security/nss/lib/ckfw/nssckmdt.h@b8a032363ba2
security/nss/lib/ckfw/nssckmdt.h
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5 #ifndef NSSCKMDT_H
6 #define NSSCKMDT_H
8 /*
9 * nssckmdt.h
10 *
11 * This file specifies the basic types that must be implemented by
12 * any Module using the NSS Cryptoki Framework.
13 */
15 #ifndef NSSBASET_H
16 #include "nssbaset.h"
17 #endif /* NSSBASET_H */
19 #ifndef NSSCKT_H
20 #include "nssckt.h"
21 #endif /* NSSCKT_H */
23 #ifndef NSSCKFWT_H
24 #include "nssckfwt.h"
25 #endif /* NSSCKFWT_H */
27 typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
28 typedef struct NSSCKMDSlotStr NSSCKMDSlot;
29 typedef struct NSSCKMDTokenStr NSSCKMDToken;
30 typedef struct NSSCKMDSessionStr NSSCKMDSession;
31 typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
32 typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
33 typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
34 typedef struct NSSCKMDObjectStr NSSCKMDObject;
36 /*
37 * NSSCKFWItem
38 *
39 * This is a structure used by modules to return object attributes.
40 * The needsFreeing bit indicates whether the object needs to be freed.
41 * If so, the framework will call the FreeAttribute function on the item
42 * after it is done using it.
43 *
44 */
46 typedef struct {
47 PRBool needsFreeing;
48 NSSItem* item;
49 } NSSCKFWItem ;
51 /*
52 * NSSCKMDInstance
53 *
54 * This is the basic handle for an instance of a PKCS#11 Module.
55 * It is returned by the Module's CreateInstance routine, and
56 * may be obtained from the corresponding NSSCKFWInstance object.
57 * It contains a pointer for use by the Module, to store any
58 * instance-related data, and it contains the EPV for a set of
59 * routines which the Module may implement for use by the Framework.
60 * Some of these routines are optional; others are mandatory.
61 */
63 struct NSSCKMDInstanceStr {
64 /*
65 * The Module may use this pointer for its own purposes.
66 */
67 void *etc;
69 /*
70 * This routine is called by the Framework to initialize
71 * the Module. This routine is optional; if unimplemented,
72 * it won't be called. If this routine returns an error,
73 * then the initialization will fail.
74 */
75 CK_RV (PR_CALLBACK *Initialize)(
76 NSSCKMDInstance *mdInstance,
77 NSSCKFWInstance *fwInstance,
78 NSSUTF8 *configurationData
79 );
81 /*
82 * This routine is called when the Framework is finalizing
83 * the PKCS#11 Module. It is the last thing called before
84 * the NSSCKFWInstance's NSSArena is destroyed. This routine
85 * is optional; if unimplemented, it merely won't be called.
86 */
87 void (PR_CALLBACK *Finalize)(
88 NSSCKMDInstance *mdInstance,
89 NSSCKFWInstance *fwInstance
90 );
92 /*
93 * This routine gets the number of slots. This value must
94 * never change, once the instance is initialized. This
95 * routine must be implemented. It may return zero on error.
96 */
97 CK_ULONG (PR_CALLBACK *GetNSlots)(
98 NSSCKMDInstance *mdInstance,
99 NSSCKFWInstance *fwInstance,
100 CK_RV *pError
101 );
103 /*
104 * This routine returns the version of the Cryptoki standard
105 * to which this Module conforms. This routine is optional;
106 * if unimplemented, the Framework uses the version to which
107 * ~it~ was implemented.
108 */
109 CK_VERSION (PR_CALLBACK *GetCryptokiVersion)(
110 NSSCKMDInstance *mdInstance,
111 NSSCKFWInstance *fwInstance
112 );
114 /*
115 * This routine returns a pointer to a UTF8-encoded string
116 * containing the manufacturer ID for this Module. Only
117 * the characters completely encoded in the first thirty-
118 * two bytes are significant. This routine is optional.
119 * The string returned is never freed; if dynamically generated,
120 * the space for it should be allocated from the NSSArena
121 * that may be obtained from the NSSCKFWInstance. This
122 * routine may return NULL upon error; however if *pError
123 * is CKR_OK, the NULL will be considered the valid response.
124 */
125 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
126 NSSCKMDInstance *mdInstance,
127 NSSCKFWInstance *fwInstance,
128 CK_RV *pError
129 );
131 /*
132 * This routine returns a pointer to a UTF8-encoded string
133 * containing a description of this Module library. Only
134 * the characters completely encoded in the first thirty-
135 * two bytes are significant. This routine is optional.
136 * The string returned is never freed; if dynamically generated,
137 * the space for it should be allocated from the NSSArena
138 * that may be obtained from the NSSCKFWInstance. This
139 * routine may return NULL upon error; however if *pError
140 * is CKR_OK, the NULL will be considered the valid response.
141 */
142 NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
143 NSSCKMDInstance *mdInstance,
144 NSSCKFWInstance *fwInstance,
145 CK_RV *pError
146 );
148 /*
149 * This routine returns the version of this Module library.
150 * This routine is optional; if unimplemented, the Framework
151 * will assume a Module library version of 0.1.
152 */
153 CK_VERSION (PR_CALLBACK *GetLibraryVersion)(
154 NSSCKMDInstance *mdInstance,
155 NSSCKFWInstance *fwInstance
156 );
158 /*
159 * This routine returns CK_TRUE if the Module wishes to
160 * handle session objects. This routine is optional.
161 * If this routine is NULL, or if it exists but returns
162 * CK_FALSE, the Framework will assume responsibility
163 * for managing session objects.
164 */
165 CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)(
166 NSSCKMDInstance *mdInstance,
167 NSSCKFWInstance *fwInstance
168 );
170 /*
171 * This routine stuffs pointers to NSSCKMDSlot objects into
172 * the specified array; one for each slot supported by this
173 * instance. The Framework will determine the size needed
174 * for the array by calling GetNSlots. This routine is
175 * required.
176 */
177 CK_RV (PR_CALLBACK *GetSlots)(
178 NSSCKMDInstance *mdInstance,
179 NSSCKFWInstance *fwInstance,
180 NSSCKMDSlot *slots[]
181 );
183 /*
184 * This call returns a pointer to the slot in which an event
185 * has occurred. If the block argument is CK_TRUE, the call
186 * should block until a slot event occurs; if CK_FALSE, it
187 * should check to see if an event has occurred, occurred,
188 * but return NULL (and set *pError to CK_NO_EVENT) if one
189 * hasn't. This routine is optional; if unimplemented, the
190 * Framework will assume that no event has happened. This
191 * routine may return NULL upon error.
192 */
193 NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
194 NSSCKMDInstance *mdInstance,
195 NSSCKFWInstance *fwInstance,
196 CK_BBOOL block,
197 CK_RV *pError
198 );
200 /*
201 * This object may be extended in future versions of the
202 * NSS Cryptoki Framework. To allow for some flexibility
203 * in the area of binary compatibility, this field should
204 * be NULL.
205 */
206 void *null;
207 };
210 /*
211 * NSSCKMDSlot
212 *
213 * This is the basic handle for a PKCS#11 Module Slot. It is
214 * created by the NSSCKMDInstance->GetSlots call, and may be
215 * obtained from the Framework's corresponding NSSCKFWSlot
216 * object. It contains a pointer for use by the Module, to
217 * store any slot-related data, and it contains the EPV for
218 * a set of routines which the Module may implement for use
219 * by the Framework. Some of these routines are optional.
220 */
222 struct NSSCKMDSlotStr {
223 /*
224 * The Module may use this pointer for its own purposes.
225 */
226 void *etc;
228 /*
229 * This routine is called during the Framework initialization
230 * step, after the Framework Instance has obtained the list
231 * of slots (by calling NSSCKMDInstance->GetSlots). Any slot-
232 * specific initialization can be done here. This routine is
233 * optional; if unimplemented, it won't be called. Note that
234 * if this routine returns an error, the entire Framework
235 * initialization for this Module will fail.
236 */
237 CK_RV (PR_CALLBACK *Initialize)(
238 NSSCKMDSlot *mdSlot,
239 NSSCKFWSlot *fwSlot,
240 NSSCKMDInstance *mdInstance,
241 NSSCKFWInstance *fwInstance
242 );
244 /*
245 * This routine is called when the Framework is finalizing
246 * the PKCS#11 Module. This call (for each of the slots)
247 * is the last thing called before NSSCKMDInstance->Finalize.
248 * This routine is optional; if unimplemented, it merely
249 * won't be called. Note: In the rare circumstance that
250 * the Framework initialization cannot complete (due to,
251 * for example, memory limitations), this can be called with
252 * a NULL value for fwSlot.
253 */
254 void (PR_CALLBACK *Destroy)(
255 NSSCKMDSlot *mdSlot,
256 NSSCKFWSlot *fwSlot,
257 NSSCKMDInstance *mdInstance,
258 NSSCKFWInstance *fwInstance
259 );
261 /*
262 * This routine returns a pointer to a UTF8-encoded string
263 * containing a description of this slot. Only the characters
264 * completely encoded in the first sixty-four bytes are
265 * significant. This routine is optional. The string
266 * returned is never freed; if dynamically generated,
267 * the space for it should be allocated from the NSSArena
268 * that may be obtained from the NSSCKFWInstance. This
269 * routine may return NULL upon error; however if *pError
270 * is CKR_OK, the NULL will be considered the valid response.
