From 6ecf586a1e31f2874c7b185f4f2061aa9e83c08a Mon Sep 17 00:00:00 2001
From: Stef Walter <stefw@gnome.org>
Date: Fri, 8 Mar 2013 22:50:06 +0100
Subject: trust: Use the new NSS PKCS#11 extension codes

NSS had subtly changed the values of the distrust CK_TRUST codes
so update them to stay in sync.
---
 common/attrs.c   | 76 ++++++++++++++++++++++++++++----------------------------
 common/pkcs11x.h | 59 ++++++++++++++++++++++---------------------
 2 files changed, 68 insertions(+), 67 deletions(-)

(limited to 'common')

diff --git a/common/attrs.c b/common/attrs.c
index b123b07..759bb75 100644
--- a/common/attrs.c
+++ b/common/attrs.c
@@ -581,19 +581,19 @@ attribute_is_sensitive (const CK_ATTRIBUTE *attr)
 	X (CKA_X_PEER)
 	X (CKA_X_DISTRUSTED)
 	X (CKA_X_CRITICAL)
-	X (CKA_NETSCAPE_URL)
-	X (CKA_NETSCAPE_EMAIL)
-	X (CKA_NETSCAPE_SMIME_INFO)
-	X (CKA_NETSCAPE_SMIME_TIMESTAMP)
-	X (CKA_NETSCAPE_PKCS8_SALT)
-	X (CKA_NETSCAPE_PASSWORD_CHECK)
-	X (CKA_NETSCAPE_EXPIRES)
-	X (CKA_NETSCAPE_KRL)
-	X (CKA_NETSCAPE_PQG_COUNTER)
-	X (CKA_NETSCAPE_PQG_SEED)
-	X (CKA_NETSCAPE_PQG_H)
-	X (CKA_NETSCAPE_PQG_SEED_BITS)
-	X (CKA_NETSCAPE_MODULE_SPEC)
+	X (CKA_NSS_URL)
+	X (CKA_NSS_EMAIL)
+	X (CKA_NSS_SMIME_INFO)
+	X (CKA_NSS_SMIME_TIMESTAMP)
+	X (CKA_NSS_PKCS8_SALT)
+	X (CKA_NSS_PASSWORD_CHECK)
+	X (CKA_NSS_EXPIRES)
+	X (CKA_NSS_KRL)
+	X (CKA_NSS_PQG_COUNTER)
+	X (CKA_NSS_PQG_SEED)
+	X (CKA_NSS_PQG_H)
+	X (CKA_NSS_PQG_SEED_BITS)
+	X (CKA_NSS_MODULE_SPEC)
 	X (CKA_TRUST_DIGITAL_SIGNATURE)
 	X (CKA_TRUST_NON_REPUDIATION)
 	X (CKA_TRUST_KEY_ENCIPHERMENT)
@@ -636,12 +636,12 @@ format_class (p11_buffer *buffer,
 	X (CKO_MECHANISM)
 	X (CKO_X_TRUST_ASSERTION)
 	X (CKO_X_CERTIFICATE_EXTENSION)
-	X (CKO_NETSCAPE_CRL)
-	X (CKO_NETSCAPE_SMIME)
-	X (CKO_NETSCAPE_TRUST)
-	X (CKO_NETSCAPE_BUILTIN_ROOT_LIST)
-	X (CKO_NETSCAPE_NEWSLOT)
-	X (CKO_NETSCAPE_DELSLOT)
+	X (CKO_NSS_CRL)
+	X (CKO_NSS_SMIME)
+	X (CKO_NSS_TRUST)
+	X (CKO_NSS_BUILTIN_ROOT_LIST)
+	X (CKO_NSS_NEWSLOT)
+	X (CKO_NSS_DELSLOT)
 	#undef X
 	}
 
@@ -704,7 +704,7 @@ format_key_type (p11_buffer *buffer,
 	X (CKK_AES)
 	X (CKK_BLOWFISH)
 	X (CKK_TWOFISH)
-	X (CKK_NETSCAPE_PKCS8)
+	X (CKK_NSS_PKCS8)
 	#undef X
 	}
 
