2728d0618e15ee3a2ecc5f6d15acd7898e6de85aTinderbox User * Copyright (C) 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
7e09576b7739de29ade3fc4d11daa1836d300459Tinderbox User * This Source Code Form is subject to the terms of the Mozilla Public
7e09576b7739de29ade3fc4d11daa1836d300459Tinderbox User * License, v. 2.0. If a copy of the MPL was not distributed with this
7e09576b7739de29ade3fc4d11daa1836d300459Tinderbox User * file, You can obtain one at http://mozilla.org/MPL/2.0/.
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* The documentation about this file is in README.site */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/*\brief Put here specific PKCS#11 tweaks
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews *\li PK11_<mechanism>_SKIP:
11435e83c66b7587b285187c2ed0c7de59992e6dEvan Hunt * Don't consider the lack of this mechanism as a fatal error.
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews *\li PK11_<mechanism>_REPLACE:
11435e83c66b7587b285187c2ed0c7de59992e6dEvan Hunt * Same as SKIP, and implement the mechanism using lower-level steps.
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews *\li PK11_<algorithm>_DISABLE:
11435e83c66b7587b285187c2ed0c7de59992e6dEvan Hunt * Same as SKIP, and disable support for the algorithm.
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont *\li PK11_PAD_HMAC_KEYS:
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont * Extend HMAC keys shorter than digest length.
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* current implemented flags are:
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_DH_PKCS_PARAMETER_GEN_SKIP
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_DSA_PARAMETER_GEN_SKIP
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan HuntPK11_RSA_PKCS_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_MD5_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_SHA_1_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_SHA224_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_SHA256_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_SHA384_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_SHA512_HMAC_REPLACE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_MD5_DISABLE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_DSA_DISABLE
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark AndrewsPK11_DH_DISABLE
78608b0a454246d0e1e0169f1d671b8427e48199Francis DupontPK11_PAD_HMAC_KEYS
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews * Predefined flavors
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* Thales nCipher */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* SoftHSMv1 with SHA224 */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* SoftHSMv2 */
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt/* Cryptech */
f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aeeEvan Hunt/* AEP Keyper */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* Default is for Thales nCipher */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews/* doesn't work but supported #define PK11_DSA_PARAMETER_GEN_SKIP */
78608b0a454246d0e1e0169f1d671b8427e48199Francis Dupont/* SoftHSMv2 was updated to enforce minimal key sizes... argh! */
c40906dfad6dd6e3a3e3c94b8c8847bc9bc064e5Mark Andrews#endif /* PK11_SITE_H */