271 */
272 NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
273 NSSCKMDSlot *mdSlot,
274 NSSCKFWSlot *fwSlot,
275 NSSCKMDInstance *mdInstance,
276 NSSCKFWInstance *fwInstance,
277 CK_RV *pError
278 );
280 /*
281 * This routine returns a pointer to a UTF8-encoded string
282 * containing a description of the manufacturer of this slot.
283 * Only the characters completely encoded in the first thirty-
284 * two bytes are significant. This routine is optional.
285 * The string returned is never freed; if dynamically generated,
286 * the space for it should be allocated from the NSSArena
287 * that may be obtained from the NSSCKFWInstance. This
288 * routine may return NULL upon error; however if *pError
289 * is CKR_OK, the NULL will be considered the valid response.
290 */
291 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
292 NSSCKMDSlot *mdSlot,
293 NSSCKFWSlot *fwSlot,
294 NSSCKMDInstance *mdInstance,
295 NSSCKFWInstance *fwInstance,
296 CK_RV *pError
297 );
299 /*
300 * This routine returns CK_TRUE if a token is present in this
301 * slot. This routine is optional; if unimplemented, CK_TRUE
302 * is assumed.
303 */
304 CK_BBOOL (PR_CALLBACK *GetTokenPresent)(
305 NSSCKMDSlot *mdSlot,
306 NSSCKFWSlot *fwSlot,
307 NSSCKMDInstance *mdInstance,
308 NSSCKFWInstance *fwInstance
309 );
311 /*
312 * This routine returns CK_TRUE if the slot supports removable
313 * tokens. This routine is optional; if unimplemented, CK_FALSE
314 * is assumed.
315 */
316 CK_BBOOL (PR_CALLBACK *GetRemovableDevice)(
317 NSSCKMDSlot *mdSlot,
318 NSSCKFWSlot *fwSlot,
319 NSSCKMDInstance *mdInstance,
320 NSSCKFWInstance *fwInstance
321 );
323 /*
324 * This routine returns CK_TRUE if this slot is a hardware
325 * device, or CK_FALSE if this slot is a software device. This
326 * routine is optional; if unimplemented, CK_FALSE is assumed.
327 */
328 CK_BBOOL (PR_CALLBACK *GetHardwareSlot)(
329 NSSCKMDSlot *mdSlot,
330 NSSCKFWSlot *fwSlot,
331 NSSCKMDInstance *mdInstance,
332 NSSCKFWInstance *fwInstance
333 );
335 /*
336 * This routine returns the version of this slot's hardware.
337 * This routine is optional; if unimplemented, the Framework
338 * will assume a hardware version of 0.1.
339 */
340 CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
341 NSSCKMDSlot *mdSlot,
342 NSSCKFWSlot *fwSlot,
343 NSSCKMDInstance *mdInstance,
344 NSSCKFWInstance *fwInstance
345 );
347 /*
348 * This routine returns the version of this slot's firmware.
349 * This routine is optional; if unimplemented, the Framework
350 * will assume a hardware version of 0.1.
351 */
352 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
353 NSSCKMDSlot *mdSlot,
354 NSSCKFWSlot *fwSlot,
355 NSSCKMDInstance *mdInstance,
356 NSSCKFWInstance *fwInstance
357 );
359 /*
360 * This routine should return a pointer to an NSSCKMDToken
361 * object corresponding to the token in the specified slot.
362 * The NSSCKFWToken object passed in has an NSSArena
363 * available which is dedicated for this token. This routine
364 * must be implemented. This routine may return NULL upon
365 * error.
366 */
367 NSSCKMDToken *(PR_CALLBACK *GetToken)(
368 NSSCKMDSlot *mdSlot,
369 NSSCKFWSlot *fwSlot,
370 NSSCKMDInstance *mdInstance,
371 NSSCKFWInstance *fwInstance,
372 CK_RV *pError
373 );
375 /*
376 * This object may be extended in future versions of the
377 * NSS Cryptoki Framework. To allow for some flexibility
378 * in the area of binary compatibility, this field should
379 * be NULL.
380 */
381 void *null;
382 };
384 /*
385 * NSSCKMDToken
386 *
387 * This is the basic handle for a PKCS#11 Token. It is created by
388 * the NSSCKMDSlot->GetToken call, and may be obtained from the
389 * Framework's corresponding NSSCKFWToken object. It contains a
390 * pointer for use by the Module, to store any token-related
391 * data, and it contains the EPV for a set of routines which the
392 * Module may implement for use by the Framework. Some of these
393 * routines are optional.
394 */
396 struct NSSCKMDTokenStr {
397 /*
398 * The Module may use this pointer for its own purposes.
399 */
400 void *etc;
402 /*
403 * This routine is used to prepare a Module token object for
404 * use. It is called after the NSSCKMDToken object is obtained
405 * from NSSCKMDSlot->GetToken. It is named "Setup" here because
406 * Cryptoki already defines "InitToken" to do the process of
407 * wiping out any existing state on a token and preparing it for
408 * a new use. This routine is optional; if unimplemented, it
409 * merely won't be called.
410 */
411 CK_RV (PR_CALLBACK *Setup)(
412 NSSCKMDToken *mdToken,
413 NSSCKFWToken *fwToken,
414 NSSCKMDInstance *mdInstance,
415 NSSCKFWInstance *fwInstance
416 );
418 /*
419 * This routine is called by the Framework whenever it notices
420 * that the token object is invalid. (Typically this is when a
421 * routine indicates an error such as CKR_DEVICE_REMOVED). This
422 * call is the last thing called before the NSSArena in the
423 * corresponding NSSCKFWToken is destroyed. This routine is
424 * optional; if unimplemented, it merely won't be called.
425 */
426 void (PR_CALLBACK *Invalidate)(
427 NSSCKMDToken *mdToken,
428 NSSCKFWToken *fwToken,
429 NSSCKMDInstance *mdInstance,
430 NSSCKFWInstance *fwInstance
431 );
433 /*
434 * This routine initialises the token in the specified slot.
435 * This routine is optional; if unimplemented, the Framework
436 * will fail this operation with an error of CKR_DEVICE_ERROR.
437 */
439 CK_RV (PR_CALLBACK *InitToken)(
440 NSSCKMDToken *mdToken,
441 NSSCKFWToken *fwToken,
442 NSSCKMDInstance *mdInstance,
443 NSSCKFWInstance *fwInstance,
444 NSSItem *pin,
445 NSSUTF8 *label
446 );
448 /*
449 * This routine returns a pointer to a UTF8-encoded string
450 * containing this token's label. Only the characters
451 * completely encoded in the first thirty-two bytes are
452 * significant. This routine is optional. The string
453 * returned is never freed; if dynamically generated,
454 * the space for it should be allocated from the NSSArena
455 * that may be obtained from the NSSCKFWInstance. This
456 * routine may return NULL upon error; however if *pError
457 * is CKR_OK, the NULL will be considered the valid response.
458 */
459 NSSUTF8 *(PR_CALLBACK *GetLabel)(
460 NSSCKMDToken *mdToken,
461 NSSCKFWToken *fwToken,
462 NSSCKMDInstance *mdInstance,
463 NSSCKFWInstance *fwInstance,
464 CK_RV *pError
465 );
467 /*
468 * This routine returns a pointer to a UTF8-encoded string
469 * containing this token's manufacturer ID. Only the characters
470 * completely encoded in the first thirty-two bytes are
471 * significant. This routine is optional. The string
472 * returned is never freed; if dynamically generated,
473 * the space for it should be allocated from the NSSArena
474 * that may be obtained from the NSSCKFWInstance. This
475 * routine may return NULL upon error; however if *pError
476 * is CKR_OK, the NULL will be considered the valid response.
477 */
478 NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
479 NSSCKMDToken *mdToken,
480 NSSCKFWToken *fwToken,
481 NSSCKMDInstance *mdInstance,
482 NSSCKFWInstance *fwInstance,
483 CK_RV *pError
484 );
486 /*
487 * This routine returns a pointer to a UTF8-encoded string
488 * containing this token's model name. Only the characters
489 * completely encoded in the first thirty-two bytes are
490 * significant. This routine is optional. The string
491 * returned is never freed; if dynamically generated,
492 * the space for it should be allocated from the NSSArena
493 * that may be obtained from the NSSCKFWInstance. This
494 * routine may return NULL upon error; however if *pError
495 * is CKR_OK, the NULL will be considered the valid response.
496 */
497 NSSUTF8 *(PR_CALLBACK *GetModel)(
498 NSSCKMDToken *mdToken,
499 NSSCKFWToken *fwToken,
500 NSSCKMDInstance *mdInstance,
501 NSSCKFWInstance *fwInstance,
502 CK_RV *pError
503 );
505 /*
506 * This routine returns a pointer to a UTF8-encoded string
507 * containing this token's serial number. Only the characters
508 * completely encoded in the first thirty-two bytes are
509 * significant. This routine is optional. The string
510 * returned is never freed; if dynamically generated,
511 * the space for it should be allocated from the NSSArena
512 * that may be obtained from the NSSCKFWInstance. This
513 * routine may return NULL upon error; however if *pError
514 * is CKR_OK, the NULL will be considered the valid response.
