andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef NSSCKMDT_H andre@0: #define NSSCKMDT_H andre@0: andre@0: /* andre@0: * nssckmdt.h andre@0: * andre@0: * This file specifies the basic types that must be implemented by andre@0: * any Module using the NSS Cryptoki Framework. andre@0: */ andre@0: andre@0: #ifndef NSSBASET_H andre@0: #include "nssbaset.h" andre@0: #endif /* NSSBASET_H */ andre@0: andre@0: #ifndef NSSCKT_H andre@0: #include "nssckt.h" andre@0: #endif /* NSSCKT_H */ andre@0: andre@0: #ifndef NSSCKFWT_H andre@0: #include "nssckfwt.h" andre@0: #endif /* NSSCKFWT_H */ andre@0: andre@0: typedef struct NSSCKMDInstanceStr NSSCKMDInstance; andre@0: typedef struct NSSCKMDSlotStr NSSCKMDSlot; andre@0: typedef struct NSSCKMDTokenStr NSSCKMDToken; andre@0: typedef struct NSSCKMDSessionStr NSSCKMDSession; andre@0: typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation; andre@0: typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects; andre@0: typedef struct NSSCKMDMechanismStr NSSCKMDMechanism; andre@0: typedef struct NSSCKMDObjectStr NSSCKMDObject; andre@0: andre@0: /* andre@0: * NSSCKFWItem andre@0: * andre@0: * This is a structure used by modules to return object attributes. andre@0: * The needsFreeing bit indicates whether the object needs to be freed. andre@0: * If so, the framework will call the FreeAttribute function on the item andre@0: * after it is done using it. andre@0: * andre@0: */ andre@0: andre@0: typedef struct { andre@0: PRBool needsFreeing; andre@0: NSSItem* item; andre@0: } NSSCKFWItem ; andre@0: andre@0: /* andre@0: * NSSCKMDInstance andre@0: * andre@0: * This is the basic handle for an instance of a PKCS#11 Module. andre@0: * It is returned by the Module's CreateInstance routine, and andre@0: * may be obtained from the corresponding NSSCKFWInstance object. andre@0: * It contains a pointer for use by the Module, to store any andre@0: * instance-related data, and it contains the EPV for a set of andre@0: * routines which the Module may implement for use by the Framework. andre@0: * Some of these routines are optional; others are mandatory. andre@0: */ andre@0: andre@0: struct NSSCKMDInstanceStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called by the Framework to initialize andre@0: * the Module. This routine is optional; if unimplemented, andre@0: * it won't be called. If this routine returns an error, andre@0: * then the initialization will fail. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Initialize)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSUTF8 *configurationData andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called when the Framework is finalizing andre@0: * the PKCS#11 Module. It is the last thing called before andre@0: * the NSSCKFWInstance's NSSArena is destroyed. This routine andre@0: * is optional; if unimplemented, it merely won't be called. andre@0: */ andre@0: void (PR_CALLBACK *Finalize)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine gets the number of slots. This value must andre@0: * never change, once the instance is initialized. This andre@0: * routine must be implemented. It may return zero on error. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetNSlots)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version of the Cryptoki standard andre@0: * to which this Module conforms. This routine is optional; andre@0: * if unimplemented, the Framework uses the version to which andre@0: * ~it~ was implemented. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing the manufacturer ID for this Module. Only andre@0: * the characters completely encoded in the first thirty- andre@0: * two bytes are significant. This routine is optional. andre@0: * The string returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing a description of this Module library. Only andre@0: * the characters completely encoded in the first thirty- andre@0: * two bytes are significant. This routine is optional. andre@0: * The string returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version of this Module library. andre@0: * This routine is optional; if unimplemented, the Framework andre@0: * will assume a Module library version of 0.1. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetLibraryVersion)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the Module wishes to andre@0: * handle session objects. This routine is optional. andre@0: * If this routine is NULL, or if it exists but returns andre@0: * CK_FALSE, the Framework will assume responsibility andre@0: * for managing session objects. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine stuffs pointers to NSSCKMDSlot objects into andre@0: * the specified array; one for each slot supported by this andre@0: * instance. The Framework will determine the size needed andre@0: * for the array by calling GetNSlots. This routine is andre@0: * required. andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetSlots)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDSlot *slots[] andre@0: ); andre@0: andre@0: /* andre@0: * This call returns a pointer to the slot in which an event andre@0: * has occurred. If the block argument is CK_TRUE, the call andre@0: * should block until a slot event occurs; if CK_FALSE, it andre@0: * should check to see if an event has occurred, occurred, andre@0: * but return NULL (and set *pError to CK_NO_EVENT) if one andre@0: * hasn't. This routine is optional; if unimplemented, the andre@0: * Framework will assume that no event has happened. This andre@0: * routine may return NULL upon error. andre@0: */ andre@0: NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_BBOOL block, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: andre@0: /* andre@0: * NSSCKMDSlot andre@0: * andre@0: * This is the basic handle for a PKCS#11 Module Slot. It is andre@0: * created by the NSSCKMDInstance->GetSlots call, and may be andre@0: * obtained from the Framework's corresponding NSSCKFWSlot andre@0: * object. It contains a pointer for use by the Module, to andre@0: * store any slot-related data, and it contains the EPV for andre@0: * a set of routines which the Module may implement for use andre@0: * by the Framework. Some of these routines are optional. andre@0: */ andre@0: andre@0: struct NSSCKMDSlotStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called during the Framework initialization andre@0: * step, after the Framework Instance has obtained the list andre@0: * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- andre@0: * specific initialization can be done here. This routine is andre@0: * optional; if unimplemented, it won't be called. Note that andre@0: * if this routine returns an error, the entire Framework andre@0: * initialization for this Module will fail. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Initialize)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called when the Framework is finalizing andre@0: * the PKCS#11 Module. This call (for each of the slots) andre@0: * is the last thing called before NSSCKMDInstance->Finalize. andre@0: * This routine is optional; if unimplemented, it merely andre@0: * won't be called. Note: In the rare circumstance that andre@0: * the Framework initialization cannot complete (due to, andre@0: * for example, memory limitations), this can be called with andre@0: * a NULL value for fwSlot. andre@0: */ andre@0: void (PR_CALLBACK *Destroy)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing a description of this slot. Only the characters andre@0: * completely encoded in the first sixty-four bytes are andre@0: * significant. This routine is optional. The string andre@0: * returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing a description of the manufacturer of this slot. andre@0: * Only the characters completely encoded in the first thirty- andre@0: * two bytes are significant. This routine is optional. andre@0: * The string returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if a token is present in this andre@0: * slot. This routine is optional; if unimplemented, CK_TRUE andre@0: * is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetTokenPresent)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the slot supports removable andre@0: * tokens. This routine is optional; if unimplemented, CK_FALSE andre@0: * is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if this slot is a hardware andre@0: * device, or CK_FALSE if this slot is a software device. This andre@0: * routine is optional; if unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version of this slot's hardware. andre@0: * This routine is optional; if unimplemented, the Framework andre@0: * will assume a hardware version of 0.1. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetHardwareVersion)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version of this slot's firmware. andre@0: * This routine is optional; if unimplemented, the Framework andre@0: * will assume a hardware version of 0.1. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine should return a pointer to an NSSCKMDToken andre@0: * object corresponding to the token in the specified slot. andre@0: * The NSSCKFWToken object passed in has an NSSArena andre@0: * available which is dedicated for this token. This routine andre@0: * must be implemented. This routine may return NULL upon andre@0: * error. andre@0: */ andre@0: NSSCKMDToken *(PR_CALLBACK *GetToken)( andre@0: NSSCKMDSlot *mdSlot, andre@0: NSSCKFWSlot *fwSlot, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDToken andre@0: * andre@0: * This is the basic handle for a PKCS#11 Token. It is created by andre@0: * the NSSCKMDSlot->GetToken call, and may be obtained from the andre@0: * Framework's corresponding NSSCKFWToken object. It contains a andre@0: * pointer for use by the Module, to store any token-related andre@0: * data, and it contains the EPV for a set of routines which the andre@0: * Module may implement for use by the Framework. Some of these andre@0: * routines are optional. andre@0: */ andre@0: andre@0: struct NSSCKMDTokenStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is used to prepare a Module token object for andre@0: * use. It is called after the NSSCKMDToken object is obtained andre@0: * from NSSCKMDSlot->GetToken. It is named "Setup" here because andre@0: * Cryptoki already defines "InitToken" to do the process of andre@0: * wiping out any existing state on a token and preparing it for andre@0: * a new use. This routine is optional; if unimplemented, it andre@0: * merely won't be called. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Setup)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called by the Framework whenever it notices andre@0: * that the token object is invalid. (Typically this is when a andre@0: * routine indicates an error such as CKR_DEVICE_REMOVED). This andre@0: * call is the last thing called before the NSSArena in the andre@0: * corresponding NSSCKFWToken is destroyed. This routine is andre@0: * optional; if unimplemented, it merely won't be called. andre@0: */ andre@0: void (PR_CALLBACK *Invalidate)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine initialises the token in the specified slot. andre@0: * This routine is optional; if unimplemented, the Framework andre@0: * will fail this operation with an error of CKR_DEVICE_ERROR. andre@0: */ andre@0: andre@0: CK_RV (PR_CALLBACK *InitToken)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *pin, andre@0: NSSUTF8 *label andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing this token's label. Only the characters andre@0: * completely encoded in the first thirty-two bytes are andre@0: * significant. This routine is optional. The string andre@0: * returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetLabel)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing this token's manufacturer ID. Only the characters andre@0: * completely encoded in the first thirty-two bytes are andre@0: * significant. This routine is optional. The string andre@0: * returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing this token's model name. Only the characters andre@0: * completely encoded in the first thirty-two bytes are andre@0: * significant. This routine is optional. The string andre@0: * returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetModel)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a UTF8-encoded string andre@0: * containing this token's serial number. Only the characters andre@0: * completely encoded in the first thirty-two bytes are andre@0: * significant. This routine is optional. The string andre@0: * returned is never freed; if dynamically generated, andre@0: * the space for it should be allocated from the NSSArena andre@0: * that may be obtained from the NSSCKFWInstance. This andre@0: * routine may return NULL upon error; however if *pError andre@0: * is CKR_OK, the NULL will be considered the valid response. andre@0: */ andre@0: NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the token has its own andre@0: * random number generator. This routine is optional; if andre@0: * unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetHasRNG)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if this token is write-protected. andre@0: * This routine is optional; if unimplemented, CK_FALSE is andre@0: * assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if this token requires a login. andre@0: * This routine is optional; if unimplemented, CK_FALSE is andre@0: * assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetLoginRequired)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the normal user's PIN on this andre@0: * token has been initialised. This routine is optional; if andre@0: * unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if a successful save of a andre@0: * session's cryptographic operations state ~always~ contains andre@0: * all keys needed to restore the state of the session. This andre@0: * routine is optional; if unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the token has its own andre@0: * hardware clock. This routine is optional; if unimplemented, andre@0: * CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the token has a protected andre@0: * authentication path. This routine is optional; if andre@0: * unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CK_TRUE if the token supports dual andre@0: * cryptographic operations within a single session. This andre@0: * routine is optional; if unimplemented, CK_FALSE is assumed. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * XXX fgmr-- should we have a call to return all the flags andre@0: * at once, for folks who already know about Cryptoki? andre@0: */ andre@0: andre@0: /* andre@0: * This routine returns the maximum number of sessions that andre@0: * may be opened on this token. This routine is optional; andre@0: * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION andre@0: * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the maximum number of read/write andre@0: * sesisons that may be opened on this token. This routine andre@0: * is optional; if unimplemented, the special value andre@0: * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or andre@0: * CK_EFFECTIVELY_INFINITE? andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the maximum PIN code length that is andre@0: * supported on this token. This routine is optional; andre@0: * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION andre@0: * is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMaxPinLen)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the minimum PIN code length that is andre@0: * supported on this token. This routine is optional; if andre@0: * unimplemented, the special value CK_UNAVAILABLE_INFORMATION andre@0: * is assumed. XXX fgmr-- or 0? andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMinPinLen)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the total amount of memory on the token andre@0: * in which public objects may be stored. This routine is andre@0: * optional; if unimplemented, the special value andre@0: * CK_UNAVAILABLE_INFORMATION is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the amount of unused memory on the andre@0: * token in which public objects may be stored. This routine andre@0: * is optional; if unimplemented, the special value andre@0: * CK_UNAVAILABLE_INFORMATION is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the total amount of memory on the token andre@0: * in which private objects may be stored. This routine is andre@0: * optional; if unimplemented, the special value andre@0: * CK_UNAVAILABLE_INFORMATION is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the amount of unused memory on the andre@0: * token in which private objects may be stored. This routine andre@0: * is optional; if unimplemented, the special value andre@0: * CK_UNAVAILABLE_INFORMATION is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version number of this token's andre@0: * hardware. This routine is optional; if unimplemented, andre@0: * the value 0.1 is assumed. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetHardwareVersion)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the version number of this token's andre@0: * firmware. This routine is optional; if unimplemented, andre@0: * the value 0.1 is assumed. andre@0: */ andre@0: CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine stuffs the current UTC time, as obtained from andre@0: * the token, into the sixteen-byte buffer in the form andre@0: * YYYYMMDDhhmmss00. This routine need only be implemented andre@0: * by token which indicate that they have a real-time clock. andre@0: * XXX fgmr-- think about time formats. andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetUTCTime)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_CHAR utcTime[16] andre@0: ); andre@0: andre@0: /* andre@0: * This routine creates a session on the token, and returns andre@0: * the corresponding NSSCKMDSession object. The value of andre@0: * rw will be CK_TRUE if the session is to be a read/write andre@0: * session, or CK_FALSE otherwise. An NSSArena dedicated to andre@0: * the new session is available from the specified NSSCKFWSession. andre@0: * This routine may return NULL upon error. andre@0: */ andre@0: NSSCKMDSession *(PR_CALLBACK *OpenSession)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKFWSession *fwSession, andre@0: CK_BBOOL rw, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the number of PKCS#11 Mechanisms andre@0: * supported by this token. This routine is optional; if andre@0: * unimplemented, zero is assumed. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMechanismCount)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine stuffs into the specified array the types andre@0: * of the mechanisms supported by this token. The Framework andre@0: * determines the size of the array by calling GetMechanismCount. andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetMechanismTypes)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_MECHANISM_TYPE types[] andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns a pointer to a Module mechanism andre@0: * object corresponding to a specified type. This routine andre@0: * need only exist for tokens implementing at least one andre@0: * mechanism. andre@0: */ andre@0: NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_MECHANISM_TYPE which, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDSession andre@0: * andre@0: * This is the basic handle for a session on a PKCS#11 Token. It andre@0: * is created by NSSCKMDToken->OpenSession, and may be obtained andre@0: * from the Framework's corresponding NSSCKFWSession object. It andre@0: * contains a pointer for use by the Module, to store any session- andre@0: * realted data, and it contains the EPV for a set of routines andre@0: * which the Module may implement for use by the Framework. Some andre@0: * of these routines are optional. andre@0: */ andre@0: andre@0: struct NSSCKMDSessionStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called by the Framework when a session is andre@0: * closed. This call is the last thing called before the andre@0: * NSSArena in the correspoinding NSSCKFWSession is destroyed. andre@0: * This routine is optional; if unimplemented, it merely won't andre@0: * be called. andre@0: */ andre@0: void (PR_CALLBACK *Close)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to get any device-specific error. andre@0: * This routine is optional. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetDeviceError)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to log in a user to the token. This andre@0: * routine is optional, since the Framework's NSSCKFWSession andre@0: * object keeps track of the login state. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Login)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_USER_TYPE userType, andre@0: NSSItem *pin, andre@0: CK_STATE oldState, andre@0: CK_STATE newState andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to log out a user from the token. This andre@0: * routine is optional, since the Framework's NSSCKFWSession andre@0: * object keeps track of the login state. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Logout)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_STATE oldState, andre@0: CK_STATE newState andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to initialize the normal user's PIN or andre@0: * password. This will only be called in the "read/write andre@0: * security officer functions" state. If this token has a andre@0: * protected authentication path, then the pin argument will andre@0: * be NULL. This routine is optional; if unimplemented, the andre@0: * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. andre@0: */ andre@0: CK_RV (PR_CALLBACK *InitPIN)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *pin andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to modify a user's PIN or password. This andre@0: * routine will only be called in the "read/write security officer andre@0: * functions" or "read/write user functions" state. If this token andre@0: * has a protected authentication path, then the pin arguments andre@0: * will be NULL. This routine is optional; if unimplemented, the andre@0: * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. andre@0: */ andre@0: CK_RV (PR_CALLBACK *SetPIN)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *oldPin, andre@0: NSSItem *newPin andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to find out how much space would be required andre@0: * to save the current operational state. This routine is optional; andre@0: * if unimplemented, the Framework will reject any attempts to save andre@0: * the operational state with the error CKR_STATE_UNSAVEABLE. This andre@0: * routine may return zero on error. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetOperationStateLen)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to store the current operational state. This andre@0: * routine is only required if GetOperationStateLen is implemented andre@0: * and can return a nonzero value. The buffer in the specified item andre@0: * will be pre-allocated, and the length will specify the amount of andre@0: * space available (which may be more than GetOperationStateLen andre@0: * asked for, but which will not be smaller). andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetOperationState)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *buffer andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to restore an operational state previously andre@0: * obtained with GetOperationState. The Framework will take pains andre@0: * to be sure that the state is (or was at one point) valid; if the andre@0: * Module notices that the state is invalid, it should return an andre@0: * error, but it is not required to be paranoid about the issue. andre@0: * [XXX fgmr-- should (can?) the framework verify the keys match up?] andre@0: * This routine is required only if GetOperationState is implemented. andre@0: */ andre@0: CK_RV (PR_CALLBACK *SetOperationState)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *state, andre@0: NSSCKMDObject *mdEncryptionKey, andre@0: NSSCKFWObject *fwEncryptionKey, andre@0: NSSCKMDObject *mdAuthenticationKey, andre@0: NSSCKFWObject *fwAuthenticationKey andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to create an object. The specified template andre@0: * will only specify a session object if the Module has indicated andre@0: * that it wishes to handle its own session objects. This routine andre@0: * is optional; if unimplemented, the Framework will reject the andre@0: * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for andre@0: * token objects should come from the NSSArena available from the andre@0: * NSSCKFWToken object; space for session objects (if supported) andre@0: * should come from the NSSArena available from the NSSCKFWSession andre@0: * object. The appropriate NSSArena pointer will, as a convenience, andre@0: * be passed as the handyArenaPointer argument. This routine may andre@0: * return NULL upon error. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *CreateObject)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSArena *handyArenaPointer, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to make a copy of an object. It is entirely andre@0: * optional; if unimplemented, the Framework will try to use andre@0: * CreateObject instead. If the Module has indicated that it does andre@0: * not wish to handle session objects, then this routine will only andre@0: * be called to copy a token object to another token object. andre@0: * Otherwise, either the original object or the new may be of andre@0: * either the token or session variety. As with CreateObject, the andre@0: * handyArenaPointer will point to the appropriate arena for the andre@0: * new object. This routine may return NULL upon error. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *CopyObject)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdOldObject, andre@0: NSSCKFWObject *fwOldObject, andre@0: NSSArena *handyArenaPointer, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to begin an object search. This routine may andre@0: * be unimplemented only if the Module does not handle session andre@0: * objects, and if none of its tokens have token objects. The andre@0: * NSSCKFWFindObjects pointer has an NSSArena that may be used for andre@0: * storage for the life of this "find" operation. This routine may andre@0: * return NULL upon error. If the Module can determine immediately andre@0: * that the search will not find any matching objects, it may return andre@0: * NULL, and specify CKR_OK as the error. andre@0: */ andre@0: NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine seeds the random-number generator. It is andre@0: * optional, even if GetRandom is implemented. If unimplemented, andre@0: * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. andre@0: */ andre@0: CK_RV (PR_CALLBACK *SeedRandom)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *seed andre@0: ); andre@0: andre@0: /* andre@0: * This routine gets random data. It is optional. If unimplemented, andre@0: * the Framework will issue