSCKMDMechanism *mdMechanism,
1.1726 + NSSCKFWMechanism *fwMechanism,
1.1727 + CK_MECHANISM_PTR pMechanism,
1.1728 + NSSCKMDSession *mdSession,
1.1729 + NSSCKFWSession *fwSession,
1.1730 + NSSCKMDToken *mdToken,
1.1731 + NSSCKFWToken *fwToken,
1.1732 + NSSCKMDInstance *mdInstance,
1.1733 + NSSCKFWInstance *fwInstance,
1.1734 + NSSCKMDObject *mdBaseKey,
1.1735 + NSSCKFWObject *fwBaseKey,
1.1736 + CK_ATTRIBUTE_PTR pTemplate,
1.1737 + CK_ULONG ulAttributeCount,
1.1738 + CK_RV *pError
1.1739 + );
1.1740 +
1.1741 + /*
1.1742 + * This object may be extended in future versions of the
1.1743 + * NSS Cryptoki Framework. To allow for some flexibility
1.1744 + * in the area of binary compatibility, this field should
1.1745 + * be NULL.
1.1746 + */
1.1747 + void *null;
1.1748 +};
1.1749 +
1.1750 +/*
1.1751 + * NSSCKMDObject
1.1752 + *
1.1753 + * This is the basic handle for any object used by a PKCS#11 Module.
1.1754 + * Modules must implement it if they support their own objects, and
1.1755 + * the Framework supports it for Modules that do not handle session
1.1756 + * objects. This type contains a pointer for use by the implementor,
1.1757 + * to store any object-specific data, and it contains an EPV for a
1.1758 + * set of routines used to access the object.
1.1759 + */
1.1760 +
1.1761 +struct NSSCKMDObjectStr {
1.1762 + /*
1.1763 + * The implementation my use this pointer for its own purposes.
1.1764 + */
1.1765 + void *etc;
1.1766 +
1.1767 + /*
1.1768 + * This routine is called by the Framework when it is letting
1.1769 + * go of an object handle. It can be used by the Module to
1.1770 + * free any resources tied up by an object "in use." It is
1.1771 + * optional.
1.1772 + */
1.1773 + void (PR_CALLBACK *Finalize)(
1.1774 + NSSCKMDObject *mdObject,
1.1775 + NSSCKFWObject *fwObject,
1.1776 + NSSCKMDSession *mdSession,
1.1777 + NSSCKFWSession *fwSession,
1.1778 + NSSCKMDToken *mdToken,
1.1779 + NSSCKFWToken *fwToken,
1.1780 + NSSCKMDInstance *mdInstance,
1.1781 + NSSCKFWInstance *fwInstance
1.1782 + );
1.1783 +
1.1784 + /*
1.1785 + * This routine is used to completely destroy an object.
1.1786 + * It is optional. The parameter fwObject might be NULL
1.1787 + * if the framework runs out of memory at the wrong moment.
1.1788 + */
1.1789 + CK_RV (PR_CALLBACK *Destroy)(
1.1790 + NSSCKMDObject *mdObject,
1.1791 + NSSCKFWObject *fwObject,
1.1792 + NSSCKMDSession *mdSession,
1.1793 + NSSCKFWSession *fwSession,
1.1794 + NSSCKMDToken *mdToken,
1.1795 + NSSCKFWToken *fwToken,
1.1796 + NSSCKMDInstance *mdInstance,
1.1797 + NSSCKFWInstance *fwInstance
1.1798 + );
1.1799 +
1.1800 + /*
1.1801 + * This helper routine is used by the Framework, and is especially
1.1802 + * useful when it is managing session objects on behalf of the
1.1803 + * Module. This routine is optional; if unimplemented, the
1.1804 + * Framework will actually look up the CKA_TOKEN attribute. In the
1.1805 + * event of an error, just make something up-- the Framework will
1.1806 + * find out soon enough anyway.
1.1807 + */
1.1808 + CK_BBOOL (PR_CALLBACK *IsTokenObject)(
1.1809 + NSSCKMDObject *mdObject,
1.1810 + NSSCKFWObject *fwObject,
1.1811 + NSSCKMDSession *mdSession,
1.1812 + NSSCKFWSession *fwSession,
1.1813 + NSSCKMDToken *mdToken,
1.1814 + NSSCKFWToken *fwToken,
1.1815 + NSSCKMDInstance *mdInstance,
1.1816 + NSSCKFWInstance *fwInstance
1.1817 + );
1.1818 +
1.1819 + /*
1.1820 + * This routine returns the number of attributes of which this
1.1821 + * object consists. It is mandatory. It can return zero on
1.1822 + * error.
1.1823 + */
1.1824 + CK_ULONG (PR_CALLBACK *GetAttributeCount)(
1.1825 + NSSCKMDObject *mdObject,
1.1826 + NSSCKFWObject *fwObject,
1.1827 + NSSCKMDSession *mdSession,
1.1828 + NSSCKFWSession *fwSession,
1.1829 + NSSCKMDToken *mdToken,
1.1830 + NSSCKFWToken *fwToken,
1.1831 + NSSCKMDInstance *mdInstance,
1.1832 + NSSCKFWInstance *fwInstance,
1.1833 + CK_RV *pError
1.1834 + );
1.1835 +
1.1836 + /*
1.1837 + * This routine stuffs the attribute types into the provided array.
