diff options
Diffstat (limited to 'nss/lib/ckfw/nssckmdt.h')
| -rw-r--r-- | nss/lib/ckfw/nssckmdt.h | 3521 |
1 files changed, 1740 insertions, 1781 deletions
diff --git a/nss/lib/ckfw/nssckmdt.h b/nss/lib/ckfw/nssckmdt.h index 2c3aa2e..d98f9b0 100644 --- a/nss/lib/ckfw/nssckmdt.h +++ b/nss/lib/ckfw/nssckmdt.h @@ -44,9 +44,9 @@ typedef struct NSSCKMDObjectStr NSSCKMDObject; */ typedef struct { - PRBool needsFreeing; - NSSItem* item; -} NSSCKFWItem ; + PRBool needsFreeing; + NSSItem *item; +} NSSCKFWItem; /* * NSSCKMDInstance @@ -61,152 +61,147 @@ typedef struct { */ struct NSSCKMDInstanceStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to initialize - * the Module. This routine is optional; if unimplemented, - * it won't be called. If this routine returns an error, - * then the initialization will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSUTF8 *configurationData - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. It is the last thing called before - * the NSSCKFWInstance's NSSArena is destroyed. This routine - * is optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to initialize + * the Module. This routine is optional; if unimplemented, + * it won't be called. If this routine returns an error, + * then the initialization will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSUTF8 *configurationData); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. It is the last thing called before + * the NSSCKFWInstance's NSSArena is destroyed. This routine + * is optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* * This routine gets the number of slots. This value must - * never change, once the instance is initialized. This + * never change, once the instance is initialized. This * routine must be implemented. It may return zero on error. */ - CK_ULONG (PR_CALLBACK *GetNSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of the Cryptoki standard - * to which this Module conforms. This routine is optional; - * if unimplemented, the Framework uses the version to which - * ~it~ was implemented. - */ - CK_VERSION (PR_CALLBACK *GetCryptokiVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing the manufacturer ID for this Module. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this Module library. Only - * the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the version of this Module library. - * This routine is optional; if unimplemented, the Framework - * will assume a Module library version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetLibraryVersion)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the Module wishes to - * handle session objects. This routine is optional. - * If this routine is NULL, or if it exists but returns - * CK_FALSE, the Framework will assume responsibility - * for managing session objects. - */ - CK_BBOOL (PR_CALLBACK *ModuleHandlesSessionObjects)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs pointers to NSSCKMDSlot objects into - * the specified array; one for each slot supported by this - * instance. The Framework will determine the size needed - * for the array by calling GetNSlots. This routine is - * required. - */ - CK_RV (PR_CALLBACK *GetSlots)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDSlot *slots[] - ); - - /* - * This call returns a pointer to the slot in which an event - * has occurred. If the block argument is CK_TRUE, the call - * should block until a slot event occurs; if CK_FALSE, it - * should check to see if an event has occurred, occurred, - * but return NULL (and set *pError to CK_NO_EVENT) if one - * hasn't. This routine is optional; if unimplemented, the - * Framework will assume that no event has happened. This - * routine may return NULL upon error. - */ - NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_BBOOL block, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + CK_ULONG(PR_CALLBACK *GetNSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of the Cryptoki standard + * to which this Module conforms. This routine is optional; + * if unimplemented, the Framework uses the version to which + * ~it~ was implemented. + */ + CK_VERSION(PR_CALLBACK *GetCryptokiVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing the manufacturer ID for this Module. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this Module library. Only + * the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the version of this Module library. + * This routine is optional; if unimplemented, the Framework + * will assume a Module library version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetLibraryVersion) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the Module wishes to + * handle session objects. This routine is optional. + * If this routine is NULL, or if it exists but returns + * CK_FALSE, the Framework will assume responsibility + * for managing session objects. + */ + CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs pointers to NSSCKMDSlot objects into + * the specified array; one for each slot supported by this + * instance. The Framework will determine the size needed + * for the array by calling GetNSlots. This routine is + * required. + */ + CK_RV(PR_CALLBACK *GetSlots) + ( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDSlot *slots[]); + + /* + * This call returns a pointer to the slot in which an event + * has occurred. If the block argument is CK_TRUE, the call + * should block until a slot event occurs; if CK_FALSE, it + * should check to see if an event has occurred, occurred, + * but return NULL (and set *pError to CK_NO_EVENT) if one + * hasn't. This routine is optional; if unimplemented, the + * Framework will assume that no event has happened. This + * routine may return NULL upon error. + */ + NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)( + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_BBOOL block, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - /* * NSSCKMDSlot * @@ -220,165 +215,161 @@ struct NSSCKMDInstanceStr { */ struct NSSCKMDSlotStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called during the Framework initialization - * step, after the Framework Instance has obtained the list - * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- - * specific initialization can be done here. This routine is - * optional; if unimplemented, it won't be called. Note that - * if this routine returns an error, the entire Framework - * initialization for this Module will fail. - */ - CK_RV (PR_CALLBACK *Initialize)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called when the Framework is finalizing - * the PKCS#11 Module. This call (for each of the slots) - * is the last thing called before NSSCKMDInstance->Finalize. - * This routine is optional; if unimplemented, it merely - * won't be called. Note: In the rare circumstance that - * the Framework initialization cannot complete (due to, - * for example, memory limitations), this can be called with - * a NULL value for fwSlot. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of this slot. Only the characters - * completely encoded in the first sixty-four bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing a description of the manufacturer of this slot. - * Only the characters completely encoded in the first thirty- - * two bytes are significant. This routine is optional. - * The string returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if a token is present in this - * slot. This routine is optional; if unimplemented, CK_TRUE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetTokenPresent)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the slot supports removable - * tokens. This routine is optional; if unimplemented, CK_FALSE - * is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRemovableDevice)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this slot is a hardware - * device, or CK_FALSE if this slot is a software device. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHardwareSlot)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's hardware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version of this slot's firmware. - * This routine is optional; if unimplemented, the Framework - * will assume a hardware version of 0.1. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine should return a pointer to an NSSCKMDToken - * object corresponding to the token in the specified slot. - * The NSSCKFWToken object passed in has an NSSArena - * available which is dedicated for this token. This routine - * must be implemented. This routine may return NULL upon - * error. - */ - NSSCKMDToken *(PR_CALLBACK *GetToken)( - NSSCKMDSlot *mdSlot, - NSSCKFWSlot *fwSlot, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called during the Framework initialization + * step, after the Framework Instance has obtained the list + * of slots (by calling NSSCKMDInstance->GetSlots). Any slot- + * specific initialization can be done here. This routine is + * optional; if unimplemented, it won't be called. Note that + * if this routine returns an error, the entire Framework + * initialization for this Module will fail. + */ + CK_RV(PR_CALLBACK *Initialize) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called when the Framework is finalizing + * the PKCS#11 Module. This call (for each of the slots) + * is the last thing called before NSSCKMDInstance->Finalize. + * This routine is optional; if unimplemented, it merely + * won't be called. Note: In the rare circumstance that + * the Framework initialization cannot complete (due to, + * for example, memory limitations), this can be called with + * a NULL value for fwSlot. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of this slot. Only the characters + * completely encoded in the first sixty-four bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSlotDescription)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing a description of the manufacturer of this slot. + * Only the characters completely encoded in the first thirty- + * two bytes are significant. This routine is optional. + * The string returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if a token is present in this + * slot. This routine is optional; if unimplemented, CK_TRUE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetTokenPresent) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the slot supports removable + * tokens. This routine is optional; if unimplemented, CK_FALSE + * is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRemovableDevice) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this slot is a hardware + * device, or CK_FALSE if this slot is a software device. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHardwareSlot) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's hardware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version of this slot's firmware. + * This routine is optional; if unimplemented, the Framework + * will assume a hardware version of 0.1. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine should return a pointer to an NSSCKMDToken + * object corresponding to the token in the specified slot. + * The NSSCKFWToken object passed in has an NSSArena + * available which is dedicated for this token. This routine + * must be implemented. This routine may return NULL upon + * error. + */ + NSSCKMDToken *(PR_CALLBACK *GetToken)( + NSSCKMDSlot *mdSlot, + NSSCKFWSlot *fwSlot, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -394,444 +385,437 @@ struct NSSCKMDSlotStr { */ struct NSSCKMDTokenStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is used to prepare a Module token object for - * use. It is called after the NSSCKMDToken object is obtained - * from NSSCKMDSlot->GetToken. It is named "Setup" here because - * Cryptoki already defines "InitToken" to do the process of - * wiping out any existing state on a token and preparing it for - * a new use. This routine is optional; if unimplemented, it - * merely won't be called. - */ - CK_RV (PR_CALLBACK *Setup)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is called by the Framework whenever it notices - * that the token object is invalid. (Typically this is when a - * routine indicates an error such as CKR_DEVICE_REMOVED). This - * call is the last thing called before the NSSArena in the - * corresponding NSSCKFWToken is destroyed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Invalidate)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine initialises the token in the specified slot. - * This routine is optional; if unimplemented, the Framework - * will fail this operation with an error of CKR_DEVICE_ERROR. - */ - - CK_RV (PR_CALLBACK *InitToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin, - NSSUTF8 *label - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's label. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetLabel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's manufacturer ID. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's model name. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetModel)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns a pointer to a UTF8-encoded string - * containing this token's serial number. Only the characters - * completely encoded in the first thirty-two bytes are - * significant. This routine is optional. The string - * returned is never freed; if dynamically generated, - * the space for it should be allocated from the NSSArena - * that may be obtained from the NSSCKFWInstance. This - * routine may return NULL upon error; however if *pError - * is CKR_OK, the NULL will be considered the valid response. - */ - NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns CK_TRUE if the token has its own - * random number generator. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasRNG)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token is write-protected. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetIsWriteProtected)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if this token requires a login. - * This routine is optional; if unimplemented, CK_FALSE is - * assumed. - */ - CK_BBOOL (PR_CALLBACK *GetLoginRequired)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the normal user's PIN on this - * token has been initialised. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetUserPinInitialized)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if a successful save of a - * session's cryptographic operations state ~always~ contains - * all keys needed to restore the state of the session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetRestoreKeyNotNeeded)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has its own - * hardware clock. This routine is optional; if unimplemented, - * CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasClockOnToken)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token has a protected - * authentication path. This routine is optional; if - * unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetHasProtectedAuthenticationPath)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns CK_TRUE if the token supports dual - * cryptographic operations within a single session. This - * routine is optional; if unimplemented, CK_FALSE is assumed. - */ - CK_BBOOL (PR_CALLBACK *GetSupportsDualCryptoOperations)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * XXX fgmr-- should we have a call to return all the flags - * at once, for folks who already know about Cryptoki? - */ - - /* - * This routine returns the maximum number of sessions that - * may be opened on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum number of read/write - * sesisons that may be opened on this token. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or - * CK_EFFECTIVELY_INFINITE? - */ - CK_ULONG (PR_CALLBACK *GetMaxRwSessionCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the maximum PIN code length that is - * supported on this token. This routine is optional; - * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMaxPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the minimum PIN code length that is - * supported on this token. This routine is optional; if - * unimplemented, the special value CK_UNAVAILABLE_INFORMATION - * is assumed. XXX fgmr-- or 0? - */ - CK_ULONG (PR_CALLBACK *GetMinPinLen)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which public objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which public objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePublicMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the total amount of memory on the token - * in which private objects may be stored. This routine is - * optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetTotalPrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the amount of unused memory on the - * token in which private objects may be stored. This routine - * is optional; if unimplemented, the special value - * CK_UNAVAILABLE_INFORMATION is assumed. - */ - CK_ULONG (PR_CALLBACK *GetFreePrivateMemory)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * hardware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetHardwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the version number of this token's - * firmware. This routine is optional; if unimplemented, - * the value 0.1 is assumed. - */ - CK_VERSION (PR_CALLBACK *GetFirmwareVersion)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs the current UTC time, as obtained from - * the token, into the sixteen-byte buffer in the form - * YYYYMMDDhhmmss00. This routine need only be implemented - * by token which indicate that they have a real-time clock. - * XXX fgmr-- think about time formats. - */ - CK_RV (PR_CALLBACK *GetUTCTime)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_CHAR utcTime[16] - ); - - /* - * This routine creates a session on the token, and returns - * the corresponding NSSCKMDSession object. The value of - * rw will be CK_TRUE if the session is to be a read/write - * session, or CK_FALSE otherwise. An NSSArena dedicated to - * the new session is available from the specified NSSCKFWSession. - * This routine may return NULL upon error. - */ - NSSCKMDSession *(PR_CALLBACK *OpenSession)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKFWSession *fwSession, - CK_BBOOL rw, - CK_RV *pError - ); - - /* - * This routine returns the number of PKCS#11 Mechanisms - * supported by this token. This routine is optional; if - * unimplemented, zero is assumed. - */ - CK_ULONG (PR_CALLBACK *GetMechanismCount)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine stuffs into the specified array the types - * of the mechanisms supported by this token. The Framework - * determines the size of the array by calling GetMechanismCount. - */ - CK_RV (PR_CALLBACK *GetMechanismTypes)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE types[] - ); - - /* - * This routine returns a pointer to a Module mechanism - * object corresponding to a specified type. This routine - * need only exist for tokens implementing at least one - * mechanism. - */ - NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_MECHANISM_TYPE which, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is used to prepare a Module token object for + * use. It is called after the NSSCKMDToken object is obtained + * from NSSCKMDSlot->GetToken. It is named "Setup" here because + * Cryptoki already defines "InitToken" to do the process of + * wiping out any existing state on a token and preparing it for + * a new use. This routine is optional; if unimplemented, it + * merely won't be called. + */ + CK_RV(PR_CALLBACK *Setup) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is called by the Framework whenever it notices + * that the token object is invalid. (Typically this is when a + * routine indicates an error such as CKR_DEVICE_REMOVED). This + * call is the last thing called before the NSSArena in the + * corresponding NSSCKFWToken is destroyed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Invalidate)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine initialises the token in the specified slot. + * This routine is optional; if unimplemented, the Framework + * will fail this operation with an error of CKR_DEVICE_ERROR. + */ + + CK_RV(PR_CALLBACK *InitToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin, + NSSUTF8 *label); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's label. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetLabel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's manufacturer ID. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetManufacturerID)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's model name. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetModel)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns a pointer to a UTF8-encoded string + * containing this token's serial number. Only the characters + * completely encoded in the first thirty-two bytes are + * significant. This routine is optional. The string + * returned is never freed; if dynamically generated, + * the space for it should be allocated from the NSSArena + * that may be obtained from the NSSCKFWInstance. This + * routine may return NULL upon error; however if *pError + * is CKR_OK, the NULL will be considered the valid response. + */ + NSSUTF8 *(PR_CALLBACK *GetSerialNumber)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns CK_TRUE if the token has its own + * random number generator. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasRNG) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token is write-protected. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetIsWriteProtected) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if this token requires a login. + * This routine is optional; if unimplemented, CK_FALSE is + * assumed. + */ + CK_BBOOL(PR_CALLBACK *GetLoginRequired) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the normal user's PIN on this + * token has been initialised. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetUserPinInitialized) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if a successful save of a + * session's cryptographic operations state ~always~ contains + * all keys needed to restore the state of the session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has its own + * hardware clock. This routine is optional; if unimplemented, + * CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasClockOnToken) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token has a protected + * authentication path. This routine is optional; if + * unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns CK_TRUE if the token supports dual + * cryptographic operations within a single session. This + * routine is optional; if unimplemented, CK_FALSE is assumed. + */ + CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * XXX fgmr-- should we have a call to return all the flags + * at once, for folks who already know about Cryptoki? + */ + + /* + * This routine returns the maximum number of sessions that + * may be opened on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum number of read/write + * sesisons that may be opened on this token. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. XXX fgmr-- or + * CK_EFFECTIVELY_INFINITE? + */ + CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the maximum PIN code length that is + * supported on this token. This routine is optional; + * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMaxPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum PIN code length that is + * supported on this token. This routine is optional; if + * unimplemented, the special value CK_UNAVAILABLE_INFORMATION + * is assumed. XXX fgmr-- or 0? + */ + CK_ULONG(PR_CALLBACK *GetMinPinLen) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which public objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which public objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePublicMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the total amount of memory on the token + * in which private objects may be stored. This routine is + * optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the amount of unused memory on the + * token in which private objects may be stored. This routine + * is optional; if unimplemented, the special value + * CK_UNAVAILABLE_INFORMATION is assumed. + */ + CK_ULONG(PR_CALLBACK *GetFreePrivateMemory) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * hardware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetHardwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the version number of this token's + * firmware. This routine is optional; if unimplemented, + * the value 0.1 is assumed. + */ + CK_VERSION(PR_CALLBACK *GetFirmwareVersion) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs the current UTC time, as obtained from + * the token, into the sixteen-byte buffer in the form + * YYYYMMDDhhmmss00. This routine need only be implemented + * by token which indicate that they have a real-time clock. + * XXX fgmr-- think about time formats. + */ + CK_RV(PR_CALLBACK *GetUTCTime) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_CHAR utcTime[16]); + + /* + * This routine creates a session on the token, and returns + * the corresponding NSSCKMDSession object. The value of + * rw will be CK_TRUE if the session is to be a read/write + * session, or CK_FALSE otherwise. An NSSArena dedicated to + * the new session is available from the specified NSSCKFWSession. + * This routine may return NULL upon error. + */ + NSSCKMDSession *(PR_CALLBACK *OpenSession)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKFWSession *fwSession, + CK_BBOOL rw, + CK_RV *pError); + + /* + * This routine returns the number of PKCS#11 Mechanisms + * supported by this token. This routine is optional; if + * unimplemented, zero is assumed. + */ + CK_ULONG(PR_CALLBACK *GetMechanismCount) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine stuffs into the specified array the types + * of the mechanisms supported by this token. The Framework + * determines the size of the array by calling GetMechanismCount. + */ + CK_RV(PR_CALLBACK *GetMechanismTypes) + ( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE types[]); + + /* + * This routine returns a pointer to a Module mechanism + * object corresponding to a specified type. This routine + * need only exist for tokens implementing at least one + * mechanism. + */ + NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)( + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_MECHANISM_TYPE which, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -847,279 +831,275 @@ struct NSSCKMDTokenStr { */ struct NSSCKMDSessionStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when a session is - * closed. This call is the last thing called before the - * NSSArena in the correspoinding NSSCKFWSession is destroyed. - * This routine is optional; if unimplemented, it merely won't - * be called. - */ - void (PR_CALLBACK *Close)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to get any device-specific error. - * This routine is optional. - */ - CK_ULONG (PR_CALLBACK *GetDeviceError)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to log in a user to the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Login)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_USER_TYPE userType, - NSSItem *pin, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to log out a user from the token. This - * routine is optional, since the Framework's NSSCKFWSession - * object keeps track of the login state. - */ - CK_RV (PR_CALLBACK *Logout)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_STATE oldState, - CK_STATE newState - ); - - /* - * This routine is used to initialize the normal user's PIN or - * password. This will only be called in the "read/write - * security officer functions" state. If this token has a - * protected authentication path, then the pin argument will - * be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *InitPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *pin - ); - - /* - * This routine is used to modify a user's PIN or password. This - * routine will only be called in the "read/write security officer - * functions" or "read/write user functions" state. If this token - * has a protected authentication path, then the pin arguments - * will be NULL. This routine is optional; if unimplemented, the - * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. - */ - CK_RV (PR_CALLBACK *SetPIN)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *oldPin, - NSSItem *newPin - ); - - /* - * This routine is used to find out how much space would be required - * to save the current operational state. This routine is optional; - * if unimplemented, the Framework will reject any attempts to save - * the operational state with the error CKR_STATE_UNSAVEABLE. This - * routine may return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetOperationStateLen)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is used to store the current operational state. This - * routine is only required if GetOperationStateLen is implemented - * and can return a nonzero value. The buffer in the specified item - * will be pre-allocated, and the length will specify the amount of - * space available (which may be more than GetOperationStateLen - * asked for, but which will not be smaller). - */ - CK_RV (PR_CALLBACK *GetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This routine is used to restore an operational state previously - * obtained with GetOperationState. The Framework will take pains - * to be sure that the state is (or was at one point) valid; if the - * Module notices that the state is invalid, it should return an - * error, but it is not required to be paranoid about the issue. - * [XXX fgmr-- should (can?) the framework verify the keys match up?] - * This routine is required only if GetOperationState is implemented. - */ - CK_RV (PR_CALLBACK *SetOperationState)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *state, - NSSCKMDObject *mdEncryptionKey, - NSSCKFWObject *fwEncryptionKey, - NSSCKMDObject *mdAuthenticationKey, - NSSCKFWObject *fwAuthenticationKey - ); - - /* - * This routine is used to create an object. The specified template - * will only specify a session object if the Module has indicated - * that it wishes to handle its own session objects. This routine - * is optional; if unimplemented, the Framework will reject the - * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for - * token objects should come from the NSSArena available from the - * NSSCKFWToken object; space for session objects (if supported) - * should come from the NSSArena available from the NSSCKFWSession - * object. The appropriate NSSArena pointer will, as a convenience, - * be passed as the handyArenaPointer argument. This routine may - * return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CreateObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to