robd wrote:
What version of PKCS #11 is this header file from?It's not a full 2.20. Only those mechanisms that were missing for HMAC were added.
It appears that it is 2.20 but I have found differences between what's
in the Firefox 1.0.2 & NSS 3.9 source and what is posted on the RSA
Labs site.
There is typically some merging between the RSA and NSS versions anyway, We're in the middle of releasing 3.10, so I don't think we'll get a merged version in by 3.11. One way to increase the chances that we get it in 3.11 is to write a bug about it;). You can assign the bug to me. Besides the diffs you give, there are also missing mechanisms.
bob
The Firefox/NSS source defines the following mechanisms:
#define CKM_SHA256_HMAC_GENERAL 0x00000251 /* v2.20 */
#define CKM_SHA256_HMAC 0x00000252 /* v2.20 */
#define CKM_SHA384_HMAC_GENERAL 0x00000261 /* v2.20 */
#define CKM_SHA384_HMAC 0x00000262 /* v2.20 */
#define CKM_SHA512_HMAC_GENERAL 0x00000271 /* v2.20 */
#define CKM_SHA512_HMAC 0x00000272 /* v2.20 */
The only difference here is the NSS has a comment about what version the
Hmm, These need to be fixed. I think EC is turned off by default, so we have an opportunity here...However on the RSA site these are: #define CKM_SHA256_HMAC 0x00000251 #define CKM_SHA256_HMAC_GENERAL 0x00000252 #define CKM_SHA384_HMAC 0x00000261 #define CKM_SHA384_HMAC_GENERAL 0x00000262 #define CKM_SHA512_HMAC 0x00000271 #define CKM_SHA512_HMAC_GENERAL 0x00000272
NSS uses some extenstions to pass environment/application specific parameters to the PKCS #11 module. I wrote a proposal long ago (years) the the PKCS #11 mailing list, but didn't have time to push it, so it's lost in the archives.The Firefox/NSS source defines the following mechanisms: #define CKM_ECDH1_DERIVE 0x00001043 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001044 #define CKM_ECMQV_DERIVE 0x00001045
However on the RSA site these are: #define CKM_ECDH1_DERIVE 0x00001050 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 #define CKM_ECMQV_DERIVE 0x00001052
The Firefox/NSS source defines the following structure:
typedef struct CK_C_INITIALIZE_ARGS {
CK_CREATEMUTEX CreateMutex;
CK_DESTROYMUTEX DestroyMutex;
CK_LOCKMUTEX LockMutex;
CK_UNLOCKMUTEX UnlockMutex;
CK_FLAGS flags;
CK_CHAR_PTR *LibraryParameters;
CK_VOID_PTR pReserved;
} CK_C_INITIALIZE_ARGS;
However on the RSA site: typedef struct CK_C_INITIALIZE_ARGS { CK_CREATEMUTEX CreateMutex; CK_DESTROYMUTEX DestroyMutex; CK_LOCKMUTEX LockMutex; CK_UNLOCKMUTEX UnlockMutex; CK_FLAGS flags; CK_VOID_PTR pReserved; } CK_C_INITIALIZE_ARGS;
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
