Hallo, dies ist ein Test.

PWD: /www/data-lst1/unixsoft/unixsoft/kaempfer/.public_html

Running in File Mode
Relative path: ././../../../../../../usr/include/security/pkcs11x.h
Real path: /usr/include/security/pkcs11x.h
Zurück

/* * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. */ /* * Supplement to OASIS PKCS #11 v2.40 header files. Missing constants and * unresolved structure definitions are put in this header file. */ #ifndef _PKCS11X_H_ #define _PKCS11X_H_ #ifdef __cplusplus extern "C" { #endif /* Missing key types for v2.40, renumbered due to conflicts. */ #define CKK_SHA512_224_HMAC 0x00000040UL #define CKK_SHA512_256_HMAC 0x00000041UL #define CKK_SHA512_T_HMAC 0x00000042UL /* Missing mechanisms for v2.40, renumbered due to conflicts. */ #define CKM_DSA_FIPS_G_GEN 0x00000017UL /* * TLS v1.0, v1.1, and v1.2 structure definitions still need work for v2.40. * * The PKCS#11 v2.40 specification wholly redefines mechanisms and parameter * structures used to implement TLS 1) master key derivation, 2) key block * expansion, and 3) finish message verification. * * This implementation converts all the SSL3 and former TLS (i.e. v1.0/v1.1) * parameter structures to use TLS12 parameter structures internally. The * prior mechanisms that had "_TLS_" in the name are still supported, for * backward compatibility, alongside the new mechanisms that have "_TLS12_" * in the name. * * The TLS PRF() is built on a sequence of hashes to generate arbitrarily * long streams of data. The sequence of hashes is defined as * * A(0) = seed * A(i) = HMAC_<hash>(secret, A(i-1)) * * P_<hash>(secret, seed) = HMAC_<hash>(secret, A(1) "+" seed) "+" * HMAC_<hash>(secret, A(2) "+" seed) "+" * HMAC_<hash>(secret, A(3) "+" seed) "+" ... * * where <hash> in { MD5, SHA1, SHA256, SHA384, SHA512 } and * "+" means order-sensitive concatenation. MD5 and SHA1 are * retained for TLS v1.0/v1.1 * * The TLS v1.0/v1.1 mechanisms are based on a PRF() that is defined as * * secret = S1 "+" S2, where S1 and S2 are equal halves of secret [1] * * PRF(secret, label, seed) = * P_<hash=MD5>(S1, label + seed) xor P_<hash=SHA1>(S2, label + seed); * * (RFC 2246, sect. 5. This is for TLS 1.0.) * * [1] If secret was odd length S1 and S2 share the byte in the middle, * i.e., the last byte of S1 is the same as the first byte of S2. * * The TLS v1.2 mechanisms are based on a PRF() that is redefined as * * PRF(secret, label, seed) = P_<hash>(secret, label "+" seed) * * (RFC 5246, sect. 5. This is for TLS 1.2.) * * For this reason the original "TLS"-named mechanisms and structures, such * as CKM_TLS_PRF and CK_TLS_PRF_PARAMS, now have "TLS12" counterparts, such * as CKM_TLS12_PRF and CK_TLS12_PRF_PARAMS to differentiate the underlying * PRF() that is used in the computation. * * Older applications should not need to be modified, as the old mechanisms * from PKCS#11 v2.20 and v2.30-Draft are retained, despite any deprecation * and removal by PKCS#11 v2.40. * * New applications should use the "_TLS12_"-named mechanisms and structures * for both TLS v1.0/v1.1 and TLS v1.2 purposes. * * NOTE CAREFULLY: PKCS#11 v2.40, Current Mechanisms, Section 2.29 may be * modified for corrections by future revisions of the specification. The * constants and structures are therefore subject to further changes. */ /* Can be used for TLS 1.0/1.1 only */ #define CKM_TLS_VERIFY_DATA CKM_TLS_MAC /* deviates v2.40 */ /* Can be used for TLS 1.0/1.1/1.2 */ #define CKM_TLS12_PRF 0x80000AAAUL /* deviates v2.40 */ #define CKM_TLS12_VERIFY_DATA CKM_TLS12_MAC /* deviates v2.40 */ /* * TLS v1.0, v1.1, v1.2 structures * * Where possible, "_TLS12_"-named structures begin exactly like their * "_TLS_"-named counterparts. This is done to allow applications to * byte-copy "_TLS_" structures onto "_TLS12_" structures. The OASIS * PKCS#11 v2.40 did not consider this in a consistent manner, which * result in deviations from the order of structure members defined by * OASIS PKCS#11 v2.40 headers. * * The following items still need to be resolved at the OASIS PKCS#11 * Technical Committee level before they have be resolved here. */ /* Item 1: CK_TLS12_PRF_PARAMS */ /* Similar to CK_TLS_PRF_PARAMS with an extra field for the hash mechanism */ typedef struct CK_TLS12_PRF_PARAMS { CK_BYTE_PTR pSeed; CK_ULONG ulSeedLen; CK_BYTE_PTR pLabel; CK_ULONG ulLabelLen; CK_BYTE_PTR pOutput; CK_ULONG_PTR pulOutputLen; CK_MECHANISM_TYPE prfHashMechanism; /* extra field for TLS v1.2 */ /* deviates v2.40 */ } CK_TLS12_PRF_PARAMS; typedef CK_TLS12_PRF_PARAMS CK_PTR CK_TLS12_PRF_PARAMS_PTR; /* Item 2: CK_TLS12_MAC_PARAMS */ /* Same as CK_TLS_MAC_PARAMS , but prfHashMechanism at bottom */ typedef struct CK_TLS12_MAC_PARAMS { CK_ULONG ulMacLength; CK_ULONG ulServerOrClient; CK_MECHANISM_TYPE prfHashMechanism; /* extra field for TLS v1.2 */ /* deviates v2.40 */ } CK_TLS12_MAC_PARAMS; typedef CK_TLS12_MAC_PARAMS CK_PTR CK_TLS12_MAC_PARAMS_PTR; /* Some compatability defines until the TLS section settles. */ #define CK_TLS12_VERIFY_DATA_PARAMS CK_TLS12_MAC_PARAMS #define CK_TLS12_VERIFY_DATA_PARAMS_PTR CK_TLS12_MAC_PARAMS_PTR /* Item 3: CK_TLS_KDF_PARAMS and CK_TLS12_KDF_PARAMS */ /* * The OASIS PCKS#11 v2.40 definition of CK_TLS_KDF_PARAMS is significantly * different from what was discovered during development. We created a * "private_" version due to conflict of naming. * * These inconsistencies with structure members also needs to be resolved: * #define prfMechanism prfHashMechanism * #define ulLabelLength ulLabelLen */ typedef struct private_CK_TLS_KDF_PARAMS { CK_TLS_KDF_PARAMS tlskdfp; CK_BYTE_PTR pOutput; /* deviation from PKCS#11 v2.40... */ CK_ULONG ulOutputLen; /* ... pOutput/ulOutputLen missing */ /* deviates v2.40 */ } private_CK_TLS_KDF_PARAMS; typedef private_CK_TLS_KDF_PARAMS CK_PTR private_CK_TLS_KDF_PARAMS_PTR; #define CK_TLS12_KDF_PARAMS private_CK_TLS_KDF_PARAMS #define CK_TLS12_KDF_PARAMS_PTR private_CK_TLS_KDF_PARAMS_PTR #ifdef __cplusplus } #endif #endif /* _PKCS11X_H_ */