| /* This Source Code Form is subject to the terms of the Mozilla Public |
| * License, v. 2.0. If a copy of the MPL was not distributed with this |
| * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| |
| #ifndef NSSCKMDT_H |
| #define NSSCKMDT_H |
| |
| /* |
| * nssckmdt.h |
| * |
| * This file specifies the basic types that must be implemented by |
| * any Module using the NSS Cryptoki Framework. |
| */ |
| |
| #ifndef NSSBASET_H |
| #include "nssbaset.h" |
| #endif /* NSSBASET_H */ |
| |
| #ifndef NSSCKT_H |
| #include "nssckt.h" |
| #endif /* NSSCKT_H */ |
| |
| #ifndef NSSCKFWT_H |
| #include "nssckfwt.h" |
| #endif /* NSSCKFWT_H */ |
| |
| typedef struct NSSCKMDInstanceStr NSSCKMDInstance; |
| typedef struct NSSCKMDSlotStr NSSCKMDSlot; |
| typedef struct NSSCKMDTokenStr NSSCKMDToken; |
| typedef struct NSSCKMDSessionStr NSSCKMDSession; |
| typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation; |
| typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects; |
| typedef struct NSSCKMDMechanismStr NSSCKMDMechanism; |
| typedef struct NSSCKMDObjectStr NSSCKMDObject; |
| |
| /* |
| * NSSCKFWItem |
| * |
| * This is a structure used by modules to return object attributes. |
| * The needsFreeing bit indicates whether the object needs to be freed. |
| * If so, the framework will call the FreeAttribute function on the item |
| * after it is done using it. |
| * |
| */ |
| |
| typedef struct { |
| PRBool needsFreeing; |
| NSSItem *item; |
| } NSSCKFWItem; |
| |
| /* |
| * NSSCKMDInstance |
| * |
| * This is the basic handle for an instance of a PKCS#11 Module. |
| * It is returned by the Module's CreateInstance routine, and |
| * may be obtained from the corresponding NSSCKFWInstance object. |
| * It contains a pointer for use by the Module, to store any |
| * instance-related data, and it contains the EPV for a set of |
| * routines which the Module may implement for use by the Framework. |
| * Some of these routines are optional; others are mandatory. |
| */ |
| |
| struct NSSCKMDInstanceStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called by the Framework to initialize |
| * the Module. This routine is optional; if unimplemented, |
| * it won't be called. If this routine returns an error, |
| * then the initialization will fail. |
| */ |
| CK_RV(PR_CALLBACK *Initialize) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSUTF8 *configurationData); |
| |
| /* |
| * This routine is called when the Framework is finalizing |
| * the PKCS#11 Module. It is the last thing called before |
| * the NSSCKFWInstance's NSSArena is destroyed. This routine |
| * is optional; if unimplemented, it merely won't be called. |
| */ |
| void(PR_CALLBACK *Finalize)( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine gets the number of slots. This value must |
| * never change, once the instance is initialized. This |
| * routine must be implemented. It may return zero on error. |
| */ |
| CK_ULONG(PR_CALLBACK *GetNSlots) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns the version of the Cryptoki standard |
| * to which this Module conforms. This routine is optional; |
| * if unimplemented, the Framework uses the version to which |
| * ~it~ was implemented. |
| */ |
| CK_VERSION(PR_CALLBACK *GetCryptokiVersion) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing the manufacturer ID for this Module. Only |
| * the characters completely encoded in the first thirty- |
| * two bytes are significant. This routine is optional. |
| * The string returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing a description of this Module library. Only |
| * the characters completely encoded in the first thirty- |
| * two bytes are significant. This routine is optional. |
| * The string returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns the version of this Module library. |
| * This routine is optional; if unimplemented, the Framework |
| * will assume a Module library version of 0.1. |
| */ |
| CK_VERSION(PR_CALLBACK *GetLibraryVersion) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the Module wishes to |
| * handle session objects. This routine is optional. |
| * If this routine is NULL, or if it exists but returns |
| * CK_FALSE, the Framework will assume responsibility |
| * for managing session objects. |
| */ |
| CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine stuffs pointers to NSSCKMDSlot objects into |
| * the specified array; one for each slot supported by this |
| * instance. The Framework will determine the size needed |
| * for the array by calling GetNSlots. This routine is |
| * required. |
| */ |
| CK_RV(PR_CALLBACK *GetSlots) |
| ( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDSlot *slots[]); |
| |
| /* |
| * This call returns a pointer to the slot in which an event |
| * has occurred. If the block argument is CK_TRUE, the call |
| * should block until a slot event occurs; if CK_FALSE, it |
| * should check to see if an event has occurred, occurred, |
| * but return NULL (and set *pError to CK_NO_EVENT) if one |