the error CKR_RANDOM_NO_RNG. andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetRandom)( andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *buffer andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDFindObjects andre@0: * andre@0: * This is the basic handle for an object search. It is andre@0: * created by NSSCKMDSession->FindObjectsInit, and may be andre@0: * obtained from the Framework's corresponding object. andre@0: * It contains a pointer for use by the Module, to store andre@0: * any search-related data, and it contains the EPV for a andre@0: * set of routines which the Module may implement for use andre@0: * by the Framework. Some of these routines are optional. andre@0: */ andre@0: andre@0: struct NSSCKMDFindObjectsStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called by the Framework to finish a andre@0: * search operation. Note that the Framework may finish andre@0: * a search before it has completed. This routine is andre@0: * optional; if unimplemented, it merely won't be called. andre@0: */ andre@0: void (PR_CALLBACK *Final)( andre@0: NSSCKMDFindObjects *mdFindObjects, andre@0: NSSCKFWFindObjects *fwFindObjects, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to obtain another pointer to an andre@0: * object matching the search criteria. This routine is andre@0: * required. If no (more) objects match the search, it andre@0: * should return NULL and set the error to CKR_OK. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *Next)( andre@0: NSSCKMDFindObjects *mdFindObjects, andre@0: NSSCKFWFindObjects *fwFindObjects, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSArena *arena, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDCryptoOperaion andre@0: * andre@0: * This is the basic handle for an encryption, decryption, andre@0: * sign, verify, or hash opertion. andre@0: * created by NSSCKMDMechanism->XXXXInit, and may be andre@0: * obtained from the Framework's corresponding object. andre@0: * It contains a pointer for use by the Module, to store andre@0: * any intermediate data, and it contains the EPV for a andre@0: * set of routines which the Module may implement for use andre@0: * by the Framework. Some of these routines are optional. andre@0: */ andre@0: andre@0: struct NSSCKMDCryptoOperationStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called by the Framework clean up the mdCryptoOperation andre@0: * structure. andre@0: * This routine is optional; if unimplemented, it will be ignored. andre@0: */ andre@0: void (PR_CALLBACK *Destroy)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: andre@0: /* andre@0: * how many bytes do we need to finish this buffer? andre@0: * must be implemented if Final is implemented. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetFinalLength)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * how many bytes do we need to complete the next operation. andre@0: * used in both Update and UpdateFinal. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetOperationLength)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: const NSSItem *inputBuffer, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called by the Framework to finish a andre@0: * search operation. Note that the Framework may finish andre@0: * a search before it has completed. This routine is andre@0: * optional; if unimplemented, it merely won't be called. andre@0: * The respective final call with fail with CKR_FUNCTION_FAILED andre@0: * Final should not free the mdCryptoOperation. andre@0: */ andre@0: CK_RV(PR_CALLBACK *Final)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSItem *outputBuffer andre@0: ); andre@0: andre@0: andre@0: /* andre@0: * This routine is called by the Framework to complete the andre@0: * next step in an encryption/decryption operation. andre@0: * This routine is optional; if unimplemented, the respective andre@0: * update call with fail with CKR_FUNCTION_FAILED. andre@0: * Update should not be implemented for signing/verification/digest andre@0: * mechanisms. andre@0: */ andre@0: CK_RV(PR_CALLBACK *Update)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: const NSSItem *inputBuffer, andre@0: NSSItem *outputBuffer andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called by the Framework to complete the andre@0: * next step in a signing/verification/digest operation. andre@0: * This routine is optional; if unimplemented, the respective andre@0: * update call with fail with CKR_FUNCTION_FAILED andre@0: * Update should not be implemented for encryption/decryption andre@0: * mechanisms. andre@0: */ andre@0: CK_RV(PR_CALLBACK *DigestUpdate)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: const NSSItem *inputBuffer andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called by the Framework to complete a andre@0: * single step operation. This routine is optional; if unimplemented, andre@0: * the framework will use the Update and Final functions to complete andre@0: * the operation. andre@0: */ andre@0: CK_RV(PR_CALLBACK *UpdateFinal)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: const NSSItem *inputBuffer, andre@0: NSSItem *outputBuffer andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called by the Framework to complete next andre@0: * step in a combined operation. The Decrypt/Encrypt mechanism andre@0: * should define and drive the combo step. andre@0: * This routine is optional; if unimplemented, andre@0: * the framework will use the appropriate