hspkcs11 0.1 → 0.2
raw patch · 6 files changed
+3477/−3133 lines, 6 filesPVP ok
version bump matches the API change (PVP)
API changes (from Hackage documentation)
- System.Crypto.Pkcs11: Certificate :: ClassType
- System.Crypto.Pkcs11: ClassType :: AttributeType
- System.Crypto.Pkcs11: CoefficientType :: AttributeType
- System.Crypto.Pkcs11: Data :: ClassType
- System.Crypto.Pkcs11: DecryptType :: AttributeType
- System.Crypto.Pkcs11: DomainParameters :: ClassType
- System.Crypto.Pkcs11: Exponent1Type :: AttributeType
- System.Crypto.Pkcs11: Exponent2Type :: AttributeType
- System.Crypto.Pkcs11: HWFeature :: ClassType
- System.Crypto.Pkcs11: Info :: Version -> String -> CK_FLAGS -> String -> Version -> Info
- System.Crypto.Pkcs11: KeyTypeType :: AttributeType
- System.Crypto.Pkcs11: LabelType :: AttributeType
- System.Crypto.Pkcs11: Library :: DL -> FunctionListPtr -> Library
- System.Crypto.Pkcs11: LlAttribute :: AttributeType -> Ptr () -> (CULong) -> LlAttribute
- System.Crypto.Pkcs11: Mech :: Int -> Ptr () -> Int -> Mech
- System.Crypto.Pkcs11: MechInfo :: Int -> Int -> Int -> MechInfo
- System.Crypto.Pkcs11: Mechanism :: ClassType
- System.Crypto.Pkcs11: ModulusBitsType :: AttributeType
- System.Crypto.Pkcs11: ModulusType :: AttributeType
- System.Crypto.Pkcs11: Prime1Type :: AttributeType
- System.Crypto.Pkcs11: Prime2Type :: AttributeType
- System.Crypto.Pkcs11: PrivateExponentType :: AttributeType
- System.Crypto.Pkcs11: PublicExponentType :: AttributeType
- System.Crypto.Pkcs11: PublicKey :: ClassType
- System.Crypto.Pkcs11: Session :: SessionHandle -> FunctionListPtr -> Session
- System.Crypto.Pkcs11: SlotInfo :: String -> String -> Int -> Version -> Version -> SlotInfo
- System.Crypto.Pkcs11: TokenInfo :: String -> String -> String -> String -> Int -> TokenInfo
- System.Crypto.Pkcs11: TokenType :: AttributeType
- System.Crypto.Pkcs11: Version :: Int -> Int -> Version
- System.Crypto.Pkcs11: [attributeSize] :: LlAttribute -> (CULong)
- System.Crypto.Pkcs11: [attributeType] :: LlAttribute -> AttributeType
- System.Crypto.Pkcs11: [attributeValuePtr] :: LlAttribute -> Ptr ()
- System.Crypto.Pkcs11: [functionListPtr] :: Library -> FunctionListPtr
- System.Crypto.Pkcs11: [infoCryptokiVersion] :: Info -> Version
- System.Crypto.Pkcs11: [infoFlags] :: Info -> CK_FLAGS
- System.Crypto.Pkcs11: [infoLibraryDescription] :: Info -> String
- System.Crypto.Pkcs11: [infoLibraryVersion] :: Info -> Version
- System.Crypto.Pkcs11: [infoManufacturerId] :: Info -> String
- System.Crypto.Pkcs11: [libraryHandle] :: Library -> DL
- System.Crypto.Pkcs11: [mechInfoFlags] :: MechInfo -> Int
- System.Crypto.Pkcs11: [mechInfoMaxKeySize] :: MechInfo -> Int
- System.Crypto.Pkcs11: [mechInfoMinKeySize] :: MechInfo -> Int
- System.Crypto.Pkcs11: [mechParamPtr] :: Mech -> Ptr ()
- System.Crypto.Pkcs11: [mechParamSize] :: Mech -> Int
- System.Crypto.Pkcs11: [mechType] :: Mech -> Int
- System.Crypto.Pkcs11: [slotInfoDescription] :: SlotInfo -> String
- System.Crypto.Pkcs11: [slotInfoFirmwareVersion] :: SlotInfo -> Version
- System.Crypto.Pkcs11: [slotInfoFlags] :: SlotInfo -> Int
- System.Crypto.Pkcs11: [slotInfoHardwareVersion] :: SlotInfo -> Version
- System.Crypto.Pkcs11: [slotInfoManufacturerId] :: SlotInfo -> String
- System.Crypto.Pkcs11: [tokenInfoFlags] :: TokenInfo -> Int
- System.Crypto.Pkcs11: [tokenInfoLabel] :: TokenInfo -> String
- System.Crypto.Pkcs11: [tokenInfoManufacturerId] :: TokenInfo -> String
- System.Crypto.Pkcs11: [tokenInfoModel] :: TokenInfo -> String
- System.Crypto.Pkcs11: [tokenInfoSerialNumber] :: TokenInfo -> String
- System.Crypto.Pkcs11: [versionMajor] :: Version -> Int
- System.Crypto.Pkcs11: [versionMinor] :: Version -> Int
- System.Crypto.Pkcs11: _attrType :: Attribute -> AttributeType
- System.Crypto.Pkcs11: _closeSessionEx :: Session -> IO ()
- System.Crypto.Pkcs11: _decryptInit :: MechType -> Session -> ObjectHandle -> IO ()
- System.Crypto.Pkcs11: _encryptInit :: MechType -> Session -> ObjectHandle -> IO ()
- System.Crypto.Pkcs11: _findObjectsEx :: Session -> IO [ObjectHandle]
- System.Crypto.Pkcs11: _findObjectsFinalEx :: Session -> IO ()
- System.Crypto.Pkcs11: _findObjectsInitEx :: Session -> [Attribute] -> IO ()
- System.Crypto.Pkcs11: _generateKeyPair :: FunctionListPtr -> SessionHandle -> Int -> [Attribute] -> [Attribute] -> IO (Rv, ObjectHandle, ObjectHandle)
- System.Crypto.Pkcs11: _getMechanismInfo :: (FunctionListPtr) -> (Int) -> (Int) -> IO (Rv, MechInfo)
- System.Crypto.Pkcs11: _getMechanismInfo'_ :: FunPtr ((CULong -> (CULong -> ((MechInfoPtr) -> (IO CULong))))) -> (CULong -> (CULong -> ((MechInfoPtr) -> (IO CULong))))
- System.Crypto.Pkcs11: _getMechanismList :: FunctionListPtr -> Int -> Int -> IO (Rv, [CULong])
- System.Crypto.Pkcs11: _llAttrToAttr :: LlAttribute -> IO Attribute
- System.Crypto.Pkcs11: _login :: FunctionListPtr -> SessionHandle -> UserType -> ByteString -> IO (Rv)
- System.Crypto.Pkcs11: _makeLowLevelAttrs :: [Attribute] -> Ptr () -> [LlAttribute]
- System.Crypto.Pkcs11: _openSessionEx :: Library -> Int -> Int -> IO Session
- System.Crypto.Pkcs11: _peekBigInt :: Ptr () -> CULong -> IO Integer
- System.Crypto.Pkcs11: _pokeValue :: Attribute -> Ptr () -> IO ()
- System.Crypto.Pkcs11: _pokeValues :: [Attribute] -> Ptr () -> IO ()
- System.Crypto.Pkcs11: _serialSession :: Int
- System.Crypto.Pkcs11: _valueSize :: Attribute -> Int
- System.Crypto.Pkcs11: _valuesSize :: [Attribute] -> Int
- System.Crypto.Pkcs11: _withAttribs :: [Attribute] -> (Ptr LlAttribute -> IO a) -> IO a
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_Decrypt :: FunPtr ((CULong -> ((Ptr CUChar) -> (CULong -> ((Ptr CUChar) -> ((Ptr CULong) -> (IO CULong))))))) -> (CULong -> ((Ptr CUChar) -> (CULong -> ((Ptr CUChar) -> ((Ptr CULong) -> (IO CULong))))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_DecryptInit :: FunPtr ((CULong -> ((MechPtr) -> (CULong -> (IO CULong))))) -> (CULong -> ((MechPtr) -> (CULong -> (IO CULong))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_Encrypt :: FunPtr ((CULong -> ((Ptr CUChar) -> (CULong -> ((Ptr CUChar) -> ((Ptr CULong) -> (IO CULong))))))) -> (CULong -> ((Ptr CUChar) -> (CULong -> ((Ptr CUChar) -> ((Ptr CULong) -> (IO CULong))))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_EncryptInit :: FunPtr ((CULong -> ((MechPtr) -> (CULong -> (IO CULong))))) -> (CULong -> ((MechPtr) -> (CULong -> (IO CULong))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_FindObjects :: FunPtr ((CULong -> ((Ptr CULong) -> (CULong -> ((Ptr CULong) -> (IO CULong)))))) -> (CULong -> ((Ptr CULong) -> (CULong -> ((Ptr CULong) -> (IO CULong)))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_FindObjectsInit :: FunPtr ((CULong -> ((LlAttributePtr) -> (CULong -> (IO CULong))))) -> (CULong -> ((LlAttributePtr) -> (CULong -> (IO CULong))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_GenerateKeyPair :: FunPtr ((CULong -> ((MechPtr) -> ((LlAttributePtr) -> (CULong -> ((LlAttributePtr) -> (CULong -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong)))))))))) -> (CULong -> ((MechPtr) -> ((LlAttributePtr) -> (CULong -> ((LlAttributePtr) -> (CULong -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong)))))))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_GetAttributeValue :: FunPtr ((CULong -> (CULong -> ((LlAttributePtr) -> (CULong -> (IO CULong)))))) -> (CULong -> (CULong -> ((LlAttributePtr) -> (CULong -> (IO CULong)))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_GetMechanismList :: FunPtr ((CULong -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong))))) -> (CULong -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_GetSlotList :: FunPtr ((CUChar -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong))))) -> (CUChar -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_Login :: FunPtr ((CULong -> (CULong -> ((Ptr CUChar) -> (CULong -> (IO CULong)))))) -> (CULong -> (CULong -> ((Ptr CUChar) -> (CULong -> (IO CULong)))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_OpenSession :: FunPtr ((CULong -> (CULong -> ((Ptr ()) -> ((FunPtr (CULong -> (CULong -> ((Ptr ()) -> (IO CULong))))) -> ((Ptr CULong) -> (IO CULong))))))) -> (CULong -> (CULong -> ((Ptr ()) -> ((FunPtr (CULong -> (CULong -> ((Ptr ()) -> (IO CULong))))) -> ((Ptr CULong) -> (IO CULong))))))
- System.Crypto.Pkcs11: cK_FUNCTION_LISTc_UnwrapKey :: FunPtr ((CULong -> ((MechPtr) -> (CULong -> ((Ptr CUChar) -> (CULong -> ((LlAttributePtr) -> (CULong -> ((Ptr CULong) -> (IO CULong)))))))))) -> (CULong -> ((MechPtr) -> (CULong -> ((Ptr CUChar) -> (CULong -> ((LlAttributePtr) -> (CULong -> ((Ptr CULong) -> (IO CULong)))))))))
- System.Crypto.Pkcs11: closeSession' :: (FunctionListPtr) -> (CULong) -> IO ((Rv))
- System.Crypto.Pkcs11: closeSession''_ :: FunPtr ((CULong -> (IO CULong))) -> (CULong -> (IO CULong))
- System.Crypto.Pkcs11: data AttributeType
- System.Crypto.Pkcs11: data LlAttribute
- System.Crypto.Pkcs11: data Mech
- System.Crypto.Pkcs11: finalize :: (FunctionListPtr) -> IO ((Rv))
- System.Crypto.Pkcs11: finalize'_ :: FunPtr (((Ptr ()) -> (IO CULong))) -> ((Ptr ()) -> (IO CULong))
- System.Crypto.Pkcs11: findObjects' :: Num t => Ptr b -> CULong -> Int -> IO (t, [CULong])
- System.Crypto.Pkcs11: findObjectsFinal' :: (FunctionListPtr) -> (CULong) -> IO ((Rv))
- System.Crypto.Pkcs11: findObjectsFinal''_ :: FunPtr ((CULong -> (IO CULong))) -> (CULong -> (IO CULong))
- System.Crypto.Pkcs11: findObjectsInit' :: Num a => Ptr b -> CULong -> [Attribute] -> IO a
- System.Crypto.Pkcs11: getFunctionList :: GetFunctionListFunPtr -> IO (Rv, FunctionListPtr)
- System.Crypto.Pkcs11: getFunctionList'_ :: GetFunctionListFunPtr -> GetFunctionListFun
- System.Crypto.Pkcs11: getInfo' :: (FunctionListPtr) -> IO (Rv, Info)
- System.Crypto.Pkcs11: getInfo''_ :: FunPtr (((InfoPtr) -> (IO CULong))) -> ((InfoPtr) -> (IO CULong))
- System.Crypto.Pkcs11: getObjectAttr :: Session -> ObjectHandle -> AttributeType -> IO Attribute
- System.Crypto.Pkcs11: getSlotInfo' :: (FunctionListPtr) -> (Int) -> IO (Rv, SlotInfo)
- System.Crypto.Pkcs11: getSlotInfo''_ :: FunPtr ((CULong -> ((SlotInfoPtr) -> (IO CULong)))) -> (CULong -> ((SlotInfoPtr) -> (IO CULong)))
- System.Crypto.Pkcs11: getSlotList' :: Num t => Ptr b -> Bool -> Int -> IO (t, [CULong])
- System.Crypto.Pkcs11: getTokenInfo' :: (FunctionListPtr) -> (Int) -> IO (Rv, TokenInfo)
- System.Crypto.Pkcs11: getTokenInfo''_ :: FunPtr ((CULong -> ((TokenInfoPtr) -> (IO CULong)))) -> (CULong -> ((TokenInfoPtr) -> (IO CULong)))
- System.Crypto.Pkcs11: initialize :: (FunctionListPtr) -> IO ((Rv))
- System.Crypto.Pkcs11: initialize'_ :: FunPtr (((Ptr ()) -> (IO CULong))) -> ((Ptr ()) -> (IO CULong))
- System.Crypto.Pkcs11: openSession' :: (Num t, Num t1, Integral a, Integral a1) => Ptr b -> a1 -> a -> IO (t1, t)
- System.Crypto.Pkcs11: peekInfo :: Ptr Info -> IO Info
- System.Crypto.Pkcs11: releaseLibrary :: Library -> IO ()
- System.Crypto.Pkcs11: rsaPkcsKeyPairGen :: Int
- System.Crypto.Pkcs11: rvToStr :: Rv -> String
- System.Crypto.Pkcs11: rwSession :: Int
- System.Crypto.Pkcs11: type CK_BYTE = CUChar
- System.Crypto.Pkcs11: type CK_FLAGS = CULong
- System.Crypto.Pkcs11: type FunctionListPtr = Ptr (())
- System.Crypto.Pkcs11: type GetFunctionListFun = (Ptr (FunctionListPtr)) -> (IO CULong)
- System.Crypto.Pkcs11: type GetFunctionListFunPtr = FunPtr ((Ptr (Ptr ())) -> (IO CULong))
- System.Crypto.Pkcs11: type GetSlotListFunPtr = FunPtr (CUChar -> ((Ptr CULong) -> ((Ptr CULong) -> (IO CULong))))
- System.Crypto.Pkcs11: type InfoPtr = Ptr (Info)
- System.Crypto.Pkcs11: type LlAttributePtr = Ptr (LlAttribute)
- System.Crypto.Pkcs11: type MechInfoPtr = Ptr (MechInfo)
- System.Crypto.Pkcs11: type MechPtr = Ptr (Mech)
- System.Crypto.Pkcs11: type NotifyFunPtr = FunPtr (CULong -> (CULong -> ((Ptr ()) -> (IO CULong))))
- System.Crypto.Pkcs11: type Rv = CULong
- System.Crypto.Pkcs11: type SessionHandle = CULong
- System.Crypto.Pkcs11: type SlotInfoPtr = Ptr (SlotInfo)
- System.Crypto.Pkcs11: type TokenInfoPtr = Ptr (TokenInfo)
+ System.Crypto.Pkcs11: getDecryptFlag :: Session -> ObjectHandle -> IO Bool
+ System.Crypto.Pkcs11: infoCryptokiVersion :: Info -> Version
+ System.Crypto.Pkcs11: infoFlags :: Info -> Int
+ System.Crypto.Pkcs11: infoLibraryDescription :: Info -> String
+ System.Crypto.Pkcs11: infoLibraryVersion :: Info -> Version
+ System.Crypto.Pkcs11: infoManufacturerId :: Info -> String
+ System.Crypto.Pkcs11: instance GHC.Show.Show System.Crypto.Pkcs11.MechType
+ System.Crypto.Pkcs11: logout :: Session -> IO ()
+ System.Crypto.Pkcs11: mechInfoFlags :: MechInfo -> Int
+ System.Crypto.Pkcs11: mechInfoMaxKeySize :: MechInfo -> Int
+ System.Crypto.Pkcs11: mechInfoMinKeySize :: MechInfo -> Int
+ System.Crypto.Pkcs11: slotInfoDescription :: SlotInfo -> String
+ System.Crypto.Pkcs11: slotInfoFirmwareVersion :: SlotInfo -> Version
+ System.Crypto.Pkcs11: slotInfoFlags :: SlotInfo -> Int
+ System.Crypto.Pkcs11: slotInfoHardwareVersion :: SlotInfo -> Version
+ System.Crypto.Pkcs11: slotInfoManufacturerId :: SlotInfo -> String
+ System.Crypto.Pkcs11: tokenInfoFlags :: TokenInfo -> Int
+ System.Crypto.Pkcs11: tokenInfoLabel :: TokenInfo -> String
+ System.Crypto.Pkcs11: tokenInfoManufacturerId :: TokenInfo -> String
+ System.Crypto.Pkcs11: tokenInfoModel :: TokenInfo -> String
+ System.Crypto.Pkcs11: tokenInfoSerialNumber :: TokenInfo -> String
+ System.Crypto.Pkcs11: versionMajor :: Version -> Int
+ System.Crypto.Pkcs11: versionMinor :: Version -> Int
- System.Crypto.Pkcs11: generateKeyPair :: Session -> Int -> [Attribute] -> [Attribute] -> IO (ObjectHandle, ObjectHandle)
+ System.Crypto.Pkcs11: generateKeyPair :: Session -> MechType -> [Attribute] -> [Attribute] -> IO (ObjectHandle, ObjectHandle)
- System.Crypto.Pkcs11: getMechanismInfo :: Library -> Int -> Int -> IO MechInfo
+ System.Crypto.Pkcs11: getMechanismInfo :: Library -> SlotId -> MechType -> IO MechInfo
- System.Crypto.Pkcs11: getMechanismList :: Library -> Int -> Int -> IO [CULong]
+ System.Crypto.Pkcs11: getMechanismList :: Library -> SlotId -> Int -> IO [Int]
- System.Crypto.Pkcs11: getSlotInfo :: Library -> Int -> IO SlotInfo
+ System.Crypto.Pkcs11: getSlotInfo :: Library -> SlotId -> IO SlotInfo
- System.Crypto.Pkcs11: getSlotList :: Library -> Bool -> Int -> IO [CULong]
+ System.Crypto.Pkcs11: getSlotList :: Library -> Bool -> Int -> IO [SlotId]
- System.Crypto.Pkcs11: getTokenInfo :: Library -> Int -> IO TokenInfo
+ System.Crypto.Pkcs11: getTokenInfo :: Library -> SlotId -> IO TokenInfo
- System.Crypto.Pkcs11: type SlotId = CULong
+ System.Crypto.Pkcs11: type SlotId = Int
- System.Crypto.Pkcs11: withSession :: Library -> Int -> Int -> (Session -> IO a) -> IO a
+ System.Crypto.Pkcs11: withSession :: Library -> SlotId -> Bool -> (Session -> IO a) -> IO a
Files
- System/Crypto/Pkcs11.chs +467/−31
- Test.hs +7/−5
- hspkcs11.cabal +1/−1
- include/pkcs11.h +301/−299
- include/pkcs11f.h +912/−912
- include/pkcs11t.h +1789/−1885
System/Crypto/Pkcs11.chs view
@@ -1,5 +1,81 @@ {-# LANGUAGE ForeignFunctionInterface #-}-module System.Crypto.Pkcs11 where+module System.Crypto.Pkcs11 (+ -- * Library+ Library,+ loadLibrary,++ -- ** Reading library information+ Version,+ versionMajor,+ versionMinor,+ Info,+ getInfo,+ infoCryptokiVersion,+ infoManufacturerId,+ infoFlags,+ infoLibraryDescription,+ infoLibraryVersion,++ -- * Slots+ SlotId,+ getSlotList,++ -- ** Reading slot information+ SlotInfo,+ getSlotInfo,+ slotInfoDescription,+ slotInfoManufacturerId,+ slotInfoFlags,+ slotInfoHardwareVersion,+ slotInfoFirmwareVersion,++ -- ** Reading token information+ TokenInfo,+ getTokenInfo,+ tokenInfoLabel,+ tokenInfoManufacturerId,+ tokenInfoModel,+ tokenInfoSerialNumber,+ tokenInfoFlags,++ -- * Mechanisms+ MechType(RsaPkcsKeyPairGen,RsaPkcs,AesEcb,AesCbc,AesMac,AesMacGeneral,AesCbcPad,AesCtr),+ MechInfo,+ getMechanismList,+ getMechanismInfo,+ mechInfoMinKeySize,+ mechInfoMaxKeySize,+ mechInfoFlags,++ -- * Session management+ Session,+ UserType(User,SecurityOfficer,ContextSpecific),+ withSession,+ login,+ logout,++ -- * Object attributes+ ObjectHandle,+ Attribute(Class,Label,KeyType,Modulus,ModulusBits,PublicExponent,Token,Decrypt),+ ClassType(PrivateKey,SecretKey),+ KeyTypeValue(RSA,DSA,DH,ECDSA,EC,AES),+ -- ** Searching objects+ findObjects,+ -- ** Reading object attributes+ getModulus,+ getPublicExponent,+ getDecryptFlag,++ -- * Key generation+ generateKeyPair,++ -- * Key wrapping/unwrapping+ unwrapKey,++ -- * Encryption/decryption+ decrypt,+ encrypt,+) where import Foreign import Foreign.Marshal.Utils import Foreign.Marshal.Alloc@@ -21,12 +97,12 @@ -} _serialSession = {#const CKF_SERIAL_SESSION#} :: Int-rwSession = {#const CKF_RW_SESSION#} :: Int+_rwSession = {#const CKF_RW_SESSION#} :: Int rsaPkcsKeyPairGen = {#const CKM_RSA_PKCS_KEY_PAIR_GEN#} :: Int type ObjectHandle = {#type CK_OBJECT_HANDLE#}-type SlotId = {#type CK_SLOT_ID#}+type SlotId = Int type Rv = {#type CK_RV#} type CK_BYTE = {#type CK_BYTE#} type CK_FLAGS = {#type CK_FLAGS#}@@ -67,7 +143,7 @@ data Info = Info { infoCryptokiVersion :: Version, infoManufacturerId :: String,- infoFlags :: CK_FLAGS,+ infoFlags :: Int, infoLibraryDescription :: String, infoLibraryVersion :: Version } deriving (Show)@@ -171,7 +247,7 @@ data Mech = Mech {- mechType :: Int,+ mechType :: MechType, mechParamPtr :: Ptr (), mechParamSize :: Int }@@ -180,7 +256,7 @@ sizeOf _ = {#sizeof CK_MECHANISM_TYPE#} + {#sizeof CK_VOID_PTR#} + {#sizeof CK_ULONG#} alignment _ = 1 poke p x = do- poke (p `plusPtr` 0) (mechType x)+ poke (p `plusPtr` 0) (fromEnum $ mechType x) poke (p `plusPtr` {#sizeof CK_MECHANISM_TYPE#}) (mechParamPtr x :: {#type CK_VOID_PTR#}) poke (p `plusPtr` ({#sizeof CK_MECHANISM_TYPE#} + {#sizeof CK_VOID_PTR#})) (mechParamSize x) @@ -275,7 +351,7 @@ return (fromIntegral res) -_generateKeyPair :: FunctionListPtr -> SessionHandle -> Int -> [Attribute] -> [Attribute] -> IO (Rv, ObjectHandle, ObjectHandle)+_generateKeyPair :: FunctionListPtr -> SessionHandle -> MechType -> [Attribute] -> [Attribute] -> IO (Rv, ObjectHandle, ObjectHandle) _generateKeyPair functionListPtr session mechType pubAttrs privAttrs = do alloca $ \pubKeyHandlePtr -> do alloca $ \privKeyHandlePtr -> do@@ -290,7 +366,7 @@ -_getMechanismList :: FunctionListPtr -> Int -> Int -> IO (Rv, [CULong])+_getMechanismList :: FunctionListPtr -> Int -> Int -> IO (Rv, [Int]) _getMechanismList functionListPtr slotId maxMechanisms = do alloca $ \arrayLenPtr -> do poke arrayLenPtr (fromIntegral maxMechanisms)@@ -298,7 +374,7 @@ res <- {#call unsafe CK_FUNCTION_LIST.C_GetMechanismList#} functionListPtr (fromIntegral slotId) array arrayLenPtr arrayLen <- peek arrayLenPtr objectHandles <- peekArray (fromIntegral arrayLen) array- return (fromIntegral res, objectHandles)+ return (fromIntegral res, map (fromIntegral) objectHandles) {#fun unsafe CK_FUNCTION_LIST.C_GetMechanismInfo as _getMechanismInfo@@ -549,15 +625,15 @@ else return info -getSlotList :: Library -> Bool -> Int -> IO [CULong]+getSlotList :: Library -> Bool -> Int -> IO [SlotId] getSlotList (Library _ functionListPtr) active num = do (rv, slots) <- getSlotList' functionListPtr active num if rv /= 0 then fail $ "failed to get list of slots " ++ (rvToStr rv)- else return slots+ else return $ map (fromIntegral) slots -getSlotInfo :: Library -> Int -> IO SlotInfo+getSlotInfo :: Library -> SlotId -> IO SlotInfo getSlotInfo (Library _ functionListPtr) slotId = do (rv, slotInfo) <- getSlotInfo' functionListPtr slotId if rv /= 0@@ -565,7 +641,7 @@ else return slotInfo -getTokenInfo :: Library -> Int -> IO TokenInfo+getTokenInfo :: Library -> SlotId -> IO TokenInfo getTokenInfo (Library _ functionListPtr) slotId = do (rv, slotInfo) <- getTokenInfo' functionListPtr slotId if rv /= 0@@ -573,7 +649,7 @@ else return slotInfo -_openSessionEx :: Library -> Int -> Int -> IO Session+_openSessionEx :: Library -> SlotId -> Int -> IO Session _openSessionEx (Library _ functionListPtr) slotId flags = do (rv, sessionHandle) <- openSession' functionListPtr slotId flags if rv /= 0@@ -589,8 +665,9 @@ else return () -withSession :: Library -> Int -> Int -> (Session -> IO a) -> IO a-withSession lib slotId flags f = do+withSession :: Library -> SlotId -> Bool -> (Session -> IO a) -> IO a+withSession lib slotId writable f = do+ let flags = if writable then _rwSession else 0 bracket (_openSessionEx lib slotId (flags .