|
 |
c7bfec |
diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h
|
|
|
c7bfec |
--- a/lib/util/pkcs11n.h
|
|
|
c7bfec |
+++ b/lib/util/pkcs11n.h
|
|
|
c7bfec |
@@ -147,16 +147,22 @@
|
|
|
c7bfec |
#define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2)
|
|
|
c7bfec |
|
|
|
c7bfec |
/* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */
|
|
|
c7bfec |
#define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3)
|
|
|
c7bfec |
#define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4)
|
|
|
c7bfec |
#define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5)
|
|
|
c7bfec |
#define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6)
|
|
|
c7bfec |
|
|
|
c7bfec |
+/* IKE mechanism (to be proposed to PKCS #11 */
|
|
|
c7bfec |
+#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7)
|
|
|
c7bfec |
+#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8)
|
|
|
c7bfec |
+#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9)
|
|
|
c7bfec |
+#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10)
|
|
|
c7bfec |
+
|
|
|
c7bfec |
/* J-PAKE round 1 key generation mechanisms.
|
|
|
c7bfec |
*
|
|
|
c7bfec |
* Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE,
|
|
|
c7bfec |
* CKA_NSS_JPAKE_SIGNERID
|
|
|
c7bfec |
* Output key type: CKK_NSS_JPAKE_ROUND1
|
|
|
c7bfec |
* Output key class: CKO_PRIVATE_KEY
|
|
|
c7bfec |
* Parameter type: CK_NSS_JPAKERound1Params
|
|
|
c7bfec |
*
|
|
|
c7bfec |
@@ -337,16 +343,82 @@ typedef struct CK_NSS_HKDFParams {
|
|
|
c7bfec |
CK_BYTE_PTR pSalt;
|
|
|
c7bfec |
CK_ULONG ulSaltLen;
|
|
|
c7bfec |
CK_BBOOL bExpand;
|
|
|
c7bfec |
CK_BYTE_PTR pInfo;
|
|
|
c7bfec |
CK_ULONG ulInfoLen;
|
|
|
c7bfec |
} CK_NSS_HKDFParams;
|
|
|
c7bfec |
|
|
|
c7bfec |
/*
|
|
|
c7bfec |
+ * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to
|
|
|
c7bfec |
+ * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism.
|
|
|
c7bfec |
+ * The fields of the structure have the following meanings:
|
|
|
c7bfec |
+ * prfMechanism underlying MAC mechanism used to generate the prf.
|
|
|
c7bfec |
+ * bHasSeedKey hSeed key is present.
|
|
|
c7bfec |
+ * hSeedKey optional seed from key
|
|
|
c7bfec |
+ * pSeedData optional seed from data.
|
|
|
c7bfec |
+ * ulSeedDataLen length of optional seed data.
|
|
|
c7bfec |
+ * If no seed data is present this value is NULL.
|
|
|
c7bfec |
+ */
|
|
|
c7bfec |
+typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS {
|
|
|
c7bfec |
+ CK_MECHANISM_TYPE prfMechanism;
|
|
|
c7bfec |
+ CK_BBOOL bHasSeedKey;
|
|
|
c7bfec |
+ CK_OBJECT_HANDLE hSeedKey;
|
|
|
c7bfec |
+ CK_BYTE_PTR pSeedData;
|
|
|
c7bfec |
+ CK_ULONG ulSeedDataLen;
|
|
|
c7bfec |
+} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS;
|
|
|
c7bfec |
+
|
|
|
c7bfec |
+/* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to
|
|
|
c7bfec |
+ * the CKM_NSS_IKE_PRF_DERIVE mechanism.
|
|
|
c7bfec |
+ *
|
|
|
c7bfec |
+ * The fields of the structure have the following meanings:
|
|
|
c7bfec |
+ * prfMechanism underlying MAC mechanism used to generate the prf.
|
|
|
c7bfec |
+ * bRekey hNewKey is present.
|
|
|
c7bfec |
+ * pNi Ni value
|
|
|
c7bfec |
+ * ulNiLen length of Ni
|
|
|
c7bfec |
+ * pNr Nr value
|
|
|
c7bfec |
+ * ulNrLen length of Nr
|
|
|
c7bfec |
+ * hNewKey New key value to drive the rekey.