1.1838 + * The array size (as obtained from GetAttributeCount) is passed in
1.1839 + * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1.1840 + * (either too big or too small).
1.1841 + */
1.1842 + CK_RV (PR_CALLBACK *GetAttributeTypes)(
1.1843 + NSSCKMDObject *mdObject,
1.1844 + NSSCKFWObject *fwObject,
1.1845 + NSSCKMDSession *mdSession,
1.1846 + NSSCKFWSession *fwSession,
1.1847 + NSSCKMDToken *mdToken,
1.1848 + NSSCKFWToken *fwToken,
1.1849 + NSSCKMDInstance *mdInstance,
1.1850 + NSSCKFWInstance *fwInstance,
1.1851 + CK_ATTRIBUTE_TYPE_PTR typeArray,
1.1852 + CK_ULONG ulCount
1.1853 + );
1.1854 +
1.1855 + /*
1.1856 + * This routine returns the size (in bytes) of the specified
1.1857 + * attribute. It can return zero on error.
1.1858 + */
1.1859 + CK_ULONG (PR_CALLBACK *GetAttributeSize)(
1.1860 + NSSCKMDObject *mdObject,
1.1861 + NSSCKFWObject *fwObject,
1.1862 + NSSCKMDSession *mdSession,
1.1863 + NSSCKFWSession *fwSession,
1.1864 + NSSCKMDToken *mdToken,
1.1865 + NSSCKFWToken *fwToken,
1.1866 + NSSCKMDInstance *mdInstance,
1.1867 + NSSCKFWInstance *fwInstance,
1.1868 + CK_ATTRIBUTE_TYPE attribute,
1.1869 + CK_RV *pError
1.1870 + );
1.1871 +
1.1872 + /*
1.1873 + * This routine returns an NSSCKFWItem structure.
1.1874 + * The item pointer points to an NSSItem containing the attribute value.
1.1875 + * The needsFreeing bit tells the framework whether to call the
1.1876 + * FreeAttribute function . Upon error, an NSSCKFWItem structure
1.1877 + * with a NULL NSSItem item pointer will be returned
1.1878 + */
1.1879 + NSSCKFWItem (PR_CALLBACK *GetAttribute)(
1.1880 + NSSCKMDObject *mdObject,
1.1881 + NSSCKFWObject *fwObject,
1.1882 + NSSCKMDSession *mdSession,
1.1883 + NSSCKFWSession *fwSession,
1.1884 + NSSCKMDToken *mdToken,
1.1885 + NSSCKFWToken *fwToken,
1.1886 + NSSCKMDInstance *mdInstance,
1.1887 + NSSCKFWInstance *fwInstance,
1.1888 + CK_ATTRIBUTE_TYPE attribute,
1.1889 + CK_RV *pError
1.1890 + );
1.1891 +
1.1892 + /*
1.1893 + * This routine returns CKR_OK if the attribute could be freed.
1.1894 + */
1.1895 + CK_RV (PR_CALLBACK *FreeAttribute)(
1.1896 + NSSCKFWItem * item
1.1897 + );
1.1898 +
1.1899 + /*
1.1900 + * This routine changes the specified attribute. If unimplemented,
1.1901 + * the object will be considered read-only.
1.1902 + */
1.1903 + CK_RV (PR_CALLBACK *SetAttribute)(
1.1904 + NSSCKMDObject *mdObject,
1.1905 + NSSCKFWObject *fwObject,
1.1906 + NSSCKMDSession *mdSession,
1.1907 + NSSCKFWSession *fwSession,
1.1908 + NSSCKMDToken *mdToken,
1.1909 + NSSCKFWToken *fwToken,
1.1910 + NSSCKMDInstance *mdInstance,
1.1911 + NSSCKFWInstance *fwInstance,
1.1912 + CK_ATTRIBUTE_TYPE attribute,
1.1913 + NSSItem *value
1.1914 + );
1.1915 +
1.1916 + /*
1.1917 + * This routine returns the storage requirements of this object,
1.1918 + * in bytes. Cryptoki doesn't strictly define the definition,
1.1919 + * but it should relate to the values returned by the "Get Memory"
1.1920 + * routines of the NSSCKMDToken. This routine is optional; if
1.1921 + * unimplemented, the Framework will consider this information
1.1922 + * sensitive. This routine may return zero on error. If the
1.1923 + * specified error is CKR_OK, zero will be accepted as a valid
1.1924 + * response.
1.1925 + */
1.1926 + CK_ULONG (PR_CALLBACK *GetObjectSize)(
1.1927 + NSSCKMDObject *mdObject,
1.1928 + NSSCKFWObject *fwObject,
1.1929 + NSSCKMDSession *mdSession,
1.1930 + NSSCKFWSession *fwSession,
1.1931 + NSSCKMDToken *mdToken,
1.1932 + NSSCKFWToken *fwToken,
1.1933 + NSSCKMDInstance *mdInstance,
1.1934 + NSSCKFWInstance *fwInstance,
1.1935 + CK_RV *pError
1.1936 + );
1.1937 +
1.1938 + /*
1.1939 + * This object may be extended in future versions of the
1.1940 + * NSS Cryptoki Framework. To allow for some flexibility
1.1941 + * in the area of binary compatibility, this field should
1.1942 + * be NULL.
1.1943 + */
1.1944 + void *null;
1.1945 +};
1.1946 +
1.1947 +
1.1948 +#endif /* NSSCKMDT_H */