|. _serialSession)) (_closeSessionEx)@@ -628,7 +705,7 @@ finally (_findObjectsEx session) (_findObjectsFinalEx session) -generateKeyPair :: Session -> Int -> [Attribute] -> [Attribute] -> IO (ObjectHandle, ObjectHandle)+generateKeyPair :: Session -> MechType -> [Attribute] -> [Attribute] -> IO (ObjectHandle, ObjectHandle) generateKeyPair (Session sessionHandle functionListPtr) mechType pubKeyAttrs privKeyAttrs = do (rv, pubKeyHandle, privKeyHandle) <- _generateKeyPair functionListPtr sessionHandle mechType pubKeyAttrs privKeyAttrs if rv /= 0@@ -652,6 +729,11 @@ _llAttrToAttr llAttr +getDecryptFlag :: Session -> ObjectHandle -> IO Bool+getDecryptFlag sess objHandle = do+ (Decrypt v) <- getObjectAttr sess objHandle DecryptType+ return v+ getModulus :: Session -> ObjectHandle -> IO Integer getModulus sess objHandle = do (Modulus m) <- getObjectAttr sess objHandle ModulusType@@ -671,22 +753,375 @@ else return () +logout :: Session -> IO ()+logout (Session sessionHandle functionListPtr) = do+ rv <- {#call unsafe CK_FUNCTION_LIST.C_Logout#} functionListPtr sessionHandle+ if rv /= 0+ then fail $ "logout failed: " ++ (rvToStr rv)+ else return ()++ {#enum define MechType { CKM_RSA_PKCS_KEY_PAIR_GEN as RsaPkcsKeyPairGen, CKM_RSA_PKCS as RsaPkcs,- CKM_AES_ECB as AesEcb,- CKM_AES_CBC as AesCbc,- CKM_AES_MAC as AesMac,- CKM_AES_MAC_GENERAL as AesMacGeneral,- CKM_AES_CBC_PAD as AesCbcPad,- CKM_AES_CTR as AesCtr- } deriving (Eq) #}+ CKM_RSA_9796 as Rsa9796,+ CKM_RSA_X_509 as RsaX509,+ CKM_MD2_RSA_PKCS as Md2RsaPkcs,-- 0x00000004+ CKM_MD5_RSA_PKCS as Md5RsaPkcs,-- 0x00000005+ CKM_SHA1_RSA_PKCS as Sha1RsaPkcs,-- 0x00000006+ CKM_RIPEMD128_RSA_PKCS as RipeMd128RsaPkcs,-- 0x00000007+ CKM_RIPEMD160_RSA_PKCS as RipeMd160RsaPkcs,-- 0x00000008+ CKM_RSA_PKCS_OAEP as RsaPkcsOaep,-- 0x00000009+ CKM_RSA_X9_31_KEY_PAIR_GEN as RsaX931KeyPairGen,-- 0x0000000A+ CKM_RSA_X9_31 as RsaX931,-- 0x0000000B+ CKM_SHA1_RSA_X9_31 as Sha1RsaX931,-- 0x0000000C+ CKM_RSA_PKCS_PSS as RsaPkcsPss,-- 0x0000000D+ CKM_SHA1_RSA_PKCS_PSS as Sha1RsaPkcsPss,-- 0x0000000E+ CKM_DSA_KEY_PAIR_GEN as DsaKeyPairGen,-- 0x00000010+ CKM_DSA as Dsa,-- 0x00000011+ CKM_DSA_SHA1 as DsaSha1,-- 0x00000012+ CKM_DH_PKCS_KEY_PAIR_GEN as DhPkcsKeyPairGen,-- 0x00000020+ CKM_DH_PKCS_DERIVE as DhPkcsDerive,-- 0x00000021+ CKM_X9_42_DH_KEY_PAIR_GEN as X942DhKeyPairGen,-- 0x00000030+ CKM_X9_42_DH_DERIVE as X942DhDerive,-- 0x00000031+ CKM_X9_42_DH_HYBRID_DERIVE as X942DhHybridDerive,-- 0x00000032+ CKM_X9_42_MQV_DERIVE as X942MqvDerive,-- 0x00000033+ CKM_SHA256_RSA_PKCS as Sha256RsaPkcs,-- 0x00000040+ CKM_SHA384_RSA_PKCS as Sha384RsaPkcs,-- 0x00000041+ CKM_SHA512_RSA_PKCS as Sha512RsaPkcs,-- 0x00000042+ CKM_SHA256_RSA_PKCS_PSS as Sha256RsaPkcsPss,-- 0x00000043+ CKM_SHA384_RSA_PKCS_PSS as Sha384RsaPkcsPss,-- 0x00000044+ CKM_SHA512_RSA_PKCS_PSS as Sha512RsaPkcsPss,-- 0x00000045 + -- SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3+ CKM_SHA224_RSA_PKCS as Sha224RsaPkcs,-- 0x00000046+ CKM_SHA224_RSA_PKCS_PSS as Sha224RsaPkcsPss,-- 0x00000047 + CKM_RC2_KEY_GEN as Rc2KeyGen,-- 0x00000100+ CKM_RC2_ECB as Rc2Ecb,-- 0x00000101+ CKM_RC2_CBC as Rc2Cbc,-- 0x00000102+ CKM_RC2_MAC as Rc2Mac,-- 0x00000103++ -- CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0+ CKM_RC2_MAC_GENERAL as Rc2MacGeneral,-- 0x00000104+ CKM_RC2_CBC_PAD as Rc2CbcPad,--0x00000105++ CKM_RC4_KEY_GEN as Rc4KeyGen,--0x00000110+ CKM_RC4 as Rc4,--0x00000111+ CKM_DES_KEY_GEN as DesKeyGen,--0x00000120+ CKM_DES_ECB as DesEcb,--0x00000121+ CKM_DES_CBC as DesCbc,--0x00000122+ CKM_DES_MAC as DesMac,--0x00000123++ -- CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0+ CKM_DES_MAC_GENERAL as DesMacGeneral,--0x00000124+ CKM_DES_CBC_PAD as DesCbcPad,--0x00000125++ CKM_DES2_KEY_GEN as Des2KeyGen,--0x00000130+ CKM_DES3_KEY_GEN as Des3KeyGen,--0x00000131+ CKM_DES3_ECB as Des3Ecb,--0x00000132+ CKM_DES3_CBC as Des3Cbc,--0x00000133+ CKM_DES3_MAC as Des3Mac,--0x00000134++ -- CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,+ -- CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,+ -- CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0+ CKM_DES3_MAC_GENERAL as Des3MacGeneral,--0x00000135+ CKM_DES3_CBC_PAD as Des3CbcPad,--0x00000136+ CKM_CDMF_KEY_GEN as CdmfKeyGen,--0x00000140+ CKM_CDMF_ECB as CdmfEcb,--0x00000141+ CKM_CDMF_CBC as CdmfCbc,--0x00000142+ CKM_CDMF_MAC as CdmfMac,--0x00000143+ CKM_CDMF_MAC_GENERAL as CdmfMacGeneral,--0x00000144+ CKM_CDMF_CBC_PAD as CdmfCbcPad,--0x00000145++ -- the following four DES mechanisms are new for v2.20+ CKM_DES_OFB64 as DesOfb64,--0x00000150+ CKM_DES_OFB8 as DesOfb8,--0x00000151+ CKM_DES_CFB64 as DesCfb64,--0x00000152+ CKM_DES_CFB8 as DesCfb8,--0x00000153++ CKM_MD2 as Md2,--0x00000200++ -- CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0+ CKM_MD2_HMAC as Md2Hmac,--0x00000201+ CKM_MD2_HMAC_GENERAL as Md2HmacGeneral,--0x00000202++ CKM_MD5 as Md5,--0x00000210++ -- CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0+ CKM_MD5_HMAC as Md5Hmac,--0x00000211+ CKM_MD5_HMAC_GENERAL as Md5HmacGeneral,--0x00000212++ CKM_SHA_1 as Sha1,--0x00000220++ -- CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0+ CKM_SHA_1_HMAC as Sha1Hmac,--0x00000221+ CKM_SHA_1_HMAC_GENERAL as Sha1HmacGeneral,--0x00000222++ -- CKM_RIPEMD128, CKM_RIPEMD128_HMAC,+ -- CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,+ -- and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10+ CKM_RIPEMD128 as RipeMd128,--0x00000230+ CKM_RIPEMD128_HMAC as RipeMd128Hmac,--0x00000231+ CKM_RIPEMD128_HMAC_GENERAL as RipeMd128HmacGeneral,--0x00000232+ CKM_RIPEMD160 as Ripe160,--0x00000240+ CKM_RIPEMD160_HMAC as Ripe160Hmac,--0x00000241+ CKM_RIPEMD160_HMAC_GENERAL as Ripe160HmacGeneral,--0x00000242++ -- CKM_SHA256/384/512 are new for v2.20+ CKM_SHA256 as Sha256,--0x00000250+ CKM_SHA256_HMAC as Sha256Hmac,--0x00000251+ CKM_SHA256_HMAC_GENERAL as Sha256HmacGeneral,--0x00000252++ -- SHA-224 is new for PKCS #11 v2.20 amendment 3+ CKM_SHA224 as Sha224,--0x00000255+ CKM_SHA224_HMAC as Sha224Hmac,--0x00000256+ CKM_SHA224_HMAC_GENERAL as Sha224HmacGeneral,--0x00000257++ CKM_SHA384 as Sha384,--0x00000260+ CKM_SHA384_HMAC as Sha384Hmac,--0x00000261+ CKM_SHA384_HMAC_GENERAL as Sha384HmacGeneral,--0x00000262+ CKM_SHA512 as Sha512,--0x00000270+ CKM_SHA512_HMAC as Sha512Hmac,--0x00000271+ CKM_SHA512_HMAC_GENERAL as Sha512HmacGeneral,--0x00000272++ -- SecurID is new for PKCS #11 v2.20 amendment 1+ --CKM_SECURID_KEY_GEN 0x00000280+ --CKM_SECURID 0x00000282++ -- HOTP is new for PKCS #11 v2.20 amendment 1+ --CKM_HOTP_KEY_GEN 0x00000290+ --CKM_HOTP 0x00000291++ -- ACTI is new for PKCS #11 v2.20 amendment 1+ --CKM_ACTI 0x000002A0+ --CKM_ACTI_KEY_GEN 0x000002A1++ -- All of the following mechanisms are new for v2.0+ -- Note that CAST128 and CAST5 are the same algorithm+ CKM_CAST_KEY_GEN as CastKeyGen,--0x00000300+ CKM_CAST_ECB as CastEcb,--0x00000301+ CKM_CAST_CBC as CastCbc,--0x00000302+ CKM_CAST_MAC as CastMac,--0x00000303+ CKM_CAST_MAC_GENERAL as CastMacGeneral,--0x00000304+ CKM_CAST_CBC_PAD as CastCbcPad,--0x00000305+ CKM_CAST3_KEY_GEN as Cast3KeyGen,--0x00000310+ CKM_CAST3_ECB as Cast3Ecb,--0x00000311+ CKM_CAST3_CBC as Cast3Cbc,--0x00000312+ CKM_CAST3_MAC as Cast3Mac,--0x00000313+ CKM_CAST3_MAC_GENERAL as Cast3MacGeneral,--0x00000314+ CKM_CAST3_CBC_PAD as Cast3CbcPad,--0x00000315+ CKM_CAST5_KEY_GEN as Cast5KeyGen,--0x00000320+ CKM_CAST128_KEY_GEN as Cast128KeyGen,--0x00000320+ CKM_CAST5_ECB as Cast5Ecb,--0x00000321+ CKM_CAST128_ECB as Cast128Ecb,--0x00000321+ CKM_CAST5_CBC as Cast5Cbc,--0x00000322+ CKM_CAST128_CBC as Cast128Cbc,--0x00000322+ CKM_CAST5_MAC as Cast5Mac,--0x00000323+ CKM_CAST128_MAC as Cast128Mac,--0x00000323+ CKM_CAST5_MAC_GENERAL as Cast5MacGeneral,--0x00000324+ CKM_CAST128_MAC_GENERAL as Cast128MacGeneral,--0x00000324+ CKM_CAST5_CBC_PAD as Cast5CbcPad,--0x00000325+ CKM_CAST128_CBC_PAD as Cast128CbcPad,--0x00000325+ CKM_RC5_KEY_GEN as Rc5KeyGen,--0x00000330+ CKM_RC5_ECB as Rc5Ecb,--0x00000331+ CKM_RC5_CBC as Rc5Cbc,--0x00000332+ CKM_RC5_MAC as Rc5Mac,--0x00000333+ CKM_RC5_MAC_GENERAL as Rc5MacGeneral,--0x00000334+ CKM_RC5_CBC_PAD as Rc5CbcPad,--0x00000335+ CKM_IDEA_KEY_GEN as IdeaKeyGen,--0x00000340+ CKM_IDEA_ECB as IdeaEcb,--0x00000341+ CKM_IDEA_CBC as IdeaCbc,--0x00000342+ CKM_IDEA_MAC as IdeaMac,--0x00000343+ CKM_IDEA_MAC_GENERAL as IdeaMacGeneral,--0x00000344+ CKM_IDEA_CBC_PAD as IdeaCbcPad,--0x00000345+ CKM_GENERIC_SECRET_KEY_GEN as GeneralSecretKeyGen,--0x00000350+ CKM_CONCATENATE_BASE_AND_KEY as ConcatenateBaseAndKey,--0x00000360+ CKM_CONCATENATE_BASE_AND_DATA as ConcatenateBaseAndData,--0x00000362+ CKM_CONCATENATE_DATA_AND_BASE as ConcatenateDataAndBase,--0x00000363+ CKM_XOR_BASE_AND_DATA as XorBaseAndData,--0x00000364+ CKM_EXTRACT_KEY_FROM_KEY as ExtractKeyFromKey,--0x00000365+ CKM_SSL3_PRE_MASTER_KEY_GEN as Ssl3PreMasterKeyGen,--0x00000370+ CKM_SSL3_MASTER_KEY_DERIVE as Ssl3MasterKeyDerive,--0x00000371+ CKM_SSL3_KEY_AND_MAC_DERIVE as Ssl3KeyAndMacDerive,--0x00000372++ -- CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,+ -- CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and+ -- CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11+ --CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373+ --CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374+ --CKM_TLS_MASTER_KEY_DERIVE 0x00000375+ --CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376+ --CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377++ -- CKM_TLS_PRF is new for v2.20+ --CKM_TLS_PRF 0x00000378++ --CKM_SSL3_MD5_MAC 0x00000380+ --CKM_SSL3_SHA1_MAC 0x00000381+ --CKM_MD5_KEY_DERIVATION 0x00000390+ --CKM_MD2_KEY_DERIVATION 0x00000391+ --CKM_SHA1_KEY_DERIVATION 0x00000392++ -- CKM_SHA256/384/512 are new for v2.20+ --CKM_SHA256_KEY_DERIVATION 0x00000393+ --CKM_SHA384_KEY_DERIVATION 0x00000394+ --CKM_SHA512_KEY_DERIVATION 0x00000395++ -- SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3+ CKM_SHA224_KEY_DERIVATION as Sha224KeyDerivation,--0x00000396++ CKM_PBE_MD2_DES_CBC as PbeMd2DesCbc,--0x000003A0+ CKM_PBE_MD5_DES_CBC as PbeMd5DesCbc,--0x000003A1+ CKM_PBE_MD5_CAST_CBC as PbeMd5CastCbc,--0x000003A2+ CKM_PBE_MD5_CAST3_CBC as PbeMd5Cast3Cbc,--0x000003A3+ CKM_PBE_MD5_CAST5_CBC as PbeMd5Cast5Cbc,--0x000003A4+ CKM_PBE_MD5_CAST128_CBC as PbeMd5Cast128Cbc,--0x000003A4+ CKM_PBE_SHA1_CAST5_CBC as PbeSha1Cast5Cbc,--0x000003A5+ CKM_PBE_SHA1_CAST128_CBC as PbeSha1Cast128Cbc,--0x000003A5+ CKM_PBE_SHA1_RC4_128 as PbeSha1Rc4128,--0x000003A6+ CKM_PBE_SHA1_RC4_40 as PbeSha1Rc440,--0x000003A7+ CKM_PBE_SHA1_DES3_EDE_CBC as PbeSha1Des3EdeCbc,--0x000003A8+ CKM_PBE_SHA1_DES2_EDE_CBC as PbeSha1Des2EdeCbc,--0x000003A9+ CKM_PBE_SHA1_RC2_128_CBC as PbeSha1Rc2128Cbc,--0x000003AA+ CKM_PBE_SHA1_RC2_40_CBC as PbeSha1Rc240Cbc,--0x000003AB++ -- CKM_PKCS5_PBKD2 is new for v2.10+ CKM_PKCS5_PBKD2 as Pkcs5Pbkd2,--0x000003B0++ CKM_PBA_SHA1_WITH_SHA1_HMAC as PbaSha1WithSha1Hmac,--0x000003C0++ -- WTLS mechanisms are new for v2.20+ --CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0+ --CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1+ --CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2+ --CKM_WTLS_PRF 0x000003D3+ --CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4+ --CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5++ --CKM_KEY_WRAP_LYNKS 0x00000400+ --CKM_KEY_WRAP_SET_OAEP 0x00000401++ -- CKM_CMS_SIG is new for v2.20+ --CKM_CMS_SIG 0x00000500++ -- CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2+ --CKM_KIP_DERIVE 0x00000510+ --CKM_KIP_WRAP 0x00000511+ --CKM_KIP_MAC 0x00000512++ -- Camellia is new for PKCS #11 v2.20 amendment 3+ --CKM_CAMELLIA_KEY_GEN 0x00000550+ --CKM_CAMELLIA_ECB 0x00000551+ --CKM_CAMELLIA_CBC 0x00000552+ --CKM_CAMELLIA_MAC 0x00000553+ --CKM_CAMELLIA_MAC_GENERAL 0x00000554+ --CKM_CAMELLIA_CBC_PAD 0x00000555+ --CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556+ --CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557+ --CKM_CAMELLIA_CTR 0x00000558++ -- ARIA is new for PKCS #11 v2.20 amendment 3+ --CKM_ARIA_KEY_GEN 0x00000560+ --CKM_ARIA_ECB 0x00000561+ --CKM_ARIA_CBC 0x00000562+ --CKM_ARIA_MAC 0x00000563+ --CKM_ARIA_MAC_GENERAL 0x00000564+ --CKM_ARIA_CBC_PAD 0x00000565+ --CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566+ --CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567++ -- Fortezza mechanisms+ --CKM_SKIPJACK_KEY_GEN 0x00001000+ --CKM_SKIPJACK_ECB64 0x00001001+ --CKM_SKIPJACK_CBC64 0x00001002+ --CKM_SKIPJACK_OFB64 0x00001003+ --CKM_SKIPJACK_CFB64 0x00001004+ --CKM_SKIPJACK_CFB32 0x00001005+ --CKM_SKIPJACK_CFB16 0x00001006+ --CKM_SKIPJACK_CFB8 0x00001007+ --CKM_SKIPJACK_WRAP 0x00001008+ --CKM_SKIPJACK_PRIVATE_WRAP 0x00001009+ --CKM_SKIPJACK_RELAYX 0x0000100a+ --CKM_KEA_KEY_PAIR_GEN 0x00001010+ --CKM_KEA_KEY_DERIVE 0x00001011+ --CKM_FORTEZZA_TIMESTAMP 0x00001020+ --CKM_BATON_KEY_GEN 0x00001030+ --CKM_BATON_ECB128 0x00001031+ --CKM_BATON_ECB96 0x00001032+ --CKM_BATON_CBC128 0x00001033+ --CKM_BATON_COUNTER 0x00001034+ --CKM_BATON_SHUFFLE 0x00001035+ --CKM_BATON_WRAP 0x00001036++ -- CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,+ -- CKM_EC_KEY_PAIR_GEN is preferred+ CKM_ECDSA_KEY_PAIR_GEN as EcdsaKeyPairGen,--0x00001040+ CKM_EC_KEY_PAIR_GEN as EcKeyPairGen,--0x00001040++ CKM_ECDSA as Ecdsa,--0x00001041+ CKM_ECDSA_SHA1 as EcdsaSha1,--0x00001042++ -- CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE+ -- are new for v2.11+ CKM_ECDH1_DERIVE as Ecdh1Derive,--0x00001050+ CKM_ECDH1_COFACTOR_DERIVE as Ecdh1CofactorDerive,--0x00001051+ CKM_ECMQV_DERIVE as DcmqvDerive,--0x00001052++ CKM_JUNIPER_KEY_GEN as JuniperKeyGen,--0x00001060+ CKM_JUNIPER_ECB128 as JuniperEcb128,--0x00001061+ CKM_JUNIPER_CBC128 as JuniperCbc128,--0x00001062+ CKM_JUNIPER_COUNTER as JuniperCounter,--0x00001063+ CKM_JUNIPER_SHUFFLE as JuniperShuffle,--0x00001064+ CKM_JUNIPER_WRAP as JuniperWrap,--0x00001065+ CKM_FASTHASH as FastHash,--0x00001070++ -- CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,+ -- CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,+ -- CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are+ -- new for v2.11+ CKM_AES_KEY_GEN as AesKeyGen,--0x00001080+ CKM_AES_ECB as AesEcb,+ CKM_AES_CBC as AesCbc,+ CKM_AES_MAC as AesMac,+ CKM_AES_MAC_GENERAL as AesMacGeneral,+ CKM_AES_CBC_PAD as AesCbcPad,++ -- AES counter mode is new for PKCS #11 v2.20 amendment 3+ CKM_AES_CTR as AesCtr,++ CKM_AES_GCM as AesGcm,--0x00001087+ CKM_AES_CCM as AesCcm,--0x00001088+ CKM_AES_KEY_WRAP as AesKeyWrap,--0x00001090+ CKM_AES_KEY_WRAP_PAD as AesKeyWrapPad,--0x00001091++ -- BlowFish and TwoFish are new for v2.20+ CKM_BLOWFISH_KEY_GEN as BlowfishKeyGen,+ CKM_BLOWFISH_CBC as BlowfishCbc,+ CKM_TWOFISH_KEY_GEN as TwoFishKeyGen,+ CKM_TWOFISH_CBC as TwoFishCbc,++ -- CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20+ CKM_DES_ECB_ENCRYPT_DATA as DesEcbEncryptData,+ CKM_DES_CBC_ENCRYPT_DATA as DesCbcEncryptData,+ CKM_DES3_ECB_ENCRYPT_DATA as Des3EcbEncryptData,+ CKM_DES3_CBC_ENCRYPT_DATA as Des3CbcEncryptData,+ CKM_AES_ECB_ENCRYPT_DATA as AesEcbEncryptData,+ CKM_AES_CBC_ENCRYPT_DATA as AesCbcEncryptData,++ CKM_DSA_PARAMETER_GEN as DsaParameterGen,+ CKM_DH_PKCS_PARAMETER_GEN as DhPkcsParameterGen,+ CKM_X9_42_DH_PARAMETER_GEN as X9_42DhParameterGen,++ CKM_VENDOR_DEFINED as VendorDefined+ } deriving (Eq,Show) #}++ _decryptInit :: MechType -> Session -> ObjectHandle -> IO () _decryptInit mechType (Session sessionHandle functionListPtr) obj = do alloca $ \mechPtr -> do- poke mechPtr (Mech {mechType = fromEnum mechType, mechParamPtr = nullPtr, mechParamSize = 0})+ poke mechPtr (Mech {mechType = mechType, mechParamPtr = nullPtr, mechParamSize = 0}) rv <- {#call unsafe CK_FUNCTION_LIST.C_DecryptInit#} functionListPtr sessionHandle mechPtr obj if rv /= 0 then fail $ "failed to initiate decryption: " ++ (rvToStr rv)@@ -714,7 +1149,7 @@ _encryptInit :: MechType -> Session -> ObjectHandle -> IO () _encryptInit mechType (Session sessionHandle functionListPtr) obj = do alloca $ \mechPtr -> do- poke mechPtr (Mech {mechType = fromEnum mechType, mechParamPtr = nullPtr, mechParamSize = 0})+ poke mechPtr (Mech {mechType = mechType, mechParamPtr = nullPtr, mechParamSize = 0}) rv <- {#call unsafe CK_FUNCTION_LIST.C_EncryptInit#} functionListPtr sessionHandle mechPtr obj if rv /= 0 then fail $ "failed to initiate decryption: " ++ (rvToStr rv)@@ -742,7 +1177,7 @@ unwrapKey mechType (Session sessionHandle functionListPtr) key wrappedKey template = do _withAttribs template $ \attribsPtr -> do alloca $ \mechPtr -> do- poke mechPtr (Mech {mechType = fromEnum mechType, mechParamPtr = nullPtr, mechParamSize = 0})+ poke mechPtr (Mech {mechType = mechType, mechParamPtr = nullPtr, mechParamSize = 0}) unsafeUseAsCStringLen wrappedKey $ \(wrappedKeyPtr, wrappedKeyLen) -> do alloca $ \unwrappedKeyPtr -> do rv <- {#call unsafe CK_FUNCTION_LIST.C_UnwrapKey#} functionListPtr sessionHandle mechPtr key (castPtr wrappedKeyPtr) (fromIntegral wrappedKeyLen) attribsPtr (fromIntegral $ length template) unwrappedKeyPtr@@ -753,17 +1188,18 @@ return unwrappedKey -getMechanismList :: Library -> Int -> Int -> IO [CULong]+getMechanismList :: Library -> SlotId -> Int -> IO [Int] getMechanismList (Library _ functionListPtr) slotId maxMechanisms = do (rv, types) <- _getMechanismList functionListPtr slotId maxMechanisms if rv /= 0 then fail $ "failed to get list of mechanisms: " ++ (rvToStr rv)- else return types+ else return $ map (fromIntegral) types -getMechanismInfo :: Library -> Int -> Int -> IO MechInfo+-- | Retrieves mechanism info+getMechanismInfo :: Library -> SlotId -> MechType -> IO MechInfo getMechanismInfo (Library _ functionListPtr) slotId mechId = do- (rv, types) <- _getMechanismInfo functionListPtr slotId mechId+ (rv, types) <- _getMechanismInfo functionListPtr slotId (fromEnum mechId) if rv /= 0 then fail $ "failed to get mechanism information: " ++ (rvToStr rv) else return types
Test.hs view
@@ -12,9 +12,9 @@ generateKey :: Library -> BU8.ByteString -> String -> IO (ObjectHandle, ObjectHandle) generateKey lib pin label = do- withSession lib 0 rwSession $ \sess -> do+ withSession lib 0 True $ \sess -> do login sess User pin- generateKeyPair sess rsaPkcsKeyPairGen [ModulusBits 2048, Label label, Token True] [Label label, Token True]+ generateKeyPair sess RsaPkcsKeyPairGen [ModulusBits 2048, Label label, Token True] [Label label, Token True] @@ -37,21 +37,22 @@ mechanisms <- getMechanismList lib 0 100 putStrLn $ show mechanisms - mechInfo <- getMechanismInfo lib 0 (fromIntegral $ head mechanisms)+ mechInfo <- getMechanismInfo lib 0 RsaPkcsKeyPairGen putStrLn $ show mechInfo --putStrLn "generating key" --(pubKeyHandle, privKeyHandle) <- generateKey lib (BU8.fromString "123abc_") "key" --putStrLn (show pubKeyHandle) - withSession lib 0 0 $ \sess -> do+ withSession lib 0 False $ \sess -> do login sess User (BU8.fromString "123abc_") objects <- findObjects sess [Class PrivateKey, Label "key"] putStrLn $ show objects let objId = head objects mod <- getModulus sess objId pubExp <- getPublicExponent sess objId- attr <- getObjectAttr sess objId DecryptType+ decryptFlag <- getDecryptFlag sess objId+ putStrLn $ show decryptFlag putStrLn $ showHex mod "" putStrLn $ showHex pubExp "" rng <- newGenIO :: IO SystemRandom@@ -76,3 +77,4 @@ -- test decryption using AES key decAes <- decrypt AesEcb sess unwrappedKeyHandle encryptedMessage putStrLn $ show decAes+ logout sess
hspkcs11.cabal view
@@ -1,5 +1,5 @@ name: hspkcs11-version: 0.1+version: 0.2 synopsis: Wrapper for PKCS #11 interface description: This package allows to call PKCS#11 provider libraries. PKCS#11 is a C interface specification for cryptography providers, such as crypto tokens and HSMs homepage: https://github.com/denisenkom/hspkcs11
include/pkcs11.h view
