/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef NSSCKMDT_H
#define NSSCKMDT_H

/*
 * nssckmdt.h
 *
 * This file specifies the basic types that must be implemented by
 * any Module using the NSS Cryptoki Framework.
 */

#ifndef NSSBASET_H
#include "nssbaset.h"
#endif /* NSSBASET_H */

#ifndef NSSCKT_H
#include "nssckt.h"
#endif /* NSSCKT_H */

#ifndef NSSCKFWT_H
#include "nssckfwt.h"
#endif /* NSSCKFWT_H */

typedef struct NSSCKMDInstanceStr NSSCKMDInstance;
typedef struct NSSCKMDSlotStr NSSCKMDSlot;
typedef struct NSSCKMDTokenStr NSSCKMDToken;
typedef struct NSSCKMDSessionStr NSSCKMDSession;
typedef struct NSSCKMDCryptoOperationStr NSSCKMDCryptoOperation;
typedef struct NSSCKMDFindObjectsStr NSSCKMDFindObjects;
typedef struct NSSCKMDMechanismStr NSSCKMDMechanism;
typedef struct NSSCKMDObjectStr NSSCKMDObject;

/*
 * NSSCKFWItem
 *
 * This is a structure used by modules to return object attributes.
 * The needsFreeing bit indicates whether the object needs to be freed.
 * If so, the framework will call the FreeAttribute function on the item
 * after it is done using it.
 *
 */

typedef struct {
    PRBool needsFreeing;
    NSSItem *item;
} NSSCKFWItem;

/*
 * NSSCKMDInstance
 *
 * This is the basic handle for an instance of a PKCS#11 Module.
 * It is returned by the Module's CreateInstance routine, and
 * may be obtained from the corresponding NSSCKFWInstance object.
 * It contains a pointer for use by the Module, to store any
 * instance-related data, and it contains the EPV for a set of
 * routines which the Module may implement for use by the Framework.
 * Some of these routines are optional; others are mandatory.
 */

struct NSSCKMDInstanceStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called by the Framework to initialize
     * the Module.  This routine is optional; if unimplemented,
     * it won't be called.  If this routine returns an error,
     * then the initialization will fail.
     */
    CK_RV(PR_CALLBACK *Initialize)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSUTF8 *configurationData);

    /*
     * This routine is called when the Framework is finalizing
     * the PKCS#11 Module.  It is the last thing called before
     * the NSSCKFWInstance's NSSArena is destroyed.  This routine
     * is optional; if unimplemented, it merely won't be called.
     */
    void(PR_CALLBACK *Finalize)(
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
   * This routine gets the number of slots.  This value must
   * never change, once the instance is initialized.  This
   * routine must be implemented.  It may return zero on error.
   */
    CK_ULONG(PR_CALLBACK *GetNSlots)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns the version of the Cryptoki standard
     * to which this Module conforms.  This routine is optional;
     * if unimplemented, the Framework uses the version to which
     * ~it~ was implemented.
     */
    CK_VERSION(PR_CALLBACK *GetCryptokiVersion)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing the manufacturer ID for this Module.  Only
     * the characters completely encoded in the first thirty-
     * two bytes are significant.  This routine is optional.
     * The string returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing a description of this Module library.  Only
     * the characters completely encoded in the first thirty-
     * two bytes are significant.  This routine is optional.
     * The string returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetLibraryDescription)(
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns the version of this Module library.
     * This routine is optional; if unimplemented, the Framework
     * will assume a Module library version of 0.1.
     */
    CK_VERSION(PR_CALLBACK *GetLibraryVersion)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the Module wishes to
     * handle session objects.  This routine is optional.
     * If this routine is NULL, or if it exists but returns
     * CK_FALSE, the Framework will assume responsibility
     * for managing session objects.
     */
    CK_BBOOL(PR_CALLBACK *ModuleHandlesSessionObjects)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine stuffs pointers to NSSCKMDSlot objects into
     * the specified array; one for each slot supported by this
     * instance.  The Framework will determine the size needed
     * for the array by calling GetNSlots.  This routine is
     * required.
     */
    CK_RV(PR_CALLBACK *GetSlots)
    (
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDSlot *slots[]);