515 */
516 NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
517 NSSCKMDToken *mdToken,
518 NSSCKFWToken *fwToken,
519 NSSCKMDInstance *mdInstance,
520 NSSCKFWInstance *fwInstance,
521 CK_RV *pError
522 );
524 /*
525 * This routine returns CK_TRUE if the token has its own
526 * random number generator. This routine is optional; if
527 * unimplemented, CK_FALSE is assumed.
528 */
529 CK_BBOOL (PR_CALLBACK *GetHasRNG)(
530 NSSCKMDToken *mdToken,
531 NSSCKFWToken *fwToken,
532 NSSCKMDInstance *mdInstance,
533 NSSCKFWInstance *fwInstance
534 );
536 /*
537 * This routine returns CK_TRUE if this token is write-protected.
538 * This routine is optional; if unimplemented, CK_FALSE is
539 * assumed.
540 */
541 CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)(
542 NSSCKMDToken *mdToken,
543 NSSCKFWToken *fwToken,
544 NSSCKMDInstance *mdInstance,
545 NSSCKFWInstance *fwInstance
546 );
548 /*
549 * This routine returns CK_TRUE if this token requires a login.
550 * This routine is optional; if unimplemented, CK_FALSE is
551 * assumed.
552 */
553 CK_BBOOL (PR_CALLBACK *GetLoginRequired)(
554 NSSCKMDToken *mdToken,
555 NSSCKFWToken *fwToken,
556 NSSCKMDInstance *mdInstance,
557 NSSCKFWInstance *fwInstance
558 );
560 /*
561 * This routine returns CK_TRUE if the normal user's PIN on this
562 * token has been initialised. This routine is optional; if
563 * unimplemented, CK_FALSE is assumed.
564 */
565 CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)(
566 NSSCKMDToken *mdToken,
567 NSSCKFWToken *fwToken,
568 NSSCKMDInstance *mdInstance,
569 NSSCKFWInstance *fwInstance
570 );
572 /*
573 * This routine returns CK_TRUE if a successful save of a
574 * session's cryptographic operations state ~always~ contains
575 * all keys needed to restore the state of the session. This
576 * routine is optional; if unimplemented, CK_FALSE is assumed.
577 */
578 CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)(
579 NSSCKMDToken *mdToken,
580 NSSCKFWToken *fwToken,
581 NSSCKMDInstance *mdInstance,
582 NSSCKFWInstance *fwInstance
583 );
585 /*
586 * This routine returns CK_TRUE if the token has its own
587 * hardware clock. This routine is optional; if unimplemented,
588 * CK_FALSE is assumed.
589 */
590 CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)(
591 NSSCKMDToken *mdToken,
592 NSSCKFWToken *fwToken,
593 NSSCKMDInstance *mdInstance,
594 NSSCKFWInstance *fwInstance
595 );
597 /*
598 * This routine returns CK_TRUE if the token has a protected
599 * authentication path. This routine is optional; if
600 * unimplemented, CK_FALSE is assumed.
601 */
602 CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)(
603 NSSCKMDToken *mdToken,
604 NSSCKFWToken *fwToken,
605 NSSCKMDInstance *mdInstance,
606 NSSCKFWInstance *fwInstance
607 );
609 /*
610 * This routine returns CK_TRUE if the token supports dual
611 * cryptographic operations within a single session. This
612 * routine is optional; if unimplemented, CK_FALSE is assumed.
613 */
614 CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)(
615 NSSCKMDToken *mdToken,
616 NSSCKFWToken *fwToken,
617 NSSCKMDInstance *mdInstance,
618 NSSCKFWInstance *fwInstance
619 );
621 /*
622 * XXX fgmr-- should we have a call to return all the flags
623 * at once, for folks who already know about Cryptoki?
624 */
626 /*
627 * This routine returns the maximum number of sessions that
628 * may be opened on this token. This routine is optional;
629 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
630 * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
631 */
632 CK_ULONG (PR_CALLBACK *GetMaxSessionCount)(
633 NSSCKMDToken *mdToken,
634 NSSCKFWToken *fwToken,
635 NSSCKMDInstance *mdInstance,
636 NSSCKFWInstance *fwInstance
637 );
639 /*
640 * This routine returns the maximum number of read/write
641 * sesisons that may be opened on this token. This routine
642 * is optional; if unimplemented, the special value
643 * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or
644 * CK_EFFECTIVELY_INFINITE?
645 */
646 CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)(
647 NSSCKMDToken *mdToken,
648 NSSCKFWToken *fwToken,
649 NSSCKMDInstance *mdInstance,
650 NSSCKFWInstance *fwInstance
651 );
653 /*
654 * This routine returns the maximum PIN code length that is
655 * supported on this token. This routine is optional;
656 * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
657 * is assumed.
658 */
659 CK_ULONG (PR_CALLBACK *GetMaxPinLen)(
660 NSSCKMDToken *mdToken,
661 NSSCKFWToken *fwToken,
662 NSSCKMDInstance *mdInstance,
663 NSSCKFWInstance *fwInstance
664 );
666 /*
667 * This routine returns the minimum PIN code length that is
668 * supported on this token. This routine is optional; if
669 * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
670 * is assumed. XXX fgmr-- or 0?
671 */
672 CK_ULONG (PR_CALLBACK *GetMinPinLen)(
673 NSSCKMDToken *mdToken,
674 NSSCKFWToken *fwToken,
675 NSSCKMDInstance *mdInstance,
676 NSSCKFWInstance *fwInstance
677 );
679 /*
680 * This routine returns the total amount of memory on the token
681 * in which public objects may be stored. This routine is
682 * optional; if unimplemented, the special value
683 * CK_UNAVAILABLE_INFORMATION is assumed.
684 */
685 CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)(
686 NSSCKMDToken *mdToken,
687 NSSCKFWToken *fwToken,
688 NSSCKMDInstance *mdInstance,
689 NSSCKFWInstance *fwInstance
690 );
692 /*
693 * This routine returns the amount of unused memory on the
694 * token in which public objects may be stored. This routine
695 * is optional; if unimplemented, the special value
696 * CK_UNAVAILABLE_INFORMATION is assumed.
697 */
698 CK_ULONG (PR_CALLBACK *GetFreePublicMemory)(
699 NSSCKMDToken *mdToken,
700 NSSCKFWToken *fwToken,
701 NSSCKMDInstance *mdInstance,
702 NSSCKFWInstance *fwInstance
703 );
705 /*
706 * This routine returns the total amount of memory on the token
707 * in which private objects may be stored. This routine is
708 * optional; if unimplemented, the special value
709 * CK_UNAVAILABLE_INFORMATION is assumed.
710 */
711 CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)(
712 NSSCKMDToken *mdToken,
713 NSSCKFWToken *fwToken,
714 NSSCKMDInstance *mdInstance,
715 NSSCKFWInstance *fwInstance
716 );
718 /*
719 * This routine returns the amount of unused memory on the
720 * token in which private objects may be stored. This routine
721 * is optional; if unimplemented, the special value
722 * CK_UNAVAILABLE_INFORMATION is assumed.
723 */
724 CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)(
725 NSSCKMDToken *mdToken,
726 NSSCKFWToken *fwToken,
727 NSSCKMDInstance *mdInstance,
728 NSSCKFWInstance *fwInstance
729 );
731 /*
732 * This routine returns the version number of this token's
733 * hardware. This routine is optional; if unimplemented,
734 * the value 0.1 is assumed.
735 */
736 CK_VERSION (PR_CALLBACK *GetHardwareVersion)(
737 NSSCKMDToken *mdToken,
738 NSSCKFWToken *fwToken,
739 NSSCKMDInstance *mdInstance,
740 NSSCKFWInstance *fwInstance
741 );
743 /*
744 * This routine returns the version number of this token's
745 * firmware. This routine is optional; if unimplemented,
746 * the value 0.1 is assumed.
747 */
748 CK_VERSION (PR_CALLBACK *GetFirmwareVersion)(
749 NSSCKMDToken *mdToken,
750 NSSCKFWToken *fwToken,
751 NSSCKMDInstance *mdInstance,
752 NSSCKFWInstance *fwInstance
753 );
755 /*
756 * This routine stuffs the current UTC time, as obtained from
757 * the token, into the sixteen-byte buffer in the form
758 * YYYYMMDDhhmmss00. This routine need only be implemented
759 * by token which indicate that they have a real-time clock.
760 * XXX fgmr-- think about time formats.
761 */
762 CK_RV (PR_CALLBACK *GetUTCTime)(
763 NSSCKMDToken *mdToken,
764 NSSCKFWToken *fwToken,
765 NSSCKMDInstance *mdInstance,
766 NSSCKFWInstance *fwInstance,
767 CK_CHAR utcTime[16]
768 );
770 /*
771 * This routine creates a session on the token, and returns
772 * the corresponding NSSCKMDSession object. The value of
773 * rw will be CK_TRUE if the session is to be a read/write
774 * session, or CK_FALSE otherwise. An NSSArena dedicated to
775 * the new session is available from the specified NSSCKFWSession.