@@ -1,299 +1,301 @@-/* pkcs11.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. - */ - -#ifndef _PKCS11_H_ -#define _PKCS11_H_ 1 - -#ifdef __cplusplus -extern "C" { -#endif - -/* Before including this file (pkcs11.h) (or pkcs11t.h by - * itself), 6 platform-specific macros must be defined. These - * macros are described below, and typical definitions for them - * are also given. Be advised that these definitions can depend - * on both the platform and the compiler used (and possibly also - * on whether a Cryptoki library is linked statically or - * dynamically). - * - * In addition to defining these 6 macros, the packing convention - * for Cryptoki structures should be set. The Cryptoki - * convention on packing is that structures should be 1-byte - * aligned. - * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, this might be done by using the following - * preprocessor directive before including pkcs11.h or pkcs11t.h: - * - * #pragma pack(push, cryptoki, 1) - * - * and using the following preprocessor directive after including - * pkcs11.h or pkcs11t.h: - * - * #pragma pack(pop, cryptoki) - * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, this might be done by using - * the following preprocessor directive before including - * pkcs11.h or pkcs11t.h: - * - * #pragma pack(1) - * - * In a UNIX environment, you're on your own for this. You might - * not need to do (or be able to do!) anything. - * - * - * Now for the macros: - * - * - * 1. CK_PTR: The indirection string for making a pointer to an - * object. It can be used like this: - * - * typedef CK_BYTE CK_PTR CK_BYTE_PTR; - * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, it might be defined by: - * - * #define CK_PTR * - * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, it might be defined by: - * - * #define CK_PTR far * - * - * In a typical UNIX environment, it might be defined by: - * - * #define CK_PTR * - * - * - * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes - * an exportable Cryptoki library function definition out of a - * return type and a function name. It should be used in the - * following fashion to define the exposed Cryptoki functions in - * a Cryptoki library: - * - * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ) - * { - * ... - * } - * - * If you're using Microsoft Developer Studio 5.0 to define a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __declspec(dllexport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to define a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DEFINE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes - * an importable Cryptoki library function declaration out of a - * return type and a function name. It should be used in the - * following fashion: - * - * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( - * CK_VOID_PTR pReserved - * ); - * - * If you're using Microsoft Developer Studio 5.0 to declare a - * function in a Win32 Cryptoki .dll, it might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType __declspec(dllimport) name - * - * If you're using an earlier version of Microsoft Developer - * Studio to declare a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType name - * - * - * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro - * which makes a Cryptoki API function pointer declaration or - * function pointer type declaration out of a return type and a - * function name. It should be used in the following fashion: - * - * // Define funcPtr to be a pointer to a Cryptoki API function - * // taking arguments args and returning CK_RV. - * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); - * - * or - * - * // Define funcPtrType to be the type of a pointer to a - * // Cryptoki API function taking arguments args and returning - * // CK_RV, and then define funcPtr to be a variable of type - * // funcPtrType. - * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); - * funcPtrType funcPtr; - * - * If you're using Microsoft Developer Studio 5.0 to access - * functions in a Win32 Cryptoki .dll, in might be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType __declspec(dllimport) (* name) - * - * If you're using an earlier version of Microsoft Developer - * Studio to access functions in a Win16 Cryptoki .dll, it might - * be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType __export _far _pascal (* name) - * - * In a UNIX environment, it might be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType (* name) - * - * - * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes - * a function pointer type for an application callback out of - * a return type for the callback and a name for the callback. - * It should be used in the following fashion: - * - * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); - * - * to declare a function pointer, myCallback, to a callback - * which takes arguments args and returns a CK_RV. It can also - * be used like this: - * - * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); - * myCallbackType myCallback; - * - * If you're using Microsoft Developer Studio 5.0 to do Win32 - * Cryptoki development, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType (* name) - * - * If you're using an earlier version of Microsoft Developer - * Studio to do Win16 development, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType _far _pascal (* name) - * - * In a UNIX environment, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType (* name) - * - * - * 6. NULL_PTR: This macro is the value of a NULL pointer. - * - * In any ANSI/ISO C environment (and in many others as well), - * this should best be defined by - * - * #ifndef NULL_PTR - * #define NULL_PTR 0 - * #endif - */ - - -/* All the various Cryptoki types and #define'd values are in the - * file pkcs11t.h. */ -#include "pkcs11t.h" - -#define __PASTE(x,y) x##y - - -/* ============================================================== - * Define the "extern" form of all the entry points. - * ============================================================== - */ - -#define CK_NEED_ARG_LIST 1 -#define CK_PKCS11_FUNCTION_INFO(name) \ - extern CK_DECLARE_FUNCTION(CK_RV, name) - -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ -#include "pkcs11f.h" - -#undef CK_NEED_ARG_LIST -#undef CK_PKCS11_FUNCTION_INFO - - -/* ============================================================== - * Define the typedef form of all the entry points. That is, for - * each Cryptoki function C_XXX, define a type CK_C_XXX which is - * a pointer to that kind of function. - * ============================================================== - */ - -#define CK_NEED_ARG_LIST 1 -#define CK_PKCS11_FUNCTION_INFO(name) \ - typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) - -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ -#include "pkcs11f.h" - -#undef CK_NEED_ARG_LIST -#undef CK_PKCS11_FUNCTION_INFO - - -/* ============================================================== - * Define structed vector of entry points. A CK_FUNCTION_LIST - * contains a CK_VERSION indicating a library's Cryptoki version - * and then a whole slew of function pointers to the routines in - * the library. This type was declared, but not defined, in - * pkcs11t.h. - * ============================================================== - */ - -#define CK_PKCS11_FUNCTION_INFO(name) \ - __PASTE(CK_,name) name; - -struct CK_FUNCTION_LIST { - - CK_VERSION version; /* Cryptoki version */ - -/* Pile all the function pointers into the CK_FUNCTION_LIST. */ -/* pkcs11f.h has all the information about the Cryptoki - * function prototypes. */ -#include "pkcs11f.h" - -}; - -#undef CK_PKCS11_FUNCTION_INFO - - -#undef __PASTE - -#ifdef __cplusplus -} -#endif - -#endif +/* 02-Sep-2008 from ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/ */++/* pkcs11.h include file for PKCS #11. */+/* $Revision: 1.4 $ */++/* License to copy and use this software is granted provided that it is+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface+ * (Cryptoki)" in all material mentioning or referencing this software.++ * License is also granted to make and use derivative works provided that+ * such works are identified as "derived from the RSA Security Inc. PKCS #11+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or+ * referencing the derived work.++ * RSA Security Inc. makes no representations concerning either the+ * merchantability of this software or the suitability of this software for+ * any particular purpose. It is provided "as is" without express or implied+ * warranty of any kind.+ */++#ifndef _PKCS11_H_+#define _PKCS11_H_ 1++#ifdef __cplusplus+extern "C" {+#endif++/* Before including this file (pkcs11.h) (or pkcs11t.h by+ * itself), 6 platform-specific macros must be defined. These+ * macros are described below, and typical definitions for them+ * are also given. Be advised that these definitions can depend+ * on both the platform and the compiler used (and possibly also+ * on whether a Cryptoki library is linked statically or+ * dynamically).+ *+ * In addition to defining these 6 macros, the packing convention+ * for Cryptoki structures should be set. The Cryptoki+ * convention on packing is that structures should be 1-byte+ * aligned.+ *+ * If you're using Microsoft Developer Studio 5.0 to produce+ * Win32 stuff, this might be done by using the following+ * preprocessor directive before including pkcs11.h or pkcs11t.h:+ *+ * #pragma pack(push, cryptoki, 1)+ *+ * and using the following preprocessor directive after including+ * pkcs11.h or pkcs11t.h:+ *+ * #pragma pack(pop, cryptoki)+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to produce Win16 stuff, this might be done by using+ * the following preprocessor directive before including+ * pkcs11.h or pkcs11t.h:+ *+ * #pragma pack(1)+ *+ * In a UNIX environment, you're on your own for this. You might+ * not need to do (or be able to do!) anything.+ *+ *+ * Now for the macros:+ *+ *+ * 1. CK_PTR: The indirection string for making a pointer to an+ * object. It can be used like this:+ *+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;+ *+ * If you're using Microsoft Developer Studio 5.0 to produce+ * Win32 stuff, it might be defined by:+ *+ * #define CK_PTR *+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to produce Win16 stuff, it might be defined by:+ *+ * #define CK_PTR far *+ *+ * In a typical UNIX environment, it might be defined by:+ *+ * #define CK_PTR *+ *+ *+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes+ * an exportable Cryptoki library function definition out of a+ * return type and a function name. It should be used in the+ * following fashion to define the exposed Cryptoki functions in+ * a Cryptoki library:+ *+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(+ * CK_VOID_PTR pReserved+ * )+ * {+ * ...+ * }+ *+ * If you're using Microsoft Developer Studio 5.0 to define a+ * function in a Win32 Cryptoki .dll, it might be defined by:+ *+ * #define CK_DEFINE_FUNCTION(returnType, name) \+ * returnType __declspec(dllexport) name+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to define a function in a Win16 Cryptoki .dll, it+ * might be defined by:+ *+ * #define CK_DEFINE_FUNCTION(returnType, name) \+ * returnType __export _far _pascal name+ *+ * In a UNIX environment, it might be defined by:+ *+ * #define CK_DEFINE_FUNCTION(returnType, name) \+ * returnType name+ *+ *+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes+ * an importable Cryptoki library function declaration out of a+ * return type and a function name. It should be used in the+ * following fashion:+ *+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(+ * CK_VOID_PTR pReserved+ * );+ *+ * If you're using Microsoft Developer Studio 5.0 to declare a+ * function in a Win32 Cryptoki .dll, it might be defined by:+ *+ * #define CK_DECLARE_FUNCTION(returnType, name) \+ * returnType __declspec(dllimport) name+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to declare a function in a Win16 Cryptoki .dll, it+ * might be defined by:+ *+ * #define CK_DECLARE_FUNCTION(returnType, name) \+ * returnType __export _far _pascal name+ *+ * In a UNIX environment, it might be defined by:+ *+ * #define CK_DECLARE_FUNCTION(returnType, name) \+ * returnType name+ *+ *+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro+ * which makes a Cryptoki API function pointer declaration or+ * function pointer type declaration out of a return type and a+ * function name. It should be used in the following fashion:+ *+ * // Define funcPtr to be a pointer to a Cryptoki API function+ * // taking arguments args and returning CK_RV.+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);+ *+ * or+ *+ * // Define funcPtrType to be the type of a pointer to a+ * // Cryptoki API function taking arguments args and returning+ * // CK_RV, and then define funcPtr to be a variable of type+ * // funcPtrType.+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);+ * funcPtrType funcPtr;+ *+ * If you're using Microsoft Developer Studio 5.0 to access+ * functions in a Win32 Cryptoki .dll, in might be defined by:+ *+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \+ * returnType __declspec(dllimport) (* name)+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to access functions in a Win16 Cryptoki .dll, it might+ * be defined by:+ *+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \+ * returnType __export _far _pascal (* name)+ *+ * In a UNIX environment, it might be defined by:+ *+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \+ * returnType (* name)+ *+ *+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes+ * a function pointer type for an application callback out of+ * a return type for the callback and a name for the callback.+ * It should be used in the following fashion:+ *+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);+ *+ * to declare a function pointer, myCallback, to a callback+ * which takes arguments args and returns a CK_RV. It can also+ * be used like this:+ *+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);+ * myCallbackType myCallback;+ *+ * If you're using Microsoft Developer Studio 5.0 to do Win32+ * Cryptoki development, it might be defined by:+ *+ * #define CK_CALLBACK_FUNCTION(returnType, name) \+ * returnType (* name)+ *+ * If you're using an earlier version of Microsoft Developer+ * Studio to do Win16 development, it might be defined by:+ *+ * #define CK_CALLBACK_FUNCTION(returnType, name) \+ * returnType _far _pascal (* name)+ *+ * In a UNIX environment, it might be defined by:+ *+ * #define CK_CALLBACK_FUNCTION(returnType, name) \+ * returnType (* name)+ *+ *+ * 6. NULL_PTR: This macro is the value of a NULL pointer.+ *+ * In any ANSI/ISO C environment (and in many others as well),+ * this should best be defined by+ *+ * #ifndef NULL_PTR+ * #define NULL_PTR 0+ * #endif+ */+++/* All the various Cryptoki types and #define'd values are in the+ * file pkcs11t.h. */+#include "pkcs11t.h"++#define __PASTE(x,y) x##y+++/* ==============================================================+ * Define the "extern" form of all the entry points.+ * ==============================================================+ */++#define CK_NEED_ARG_LIST 1+#define CK_PKCS11_FUNCTION_INFO(name) \+ extern CK_DECLARE_FUNCTION(CK_RV, name)++/* pkcs11f.h has all the information about the Cryptoki+ * function prototypes. */+#include "pkcs11f.h"++#undef CK_NEED_ARG_LIST+#undef CK_PKCS11_FUNCTION_INFO+++/* ==============================================================+ * Define the typedef form of all the entry points. That is, for+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is+ * a pointer to that kind of function.+ * ==============================================================+ */++#define CK_NEED_ARG_LIST 1+#define CK_PKCS11_FUNCTION_INFO(name) \+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))++/* pkcs11f.h has all the information about the Cryptoki+ * function prototypes. */+#include "pkcs11f.h"++#undef CK_NEED_ARG_LIST+#undef CK_PKCS11_FUNCTION_INFO+++/* ==============================================================+ * Define structed vector of entry points. A CK_FUNCTION_LIST+ * contains a CK_VERSION indicating a library's Cryptoki version+ * and then a whole slew of function pointers to the routines in+ * the library. This type was declared, but not defined, in+ * pkcs11t.h.+ * ==============================================================+ */++#define CK_PKCS11_FUNCTION_INFO(name) \+ __PASTE(CK_,name) name;++struct CK_FUNCTION_LIST {++ CK_VERSION version; /* Cryptoki version */++/* Pile all the function pointers into the CK_FUNCTION_LIST. */+/* pkcs11f.h has all the information about the Cryptoki+ * function prototypes. */+#include "pkcs11f.h"++};++#undef CK_PKCS11_FUNCTION_INFO+++#undef __PASTE++#ifdef __cplusplus+}+#endif++#endif
include/pkcs11f.h view
@@ -1,912 +1,912 @@-/* pkcs11f.h include file for PKCS #11. */ -/* $Revision: 1.4 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. - */ - -/* This header file contains pretty much everything about all the */ -/* Cryptoki function prototypes. Because this information is */ -/* used for more than just declaring function prototypes, the */ -/* order of the functions appearing herein is important, and */ -/* should not be altered. */ - -/* General-purpose */ - -/* C_Initialize initializes the Cryptoki library. */ -CK_PKCS11_FUNCTION_INFO(C_Initialize) -#ifdef CK_NEED_ARG_LIST -( - CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets - * cast to CK_C_INITIALIZE_ARGS_PTR - * and dereferenced */ -); -#endif - - -/* C_Finalize indicates that an application is done with the - * Cryptoki library. */ -CK_PKCS11_FUNCTION_INFO(C_Finalize) -#ifdef CK_NEED_ARG_LIST -( - CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ -); -#endif - - -/* C_GetInfo returns general information about Cryptoki. */ -CK_PKCS11_FUNCTION_INFO(C_GetInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_INFO_PTR pInfo /* location that receives information */ -); -#endif - - -/* C_GetFunctionList returns the function list. */ -CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) -#ifdef CK_NEED_ARG_LIST -( - CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to - * function list */ -); -#endif - - - -/* Slot and token management */ - -/* C_GetSlotList obtains a list of slots in the system. */ -CK_PKCS11_FUNCTION_INFO(C_GetSlotList) -#ifdef CK_NEED_ARG_LIST -( - CK_BBOOL tokenPresent, /* only slots with tokens? */ - CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ - CK_ULONG_PTR pulCount /* receives number of slots */ -); -#endif - - -/* C_GetSlotInfo obtains information about a particular slot in - * the system. */ -CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* the ID of the slot */ - CK_SLOT_INFO_PTR pInfo /* receives the slot information */ -); -#endif - - -/* C_GetTokenInfo obtains information about a particular token - * in the system. */ -CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_TOKEN_INFO_PTR pInfo /* receives the token information */ -); -#endif - - -/* C_GetMechanismList obtains a list of mechanism types - * supported by a token. */ -CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of token's slot */ - CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ - CK_ULONG_PTR pulCount /* gets # of mechs. */ -); -#endif - - -/* C_GetMechanismInfo obtains information about a particular - * mechanism possibly supported by a token. */ -CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_MECHANISM_TYPE type, /* type of mechanism */ - CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ -); -#endif - - -/* C_InitToken initializes a token. */ -CK_PKCS11_FUNCTION_INFO(C_InitToken) -#ifdef CK_NEED_ARG_LIST -/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ -( - CK_SLOT_ID slotID, /* ID of the token's slot */ - CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ - CK_ULONG ulPinLen, /* length in bytes of the PIN */ - CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ -); -#endif - - -/* C_InitPIN initializes the normal user's PIN. */ -CK_PKCS11_FUNCTION_INFO(C_InitPIN) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ - CK_ULONG ulPinLen /* length in bytes of the PIN */ -); -#endif - - -/* C_SetPIN modifies the PIN of the user who is logged in. */ -CK_PKCS11_FUNCTION_INFO(C_SetPIN) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ - CK_ULONG ulOldLen, /* length of the old PIN */ - CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ - CK_ULONG ulNewLen /* length of the new PIN */ -); -#endif - - - -/* Session management */ - -/* C_OpenSession opens a session between an application and a - * token. */ -CK_PKCS11_FUNCTION_INFO(C_OpenSession) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID, /* the slot's ID */ - CK_FLAGS flags, /* from CK_SESSION_INFO */ - CK_VOID_PTR pApplication, /* passed to callback */ - CK_NOTIFY Notify, /* callback function */ - CK_SESSION_HANDLE_PTR phSession /* gets session handle */ -); -#endif - - -/* C_CloseSession closes a session between an application and a - * token. */ -CK_PKCS11_FUNCTION_INFO(C_CloseSession) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - -/* C_CloseAllSessions closes all sessions with a token. */ -CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) -#ifdef CK_NEED_ARG_LIST -( - CK_SLOT_ID slotID /* the token's slot */ -); -#endif - - -/* C_GetSessionInfo obtains information about the session. */ -CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_SESSION_INFO_PTR pInfo /* receives session info */ -); -#endif - - -/* C_GetOperationState obtains the state of the cryptographic operation - * in a session. */ -CK_PKCS11_FUNCTION_INFO(C_GetOperationState) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pOperationState, /* gets state */ - CK_ULONG_PTR pulOperationStateLen /* gets state length */ -); -#endif - - -/* C_SetOperationState restores the state of the cryptographic - * operation in a session. */ -CK_PKCS11_FUNCTION_INFO(C_SetOperationState) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pOperationState, /* holds state */ - CK_ULONG ulOperationStateLen, /* holds state length */ - CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ - CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ -); -#endif - - -/* C_Login logs a user into a token. */ -CK_PKCS11_FUNCTION_INFO(C_Login) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_USER_TYPE userType, /* the user type */ - CK_UTF8CHAR_PTR pPin, /* the user's PIN */ - CK_ULONG ulPinLen /* the length of the PIN */ -); -#endif - - -/* C_Logout logs a user out from a token. */ -CK_PKCS11_FUNCTION_INFO(C_Logout) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - - -/* Object management */ - -/* C_CreateObject creates a new object. */ -CK_PKCS11_FUNCTION_INFO(C_CreateObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ -); -#endif - - -/* C_CopyObject copies an object, creating a new object for the - * copy. */ -CK_PKCS11_FUNCTION_INFO(C_CopyObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ - CK_ULONG ulCount, /* attributes in template */ - CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ -); -#endif - - -/* C_DestroyObject destroys an object. */ -CK_PKCS11_FUNCTION_INFO(C_DestroyObject) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject /* the object's handle */ -); -#endif - - -/* C_GetObjectSize gets the size of an object in bytes. */ -CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ULONG_PTR pulSize /* receives size of object */ -); -#endif - - -/* C_GetAttributeValue obtains the value of one or more object - * attributes. */ -CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ - CK_ULONG ulCount /* attributes in template */ -); -#endif - - -/* C_SetAttributeValue modifies the value of one or more object - * attributes */ -CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hObject, /* the object's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ - CK_ULONG ulCount /* attributes in template */ -); -#endif - - -/* C_FindObjectsInit initializes a search for token and session - * objects that match a template. */ -CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ - CK_ULONG ulCount /* attrs in search template */ -); -#endif - - -/* C_FindObjects continues a search for token and session - * objects that match a template, obtaining additional object - * handles. */ -CK_PKCS11_FUNCTION_INFO(C_FindObjects) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ - CK_ULONG ulMaxObjectCount, /* max handles to get */ - CK_ULONG_PTR pulObjectCount /* actual # returned */ -); -#endif - - -/* C_FindObjectsFinal finishes a search for token and session - * objects. */ -CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - - -/* Encryption and decryption */ - -/* C_EncryptInit initializes an encryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_EncryptInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ - CK_OBJECT_HANDLE hKey /* handle of encryption key */ -); -#endif - - -/* C_Encrypt encrypts single-part data. */ -CK_PKCS11_FUNCTION_INFO(C_Encrypt) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pData, /* the plaintext data */ - CK_ULONG ulDataLen, /* bytes of plaintext */ - CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ -); -#endif - - -/* C_EncryptUpdate continues a multiple-part encryption - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext data len */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ -); -#endif - - -/* C_EncryptFinal finishes a multiple-part encryption - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session handle */ - CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ - CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ -); -#endif - - -/* C_DecryptInit initializes a decryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ - CK_OBJECT_HANDLE hKey /* handle of decryption key */ -); -#endif - - -/* C_Decrypt decrypts encrypted data in a single part. */ -CK_PKCS11_FUNCTION_INFO(C_Decrypt) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedData, /* ciphertext */ - CK_ULONG ulEncryptedDataLen, /* ciphertext length */ - CK_BYTE_PTR pData, /* gets plaintext */ - CK_ULONG_PTR pulDataLen /* gets p-text size */ -); -#endif - - -/* C_DecryptUpdate continues a multiple-part decryption - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* encrypted data */ - CK_ULONG ulEncryptedPartLen, /* input length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* p-text size */ -); -#endif - - -/* C_DecryptFinal finishes a multiple-part decryption - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pLastPart, /* gets plaintext */ - CK_ULONG_PTR pulLastPartLen /* p-text size */ -); -#endif - - - -/* Message digesting */ - -/* C_DigestInit initializes a message-digesting operation. */ -CK_PKCS11_FUNCTION_INFO(C_DigestInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ -); -#endif - - -/* C_Digest digests data in a single part. */ -CK_PKCS11_FUNCTION_INFO(C_Digest) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* data to be digested */ - CK_ULONG ulDataLen, /* bytes of data to digest */ - CK_BYTE_PTR pDigest, /* gets the message digest */ - CK_ULONG_PTR pulDigestLen /* gets digest length */ -); -#endif - - -/* C_DigestUpdate continues a multiple-part message-digesting - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* data to be digested */ - CK_ULONG ulPartLen /* bytes of data to be digested */ -); -#endif - - -/* C_DigestKey continues a multi-part message-digesting - * operation, by digesting the value of a secret key as part of - * the data already digested. */ -CK_PKCS11_FUNCTION_INFO(C_DigestKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_OBJECT_HANDLE hKey /* secret key to digest */ -); -#endif - - -/* C_DigestFinal finishes a multiple-part message-digesting - * operation. */ -CK_PKCS11_FUNCTION_INFO(C_DigestFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pDigest, /* gets the message digest */ - CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ -); -#endif - - - -/* Signing and MACing */ - -/* C_SignInit initializes a signature (private key encryption) - * operation, where the signature is (will be) an appendix to - * the data, and plaintext cannot be recovered from the - *signature. */ -CK_PKCS11_FUNCTION_INFO(C_SignInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey /* handle of signature key */ -); -#endif - - -/* C_Sign signs (encrypts with private key) data in a single - * part, where the signature is (will be) an appendix to the - * data, and plaintext cannot be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_Sign) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data to sign */ - CK_ULONG ulDataLen, /* count of bytes to sign */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - -/* C_SignUpdate continues a multiple-part signature operation, - * where the signature is (will be) an appendix to the data, - * and plaintext cannot be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_SignUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* the data to sign */ - CK_ULONG ulPartLen /* count of bytes to sign */ -); -#endif - - -/* C_SignFinal finishes a multiple-part signature operation, - * returning the signature. */ -CK_PKCS11_FUNCTION_INFO(C_SignFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - -/* C_SignRecoverInit initializes a signature operation, where - * the data can be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ - CK_OBJECT_HANDLE hKey /* handle of the signature key */ -); -#endif - - -/* C_SignRecover signs data in a single operation, where the - * data can be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_SignRecover) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* the data to sign */ - CK_ULONG ulDataLen, /* count of bytes to sign */ - CK_BYTE_PTR pSignature, /* gets the signature */ - CK_ULONG_PTR pulSignatureLen /* gets signature length */ -); -#endif - - - -/* Verifying signatures and MACs */ - -/* C_VerifyInit initializes a verification operation, where the - * signature is an appendix to the data, and plaintext cannot - * cannot be recovered from the signature (e.g. DSA). */ -CK_PKCS11_FUNCTION_INFO(C_VerifyInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ -); -#endif - - -/* C_Verify verifies a signature in a single-part operation, - * where the signature is an appendix to the data, and plaintext - * cannot be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_Verify) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pData, /* signed data */ - CK_ULONG ulDataLen, /* length of signed data */ - CK_BYTE_PTR pSignature, /* signature */ - CK_ULONG ulSignatureLen /* signature length*/ -); -#endif - - -/* C_VerifyUpdate continues a multiple-part verification - * operation, where the signature is an appendix to the data, - * and plaintext cannot be recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pPart, /* signed data */ - CK_ULONG ulPartLen /* length of signed data */ -); -#endif - - -/* C_VerifyFinal finishes a multiple-part verification - * operation, checking the signature. */ -CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* signature to verify */ - CK_ULONG ulSignatureLen /* signature length */ -); -#endif - - -/* C_VerifyRecoverInit initializes a signature verification - * operation, where the data is recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ - CK_OBJECT_HANDLE hKey /* verification key */ -); -#endif - - -/* C_VerifyRecover verifies a signature in a single-part - * operation, where the data is recovered from the signature. */ -CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSignature, /* signature to verify */ - CK_ULONG ulSignatureLen, /* signature length */ - CK_BYTE_PTR pData, /* gets signed data */ - CK_ULONG_PTR pulDataLen /* gets signed data len */ -); -#endif - - - -/* Dual-function cryptographic operations */ - -/* C_DigestEncryptUpdate continues a multiple-part digesting - * and encryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext length */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ -); -#endif - - -/* C_DecryptDigestUpdate continues a multiple-part decryption and - * digesting operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* ciphertext */ - CK_ULONG ulEncryptedPartLen, /* ciphertext length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* gets plaintext len */ -); -#endif - - -/* C_SignEncryptUpdate continues a multiple-part signing and - * encryption operation. */ -CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pPart, /* the plaintext data */ - CK_ULONG ulPartLen, /* plaintext length */ - CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ - CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ -); -#endif - - -/* C_DecryptVerifyUpdate continues a multiple-part decryption and - * verify operation. */ -CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_BYTE_PTR pEncryptedPart, /* ciphertext */ - CK_ULONG ulEncryptedPartLen, /* ciphertext length */ - CK_BYTE_PTR pPart, /* gets plaintext */ - CK_ULONG_PTR pulPartLen /* gets p-text length */ -); -#endif - - - -/* Key management */ - -/* C_GenerateKey generates a secret key, creating a new key - * object. */ -CK_PKCS11_FUNCTION_INFO(C_GenerateKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* key generation mech. */ - CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ - CK_ULONG ulCount, /* # of attrs in template */ - CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ -); -#endif - - -/* C_GenerateKeyPair generates a public-key/private-key pair, - * creating new key objects. */ -CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session - * handle */ - CK_MECHANISM_PTR pMechanism, /* key-gen - * mech. */ - CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template - * for pub. - * key */ - CK_ULONG ulPublicKeyAttributeCount, /* # pub. - * attrs. */ - CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template - * for priv. - * key */ - CK_ULONG ulPrivateKeyAttributeCount, /* # priv. - * attrs. */ - CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. - * key - * handle */ - CK_OBJECT_HANDLE_PTR phPrivateKey /* gets - * priv. key - * handle */ -); -#endif - - -/* C_WrapKey wraps (i.e., encrypts) a key. */ -CK_PKCS11_FUNCTION_INFO(C_WrapKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ - CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ - CK_OBJECT_HANDLE hKey, /* key to be wrapped */ - CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ - CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ -); -#endif - - -/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new - * key object. */ -CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ - CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ - CK_BYTE_PTR pWrappedKey, /* the wrapped key */ - CK_ULONG ulWrappedKeyLen, /* wrapped key len */ - CK_ATTRIBUTE_PTR pTemplate, /* new key template */ - CK_ULONG ulAttributeCount, /* template length */ - CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ -); -#endif - - -/* C_DeriveKey derives a key from a base key, creating a new key - * object. */ -CK_PKCS11_FUNCTION_INFO(C_DeriveKey) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* session's handle */ - CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ - CK_OBJECT_HANDLE hBaseKey, /* base key */ - CK_ATTRIBUTE_PTR pTemplate, /* new key template */ - CK_ULONG ulAttributeCount, /* template length */ - CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ -); -#endif - - - -/* Random number generation */ - -/* C_SeedRandom mixes additional seed material into the token's - * random number generator. */ -CK_PKCS11_FUNCTION_INFO(C_SeedRandom) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR pSeed, /* the seed material */ - CK_ULONG ulSeedLen /* length of seed material */ -); -#endif - - -/* C_GenerateRandom generates random data. */ -CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_BYTE_PTR RandomData, /* receives the random data */ - CK_ULONG ulRandomLen /* # of bytes to generate */ -); -#endif - - - -/* Parallel function management */ - -/* C_GetFunctionStatus is a legacy function; it obtains an - * updated status of a function running in parallel with an - * application. */ -CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - -/* C_CancelFunction is a legacy function; it cancels a function - * running in parallel. */ -CK_PKCS11_FUNCTION_INFO(C_CancelFunction) -#ifdef CK_NEED_ARG_LIST -( - CK_SESSION_HANDLE hSession /* the session's handle */ -); -#endif - - - -/* Functions added in for Cryptoki Version 2.01 or later */ - -/* C_WaitForSlotEvent waits for a slot event (token insertion, - * removal, etc.) to occur. */ -CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) -#ifdef CK_NEED_ARG_LIST -( - CK_FLAGS flags, /* blocking/nonblocking flag */ - CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ - CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ -); -#endif +/* pkcs11f.h include file for PKCS #11. */+/* $Revision: 1.4 $ */++/* License to copy and use this software is granted provided that it is+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface+ * (Cryptoki)" in all material mentioning or referencing this software.++ * License is also granted to make and use derivative works provided that+ * such works are identified as "derived from the RSA Security Inc. PKCS #11+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or+ * referencing the derived work.++ * RSA Security Inc. makes no representations concerning either the+ * merchantability of this software or the suitability of this software for+ * any particular purpose. It is provided "as is" without express or implied+ * warranty of any kind.+ */++/* This header file contains pretty much everything about all the */+/* Cryptoki function prototypes. Because this information is */+/* used for more than just declaring function prototypes, the */+/* order of the functions appearing herein is important, and */+/* should not be altered. */++/* General-purpose */++/* C_Initialize initializes the Cryptoki library. */+CK_PKCS11_FUNCTION_INFO(C_Initialize)+#ifdef CK_NEED_ARG_LIST+(+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets+ * cast to CK_C_INITIALIZE_ARGS_PTR+ * and dereferenced */+);+#endif+++/* C_Finalize indicates that an application is done with the+ * Cryptoki library. */+CK_PKCS11_FUNCTION_INFO(C_Finalize)+#ifdef CK_NEED_ARG_LIST+(+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */+);+#endif+++/* C_GetInfo returns general information about Cryptoki. */+CK_PKCS11_FUNCTION_INFO(C_GetInfo)+#ifdef CK_NEED_ARG_LIST+(+ CK_INFO_PTR pInfo /* location that receives information */+);+#endif+++/* C_GetFunctionList returns the function list. */+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)+#ifdef CK_NEED_ARG_LIST+(+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to+ * function list */+);+#endif++++/* Slot and token management */++/* C_GetSlotList obtains a list of slots in the system. */+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)+#ifdef CK_NEED_ARG_LIST+(+ CK_BBOOL tokenPresent, /* only slots with tokens? */+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */+ CK_ULONG_PTR pulCount /* receives number of slots */+);+#endif+++/* C_GetSlotInfo obtains information about a particular slot in+ * the system. */+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID, /* the ID of the slot */+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */+);+#endif+++/* C_GetTokenInfo obtains information about a particular token+ * in the system. */+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID, /* ID of the token's slot */+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */+);+#endif+++/* C_GetMechanismList obtains a list of mechanism types+ * supported by a token. */+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID, /* ID of token's slot */+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */+ CK_ULONG_PTR pulCount /* gets # of mechs. */+);+#endif+++/* C_GetMechanismInfo obtains information about a particular+ * mechanism possibly supported by a token. */+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID, /* ID of the token's slot */+ CK_MECHANISM_TYPE type, /* type of mechanism */+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */+);+#endif+++/* C_InitToken initializes a token. */+CK_PKCS11_FUNCTION_INFO(C_InitToken)+#ifdef CK_NEED_ARG_LIST+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */+(+ CK_SLOT_ID slotID, /* ID of the token's slot */+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */+ CK_ULONG ulPinLen, /* length in bytes of the PIN */+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */+);+#endif+++/* C_InitPIN initializes the normal user's PIN. */+CK_PKCS11_FUNCTION_INFO(C_InitPIN)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */+ CK_ULONG ulPinLen /* length in bytes of the PIN */+);+#endif+++/* C_SetPIN modifies the PIN of the user who is logged in. */+CK_PKCS11_FUNCTION_INFO(C_SetPIN)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */+ CK_ULONG ulOldLen, /* length of the old PIN */+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */+ CK_ULONG ulNewLen /* length of the new PIN */+);+#endif++++/* Session management */++/* C_OpenSession opens a session between an application and a+ * token. */+CK_PKCS11_FUNCTION_INFO(C_OpenSession)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID, /* the slot's ID */+ CK_FLAGS flags, /* from CK_SESSION_INFO */+ CK_VOID_PTR pApplication, /* passed to callback */+ CK_NOTIFY Notify, /* callback function */+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */+);+#endif+++/* C_CloseSession closes a session between an application and a+ * token. */+CK_PKCS11_FUNCTION_INFO(C_CloseSession)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession /* the session's handle */+);+#endif+++/* C_CloseAllSessions closes all sessions with a token. */+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)+#ifdef CK_NEED_ARG_LIST+(+ CK_SLOT_ID slotID /* the token's slot */+);+#endif+++/* C_GetSessionInfo obtains information about the session. */+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_SESSION_INFO_PTR pInfo /* receives session info */+);+#endif+++/* C_GetOperationState obtains the state of the cryptographic operation+ * in a session. */+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pOperationState, /* gets state */+ CK_ULONG_PTR pulOperationStateLen /* gets state length */+);+#endif+++/* C_SetOperationState restores the state of the cryptographic+ * operation in a session. */+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pOperationState, /* holds state */+ CK_ULONG ulOperationStateLen, /* holds state length */+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */+);+#endif+++/* C_Login logs a user into a token. */+CK_PKCS11_FUNCTION_INFO(C_Login)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_USER_TYPE userType, /* the user type */+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */+ CK_ULONG ulPinLen /* the length of the PIN */+);+#endif+++/* C_Logout logs a user out from a token. */+CK_PKCS11_FUNCTION_INFO(C_Logout)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession /* the session's handle */+);+#endif++++/* Object management */++/* C_CreateObject creates a new object. */+CK_PKCS11_FUNCTION_INFO(C_CreateObject)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */+ CK_ULONG ulCount, /* attributes in template */+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */+);+#endif+++/* C_CopyObject copies an object, creating a new object for the+ * copy. */+CK_PKCS11_FUNCTION_INFO(C_CopyObject)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hObject, /* the object's handle */+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */+ CK_ULONG ulCount, /* attributes in template */+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */+);+#endif+++/* C_DestroyObject destroys an