site.h revision f5c17a057fc5974bb51d7bc8c5827a7fd6dc9aee
d3498432822fb487e58f8f72bb5f880dd8307d7dMichael Sawyer * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * License, v. 2.0. If a copy of the MPL was not distributed with this
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * file, You can obtain one at http://mozilla.org/MPL/2.0/.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence/* The documentation about this file is in README.site */
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews/*\brief Put here specific PKCS#11 tweaks
2534a73a5914470f7ffe00663b6bbaff5e411e57Mark Andrews *\li PK11_<mechanism>_SKIP:
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence * Don't consider the lack of this mechanism as a fatal error.
813d6c9781d1fb48bb5c1d6d3415e65f7be5eeb0Andreas Gustafsson *\li PK11_<mechanism>_REPLACE:
813d6c9781d1fb48bb5c1d6d3415e65f7be5eeb0Andreas Gustafsson * Same as SKIP, and implement the mechanism using lower-level steps.
e6e0dadd30fc794b4b75f36ab8d1edb074fd5babMichael Sawyer *\li PK11_<algorithm>_DISABLE:
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas Gustafsson * Same as SKIP, and disable support for the algorithm.
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas Gustafsson/* current implemented flags are:
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark AndrewsPK11_DH_PKCS_PARAMETER_GEN_SKIP
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas GustafssonPK11_DSA_PARAMETER_GEN_SKIP
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas GustafssonPK11_RSA_PKCS_REPLACE
02b4e9aef28c1e1d261f49f88a6cf389d117948bAndreas GustafssonPK11_MD5_HMAC_REPLACE
6098d364b690cb9dabf96e9664c4689c8559bd2eMark AndrewsPK11_SHA_1_HMAC_REPLACE
473ca0bf8c73e5fc3132df074b2d4e14be5eaa1eAndreas GustafssonPK11_SHA224_HMAC_REPLACE
473ca0bf8c73e5fc3132df074b2d4e14be5eaa1eAndreas GustafssonPK11_SHA256_HMAC_REPLACE
473ca0bf8c73e5fc3132df074b2d4e14be5eaa1eAndreas GustafssonPK11_SHA384_HMAC_REPLACE
d98372394fd6253336e9c9d580f48bd6ff9710f7Michael SawyerPK11_SHA512_HMAC_REPLACE
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark AndrewsPK11_MD5_DISABLE
0b09763c354ec91fb352b6b4cea383bd0195b2d8Mark AndrewsPK11_DSA_DISABLE
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas GustafssonPK11_DH_DISABLE
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas Gustafsson * Predefined flavors
0e9dcd548051a8ec34744bfa18b4e09fea742a39Andreas Gustafsson/* Thales nCipher */
5006de65318890450e5b7008d8805ce48525f58eBrian Wellington/* SoftHSMv1 with SHA224 */
5006de65318890450e5b7008d8805ce48525f58eBrian Wellington/* SoftHSMv2 */
5006de65318890450e5b7008d8805ce48525f58eBrian Wellington/* Cryptech */
5006de65318890450e5b7008d8805ce48525f58eBrian Wellington/* AEP Keyper */
50105afc551903541608b11851d73278b23579a3Mark Andrews/* Default is for Thales nCipher */
2a90390deeff6ba07125bfb2c81ab4b582eb2777Mark Andrews/* doesn't work but supported #define PK11_DSA_PARAMETER_GEN_SKIP */
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_MD5_HMAC_REPLACE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_MD5_DISABLE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_RSA_PKCS_REPLACE
#define PK11_MD5_HMAC_REPLACE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE