X (CKA_X_PEER)
X (CKA_X_DISTRUSTED)
X (CKA_X_CRITICAL)
- X (CKA_NETSCAPE_URL)
- X (CKA_NETSCAPE_EMAIL)
- X (CKA_NETSCAPE_SMIME_INFO)
- X (CKA_NETSCAPE_SMIME_TIMESTAMP)
- X (CKA_NETSCAPE_PKCS8_SALT)
- X (CKA_NETSCAPE_PASSWORD_CHECK)
- X (CKA_NETSCAPE_EXPIRES)
- X (CKA_NETSCAPE_KRL)
- X (CKA_NETSCAPE_PQG_COUNTER)
- X (CKA_NETSCAPE_PQG_SEED)
- X (CKA_NETSCAPE_PQG_H)
- X (CKA_NETSCAPE_PQG_SEED_BITS)
- X (CKA_NETSCAPE_MODULE_SPEC)
+ X (CKA_NSS_URL)
+ X (CKA_NSS_EMAIL)
+ X (CKA_NSS_SMIME_INFO)
+ X (CKA_NSS_SMIME_TIMESTAMP)
+ X (CKA_NSS_PKCS8_SALT)
+ X (CKA_NSS_PASSWORD_CHECK)
+ X (CKA_NSS_EXPIRES)
+ X (CKA_NSS_KRL)
+ X (CKA_NSS_PQG_COUNTER)
+ X (CKA_NSS_PQG_SEED)
+ X (CKA_NSS_PQG_H)
+ X (CKA_NSS_PQG_SEED_BITS)
+ X (CKA_NSS_MODULE_SPEC)
X (CKA_TRUST_DIGITAL_SIGNATURE)
X (CKA_TRUST_NON_REPUDIATION)
X (CKA_TRUST_KEY_ENCIPHERMENT)
X (CKO_MECHANISM)
X (CKO_X_TRUST_ASSERTION)
X (CKO_X_CERTIFICATE_EXTENSION)
- X (CKO_NETSCAPE_CRL)
- X (CKO_NETSCAPE_SMIME)
- X (CKO_NETSCAPE_TRUST)
- X (CKO_NETSCAPE_BUILTIN_ROOT_LIST)
- X (CKO_NETSCAPE_NEWSLOT)
- X (CKO_NETSCAPE_DELSLOT)
+ X (CKO_NSS_CRL)
+ X (CKO_NSS_SMIME)
+ X (CKO_NSS_TRUST)
+ X (CKO_NSS_BUILTIN_ROOT_LIST)
+ X (CKO_NSS_NEWSLOT)
+ X (CKO_NSS_DELSLOT)
#undef X
}
X (CKK_AES)
X (CKK_BLOWFISH)
X (CKK_TWOFISH)
- X (CKK_NETSCAPE_PKCS8)
+ X (CKK_NSS_PKCS8)
#undef X
}
switch (trust) {
#define X(x) case x: string = #x; break;
- X (CKT_NETSCAPE_TRUSTED)
- X (CKT_NETSCAPE_TRUSTED_DELEGATOR)
- X (CKT_NETSCAPE_UNTRUSTED)
- X (CKT_NETSCAPE_MUST_VERIFY)
- X (CKT_NETSCAPE_TRUST_UNKNOWN)
+ X (CKT_NSS_TRUSTED)
+ X (CKT_NSS_TRUSTED_DELEGATOR)
+ X (CKT_NSS_NOT_TRUSTED)
+ X (CKT_NSS_MUST_VERIFY_TRUST)
+ X (CKT_NSS_TRUST_UNKNOWN)
}
if (string != NULL)
X (CKA_X_PEER)
X (CKA_X_DISTRUSTED)
X (CKA_X_CRITICAL)
- X (CKA_NETSCAPE_URL)
- X (CKA_NETSCAPE_EMAIL)
- X (CKA_NETSCAPE_SMIME_INFO)
- X (CKA_NETSCAPE_SMIME_TIMESTAMP)
- X (CKA_NETSCAPE_PKCS8_SALT)
- X (CKA_NETSCAPE_PASSWORD_CHECK)
- X (CKA_NETSCAPE_EXPIRES)
- X (CKA_NETSCAPE_KRL)
- X (CKA_NETSCAPE_PQG_COUNTER)
- X (CKA_NETSCAPE_PQG_SEED)
- X (CKA_NETSCAPE_PQG_H)
- X (CKA_NETSCAPE_PQG_SEED_BITS)
- X (CKA_NETSCAPE_MODULE_SPEC)
+ X (CKA_NSS_URL)
+ X (CKA_NSS_EMAIL)
+ X (CKA_NSS_SMIME_INFO)
+ X (CKA_NSS_SMIME_TIMESTAMP)
+ X (CKA_NSS_PKCS8_SALT)
+ X (CKA_NSS_PASSWORD_CHECK)
+ X (CKA_NSS_EXPIRES)
+ X (CKA_NSS_KRL)
+ X (CKA_NSS_PQG_COUNTER)
+ X (CKA_NSS_PQG_SEED)
+ X (CKA_NSS_PQG_H)
+ X (CKA_NSS_PQG_SEED_BITS)
+ X (CKA_NSS_MODULE_SPEC)
X (CKA_TRUST_DIGITAL_SIGNATURE)