object. */+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hObject /* the object's handle */+);+#endif+++/* C_GetObjectSize gets the size of an object in bytes. */+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hObject, /* the object's handle */+ CK_ULONG_PTR pulSize /* receives size of object */+);+#endif+++/* C_GetAttributeValue obtains the value of one or more object+ * attributes. */+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hObject, /* the object's handle */+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */+ CK_ULONG ulCount /* attributes in template */+);+#endif+++/* C_SetAttributeValue modifies the value of one or more object+ * attributes */+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hObject, /* the object's handle */+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */+ CK_ULONG ulCount /* attributes in template */+);+#endif+++/* C_FindObjectsInit initializes a search for token and session+ * objects that match a template. */+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */+ CK_ULONG ulCount /* attrs in search template */+);+#endif+++/* C_FindObjects continues a search for token and session+ * objects that match a template, obtaining additional object+ * handles. */+CK_PKCS11_FUNCTION_INFO(C_FindObjects)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */+ CK_ULONG ulMaxObjectCount, /* max handles to get */+ CK_ULONG_PTR pulObjectCount /* actual # returned */+);+#endif+++/* C_FindObjectsFinal finishes a search for token and session+ * objects. */+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession /* the session's handle */+);+#endif++++/* Encryption and decryption */++/* C_EncryptInit initializes an encryption operation. */+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */+ CK_OBJECT_HANDLE hKey /* handle of encryption key */+);+#endif+++/* C_Encrypt encrypts single-part data. */+CK_PKCS11_FUNCTION_INFO(C_Encrypt)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pData, /* the plaintext data */+ CK_ULONG ulDataLen, /* bytes of plaintext */+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */+);+#endif+++/* C_EncryptUpdate continues a multiple-part encryption+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pPart, /* the plaintext data */+ CK_ULONG ulPartLen, /* plaintext data len */+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */+);+#endif+++/* C_EncryptFinal finishes a multiple-part encryption+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session handle */+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */+);+#endif+++/* C_DecryptInit initializes a decryption operation. */+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */+ CK_OBJECT_HANDLE hKey /* handle of decryption key */+);+#endif+++/* C_Decrypt decrypts encrypted data in a single part. */+CK_PKCS11_FUNCTION_INFO(C_Decrypt)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pEncryptedData, /* ciphertext */+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */+ CK_BYTE_PTR pData, /* gets plaintext */+ CK_ULONG_PTR pulDataLen /* gets p-text size */+);+#endif+++/* C_DecryptUpdate continues a multiple-part decryption+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */+ CK_ULONG ulEncryptedPartLen, /* input length */+ CK_BYTE_PTR pPart, /* gets plaintext */+ CK_ULONG_PTR pulPartLen /* p-text size */+);+#endif+++/* C_DecryptFinal finishes a multiple-part decryption+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pLastPart, /* gets plaintext */+ CK_ULONG_PTR pulLastPartLen /* p-text size */+);+#endif++++/* Message digesting */++/* C_DigestInit initializes a message-digesting operation. */+CK_PKCS11_FUNCTION_INFO(C_DigestInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */+);+#endif+++/* C_Digest digests data in a single part. */+CK_PKCS11_FUNCTION_INFO(C_Digest)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pData, /* data to be digested */+ CK_ULONG ulDataLen, /* bytes of data to digest */+ CK_BYTE_PTR pDigest, /* gets the message digest */+ CK_ULONG_PTR pulDigestLen /* gets digest length */+);+#endif+++/* C_DigestUpdate continues a multiple-part message-digesting+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pPart, /* data to be digested */+ CK_ULONG ulPartLen /* bytes of data to be digested */+);+#endif+++/* C_DigestKey continues a multi-part message-digesting+ * operation, by digesting the value of a secret key as part of+ * the data already digested. */+CK_PKCS11_FUNCTION_INFO(C_DigestKey)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_OBJECT_HANDLE hKey /* secret key to digest */+);+#endif+++/* C_DigestFinal finishes a multiple-part message-digesting+ * operation. */+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pDigest, /* gets the message digest */+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */+);+#endif++++/* Signing and MACing */++/* C_SignInit initializes a signature (private key encryption)+ * operation, where the signature is (will be) an appendix to+ * the data, and plaintext cannot be recovered from the+ *signature. */+CK_PKCS11_FUNCTION_INFO(C_SignInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */+ CK_OBJECT_HANDLE hKey /* handle of signature key */+);+#endif+++/* C_Sign signs (encrypts with private key) data in a single+ * part, where the signature is (will be) an appendix to the+ * data, and plaintext cannot be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_Sign)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pData, /* the data to sign */+ CK_ULONG ulDataLen, /* count of bytes to sign */+ CK_BYTE_PTR pSignature, /* gets the signature */+ CK_ULONG_PTR pulSignatureLen /* gets signature length */+);+#endif+++/* C_SignUpdate continues a multiple-part signature operation,+ * where the signature is (will be) an appendix to the data,+ * and plaintext cannot be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pPart, /* the data to sign */+ CK_ULONG ulPartLen /* count of bytes to sign */+);+#endif+++/* C_SignFinal finishes a multiple-part signature operation,+ * returning the signature. */+CK_PKCS11_FUNCTION_INFO(C_SignFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pSignature, /* gets the signature */+ CK_ULONG_PTR pulSignatureLen /* gets signature length */+);+#endif+++/* C_SignRecoverInit initializes a signature operation, where+ * the data can be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */+ CK_OBJECT_HANDLE hKey /* handle of the signature key */+);+#endif+++/* C_SignRecover signs data in a single operation, where the+ * data can be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_SignRecover)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pData, /* the data to sign */+ CK_ULONG ulDataLen, /* count of bytes to sign */+ CK_BYTE_PTR pSignature, /* gets the signature */+ CK_ULONG_PTR pulSignatureLen /* gets signature length */+);+#endif++++/* Verifying signatures and MACs */++/* C_VerifyInit initializes a verification operation, where the+ * signature is an appendix to the data, and plaintext cannot+ * cannot be recovered from the signature (e.g. DSA). */+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */+ CK_OBJECT_HANDLE hKey /* verification key */+);+#endif+++/* C_Verify verifies a signature in a single-part operation,+ * where the signature is an appendix to the data, and plaintext+ * cannot be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_Verify)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pData, /* signed data */+ CK_ULONG ulDataLen, /* length of signed data */+ CK_BYTE_PTR pSignature, /* signature */+ CK_ULONG ulSignatureLen /* signature length*/+);+#endif+++/* C_VerifyUpdate continues a multiple-part verification+ * operation, where the signature is an appendix to the data,+ * and plaintext cannot be recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pPart, /* signed data */+ CK_ULONG ulPartLen /* length of signed data */+);+#endif+++/* C_VerifyFinal finishes a multiple-part verification+ * operation, checking the signature. */+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pSignature, /* signature to verify */+ CK_ULONG ulSignatureLen /* signature length */+);+#endif+++/* C_VerifyRecoverInit initializes a signature verification+ * operation, where the data is recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */+ CK_OBJECT_HANDLE hKey /* verification key */+);+#endif+++/* C_VerifyRecover verifies a signature in a single-part+ * operation, where the data is recovered from the signature. */+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pSignature, /* signature to verify */+ CK_ULONG ulSignatureLen, /* signature length */+ CK_BYTE_PTR pData, /* gets signed data */+ CK_ULONG_PTR pulDataLen /* gets signed data len */+);+#endif++++/* Dual-function cryptographic operations */++/* C_DigestEncryptUpdate continues a multiple-part digesting+ * and encryption operation. */+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pPart, /* the plaintext data */+ CK_ULONG ulPartLen, /* plaintext length */+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */+);+#endif+++/* C_DecryptDigestUpdate continues a multiple-part decryption and+ * digesting operation. */+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */+ CK_BYTE_PTR pPart, /* gets plaintext */+ CK_ULONG_PTR pulPartLen /* gets plaintext len */+);+#endif+++/* C_SignEncryptUpdate continues a multiple-part signing and+ * encryption operation. */+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pPart, /* the plaintext data */+ CK_ULONG ulPartLen, /* plaintext length */+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */+);+#endif+++/* C_DecryptVerifyUpdate continues a multiple-part decryption and+ * verify operation. */+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */+ CK_BYTE_PTR pPart, /* gets plaintext */+ CK_ULONG_PTR pulPartLen /* gets p-text length */+);+#endif++++/* Key management */++/* C_GenerateKey generates a secret key, creating a new key+ * object. */+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */+ CK_ULONG ulCount, /* # of attrs in template */+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */+);+#endif+++/* C_GenerateKeyPair generates a public-key/private-key pair,+ * creating new key objects. */+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session+ * handle */+ CK_MECHANISM_PTR pMechanism, /* key-gen+ * mech. */+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template+ * for pub.+ * key */+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.+ * attrs. */+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template+ * for priv.+ * key */+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.+ * attrs. */+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.+ * key+ * handle */+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets+ * priv. key+ * handle */+);+#endif+++/* C_WrapKey wraps (i.e., encrypts) a key. */+CK_PKCS11_FUNCTION_INFO(C_WrapKey)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */+);+#endif+++/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new+ * key object. */+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */+ CK_ULONG ulAttributeCount, /* template length */+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */+);+#endif+++/* C_DeriveKey derives a key from a base key, creating a new key+ * object. */+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* session's handle */+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */+ CK_OBJECT_HANDLE hBaseKey, /* base key */+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */+ CK_ULONG ulAttributeCount, /* template length */+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */+);+#endif++++/* Random number generation */++/* C_SeedRandom mixes additional seed material into the token's+ * random number generator. */+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR pSeed, /* the seed material */+ CK_ULONG ulSeedLen /* length of seed material */+);+#endif+++/* C_GenerateRandom generates random data. */+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_BYTE_PTR RandomData, /* receives the random data */+ CK_ULONG ulRandomLen /* # of bytes to generate */+);+#endif++++/* Parallel function management */++/* C_GetFunctionStatus is a legacy function; it obtains an+ * updated status of a function running in parallel with an+ * application. */+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession /* the session's handle */+);+#endif+++/* C_CancelFunction is a legacy function; it cancels a function+ * running in parallel. */+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)+#ifdef CK_NEED_ARG_LIST+(+ CK_SESSION_HANDLE hSession /* the session's handle */+);+#endif++++/* Functions added in for Cryptoki Version 2.01 or later */++/* C_WaitForSlotEvent waits for a slot event (token insertion,+ * removal, etc.) to occur. */+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)+#ifdef CK_NEED_ARG_LIST+(+ CK_FLAGS flags, /* blocking/nonblocking flag */+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */+);+#endif
include/pkcs11t.h view
@@ -1,1885 +1,1789 @@-/* pkcs11t.h include file for PKCS #11. */ -/* $Revision: 1.10 $ */ - -/* License to copy and use this software is granted provided that it is - * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki)" in all material mentioning or referencing this software. - - * License is also granted to make and use derivative works provided that - * such works are identified as "derived from the RSA Security Inc. PKCS #11 - * Cryptographic Token Interface (Cryptoki)" in all material mentioning or - * referencing the derived work. - - * RSA Security Inc. makes no representations concerning either the - * merchantability of this software or the suitability of this software for - * any particular purpose. It is provided "as is" without express or implied - * warranty of any kind. - */ - -/* See top of pkcs11.h for information about the macros that - * must be defined and the structure-packing conventions that - * must be set before including this file. */ - -#ifndef _PKCS11T_H_ -#define _PKCS11T_H_ 1 - -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 20 -#define CRYPTOKI_VERSION_AMENDMENT 3 - -#define CK_TRUE 1 -#define CK_FALSE 0 - -#ifndef CK_DISABLE_TRUE_FALSE -#ifndef FALSE -#define FALSE CK_FALSE -#endif - -#ifndef TRUE -#define TRUE CK_TRUE -#endif -#endif - -/* an unsigned 8-bit value */ -typedef unsigned char CK_BYTE; - -/* an unsigned 8-bit character */ -typedef CK_BYTE CK_CHAR; - -/* an 8-bit UTF-8 character */ -typedef CK_BYTE CK_UTF8CHAR; - -/* a BYTE-sized Boolean flag */ -typedef CK_BYTE CK_BBOOL; - -/* an unsigned value, at least 32 bits long */ -typedef unsigned long int CK_ULONG; - -/* a signed value, the same size as a CK_ULONG */ -/* CK_LONG is new for v2.0 */ -typedef long int CK_LONG; - -/* at least 32 bits; each bit is a Boolean flag */ -typedef CK_ULONG CK_FLAGS; - - -/* some special values for certain CK_ULONG variables */ -#define CK_UNAVAILABLE_INFORMATION (~0UL) -#define CK_EFFECTIVELY_INFINITE 0 - - -typedef CK_BYTE CK_PTR CK_BYTE_PTR; -typedef CK_CHAR CK_PTR CK_CHAR_PTR; -typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; -typedef CK_ULONG CK_PTR CK_ULONG_PTR; -typedef void CK_PTR CK_VOID_PTR; - -/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ -typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; - - -/* The following value is always invalid if used as a session */ -/* handle or object handle */ -#define CK_INVALID_HANDLE 0 - - -typedef struct CK_VERSION { - CK_BYTE major; /* integer portion of version number */ - CK_BYTE minor; /* 1/100ths portion of version number */ -} CK_VERSION; - -typedef CK_VERSION CK_PTR CK_VERSION_PTR; - - -typedef struct CK_INFO { - /* manufacturerID and libraryDecription have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ - CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_FLAGS flags; /* must be zero */ - - /* libraryDescription and libraryVersion are new for v2.0 */ - CK_UTF8CHAR libraryDescription[32]; /* blank padded */ - CK_VERSION libraryVersion; /* version of library */ -} CK_INFO; - -typedef CK_INFO CK_PTR CK_INFO_PTR; - - -/* CK_NOTIFICATION enumerates the types of notifications that - * Cryptoki provides to an application */ -/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG - * for v2.0 */ -typedef CK_ULONG CK_NOTIFICATION; -#define CKN_SURRENDER 0 - -/* The following notification is new for PKCS #11 v2.20 amendment 3 */ -#define CKN_OTP_CHANGED 1 - - -typedef CK_ULONG CK_SLOT_ID; - -typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; - - -/* CK_SLOT_INFO provides information about a slot */ -typedef struct CK_SLOT_INFO { - /* slotDescription and manufacturerID have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ - CK_UTF8CHAR slotDescription[64]; /* blank padded */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_FLAGS flags; - - /* hardwareVersion and firmwareVersion are new for v2.0 */ - CK_VERSION hardwareVersion; /* version of hardware */ - CK_VERSION firmwareVersion; /* version of firmware */ -} CK_SLOT_INFO; - -/* flags: bit flags that provide capabilities of the slot - * Bit Flag Mask Meaning - */ -#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ -#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ -#define CKF_HW_SLOT 0x00000004 /* hardware slot */ - -typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; - - -/* CK_TOKEN_INFO provides information about a token */ -typedef struct CK_TOKEN_INFO { - /* label, manufacturerID, and model have been changed from - * CK_CHAR to CK_UTF8CHAR for v2.10 */ - CK_UTF8CHAR label[32]; /* blank padded */ - CK_UTF8CHAR manufacturerID[32]; /* blank padded */ - CK_UTF8CHAR model[16]; /* blank padded */ - CK_CHAR serialNumber[16]; /* blank padded */ - CK_FLAGS flags; /* see below */ - - /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, - * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been - * changed from CK_USHORT to CK_ULONG for v2.0 */ - CK_ULONG ulMaxSessionCount; /* max open sessions */ - CK_ULONG ulSessionCount; /* sess. now open */ - CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ - CK_ULONG ulRwSessionCount; /* R/W sess. now open */ - CK_ULONG ulMaxPinLen; /* in bytes */ - CK_ULONG ulMinPinLen; /* in bytes */ - CK_ULONG ulTotalPublicMemory; /* in bytes */ - CK_ULONG ulFreePublicMemory; /* in bytes */ - CK_ULONG ulTotalPrivateMemory; /* in bytes */ - CK_ULONG ulFreePrivateMemory; /* in bytes */ - - /* hardwareVersion, firmwareVersion, and time are new for - * v2.0 */ - CK_VERSION hardwareVersion; /* version of hardware */ - CK_VERSION firmwareVersion; /* version of firmware */ - CK_CHAR utcTime[16]; /* time */ -} CK_TOKEN_INFO; - -/* The flags parameter is defined as follows: - * Bit Flag Mask Meaning - */ -#define CKF_RNG 0x00000001 /* has random # - * generator */ -#define CKF_WRITE_PROTECTED 0x00000002 /* token is - * write- - * protected */ -#define CKF_LOGIN_REQUIRED 0x00000004 /* user must - * login */ -#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's - * PIN is set */ - -/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, - * that means that *every* time the state of cryptographic - * operations of a session is successfully saved, all keys - * needed to continue those operations are stored in the state */ -#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 - -/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means - * that the token has some sort of clock. The time on that - * clock is returned in the token info structure */ -#define CKF_CLOCK_ON_TOKEN 0x00000040 - -/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is - * set, that means that there is some way for the user to login - * without sending a PIN through the Cryptoki library itself */ -#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 - -/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, - * that means that a single session with the token can perform - * dual simultaneous cryptographic operations (digest and - * encrypt; decrypt and digest; sign and encrypt; and decrypt - * and sign) */ -#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 - -/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the - * token has been initialized using C_InitializeToken or an - * equivalent mechanism outside the scope of PKCS #11. - * Calling C_InitializeToken when this flag is set will cause - * the token to be reinitialized. */ -#define CKF_TOKEN_INITIALIZED 0x00000400 - -/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is - * true, the token supports secondary authentication for - * private key objects. This flag is deprecated in v2.11 and - onwards. */ -#define CKF_SECONDARY_AUTHENTICATION 0x00000800 - -/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an - * incorrect user login PIN has been entered at least once - * since the last successful authentication. */ -#define CKF_USER_PIN_COUNT_LOW 0x00010000 - -/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect user PIN will it to become locked. */ -#define CKF_USER_PIN_FINAL_TRY 