@@ -741,11 +741,11 @@ format_trust_value (p11_buffer *buffer,
 
 	switch (trust) {
 	#define X(x) case x: string = #x; break;
-	X (CKT_NETSCAPE_TRUSTED)
-	X (CKT_NETSCAPE_TRUSTED_DELEGATOR)
-	X (CKT_NETSCAPE_UNTRUSTED)
-	X (CKT_NETSCAPE_MUST_VERIFY)
-	X (CKT_NETSCAPE_TRUST_UNKNOWN)
+	X (CKT_NSS_TRUSTED)
+	X (CKT_NSS_TRUSTED_DELEGATOR)
+	X (CKT_NSS_NOT_TRUSTED)
+	X (CKT_NSS_MUST_VERIFY_TRUST)
+	X (CKT_NSS_TRUST_UNKNOWN)
 	}
 
 	if (string != NULL)
@@ -880,19 +880,19 @@ format_attribute_type (p11_buffer *buffer,
 	X (CKA_X_PEER)
 	X (CKA_X_DISTRUSTED)
 	X (CKA_X_CRITICAL)
-	X (CKA_NETSCAPE_URL)
-	X (CKA_NETSCAPE_EMAIL)
-	X (CKA_NETSCAPE_SMIME_INFO)
-	X (CKA_NETSCAPE_SMIME_TIMESTAMP)
-	X (CKA_NETSCAPE_PKCS8_SALT)
-	X (CKA_NETSCAPE_PASSWORD_CHECK)
-	X (CKA_NETSCAPE_EXPIRES)
-	X (CKA_NETSCAPE_KRL)
-	X (CKA_NETSCAPE_PQG_COUNTER)
-	X (CKA_NETSCAPE_PQG_SEED)
-	X (CKA_NETSCAPE_PQG_H)
-	X (CKA_NETSCAPE_PQG_SEED_BITS)
-	X (CKA_NETSCAPE_MODULE_SPEC)
+	X (CKA_NSS_URL)
+	X (CKA_NSS_EMAIL)
+	X (CKA_NSS_SMIME_INFO)
+	X (CKA_NSS_SMIME_TIMESTAMP)
+	X (CKA_NSS_PKCS8_SALT)
+	X (CKA_NSS_PASSWORD_CHECK)
+	X (CKA_NSS_EXPIRES)
+	X (CKA_NSS_KRL)
+	X (CKA_NSS_PQG_COUNTER)
+	X (CKA_NSS_PQG_SEED)
+	X (CKA_NSS_PQG_H)
+	X (CKA_NSS_PQG_SEED_BITS)
+	X (CKA_NSS_MODULE_SPEC)
 	X (CKA_TRUST_DIGITAL_SIGNATURE)
 	X (CKA_TRUST_NON_REPUDIATION)
 	X (CKA_TRUST_KEY_ENCIPHERMENT)
diff --git a/common/pkcs11x.h b/common/pkcs11x.h
index a1e5971..58be460 100644
--- a/common/pkcs11x.h
+++ b/common/pkcs11x.h
@@ -50,30 +50,30 @@ extern "C" {
 #ifdef CRYPTOKI_NSS_VENDOR_DEFINED
 
 /* Various NSS objects */
-#define CKO_NETSCAPE_CRL                0xce534351UL
-#define CKO_NETSCAPE_SMIME              0xce534352UL
-#define CKO_NETSCAPE_TRUST              0xce534353UL
-#define CKO_NETSCAPE_BUILTIN_ROOT_LIST  0xce534354UL
-#define CKO_NETSCAPE_NEWSLOT            0xce534355UL
-#define CKO_NETSCAPE_DELSLOT            0xce534356UL
+#define CKO_NSS_CRL                     0xce534351UL
+#define CKO_NSS_SMIME                   0xce534352UL
+#define CKO_NSS_TRUST                   0xce534353UL
+#define CKO_NSS_BUILTIN_ROOT_LIST       0xce534354UL
+#define CKO_NSS_NEWSLOT                 0xce534355UL
+#define CKO_NSS_DELSLOT                 0xce534356UL
 