776 * This routine may return NULL upon error.
777 */
778 NSSCKMDSession *(PR_CALLBACK *OpenSession)(
779 NSSCKMDToken *mdToken,
780 NSSCKFWToken *fwToken,
781 NSSCKMDInstance *mdInstance,
782 NSSCKFWInstance *fwInstance,
783 NSSCKFWSession *fwSession,
784 CK_BBOOL rw,
785 CK_RV *pError
786 );
788 /*
789 * This routine returns the number of PKCS#11 Mechanisms
790 * supported by this token. This routine is optional; if
791 * unimplemented, zero is assumed.
792 */
793 CK_ULONG (PR_CALLBACK *GetMechanismCount)(
794 NSSCKMDToken *mdToken,
795 NSSCKFWToken *fwToken,
796 NSSCKMDInstance *mdInstance,
797 NSSCKFWInstance *fwInstance
798 );
800 /*
801 * This routine stuffs into the specified array the types
802 * of the mechanisms supported by this token. The Framework
803 * determines the size of the array by calling GetMechanismCount.
804 */
805 CK_RV (PR_CALLBACK *GetMechanismTypes)(
806 NSSCKMDToken *mdToken,
807 NSSCKFWToken *fwToken,
808 NSSCKMDInstance *mdInstance,
809 NSSCKFWInstance *fwInstance,
810 CK_MECHANISM_TYPE types[]
811 );
813 /*
814 * This routine returns a pointer to a Module mechanism
815 * object corresponding to a specified type. This routine
816 * need only exist for tokens implementing at least one
817 * mechanism.
818 */
819 NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
820 NSSCKMDToken *mdToken,
821 NSSCKFWToken *fwToken,
822 NSSCKMDInstance *mdInstance,
823 NSSCKFWInstance *fwInstance,
824 CK_MECHANISM_TYPE which,
825 CK_RV *pError
826 );
828 /*
829 * This object may be extended in future versions of the
830 * NSS Cryptoki Framework. To allow for some flexibility
831 * in the area of binary compatibility, this field should
832 * be NULL.
833 */
834 void *null;
835 };
837 /*
838 * NSSCKMDSession
839 *
840 * This is the basic handle for a session on a PKCS#11 Token. It
841 * is created by NSSCKMDToken->OpenSession, and may be obtained
842 * from the Framework's corresponding NSSCKFWSession object. It
843 * contains a pointer for use by the Module, to store any session-
844 * realted data, and it contains the EPV for a set of routines
845 * which the Module may implement for use by the Framework. Some
846 * of these routines are optional.
847 */
849 struct NSSCKMDSessionStr {
850 /*
851 * The Module may use this pointer for its own purposes.
852 */
853 void *etc;
855 /*
856 * This routine is called by the Framework when a session is
857 * closed. This call is the last thing called before the
858 * NSSArena in the correspoinding NSSCKFWSession is destroyed.
859 * This routine is optional; if unimplemented, it merely won't
860 * be called.
861 */
862 void (PR_CALLBACK *Close)(
863 NSSCKMDSession *mdSession,
864 NSSCKFWSession *fwSession,
865 NSSCKMDToken *mdToken,
866 NSSCKFWToken *fwToken,
867 NSSCKMDInstance *mdInstance,
868 NSSCKFWInstance *fwInstance
869 );
871 /*
872 * This routine is used to get any device-specific error.
873 * This routine is optional.
874 */
875 CK_ULONG (PR_CALLBACK *GetDeviceError)(
876 NSSCKMDSession *mdSession,
877 NSSCKFWSession *fwSession,
878 NSSCKMDToken *mdToken,
879 NSSCKFWToken *fwToken,
880 NSSCKMDInstance *mdInstance,
881 NSSCKFWInstance *fwInstance
882 );
884 /*
885 * This routine is used to log in a user to the token. This
886 * routine is optional, since the Framework's NSSCKFWSession
887 * object keeps track of the login state.
888 */
889 CK_RV (PR_CALLBACK *Login)(
890 NSSCKMDSession *mdSession,
891 NSSCKFWSession *fwSession,
892 NSSCKMDToken *mdToken,
893 NSSCKFWToken *fwToken,
894 NSSCKMDInstance *mdInstance,
895 NSSCKFWInstance *fwInstance,
896 CK_USER_TYPE userType,
897 NSSItem *pin,
898 CK_STATE oldState,
899 CK_STATE newState
900 );
902 /*
903 * This routine is used to log out a user from the token. This
904 * routine is optional, since the Framework's NSSCKFWSession
905 * object keeps track of the login state.
906 */
907 CK_RV (PR_CALLBACK *Logout)(
908 NSSCKMDSession *mdSession,
909 NSSCKFWSession *fwSession,
910 NSSCKMDToken *mdToken,
911 NSSCKFWToken *fwToken,
912 NSSCKMDInstance *mdInstance,
913 NSSCKFWInstance *fwInstance,
914 CK_STATE oldState,
915 CK_STATE newState
916 );
918 /*
919 * This routine is used to initialize the normal user's PIN or
920 * password. This will only be called in the "read/write
921 * security officer functions" state. If this token has a
922 * protected authentication path, then the pin argument will
923 * be NULL. This routine is optional; if unimplemented, the
924 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
925 */
926 CK_RV (PR_CALLBACK *InitPIN)(
927 NSSCKMDSession *mdSession,
928 NSSCKFWSession *fwSession,
929 NSSCKMDToken *mdToken,
930 NSSCKFWToken *fwToken,
931 NSSCKMDInstance *mdInstance,
932 NSSCKFWInstance *fwInstance,
933 NSSItem *pin
934 );
936 /*
937 * This routine is used to modify a user's PIN or password. This
938 * routine will only be called in the "read/write security officer
939 * functions" or "read/write user functions" state. If this token
940 * has a protected authentication path, then the pin arguments
941 * will be NULL. This routine is optional; if unimplemented, the
942 * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
943 */
944 CK_RV (PR_CALLBACK *SetPIN)(
945 NSSCKMDSession *mdSession,
946 NSSCKFWSession *fwSession,
947 NSSCKMDToken *mdToken,
948 NSSCKFWToken *fwToken,
949 NSSCKMDInstance *mdInstance,
950 NSSCKFWInstance *fwInstance,
951 NSSItem *oldPin,
952 NSSItem *newPin
953 );
955 /*
956 * This routine is used to find out how much space would be required
957 * to save the current operational state. This routine is optional;
958 * if unimplemented, the Framework will reject any attempts to save
959 * the operational state with the error CKR_STATE_UNSAVEABLE. This
960 * routine may return zero on error.
961 */
962 CK_ULONG (PR_CALLBACK *GetOperationStateLen)(
963 NSSCKMDSession *mdSession,
964 NSSCKFWSession *fwSession,
965 NSSCKMDToken *mdToken,
966 NSSCKFWToken *fwToken,
967 NSSCKMDInstance *mdInstance,
968 NSSCKFWInstance *fwInstance,
969 CK_RV *pError
970 );
972 /*
973 * This routine is used to store the current operational state. This
974 * routine is only required if GetOperationStateLen is implemented
975 * and can return a nonzero value. The buffer in the specified item
976 * will be pre-allocated, and the length will specify the amount of
977 * space available (which may be more than GetOperationStateLen
978 * asked for, but which will not be smaller).
979 */
980 CK_RV (PR_CALLBACK *GetOperationState)(
981 NSSCKMDSession *mdSession,
982 NSSCKFWSession *fwSession,
983 NSSCKMDToken *mdToken,
984 NSSCKFWToken *fwToken,
985 NSSCKMDInstance *mdInstance,
986 NSSCKFWInstance *fwInstance,
987 NSSItem *buffer
988 );
990 /*
991 * This routine is used to restore an operational state previously
992 * obtained with GetOperationState. The Framework will take pains
993 * to be sure that the state is (or was at one point) valid; if the
994 * Module notices that the state is invalid, it should return an
995 * error, but it is not required to be paranoid about the issue.
996 * [XXX fgmr-- should (can?) the framework verify the keys match up?]
997 * This routine is required only if GetOperationState is implemented.
998 */
999 CK_RV (PR_CALLBACK *SetOperationState)(
1000 NSSCKMDSession *mdSession,
1001 NSSCKFWSession *fwSession,
1002 NSSCKMDToken *mdToken,
1003 NSSCKFWToken *fwToken,
1004 NSSCKMDInstance *mdInstance,
1005 NSSCKFWInstance *fwInstance,
1006 NSSItem *state,
1007 NSSCKMDObject *mdEncryptionKey,
1008 NSSCKFWObject *fwEncryptionKey,
1009 NSSCKMDObject *mdAuthenticationKey,
1010 NSSCKFWObject *fwAuthenticationKey
1011 );
1013 /*
1014 * This routine is used to create an object. The specified template
1015 * will only specify a session object if the Module has indicated
1016 * that it wishes to handle its own session objects. This routine
1017 * is optional; if unimplemented, the Framework will reject the
1018 * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for
1019 * token objects should come from the NSSArena available from the
1020 * NSSCKFWToken object; space for session objects (if supported)
1021 * should come from the NSSArena available from the NSSCKFWSession
1022 * object. The appropriate NSSArena pointer will, as a convenience,
1023 * be passed as the handyArenaPointer argument. This routine may
1024 * return NULL upon error.