0x00020000 - -/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the - * user PIN has been locked. User login to the token is not - * possible. */ -#define CKF_USER_PIN_LOCKED 0x00040000 - -/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, - * the user PIN value is the default value set by token - * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 - -/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an - * incorrect SO login PIN has been entered at least once since - * the last successful authentication. */ -#define CKF_SO_PIN_COUNT_LOW 0x00100000 - -/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, - * supplying an incorrect SO PIN will it to become locked. */ -#define CKF_SO_PIN_FINAL_TRY 0x00200000 - -/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO - * PIN has been locked. SO login to the token is not possible. - */ -#define CKF_SO_PIN_LOCKED 0x00400000 - -/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, - * the SO PIN value is the default value set by token - * initialization or manufacturing, or the PIN has been - * expired by the card. */ -#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 - -typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; - - -/* CK_SESSION_HANDLE is a Cryptoki-assigned value that - * identifies a session */ -typedef CK_ULONG CK_SESSION_HANDLE; - -typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; - - -/* CK_USER_TYPE enumerates the types of Cryptoki users */ -/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for - * v2.0 */ -typedef CK_ULONG CK_USER_TYPE; -/* Security Officer */ -#define CKU_SO 0 -/* Normal user */ -#define CKU_USER 1 -/* Context specific (added in v2.20) */ -#define CKU_CONTEXT_SPECIFIC 2 - -/* CK_STATE enumerates the session states */ -/* CK_STATE has been changed from an enum to a CK_ULONG for - * v2.0 */ -typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0 -#define CKS_RO_USER_FUNCTIONS 1 -#define CKS_RW_PUBLIC_SESSION 2 -#define CKS_RW_USER_FUNCTIONS 3 -#define CKS_RW_SO_FUNCTIONS 4 - - -/* CK_SESSION_INFO provides information about a session */ -typedef struct CK_SESSION_INFO { - CK_SLOT_ID slotID; - CK_STATE state; - CK_FLAGS flags; /* see below */ - - /* ulDeviceError was changed from CK_USHORT to CK_ULONG for - * v2.0 */ - CK_ULONG ulDeviceError; /* device-dependent error code */ -} CK_SESSION_INFO; - -/* The flags are defined in the following table: - * Bit Flag Mask Meaning - */ -#define CKF_RW_SESSION 0x00000002 /* session is r/w */ -#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ - -typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; - - -/* CK_OBJECT_HANDLE is a token-specific identifier for an - * object */ -typedef CK_ULONG CK_OBJECT_HANDLE; - -typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; - - -/* CK_OBJECT_CLASS is a value that identifies the classes (or - * types) of objects that Cryptoki recognizes. It is defined - * as follows: */ -/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for - * v2.0 */ -typedef CK_ULONG CK_OBJECT_CLASS; - -/* The following classes of objects are defined: */ -/* CKO_HW_FEATURE is new for v2.10 */ -/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ -/* CKO_MECHANISM is new for v2.20 */ -#define CKO_DATA 0x00000000 -#define CKO_CERTIFICATE 0x00000001 -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKO_SECRET_KEY 0x00000004 -#define CKO_HW_FEATURE 0x00000005 -#define CKO_DOMAIN_PARAMETERS 0x00000006 -#define CKO_MECHANISM 0x00000007 - -/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ -#define CKO_OTP_KEY 0x00000008 - -#define CKO_VENDOR_DEFINED 0x80000000 - -typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; - -/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a - * value that identifies the hardware feature type of an object - * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ -typedef CK_ULONG CK_HW_FEATURE_TYPE; - -/* The following hardware feature types are defined */ -/* CKH_USER_INTERFACE is new for v2.20 */ -#define CKH_MONOTONIC_COUNTER 0x00000001 -#define CKH_CLOCK 0x00000002 -#define CKH_USER_INTERFACE 0x00000003 -#define CKH_VENDOR_DEFINED 0x80000000 - -/* CK_KEY_TYPE is a value that identifies a key type */ -/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ -typedef CK_ULONG CK_KEY_TYPE; - -/* the following key types are defined: */ -#define CKK_RSA 0x00000000 -#define CKK_DSA 0x00000001 -#define CKK_DH 0x00000002 - -/* CKK_ECDSA and CKK_KEA are new for v2.0 */ -/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ -#define CKK_ECDSA 0x00000003 -#define CKK_EC 0x00000003 -#define CKK_X9_42_DH 0x00000004 -#define CKK_KEA 0x00000005 - -#define CKK_GENERIC_SECRET 0x00000010 -#define CKK_RC2 0x00000011 -#define CKK_RC4 0x00000012 -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -/* all these key types are new for v2.0 */ -#define CKK_CAST 0x00000016 -#define CKK_CAST3 0x00000017 -/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ -#define CKK_CAST5 0x00000018 -#define CKK_CAST128 0x00000018 -#define CKK_RC5 0x00000019 -#define CKK_IDEA 0x0000001A -#define CKK_SKIPJACK 0x0000001B -#define CKK_BATON 0x0000001C -#define CKK_JUNIPER 0x0000001D -#define CKK_CDMF 0x0000001E -#define CKK_AES 0x0000001F - -/* BlowFish and TwoFish are new for v2.20 */ -#define CKK_BLOWFISH 0x00000020 -#define CKK_TWOFISH 0x00000021 - -/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ -#define CKK_SECURID 0x00000022 -#define CKK_HOTP 0x00000023 -#define CKK_ACTI 0x00000024 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_CAMELLIA 0x00000025 -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKK_ARIA 0x00000026 - - -#define CKK_VENDOR_DEFINED 0x80000000 - - -/* CK_CERTIFICATE_TYPE is a value that identifies a certificate - * type */ -/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG - * for v2.0 */ -typedef CK_ULONG CK_CERTIFICATE_TYPE; - -/* The following certificate types are defined: */ -/* CKC_X_509_ATTR_CERT is new for v2.10 */ -/* CKC_WTLS is new for v2.20 */ -#define CKC_X_509 0x00000000 -#define CKC_X_509_ATTR_CERT 0x00000001 -#define CKC_WTLS 0x00000002 -#define CKC_VENDOR_DEFINED 0x80000000 - - -/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute - * type */ -/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ -typedef CK_ULONG CK_ATTRIBUTE_TYPE; - -/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which - consists of an array of values. */ -#define CKF_ARRAY_ATTRIBUTE 0x40000000 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_FORMAT attribute */ -#define CK_OTP_FORMAT_DECIMAL 0 -#define CK_OTP_FORMAT_HEXADECIMAL 1 -#define CK_OTP_FORMAT_ALPHANUMERIC 2 -#define CK_OTP_FORMAT_BINARY 3 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 - and relates to the CKA_OTP_..._REQUIREMENT attributes */ -#define CK_OTP_PARAM_IGNORED 0 -#define CK_OTP_PARAM_OPTIONAL 1 -#define CK_OTP_PARAM_MANDATORY 2 - -/* The following attribute types are defined: */ -#define CKA_CLASS 0x00000000 -#define CKA_TOKEN 0x00000001 -#define CKA_PRIVATE 0x00000002 -#define CKA_LABEL 0x00000003 -#define CKA_APPLICATION 0x00000010 -#define CKA_VALUE 0x00000011 - -/* CKA_OBJECT_ID is new for v2.10 */ -#define CKA_OBJECT_ID 0x00000012 - -#define CKA_CERTIFICATE_TYPE 0x00000080 -#define CKA_ISSUER 0x00000081 -#define CKA_SERIAL_NUMBER 0x00000082 - -/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new - * for v2.10 */ -#define CKA_AC_ISSUER 0x00000083 -#define CKA_OWNER 0x00000084 -#define CKA_ATTR_TYPES 0x00000085 - -/* CKA_TRUSTED is new for v2.11 */ -#define CKA_TRUSTED 0x00000086 - -/* CKA_CERTIFICATE_CATEGORY ... - * CKA_CHECK_VALUE are new for v2.20 */ -#define CKA_CERTIFICATE_CATEGORY 0x00000087 -#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 -#define CKA_URL 0x00000089 -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B -#define CKA_CHECK_VALUE 0x00000090 - -#define CKA_KEY_TYPE 0x00000100 -#define CKA_SUBJECT 0x00000101 -#define CKA_ID 0x00000102 -#define CKA_SENSITIVE 0x00000103 -#define CKA_ENCRYPT 0x00000104 -#define CKA_DECRYPT 0x00000105 -#define CKA_WRAP 0x00000106 -#define CKA_UNWRAP 0x00000107 -#define CKA_SIGN 0x00000108 -#define CKA_SIGN_RECOVER 0x00000109 -#define CKA_VERIFY 0x0000010A -#define CKA_VERIFY_RECOVER 0x0000010B -#define CKA_DERIVE 0x0000010C -#define CKA_START_DATE 0x00000110 -#define CKA_END_DATE 0x00000111 -#define CKA_MODULUS 0x00000120 -#define CKA_MODULUS_BITS 0x00000121 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 - -/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ -#define CKA_PRIME_BITS 0x00000133 -#define CKA_SUBPRIME_BITS 0x00000134 -#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS -/* (To retain backwards-compatibility) */ - -#define CKA_VALUE_BITS 0x00000160 -#define CKA_VALUE_LEN 0x00000161 - -/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, - * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, - * and CKA_EC_POINT are new for v2.0 */ -#define CKA_EXTRACTABLE 0x00000162 -#define CKA_LOCAL 0x00000163 -#define CKA_NEVER_EXTRACTABLE 0x00000164 -#define CKA_ALWAYS_SENSITIVE 0x00000165 - -/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ -#define CKA_KEY_GEN_MECHANISM 0x00000166 - -#define CKA_MODIFIABLE 0x00000170 - -/* CKA_ECDSA_PARAMS is deprecated in v2.11, - * CKA_EC_PARAMS is preferred. */ -#define CKA_ECDSA_PARAMS 0x00000180 -#define CKA_EC_PARAMS 0x00000180 - -#define CKA_EC_POINT 0x00000181 - -/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, - * are new for v2.10. Deprecated in v2.11 and onwards. */ -#define CKA_SECONDARY_AUTH 0x00000200 -#define CKA_AUTH_PIN_FLAGS 0x00000201 - -/* CKA_ALWAYS_AUTHENTICATE ... - * CKA_UNWRAP_TEMPLATE are new for v2.20 */ -#define CKA_ALWAYS_AUTHENTICATE 0x00000202 - -#define CKA_WRAP_WITH_TRUSTED 0x00000210 -#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211) -#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212) - -/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ -#define CKA_OTP_FORMAT 0x00000220 -#define CKA_OTP_LENGTH 0x00000221 -#define CKA_OTP_TIME_INTERVAL 0x00000222 -#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223 -#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224 -#define CKA_OTP_TIME_REQUIREMENT 0x00000225 -#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226 -#define CKA_OTP_PIN_REQUIREMENT 0x00000227 -#define CKA_OTP_COUNTER 0x0000022E -#define CKA_OTP_TIME 0x0000022F -#define CKA_OTP_USER_IDENTIFIER 0x0000022A -#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B -#define CKA_OTP_SERVICE_LOGO 0x0000022C -#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D - - -/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET - * are new for v2.10 */ -#define CKA_HW_FEATURE_TYPE 0x00000300 -#define CKA_RESET_ON_INIT 0x00000301 -#define CKA_HAS_RESET 0x00000302 - -/* The following attributes are new for v2.20 */ -#define CKA_PIXEL_X 0x00000400 -#define CKA_PIXEL_Y 0x00000401 -#define CKA_RESOLUTION 0x00000402 -#define CKA_CHAR_ROWS 0x00000403 -#define CKA_CHAR_COLUMNS 0x00000404 -#define CKA_COLOR 0x00000405 -#define CKA_BITS_PER_PIXEL 0x00000406 -#define CKA_CHAR_SETS 0x00000480 -#define CKA_ENCODING_METHODS 0x00000481 -#define CKA_MIME_TYPES 0x00000482 -#define CKA_MECHANISM_TYPE 0x00000500 -#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 -#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 -#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 -#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600) - -#define CKA_VENDOR_DEFINED 0x80000000 - -/* CK_ATTRIBUTE is a structure that includes the type, length - * and value of an attribute */ -typedef struct CK_ATTRIBUTE { - CK_ATTRIBUTE_TYPE type; - CK_VOID_PTR pValue; - - /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ - CK_ULONG ulValueLen; /* in bytes */ -} CK_ATTRIBUTE; - -typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; - - -/* CK_DATE is a structure that defines a date */ -typedef struct CK_DATE{ - CK_CHAR year[4]; /* the year ("1900" - "9999") */ - CK_CHAR month[2]; /* the month ("01" - "12") */ - CK_CHAR day[2]; /* the day ("01" - "31") */ -} CK_DATE; - - -/* CK_MECHANISM_TYPE is a value that identifies a mechanism - * type */ -/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for - * v2.0 */ -typedef CK_ULONG CK_MECHANISM_TYPE; - -/* the following mechanism types are defined: */ -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 -#define CKM_RSA_PKCS 0x00000001 -#define CKM_RSA_9796 0x00000002 -#define CKM_RSA_X_509 0x00000003 - -/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS - * are new for v2.0. They are mechanisms which hash and sign */ -#define CKM_MD2_RSA_PKCS 0x00000004 -#define CKM_MD5_RSA_PKCS 0x00000005 -#define CKM_SHA1_RSA_PKCS 0x00000006 - -/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and - * CKM_RSA_PKCS_OAEP are new for v2.10 */ -#define CKM_RIPEMD128_RSA_PKCS 0x00000007 -#define CKM_RIPEMD160_RSA_PKCS 0x00000008 -#define CKM_RSA_PKCS_OAEP 0x00000009 - -/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, - * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A -#define CKM_RSA_X9_31 0x0000000B -#define CKM_SHA1_RSA_X9_31 0x0000000C -#define CKM_RSA_PKCS_PSS 0x0000000D -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E - -#define CKM_DSA_KEY_PAIR_GEN 0x00000010 -#define CKM_DSA 0x00000011 -#define CKM_DSA_SHA1 0x00000012 -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 -#define CKM_DH_PKCS_DERIVE 0x00000021 - -/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, - * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for - * v2.11 */ -#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 -#define CKM_X9_42_DH_DERIVE 0x00000031 -#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 -#define CKM_X9_42_MQV_DERIVE 0x00000033 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_RSA_PKCS 0x00000040 -#define CKM_SHA384_RSA_PKCS 0x00000041 -#define CKM_SHA512_RSA_PKCS 0x00000042 -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 - -/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 - -#define CKM_RC2_KEY_GEN 0x00000100 -#define CKM_RC2_ECB 0x00000101 -#define CKM_RC2_CBC 0x00000102 -#define CKM_RC2_MAC 0x00000103 - -/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ -#define CKM_RC2_MAC_GENERAL 0x00000104 -#define CKM_RC2_CBC_PAD 0x00000105 - -#define CKM_RC4_KEY_GEN 0x00000110 -#define CKM_RC4 0x00000111 -#define CKM_DES_KEY_GEN 0x00000120 -#define CKM_DES_ECB 0x00000121 -#define CKM_DES_CBC 0x00000122 -#define CKM_DES_MAC 0x00000123 - -/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ -#define CKM_DES_MAC_GENERAL 0x00000124 -#define CKM_DES_CBC_PAD 0x00000125 - -#define CKM_DES2_KEY_GEN 0x00000130 -#define CKM_DES3_KEY_GEN 0x00000131 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_DES3_MAC 0x00000134 - -/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, - * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, - * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ -#define CKM_DES3_MAC_GENERAL 0x00000135 -#define CKM_DES3_CBC_PAD 0x00000136 -#define CKM_CDMF_KEY_GEN 0x00000140 -#define CKM_CDMF_ECB 0x00000141 -#define CKM_CDMF_CBC 0x00000142 -#define CKM_CDMF_MAC 0x00000143 -#define CKM_CDMF_MAC_GENERAL 0x00000144 -#define CKM_CDMF_CBC_PAD 0x00000145 - -/* the following four DES mechanisms are new for v2.20 */ -#define CKM_DES_OFB64 0x00000150 -#define CKM_DES_OFB8 0x00000151 -#define CKM_DES_CFB64 0x00000152 -#define CKM_DES_CFB8 0x00000153 - -#define CKM_MD2 0x00000200 - -/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD2_HMAC 0x00000201 -#define CKM_MD2_HMAC_GENERAL 0x00000202 - -#define CKM_MD5 0x00000210 - -/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ -#define CKM_MD5_HMAC 0x00000211 -#define CKM_MD5_HMAC_GENERAL 0x00000212 - -#define CKM_SHA_1 0x00000220 - -/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ -#define CKM_SHA_1_HMAC 0x00000221 -#define CKM_SHA_1_HMAC_GENERAL 0x00000222 - -/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, - * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, - * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ -#define CKM_RIPEMD128 0x00000230 -#define CKM_RIPEMD128_HMAC 0x00000231 -#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 -#define CKM_RIPEMD160 0x00000240 -#define CKM_RIPEMD160_HMAC 0x00000241 -#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256 0x00000250 -#define CKM_SHA256_HMAC 0x00000251 -#define CKM_SHA256_HMAC_GENERAL 0x00000252 - -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA224_HMAC_GENERAL 0x00000257 - -#define CKM_SHA384 0x00000260 -#define CKM_SHA384_HMAC 0x00000261 -#define CKM_SHA384_HMAC_GENERAL 0x00000262 -#define CKM_SHA512 0x00000270 -#define CKM_SHA512_HMAC 0x00000271 -#define CKM_SHA512_HMAC_GENERAL 0x00000272 - -/* SecurID is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_SECURID_KEY_GEN 0x00000280 -#define CKM_SECURID 0x00000282 - -/* HOTP is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_HOTP_KEY_GEN 0x00000290 -#define CKM_HOTP 0x00000291 - -/* ACTI is new for PKCS #11 v2.20 amendment 1 */ -#define CKM_ACTI 0x000002A0 -#define CKM_ACTI_KEY_GEN 0x000002A1 - -/* All of the following mechanisms are new for v2.0 */ -/* Note that CAST128 and CAST5 are the same algorithm */ -#define CKM_CAST_KEY_GEN 0x00000300 -#define CKM_CAST_ECB 0x00000301 -#define CKM_CAST_CBC 0x00000302 -#define CKM_CAST_MAC 0x00000303 -#define CKM_CAST_MAC_GENERAL 0x00000304 -#define CKM_CAST_CBC_PAD 0x00000305 -#define CKM_CAST3_KEY_GEN 0x00000310 -#define CKM_CAST3_ECB 0x00000311 -#define CKM_CAST3_CBC 0x00000312 -#define CKM_CAST3_MAC 0x00000313 -#define CKM_CAST3_MAC_GENERAL 0x00000314 -#define CKM_CAST3_CBC_PAD 0x00000315 -#define CKM_CAST5_KEY_GEN 0x00000320 -#define CKM_CAST128_KEY_GEN 0x00000320 -#define CKM_CAST5_ECB 0x00000321 -#define CKM_CAST128_ECB 0x00000321 -#define CKM_CAST5_CBC 0x00000322 -#define CKM_CAST128_CBC 0x00000322 -#define CKM_CAST5_MAC 0x00000323 -#define CKM_CAST128_MAC 0x00000323 -#define CKM_CAST5_MAC_GENERAL 0x00000324 -#define CKM_CAST128_MAC_GENERAL 0x00000324 -#define CKM_CAST5_CBC_PAD 0x00000325 -#define CKM_CAST128_CBC_PAD 0x00000325 -#define CKM_RC5_KEY_GEN 0x00000330 -#define CKM_RC5_ECB 0x00000331 -#define CKM_RC5_CBC 0x00000332 -#define CKM_RC5_MAC 0x00000333 -#define CKM_RC5_MAC_GENERAL 0x00000334 -#define CKM_RC5_CBC_PAD 0x00000335 -#define CKM_IDEA_KEY_GEN 0x00000340 -#define CKM_IDEA_ECB 0x00000341 -#define CKM_IDEA_CBC 0x00000342 -#define CKM_IDEA_MAC 0x00000343 -#define CKM_IDEA_MAC_GENERAL 0x00000344 -#define CKM_IDEA_CBC_PAD 0x00000345 -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 -#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 -#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 -#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 -#define CKM_XOR_BASE_AND_DATA 0x00000364 -#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 -#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 -#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 -#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 - -/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, - * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and - * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ -#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 -#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 -#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 -#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 -#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 - -/* CKM_TLS_PRF is new for v2.20 */ -#define CKM_TLS_PRF 0x00000378 - -#define CKM_SSL3_MD5_MAC 0x00000380 -#define CKM_SSL3_SHA1_MAC 0x00000381 -#define CKM_MD5_KEY_DERIVATION 0x00000390 -#define CKM_MD2_KEY_DERIVATION 0x00000391 -#define CKM_SHA1_KEY_DERIVATION 0x00000392 - -/* CKM_SHA256/384/512 are new for v2.20 */ -#define CKM_SHA256_KEY_DERIVATION 0x00000393 -#define CKM_SHA384_KEY_DERIVATION 0x00000394 -#define CKM_SHA512_KEY_DERIVATION 0x00000395 - -/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_SHA224_KEY_DERIVATION 0x00000396 - -#define CKM_PBE_MD2_DES_CBC 0x000003A0 -#define CKM_PBE_MD5_DES_CBC 0x000003A1 -#define CKM_PBE_MD5_CAST_CBC 0x000003A2 -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3 -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4 -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4 -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 -#define CKM_PBE_SHA1_RC4_128 0x000003A6 -#define CKM_PBE_SHA1_RC4_40 0x000003A7 -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB - -/* CKM_PKCS5_PBKD2 is new for v2.10 */ -#define CKM_PKCS5_PBKD2 0x000003B0 - -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 - -/* WTLS mechanisms are new for v2.20 */ -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 -#define CKM_WTLS_PRF 0x000003D3 -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 - -#define CKM_KEY_WRAP_LYNKS 0x00000400 -#define CKM_KEY_WRAP_SET_OAEP 0x00000401 - -/* CKM_CMS_SIG is new for v2.20 */ -#define CKM_CMS_SIG 