 /* Various NSS key types */
-#define CKK_NETSCAPE_PKCS8              0xce534351UL
+#define CKK_NSS_PKCS8                   0xce534351UL
 
 /* Various NSS attributes */
-#define CKA_NETSCAPE_URL                0xce534351UL
-#define CKA_NETSCAPE_EMAIL              0xce534352UL
-#define CKA_NETSCAPE_SMIME_INFO         0xce534353UL
-#define CKA_NETSCAPE_SMIME_TIMESTAMP    0xce534354UL
-#define CKA_NETSCAPE_PKCS8_SALT         0xce534355UL
-#define CKA_NETSCAPE_PASSWORD_CHECK     0xce534356UL
-#define CKA_NETSCAPE_EXPIRES            0xce534357UL
-#define CKA_NETSCAPE_KRL                0xce534358UL
-#define CKA_NETSCAPE_PQG_COUNTER        0xce534364UL
-#define CKA_NETSCAPE_PQG_SEED           0xce534365UL
-#define CKA_NETSCAPE_PQG_H              0xce534366UL
-#define CKA_NETSCAPE_PQG_SEED_BITS      0xce534367UL
-#define CKA_NETSCAPE_MODULE_SPEC        0xce534368UL
+#define CKA_NSS_URL                     0xce534351UL
+#define CKA_NSS_EMAIL                   0xce534352UL
+#define CKA_NSS_SMIME_INFO              0xce534353UL
+#define CKA_NSS_SMIME_TIMESTAMP         0xce534354UL
+#define CKA_NSS_PKCS8_SALT              0xce534355UL
+#define CKA_NSS_PASSWORD_CHECK          0xce534356UL
+#define CKA_NSS_EXPIRES                 0xce534357UL
+#define CKA_NSS_KRL                     0xce534358UL
+#define CKA_NSS_PQG_COUNTER             0xce534364UL
+#define CKA_NSS_PQG_SEED                0xce534365UL
+#define CKA_NSS_PQG_H                   0xce534366UL
+#define CKA_NSS_PQG_SEED_BITS           0xce534367UL
+#define CKA_NSS_MODULE_SPEC             0xce534368UL
 
 /* NSS trust attributes */
 #define CKA_TRUST_DIGITAL_SIGNATURE     0xce536351UL
@@ -97,19 +97,20 @@ extern "C" {
 
 /* NSS trust values */
 typedef CK_ULONG                        CK_TRUST;
-#define CKT_NETSCAPE_TRUSTED            0xce534351UL
-#define CKT_NETSCAPE_TRUSTED_DELEGATOR  0xce534352UL
-#define CKT_NETSCAPE_UNTRUSTED          0xce534353UL
-#define CKT_NETSCAPE_MUST_VERIFY        0xce534354UL
-#define CKT_NETSCAPE_TRUST_UNKNOWN      0xce534355UL
+#define CKT_NSS_TRUSTED                 0xce534351UL
+#define CKT_NSS_TRUSTED_DELEGATOR       0xce534352UL
+#define CKT_NSS_MUST_VERIFY_TRUST       0xce534353UL
+#define CKT_NSS_NOT_TRUSTED             0xce53435AUL
+#define CKT_NSS_TRUST_UNKNOWN           0xce534355UL
+#define CKT_NSS_VALID_DELEGATOR         0xce53435BUL
 
 /* NSS specific mechanisms */
-#define CKM_NETSCAPE_AES_KEY_WRAP       0xce534351UL
-#define CKM_NETSCAPE_AES_KEY_WRAP_PAD   0xce534352UL
+#define CKM_NSS_AES_KEY_WRAP            0xce534351UL
+#define CKM_NSS_AES_KEY_WRAP_PAD        0xce534352UL
 
 /* NSS specific return values */
-#define CKR_NETSCAPE_CERTDB_FAILED      0xce534351UL
-#define CKR_NETSCAPE_KEYDB_FAILED       0xce534352UL
+#define CKR_NSS_CERTDB_FAILED           0xce534351UL
+#define CKR_NSS_KEYDB_FAILED            0xce534352UL
 
 #endif /* CRYPTOKI_NSS_VENDOR_DEFINED */
 
-- 
cgit v1.1