    /*
     * This call returns a pointer to the slot in which an event
     * has occurred.  If the block argument is CK_TRUE, the call
     * should block until a slot event occurs; if CK_FALSE, it
     * should check to see if an event has occurred, occurred,
     * but return NULL (and set *pError to CK_NO_EVENT) if one
     * hasn't.  This routine is optional; if unimplemented, the
     * Framework will assume that no event has happened.  This
     * routine may return NULL upon error.
     */
    NSSCKMDSlot *(PR_CALLBACK *WaitForSlotEvent)(
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_BBOOL block,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDSlot
 *
 * This is the basic handle for a PKCS#11 Module Slot.  It is
 * created by the NSSCKMDInstance->GetSlots call, and may be
 * obtained from the Framework's corresponding NSSCKFWSlot
 * object.  It contains a pointer for use by the Module, to
 * store any slot-related data, and it contains the EPV for
 * a set of routines which the Module may implement for use
 * by the Framework.  Some of these routines are optional.
 */

struct NSSCKMDSlotStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called during the Framework initialization
     * step, after the Framework Instance has obtained the list
     * of slots (by calling NSSCKMDInstance->GetSlots).  Any slot-
     * specific initialization can be done here.  This routine is
     * optional; if unimplemented, it won't be called.  Note that
     * if this routine returns an error, the entire Framework
     * initialization for this Module will fail.
     */
    CK_RV(PR_CALLBACK *Initialize)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is called when the Framework is finalizing
     * the PKCS#11 Module.  This call (for each of the slots)
     * is the last thing called before NSSCKMDInstance->Finalize.
     * This routine is optional; if unimplemented, it merely
     * won't be called.  Note: In the rare circumstance that
     * the Framework initialization cannot complete (due to,
     * for example, memory limitations), this can be called with
     * a NULL value for fwSlot.
     */
    void(PR_CALLBACK *Destroy)(
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing a description of this slot.  Only the characters
     * completely encoded in the first sixty-four bytes are
     * significant.  This routine is optional.  The string
     * returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetSlotDescription)(
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing a description of the manufacturer of this slot.
     * Only the characters completely encoded in the first thirty-
     * two bytes are significant.  This routine is optional.
     * The string  returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns CK_TRUE if a token is present in this
     * slot.  This routine is optional; if unimplemented, CK_TRUE
     * is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetTokenPresent)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the slot supports removable
     * tokens.  This routine is optional; if unimplemented, CK_FALSE
     * is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetRemovableDevice)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if this slot is a hardware
     * device, or CK_FALSE if this slot is a software device.  This
     * routine is optional; if unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetHardwareSlot)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the version of this slot's hardware.
     * This routine is optional; if unimplemented, the Framework
     * will assume a hardware version of 0.1.
     */
    CK_VERSION(PR_CALLBACK *GetHardwareVersion)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the version of this slot's firmware.
     * This routine is optional; if unimplemented, the Framework
     * will assume a hardware version of 0.1.
     */
    CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
    (
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine should return a pointer to an NSSCKMDToken
     * object corresponding to the token in the specified slot.
     * The NSSCKFWToken object passed in has an NSSArena
     * available which is dedicated for this token.  This routine
     * must be implemented.  This routine may return NULL upon
     * error.
     */
    NSSCKMDToken *(PR_CALLBACK *GetToken)(
        NSSCKMDSlot *mdSlot,
        NSSCKFWSlot *fwSlot,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDToken
 *
 * This is the basic handle for a PKCS#11 Token.  It is created by
 * the NSSCKMDSlot->GetToken call, and may be obtained from the
 * Framework's corresponding NSSCKFWToken object.  It contains a
 * pointer for use by the Module, to store any token-related
 * data, and it contains the EPV for a set of routines which the
 * Module may implement for use by the Framework.  Some of these
 * routines are optional.
 */

struct NSSCKMDTokenStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is used to prepare a Module token object for
     * use.  It is called after the NSSCKMDToken object is obtained
     * from NSSCKMDSlot->GetToken.  It is named "Setup" here because
     * Cryptoki already defines "InitToken" to do the process of
     * wiping out any existing state on a token and preparing it for
     * a new use.  This routine is optional; if unimplemented, it
     * merely won't be called.
     */
    CK_RV(PR_CALLBACK *Setup)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is called by the Framework whenever it notices
     * that the token object is invalid.  (Typically this is when a
     * routine indicates an error such as CKR_DEVICE_REMOVED).  This
     * call is the last thing called before the NSSArena in the
     * corresponding NSSCKFWToken is destroyed.  This routine is
     * optional; if unimplemented, it merely won't be called.
     */
    void(PR_CALLBACK *Invalidate)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine initialises the token in the specified slot.
     * This routine is optional; if unimplemented, the Framework
     * will fail this operation with an error of CKR_DEVICE_ERROR.
     */