Update functions to complete andre@0: * the operation. andre@0: */ andre@0: CK_RV(PR_CALLBACK *UpdateCombo)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDCryptoOperation *mdPeerCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwPeerCryptoOperation, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: const NSSItem *inputBuffer, andre@0: NSSItem *outputBuffer andre@0: ); andre@0: andre@0: /* andre@0: * Hash a key directly into the digest andre@0: */ andre@0: CK_RV(PR_CALLBACK *DigestKey)( andre@0: NSSCKMDCryptoOperation *mdCryptoOperation, andre@0: NSSCKFWCryptoOperation *fwCryptoOperation, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDMechanism andre@0: * andre@0: */ andre@0: andre@0: struct NSSCKMDMechanismStr { andre@0: /* andre@0: * The Module may use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This also frees the fwMechanism if appropriate. andre@0: * If it is not supplied, the Framework will assume that the Token andre@0: * Manages a static list of mechanisms and the function will not be called. andre@0: */ andre@0: void (PR_CALLBACK *Destroy)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: andre@0: /* andre@0: * This routine returns the minimum key size allowed for andre@0: * this mechanism. This routine is optional; if unimplemented, andre@0: * zero will be assumed. This routine may return zero on andre@0: * error; if the error is CKR_OK, zero will be accepted as andre@0: * a valid response. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMinKeySize)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the maximum key size allowed for andre@0: * this mechanism. This routine is optional; if unimplemented, andre@0: * zero will be assumed. This routine may return zero on andre@0: * error; if the error is CKR_OK, zero will be accepted as andre@0: * a valid response. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetMaxKeySize)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine is called to determine if the mechanism is andre@0: * implemented in hardware or software. It returns CK_TRUE andre@0: * if it is done in hardware. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *GetInHardware)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * The crypto routines themselves. Most crypto operations may andre@0: * be performed in two ways, streaming and single-part. The andre@0: * streaming operations involve the use of (typically) three andre@0: * calls-- an Init method to set up the operation, an Update andre@0: * method to feed data to the operation, and a Final method to andre@0: * obtain the final result. Single-part operations involve andre@0: * one method, to perform the crypto operation all at once. andre@0: * andre@0: * The NSS Cryptoki Framework can implement the single-part andre@0: * operations in terms of the streaming operations on behalf andre@0: * of the Module. There are a few variances. andre@0: * andre@0: * Only the Init Functions are defined by the mechanism. Each andre@0: * init function will return a NSSCKFWCryptoOperation which andre@0: * can supply update, final, the single part updateFinal, and andre@0: * the combo updateCombo functions. andre@0: * andre@0: * For simplicity, the routines are listed in summary here: andre@0: * andre@0: * EncryptInit, andre@0: * DecryptInit, andre@0: * DigestInit, andre@0: * SignInit, andre@0: * SignRecoverInit; andre@0: * VerifyInit, andre@0: * VerifyRecoverInit; andre@0: * andre@0: * The key-management routines are andre@0: * andre@0: * GenerateKey andre@0: * GenerateKeyPair andre@0: * WrapKey andre@0: * UnwrapKey andre@0: * DeriveKey andre@0: * andre@0: * All of these routines based on the Cryptoki API; andre@0: * see PKCS#11 for further information. andre@0: */ andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: */ andre@0: NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdKey, andre@0: NSSCKFWObject *fwKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * Key management operations. andre@0: */ andre@0: andre@0: /* andre@0: * This routine generates a key. This routine may return NULL andre@0: * upon error. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *GenerateKey)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine generates a key pair. andre@0: */ andre@0: CK_RV (PR_CALLBACK *GenerateKeyPair)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_PTR pPublicKeyTemplate, andre@0: CK_ULONG ulPublicKeyAttributeCount, andre@0: CK_ATTRIBUTE_PTR pPrivateKeyTemplate, andre@0: CK_ULONG ulPrivateKeyAttributeCount, andre@0: NSSCKMDObject **pPublicKey, andre@0: NSSCKMDObject **pPrivateKey andre@0: ); andre@0: andre@0: /* andre@0: * This routine wraps a key. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdWrappingKey, andre@0: NSSCKFWObject *fwWrappingKey, andre@0: NSSCKMDObject *mdWrappedKey, andre@0: NSSCKFWObject *fwWrappedKey, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine wraps a key. andre@0: */ andre@0: CK_RV (PR_CALLBACK *WrapKey)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdWrappingKey, andre@0: NSSCKFWObject *fwWrappingKey, andre@0: NSSCKMDObject *mdKeyObject, andre@0: NSSCKFWObject *fwKeyObject, andre@0: NSSItem *wrappedKey andre@0: ); andre@0: andre@0: /* andre@0: * This routine unwraps a key. This routine may return NULL andre@0: * upon error. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdWrappingKey, andre@0: NSSCKFWObject *fwWrappingKey, andre@0: NSSItem *wrappedKey, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine derives a key. This routine may return NULL andre@0: * upon error. andre@0: */ andre@0: NSSCKMDObject *(PR_CALLBACK *DeriveKey)( andre@0: NSSCKMDMechanism *mdMechanism, andre@0: NSSCKFWMechanism *fwMechanism, andre@0: CK_MECHANISM_PTR pMechanism, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: NSSCKMDObject *mdBaseKey, andre@0: NSSCKFWObject *fwBaseKey, andre@0: CK_ATTRIBUTE_PTR pTemplate, andre@0: CK_ULONG ulAttributeCount, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: /* andre@0: * NSSCKMDObject andre@0: * andre@0: * This is the basic handle for any object used by a PKCS#11 Module. andre@0: * Modules must implement it if they support their own objects, and andre@0: * the Framework supports it for Modules that do not handle session andre@0: * objects. This type contains a pointer for use by the implementor, andre@0: * to store any object-specific data, and it contains an EPV for a andre@0: * set of routines used to access the object. andre@0: */ andre@0: andre@0: struct NSSCKMDObjectStr { andre@0: /* andre@0: * The implementation my use this pointer for its own purposes. andre@0: */ andre@0: void *etc; andre@0: andre@0: /* andre@0: * This routine is called by the Framework when it is letting andre@0: * go of an object handle. It can be used by the Module to andre@0: * free any resources tied up by an object "in use." It is andre@0: * optional. andre@0: */ andre@0: void (PR_CALLBACK *Finalize)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine is used to completely destroy an object. andre@0: * It is optional. The parameter fwObject might be NULL andre@0: * if the framework runs out of memory at the wrong moment. andre@0: */ andre@0: CK_RV (PR_CALLBACK *Destroy)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This helper routine is used by the Framework, and is especially andre@0: * useful when it is managing session objects on behalf of the andre@0: * Module. This routine is optional; if unimplemented, the andre@0: * Framework will actually look up the CKA_TOKEN attribute. In the andre@0: * event of an error, just make something up-- the Framework will andre@0: * find out soon enough anyway. andre@0: */ andre@0: CK_BBOOL (PR_CALLBACK *IsTokenObject)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the number of attributes of which this andre@0: * object consists. It is mandatory. It can return zero on andre@0: * error. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetAttributeCount)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine stuffs the attribute types into the provided array. andre@0: * The array size (as obtained from GetAttributeCount) is passed in andre@0: * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong andre@0: * (either too big or too small). andre@0: */ andre@0: CK_RV (PR_CALLBACK *GetAttributeTypes)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_TYPE_PTR typeArray, andre@0: CK_ULONG ulCount andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the size (in bytes) of the specified andre@0: * attribute. It can return zero on error. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetAttributeSize)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_TYPE attribute, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns an NSSCKFWItem structure. andre@0: * The item pointer points to an NSSItem containing the attribute value. andre@0: * The needsFreeing bit tells the framework whether to call the andre@0: * FreeAttribute function . Upon error, an NSSCKFWItem structure andre@0: * with a NULL NSSItem item pointer will be returned andre@0: */ andre@0: NSSCKFWItem (PR_CALLBACK *GetAttribute)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_TYPE attribute, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns CKR_OK if the attribute could be freed. andre@0: */ andre@0: CK_RV (PR_CALLBACK *FreeAttribute)( andre@0: NSSCKFWItem * item andre@0: ); andre@0: andre@0: /* andre@0: * This routine changes the specified attribute. If unimplemented, andre@0: * the object will be considered read-only. andre@0: */ andre@0: CK_RV (PR_CALLBACK *SetAttribute)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_ATTRIBUTE_TYPE attribute, andre@0: NSSItem *value andre@0: ); andre@0: andre@0: /* andre@0: * This routine returns the storage requirements of this object, andre@0: * in bytes. Cryptoki doesn't strictly define the definition, andre@0: * but it should relate to the values returned by the "Get Memory" andre@0: * routines of the NSSCKMDToken. This routine is optional; if andre@0: * unimplemented, the Framework will consider this information andre@0: * sensitive. This routine may return zero on error. If the andre@0: * specified error is CKR_OK, zero will be accepted as a valid andre@0: * response. andre@0: */ andre@0: CK_ULONG (PR_CALLBACK *GetObjectSize)( andre@0: NSSCKMDObject *mdObject, andre@0: NSSCKFWObject *fwObject, andre@0: NSSCKMDSession *mdSession, andre@0: NSSCKFWSession *fwSession, andre@0: NSSCKMDToken *mdToken, andre@0: NSSCKFWToken *fwToken, andre@0: NSSCKMDInstance *mdInstance, andre@0: NSSCKFWInstance *fwInstance, andre@0: CK_RV *pError andre@0: ); andre@0: andre@0: /* andre@0: * This object may be extended in future versions of the andre@0: * NSS Cryptoki Framework. To allow for some flexibility andre@0: * in the area of binary compatibility, this field should andre@0: * be NULL. andre@0: */ andre@0: void *null; andre@0: }; andre@0: andre@0: andre@0: #endif /* NSSCKMDT_H */