1025 */
1026 NSSCKMDObject *(PR_CALLBACK *CreateObject)(
1027 NSSCKMDSession *mdSession,
1028 NSSCKFWSession *fwSession,
1029 NSSCKMDToken *mdToken,
1030 NSSCKFWToken *fwToken,
1031 NSSCKMDInstance *mdInstance,
1032 NSSCKFWInstance *fwInstance,
1033 NSSArena *handyArenaPointer,
1034 CK_ATTRIBUTE_PTR pTemplate,
1035 CK_ULONG ulAttributeCount,
1036 CK_RV *pError
1037 );
1039 /*
1040 * This routine is used to make a copy of an object. It is entirely
1041 * optional; if unimplemented, the Framework will try to use
1042 * CreateObject instead. If the Module has indicated that it does
1043 * not wish to handle session objects, then this routine will only
1044 * be called to copy a token object to another token object.
1045 * Otherwise, either the original object or the new may be of
1046 * either the token or session variety. As with CreateObject, the
1047 * handyArenaPointer will point to the appropriate arena for the
1048 * new object. This routine may return NULL upon error.
1049 */
1050 NSSCKMDObject *(PR_CALLBACK *CopyObject)(
1051 NSSCKMDSession *mdSession,
1052 NSSCKFWSession *fwSession,
1053 NSSCKMDToken *mdToken,
1054 NSSCKFWToken *fwToken,
1055 NSSCKMDInstance *mdInstance,
1056 NSSCKFWInstance *fwInstance,
1057 NSSCKMDObject *mdOldObject,
1058 NSSCKFWObject *fwOldObject,
1059 NSSArena *handyArenaPointer,
1060 CK_ATTRIBUTE_PTR pTemplate,
1061 CK_ULONG ulAttributeCount,
1062 CK_RV *pError
1063 );
1065 /*
1066 * This routine is used to begin an object search. This routine may
1067 * be unimplemented only if the Module does not handle session
1068 * objects, and if none of its tokens have token objects. The
1069 * NSSCKFWFindObjects pointer has an NSSArena that may be used for
1070 * storage for the life of this "find" operation. This routine may
1071 * return NULL upon error. If the Module can determine immediately
1072 * that the search will not find any matching objects, it may return
1073 * NULL, and specify CKR_OK as the error.
1074 */
1075 NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
1076 NSSCKMDSession *mdSession,
1077 NSSCKFWSession *fwSession,
1078 NSSCKMDToken *mdToken,
1079 NSSCKFWToken *fwToken,
1080 NSSCKMDInstance *mdInstance,
1081 NSSCKFWInstance *fwInstance,
1082 CK_ATTRIBUTE_PTR pTemplate,
1083 CK_ULONG ulAttributeCount,
1084 CK_RV *pError
1085 );
1087 /*
1088 * This routine seeds the random-number generator. It is
1089 * optional, even if GetRandom is implemented. If unimplemented,
1090 * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
1091 */
1092 CK_RV (PR_CALLBACK *SeedRandom)(
1093 NSSCKMDSession *mdSession,
1094 NSSCKFWSession *fwSession,
1095 NSSCKMDToken *mdToken,
1096 NSSCKFWToken *fwToken,
1097 NSSCKMDInstance *mdInstance,
1098 NSSCKFWInstance *fwInstance,
1099 NSSItem *seed
1100 );
1102 /*
1103 * This routine gets random data. It is optional. If unimplemented,
1104 * the Framework will issue the error CKR_RANDOM_NO_RNG.
1105 */
1106 CK_RV (PR_CALLBACK *GetRandom)(
1107 NSSCKMDSession *mdSession,
1108 NSSCKFWSession *fwSession,
1109 NSSCKMDToken *mdToken,
1110 NSSCKFWToken *fwToken,
1111 NSSCKMDInstance *mdInstance,
1112 NSSCKFWInstance *fwInstance,
1113 NSSItem *buffer
1114 );
1116 /*
1117 * This object may be extended in future versions of the
1118 * NSS Cryptoki Framework. To allow for some flexibility
1119 * in the area of binary compatibility, this field should
1120 * be NULL.
1121 */
1122 void *null;
1123 };
1125 /*
1126 * NSSCKMDFindObjects
1127 *
1128 * This is the basic handle for an object search. It is
1129 * created by NSSCKMDSession->FindObjectsInit, and may be
1130 * obtained from the Framework's corresponding object.
1131 * It contains a pointer for use by the Module, to store
1132 * any search-related data, and it contains the EPV for a
1133 * set of routines which the Module may implement for use
1134 * by the Framework. Some of these routines are optional.
1135 */
1137 struct NSSCKMDFindObjectsStr {
1138 /*
1139 * The Module may use this pointer for its own purposes.
1140 */
1141 void *etc;
1143 /*
1144 * This routine is called by the Framework to finish a
1145 * search operation. Note that the Framework may finish
1146 * a search before it has completed. This routine is
1147 * optional; if unimplemented, it merely won't be called.
1148 */
1149 void (PR_CALLBACK *Final)(
1150 NSSCKMDFindObjects *mdFindObjects,
1151 NSSCKFWFindObjects *fwFindObjects,
1152 NSSCKMDSession *mdSession,
1153 NSSCKFWSession *fwSession,
1154 NSSCKMDToken *mdToken,
1155 NSSCKFWToken *fwToken,
1156 NSSCKMDInstance *mdInstance,
1157 NSSCKFWInstance *fwInstance
1158 );
1160 /*
1161 * This routine is used to obtain another pointer to an
1162 * object matching the search criteria. This routine is
1163 * required. If no (more) objects match the search, it
1164 * should return NULL and set the error to CKR_OK.
1165 */
1166 NSSCKMDObject *(PR_CALLBACK *Next)(
1167 NSSCKMDFindObjects *mdFindObjects,
1168 NSSCKFWFindObjects *fwFindObjects,
1169 NSSCKMDSession *mdSession,
1170 NSSCKFWSession *fwSession,
1171 NSSCKMDToken *mdToken,
1172 NSSCKFWToken *fwToken,
1173 NSSCKMDInstance *mdInstance,
1174 NSSCKFWInstance *fwInstance,
1175 NSSArena *arena,
1176 CK_RV *pError
1177 );
1179 /*
1180 * This object may be extended in future versions of the
1181 * NSS Cryptoki Framework. To allow for some flexibility
1182 * in the area of binary compatibility, this field should
1183 * be NULL.
1184 */
1185 void *null;
1186 };
1188 /*
1189 * NSSCKMDCryptoOperaion
1190 *
1191 * This is the basic handle for an encryption, decryption,
1192 * sign, verify, or hash opertion.
1193 * created by NSSCKMDMechanism->XXXXInit, and may be
1194 * obtained from the Framework's corresponding object.
1195 * It contains a pointer for use by the Module, to store
1196 * any intermediate data, and it contains the EPV for a
1197 * set of routines which the Module may implement for use
1198 * by the Framework. Some of these routines are optional.
1199 */
1201 struct NSSCKMDCryptoOperationStr {
1202 /*
1203 * The Module may use this pointer for its own purposes.
1204 */
1205 void *etc;
1207 /*
1208 * This routine is called by the Framework clean up the mdCryptoOperation
1209 * structure.
1210 * This routine is optional; if unimplemented, it will be ignored.
1211 */
1212 void (PR_CALLBACK *Destroy)(
1213 NSSCKMDCryptoOperation *mdCryptoOperation,
1214 NSSCKFWCryptoOperation *fwCryptoOperation,
1215 NSSCKMDInstance *mdInstance,
1216 NSSCKFWInstance *fwInstance
1217 );
1220 /*
1221 * how many bytes do we need to finish this buffer?
1222 * must be implemented if Final is implemented.
1223 */
1224 CK_ULONG (PR_CALLBACK *GetFinalLength)(
1225 NSSCKMDCryptoOperation *mdCryptoOperation,
1226 NSSCKFWCryptoOperation *fwCryptoOperation,
1227 NSSCKMDSession *mdSession,
1228 NSSCKFWSession *fwSession,
1229 NSSCKMDToken *mdToken,
1230 NSSCKFWToken *fwToken,
1231 NSSCKMDInstance *mdInstance,
1232 NSSCKFWInstance *fwInstance,
1233 CK_RV *pError
1234 );
1236 /*
1237 * how many bytes do we need to complete the next operation.
1238 * used in both Update and UpdateFinal.
1239 */
1240 CK_ULONG (PR_CALLBACK *GetOperationLength)(
1241 NSSCKMDCryptoOperation *mdCryptoOperation,
1242 NSSCKFWCryptoOperation *fwCryptoOperation,
1243 NSSCKMDSession *mdSession,
1244 NSSCKFWSession *fwSession,
1245 NSSCKMDToken *mdToken,
1246 NSSCKFWToken *fwToken,
1247 NSSCKMDInstance *mdInstance,
1248 NSSCKFWInstance *fwInstance,
1249 const NSSItem *inputBuffer,
1250 CK_RV *pError
1251 );
1253 /*
1254 * This routine is called by the Framework to finish a
1255 * search operation. Note that the Framework may finish
1256 * a search before it has completed. This routine is
1257 * optional; if unimplemented, it merely won't be called.