make a copy of an object. It is entirely - * optional; if unimplemented, the Framework will try to use - * CreateObject instead. If the Module has indicated that it does - * not wish to handle session objects, then this routine will only - * be called to copy a token object to another token object. - * Otherwise, either the original object or the new may be of - * either the token or session variety. As with CreateObject, the - * handyArenaPointer will point to the appropriate arena for the - * new object. This routine may return NULL upon error. - */ - NSSCKMDObject *(PR_CALLBACK *CopyObject)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdOldObject, - NSSCKFWObject *fwOldObject, - NSSArena *handyArenaPointer, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine is used to begin an object search. This routine may - * be unimplemented only if the Module does not handle session - * objects, and if none of its tokens have token objects. The - * NSSCKFWFindObjects pointer has an NSSArena that may be used for - * storage for the life of this "find" operation. This routine may - * return NULL upon error. If the Module can determine immediately - * that the search will not find any matching objects, it may return - * NULL, and specify CKR_OK as the error. - */ - NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine seeds the random-number generator. It is - * optional, even if GetRandom is implemented. If unimplemented, - * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. - */ - CK_RV (PR_CALLBACK *SeedRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *seed - ); - - /* - * This routine gets random data. It is optional. If unimplemented, - * the Framework will issue the error CKR_RANDOM_NO_RNG. - */ - CK_RV (PR_CALLBACK *GetRandom)( - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *buffer - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when a session is + * closed. This call is the last thing called before the + * NSSArena in the correspoinding NSSCKFWSession is destroyed. + * This routine is optional; if unimplemented, it merely won't + * be called. + */ + void(PR_CALLBACK *Close)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to get any device-specific error. + * This routine is optional. + */ + CK_ULONG(PR_CALLBACK *GetDeviceError) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to log in a user to the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Login) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_USER_TYPE userType, + NSSItem *pin, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to log out a user from the token. This + * routine is optional, since the Framework's NSSCKFWSession + * object keeps track of the login state. + */ + CK_RV(PR_CALLBACK *Logout) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_STATE oldState, + CK_STATE newState); + + /* + * This routine is used to initialize the normal user's PIN or + * password. This will only be called in the "read/write + * security officer functions" state. If this token has a + * protected authentication path, then the pin argument will + * be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *InitPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *pin); + + /* + * This routine is used to modify a user's PIN or password. This + * routine will only be called in the "read/write security officer + * functions" or "read/write user functions" state. If this token + * has a protected authentication path, then the pin arguments + * will be NULL. This routine is optional; if unimplemented, the + * Framework will return the error CKR_TOKEN_WRITE_PROTECTED. + */ + CK_RV(PR_CALLBACK *SetPIN) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *oldPin, + NSSItem *newPin); + + /* + * This routine is used to find out how much space would be required + * to save the current operational state. This routine is optional; + * if unimplemented, the Framework will reject any attempts to save + * the operational state with the error CKR_STATE_UNSAVEABLE. This + * routine may return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetOperationStateLen) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is used to store the current operational state. This + * routine is only required if GetOperationStateLen is implemented + * and can return a nonzero value. The buffer in the specified item + * will be pre-allocated, and the length will specify the amount of + * space available (which may be more than GetOperationStateLen + * asked for, but which will not be smaller). + */ + CK_RV(PR_CALLBACK *GetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This routine is used to restore an operational state previously + * obtained with GetOperationState. The Framework will take pains + * to be sure that the state is (or was at one point) valid; if the + * Module notices that the state is invalid, it should return an + * error, but it is not required to be paranoid about the issue. + * [XXX fgmr-- should (can?) the framework verify the keys match up?] + * This routine is required only if GetOperationState is implemented. + */ + CK_RV(PR_CALLBACK *SetOperationState) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *state, + NSSCKMDObject *mdEncryptionKey, + NSSCKFWObject *fwEncryptionKey, + NSSCKMDObject *mdAuthenticationKey, + NSSCKFWObject *fwAuthenticationKey); + + /* + * This routine is used to create an object. The specified template + * will only specify a session object if the Module has indicated + * that it wishes to handle its own session objects. This routine + * is optional; if unimplemented, the Framework will reject the + * operation with the error CKR_TOKEN_WRITE_PROTECTED. Space for + * token objects should come from the NSSArena available from the + * NSSCKFWToken object; space for session objects (if supported) + * should come from the NSSArena available from the NSSCKFWSession + * object. The appropriate NSSArena pointer will, as a convenience, + * be passed as the handyArenaPointer argument. This routine may + * return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CreateObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to make a copy of an object. It is entirely + * optional; if unimplemented, the Framework will try to use + * CreateObject instead. If the Module has indicated that it does + * not wish to handle session objects, then this routine will only + * be called to copy a token object to another token object. + * Otherwise, either the original object or the new may be of + * either the token or session variety. As with CreateObject, the + * handyArenaPointer will point to the appropriate arena for the + * new object. This routine may return NULL upon error. + */ + NSSCKMDObject *(PR_CALLBACK *CopyObject)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdOldObject, + NSSCKFWObject *fwOldObject, + NSSArena *handyArenaPointer, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine is used to begin an object search. This routine may + * be unimplemented only if the Module does not handle session + * objects, and if none of its tokens have token objects. The + * NSSCKFWFindObjects pointer has an NSSArena that may be used for + * storage for the life of this "find" operation. This routine may + * return NULL upon error. If the Module can determine immediately + * that the search will not find any matching objects, it may return + * NULL, and specify CKR_OK as the error. + */ + NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine seeds the random-number generator. It is + * optional, even if GetRandom is implemented. If unimplemented, + * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED. + */ + CK_RV(PR_CALLBACK *SeedRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *seed); + + /* + * This routine gets random data. It is optional. If unimplemented, + * the Framework will issue the error CKR_RANDOM_NO_RNG. + */ + CK_RV(PR_CALLBACK *GetRandom) + ( + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *buffer); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1135,54 +1115,52 @@ struct NSSCKMDSessionStr { */ struct NSSCKMDFindObjectsStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - */ - void (PR_CALLBACK *Final)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to obtain another pointer to an - * object matching the search criteria. This routine is - * required. If no (more) objects match the search, it - * should return NULL and set the error to CKR_OK. - */ - NSSCKMDObject *(PR_CALLBACK *Next)( - NSSCKMDFindObjects *mdFindObjects, - NSSCKFWFindObjects *fwFindObjects, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSArena *arena, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + */ + void(PR_CALLBACK *Final)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to obtain another pointer to an + * object matching the search criteria. This routine is + * required. If no (more) objects match the search, it + * should return NULL and set the error to CKR_OK. + */ + NSSCKMDObject *(PR_CALLBACK *Next)( + NSSCKMDFindObjects *mdFindObjects, + NSSCKFWFindObjects *fwFindObjects, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSArena *arena, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1199,182 +1177,179 @@ struct NSSCKMDFindObjectsStr { */ struct NSSCKMDCryptoOperationStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework clean up the mdCryptoOperation - * structure. - * This routine is optional; if unimplemented, it will be ignored. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * how many bytes do we need to finish this buffer? - * must be implemented if Final is implemented. - */ - CK_ULONG (PR_CALLBACK *GetFinalLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * how many bytes do we need to complete the next operation. - * used in both Update and UpdateFinal. - */ - CK_ULONG (PR_CALLBACK *GetOperationLength)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - CK_RV *pError - ); - - /* - * This routine is called by the Framework to finish a - * search operation. Note that the Framework may finish - * a search before it has completed. This routine is - * optional; if unimplemented, it merely won't be called. - * The respective final call with fail with CKR_FUNCTION_FAILED - * Final should not free the mdCryptoOperation. - */ - CK_RV(PR_CALLBACK *Final)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSItem *outputBuffer - ); - - - /* - * This routine is called by the Framework to complete the - * next step in an encryption/decryption operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED. - * Update should not be implemented for signing/verification/digest - * mechanisms. - */ - CK_RV(PR_CALLBACK *Update)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete the - * next step in a signing/verification/digest operation. - * This routine is optional; if unimplemented, the respective - * update call with fail with CKR_FUNCTION_FAILED - * Update should not be implemented for encryption/decryption - * mechanisms. - */ - CK_RV(PR_CALLBACK *DigestUpdate)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer - ); - - /* - * This routine is called by the Framework to complete a - * single step operation. This routine is optional; if unimplemented, - * the framework will use the Update and Final functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateFinal)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * This routine is called by the Framework to complete next - * step in a combined operation. The Decrypt/Encrypt mechanism - * should define and drive the combo step. - * This routine is optional; if unimplemented, - * the framework will use the appropriate Update functions to complete - * the operation. - */ - CK_RV(PR_CALLBACK *UpdateCombo)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDCryptoOperation *mdPeerCryptoOperation, - NSSCKFWCryptoOperation *fwPeerCryptoOperation, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - const NSSItem *inputBuffer, - NSSItem *outputBuffer - ); - - /* - * Hash a key directly into the digest - */ - CK_RV(PR_CALLBACK *DigestKey)( - NSSCKMDCryptoOperation *mdCryptoOperation, - NSSCKFWCryptoOperation *fwCryptoOperation, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework clean up the mdCryptoOperation + * structure. + * This routine is optional; if unimplemented, it will be ignored. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * how many bytes do we need to finish this buffer? + * must be implemented if Final is implemented. + */ + CK_ULONG(PR_CALLBACK *GetFinalLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * how many bytes do we need to complete the next operation. + * used in both Update and UpdateFinal. + */ + CK_ULONG(PR_CALLBACK *GetOperationLength) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + CK_RV *pError); + + /* + * This routine is called by the Framework to finish a + * search operation. Note that the Framework may finish + * a search before it has completed. This routine is + * optional; if unimplemented, it merely won't be called. + * The respective final call with fail with CKR_FUNCTION_FAILED + * Final should not free the mdCryptoOperation. + */ + CK_RV(PR_CALLBACK *Final) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in an encryption/decryption operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED. + * Update should not be implemented for signing/verification/digest + * mechanisms. + */ + CK_RV(PR_CALLBACK *Update) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete the + * next step in a signing/verification/digest operation. + * This routine is optional; if unimplemented, the respective + * update call with fail with CKR_FUNCTION_FAILED + * Update should not be implemented for encryption/decryption + * mechanisms. + */ + CK_RV(PR_CALLBACK *DigestUpdate) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer); + + /* + * This routine is called by the Framework to complete a + * single step operation. This routine is optional; if unimplemented, + * the framework will use the Update and Final functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateFinal) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * This routine is called by the Framework to complete next + * step in a combined operation. The Decrypt/Encrypt mechanism + * should define and drive the combo step. + * This routine is optional; if unimplemented, + * the framework will use the appropriate Update functions to complete + * the operation. + */ + CK_RV(PR_CALLBACK *UpdateCombo) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDCryptoOperation *mdPeerCryptoOperation, + NSSCKFWCryptoOperation *fwPeerCryptoOperation, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + const NSSItem *inputBuffer, + NSSItem *outputBuffer); + + /* + * Hash a key directly into the digest + */ + CK_RV(PR_CALLBACK *DigestKey) + ( + NSSCKMDCryptoOperation *mdCryptoOperation, + NSSCKFWCryptoOperation *fwCryptoOperation, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1383,365 +1358,352 @@ struct NSSCKMDCryptoOperationStr { */ struct NSSCKMDMechanismStr { - /* - * The Module may use this pointer for its own purposes. - */ - void *etc; - - /* - * This also frees the fwMechanism if appropriate. - * If it is not supplied, the Framework will assume that the Token - * Manages a static list of mechanisms and the function will not be called. - */ - void (PR_CALLBACK *Destroy)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - - /* - * This routine returns the