    CK_RV(PR_CALLBACK *InitToken)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *pin,
        NSSUTF8 *label);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing this token's label.  Only the characters
     * completely encoded in the first thirty-two bytes are
     * significant.  This routine is optional.  The string
     * returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetLabel)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing this token's manufacturer ID.  Only the characters
     * completely encoded in the first thirty-two bytes are
     * significant.  This routine is optional.  The string
     * returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetManufacturerID)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing this token's model name.  Only the characters
     * completely encoded in the first thirty-two bytes are
     * significant.  This routine is optional.  The string
     * returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetModel)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns a pointer to a UTF8-encoded string
     * containing this token's serial number.  Only the characters
     * completely encoded in the first thirty-two bytes are
     * significant.  This routine is optional.  The string
     * returned is never freed; if dynamically generated,
     * the space for it should be allocated from the NSSArena
     * that may be obtained from the NSSCKFWInstance.  This
     * routine may return NULL upon error; however if *pError
     * is CKR_OK, the NULL will be considered the valid response.
     */
    NSSUTF8 *(PR_CALLBACK *GetSerialNumber)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns CK_TRUE if the token has its own
     * random number generator.  This routine is optional; if
     * unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetHasRNG)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if this token is write-protected.
     * This routine is optional; if unimplemented, CK_FALSE is
     * assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetIsWriteProtected)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if this token requires a login.
     * This routine is optional; if unimplemented, CK_FALSE is
     * assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetLoginRequired)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the normal user's PIN on this
     * token has been initialised.  This routine is optional; if
     * unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetUserPinInitialized)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if a successful save of a
     * session's cryptographic operations state ~always~ contains
     * all keys needed to restore the state of the session.  This
     * routine is optional; if unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetRestoreKeyNotNeeded)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the token has its own
     * hardware clock.  This routine is optional; if unimplemented,
     * CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetHasClockOnToken)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the token has a protected
     * authentication path.  This routine is optional; if
     * unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetHasProtectedAuthenticationPath)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns CK_TRUE if the token supports dual
     * cryptographic operations within a single session.  This
     * routine is optional; if unimplemented, CK_FALSE is assumed.
     */
    CK_BBOOL(PR_CALLBACK *GetSupportsDualCryptoOperations)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * XXX fgmr-- should we have a call to return all the flags
     * at once, for folks who already know about Cryptoki?
     */

    /*
     * This routine returns the maximum number of sessions that
     * may be opened on this token.  This routine is optional;
     * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
     * is assumed.  XXX fgmr-- or CK_EFFECTIVELY_INFINITE?
     */
    CK_ULONG(PR_CALLBACK *GetMaxSessionCount)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the maximum number of read/write
     * sesisons that may be opened on this token.  This routine
     * is optional; if unimplemented, the special value
     * CK_UNAVAILABLE_INFORMATION is assumed.  XXX fgmr-- or
     * CK_EFFECTIVELY_INFINITE?
     */
    CK_ULONG(PR_CALLBACK *GetMaxRwSessionCount)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the maximum PIN code length that is
     * supported on this token.  This routine is optional;
     * if unimplemented, the special value CK_UNAVAILABLE_INFORMATION
     * is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetMaxPinLen)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the minimum PIN code length that is
     * supported on this token.  This routine is optional; if
     * unimplemented, the special value CK_UNAVAILABLE_INFORMATION
     *  is assumed.  XXX fgmr-- or 0?
     */
    CK_ULONG(PR_CALLBACK *GetMinPinLen)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the total amount of memory on the token
     * in which public objects may be stored.  This routine is
     * optional; if unimplemented, the special value
     * CK_UNAVAILABLE_INFORMATION is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetTotalPublicMemory)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the amount of unused memory on the
     * token in which public objects may be stored.  This routine
     * is optional; if unimplemented, the special value
     * CK_UNAVAILABLE_INFORMATION is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetFreePublicMemory)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the total amount of memory on the token
     * in which private objects may be stored.  This routine is
     * optional; if unimplemented, the special value
     * CK_UNAVAILABLE_INFORMATION is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetTotalPrivateMemory)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the amount of unused memory on the
     * token in which private objects may be stored.  This routine
     * is optional; if unimplemented, the special value
     * CK_UNAVAILABLE_INFORMATION is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetFreePrivateMemory)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the version number of this token's
     * hardware.  This routine is optional; if unimplemented,
     * the value 0.1 is assumed.
     */
    CK_VERSION(PR_CALLBACK *GetHardwareVersion)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the version number of this token's
     * firmware.  This routine is optional; if unimplemented,
     * the value 0.1 is assumed.
     */
    CK_VERSION(PR_CALLBACK *GetFirmwareVersion)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine stuffs the current UTC time, as obtained from
     * the token, into the sixteen-byte buffer in the form
     * YYYYMMDDhhmmss00.  This routine need only be implemented
     * by token which indicate that they have a real-time clock.
     * XXX fgmr-- think about time formats.
     */
    CK_RV(PR_CALLBACK *GetUTCTime)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_CHAR utcTime[16]);