1258 * The respective final call with fail with CKR_FUNCTION_FAILED
1259 * Final should not free the mdCryptoOperation.
1260 */
1261 CK_RV(PR_CALLBACK *Final)(
1262 NSSCKMDCryptoOperation *mdCryptoOperation,
1263 NSSCKFWCryptoOperation *fwCryptoOperation,
1264 NSSCKMDSession *mdSession,
1265 NSSCKFWSession *fwSession,
1266 NSSCKMDToken *mdToken,
1267 NSSCKFWToken *fwToken,
1268 NSSCKMDInstance *mdInstance,
1269 NSSCKFWInstance *fwInstance,
1270 NSSItem *outputBuffer
1271 );
1274 /*
1275 * This routine is called by the Framework to complete the
1276 * next step in an encryption/decryption operation.
1277 * This routine is optional; if unimplemented, the respective
1278 * update call with fail with CKR_FUNCTION_FAILED.
1279 * Update should not be implemented for signing/verification/digest
1280 * mechanisms.
1281 */
1282 CK_RV(PR_CALLBACK *Update)(
1283 NSSCKMDCryptoOperation *mdCryptoOperation,
1284 NSSCKFWCryptoOperation *fwCryptoOperation,
1285 NSSCKMDSession *mdSession,
1286 NSSCKFWSession *fwSession,
1287 NSSCKMDToken *mdToken,
1288 NSSCKFWToken *fwToken,
1289 NSSCKMDInstance *mdInstance,
1290 NSSCKFWInstance *fwInstance,
1291 const NSSItem *inputBuffer,
1292 NSSItem *outputBuffer
1293 );
1295 /*
1296 * This routine is called by the Framework to complete the
1297 * next step in a signing/verification/digest operation.
1298 * This routine is optional; if unimplemented, the respective
1299 * update call with fail with CKR_FUNCTION_FAILED
1300 * Update should not be implemented for encryption/decryption
1301 * mechanisms.
1302 */
1303 CK_RV(PR_CALLBACK *DigestUpdate)(
1304 NSSCKMDCryptoOperation *mdCryptoOperation,
1305 NSSCKFWCryptoOperation *fwCryptoOperation,
1306 NSSCKMDSession *mdSession,
1307 NSSCKFWSession *fwSession,
1308 NSSCKMDToken *mdToken,
1309 NSSCKFWToken *fwToken,
1310 NSSCKMDInstance *mdInstance,
1311 NSSCKFWInstance *fwInstance,
1312 const NSSItem *inputBuffer
1313 );
1315 /*
1316 * This routine is called by the Framework to complete a
1317 * single step operation. This routine is optional; if unimplemented,
1318 * the framework will use the Update and Final functions to complete
1319 * the operation.
1320 */
1321 CK_RV(PR_CALLBACK *UpdateFinal)(
1322 NSSCKMDCryptoOperation *mdCryptoOperation,
1323 NSSCKFWCryptoOperation *fwCryptoOperation,
1324 NSSCKMDSession *mdSession,
1325 NSSCKFWSession *fwSession,
1326 NSSCKMDToken *mdToken,
1327 NSSCKFWToken *fwToken,
1328 NSSCKMDInstance *mdInstance,
1329 NSSCKFWInstance *fwInstance,
1330 const NSSItem *inputBuffer,
1331 NSSItem *outputBuffer
1332 );
1334 /*
1335 * This routine is called by the Framework to complete next
1336 * step in a combined operation. The Decrypt/Encrypt mechanism
1337 * should define and drive the combo step.
1338 * This routine is optional; if unimplemented,
1339 * the framework will use the appropriate Update functions to complete
1340 * the operation.
1341 */
1342 CK_RV(PR_CALLBACK *UpdateCombo)(
1343 NSSCKMDCryptoOperation *mdCryptoOperation,
1344 NSSCKFWCryptoOperation *fwCryptoOperation,
1345 NSSCKMDCryptoOperation *mdPeerCryptoOperation,
1346 NSSCKFWCryptoOperation *fwPeerCryptoOperation,
1347 NSSCKMDSession *mdSession,
1348 NSSCKFWSession *fwSession,
1349 NSSCKMDToken *mdToken,
1350 NSSCKFWToken *fwToken,
1351 NSSCKMDInstance *mdInstance,
1352 NSSCKFWInstance *fwInstance,
1353 const NSSItem *inputBuffer,
1354 NSSItem *outputBuffer
1355 );
1357 /*
1358 * Hash a key directly into the digest
1359 */
1360 CK_RV(PR_CALLBACK *DigestKey)(
1361 NSSCKMDCryptoOperation *mdCryptoOperation,
1362 NSSCKFWCryptoOperation *fwCryptoOperation,
1363 NSSCKMDToken *mdToken,
1364 NSSCKFWToken *fwToken,
1365 NSSCKMDInstance *mdInstance,
1366 NSSCKFWInstance *fwInstance,
1367 NSSCKMDObject *mdKey,
1368 NSSCKFWObject *fwKey
1369 );
1371 /*
1372 * This object may be extended in future versions of the
1373 * NSS Cryptoki Framework. To allow for some flexibility
1374 * in the area of binary compatibility, this field should
1375 * be NULL.
1376 */
1377 void *null;
1378 };
1380 /*
1381 * NSSCKMDMechanism
1382 *
1383 */
1385 struct NSSCKMDMechanismStr {
1386 /*
1387 * The Module may use this pointer for its own purposes.
1388 */
1389 void *etc;
1391 /*
1392 * This also frees the fwMechanism if appropriate.
1393 * If it is not supplied, the Framework will assume that the Token
1394 * Manages a static list of mechanisms and the function will not be called.
1395 */
1396 void (PR_CALLBACK *Destroy)(
1397 NSSCKMDMechanism *mdMechanism,
1398 NSSCKFWMechanism *fwMechanism,
1399 NSSCKMDInstance *mdInstance,
1400 NSSCKFWInstance *fwInstance
1401 );
1404 /*
1405 * This routine returns the minimum key size allowed for
1406 * this mechanism. This routine is optional; if unimplemented,
1407 * zero will be assumed. This routine may return zero on
1408 * error; if the error is CKR_OK, zero will be accepted as
1409 * a valid response.
1410 */
1411 CK_ULONG (PR_CALLBACK *GetMinKeySize)(
1412 NSSCKMDMechanism *mdMechanism,
1413 NSSCKFWMechanism *fwMechanism,
1414 NSSCKMDToken *mdToken,
1415 NSSCKFWToken *fwToken,
1416 NSSCKMDInstance *mdInstance,
1417 NSSCKFWInstance *fwInstance,
1418 CK_RV *pError
1419 );
1421 /*
1422 * This routine returns the maximum key size allowed for
1423 * this mechanism. This routine is optional; if unimplemented,
1424 * zero will be assumed. This routine may return zero on
1425 * error; if the error is CKR_OK, zero will be accepted as
1426 * a valid response.
1427 */
1428 CK_ULONG (PR_CALLBACK *GetMaxKeySize)(
1429 NSSCKMDMechanism *mdMechanism,
1430 NSSCKFWMechanism *fwMechanism,
1431 NSSCKMDToken *mdToken,
1432 NSSCKFWToken *fwToken,
1433 NSSCKMDInstance *mdInstance,
1434 NSSCKFWInstance *fwInstance,
1435 CK_RV *pError
1436 );
1438 /*
1439 * This routine is called to determine if the mechanism is
1440 * implemented in hardware or software. It returns CK_TRUE
1441 * if it is done in hardware.
1442 */
1443 CK_BBOOL (PR_CALLBACK *GetInHardware)(
1444 NSSCKMDMechanism *mdMechanism,
1445 NSSCKFWMechanism *fwMechanism,
1446 NSSCKMDToken *mdToken,
1447 NSSCKFWToken *fwToken,
1448 NSSCKMDInstance *mdInstance,
1449 NSSCKFWInstance *fwInstance,
1450 CK_RV *pError
1451 );
1453 /*
1454 * The crypto routines themselves. Most crypto operations may
1455 * be performed in two ways, streaming and single-part. The
1456 * streaming operations involve the use of (typically) three
1457 * calls-- an Init method to set up the operation, an Update
1458 * method to feed data to the operation, and a Final method to
1459 * obtain the final result. Single-part operations involve
1460 * one method, to perform the crypto operation all at once.
1461 *
1462 * The NSS Cryptoki Framework can implement the single-part
1463 * operations in terms of the streaming operations on behalf
1464 * of the Module. There are a few variances.
1465 *
1466 * Only the Init Functions are defined by the mechanism. Each
1467 * init function will return a NSSCKFWCryptoOperation which
1468 * can supply update, final, the single part updateFinal, and
1469 * the combo updateCombo functions.
