Jim Spring wrote:
Most mechanism used by NSS are used independent of the application itself. NSS has it's own mappings for various SSL and TLS cipher suites, for instance. Other mechanisms are selected through oids.I've checked the PKCS11 FAQ and it doesn't list all of them, so I was curious if there is a definitive list of the hard coded mechanisms that Firefox (and Thunderbird) use? For instance, KeyGen uses CKM_RSA_PKCS. I'm looking for a short cut to trudging through the source :)Thanks -jim
That being said, you can do a grep in mozilla/security/manager/ssl/lib for CKM_ to find the entire list of hardcoded mechanisms used in Firefox outside those mechanisms used automatically by NSS. ( more than I would have expected). It appears most have to do with keygen.
nsCrypto.cpp: retMech = CKM_RSA_PKCS_KEY_PAIR_GEN; nsCrypto.cpp: retMech = CKM_EC_KEY_PAIR_GEN; nsCrypto.cpp: retMech = CKM_DH_PKCS_KEY_PAIR_GEN; nsCrypto.cpp: retMech = CKM_DSA_KEY_PAIR_GEN; nsCrypto.cpp: retMech = CKM_INVALID_MECHANISM; nsCrypto.cpp: case CKM_RSA_PKCS_KEY_PAIR_GEN: nsCrypto.cpp: case CKM_EC_KEY_PAIR_GEN: nsCrypto.cpp: case CKM_DSA_KEY_PAIR_GEN: nsCrypto.cpp: case CKM_RSA_PKCS_KEY_PAIR_GEN: nsCrypto.cpp: case CKM_EC_KEY_PAIR_GEN: nsCrypto.cpp: case CKM_DSA_KEY_PAIR_GEN:nsCrypto.cpp: CKM_ECDH1_DERIVE, // CK_MECHANISM_TYPE de
rivensCrypto.cpp: CKM_CONCATENATE_DATA_AND_BASE, // CK_MECH
ANISM_TYPE targetnsCrypto.cpp: CKM_CONCATENATE_DATA_AND_BASE, // CK_MECHANISM_TYPE
mechanismnsCrypto.cpp: CKM_CONCATENATE_BASE_AND_DATA, // CK_MECHANISM_TYPE
targetnsCrypto.cpp: CKM_CONCATENATE_BASE_AND_DATA, // CK_MECHANISM_TYPE
mechanismnsCrypto.cpp: CKM_SHA1_KEY_DERIVATION, // CK_MECHANISM_TYPE targe
tnsCrypto.cpp: CKM_SHA1_KEY_DERIVATION, // CK_MECHANISM_TYPE mecha
nism nsCrypto.cpp: CKM_SHA_1_HMAC, // CK_MECHANISM_TYPE targetnsCrypto.cpp: PK11_CreateContextBySymKey(CKM_SHA_1_HMAC, // CK_MECHANISM_TYPE
type nsKeygenHandler.cpp:#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 nsKeygenHandler.cpp:#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 nsKeygenHandler.cpp:#define CKM_DSA_KEY_PAIR_GEN 0x00000010 nsKeygenHandler.cpp: case CKM_RSA_PKCS_KEY_PAIR_GEN: nsKeygenHandler.cpp: searchMech = CKM_RSA_PKCS; nsKeygenHandler.cpp: case CKM_DSA_KEY_PAIR_GEN: nsKeygenHandler.cpp: searchMech = CKM_DSA; nsKeygenHandler.cpp: case CKM_RC4_KEY_GEN: nsKeygenHandler.cpp: searchMech = CKM_RC4; nsKeygenHandler.cpp: case CKM_DH_PKCS_KEY_PAIR_GEN:nsKeygenHandler.cpp: searchMech = CKM_DH_PKCS_DERIVE; /* ### mwelch is t
his right? */ nsKeygenHandler.cpp: case CKM_DES_KEY_GEN: nsKeygenHandler.cpp: case CKM_EC_KEY_PAIR_GEN: nsKeygenHandler.cpp: keyGenMechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; nsKeygenHandler.cpp: keyGenMechanism = CKM_DSA_KEY_PAIR_GEN; nsKeygenHandler.cpp: keyGenMechanism = CKM_EC_KEY_PAIR_GEN; nsKeygenHandler.cpp: case CKM_RSA_PKCS_KEY_PAIR_GEN: nsKeygenHandler.cpp: case CKM_DSA_KEY_PAIR_GEN: nsKeygenHandler.cpp: case CKM_EC_KEY_PAIR_GEN: nsKeyModule.cpp: cipherMech = CKM_RC4; nsNSSCertHelper.cpp: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), nsNSSCertHelper.cpp: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), nsNSSCertHelper.cpp: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), nsNSSCertHelper.cpp: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), nsNSSCertHelper.cpp: CKM_INVALID_MECHANISM, INVALID_CERT_EXTENSION ), nsNTLMAuthModule.cpp: CK_MECHANISM_TYPE cipherMech = CKM_DES_ECB;nsPK11TokenDB.cpp: list = PK11_GetAllTokens(CKM_INVALID_MECHANISM, PR_FALSE, PR
_FALSE, 0);nsPKCS12Blob.cpp: rv = GetSlotWithMechanism(CKM_RSA_PKCS, mUIContext,&slot);
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