0x00000500 - -/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ -#define CKM_KIP_DERIVE 0x00000510 -#define CKM_KIP_WRAP 0x00000511 -#define CKM_KIP_MAC 0x00000512 - -/* Camellia is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_CAMELLIA_KEY_GEN 0x00000550 -#define CKM_CAMELLIA_ECB 0x00000551 -#define CKM_CAMELLIA_CBC 0x00000552 -#define CKM_CAMELLIA_MAC 0x00000553 -#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 -#define CKM_CAMELLIA_CBC_PAD 0x00000555 -#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 -#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 -#define CKM_CAMELLIA_CTR 0x00000558 - -/* ARIA is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_ARIA_KEY_GEN 0x00000560 -#define CKM_ARIA_ECB 0x00000561 -#define CKM_ARIA_CBC 0x00000562 -#define CKM_ARIA_MAC 0x00000563 -#define CKM_ARIA_MAC_GENERAL 0x00000564 -#define CKM_ARIA_CBC_PAD 0x00000565 -#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566 -#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567 - -/* Fortezza mechanisms */ -#define CKM_SKIPJACK_KEY_GEN 0x00001000 -#define CKM_SKIPJACK_ECB64 0x00001001 -#define CKM_SKIPJACK_CBC64 0x00001002 -#define CKM_SKIPJACK_OFB64 0x00001003 -#define CKM_SKIPJACK_CFB64 0x00001004 -#define CKM_SKIPJACK_CFB32 0x00001005 -#define CKM_SKIPJACK_CFB16 0x00001006 -#define CKM_SKIPJACK_CFB8 0x00001007 -#define CKM_SKIPJACK_WRAP 0x00001008 -#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 -#define CKM_SKIPJACK_RELAYX 0x0000100a -#define CKM_KEA_KEY_PAIR_GEN 0x00001010 -#define CKM_KEA_KEY_DERIVE 0x00001011 -#define CKM_FORTEZZA_TIMESTAMP 0x00001020 -#define CKM_BATON_KEY_GEN 0x00001030 -#define CKM_BATON_ECB128 0x00001031 -#define CKM_BATON_ECB96 0x00001032 -#define CKM_BATON_CBC128 0x00001033 -#define CKM_BATON_COUNTER 0x00001034 -#define CKM_BATON_SHUFFLE 0x00001035 -#define CKM_BATON_WRAP 0x00001036 - -/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, - * CKM_EC_KEY_PAIR_GEN is preferred */ -#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 -#define CKM_EC_KEY_PAIR_GEN 0x00001040 - -#define CKM_ECDSA 0x00001041 -#define CKM_ECDSA_SHA1 0x00001042 - -/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ -#define CKM_ECDH1_DERIVE 0x00001050 -#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 -#define CKM_ECMQV_DERIVE 0x00001052 - -#define CKM_JUNIPER_KEY_GEN 0x00001060 -#define CKM_JUNIPER_ECB128 0x00001061 -#define CKM_JUNIPER_CBC128 0x00001062 -#define CKM_JUNIPER_COUNTER 0x00001063 -#define CKM_JUNIPER_SHUFFLE 0x00001064 -#define CKM_JUNIPER_WRAP 0x00001065 -#define CKM_FASTHASH 0x00001070 - -/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, - * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, - * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are - * new for v2.11 */ -#define CKM_AES_KEY_GEN 0x00001080 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 -#define CKM_AES_MAC 0x00001083 -#define CKM_AES_MAC_GENERAL 0x00001084 -#define CKM_AES_CBC_PAD 0x00001085 - -/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ -#define CKM_AES_CTR 0x00001086 - -/* BlowFish and TwoFish are new for v2.20 */ -#define CKM_BLOWFISH_KEY_GEN 0x00001090 -#define CKM_BLOWFISH_CBC 0x00001091 -#define CKM_TWOFISH_KEY_GEN 0x00001092 -#define CKM_TWOFISH_CBC 0x00001093 - - -/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ -#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 -#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 -#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 -#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 -#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 -#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 - -#define CKM_DSA_PARAMETER_GEN 0x00002000 -#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 -#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 - -#define CKM_VENDOR_DEFINED 0x80000000 - -typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; - - -/* CK_MECHANISM is a structure that specifies a particular - * mechanism */ -typedef struct CK_MECHANISM { - CK_MECHANISM_TYPE mechanism; - CK_VOID_PTR pParameter; - - /* ulParameterLen was changed from CK_USHORT to CK_ULONG for - * v2.0 */ - CK_ULONG ulParameterLen; /* in bytes */ -} CK_MECHANISM; - -typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; - - -/* CK_MECHANISM_INFO provides information about a particular - * mechanism */ -typedef struct CK_MECHANISM_INFO { - CK_ULONG ulMinKeySize; - CK_ULONG ulMaxKeySize; - CK_FLAGS flags; -} CK_MECHANISM_INFO; - -/* The flags are defined as follows: - * Bit Flag Mask Meaning */ -#define CKF_HW 0x00000001 /* performed by HW */ - -/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, - * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, - * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, - * and CKF_DERIVE are new for v2.0. They specify whether or not - * a mechanism can be used for a particular task */ -#define CKF_ENCRYPT 0x00000100 -#define CKF_DECRYPT 0x00000200 -#define CKF_DIGEST 0x00000400 -#define CKF_SIGN 0x00000800 -#define CKF_SIGN_RECOVER 0x00001000 -#define CKF_VERIFY 0x00002000 -#define CKF_VERIFY_RECOVER 0x00004000 -#define CKF_GENERATE 0x00008000 -#define CKF_GENERATE_KEY_PAIR 0x00010000 -#define CKF_WRAP 0x00020000 -#define CKF_UNWRAP 0x00040000 -#define CKF_DERIVE 0x00080000 - -/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, - * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They - * describe a token's EC capabilities not available in mechanism - * information. */ -#define CKF_EC_F_P 0x00100000 -#define CKF_EC_F_2M 0x00200000 -#define CKF_EC_ECPARAMETERS 0x00400000 -#define CKF_EC_NAMEDCURVE 0x00800000 -#define CKF_EC_UNCOMPRESS 0x01000000 -#define CKF_EC_COMPRESS 0x02000000 - -#define CKF_EXTENSION 0x80000000 /* FALSE for this version */ - -typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; - - -/* CK_RV is a value that identifies the return value of a - * Cryptoki function */ -/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ -typedef CK_ULONG CK_RV; - -#define CKR_OK 0x00000000 -#define CKR_CANCEL 0x00000001 -#define CKR_HOST_MEMORY 0x00000002 -#define CKR_SLOT_ID_INVALID 0x00000003 - -/* CKR_FLAGS_INVALID was removed for v2.0 */ - -/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ -#define CKR_GENERAL_ERROR 0x00000005 -#define CKR_FUNCTION_FAILED 0x00000006 - -/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, - * and CKR_CANT_LOCK are new for v2.01 */ -#define CKR_ARGUMENTS_BAD 0x00000007 -#define CKR_NO_EVENT 0x00000008 -#define CKR_NEED_TO_CREATE_THREADS 0x00000009 -#define CKR_CANT_LOCK 0x0000000A - -#define CKR_ATTRIBUTE_READ_ONLY 0x00000010 -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 -#define CKR_DATA_INVALID 0x00000020 -#define CKR_DATA_LEN_RANGE 0x00000021 -#define CKR_DEVICE_ERROR 0x00000030 -#define CKR_DEVICE_MEMORY 0x00000031 -#define CKR_DEVICE_REMOVED 0x00000032 -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 -#define CKR_FUNCTION_CANCELED 0x00000050 -#define CKR_FUNCTION_NOT_PARALLEL 0x00000051 - -/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ -#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 - -#define CKR_KEY_HANDLE_INVALID 0x00000060 - -/* CKR_KEY_SENSITIVE was removed for v2.0 */ - -#define CKR_KEY_SIZE_RANGE 0x00000062 -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 - -/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, - * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, - * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for - * v2.0 */ -#define CKR_KEY_NOT_NEEDED 0x00000064 -#define CKR_KEY_CHANGED 0x00000065 -#define CKR_KEY_NEEDED 0x00000066 -#define CKR_KEY_INDIGESTIBLE 0x00000067 -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 -#define CKR_KEY_NOT_WRAPPABLE 0x00000069 -#define CKR_KEY_UNEXTRACTABLE 0x0000006A - -#define CKR_MECHANISM_INVALID 0x00000070 -#define CKR_MECHANISM_PARAM_INVALID 0x00000071 - -/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID - * were removed for v2.0 */ -#define CKR_OBJECT_HANDLE_INVALID 0x00000082 -#define CKR_OPERATION_ACTIVE 0x00000090 -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 -#define CKR_PIN_INCORRECT 0x000000A0 -#define CKR_PIN_INVALID 0x000000A1 -#define CKR_PIN_LEN_RANGE 0x000000A2 - -/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ -#define CKR_PIN_EXPIRED 0x000000A3 -#define CKR_PIN_LOCKED 0x000000A4 - -#define CKR_SESSION_CLOSED 0x000000B0 -#define CKR_SESSION_COUNT 0x000000B1 -#define CKR_SESSION_HANDLE_INVALID 0x000000B3 -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 -#define CKR_SESSION_READ_ONLY 0x000000B5 -#define CKR_SESSION_EXISTS 0x000000B6 - -/* CKR_SESSION_READ_ONLY_EXISTS and - * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ -#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 -#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 - -#define CKR_SIGNATURE_INVALID 0x000000C0 -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 -#define CKR_TOKEN_NOT_PRESENT 0x000000E0 -#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 -#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 -#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 -#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 -#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 -#define CKR_USER_NOT_LOGGED_IN 0x00000101 -#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 -#define CKR_USER_TYPE_INVALID 0x00000103 - -/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES - * are new to v2.01 */ -#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 -#define CKR_USER_TOO_MANY_TYPES 0x00000105 - -#define CKR_WRAPPED_KEY_INVALID 0x00000110 -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 -#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 -#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 - -/* These are new to v2.0 */ -#define CKR_RANDOM_NO_RNG 0x00000121 - -/* These are new to v2.11 */ -#define CKR_DOMAIN_PARAMS_INVALID 0x00000130 - -/* These are new to v2.0 */ -#define CKR_BUFFER_TOO_SMALL 0x00000150 -#define CKR_SAVED_STATE_INVALID 0x00000160 -#define CKR_INFORMATION_SENSITIVE 0x00000170 -#define CKR_STATE_UNSAVEABLE 0x00000180 - -/* These are new to v2.01 */ -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 -#define CKR_MUTEX_BAD 0x000001A0 -#define CKR_MUTEX_NOT_LOCKED 0x000001A1 - -/* The following return values are new for PKCS #11 v2.20 amendment 3 */ -#define CKR_NEW_PIN_MODE 0x000001B0 -#define CKR_NEXT_OTP 0x000001B1 - -/* This is new to v2.20 */ -#define CKR_FUNCTION_REJECTED 0x00000200 - -#define CKR_VENDOR_DEFINED 0x80000000 - - -/* CK_NOTIFY is an application callback that processes events */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( - CK_SESSION_HANDLE hSession, /* the session's handle */ - CK_NOTIFICATION event, - CK_VOID_PTR pApplication /* passed to C_OpenSession */ -); - - -/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec - * version and pointers of appropriate types to all the - * Cryptoki functions */ -/* CK_FUNCTION_LIST is new for v2.0 */ -typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; - -typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; - -typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; - - -/* CK_CREATEMUTEX is an application callback for creating a - * mutex object */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( - CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ -); - - -/* CK_DESTROYMUTEX is an application callback for destroying a - * mutex object */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_LOCKMUTEX is an application callback for locking a mutex */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_UNLOCKMUTEX is an application callback for unlocking a - * mutex */ -typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( - CK_VOID_PTR pMutex /* pointer to mutex */ -); - - -/* CK_C_INITIALIZE_ARGS provides the optional arguments to - * C_Initialize */ -typedef struct CK_C_INITIALIZE_ARGS { - CK_CREATEMUTEX CreateMutex; - CK_DESTROYMUTEX DestroyMutex; - CK_LOCKMUTEX LockMutex; - CK_UNLOCKMUTEX UnlockMutex; - CK_FLAGS flags; - CK_VOID_PTR pReserved; -} CK_C_INITIALIZE_ARGS; - -/* flags: bit flags that provide capabilities of the slot - * Bit Flag Mask Meaning - */ -#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 -#define CKF_OS_LOCKING_OK 0x00000002 - -typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; - - -/* additional flags for parameters to functions */ - -/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ -#define CKF_DONT_BLOCK 1 - -/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message - * Generation Function (MGF) applied to a message block when - * formatting a message block for the PKCS #1 OAEP encryption - * scheme. */ -typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; - -typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; - -/* The following MGFs are defined */ -/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 - * are new for v2.20 */ -#define CKG_MGF1_SHA1 0x00000001 -#define CKG_MGF1_SHA256 0x00000002 -#define CKG_MGF1_SHA384 0x00000003 -#define CKG_MGF1_SHA512 0x00000004 -/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ -#define CKG_MGF1_SHA224 0x00000005 - -/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. - * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source - * of the encoding parameter when formatting a message block - * for the PKCS #1 OAEP encryption scheme. */ -typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; - -typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; - -/* The following encoding parameter sources are defined */ -#define CKZ_DATA_SPECIFIED 0x00000001 - -/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. - * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the - * CKM_RSA_PKCS_OAEP mechanism. */ -typedef struct CK_RSA_PKCS_OAEP_PARAMS { - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_RSA_PKCS_OAEP_SOURCE_TYPE source; - CK_VOID_PTR pSourceData; - CK_ULONG ulSourceDataLen; -} CK_RSA_PKCS_OAEP_PARAMS; - -typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; - -/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. - * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the - * CKM_RSA_PKCS_PSS mechanism(s). */ -typedef struct CK_RSA_PKCS_PSS_PARAMS { - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_ULONG sLen; -} CK_RSA_PKCS_PSS_PARAMS; - -typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; - -/* CK_EC_KDF_TYPE is new for v2.11. */ -typedef CK_ULONG CK_EC_KDF_TYPE; - -/* The following EC Key Derivation Functions are defined */ -#define CKD_NULL 0x00000001 -#define CKD_SHA1_KDF 0x00000002 - -/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. - * CK_ECDH1_DERIVE_PARAMS provides the parameters to the - * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, - * where each party contributes one key pair. - */ -typedef struct CK_ECDH1_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_ECDH1_DERIVE_PARAMS; - -typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; - - -/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. - * CK_ECDH2_DERIVE_PARAMS provides the parameters to the - * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ -typedef struct CK_ECDH2_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; -} CK_ECDH2_DERIVE_PARAMS; - -typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; - -typedef struct CK_ECMQV_DERIVE_PARAMS { - CK_EC_KDF_TYPE kdf; - CK_ULONG ulSharedDataLen; - CK_BYTE_PTR pSharedData; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; - CK_OBJECT_HANDLE publicKey; -} CK_ECMQV_DERIVE_PARAMS; - -typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; - -/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ -typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; -typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; - -/* The following X9.42 DH key derivation functions are defined - (besides CKD_NULL already defined : */ -#define CKD_SHA1_KDF_ASN1 0x00000003 -#define CKD_SHA1_KDF_CONCATENATE 0x00000004 - -/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the - * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party - * contributes one key pair */ -typedef struct CK_X9_42_DH1_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_X9_42_DH1_DERIVE_PARAMS; - -typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; - -/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. - * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the - * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation - * mechanisms, where each party contributes two key pairs */ -typedef struct CK_X9_42_DH2_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; -} CK_X9_42_DH2_DERIVE_PARAMS; - -typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; - -typedef struct CK_X9_42_MQV_DERIVE_PARAMS { - CK_X9_42_DH_KDF_TYPE kdf; - CK_ULONG ulOtherInfoLen; - CK_BYTE_PTR pOtherInfo; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPrivateDataLen; - CK_OBJECT_HANDLE hPrivateData; - CK_ULONG ulPublicDataLen2; - CK_BYTE_PTR pPublicData2; - CK_OBJECT_HANDLE publicKey; -} CK_X9_42_MQV_DERIVE_PARAMS; - -typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; - -/* CK_KEA_DERIVE_PARAMS provides the parameters to the - * CKM_KEA_DERIVE mechanism */ -/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ -typedef struct CK_KEA_DERIVE_PARAMS { - CK_BBOOL isSender; - CK_ULONG ulRandomLen; - CK_BYTE_PTR pRandomA; - CK_BYTE_PTR pRandomB; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; -} CK_KEA_DERIVE_PARAMS; - -typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; - - -/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and - * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just - * holds the effective keysize */ -typedef CK_ULONG CK_RC2_PARAMS; - -typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; - - -/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC - * mechanism */ -typedef struct CK_RC2_CBC_PARAMS { - /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for - * v2.0 */ - CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - - CK_BYTE iv[8]; /* IV for CBC mode */ -} CK_RC2_CBC_PARAMS; - -typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; - - -/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC2_MAC_GENERAL mechanism */ -/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ -typedef struct CK_RC2_MAC_GENERAL_PARAMS { - CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ - CK_ULONG ulMacLength; /* Length of MAC in bytes */ -} CK_RC2_MAC_GENERAL_PARAMS; - -typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ - CK_RC2_MAC_GENERAL_PARAMS_PTR; - - -/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and - * CKM_RC5_MAC mechanisms */ -/* CK_RC5_PARAMS is new for v2.0 */ -typedef struct CK_RC5_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ -} CK_RC5_PARAMS; - -typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; - - -/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC - * mechanism */ -/* CK_RC5_CBC_PARAMS is new for v2.0 */ -typedef struct CK_RC5_CBC_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ - CK_BYTE_PTR pIv; /* pointer to IV */ - CK_ULONG ulIvLen; /* length of IV in bytes */ -} CK_RC5_CBC_PARAMS; - -typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; - - -/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the - * CKM_RC5_MAC_GENERAL mechanism */ -/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ -typedef struct CK_RC5_MAC_GENERAL_PARAMS { - CK_ULONG ulWordsize; /* wordsize in bits */ - CK_ULONG ulRounds; /* number of rounds */ - CK_ULONG ulMacLength; /* Length of MAC in bytes */ -} CK_RC5_MAC_GENERAL_PARAMS; - -typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ - CK_RC5_MAC_GENERAL_PARAMS_PTR; - - -/* CK_MAC_GENERAL_PARAMS provides the parameters to most block - * ciphers' MAC_GENERAL mechanisms. Its value is the length of - * the MAC */ -/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ -typedef CK_ULONG CK_MAC_GENERAL_PARAMS; - -typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; - -/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ -typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[8]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_DES_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; - -typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_AES_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; - -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the - * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ -/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ -typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { - CK_ULONG ulPasswordLen; - CK_BYTE_PTR pPassword; - CK_ULONG ulPublicDataLen; - CK_BYTE_PTR pPublicData; - CK_ULONG ulPAndGLen; - CK_ULONG ulQLen; - CK_ULONG ulRandomLen; - CK_BYTE_PTR pRandomA; - CK_BYTE_PTR pPrimeP; - CK_BYTE_PTR pBaseG; - CK_BYTE_PTR