we've made a pkcs11 lib, and noticed this with Mozilla:
C_FindObjectsInit() asks a CLA of 0xCE534354,
Do you mean CKA?
and C_GetAttributeValue() asks an attribute type of 0xCE534352.
These are proprietory extensions?
The fact that the bit whose value is 0x80000000 is set indicates that these are "Vendor defined attributes". The values you see are actually the sum of that bit + "nscp" + a specific attribute number.
Are there more of these? Are they documented somewhere?
Start here: http://lxr.mozilla.org/mozilla/source/security/nss/lib/softoken/pkcs11n.h#87
Are pkcs11 implementations required to implement them
Depends, I think, on what you want the module to be used for. But in most cases, I think the answer is "no, they're not required". mozilla works with many PKCS 11 implementations, most of which do not implement these attribute types, AFAIK.
(C_GetAttributeValue for instance, will return a CKR_ATTRIBUTE_TYPE_INVALID)?
That seems like the right thing to do when you don't implement these types of attributes.
I recommend that you join the cryptoki mailing list, the list for PKCS 11 developers to discuss PKCS 11 development issues and standard development.
See http://www.rsasecurity.com/rsalabs/pkcs/mailing/index.html for more
info about it.