    /*
     * This routine creates a session on the token, and returns
     * the corresponding NSSCKMDSession object.  The value of
     * rw will be CK_TRUE if the session is to be a read/write
     * session, or CK_FALSE otherwise.  An NSSArena dedicated to
     * the new session is available from the specified NSSCKFWSession.
     * This routine may return NULL upon error.
     */
    NSSCKMDSession *(PR_CALLBACK *OpenSession)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKFWSession *fwSession,
        CK_BBOOL rw,
        CK_RV *pError);

    /*
     * This routine returns the number of PKCS#11 Mechanisms
     * supported by this token.  This routine is optional; if
     * unimplemented, zero is assumed.
     */
    CK_ULONG(PR_CALLBACK *GetMechanismCount)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine stuffs into the specified array the types
     * of the mechanisms supported by this token.  The Framework
     * determines the size of the array by calling GetMechanismCount.
     */
    CK_RV(PR_CALLBACK *GetMechanismTypes)
    (
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_MECHANISM_TYPE types[]);

    /*
     * This routine returns a pointer to a Module mechanism
     * object corresponding to a specified type.  This routine
     * need only exist for tokens implementing at least one
     * mechanism.
     */
    NSSCKMDMechanism *(PR_CALLBACK *GetMechanism)(
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_MECHANISM_TYPE which,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDSession
 *
 * This is the basic handle for a session on a PKCS#11 Token.  It
 * is created by NSSCKMDToken->OpenSession, and may be obtained
 * from the Framework's corresponding NSSCKFWSession object.  It
 * contains a pointer for use by the Module, to store any session-
 * realted data, and it contains the EPV for a set of routines
 * which the Module may implement for use by the Framework.  Some
 * of these routines are optional.
 */

struct NSSCKMDSessionStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called by the Framework when a session is
     * closed.  This call is the last thing called before the
     * NSSArena in the correspoinding NSSCKFWSession is destroyed.
     * This routine is optional; if unimplemented, it merely won't
     * be called.
     */
    void(PR_CALLBACK *Close)(
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is used to get any device-specific error.
     * This routine is optional.
     */
    CK_ULONG(PR_CALLBACK *GetDeviceError)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is used to log in a user to the token.  This
     * routine is optional, since the Framework's NSSCKFWSession
     * object keeps track of the login state.
     */
    CK_RV(PR_CALLBACK *Login)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_USER_TYPE userType,
        NSSItem *pin,
        CK_STATE oldState,
        CK_STATE newState);

    /*
     * This routine is used to log out a user from the token.  This
     * routine is optional, since the Framework's NSSCKFWSession
     * object keeps track of the login state.
     */
    CK_RV(PR_CALLBACK *Logout)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_STATE oldState,
        CK_STATE newState);

    /*
     * This routine is used to initialize the normal user's PIN or
     * password.  This will only be called in the "read/write
     * security officer functions" state.  If this token has a
     * protected authentication path, then the pin argument will
     * be NULL.  This routine is optional; if unimplemented, the
     * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
     */
    CK_RV(PR_CALLBACK *InitPIN)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *pin);

    /*
     * This routine is used to modify a user's PIN or password.  This
     * routine will only be called in the "read/write security officer
     * functions" or "read/write user functions" state.  If this token
     * has a protected authentication path, then the pin arguments
     * will be NULL.  This routine is optional; if unimplemented, the
     * Framework will return the error CKR_TOKEN_WRITE_PROTECTED.
     */
    CK_RV(PR_CALLBACK *SetPIN)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *oldPin,
        NSSItem *newPin);

