Bob Relyea wrote:
The Firefox/NSS source defines the following mechanisms:
#define CKM_SHA256_HMAC_GENERAL 0x00000251 /* v2.20 */
#define CKM_SHA256_HMAC 0x00000252 /* v2.20 */
#define CKM_SHA384_HMAC_GENERAL 0x00000261 /* v2.20 */
#define CKM_SHA384_HMAC 0x00000262 /* v2.20 */
#define CKM_SHA512_HMAC_GENERAL 0x00000271 /* v2.20 */
#define CKM_SHA512_HMAC 0x00000272 /* v2.20 */
The only difference here is the NSS has a comment about what version the
However on the RSA site these are: #define CKM_SHA256_HMAC 0x00000251 #define CKM_SHA256_HMAC_GENERAL 0x00000252 #define CKM_SHA384_HMAC 0x00000261 #define CKM_SHA384_HMAC_GENERAL 0x00000262 #define CKM_SHA512_HMAC 0x00000271 #define CKM_SHA512_HMAC_GENERAL 0x00000272
Bob, Look at value 0x00..0251. In NSS it's ..._HMAC_GENERAL In RSA it's ..._HMAC
All those HMAC mechanism types appear to have the _HMAC and _HMAC_GENERAL labels reversed. :( :(
I see no way to fix this without breaking backward binary compatibility
for these mechanisms. But maybe that's not so bad. These are not yet
widely used. NSS's libSMIME uses them, but IINM, it doesn't expose the mechanism numbers to its users but uses OIDs (or OIDtags) instead.
I doubt that we'd break mozilla by changing them.
Hmm, These need to be fixed. I think EC is turned off by default, so we have an opportunity here...
Yes, that won't be hard to solve.
NSS uses some extenstions to pass environment/application specific parameters to the PKCS #11 module. I wrote a proposal long ago (years) the the PKCS #11 mailing list, but didn't have time to push it, so it's lost in the archives.The Firefox/NSS source defines the following mechanisms: #define CKM_ECDH1_DERIVE 0x00001043 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001044 #define CKM_ECMQV_DERIVE 0x00001045
However on the RSA site these are: #define CKM_ECDH1_DERIVE 0x00001050 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 #define CKM_ECMQV_DERIVE 0x00001052
The Firefox/NSS source defines the following structure:
typedef struct CK_C_INITIALIZE_ARGS {
CK_CREATEMUTEX CreateMutex;
CK_DESTROYMUTEX DestroyMutex;
CK_LOCKMUTEX LockMutex;
CK_UNLOCKMUTEX UnlockMutex;
CK_FLAGS flags;
CK_CHAR_PTR *LibraryParameters;
CK_VOID_PTR pReserved;
} CK_C_INITIALIZE_ARGS;
Another way to look at this is that NSS has used pReserved as its "LibraryParameters" string.
/Nelson _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
