/*
* Copyright (c) 2012 Red Hat Inc.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above
* copyright notice, this list of conditions and the
* following disclaimer.
* * Redistributions in binary form must reproduce the
* above copyright notice, this list of conditions and
* the following disclaimer in the documentation and/or
* other materials provided with the distribution.
* * The names of contributors to this software may not be
* used to endorse or promote products derived from this
* software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
* THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*
* Author: Stef Walter <stefw@redhat.com>
*/
#ifndef PKCS11_X_H_
#define PKCS11_X_H_ 1
#if defined(__cplusplus)
extern "C" {
#endif
/* -------------------------------------------------------------------
* NSS TRUST OBJECTS
*
* And related, non-standard
*/
/* Define this if you want the NSS specific symbols */
#define CRYPTOKI_NSS_VENDOR_DEFINED 1
#ifdef CRYPTOKI_NSS_VENDOR_DEFINED
/* Various NSS objects */
#define CKO_NETSCAPE_CRL 0xce534351UL
#define CKO_NETSCAPE_SMIME 0xce534352UL
#define CKO_NETSCAPE_TRUST 0xce534353UL
#define CKO_NETSCAPE_BUILTIN_ROOT_LIST 0xce534354UL
#define CKO_NETSCAPE_NEWSLOT 0xce534355UL
#define CKO_NETSCAPE_DELSLOT 0xce534356UL
/* Various NSS key types */
#define CKK_NETSCAPE_PKCS8 0xce534351UL
/* Various NSS attributes */
#define CKA_NETSCAPE_URL 0xce534351UL
#define CKA_NETSCAPE_EMAIL 0xce534352UL
#define CKA_NETSCAPE_SMIME_INFO 0xce534353UL
#define CKA_NETSCAPE_SMIME_TIMESTAMP 0xce534354UL
#define CKA_NETSCAPE_PKCS8_SALT 0xce534355UL
#define CKA_NETSCAPE_PASSWORD_CHECK 0xce534356UL
#define CKA_NETSCAPE_EXPIRES 0xce534357UL
#define CKA_NETSCAPE_KRL 0xce534358UL
#define CKA_NETSCAPE_PQG_COUNTER 0xce534364UL
#define CKA_NETSCAPE_PQG_SEED 0xce534365UL
#define CKA_NETSCAPE_PQG_H 0xce534366UL
#define CKA_NETSCAPE_PQG_SEED_BITS 0xce534367UL
#define CKA_NETSCAPE_MODULE_SPEC 0xce534368UL
/* NSS trust attributes */
#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL
#define CKA_TRUST_NON_REPUDIATION 0xce536352UL
#define CKA_TRUST_KEY_ENCIPHERMENT 0xce536353UL
#define CKA_TRUST_DATA_ENCIPHERMENT 0xce536354UL
#define CKA_TRUST_KEY_AGREEMENT 0xce536355UL
#define CKA_TRUST_KEY_CERT_SIGN 0xce536356UL
#define CKA_TRUST_CRL_SIGN 0xce536357UL
#define CKA_TRUST_SERVER_AUTH 0xce536358UL
#define CKA_TRUST_CLIENT_AUTH 0xce536359UL
#define CKA_TRUST_CODE_SIGNING 0xce53635aUL
#define CKA_TRUST_EMAIL_PROTECTION 0xce53635bUL
#define CKA_TRUST_IPSEC_END_SYSTEM 0xce53635cUL
#define CKA_TRUST_IPSEC_TUNNEL 0xce53635dUL
#define CKA_TRUST_IPSEC_USER 0xce53635eUL
#define CKA_TRUST_TIME_STAMPING 0xce53635fUL
#define CKA_TRUST_STEP_UP_APPROVED 0xce536360UL
#define CKA_CERT_SHA1_HASH 0xce5363b4UL
#define CKA_CERT_MD5_HASH 0xce5363b5UL
/* NSS trust values */
typedef CK_ULONG CK_TRUST;
#define CKT_NETSCAPE_TRUSTED 0xce534351UL
#define CKT_NETSCAPE_TRUSTED_DELEGATOR 0xce534352UL
#define CKT_NETSCAPE_UNTRUSTED 0xce534353UL
#define CKT_NETSCAPE_MUST_VERIFY 0xce534354UL
#define CKT_NETSCAPE_TRUST_UNKNOWN 0xce534355UL
/* NSS specific mechanisms */
#define CKM_NETSCAPE_AES_KEY_WRAP 0xce534351UL
#define CKM_NETSCAPE_AES_KEY_WRAP_PAD 0xce534352UL
/* NSS specific return values */
#define CKR_NETSCAPE_CERTDB_FAILED 0xce534351UL
#define CKR_NETSCAPE_KEYDB_FAILED 0xce534352UL
#endif /* CRYPTOKI_NSS_VENDOR_DEFINED */
/* Define this if you want the vendor specific symbols */
#define CRYPTOKI_X_VENDOR_DEFINED 1
#ifdef CRYPTOKI_X_VENDOR_DEFINED
#define CKA_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL)
#define CKO_X_VENDOR (CKA_VENDOR_DEFINED | 0x58444700UL)
/* -------------------------------------------------------------------
* TRUST ASSERTIONS
*
* These are retired and should not be used in new code
*/
#define CKO_X_TRUST_ASSERTION (CKO_X_VENDOR + 100)
#define CKA_X_ASSERTION_TYPE (CKA_X_VENDOR + 1)
#define CKA_X_CERTIFICATE_VALUE (CKA_X_VENDOR + 2)
#define CKA_X_PURPOSE (CKA_X_VENDOR + 3)
#define CKA_X_PEER (CKA_X_VENDOR + 4)
typedef CK_ULONG CK_X_ASSERTION_TYPE;
#define CKT_X_DISTRUSTED_CERTIFICATE 1UL
#define CKT_X_PINNED_CERTIFICATE 2UL
#define CKT_X_ANCHORED_CERTIFICATE 3UL
/* -------------------------------------------------------------------
* STAPLED CERTIFICATES
*
* Not yet final
*/
#define CKO_X_CERTIFICATE_EXTENSION (CKO_X_VENDOR + 200)
#define CKA_X_DISTRUSTED (CKA_X_VENDOR + 100)
#define CKA_X_CRITICAL (CKA_X_VENDOR + 101)
#endif /* CRYPTOKI_X_VENDOR_DEFINED */
#if defined(__cplusplus)
}
#endif
#endif /* PKCS11_X_H_ */