| * hasn't. This routine is optional; if unimplemented, the |
| * Framework will assume that no event has happened. This |
| * routine may return NULL upon error. |
| */ |
| NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_BBOOL block, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDSlot |
| * |
| * This is the basic handle for a PKCS#11 Module Slot. It is |
| * created by the NSSCKMDInstance->GetSlots call, and may be |
| * obtained from the Framework's corresponding NSSCKFWSlot |
| * object. It contains a pointer for use by the Module, to |
| * store any slot-related data, and it contains the EPV for |
| * a set of routines which the Module may implement for use |
| * by the Framework. Some of these routines are optional. |
| */ |
| |
| struct NSSCKMDSlotStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called during the Framework initialization |
| * step, after the Framework Instance has obtained the list |
| * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- |
| * specific initialization can be done here. This routine is |
| * optional; if unimplemented, it won't be called. Note that |
| * if this routine returns an error, the entire Framework |
| * initialization for this Module will fail. |
| */ |
| CK_RV(PR_CALLBACK *Initialize) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is called when the Framework is finalizing |
| * the PKCS#11 Module. This call (for each of the slots) |
| * is the last thing called before NSSCKMDInstance->Finalize. |
| * This routine is optional; if unimplemented, it merely |
| * won't be called. Note: In the rare circumstance that |
| * the Framework initialization cannot complete (due to, |
| * for example, memory limitations), this can be called with |
| * a NULL value for fwSlot. |
| */ |
| void(PR_CALLBACK *Destroy)( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing a description of this slot. Only the characters |
| * completely encoded in the first sixty-four bytes are |
| * significant. This routine is optional. The string |
| * returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing a description of the manufacturer of this slot. |
| * Only the characters completely encoded in the first thirty- |
| * two bytes are significant. This routine is optional. |
| * The string returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns CK_TRUE if a token is present in this |
| * slot. This routine is optional; if unimplemented, CK_TRUE |
| * is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetTokenPresent) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the slot supports removable |
| * tokens. This routine is optional; if unimplemented, CK_FALSE |
| * is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetRemovableDevice) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if this slot is a hardware |
| * device, or CK_FALSE if this slot is a software device. This |
| * routine is optional; if unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetHardwareSlot) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the version of this slot's hardware. |
| * This routine is optional; if unimplemented, the Framework |
| * will assume a hardware version of 0.1. |
| */ |
| CK_VERSION(PR_CALLBACK *GetHardwareVersion) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the version of this slot's firmware. |
| * This routine is optional; if unimplemented, the Framework |
| * will assume a hardware version of 0.1. |
| */ |
| CK_VERSION(PR_CALLBACK *GetFirmwareVersion) |
| ( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine should return a pointer to an NSSCKMDToken |
| * object corresponding to the token in the specified slot. |
| * The NSSCKFWToken object passed in has an NSSArena |
| * available which is dedicated for this token. This routine |
| * must be implemented. This routine may return NULL upon |
| * error. |
| */ |
| NSSCKMDToken *(PR_CALLBACK *GetToken)( |
| NSSCKMDSlot *mdSlot, |
| NSSCKFWSlot *fwSlot, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDToken |
| * |
| * This is the basic handle for a PKCS#11 Token. It is created by |
| * the NSSCKMDSlot->GetToken call, and may be obtained from the |
| * Framework's corresponding NSSCKFWToken object. It contains a |
| * pointer for use by the Module, to store any token-related |
| * data, and it contains the EPV for a set of routines which the |
| * Module may implement for use by the Framework. Some of these |
| * routines are optional. |
| */ |
| |
| struct NSSCKMDTokenStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is used to prepare a Module token object for |
| * use. It is called after the NSSCKMDToken object is obtained |
| * from NSSCKMDSlot->GetToken. It is named "Setup" here because |
| * Cryptoki already defines "InitToken" to do the process of |
| * wiping out any existing state on a token and preparing it for |
| * a new use. This routine is optional; if unimplemented, it |
| * merely won't be called. |
| */ |
| CK_RV(PR_CALLBACK *Setup) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is called by the Framework whenever it notices |
