diff --git a/lib/util/pkcs11n.h b/lib/util/pkcs11n.h --- a/lib/util/pkcs11n.h +++ b/lib/util/pkcs11n.h @@ -147,16 +147,22 @@ #define CKM_NSS_AES_KEY_WRAP_PAD (CKM_NSS + 2) /* HKDF key derivation mechanisms. See CK_NSS_HKDFParams for documentation. */ #define CKM_NSS_HKDF_SHA1 (CKM_NSS + 3) #define CKM_NSS_HKDF_SHA256 (CKM_NSS + 4) #define CKM_NSS_HKDF_SHA384 (CKM_NSS + 5) #define CKM_NSS_HKDF_SHA512 (CKM_NSS + 6) +/* IKE mechanism (to be proposed to PKCS #11 */ +#define CKM_NSS_IKE_PRF_PLUS_DERIVE (CKM_NSS + 7) +#define CKM_NSS_IKE_PRF_DERIVE (CKM_NSS + 8) +#define CKM_NSS_IKE1_PRF_DERIVE (CKM_NSS + 9) +#define CKM_NSS_IKE1_APP_B_PRF_DERIVE (CKM_NSS + 10) + /* J-PAKE round 1 key generation mechanisms. * * Required template attributes: CKA_PRIME, CKA_SUBPRIME, CKA_BASE, * CKA_NSS_JPAKE_SIGNERID * Output key type: CKK_NSS_JPAKE_ROUND1 * Output key class: CKO_PRIVATE_KEY * Parameter type: CK_NSS_JPAKERound1Params * @@ -337,16 +343,82 @@ typedef struct CK_NSS_HKDFParams { CK_BYTE_PTR pSalt; CK_ULONG ulSaltLen; CK_BBOOL bExpand; CK_BYTE_PTR pInfo; CK_ULONG ulInfoLen; } CK_NSS_HKDFParams; /* + * CK_NSS_IKE_PRF_PLUS_PARAMS is a structure that provides the parameters to + * the CKM_NSS_IKE_PRF_PLUS_DERIVE mechanism. + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bHasSeedKey hSeed key is present. + * hSeedKey optional seed from key + * pSeedData optional seed from data. + * ulSeedDataLen length of optional seed data. + * If no seed data is present this value is NULL. + */ +typedef struct CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasSeedKey; + CK_OBJECT_HANDLE hSeedKey; + CK_BYTE_PTR pSeedData; + CK_ULONG ulSeedDataLen; +} CK_NSS_IKE_PRF_PLUS_DERIVE_PARAMS; + +/* CK_NSS_IKE_PRF_DERIVE_PARAMS is a structure that provides the parameters to + * the CKM_NSS_IKE_PRF_DERIVE mechanism. + * + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bRekey hNewKey is present. + * pNi Ni value + * ulNiLen length of Ni + * pNr Nr value + * ulNrLen length of Nr + * hNewKey New key value to drive the rekey. + */ +typedef struct CK_NSS_IKE_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bDataAsKey; + CK_BBOOL bRekey; + CK_BYTE_PTR pNi; + CK_ULONG ulNiLen; + CK_BYTE_PTR pNr; + CK_ULONG ulNrLen; + CK_OBJECT_HANDLE hNewKey; +} CK_NSS_IKE_PRF_DERIVE_PARAMS; + +/* CK_NSS_IKE1_PRF_DERIVE_PARAMS is a structure that provides the parameters + * to the CKM_NSS_IKE_PRF_DERIVE mechanism. + * + * The fields of the structure have the following meanings: + * prfMechanism underlying MAC mechanism used to generate the prf. + * bRekey hNewKey is present. + * pCKYi CKYi value + * ulCKYiLen length of CKYi + * pCKYr CKYr value + * ulCKYrLen length of CKYr + * hNewKey New key value to drive the rekey. + */ +typedef struct CK_NSS_IKE1_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasPrevKey; + CK_OBJECT_HANDLE hKeygxy; + CK_OBJECT_HANDLE hPrevKey; + CK_BYTE_PTR pCKYi; + CK_ULONG ulCKYiLen; + CK_BYTE_PTR pCKYr; + CK_ULONG ulCKYrLen; + CK_BYTE keyNumber; +} CK_NSS_IKE1_PRF_DERIVE_PARAMS; + +/* * Parameter for the TLS extended master secret key derivation mechanisms: * * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE * * CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH * * For the TLS 1.2 PRF, the prfHashMechanism parameter determines the hash * function used. For earlier versions of the PRF, set the prfHashMechanism * value to CKM_TLS_PRF. diff --git a/lib/util/pkcs11t.h b/lib/util/pkcs11t.h --- a/lib/util/pkcs11t.h +++ b/lib/util/pkcs11t.h @@ -877,16 +877,18 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_AES_MAC_GENERAL 0x00001084 #define CKM_AES_CBC_PAD 0x00001085 /* new for v2.20 amendment 3 */ #define CKM_AES_CTR 0x00001086 /* new for v2.30 */ #define CKM_AES_GCM 0x00001087 #define CKM_AES_CCM 0x00001088 #define CKM_AES_CTS 0x00001089 +#define CKM_AES_XCBC_MAC 0x0000108C +#define CKM_AES_XCBC_MAC_96 0x0000108D /* BlowFish and TwoFish are new for v2.20 */ #define CKM_BLOWFISH_KEY_GEN 0x00001090 #define CKM_BLOWFISH_CBC 0x00001091 #define CKM_TWOFISH_KEY_GEN 0x00001092 #define CKM_TWOFISH_CBC 0x00001093 /* Camellia is proposed for v2.20 Amendment 3 */