1470 *
1471 * For simplicity, the routines are listed in summary here:
1472 *
1473 * EncryptInit,
1474 * DecryptInit,
1475 * DigestInit,
1476 * SignInit,
1477 * SignRecoverInit;
1478 * VerifyInit,
1479 * VerifyRecoverInit;
1480 *
1481 * The key-management routines are
1482 *
1483 * GenerateKey
1484 * GenerateKeyPair
1485 * WrapKey
1486 * UnwrapKey
1487 * DeriveKey
1488 *
1489 * All of these routines based on the Cryptoki API;
1490 * see PKCS#11 for further information.
1491 */
1493 /*
1494 */
1495 NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)(
1496 NSSCKMDMechanism *mdMechanism,
1497 NSSCKFWMechanism *fwMechanism,
1498 CK_MECHANISM_PTR pMechanism,
1499 NSSCKMDSession *mdSession,
1500 NSSCKFWSession *fwSession,
1501 NSSCKMDToken *mdToken,
1502 NSSCKFWToken *fwToken,
1503 NSSCKMDInstance *mdInstance,
1504 NSSCKFWInstance *fwInstance,
1505 NSSCKMDObject *mdKey,
1506 NSSCKFWObject *fwKey,
1507 CK_RV *pError
1508 );
1510 /*
1511 */
1512 NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)(
1513 NSSCKMDMechanism *mdMechanism,
1514 NSSCKFWMechanism *fwMechanism,
1515 CK_MECHANISM_PTR pMechanism,
1516 NSSCKMDSession *mdSession,
1517 NSSCKFWSession *fwSession,
1518 NSSCKMDToken *mdToken,
1519 NSSCKFWToken *fwToken,
1520 NSSCKMDInstance *mdInstance,
1521 NSSCKFWInstance *fwInstance,
1522 NSSCKMDObject *mdKey,
1523 NSSCKFWObject *fwKey,
1524 CK_RV *pError
1525 );
1527 /*
1528 */
1529 NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)(
1530 NSSCKMDMechanism *mdMechanism,
1531 NSSCKFWMechanism *fwMechanism,
1532 CK_MECHANISM_PTR pMechanism,
1533 NSSCKMDSession *mdSession,
1534 NSSCKFWSession *fwSession,
1535 NSSCKMDToken *mdToken,
1536 NSSCKFWToken *fwToken,
1537 NSSCKMDInstance *mdInstance,
1538 NSSCKFWInstance *fwInstance,
1539 CK_RV *pError
1540 );
1543 /*
1544 */
1545 NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)(
1546 NSSCKMDMechanism *mdMechanism,
1547 NSSCKFWMechanism *fwMechanism,
1548 CK_MECHANISM_PTR pMechanism,
1549 NSSCKMDSession *mdSession,
1550 NSSCKFWSession *fwSession,
1551 NSSCKMDToken *mdToken,
1552 NSSCKFWToken *fwToken,
1553 NSSCKMDInstance *mdInstance,
1554 NSSCKFWInstance *fwInstance,
1555 NSSCKMDObject *mdKey,
1556 NSSCKFWObject *fwKey,
1557 CK_RV *pError
1558 );
1560 /*
1561 */
1562 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)(
1563 NSSCKMDMechanism *mdMechanism,
1564 NSSCKFWMechanism *fwMechanism,
1565 CK_MECHANISM_PTR pMechanism,
1566 NSSCKMDSession *mdSession,
1567 NSSCKFWSession *fwSession,
1568 NSSCKMDToken *mdToken,
1569 NSSCKFWToken *fwToken,
1570 NSSCKMDInstance *mdInstance,
1571 NSSCKFWInstance *fwInstance,
1572 NSSCKMDObject *mdKey,
1573 NSSCKFWObject *fwKey,
1574 CK_RV *pError
1575 );
1577 /*
1578 */
1579 NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)(
1580 NSSCKMDMechanism *mdMechanism,
1581 NSSCKFWMechanism *fwMechanism,
1582 CK_MECHANISM_PTR pMechanism,
1583 NSSCKMDSession *mdSession,
1584 NSSCKFWSession *fwSession,
1585 NSSCKMDToken *mdToken,
1586 NSSCKFWToken *fwToken,
1587 NSSCKMDInstance *mdInstance,
1588 NSSCKFWInstance *fwInstance,
1589 NSSCKMDObject *mdKey,
1590 NSSCKFWObject *fwKey,
1591 CK_RV *pError
1592 );
1594 /*
1595 */
1596 NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)(
1597 NSSCKMDMechanism *mdMechanism,
1598 NSSCKFWMechanism *fwMechanism,
1599 CK_MECHANISM_PTR pMechanism,
1600 NSSCKMDSession *mdSession,
1601 NSSCKFWSession *fwSession,
1602 NSSCKMDToken *mdToken,
1603 NSSCKFWToken *fwToken,
1604 NSSCKMDInstance *mdInstance,
1605 NSSCKFWInstance *fwInstance,
1606 NSSCKMDObject *mdKey,
1607 NSSCKFWObject *fwKey,
1608 CK_RV *pError
1609 );
1611 /*
1612 * Key management operations.
1613 */
1615 /*
1616 * This routine generates a key. This routine may return NULL
1617 * upon error.
1618 */
1619 NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
1620 NSSCKMDMechanism *mdMechanism,
1621 NSSCKFWMechanism *fwMechanism,
1622 CK_MECHANISM_PTR pMechanism,
1623 NSSCKMDSession *mdSession,
1624 NSSCKFWSession *fwSession,
1625 NSSCKMDToken *mdToken,
1626 NSSCKFWToken *fwToken,
1627 NSSCKMDInstance *mdInstance,
1628 NSSCKFWInstance *fwInstance,
1629 CK_ATTRIBUTE_PTR pTemplate,
1630 CK_ULONG ulAttributeCount,
1631 CK_RV *pError
1632 );
1634 /*
1635 * This routine generates a key pair.
1636 */
1637 CK_RV (PR_CALLBACK *GenerateKeyPair)(
1638 NSSCKMDMechanism *mdMechanism,
1639 NSSCKFWMechanism *fwMechanism,
1640 CK_MECHANISM_PTR pMechanism,
1641 NSSCKMDSession *mdSession,
1642 NSSCKFWSession *fwSession,
1643 NSSCKMDToken *mdToken,
1644 NSSCKFWToken *fwToken,
1645 NSSCKMDInstance *mdInstance,
1646 NSSCKFWInstance *fwInstance,
1647 CK_ATTRIBUTE_PTR pPublicKeyTemplate,
1648 CK_ULONG ulPublicKeyAttributeCount,
1649 CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
1650 CK_ULONG ulPrivateKeyAttributeCount,
1651 NSSCKMDObject **pPublicKey,
1652 NSSCKMDObject **pPrivateKey
1653 );
1655 /*
1656 * This routine wraps a key.
1657 */
1658 CK_ULONG (PR_CALLBACK *GetWrapKeyLength)(
1659 NSSCKMDMechanism *mdMechanism,
1660 NSSCKFWMechanism *fwMechanism,
1661 CK_MECHANISM_PTR pMechanism,
1662 NSSCKMDSession *mdSession,
1663 NSSCKFWSession *fwSession,
1664 NSSCKMDToken *mdToken,
1665 NSSCKFWToken *fwToken,
1666 NSSCKMDInstance *mdInstance,
1667 NSSCKFWInstance *fwInstance,
1668 NSSCKMDObject *mdWrappingKey,
1669 NSSCKFWObject *fwWrappingKey,
1670 NSSCKMDObject *mdWrappedKey,
1671 NSSCKFWObject *fwWrappedKey,
1672 CK_RV *pError
1673 );
1675 /*
1676 * This routine wraps a key.
1677 */
1678 CK_RV (PR_CALLBACK *WrapKey)(
1679 NSSCKMDMechanism *mdMechanism,
1680 NSSCKFWMechanism *fwMechanism,
1681 CK_MECHANISM_PTR pMechanism,
1682 NSSCKMDSession *mdSession,
1683 NSSCKFWSession *fwSession,
1684 NSSCKMDToken *mdToken,
1685 NSSCKFWToken *fwToken,
1686 NSSCKMDInstance *mdInstance,
1687 NSSCKFWInstance *fwInstance,
1688 NSSCKMDObject *mdWrappingKey,
1689 NSSCKFWObject *fwWrappingKey,
1690 NSSCKMDObject *mdKeyObject,
1691 NSSCKFWObject *fwKeyObject,
1692 NSSItem *wrappedKey
1693 );
1695 /*
1696 * This routine unwraps a key. This routine may return NULL
1697 * upon error.
1698 */
1699 NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
1700 NSSCKMDMechanism *mdMechanism,
1701 NSSCKFWMechanism *fwMechanism,
1702 CK_MECHANISM_PTR pMechanism,
1703 NSSCKMDSession *mdSession,
1704 NSSCKFWSession *fwSession,
1705 NSSCKMDToken *mdToken,
1706 NSSCKFWToken *fwToken,
1707 NSSCKMDInstance *mdInstance,
1708 NSSCKFWInstance *fwInstance,
1709 NSSCKMDObject *mdWrappingKey,
1710 NSSCKFWObject *fwWrappingKey,
1711 NSSItem *wrappedKey,
1712 CK_ATTRIBUTE_PTR pTemplate,
1713 CK_ULONG ulAttributeCount,
1714 CK_RV *pError
1715 );
1717 /*
1718 * This routine derives a key. This routine may return NULL
1719 * upon error.