| * that the token object is invalid. (Typically this is when a |
| * routine indicates an error such as CKR_DEVICE_REMOVED). This |
| * call is the last thing called before the NSSArena in the |
| * corresponding NSSCKFWToken is destroyed. This routine is |
| * optional; if unimplemented, it merely won't be called. |
| */ |
| void(PR_CALLBACK *Invalidate)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine initialises the token in the specified slot. |
| * This routine is optional; if unimplemented, the Framework |
| * will fail this operation with an error of CKR_DEVICE_ERROR. |
| */ |
| |
| CK_RV(PR_CALLBACK *InitToken) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *pin, |
| NSSUTF8 *label); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing this token's label. Only the characters |
| * completely encoded in the first thirty-two bytes are |
| * significant. This routine is optional. The string |
| * returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetLabel)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing this token's manufacturer ID. Only the characters |
| * completely encoded in the first thirty-two bytes are |
| * significant. This routine is optional. The string |
| * returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing this token's model name. Only the characters |
| * completely encoded in the first thirty-two bytes are |
| * significant. This routine is optional. The string |
| * returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetModel)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns a pointer to a UTF8-encoded string |
| * containing this token's serial number. Only the characters |
| * completely encoded in the first thirty-two bytes are |
| * significant. This routine is optional. The string |
| * returned is never freed; if dynamically generated, |
| * the space for it should be allocated from the NSSArena |
| * that may be obtained from the NSSCKFWInstance. This |
| * routine may return NULL upon error; however if *pError |
| * is CKR_OK, the NULL will be considered the valid response. |
| */ |
| NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns CK_TRUE if the token has its own |
| * random number generator. This routine is optional; if |
| * unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetHasRNG) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if this token is write-protected. |
| * This routine is optional; if unimplemented, CK_FALSE is |
| * assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if this token requires a login. |
| * This routine is optional; if unimplemented, CK_FALSE is |
| * assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetLoginRequired) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the normal user's PIN on this |
| * token has been initialised. This routine is optional; if |
| * unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if a successful save of a |
| * session's cryptographic operations state ~always~ contains |
| * all keys needed to restore the state of the session. This |
| * routine is optional; if unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the token has its own |
| * hardware clock. This routine is optional; if unimplemented, |
| * CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the token has a protected |
| * authentication path. This routine is optional; if |
| * unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns CK_TRUE if the token supports dual |
| * cryptographic operations within a single session. This |
| * routine is optional; if unimplemented, CK_FALSE is assumed. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * XXX fgmr-- should we have a call to return all the flags |
| * at once, for folks who already know about Cryptoki? |
| */ |
| |
| /* |
| * This routine returns the maximum number of sessions that |
| * may be opened on this token. This routine is optional; |
| * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION |
| * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? |
| */ |
| CK_ULONG(PR_CALLBACK *GetMaxSessionCount) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the maximum number of read/write |
| * sesisons that may be opened on this token. This routine |
| * is optional; if unimplemented, the special value |
| * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or |
| * CK_EFFECTIVELY_INFINITE? |
| */ |
| CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the maximum PIN code length that is |
| * supported on this token. This routine is optional; |
| * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION |
| * is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetMaxPinLen) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the minimum PIN code length that is |
| * supported on this token. This routine is optional; if |
| * unimplemented, the special value CK_UNAVAILABLE_INFORMATION |
| * is assumed. XXX fgmr-- or 0? |
| */ |
| CK_ULONG(PR_CALLBACK *GetMinPinLen) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the total amount of memory on the token |