X (CKA_TRUST_NON_REPUDIATION)
X (CKA_TRUST_KEY_ENCIPHERMENT)
#ifdef CRYPTOKI_NSS_VENDOR_DEFINED
/* Various NSS objects */
-#define CKO_NETSCAPE_CRL 0xce534351UL
-#define CKO_NETSCAPE_SMIME 0xce534352UL
-#define CKO_NETSCAPE_TRUST 0xce534353UL
-#define CKO_NETSCAPE_BUILTIN_ROOT_LIST 0xce534354UL
-#define CKO_NETSCAPE_NEWSLOT 0xce534355UL
-#define CKO_NETSCAPE_DELSLOT 0xce534356UL
+#define CKO_NSS_CRL 0xce534351UL
+#define CKO_NSS_SMIME 0xce534352UL
+#define CKO_NSS_TRUST 0xce534353UL
+#define CKO_NSS_BUILTIN_ROOT_LIST 0xce534354UL
+#define CKO_NSS_NEWSLOT 0xce534355UL
+#define CKO_NSS_DELSLOT 0xce534356UL
/* Various NSS key types */
-#define CKK_NETSCAPE_PKCS8 0xce534351UL
+#define CKK_NSS_PKCS8 0xce534351UL
/* Various NSS attributes */
-#define CKA_NETSCAPE_URL 0xce534351UL
-#define CKA_NETSCAPE_EMAIL 0xce534352UL
-#define CKA_NETSCAPE_SMIME_INFO 0xce534353UL
-#define CKA_NETSCAPE_SMIME_TIMESTAMP 0xce534354UL
-#define CKA_NETSCAPE_PKCS8_SALT 0xce534355UL
-#define CKA_NETSCAPE_PASSWORD_CHECK 0xce534356UL
-#define CKA_NETSCAPE_EXPIRES 0xce534357UL
-#define CKA_NETSCAPE_KRL 0xce534358UL
-#define CKA_NETSCAPE_PQG_COUNTER 0xce534364UL
-#define CKA_NETSCAPE_PQG_SEED 0xce534365UL
-#define CKA_NETSCAPE_PQG_H 0xce534366UL
-#define CKA_NETSCAPE_PQG_SEED_BITS 0xce534367UL
-#define CKA_NETSCAPE_MODULE_SPEC 0xce534368UL
+#define CKA_NSS_URL 0xce534351UL
+#define CKA_NSS_EMAIL 0xce534352UL
+#define CKA_NSS_SMIME_INFO 0xce534353UL
+#define CKA_NSS_SMIME_TIMESTAMP 0xce534354UL
+#define CKA_NSS_PKCS8_SALT 0xce534355UL
+#define CKA_NSS_PASSWORD_CHECK 0xce534356UL
+#define CKA_NSS_EXPIRES 0xce534357UL
+#define CKA_NSS_KRL 0xce534358UL
+#define CKA_NSS_PQG_COUNTER 0xce534364UL
+#define CKA_NSS_PQG_SEED 0xce534365UL
+#define CKA_NSS_PQG_H 0xce534366UL
+#define CKA_NSS_PQG_SEED_BITS 0xce534367UL
+#define CKA_NSS_MODULE_SPEC 0xce534368UL
/* NSS trust attributes */
#define CKA_TRUST_DIGITAL_SIGNATURE 0xce536351UL
/* NSS trust values */
typedef CK_ULONG CK_TRUST;
-#define CKT_NETSCAPE_TRUSTED 0xce534351UL
-#define CKT_NETSCAPE_TRUSTED_DELEGATOR 0xce534352UL
-#define CKT_NETSCAPE_UNTRUSTED 0xce534353UL
-#define CKT_NETSCAPE_MUST_VERIFY 0xce534354UL
-#define CKT_NETSCAPE_TRUST_UNKNOWN 0xce534355UL
+#define CKT_NSS_TRUSTED 0xce534351UL
+#define CKT_NSS_TRUSTED_DELEGATOR 0xce534352UL
+#define CKT_NSS_MUST_VERIFY_TRUST 0xce534353UL
+#define CKT_NSS_NOT_TRUSTED 0xce53435AUL
+#define CKT_NSS_TRUST_UNKNOWN 0xce534355UL
+#define CKT_NSS_VALID_DELEGATOR 0xce53435BUL