1720 */
1721 NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
1722 NSSCKMDMechanism *mdMechanism,
1723 NSSCKFWMechanism *fwMechanism,
1724 CK_MECHANISM_PTR pMechanism,
1725 NSSCKMDSession *mdSession,
1726 NSSCKFWSession *fwSession,
1727 NSSCKMDToken *mdToken,
1728 NSSCKFWToken *fwToken,
1729 NSSCKMDInstance *mdInstance,
1730 NSSCKFWInstance *fwInstance,
1731 NSSCKMDObject *mdBaseKey,
1732 NSSCKFWObject *fwBaseKey,
1733 CK_ATTRIBUTE_PTR pTemplate,
1734 CK_ULONG ulAttributeCount,
1735 CK_RV *pError
1736 );
1738 /*
1739 * This object may be extended in future versions of the
1740 * NSS Cryptoki Framework. To allow for some flexibility
1741 * in the area of binary compatibility, this field should
1742 * be NULL.
1743 */
1744 void *null;
1745 };
1747 /*
1748 * NSSCKMDObject
1749 *
1750 * This is the basic handle for any object used by a PKCS#11 Module.
1751 * Modules must implement it if they support their own objects, and
1752 * the Framework supports it for Modules that do not handle session
1753 * objects. This type contains a pointer for use by the implementor,
1754 * to store any object-specific data, and it contains an EPV for a
1755 * set of routines used to access the object.
1756 */
1758 struct NSSCKMDObjectStr {
1759 /*
1760 * The implementation my use this pointer for its own purposes.
1761 */
1762 void *etc;
1764 /*
1765 * This routine is called by the Framework when it is letting
1766 * go of an object handle. It can be used by the Module to
1767 * free any resources tied up by an object "in use." It is
1768 * optional.
1769 */
1770 void (PR_CALLBACK *Finalize)(
1771 NSSCKMDObject *mdObject,
1772 NSSCKFWObject *fwObject,
1773 NSSCKMDSession *mdSession,
1774 NSSCKFWSession *fwSession,
1775 NSSCKMDToken *mdToken,
1776 NSSCKFWToken *fwToken,
1777 NSSCKMDInstance *mdInstance,
1778 NSSCKFWInstance *fwInstance
1779 );
1781 /*
1782 * This routine is used to completely destroy an object.
1783 * It is optional. The parameter fwObject might be NULL
1784 * if the framework runs out of memory at the wrong moment.
1785 */
1786 CK_RV (PR_CALLBACK *Destroy)(
1787 NSSCKMDObject *mdObject,
1788 NSSCKFWObject *fwObject,
1789 NSSCKMDSession *mdSession,
1790 NSSCKFWSession *fwSession,
1791 NSSCKMDToken *mdToken,
1792 NSSCKFWToken *fwToken,
1793 NSSCKMDInstance *mdInstance,
1794 NSSCKFWInstance *fwInstance
1795 );
1797 /*
1798 * This helper routine is used by the Framework, and is especially
1799 * useful when it is managing session objects on behalf of the
1800 * Module. This routine is optional; if unimplemented, the
1801 * Framework will actually look up the CKA_TOKEN attribute. In the
1802 * event of an error, just make something up-- the Framework will
1803 * find out soon enough anyway.
1804 */
1805 CK_BBOOL (PR_CALLBACK *IsTokenObject)(
1806 NSSCKMDObject *mdObject,
1807 NSSCKFWObject *fwObject,
1808 NSSCKMDSession *mdSession,
1809 NSSCKFWSession *fwSession,
1810 NSSCKMDToken *mdToken,
1811 NSSCKFWToken *fwToken,
1812 NSSCKMDInstance *mdInstance,
1813 NSSCKFWInstance *fwInstance
1814 );
1816 /*
1817 * This routine returns the number of attributes of which this
1818 * object consists. It is mandatory. It can return zero on
1819 * error.
1820 */
1821 CK_ULONG (PR_CALLBACK *GetAttributeCount)(
1822 NSSCKMDObject *mdObject,
1823 NSSCKFWObject *fwObject,
1824 NSSCKMDSession *mdSession,
1825 NSSCKFWSession *fwSession,
1826 NSSCKMDToken *mdToken,
1827 NSSCKFWToken *fwToken,
1828 NSSCKMDInstance *mdInstance,
1829 NSSCKFWInstance *fwInstance,
1830 CK_RV *pError
1831 );
1833 /*
1834 * This routine stuffs the attribute types into the provided array.
1835 * The array size (as obtained from GetAttributeCount) is passed in
1836 * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
1837 * (either too big or too small).
1838 */
1839 CK_RV (PR_CALLBACK *GetAttributeTypes)(
1840 NSSCKMDObject *mdObject,
1841 NSSCKFWObject *fwObject,
1842 NSSCKMDSession *mdSession,
1843 NSSCKFWSession *fwSession,
1844 NSSCKMDToken *mdToken,
1845 NSSCKFWToken *fwToken,
1846 NSSCKMDInstance *mdInstance,
1847 NSSCKFWInstance *fwInstance,
1848 CK_ATTRIBUTE_TYPE_PTR typeArray,
1849 CK_ULONG ulCount
1850 );
1852 /*
1853 * This routine returns the size (in bytes) of the specified
1854 * attribute. It can return zero on error.
1855 */
1856 CK_ULONG (PR_CALLBACK *GetAttributeSize)(
1857 NSSCKMDObject *mdObject,
1858 NSSCKFWObject *fwObject,
1859 NSSCKMDSession *mdSession,
1860 NSSCKFWSession *fwSession,
1861 NSSCKMDToken *mdToken,
1862 NSSCKFWToken *fwToken,
1863 NSSCKMDInstance *mdInstance,
1864 NSSCKFWInstance *fwInstance,
1865 CK_ATTRIBUTE_TYPE attribute,
1866 CK_RV *pError
1867 );
1869 /*
1870 * This routine returns an NSSCKFWItem structure.
1871 * The item pointer points to an NSSItem containing the attribute value.
1872 * The needsFreeing bit tells the framework whether to call the
1873 * FreeAttribute function . Upon error, an NSSCKFWItem structure
1874 * with a NULL NSSItem item pointer will be returned
1875 */
1876 NSSCKFWItem (PR_CALLBACK *GetAttribute)(
1877 NSSCKMDObject *mdObject,
1878 NSSCKFWObject *fwObject,
1879 NSSCKMDSession *mdSession,
1880 NSSCKFWSession *fwSession,
1881 NSSCKMDToken *mdToken,
1882 NSSCKFWToken *fwToken,
1883 NSSCKMDInstance *mdInstance,
1884 NSSCKFWInstance *fwInstance,
1885 CK_ATTRIBUTE_TYPE attribute,
1886 CK_RV *pError
1887 );
1889 /*
1890 * This routine returns CKR_OK if the attribute could be freed.
1891 */
1892 CK_RV (PR_CALLBACK *FreeAttribute)(
1893 NSSCKFWItem * item
1894 );
1896 /*
1897 * This routine changes the specified attribute. If unimplemented,
1898 * the object will be considered read-only.
1899 */
1900 CK_RV (PR_CALLBACK *SetAttribute)(
1901 NSSCKMDObject *mdObject,
1902 NSSCKFWObject *fwObject,
1903 NSSCKMDSession *mdSession,
1904 NSSCKFWSession *fwSession,
1905 NSSCKMDToken *mdToken,
1906 NSSCKFWToken *fwToken,
1907 NSSCKMDInstance *mdInstance,
1908 NSSCKFWInstance *fwInstance,
1909 CK_ATTRIBUTE_TYPE attribute,
1910 NSSItem *value
1911 );
1913 /*
1914 * This routine returns the storage requirements of this object,
1915 * in bytes. Cryptoki doesn't strictly define the definition,
1916 * but it should relate to the values returned by the "Get Memory"
1917 * routines of the NSSCKMDToken. This routine is optional; if
1918 * unimplemented, the Framework will consider this information
1919 * sensitive. This routine may return zero on error. If the
1920 * specified error is CKR_OK, zero will be accepted as a valid
1921 * response.
1922 */
1923 CK_ULONG (PR_CALLBACK *GetObjectSize)(
1924 NSSCKMDObject *mdObject,
1925 NSSCKFWObject *fwObject,
1926 NSSCKMDSession *mdSession,
1927 NSSCKFWSession *fwSession,
1928 NSSCKMDToken *mdToken,
1929 NSSCKFWToken *fwToken,
1930 NSSCKMDInstance *mdInstance,
1931 NSSCKFWInstance *fwInstance,
1932 CK_RV *pError
1933 );
1935 /*
1936 * This object may be extended in future versions of the
1937 * NSS Cryptoki Framework. To allow for some flexibility
1938 * in the area of binary compatibility, this field should
1939 * be NULL.
1940 */
1941 void *null;
1942 };
1945 #endif /* NSSCKMDT_H */