    /*
     * This routine is used to find out how much space would be required
     * to save the current operational state.  This routine is optional;
     * if unimplemented, the Framework will reject any attempts to save
     * the operational state with the error CKR_STATE_UNSAVEABLE.  This
     * routine may return zero on error.
     */
    CK_ULONG(PR_CALLBACK *GetOperationStateLen)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine is used to store the current operational state.  This
     * routine is only required if GetOperationStateLen is implemented
     * and can return a nonzero value.  The buffer in the specified item
     * will be pre-allocated, and the length will specify the amount of
     * space available (which may be more than GetOperationStateLen
     * asked for, but which will not be smaller).
     */
    CK_RV(PR_CALLBACK *GetOperationState)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *buffer);

    /*
     * This routine is used to restore an operational state previously
     * obtained with GetOperationState.  The Framework will take pains
     * to be sure that the state is (or was at one point) valid; if the
     * Module notices that the state is invalid, it should return an
     * error, but it is not required to be paranoid about the issue.
     * [XXX fgmr-- should (can?) the framework verify the keys match up?]
     * This routine is required only if GetOperationState is implemented.
     */
    CK_RV(PR_CALLBACK *SetOperationState)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *state,
        NSSCKMDObject *mdEncryptionKey,
        NSSCKFWObject *fwEncryptionKey,
        NSSCKMDObject *mdAuthenticationKey,
        NSSCKFWObject *fwAuthenticationKey);

    /*
     * This routine is used to create an object.  The specified template
     * will only specify a session object if the Module has indicated
     * that it wishes to handle its own session objects.  This routine
     * is optional; if unimplemented, the Framework will reject the
     * operation with the error CKR_TOKEN_WRITE_PROTECTED.  Space for
     * token objects should come from the NSSArena available from the
     * NSSCKFWToken object; space for session objects (if supported)
     * should come from the NSSArena available from the NSSCKFWSession
     * object.  The appropriate NSSArena pointer will, as a convenience,
     * be passed as the handyArenaPointer argument.  This routine may
     * return NULL upon error.
     */
    NSSCKMDObject *(PR_CALLBACK *CreateObject)(
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSArena *handyArenaPointer,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This routine is used to make a copy of an object.  It is entirely
     * optional; if unimplemented, the Framework will try to use
     * CreateObject instead.  If the Module has indicated that it does
     * not wish to handle session objects, then this routine will only
     * be called to copy a token object to another token object.
     * Otherwise, either the original object or the new may be of
     * either the token or session variety.  As with CreateObject, the
     * handyArenaPointer will point to the appropriate arena for the
     * new object.  This routine may return NULL upon error.
     */
    NSSCKMDObject *(PR_CALLBACK *CopyObject)(
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdOldObject,
        NSSCKFWObject *fwOldObject,
        NSSArena *handyArenaPointer,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This routine is used to begin an object search.  This routine may
     * be unimplemented only if the Module does not handle session
     * objects, and if none of its tokens have token objects.  The
     * NSSCKFWFindObjects pointer has an NSSArena that may be used for
     * storage for the life of this "find" operation.  This routine may
     * return NULL upon error.  If the Module can determine immediately
     * that the search will not find any matching objects, it may return
     * NULL, and specify CKR_OK as the error.
     */
    NSSCKMDFindObjects *(PR_CALLBACK *FindObjectsInit)(
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This routine seeds the random-number generator.  It is
     * optional, even if GetRandom is implemented.  If unimplemented,
     * the Framework will issue the error CKR_RANDOM_SEED_NOT_SUPPORTED.
     */
    CK_RV(PR_CALLBACK *SeedRandom)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *seed);