| * in which public objects may be stored. This routine is |
| * optional; if unimplemented, the special value |
| * CK_UNAVAILABLE_INFORMATION is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the amount of unused memory on the |
| * token in which public objects may be stored. This routine |
| * is optional; if unimplemented, the special value |
| * CK_UNAVAILABLE_INFORMATION is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetFreePublicMemory) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the total amount of memory on the token |
| * in which private objects may be stored. This routine is |
| * optional; if unimplemented, the special value |
| * CK_UNAVAILABLE_INFORMATION is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the amount of unused memory on the |
| * token in which private objects may be stored. This routine |
| * is optional; if unimplemented, the special value |
| * CK_UNAVAILABLE_INFORMATION is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the version number of this token's |
| * hardware. This routine is optional; if unimplemented, |
| * the value 0.1 is assumed. |
| */ |
| CK_VERSION(PR_CALLBACK *GetHardwareVersion) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the version number of this token's |
| * firmware. This routine is optional; if unimplemented, |
| * the value 0.1 is assumed. |
| */ |
| CK_VERSION(PR_CALLBACK *GetFirmwareVersion) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine stuffs the current UTC time, as obtained from |
| * the token, into the sixteen-byte buffer in the form |
| * YYYYMMDDhhmmss00. This routine need only be implemented |
| * by token which indicate that they have a real-time clock. |
| * XXX fgmr-- think about time formats. |
| */ |
| CK_RV(PR_CALLBACK *GetUTCTime) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_CHAR utcTime[16]); |
| |
| /* |
| * This routine creates a session on the token, and returns |
| * the corresponding NSSCKMDSession object. The value of |
| * rw will be CK_TRUE if the session is to be a read/write |
| * session, or CK_FALSE otherwise. An NSSArena dedicated to |
| * the new session is available from the specified NSSCKFWSession. |
| * This routine may return NULL upon error. |
| */ |
| NSSCKMDSession *(PR_CALLBACK *OpenSession)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKFWSession *fwSession, |
| CK_BBOOL rw, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns the number of PKCS#11 Mechanisms |
| * supported by this token. This routine is optional; if |
| * unimplemented, zero is assumed. |
| */ |
| CK_ULONG(PR_CALLBACK *GetMechanismCount) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine stuffs into the specified array the types |
| * of the mechanisms supported by this token. The Framework |
| * determines the size of the array by calling GetMechanismCount. |
| */ |
| CK_RV(PR_CALLBACK *GetMechanismTypes) |
| ( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_MECHANISM_TYPE types[]); |
| |
| /* |
| * This routine returns a pointer to a Module mechanism |
| * object corresponding to a specified type. This routine |
| * need only exist for tokens implementing at least one |
| * mechanism. |
| */ |
| NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_MECHANISM_TYPE which, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDSession |
| * |
| * This is the basic handle for a session on a PKCS#11 Token. It |
| * is created by NSSCKMDToken->OpenSession, and may be obtained |
| * from the Framework's corresponding NSSCKFWSession object. It |
| * contains a pointer for use by the Module, to store any session- |
| * realted data, and it contains the EPV for a set of routines |
| * which the Module may implement for use by the Framework. Some |
| * of these routines are optional. |
| */ |
| |
| struct NSSCKMDSessionStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called by the Framework when a session is |
| * closed. This call is the last thing called before the |
| * NSSArena in the correspoinding NSSCKFWSession is destroyed. |
| * This routine is optional; if unimplemented, it merely won't |
| * be called. |
| */ |
| void(PR_CALLBACK *Close)( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is used to get any device-specific error. |
| * This routine is optional. |
| */ |
| CK_ULONG(PR_CALLBACK *GetDeviceError) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is used to log in a user to the token. This |
| * routine is optional, since the Framework's NSSCKFWSession |
| * object keeps track of the login state. |
| */ |
| CK_RV(PR_CALLBACK *Login) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_USER_TYPE userType, |
| NSSItem *pin, |
| CK_STATE oldState, |
| CK_STATE newState); |
| |
| /* |
| * This routine is used to log out a user from the token. This |
| * routine is optional, since the Framework's NSSCKFWSession |
| * object keeps track of the login state. |
| */ |
| CK_RV(PR_CALLBACK *Logout) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_STATE oldState, |
| CK_STATE newState); |
| |
| /* |
| * This routine is used to initialize the normal user's PIN or |
| * password. This will only be called in the "read/write |
| * security officer functions" state. If this token has a |
| * protected authentication path, then the pin argument will |
| * be NULL. This routine is optional; if unimplemented, the |
| * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. |
| */ |
| CK_RV(PR_CALLBACK *InitPIN) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *pin); |
| |
| /* |
| * This routine is used to modify a user's PIN or password. This |
| * routine will only be called in the "read/write security officer |
| * functions" or "read/write user functions" state. If this token |
| * has a protected authentication path, then the pin arguments |
| * will be NULL. This routine is optional; if unimplemented, the |
| * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. |
| */ |
| CK_RV(PR_CALLBACK *SetPIN) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *oldPin, |
| NSSItem *newPin); |
| |
| /* |
| * This routine is used to find out how much space would be required |
| * to save the current operational state. This routine is optional; |
| * if unimplemented, the Framework will reject any attempts to save |
| * the operational state with the error CKR_STATE_UNSAVEABLE. This |
| * routine may return zero on error. |
| */ |
| CK_ULONG(PR_CALLBACK *GetOperationStateLen) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine is used to store the current operational state. This |
| * routine is only required if GetOperationStateLen is implemented |
| * and can return a nonzero value. The buffer in the specified item |
| * will be pre-allocated, and the length will specify the amount of |
| * space available (which may be more than GetOperationStateLen |
| * asked for, but which will not be smaller). |
| */ |
| CK_RV(PR_CALLBACK *GetOperationState) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *buffer); |
| |
| /* |
| * This routine is used to restore an operational state previously |
| * obtained with GetOperationState. The Framework will take pains |
| * to be sure that the state is (or was at one point) valid; if the |
| * Module notices that the state is invalid, it should return an |
| * error, but it is not required to be paranoid about the issue. |
| * [XXX fgmr-- should (can?) the framework verify the keys match up?] |
| * This routine is required only if GetOperationState is implemented. |
| */ |
| CK_RV(PR_CALLBACK *SetOperationState) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *state, |
| NSSCKMDObject *mdEncryptionKey, |
| NSSCKFWObject *fwEncryptionKey, |
| NSSCKMDObject *mdAuthenticationKey, |
| NSSCKFWObject *fwAuthenticationKey); |
| |
| /* |
| * This routine is used to create an object. The specified template |
| * will only specify a session object if the Module has indicated |
| * that it wishes to handle its own session objects. This routine |
| * is optional; if unimplemented, the Framework will reject the |
| * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for |
| * token objects should come from the NSSArena available from the |
| * NSSCKFWToken object; space for session objects (if supported) |
| * should come from the NSSArena available from the NSSCKFWSession |
| * object. The appropriate NSSArena pointer will, as a convenience, |
| * be passed as the handyArenaPointer argument. This routine may |
| * return NULL upon error. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *CreateObject)( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSArena *handyArenaPointer, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This routine is used to make a copy of an object. It is entirely |
| * optional; if unimplemented, the Framework will try to use |
| * CreateObject instead. If the Module has indicated that it does |
| * not wish to handle session objects, then this routine will only |
| * be called to copy a token object to another token object. |
| * Otherwise, either the original object or the new may be of |
| * either the token or session variety. As with CreateObject, the |
| * handyArenaPointer will point to the appropriate arena for the |
| * new object. This routine may return NULL upon error. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *CopyObject)( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdOldObject, |
| NSSCKFWObject *fwOldObject, |
| NSSArena *handyArenaPointer, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This routine is used to begin an object search. This routine may |
| * be unimplemented only if the Module does not handle session |
| * objects, and if none of its tokens have token objects. The |
| * NSSCKFWFindObjects pointer has an NSSArena that may be used for |
| * storage for the life of this "find" operation. This routine may |
| * return NULL upon error. If the Module can determine immediately |
| * that the search will not find any matching objects, it may return |
| * NULL, and specify CKR_OK as the error. |
| */ |
| NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This routine seeds the random-number generator. It is |
| * optional, even if GetRandom is implemented. If unimplemented, |
| * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. |
| */ |
| CK_RV(PR_CALLBACK *SeedRandom) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *seed); |
| |
| /* |
| * This routine gets random data. It is optional. If unimplemented, |
| * the Framework will issue the error CKR_RANDOM_NO_RNG. |
| */ |
| CK_RV(PR_CALLBACK *GetRandom) |
| ( |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *buffer); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDFindObjects |
| * |
| * This is the basic handle for an object search. It is |
| * created by NSSCKMDSession->FindObjectsInit, and may be |
| * obtained from the Framework's corresponding object. |
| * It contains a pointer for use by the Module, to store |
| * any search-related data, and it contains the EPV for a |
| * set of routines which the Module may implement for use |
| * by the Framework. Some of these routines are optional. |
| */ |
| |
| struct NSSCKMDFindObjectsStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called by the Framework to finish a |
| * search operation. Note that the Framework may finish |
| * a search before it has completed. This routine is |
| * optional; if unimplemented, it merely won't be called. |
| */ |
| void(PR_CALLBACK *Final)( |
| NSSCKMDFindObjects *mdFindObjects, |
| NSSCKFWFindObjects *fwFindObjects, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is used to obtain another pointer to an |
| * object matching the search criteria. This routine is |
| * required. If no (more) objects match the search, it |
| * should return NULL and set the error to CKR_OK. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *Next)( |
| NSSCKMDFindObjects *mdFindObjects, |
| NSSCKFWFindObjects *fwFindObjects, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSArena *arena, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDCryptoOperaion |
| * |
| * This is the basic handle for an encryption, decryption, |
| * sign, verify, or hash opertion. |
| * created by NSSCKMDMechanism->XXXXInit, and may be |
| * obtained from the Framework's corresponding object. |
| * It contains a pointer for use by the Module, to store |
| * any intermediate data, and it contains the EPV for a |
| * set of routines which the Module may implement for use |
| * by the Framework. Some of these routines are optional. |
| */ |
| |
| struct NSSCKMDCryptoOperationStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called by the Framework clean up the mdCryptoOperation |
| * structure. |
| * This routine is optional; if unimplemented, it will be ignored. |
| */ |
| void(PR_CALLBACK *Destroy)( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * how many bytes do we need to finish this buffer? |
| * must be implemented if Final is implemented. |
| */ |
| CK_ULONG(PR_CALLBACK *GetFinalLength) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * how many bytes do we need to complete the next operation. |
| * used in both Update and UpdateFinal. |
| */ |
| CK_ULONG(PR_CALLBACK *GetOperationLength) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| const NSSItem *inputBuffer, |
| CK_RV *pError); |
| |
| /* |
| * This routine is called by the Framework to finish a |
| * search operation. Note that the Framework may finish |
| * a search before it has completed. This routine is |
| * optional; if unimplemented, it merely won't be called. |
| * The respective final call with fail with CKR_FUNCTION_FAILED |
| * Final should not free the mdCryptoOperation. |
| */ |
| CK_RV(PR_CALLBACK *Final) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSItem *outputBuffer); |
| |
| /* |
| * This routine is called by the Framework to complete the |
| * next step in an encryption/decryption operation. |
| * This routine is optional; if unimplemented, the respective |
| * update call with fail with CKR_FUNCTION_FAILED. |
| * Update should not be implemented for signing/verification/digest |
| * mechanisms. |
| */ |
| CK_RV(PR_CALLBACK *Update) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| const NSSItem *inputBuffer, |
| NSSItem *outputBuffer); |
| |
| /* |
| * This routine is called by the Framework to complete the |
| * next step in a signing/verification/digest operation. |
| * This routine is optional; if unimplemented, the respective |
| * update call with fail with CKR_FUNCTION_FAILED |
| * Update should not be implemented for encryption/decryption |
| * mechanisms. |
| */ |
| CK_RV(PR_CALLBACK *DigestUpdate) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| const NSSItem *inputBuffer); |
| |
| /* |
| * This routine is called by the Framework to complete a |
| * single step operation. This routine is optional; if unimplemented, |
| * the framework will use the Update and Final functions to complete |
| * the operation. |
| */ |
| CK_RV(PR_CALLBACK *UpdateFinal) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| const NSSItem *inputBuffer, |