/* NSS specific mechanisms */
-#define CKM_NETSCAPE_AES_KEY_WRAP 0xce534351UL
-#define CKM_NETSCAPE_AES_KEY_WRAP_PAD 0xce534352UL
+#define CKM_NSS_AES_KEY_WRAP 0xce534351UL
+#define CKM_NSS_AES_KEY_WRAP_PAD 0xce534352UL
/* NSS specific return values */
-#define CKR_NETSCAPE_CERTDB_FAILED 0xce534351UL
-#define CKR_NETSCAPE_KEYDB_FAILED 0xce534352UL
+#define CKR_NSS_CERTDB_FAILED 0xce534351UL
+#define CKR_NSS_KEYDB_FAILED 0xce534352UL
#endif /* CRYPTOKI_NSS_VENDOR_DEFINED */
defawlt = present;
/* If blacklisted, don't even bother looking at extensions */
- if (present != CKT_NETSCAPE_UNTRUSTED)
+ if (present != CKT_NSS_NOT_TRUSTED)
data = p11_parsing_get_extension (parser, parsing, P11_OID_KEY_USAGE, &length);
if (data) {
* usages are to be set. If the extension was invalid, then
* fail safe to none of the key usages.
*/
- defawlt = CKT_NETSCAPE_TRUST_UNKNOWN;
+ defawlt = CKT_NSS_TRUST_UNKNOWN;
defs = p11_parser_get_asn1_defs (parser);
if (!p11_x509_parse_key_usage (defs, data, length, &ku))
return_val_if_reached (NULL);
/* The neutral value is set if an purpose is not present */
- if (allow == CKT_NETSCAPE_UNTRUSTED)
- neutral = CKT_NETSCAPE_UNTRUSTED;
+ if (allow == CKT_NSS_NOT_TRUSTED)
+ neutral = CKT_NSS_NOT_TRUSTED;
/* If anything explicitly set, then neutral is unknown */
else if (purposes || rejects)
- neutral = CKT_NETSCAPE_TRUST_UNKNOWN;
+ neutral = CKT_NSS_TRUST_UNKNOWN;
/* Otherwise neutral will allow any purpose */
else
neutral = allow;
/* The value set if a purpose is explictly rejected */
- disallow = CKT_NETSCAPE_UNTRUSTED;
+ disallow = CKT_NSS_NOT_TRUSTED;
for (i = 0; eku_attribute_map[i].type != CKA_INVALID; i++) {
attrs[i].type = eku_attribute_map[i].type;
CK_ATTRIBUTE *object = NULL;
CK_TRUST allow;
- CK_OBJECT_CLASS vclass = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS vclass = CKO_NSS_TRUST;
CK_BYTE vsha1_hash[P11_CHECKSUM_SHA1_LENGTH];
CK_BYTE vmd5_hash[P11_CHECKSUM_MD5_LENGTH];
CK_BBOOL vfalse = CK_FALSE;
/* Calculate the default allow trust */
if (distrust)
- allow = CKT_NETSCAPE_UNTRUSTED;
+ allow = CKT_NSS_NOT_TRUSTED;
else if (trust && authority)
- allow = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+ allow = CKT_NSS_TRUSTED_DELEGATOR;
else if (trust)
- allow = CKT_NETSCAPE_TRUSTED;
+ allow = CKT_NSS_TRUSTED;
else
- allow = CKT_NETSCAPE_TRUST_UNKNOWN;
+ allow = CKT_NSS_TRUST_UNKNOWN;
object = build_trust_object_ku (parser, parsing, object, allow);
return_if_fail (object != NULL);
check_has_trust_object (CuTest *cu,