    /*
     * This routine gets random data.  It is optional.  If unimplemented,
     * the Framework will issue the error CKR_RANDOM_NO_RNG.
     */
    CK_RV(PR_CALLBACK *GetRandom)
    (
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *buffer);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDFindObjects
 *
 * This is the basic handle for an object search.  It is
 * created by NSSCKMDSession->FindObjectsInit, and may be
 * obtained from the Framework's corresponding object.
 * It contains a pointer for use by the Module, to store
 * any search-related data, and it contains the EPV for a
 * set of routines which the Module may implement for use
 * by the Framework.  Some of these routines are optional.
 */

struct NSSCKMDFindObjectsStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called by the Framework to finish a
     * search operation.  Note that the Framework may finish
     * a search before it has completed.  This routine is
     * optional; if unimplemented, it merely won't be called.
     */
    void(PR_CALLBACK *Final)(
        NSSCKMDFindObjects *mdFindObjects,
        NSSCKFWFindObjects *fwFindObjects,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is used to obtain another pointer to an
     * object matching the search criteria.  This routine is
     * required.  If no (more) objects match the search, it
     * should return NULL and set the error to CKR_OK.
     */
    NSSCKMDObject *(PR_CALLBACK *Next)(
        NSSCKMDFindObjects *mdFindObjects,
        NSSCKFWFindObjects *fwFindObjects,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSArena *arena,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDCryptoOperaion
 *
 * This is the basic handle for an encryption, decryption,
 * sign, verify, or hash opertion.
 * created by NSSCKMDMechanism->XXXXInit, and may be
 * obtained from the Framework's corresponding object.
 * It contains a pointer for use by the Module, to store
 * any intermediate data, and it contains the EPV for a
 * set of routines which the Module may implement for use
 * by the Framework.  Some of these routines are optional.
 */

struct NSSCKMDCryptoOperationStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called by the Framework clean up the mdCryptoOperation
     * structure.
     * This routine is optional; if unimplemented, it will be ignored.
     */
    void(PR_CALLBACK *Destroy)(
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * how many bytes do we need to finish this buffer?
     * must be implemented if Final is implemented.
     */
    CK_ULONG(PR_CALLBACK *GetFinalLength)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * how many bytes do we need to complete the next operation.
     * used in both Update and UpdateFinal.
     */
    CK_ULONG(PR_CALLBACK *GetOperationLength)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        const NSSItem *inputBuffer,
        CK_RV *pError);

    /*
     * This routine is called by the Framework to finish a
     * search operation.  Note that the Framework may finish
     * a search before it has completed.  This routine is
     * optional; if unimplemented, it merely won't be called.
     * The respective final call with fail with CKR_FUNCTION_FAILED
     * Final should not free the mdCryptoOperation.
     */
    CK_RV(PR_CALLBACK *Final)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSItem *outputBuffer);

    /*
     * This routine is called by the Framework to complete the
     * next step in an encryption/decryption operation.
     * This routine is optional; if unimplemented, the respective
     * update call with fail with CKR_FUNCTION_FAILED.
     * Update should not be implemented for signing/verification/digest
     * mechanisms.
     */
    CK_RV(PR_CALLBACK *Update)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        const NSSItem *inputBuffer,
        NSSItem *outputBuffer);

    /*
     * This routine is called by the Framework to complete the
     * next step in a signing/verification/digest operation.
     * This routine is optional; if unimplemented, the respective
     * update call with fail with CKR_FUNCTION_FAILED
     * Update should not be implemented for encryption/decryption
     * mechanisms.
     */
    CK_RV(PR_CALLBACK *DigestUpdate)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        const NSSItem *inputBuffer);

    /*
     * This routine is called by the Framework to complete a
     * single step operation. This routine is optional; if unimplemented,
     * the framework will use the Update and Final functions to complete
     * the operation.
     */
    CK_RV(PR_CALLBACK *UpdateFinal)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        const NSSItem *inputBuffer,
        NSSItem *outputBuffer);

    /*
     * This routine is called by the Framework to complete next
     * step in a combined operation. The Decrypt/Encrypt mechanism
     * should define and drive the combo step.
     * This routine is optional; if unimplemented,
     * the framework will use the appropriate Update functions to complete
     * the operation.
     */
    CK_RV(PR_CALLBACK *UpdateCombo)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDCryptoOperation *mdPeerCryptoOperation,
        NSSCKFWCryptoOperation *fwPeerCryptoOperation,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        const NSSItem *inputBuffer,
        NSSItem *outputBuffer);