minimum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMinKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine returns the maximum key size allowed for - * this mechanism. This routine is optional; if unimplemented, - * zero will be assumed. This routine may return zero on - * error; if the error is CKR_OK, zero will be accepted as - * a valid response. - */ - CK_ULONG (PR_CALLBACK *GetMaxKeySize)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine is called to determine if the mechanism is - * implemented in hardware or software. It returns CK_TRUE - * if it is done in hardware. - */ - CK_BBOOL (PR_CALLBACK *GetInHardware)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * The crypto routines themselves. Most crypto operations may - * be performed in two ways, streaming and single-part. The - * streaming operations involve the use of (typically) three - * calls-- an Init method to set up the operation, an Update - * method to feed data to the operation, and a Final method to - * obtain the final result. Single-part operations involve - * one method, to perform the crypto operation all at once. - * - * The NSS Cryptoki Framework can implement the single-part - * operations in terms of the streaming operations on behalf - * of the Module. There are a few variances. - * - * Only the Init Functions are defined by the mechanism. Each - * init function will return a NSSCKFWCryptoOperation which - * can supply update, final, the single part updateFinal, and - * the combo updateCombo functions. - * - * For simplicity, the routines are listed in summary here: - * - * EncryptInit, - * DecryptInit, - * DigestInit, - * SignInit, - * SignRecoverInit; - * VerifyInit, - * VerifyRecoverInit; - * - * The key-management routines are - * - * GenerateKey - * GenerateKeyPair - * WrapKey - * UnwrapKey - * DeriveKey - * - * All of these routines based on the Cryptoki API; - * see PKCS#11 for further information. - */ - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *EncryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DecryptInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *DigestInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *SignRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - */ - NSSCKMDCryptoOperation * (PR_CALLBACK *VerifyRecoverInit)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdKey, - NSSCKFWObject *fwKey, - CK_RV *pError - ); - - /* - * Key management operations. - */ - - /* - * This routine generates a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *GenerateKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine generates a key pair. - */ - CK_RV (PR_CALLBACK *GenerateKeyPair)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_PTR pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - NSSCKMDObject **pPublicKey, - NSSCKMDObject **pPrivateKey - ); - - /* - * This routine wraps a key. - */ - CK_ULONG (PR_CALLBACK *GetWrapKeyLength)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdWrappedKey, - NSSCKFWObject *fwWrappedKey, - CK_RV *pError - ); - - /* - * This routine wraps a key. - */ - CK_RV (PR_CALLBACK *WrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSCKMDObject *mdKeyObject, - NSSCKFWObject *fwKeyObject, - NSSItem *wrappedKey - ); - - /* - * This routine unwraps a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdWrappingKey, - NSSCKFWObject *fwWrappingKey, - NSSItem *wrappedKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This routine derives a key. This routine may return NULL - * upon error. - */ - NSSCKMDObject *(PR_CALLBACK *DeriveKey)( - NSSCKMDMechanism *mdMechanism, - NSSCKFWMechanism *fwMechanism, - CK_MECHANISM_PTR pMechanism, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - NSSCKMDObject *mdBaseKey, - NSSCKFWObject *fwBaseKey, - CK_ATTRIBUTE_PTR pTemplate, - CK_ULONG ulAttributeCount, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The Module may use this pointer for its own purposes. + */ + void *etc; + + /* + * This also frees the fwMechanism if appropriate. + * If it is not supplied, the Framework will assume that the Token + * Manages a static list of mechanisms and the function will not be called. + */ + void(PR_CALLBACK *Destroy)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the minimum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMinKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine returns the maximum key size allowed for + * this mechanism. This routine is optional; if unimplemented, + * zero will be assumed. This routine may return zero on + * error; if the error is CKR_OK, zero will be accepted as + * a valid response. + */ + CK_ULONG(PR_CALLBACK *GetMaxKeySize) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine is called to determine if the mechanism is + * implemented in hardware or software. It returns CK_TRUE + * if it is done in hardware. + */ + CK_BBOOL(PR_CALLBACK *GetInHardware) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * The crypto routines themselves. Most crypto operations may + * be performed in two ways, streaming and single-part. The + * streaming operations involve the use of (typically) three + * calls-- an Init method to set up the operation, an Update + * method to feed data to the operation, and a Final method to + * obtain the final result. Single-part operations involve + * one method, to perform the crypto operation all at once. + * + * The NSS Cryptoki Framework can implement the single-part + * operations in terms of the streaming operations on behalf + * of the Module. There are a few variances. + * + * Only the Init Functions are defined by the mechanism. Each + * init function will return a NSSCKFWCryptoOperation which + * can supply update, final, the single part updateFinal, and + * the combo updateCombo functions. + * + * For simplicity, the routines are listed in summary here: + * + * EncryptInit, + * DecryptInit, + * DigestInit, + * SignInit, + * SignRecoverInit; + * VerifyInit, + * VerifyRecoverInit; + * + * The key-management routines are + * + * GenerateKey + * GenerateKeyPair + * WrapKey + * UnwrapKey + * DeriveKey + * + * All of these routines based on the Cryptoki API; + * see PKCS#11 for further information. + */ + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + */ + NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdKey, + NSSCKFWObject *fwKey, + CK_RV *pError); + + /* + * Key management operations. + */ + + /* + * This routine generates a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *GenerateKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine generates a key pair. + */ + CK_RV(PR_CALLBACK *GenerateKeyPair) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_PTR pPublicKeyTemplate, + CK_ULONG ulPublicKeyAttributeCount, + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, + CK_ULONG ulPrivateKeyAttributeCount, + NSSCKMDObject **pPublicKey, + NSSCKMDObject **pPrivateKey); + + /* + * This routine wraps a key. + */ + CK_ULONG(PR_CALLBACK *GetWrapKeyLength) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdWrappedKey, + NSSCKFWObject *fwWrappedKey, + CK_RV *pError); + + /* + * This routine wraps a key. + */ + CK_RV(PR_CALLBACK *WrapKey) + ( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSCKMDObject *mdKeyObject, + NSSCKFWObject *fwKeyObject, + NSSItem *wrappedKey); + + /* + * This routine unwraps a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *UnwrapKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdWrappingKey, + NSSCKFWObject *fwWrappingKey, + NSSItem *wrappedKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This routine derives a key. This routine may return NULL + * upon error. + */ + NSSCKMDObject *(PR_CALLBACK *DeriveKey)( + NSSCKMDMechanism *mdMechanism, + NSSCKFWMechanism *fwMechanism, + CK_MECHANISM_PTR pMechanism, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + NSSCKMDObject *mdBaseKey, + NSSCKFWObject *fwBaseKey, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG ulAttributeCount, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; /* @@ -1756,190 +1718,187 @@ struct NSSCKMDMechanismStr { */ struct NSSCKMDObjectStr { - /* - * The implementation my use this pointer for its own purposes. - */ - void *etc; - - /* - * This routine is called by the Framework when it is letting - * go of an object handle. It can be used by the Module to - * free any resources tied up by an object "in use." It is - * optional. - */ - void (PR_CALLBACK *Finalize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine is used to completely destroy an object. - * It is optional. The parameter fwObject might be NULL - * if the framework runs out of memory at the wrong moment. - */ - CK_RV (PR_CALLBACK *Destroy)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This helper routine is used by the Framework, and is especially - * useful when it is managing session objects on behalf of the - * Module. This routine is optional; if unimplemented, the - * Framework will actually look up the CKA_TOKEN attribute. In the - * event of an error, just make something up-- the Framework will - * find out soon enough anyway. - */ - CK_BBOOL (PR_CALLBACK *IsTokenObject)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance - ); - - /* - * This routine returns the number of attributes of which this - * object consists. It is mandatory. It can return zero on - * error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeCount)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This routine stuffs the attribute types into the provided array. - * The array size (as obtained from GetAttributeCount) is passed in - * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong - * (either too big or too small). - */ - CK_RV (PR_CALLBACK *GetAttributeTypes)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE_PTR typeArray, - CK_ULONG ulCount - ); - - /* - * This routine returns the size (in bytes) of the specified - * attribute. It can return zero on error. - */ - CK_ULONG (PR_CALLBACK *GetAttributeSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns an NSSCKFWItem structure. - * The item pointer points to an NSSItem containing the attribute value. - * The needsFreeing bit tells the framework whether to call the - * FreeAttribute function . Upon error, an NSSCKFWItem structure - * with a NULL NSSItem item pointer will be returned - */ - NSSCKFWItem (PR_CALLBACK *GetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - CK_RV *pError - ); - - /* - * This routine returns CKR_OK if the attribute could be freed. - */ - CK_RV (PR_CALLBACK *FreeAttribute)( - NSSCKFWItem * item - ); - - /* - * This routine changes the specified attribute. If unimplemented, - * the object will be considered read-only. - */ - CK_RV (PR_CALLBACK *SetAttribute)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_ATTRIBUTE_TYPE attribute, - NSSItem *value - ); - - /* - * This routine returns the storage requirements of this object, - * in bytes. Cryptoki doesn't strictly define the definition, - * but it should relate to the values returned by the "Get Memory" - * routines of the NSSCKMDToken. This routine is optional; if - * unimplemented, the Framework will consider this information - * sensitive. This routine may return zero on error. If the - * specified error is CKR_OK, zero will be accepted as a valid - * response. - */ - CK_ULONG (PR_CALLBACK *GetObjectSize)( - NSSCKMDObject *mdObject, - NSSCKFWObject *fwObject, - NSSCKMDSession *mdSession, - NSSCKFWSession *fwSession, - NSSCKMDToken *mdToken, - NSSCKFWToken *fwToken, - NSSCKMDInstance *mdInstance, - NSSCKFWInstance *fwInstance, - CK_RV *pError - ); - - /* - * This object may be extended in future versions of the - * NSS Cryptoki Framework. To allow for some flexibility - * in the area of binary compatibility, this field should - * be NULL. - */ - void *null; + /* + * The implementation my use this pointer for its own purposes. + */ + void *etc; + + /* + * This routine is called by the Framework when it is letting + * go of an object handle. It can be used by the Module to + * free any resources tied up by an object "in use." It is + * optional. + */ + void(PR_CALLBACK *Finalize)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine is used to completely destroy an object. + * It is optional. The parameter fwObject might be NULL + * if the framework runs out of memory at the wrong moment. + */ + CK_RV(PR_CALLBACK *Destroy) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This helper routine is used by the Framework, and is especially + * useful when it is managing session objects on behalf of the + * Module. This routine is optional; if unimplemented, the + * Framework will actually look up the CKA_TOKEN attribute. In the + * event of an error, just make something up-- the Framework will + * find out soon enough anyway. + */ + CK_BBOOL(PR_CALLBACK *IsTokenObject) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance); + + /* + * This routine returns the number of attributes of which this + * object consists. It is mandatory. It can return zero on + * error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeCount) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This routine stuffs the attribute types into the provided array. + * The array size (as obtained from GetAttributeCount) is passed in + * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong + * (either too big or too small). + */ + CK_RV(PR_CALLBACK *GetAttributeTypes) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE_PTR typeArray, + CK_ULONG ulCount); + + /* + * This routine returns the size (in bytes) of the specified + * attribute. It can return zero on error. + */ + CK_ULONG(PR_CALLBACK *GetAttributeSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns an NSSCKFWItem structure. + * The item pointer points to an NSSItem containing the attribute value. + * The needsFreeing bit tells the framework whether to call the + * FreeAttribute function . Upon error, an NSSCKFWItem structure + * with a NULL NSSItem item pointer will be returned + */ + NSSCKFWItem(PR_CALLBACK *GetAttribute)( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + CK_RV *pError); + + /* + * This routine returns CKR_OK if the attribute could be freed. + */ + CK_RV(PR_CALLBACK *FreeAttribute) + ( + NSSCKFWItem *item); + + /* + * This routine changes the specified attribute. If unimplemented, + * the object will be considered read-only. + */ + CK_RV(PR_CALLBACK *SetAttribute) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_ATTRIBUTE_TYPE attribute, + NSSItem *value); + + /* + * This routine returns the storage requirements of this object, + * in bytes. Cryptoki doesn't strictly define the definition, + * but it should relate to the values returned by the "Get Memory" + * routines of the NSSCKMDToken. This routine is optional; if + * unimplemented, the Framework will consider this information + * sensitive. This routine may return zero on error. If the + * specified error is CKR_OK, zero will be accepted as a valid + * response. + */ + CK_ULONG(PR_CALLBACK *GetObjectSize) + ( + NSSCKMDObject *mdObject, + NSSCKFWObject *fwObject, + NSSCKMDSession *mdSession, + NSSCKFWSession *fwSession, + NSSCKMDToken *mdToken, + NSSCKFWToken *fwToken, + NSSCKMDInstance *mdInstance, + NSSCKFWInstance *fwInstance, + CK_RV *pError); + + /* + * This object may be extended in future versions of the + * NSS Cryptoki Framework. To allow for some flexibility + * in the area of binary compatibility, this field should + * be NULL. + */ + void *null; }; - #endif /* NSSCKMDT_H */ |