|
|
|
c7bfec |
+ */
|
|
|
c7bfec |
+typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS {
|
|
|
c7bfec |
+ CK_MECHANISM_TYPE prfMechanism;
|
|
|
c7bfec |
+ CK_BBOOL bDataAsKey;
|
|
|
c7bfec |
+ CK_BBOOL bRekey;
|
|
|
c7bfec |
+ CK_BYTE_PTR pNi;
|
|
|
c7bfec |
+ CK_ULONG ulNiLen;
|
|
|
c7bfec |
+ CK_BYTE_PTR pNr;
|
|
|
c7bfec |
+ CK_ULONG ulNrLen;
|
|
|
c7bfec |
+ CK_OBJECT_HANDLE hNewKey;
|
|
|
c7bfec |
+} CK_NSS_IKE_PRF_DERIVE_PARAMS;
|
|
|
c7bfec |
+
|
|
|
c7bfec |
+/* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters
|
|
|
c7bfec |
+ * to the CKM_NSS_IKE_PRF_DERIVE mechanism.
|
|
|
c7bfec |
+ *
|
|
|
c7bfec |
+ * The fields of the structure have the following meanings:
|
|
|
c7bfec |
+ * prfMechanism underlying MAC mechanism used to generate the prf.
|
|
|
c7bfec |
+ * bRekey hNewKey is present.
|
|
|
c7bfec |
+ * pCKYi CKYi value
|
|
|
c7bfec |
+ * ulCKYiLen length of CKYi
|
|
|
c7bfec |
+ * pCKYr CKYr value
|
|
|
c7bfec |
+ * ulCKYrLen length of CKYr
|
|
|
c7bfec |
+ * hNewKey New key value to drive the rekey.
|
|
|
c7bfec |
+ */
|
|
|
c7bfec |
+typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS {
|
|
|
c7bfec |
+ CK_MECHANISM_TYPE prfMechanism;
|
|
|
c7bfec |
+ CK_BBOOL bHasPrevKey;
|
|
|
c7bfec |
+ CK_OBJECT_HANDLE hKeygxy;
|
|
|
c7bfec |
+ CK_OBJECT_HANDLE hPrevKey;
|
|
|
c7bfec |
+ CK_BYTE_PTR pCKYi;
|
|
|
c7bfec |
+ CK_ULONG ulCKYiLen;
|
|
|
c7bfec |
+ CK_BYTE_PTR pCKYr;
|
|
|
c7bfec |
+ CK_ULONG ulCKYrLen;
|
|
|
c7bfec |
+ CK_BYTE keyNumber;
|
|
|
c7bfec |
+} CK_NSS_IKE1_PRF_DERIVE_PARAMS;
|
|
|
c7bfec |
+
|
|
|
c7bfec |
+/*
|
|
|
c7bfec |
* Parameter for the TLS extended master secret key derivation mechanisms:
|
|
|
c7bfec |
*
|
|
|
c7bfec |
* * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE
|
|
|
c7bfec |
* * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH
|
|
|
c7bfec |
*
|
|
|
c7bfec |
* For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash
|
|
|
c7bfec |
* function used. For earlier versions of the PRF, set the prfHashMechanism
|
|
|
c7bfec |
* value to CKM_TLS_PRF.
|
|
|
c7bfec |
diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h
|
|
|
c7bfec |
--- a/lib/util/pkcs11t.h
|
|
|
c7bfec |
+++ b/lib/util/pkcs11t.h
|
|
|
c7bfec |
@@ -877,16 +877,18 @@ typedef CK_ULONG CK_MECHANISM_TYPE;
|
|
|
c7bfec |
#define CKM_AES_MAC_GENERAL 0x00001084
|
|
|
c7bfec |
#define CKM_AES_CBC_PAD 0x00001085
|
|
|
c7bfec |
/* new for v2.20 amendment 3 */
|
|
|
c7bfec |
#define CKM_AES_CTR 0x00001086
|
|
|
c7bfec |
/* new for v2.30 */
|
|
|
c7bfec |
#define CKM_AES_GCM 0x00001087
|
|
|
c7bfec |
#define CKM_AES_CCM 0x00001088
|
|
|
c7bfec |
#define CKM_AES_CTS 0x00001089
|
|
|
c7bfec |
+#define CKM_AES_XCBC_MAC 0x0000108C
|
|
|
c7bfec |
+#define CKM_AES_XCBC_MAC_96 0x0000108D
|
|
|
c7bfec |
|
|
|
c7bfec |
/* BlowFish and TwoFish are new for v2.20 */
|
|
|
c7bfec |
#define CKM_BLOWFISH_KEY_GEN 0x00001090
|
|
|
c7bfec |
#define CKM_BLOWFISH_CBC 0x00001091
|
|
|
c7bfec |
#define CKM_TWOFISH_KEY_GEN 0x00001092
|
|
|
c7bfec |
#define CKM_TWOFISH_CBC 0x00001093
|
|
|
c7bfec |
|
|
|
c7bfec |
/* Camellia is proposed for v2.20 Amendment 3 */
|