CK_ATTRIBUTE *cert)
{
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_ATTRIBUTE klass = { CKA_CLASS, &trust_object, sizeof (trust_object) };
CK_OBJECT_HANDLE objects[2];
CK_ATTRIBUTE *match;
static void
test_find_builtin (CuTest *cu)
{
- CK_OBJECT_CLASS klass = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
+ CK_OBJECT_CLASS klass = CKO_NSS_BUILTIN_ROOT_LIST;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
static void
test_parse_openssl_trusted (CuTest *cu)
{
- CK_TRUST trusted = CKT_NETSCAPE_TRUSTED_DELEGATOR;
- CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED;
- CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+ CK_TRUST trusted = CKT_NSS_TRUSTED_DELEGATOR;
+ CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED;
+ CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN;
CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
static void
test_parse_openssl_distrusted (CuTest *cu)
{
- CK_TRUST distrusted = CKT_NETSCAPE_UNTRUSTED;
+ CK_TRUST distrusted = CKT_NSS_NOT_TRUSTED;
CK_OBJECT_CLASS certificate_extension = CKO_X_CERTIFICATE_EXTENSION;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE distrusted_certificate = CKT_X_DISTRUSTED_CERTIFICATE;
static void
test_parse_with_key_usage (CuTest *cu)
{
- CK_TRUST trusted = CKT_NETSCAPE_TRUSTED;
- CK_TRUST unknown = CKT_NETSCAPE_TRUST_UNKNOWN;
+ CK_TRUST trusted = CKT_NSS_TRUSTED;
+ CK_TRUST unknown = CKT_NSS_TRUST_UNKNOWN;
CK_OBJECT_CLASS klass = CKO_CERTIFICATE;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
CK_CERTIFICATE_TYPE x509 = CKC_X_509;
test_parse_anchor (CuTest *cu)
{
CK_BBOOL vtrue = CK_TRUE;
- CK_OBJECT_CLASS trust_object = CKO_NETSCAPE_TRUST;
+ CK_OBJECT_CLASS trust_object = CKO_NSS_TRUST;
CK_ATTRIBUTE trusted = { CKA_TRUSTED, &vtrue, sizeof (vtrue) };
- CK_TRUST delegator = CKT_NETSCAPE_TRUSTED_DELEGATOR;
+ CK_TRUST delegator = CKT_NSS_TRUSTED_DELEGATOR;
CK_OBJECT_CLASS trust_assertion = CKO_X_TRUST_ASSERTION;
CK_X_ASSERTION_TYPE anchored_certificate = CKT_X_ANCHORED_CERTIFICATE;
static int
load_builtin_objects (p11_token *token)
{
- CK_OBJECT_CLASS builtin = CKO_NETSCAPE_BUILTIN_ROOT_LIST;
- CK_OBJECT_CLASS nss_trust = CKO_NETSCAPE_TRUST;
- CK_TRUST nss_not_trusted = CKT_NETSCAPE_UNTRUSTED;
+ CK_OBJECT_CLASS builtin = CKO_NSS_BUILTIN_ROOT_LIST;
+ CK_OBJECT_CLASS nss_trust = CKO_NSS_TRUST;
+ CK_TRUST nss_not_trusted = CKT_NSS_NOT_TRUSTED;
CK_BBOOL vtrue = CK_TRUE;
CK_BBOOL vfalse = CK_FALSE;
projects / p11-kit / commitdiff