    /*
     * Hash a key directly into the digest
     */
    CK_RV(PR_CALLBACK *DigestKey)
    (
        NSSCKMDCryptoOperation *mdCryptoOperation,
        NSSCKFWCryptoOperation *fwCryptoOperation,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDMechanism
 *
 */

struct NSSCKMDMechanismStr {
    /*
     * The Module may use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This also frees the fwMechanism if appropriate.
     * If it is not supplied, the Framework will assume that the Token
     * Manages a static list of mechanisms and the function will not be called.
     */
    void(PR_CALLBACK *Destroy)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the minimum key size allowed for
     * this mechanism.  This routine is optional; if unimplemented,
     * zero will be assumed.  This routine may return zero on
     * error; if the error is CKR_OK, zero will be accepted as
     * a valid response.
     */
    CK_ULONG(PR_CALLBACK *GetMinKeySize)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine returns the maximum key size allowed for
     * this mechanism.  This routine is optional; if unimplemented,
     * zero will be assumed.  This routine may return zero on
     * error; if the error is CKR_OK, zero will be accepted as
     * a valid response.
     */
    CK_ULONG(PR_CALLBACK *GetMaxKeySize)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine is called to determine if the mechanism is
     * implemented in hardware or software.  It returns CK_TRUE
     * if it is done in hardware.
     */
    CK_BBOOL(PR_CALLBACK *GetInHardware)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * The crypto routines themselves.  Most crypto operations may
     * be performed in two ways, streaming and single-part.  The
     * streaming operations involve the use of (typically) three
     * calls-- an Init method to set up the operation, an Update
     * method to feed data to the operation, and a Final method to
     * obtain the final result.  Single-part operations involve
     * one method, to perform the crypto operation all at once.
     *
     * The NSS Cryptoki Framework can implement the single-part
     * operations in terms of the streaming operations on behalf
     * of the Module.  There are a few variances.
     *
     * Only the Init Functions are defined by the mechanism. Each
     * init function will return a NSSCKFWCryptoOperation which
     * can supply update, final, the single part updateFinal, and
     * the combo updateCombo functions.
     *
     * For simplicity, the routines are listed in summary here:
     *
     *  EncryptInit,
     *  DecryptInit,
     *  DigestInit,
     *  SignInit,
     *  SignRecoverInit;
     *  VerifyInit,
     *  VerifyRecoverInit;
     *
     * The key-management routines are
     *
     *  GenerateKey
     *  GenerateKeyPair
     *  WrapKey
     *  UnwrapKey
     *  DeriveKey
     *
     * All of these routines based on the Cryptoki API;
     * see PKCS#11 for further information.
     */

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *EncryptInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *DecryptInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *DigestInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *SignInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *SignRecoverInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     */
    NSSCKMDCryptoOperation *(PR_CALLBACK *VerifyRecoverInit)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdKey,
        NSSCKFWObject *fwKey,
        CK_RV *pError);

    /*
     * Key management operations.
     */

    /*
     * This routine generates a key.  This routine may return NULL
     * upon error.
     */
    NSSCKMDObject *(PR_CALLBACK *GenerateKey)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This routine generates a key pair.
     */
    CK_RV(PR_CALLBACK *GenerateKeyPair)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_PTR pPublicKeyTemplate,
        CK_ULONG ulPublicKeyAttributeCount,
        CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
        CK_ULONG ulPrivateKeyAttributeCount,
        NSSCKMDObject **pPublicKey,
        NSSCKMDObject **pPrivateKey);

    /*
     * This routine wraps a key.
     */
    CK_ULONG(PR_CALLBACK *GetWrapKeyLength)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdWrappingKey,
        NSSCKFWObject *fwWrappingKey,
        NSSCKMDObject *mdWrappedKey,
        NSSCKFWObject *fwWrappedKey,
        CK_RV *pError);

    /*
     * This routine wraps a key.
     */
    CK_RV(PR_CALLBACK *WrapKey)
    (
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdWrappingKey,
        NSSCKFWObject *fwWrappingKey,
        NSSCKMDObject *mdKeyObject,
        NSSCKFWObject *fwKeyObject,
        NSSItem *wrappedKey);

    /*
     * This routine unwraps a key.  This routine may return NULL
     * upon error.
     */
    NSSCKMDObject *(PR_CALLBACK *UnwrapKey)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdWrappingKey,
        NSSCKFWObject *fwWrappingKey,
        NSSItem *wrappedKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This routine derives a key.  This routine may return NULL
     * upon error.
     */
    NSSCKMDObject *(PR_CALLBACK *DeriveKey)(
        NSSCKMDMechanism *mdMechanism,
        NSSCKFWMechanism *fwMechanism,
        CK_MECHANISM_PTR pMechanism,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        NSSCKMDObject *mdBaseKey,
        NSSCKFWObject *fwBaseKey,
        CK_ATTRIBUTE_PTR pTemplate,
        CK_ULONG ulAttributeCount,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