| NSSItem *outputBuffer); |
| |
| /* |
| * This routine is called by the Framework to complete next |
| * step in a combined operation. The Decrypt/Encrypt mechanism |
| * should define and drive the combo step. |
| * This routine is optional; if unimplemented, |
| * the framework will use the appropriate Update functions to complete |
| * the operation. |
| */ |
| CK_RV(PR_CALLBACK *UpdateCombo) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDCryptoOperation *mdPeerCryptoOperation, |
| NSSCKFWCryptoOperation *fwPeerCryptoOperation, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| const NSSItem *inputBuffer, |
| NSSItem *outputBuffer); |
| |
| /* |
| * Hash a key directly into the digest |
| */ |
| CK_RV(PR_CALLBACK *DigestKey) |
| ( |
| NSSCKMDCryptoOperation *mdCryptoOperation, |
| NSSCKFWCryptoOperation *fwCryptoOperation, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDMechanism |
| * |
| */ |
| |
| struct NSSCKMDMechanismStr { |
| /* |
| * The Module may use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This also frees the fwMechanism if appropriate. |
| * If it is not supplied, the Framework will assume that the Token |
| * Manages a static list of mechanisms and the function will not be called. |
| */ |
| void(PR_CALLBACK *Destroy)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the minimum key size allowed for |
| * this mechanism. This routine is optional; if unimplemented, |
| * zero will be assumed. This routine may return zero on |
| * error; if the error is CKR_OK, zero will be accepted as |
| * a valid response. |
| */ |
| CK_ULONG(PR_CALLBACK *GetMinKeySize) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns the maximum key size allowed for |
| * this mechanism. This routine is optional; if unimplemented, |
| * zero will be assumed. This routine may return zero on |
| * error; if the error is CKR_OK, zero will be accepted as |
| * a valid response. |
| */ |
| CK_ULONG(PR_CALLBACK *GetMaxKeySize) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine is called to determine if the mechanism is |
| * implemented in hardware or software. It returns CK_TRUE |
| * if it is done in hardware. |
| */ |
| CK_BBOOL(PR_CALLBACK *GetInHardware) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * The crypto routines themselves. Most crypto operations may |
| * be performed in two ways, streaming and single-part. The |
| * streaming operations involve the use of (typically) three |
| * calls-- an Init method to set up the operation, an Update |
| * method to feed data to the operation, and a Final method to |
| * obtain the final result. Single-part operations involve |
| * one method, to perform the crypto operation all at once. |
| * |
| * The NSS Cryptoki Framework can implement the single-part |
| * operations in terms of the streaming operations on behalf |
| * of the Module. There are a few variances. |
| * |
| * Only the Init Functions are defined by the mechanism. Each |
| * init function will return a NSSCKFWCryptoOperation which |
| * can supply update, final, the single part updateFinal, and |
| * the combo updateCombo functions. |
| * |
| * For simplicity, the routines are listed in summary here: |
| * |
| * EncryptInit, |
| * DecryptInit, |
| * DigestInit, |
| * SignInit, |
| * SignRecoverInit; |
| * VerifyInit, |
| * VerifyRecoverInit; |
| * |
| * The key-management routines are |
| * |
| * GenerateKey |
| * GenerateKeyPair |
| * WrapKey |
| * UnwrapKey |
| * DeriveKey |
| * |
| * All of these routines based on the Cryptoki API; |
| * see PKCS#11 for further information. |
| */ |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| */ |
| NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdKey, |
| NSSCKFWObject *fwKey, |
| CK_RV *pError); |
| |
| /* |
| * Key management operations. |
| */ |
| |
| /* |
| * This routine generates a key. This routine may return NULL |
| * upon error. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *GenerateKey)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This routine generates a key pair. |
| */ |
| CK_RV(PR_CALLBACK *GenerateKeyPair) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_PTR pPublicKeyTemplate, |
| CK_ULONG ulPublicKeyAttributeCount, |
| CK_ATTRIBUTE_PTR pPrivateKeyTemplate, |
| CK_ULONG ulPrivateKeyAttributeCount, |
| NSSCKMDObject **pPublicKey, |
| NSSCKMDObject **pPrivateKey); |
| |
| /* |
| * This routine wraps a key. |
| */ |
| CK_ULONG(PR_CALLBACK *GetWrapKeyLength) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdWrappingKey, |
| NSSCKFWObject *fwWrappingKey, |
| NSSCKMDObject *mdWrappedKey, |
| NSSCKFWObject *fwWrappedKey, |
| CK_RV *pError); |
| |
| /* |
| * This routine wraps a key. |
| */ |
| CK_RV(PR_CALLBACK *WrapKey) |
| ( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdWrappingKey, |
| NSSCKFWObject *fwWrappingKey, |
| NSSCKMDObject *mdKeyObject, |
| NSSCKFWObject *fwKeyObject, |
| NSSItem *wrappedKey); |
| |
| /* |
| * This routine unwraps a key. This routine may return NULL |
| * upon error. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdWrappingKey, |
| NSSCKFWObject *fwWrappingKey, |
| NSSItem *wrappedKey, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This routine derives a key. This routine may return NULL |
| * upon error. |
| */ |
| NSSCKMDObject *(PR_CALLBACK *DeriveKey)( |
| NSSCKMDMechanism *mdMechanism, |
| NSSCKFWMechanism *fwMechanism, |
| CK_MECHANISM_PTR pMechanism, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| NSSCKMDObject *mdBaseKey, |
| NSSCKFWObject *fwBaseKey, |
| CK_ATTRIBUTE_PTR pTemplate, |
| CK_ULONG ulAttributeCount, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| /* |
| * NSSCKMDObject |
| * |
| * This is the basic handle for any object used by a PKCS#11 Module. |
| * Modules must implement it if they support their own objects, and |
| * the Framework supports it for Modules that do not handle session |
| * objects. This type contains a pointer for use by the implementor, |
| * to store any object-specific data, and it contains an EPV for a |
| * set of routines used to access the object. |
| */ |
| |
| struct NSSCKMDObjectStr { |
| /* |
| * The implementation my use this pointer for its own purposes. |
| */ |
| void *etc; |
| |
| /* |
| * This routine is called by the Framework when it is letting |
| * go of an object handle. It can be used by the Module to |
| * free any resources tied up by an object "in use." It is |
| * optional. |
| */ |
| void(PR_CALLBACK *Finalize)( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine is used to completely destroy an object. |
| * It is optional. The parameter fwObject might be NULL |
| * if the framework runs out of memory at the wrong moment. |
| */ |
| CK_RV(PR_CALLBACK *Destroy) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This helper routine is used by the Framework, and is especially |
| * useful when it is managing session objects on behalf of the |
| * Module. This routine is optional; if unimplemented, the |
| * Framework will actually look up the CKA_TOKEN attribute. In the |
| * event of an error, just make something up-- the Framework will |
| * find out soon enough anyway. |
| */ |
| CK_BBOOL(PR_CALLBACK *IsTokenObject) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance); |
| |
| /* |
| * This routine returns the number of attributes of which this |
| * object consists. It is mandatory. It can return zero on |
| * error. |
| */ |
| CK_ULONG(PR_CALLBACK *GetAttributeCount) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This routine stuffs the attribute types into the provided array. |
| * The array size (as obtained from GetAttributeCount) is passed in |
| * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong |
| * (either too big or too small). |
| */ |
| CK_RV(PR_CALLBACK *GetAttributeTypes) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_TYPE_PTR typeArray, |
| CK_ULONG ulCount); |
| |
| /* |
| * This routine returns the size (in bytes) of the specified |
| * attribute. It can return zero on error. |
| */ |
| CK_ULONG(PR_CALLBACK *GetAttributeSize) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_TYPE attribute, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns an NSSCKFWItem structure. |
| * The item pointer points to an NSSItem containing the attribute value. |
| * The needsFreeing bit tells the framework whether to call the |
| * FreeAttribute function . Upon error, an NSSCKFWItem structure |
| * with a NULL NSSItem item pointer will be returned |
| */ |
| NSSCKFWItem(PR_CALLBACK *GetAttribute)( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_TYPE attribute, |
| CK_RV *pError); |
| |
| /* |
| * This routine returns CKR_OK if the attribute could be freed. |
| */ |
| CK_RV(PR_CALLBACK *FreeAttribute) |
| ( |
| NSSCKFWItem *item); |
| |
| /* |
| * This routine changes the specified attribute. If unimplemented, |
| * the object will be considered read-only. |
| */ |
| CK_RV(PR_CALLBACK *SetAttribute) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_ATTRIBUTE_TYPE attribute, |
| NSSItem *value); |
| |
| /* |
| * This routine returns the storage requirements of this object, |
| * in bytes. Cryptoki doesn't strictly define the definition, |
| * but it should relate to the values returned by the "Get Memory" |
| * routines of the NSSCKMDToken. This routine is optional; if |
| * unimplemented, the Framework will consider this information |
| * sensitive. This routine may return zero on error. If the |
| * specified error is CKR_OK, zero will be accepted as a valid |
| * response. |
| */ |
| CK_ULONG(PR_CALLBACK *GetObjectSize) |
| ( |
| NSSCKMDObject *mdObject, |
| NSSCKFWObject *fwObject, |
| NSSCKMDSession *mdSession, |
| NSSCKFWSession *fwSession, |
| NSSCKMDToken *mdToken, |
| NSSCKFWToken *fwToken, |
| NSSCKMDInstance *mdInstance, |
| NSSCKFWInstance *fwInstance, |
| CK_RV *pError); |
| |
| /* |
| * This object may be extended in future versions of the |
| * NSS Cryptoki Framework. To allow for some flexibility |
| * in the area of binary compatibility, this field should |
| * be NULL. |
| */ |
| void *null; |
| }; |
| |
| #endif /* NSSCKMDT_H */ |