/*
 * NSSCKMDObject
 *
 * This is the basic handle for any object used by a PKCS#11 Module.
 * Modules must implement it if they support their own objects, and
 * the Framework supports it for Modules that do not handle session
 * objects.  This type contains a pointer for use by the implementor,
 * to store any object-specific data, and it contains an EPV for a
 * set of routines used to access the object.
 */

struct NSSCKMDObjectStr {
    /*
     * The implementation my use this pointer for its own purposes.
     */
    void *etc;

    /*
     * This routine is called by the Framework when it is letting
     * go of an object handle.  It can be used by the Module to
     * free any resources tied up by an object "in use."  It is
     * optional.
     */
    void(PR_CALLBACK *Finalize)(
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine is used to completely destroy an object.
     * It is optional.  The parameter fwObject might be NULL
     * if the framework runs out of memory at the wrong moment.
     */
    CK_RV(PR_CALLBACK *Destroy)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This helper routine is used by the Framework, and is especially
     * useful when it is managing session objects on behalf of the
     * Module.  This routine is optional; if unimplemented, the
     * Framework will actually look up the CKA_TOKEN attribute.  In the
     * event of an error, just make something up-- the Framework will
     * find out soon enough anyway.
     */
    CK_BBOOL(PR_CALLBACK *IsTokenObject)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance);

    /*
     * This routine returns the number of attributes of which this
     * object consists.  It is mandatory.  It can return zero on
     * error.
     */
    CK_ULONG(PR_CALLBACK *GetAttributeCount)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This routine stuffs the attribute types into the provided array.
     * The array size (as obtained from GetAttributeCount) is passed in
     * as a check; return CKR_BUFFER_TOO_SMALL if the count is wrong
     * (either too big or too small).
     */
    CK_RV(PR_CALLBACK *GetAttributeTypes)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_TYPE_PTR typeArray,
        CK_ULONG ulCount);

    /*
     * This routine returns the size (in bytes) of the specified
     * attribute.  It can return zero on error.
     */
    CK_ULONG(PR_CALLBACK *GetAttributeSize)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_TYPE attribute,
        CK_RV *pError);

    /*
     * This routine returns an NSSCKFWItem structure.
     * The item pointer points to an NSSItem containing the attribute value.
     * The needsFreeing bit tells the framework whether to call the
     * FreeAttribute function . Upon error, an NSSCKFWItem structure
     * with a NULL NSSItem item pointer will be returned
     */
    NSSCKFWItem(PR_CALLBACK *GetAttribute)(
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_TYPE attribute,
        CK_RV *pError);

    /*
     * This routine returns CKR_OK if the attribute could be freed.
     */
    CK_RV(PR_CALLBACK *FreeAttribute)
    (
        NSSCKFWItem *item);

    /*
     * This routine changes the specified attribute.  If unimplemented,
     * the object will be considered read-only.
     */
    CK_RV(PR_CALLBACK *SetAttribute)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_ATTRIBUTE_TYPE attribute,
        NSSItem *value);

    /*
     * This routine returns the storage requirements of this object,
     * in bytes.  Cryptoki doesn't strictly define the definition,
     * but it should relate to the values returned by the "Get Memory"
     * routines of the NSSCKMDToken.  This routine is optional; if
     * unimplemented, the Framework will consider this information
     * sensitive.  This routine may return zero on error.  If the
     * specified error is CKR_OK, zero will be accepted as a valid
     * response.
     */
    CK_ULONG(PR_CALLBACK *GetObjectSize)
    (
        NSSCKMDObject *mdObject,
        NSSCKFWObject *fwObject,
        NSSCKMDSession *mdSession,
        NSSCKFWSession *fwSession,
        NSSCKMDToken *mdToken,
        NSSCKFWToken *fwToken,
        NSSCKMDInstance *mdInstance,
        NSSCKFWInstance *fwInstance,
        CK_RV *pError);

    /*
     * This object may be extended in future versions of the
     * NSS Cryptoki Framework.  To allow for some flexibility
     * in the area of binary compatibility, this field should
     * be NULL.
     */
    void *null;
};

#endif /* NSSCKMDT_H */