pSubprimeQ; -} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; - -typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ - CK_SKIPJACK_PRIVATE_WRAP_PTR; - - -/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the - * CKM_SKIPJACK_RELAYX mechanism */ -/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ -typedef struct CK_SKIPJACK_RELAYX_PARAMS { - CK_ULONG ulOldWrappedXLen; - CK_BYTE_PTR pOldWrappedX; - CK_ULONG ulOldPasswordLen; - CK_BYTE_PTR pOldPassword; - CK_ULONG ulOldPublicDataLen; - CK_BYTE_PTR pOldPublicData; - CK_ULONG ulOldRandomLen; - CK_BYTE_PTR pOldRandomA; - CK_ULONG ulNewPasswordLen; - CK_BYTE_PTR pNewPassword; - CK_ULONG ulNewPublicDataLen; - CK_BYTE_PTR pNewPublicData; - CK_ULONG ulNewRandomLen; - CK_BYTE_PTR pNewRandomA; -} CK_SKIPJACK_RELAYX_PARAMS; - -typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \ - CK_SKIPJACK_RELAYX_PARAMS_PTR; - - -typedef struct CK_PBE_PARAMS { - CK_BYTE_PTR pInitVector; - CK_UTF8CHAR_PTR pPassword; - CK_ULONG ulPasswordLen; - CK_BYTE_PTR pSalt; - CK_ULONG ulSaltLen; - CK_ULONG ulIteration; -} CK_PBE_PARAMS; - -typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; - - -/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the - * CKM_KEY_WRAP_SET_OAEP mechanism */ -/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ -typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { - CK_BYTE bBC; /* block contents byte */ - CK_BYTE_PTR pX; /* extra data */ - CK_ULONG ulXLen; /* length of extra data in bytes */ -} CK_KEY_WRAP_SET_OAEP_PARAMS; - -typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \ - CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; - - -typedef struct CK_SSL3_RANDOM_DATA { - CK_BYTE_PTR pClientRandom; - CK_ULONG ulClientRandomLen; - CK_BYTE_PTR pServerRandom; - CK_ULONG ulServerRandomLen; -} CK_SSL3_RANDOM_DATA; - - -typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { - CK_SSL3_RANDOM_DATA RandomInfo; - CK_VERSION_PTR pVersion; -} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; - -typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; - - -typedef struct CK_SSL3_KEY_MAT_OUT { - CK_OBJECT_HANDLE hClientMacSecret; - CK_OBJECT_HANDLE hServerMacSecret; - CK_OBJECT_HANDLE hClientKey; - CK_OBJECT_HANDLE hServerKey; - CK_BYTE_PTR pIVClient; - CK_BYTE_PTR pIVServer; -} CK_SSL3_KEY_MAT_OUT; - -typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; - - -typedef struct CK_SSL3_KEY_MAT_PARAMS { - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_BBOOL bIsExport; - CK_SSL3_RANDOM_DATA RandomInfo; - CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -} CK_SSL3_KEY_MAT_PARAMS; - -typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; - -/* CK_TLS_PRF_PARAMS is new for version 2.20 */ -typedef struct CK_TLS_PRF_PARAMS { - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLen; - CK_BYTE_PTR pOutput; - CK_ULONG_PTR pulOutputLen; -} CK_TLS_PRF_PARAMS; - -typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; - -/* WTLS is new for version 2.20 */ -typedef struct CK_WTLS_RANDOM_DATA { - CK_BYTE_PTR pClientRandom; - CK_ULONG ulClientRandomLen; - CK_BYTE_PTR pServerRandom; - CK_ULONG ulServerRandomLen; -} CK_WTLS_RANDOM_DATA; - -typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; - -typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_WTLS_RANDOM_DATA RandomInfo; - CK_BYTE_PTR pVersion; -} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; - -typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \ - CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; - -typedef struct CK_WTLS_PRF_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; - CK_BYTE_PTR pLabel; - CK_ULONG ulLabelLen; - CK_BYTE_PTR pOutput; - CK_ULONG_PTR pulOutputLen; -} CK_WTLS_PRF_PARAMS; - -typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; - -typedef struct CK_WTLS_KEY_MAT_OUT { - CK_OBJECT_HANDLE hMacSecret; - CK_OBJECT_HANDLE hKey; - CK_BYTE_PTR pIV; -} CK_WTLS_KEY_MAT_OUT; - -typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; - -typedef struct CK_WTLS_KEY_MAT_PARAMS { - CK_MECHANISM_TYPE DigestMechanism; - CK_ULONG ulMacSizeInBits; - CK_ULONG ulKeySizeInBits; - CK_ULONG ulIVSizeInBits; - CK_ULONG ulSequenceNumber; - CK_BBOOL bIsExport; - CK_WTLS_RANDOM_DATA RandomInfo; - CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -} CK_WTLS_KEY_MAT_PARAMS; - -typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; - -/* CMS is new for version 2.20 */ -typedef struct CK_CMS_SIG_PARAMS { - CK_OBJECT_HANDLE certificateHandle; - CK_MECHANISM_PTR pSigningMechanism; - CK_MECHANISM_PTR pDigestMechanism; - CK_UTF8CHAR_PTR pContentType; - CK_BYTE_PTR pRequestedAttributes; - CK_ULONG ulRequestedAttributesLen; - CK_BYTE_PTR pRequiredAttributes; - CK_ULONG ulRequiredAttributesLen; -} CK_CMS_SIG_PARAMS; - -typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; - -typedef struct CK_KEY_DERIVATION_STRING_DATA { - CK_BYTE_PTR pData; - CK_ULONG ulLen; -} CK_KEY_DERIVATION_STRING_DATA; - -typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ - CK_KEY_DERIVATION_STRING_DATA_PTR; - - -/* The CK_EXTRACT_PARAMS is used for the - * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit - * of the base key should be used as the first bit of the - * derived key */ -/* CK_EXTRACT_PARAMS is new for v2.0 */ -typedef CK_ULONG CK_EXTRACT_PARAMS; - -typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; - -/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. - * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to - * indicate the Pseudo-Random Function (PRF) used to generate - * key bits using PKCS #5 PBKDF2. */ -typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; - -typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; - -/* The following PRFs are defined in PKCS #5 v2.0. */ -#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 - - -/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. - * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the - * source of the salt value when deriving a key using PKCS #5 - * PBKDF2. */ -typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; - -typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; - -/* The following salt value sources are defined in PKCS #5 v2.0. */ -#define CKZ_SALT_SPECIFIED 0x00000001 - -/* CK_PKCS5_PBKD2_PARAMS is new for v2.10. - * CK_PKCS5_PBKD2_PARAMS is a structure that provides the - * parameters to the CKM_PKCS5_PBKD2 mechanism. */ -typedef struct CK_PKCS5_PBKD2_PARAMS { - CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; - CK_VOID_PTR pSaltSourceData; - CK_ULONG ulSaltSourceDataLen; - CK_ULONG iterations; - CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; - CK_VOID_PTR pPrfData; - CK_ULONG ulPrfDataLen; - CK_UTF8CHAR_PTR pPassword; - CK_ULONG_PTR ulPasswordLen; -} CK_PKCS5_PBKD2_PARAMS; - -typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; - -/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */ - -typedef CK_ULONG CK_OTP_PARAM_TYPE; -typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */ - -typedef struct CK_OTP_PARAM { - CK_OTP_PARAM_TYPE type; - CK_VOID_PTR pValue; - CK_ULONG ulValueLen; -} CK_OTP_PARAM; - -typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; - -typedef struct CK_OTP_PARAMS { - CK_OTP_PARAM_PTR pParams; - CK_ULONG ulCount; -} CK_OTP_PARAMS; - -typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; - -typedef struct CK_OTP_SIGNATURE_INFO { - CK_OTP_PARAM_PTR pParams; - CK_ULONG ulCount; -} CK_OTP_SIGNATURE_INFO; - -typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CK_OTP_VALUE 0 -#define CK_OTP_PIN 1 -#define CK_OTP_CHALLENGE 2 -#define CK_OTP_TIME 3 -#define CK_OTP_COUNTER 4 -#define CK_OTP_FLAGS 5 -#define CK_OTP_OUTPUT_LENGTH 6 -#define CK_OTP_OUTPUT_FORMAT 7 - -/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ -#define CKF_NEXT_OTP 0x00000001 -#define CKF_EXCLUDE_TIME 0x00000002 -#define CKF_EXCLUDE_COUNTER 0x00000004 -#define CKF_EXCLUDE_CHALLENGE 0x00000008 -#define CKF_EXCLUDE_PIN 0x00000010 -#define CKF_USER_FRIENDLY_OTP 0x00000020 - -/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */ -typedef struct CK_KIP_PARAMS { - CK_MECHANISM_PTR pMechanism; - CK_OBJECT_HANDLE hKey; - CK_BYTE_PTR pSeed; - CK_ULONG ulSeedLen; -} CK_KIP_PARAMS; - -typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; - -/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_AES_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_AES_CTR_PARAMS; - -typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; - -/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_CAMELLIA_CTR_PARAMS { - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} CK_CAMELLIA_CTR_PARAMS; - -typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; - -/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ -typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { - CK_BYTE iv[16]; - CK_BYTE_PTR pData; - CK_ULONG length; -} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; - -typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; - -#endif +/* pkcs11t.h include file for PKCS #11 V 2.30 - draft 1 */++/* License to copy and use this software is granted provided that it is+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface+ * (Cryptoki)" in all material mentioning or referencing this software.++ * License is also granted to make and use derivative works provided that+ * such works are identified as "derived from the RSA Security Inc. PKCS #11+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or+ * referencing the derived work.++ * RSA Security Inc. makes no representations concerning either the+ * merchantability of this software or the suitability of this software for+ * any particular purpose. It is provided "as is" without express or implied+ * warranty of any kind.+ */++/* See top of pkcs11.h for information about the macros that+ * must be defined and the structure-packing conventions that+ * must be set before including this file. */++#ifndef _PKCS11T_H_+#define _PKCS11T_H_ 1++#define CRYPTOKI_VERSION_MAJOR 2+#define CRYPTOKI_VERSION_MINOR 30+#define CRYPTOKI_VERSION_AMENDMENT 0++#define CK_TRUE 1+#define CK_FALSE 0++#ifndef CK_DISABLE_TRUE_FALSE+#ifndef FALSE+#define FALSE CK_FALSE+#endif++#ifndef TRUE+#define TRUE CK_TRUE+#endif+#endif++/* an unsigned 8-bit value */+typedef unsigned char CK_BYTE;++/* an unsigned 8-bit character */+typedef CK_BYTE CK_CHAR;++/* an 8-bit UTF-8 character */+typedef CK_BYTE CK_UTF8CHAR;++/* a BYTE-sized Boolean flag */+typedef CK_BYTE CK_BBOOL;++/* an unsigned value, at least 32 bits long */+typedef unsigned long int CK_ULONG;++/* a signed value, the same size as a CK_ULONG */+typedef long int CK_LONG;++/* at least 32 bits; each bit is a Boolean flag */+typedef CK_ULONG CK_FLAGS;+++/* some special values for certain CK_ULONG variables */+#define CK_UNAVAILABLE_INFORMATION (~0UL)+#define CK_EFFECTIVELY_INFINITE 0+++typedef CK_BYTE CK_PTR CK_BYTE_PTR;+typedef CK_CHAR CK_PTR CK_CHAR_PTR;+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;+typedef CK_ULONG CK_PTR CK_ULONG_PTR;+typedef void CK_PTR CK_VOID_PTR;++/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;+++/* The following value is always invalid if used as a session */+/* handle or object handle */+#define CK_INVALID_HANDLE 0+++typedef struct CK_VERSION {+ CK_BYTE major; /* integer portion of version number */+ CK_BYTE minor; /* 1/100ths portion of version number */+} CK_VERSION;++typedef CK_VERSION CK_PTR CK_VERSION_PTR;+++typedef struct CK_INFO {+ /* manufacturerID and libraryDecription have been changed from+ * CK_CHAR to CK_UTF8CHAR for v2.10 */+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */+ CK_FLAGS flags; /* must be zero */++ CK_UTF8CHAR libraryDescription[32]; /* blank padded */+ CK_VERSION libraryVersion; /* version of library */+} CK_INFO;++typedef CK_INFO CK_PTR CK_INFO_PTR;+++/* CK_NOTIFICATION enumerates the types of notifications that+ * Cryptoki provides to an application */+typedef CK_ULONG CK_NOTIFICATION;+#define CKN_SURRENDER 0+#define CKN_OTP_CHANGED 1+++typedef CK_ULONG CK_SLOT_ID;++typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;+++/* CK_SLOT_INFO provides information about a slot */+typedef struct CK_SLOT_INFO {+ /* slotDescription and manufacturerID have been changed from+ * CK_CHAR to CK_UTF8CHAR for v2.10 */+ CK_UTF8CHAR slotDescription[64]; /* blank padded */+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */+ CK_FLAGS flags;++ CK_VERSION hardwareVersion; /* version of hardware */+ CK_VERSION firmwareVersion; /* version of firmware */+} CK_SLOT_INFO;++/* flags: bit flags that provide capabilities of the slot+ * Bit Flag Mask Meaning+ */+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/+#define CKF_HW_SLOT 0x00000004 /* hardware slot */++typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;+++/* CK_TOKEN_INFO provides information about a token */+typedef struct CK_TOKEN_INFO {+ /* label, manufacturerID, and model have been changed from+ * CK_CHAR to CK_UTF8CHAR for v2.10 */+ CK_UTF8CHAR label[32]; /* blank padded */+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */+ CK_UTF8CHAR model[16]; /* blank padded */+ CK_CHAR serialNumber[16]; /* blank padded */+ CK_FLAGS flags; /* see below */++ CK_ULONG ulMaxSessionCount; /* max open sessions */+ CK_ULONG ulSessionCount; /* sess. now open */+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */+ CK_ULONG ulMaxPinLen; /* in bytes */+ CK_ULONG ulMinPinLen; /* in bytes */+ CK_ULONG ulTotalPublicMemory; /* in bytes */+ CK_ULONG ulFreePublicMemory; /* in bytes */+ CK_ULONG ulTotalPrivateMemory; /* in bytes */+ CK_ULONG ulFreePrivateMemory; /* in bytes */+ CK_VERSION hardwareVersion; /* version of hardware */+ CK_VERSION firmwareVersion; /* version of firmware */+ CK_CHAR utcTime[16]; /* time */+} CK_TOKEN_INFO;++/* The flags parameter is defined as follows:+ * Bit Flag Mask Meaning+ */+#define CKF_RNG 0x00000001 /* has random #+ * generator */+#define CKF_WRITE_PROTECTED 0x00000002 /* token is+ * write-+ * protected */+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must+ * login */+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's+ * PIN is set */++/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set,+ * that means that *every* time the state of cryptographic+ * operations of a session is successfully saved, all keys+ * needed to continue those operations are stored in the state */+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020++/* CKF_CLOCK_ON_TOKEN. If it is set, that means+ * that the token has some sort of clock. The time on that+ * clock is returned in the token info structure */+#define CKF_CLOCK_ON_TOKEN 0x00000040++/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is+ * set, that means that there is some way for the user to login+ * without sending a PIN through the Cryptoki library itself */+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100++/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true,+ * that means that a single session with the token can perform+ * dual simultaneous cryptographic operations (digest and+ * encrypt; decrypt and digest; sign and encrypt; and decrypt+ * and sign) */+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200++/* CKF_TOKEN_INITIALIZED. If it is true, the+ * token has been initialized using C_InitializeToken or an+ * equivalent mechanism outside the scope of PKCS #11.+ * Calling C_InitializeToken when this flag is set will cause+ * the token to be reinitialized. */+#define CKF_TOKEN_INITIALIZED 0x00000400++/* CKF_SECONDARY_AUTHENTICATION. If it is+ * true, the token supports secondary authentication for+ * private key objects. This flag is deprecated in v2.11 and+ onwards. */+#define CKF_SECONDARY_AUTHENTICATION 0x00000800++/* CKF_USER_PIN_COUNT_LOW. If it is true, an+ * incorrect user login PIN has been entered at least once+ * since the last successful authentication. */+#define CKF_USER_PIN_COUNT_LOW 0x00010000++/* CKF_USER_PIN_FINAL_TRY. If it is true,+ * supplying an incorrect user PIN will it to become locked. */+#define CKF_USER_PIN_FINAL_TRY 0x00020000++/* CKF_USER_PIN_LOCKED. If it is true, the+ * user PIN has been locked. User login to the token is not+ * possible. */+#define CKF_USER_PIN_LOCKED 0x00040000++/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,+ * the user PIN value is the default value set by token+ * initialization or manufacturing, or the PIN has been+ * expired by the card. */+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000++/* CKF_SO_PIN_COUNT_LOW. If it is true, an+ * incorrect SO login PIN has been entered at least once since+ * the last successful authentication. */+#define CKF_SO_PIN_COUNT_LOW 0x00100000++/* CKF_SO_PIN_FINAL_TRY. If it is true,+ * supplying an incorrect SO PIN will it to become locked. */+#define CKF_SO_PIN_FINAL_TRY 0x00200000++/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO+ * PIN has been locked. SO login to the token is not possible.+ */+#define CKF_SO_PIN_LOCKED 0x00400000++/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,+ * the SO PIN value is the default value set by token+ * initialization or manufacturing, or the PIN has been+ * expired by the card. */+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000++#define CKF_ERROR_STATE 0x01000000++typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;+++/* CK_SESSION_HANDLE is a Cryptoki-assigned value that+ * identifies a session */+typedef CK_ULONG CK_SESSION_HANDLE;++typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;+++/* CK_USER_TYPE enumerates the types of Cryptoki users */+typedef CK_ULONG CK_USER_TYPE;+/* Security Officer */+#define CKU_SO 0+/* Normal user */+#define CKU_USER 1+/* Context specific */+#define CKU_CONTEXT_SPECIFIC 2++/* CK_STATE enumerates the session states */+typedef CK_ULONG CK_STATE;+#define CKS_RO_PUBLIC_SESSION 0+#define CKS_RO_USER_FUNCTIONS 1+#define CKS_RW_PUBLIC_SESSION 2+#define CKS_RW_USER_FUNCTIONS 3+#define CKS_RW_SO_FUNCTIONS 4+++/* CK_SESSION_INFO provides information about a session */+typedef struct CK_SESSION_INFO {+ CK_SLOT_ID slotID;+ CK_STATE state;+ CK_FLAGS flags; /* see below */+ CK_ULONG ulDeviceError; /* device-dependent error code */+} CK_SESSION_INFO;++/* The flags are defined in the following table:+ * Bit Flag Mask Meaning+ */+#define CKF_RW_SESSION 0x00000002 /* session is r/w */+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */++typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;+++/* CK_OBJECT_HANDLE is a token-specific identifier for an+ * object */+typedef CK_ULONG CK_OBJECT_HANDLE;++typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;+++/* CK_OBJECT_CLASS is a value that identifies the classes (or+ * types) of objects that Cryptoki recognizes. It is defined+ * as follows: */+typedef CK_ULONG CK_OBJECT_CLASS;++/* The following classes of objects are defined: */+#define CKO_DATA 0x00000000+#define CKO_CERTIFICATE 0x00000001+#define CKO_PUBLIC_KEY 0x00000002+#define CKO_PRIVATE_KEY 0x00000003+#define CKO_SECRET_KEY 0x00000004+#define CKO_HW_FEATURE 0x00000005+#define CKO_DOMAIN_PARAMETERS 0x00000006+#define CKO_MECHANISM 0x00000007+#define CKO_OTP_KEY 0x00000008++#define CKO_VENDOR_DEFINED 0x80000000++typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;++/* CK_HW_FEATURE_TYPE is a+ * value that identifies the hardware feature type of an object+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */+typedef CK_ULONG CK_HW_FEATURE_TYPE;++/* The following hardware feature types are defined */+#define CKH_MONOTONIC_COUNTER 0x00000001+#define CKH_CLOCK 0x00000002+#define CKH_USER_INTERFACE 0x00000003+#define CKH_VENDOR_DEFINED 0x80000000++/* CK_KEY_TYPE is a value that identifies a key type */+typedef CK_ULONG CK_KEY_TYPE;++/* the following key types are defined: */+#define CKK_RSA 0x00000000+#define CKK_DSA 0x00000001+#define CKK_DH 0x00000002+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */+#define CKK_ECDSA 0x00000003+#define CKK_EC 0x00000003+#define CKK_X9_42_DH 0x00000004+#define CKK_KEA 0x00000005+#define CKK_GENERIC_SECRET 0x00000010+#define CKK_RC2 0x00000011+#define CKK_RC4 0x00000012+#define CKK_DES 0x00000013+#define CKK_DES2 0x00000014+#define CKK_DES3 0x00000015+#define CKK_CAST 0x00000016+#define CKK_CAST3 0x00000017+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */+#define CKK_CAST5 0x00000018+#define CKK_CAST128 0x00000018+#define CKK_RC5 0x00000019+#define CKK_IDEA 0x0000001A+#define CKK_SKIPJACK 0x0000001B+#define CKK_BATON 0x0000001C+#define CKK_JUNIPER 0x0000001D+#define CKK_CDMF 0x0000001E+#define CKK_AES 0x0000001F+#define CKK_BLOWFISH 0x00000020+#define CKK_TWOFISH 0x00000021+#define CKK_SECURID 0x00000022+#define CKK_HOTP 0x00000023+#define CKK_ACTI 0x00000024+#define CKK_CAMELLIA 0x00000025+#define CKK_ARIA 0x00000026+#define CKK_MD5_HMAC 0x00000027+#define CKK_SHA_1_HMAC 0x00000028+#define CKK_RIPEMD128_HMAC 0x00000029+#define CKK_RIPEMD160_HMAC 0x0000002A+#define CKK_SHA256_HMAC 0x0000002B+#define CKK_SHA384_HMAC 0x0000002C+#define CKK_SHA512_HMAC 0x0000002D+#define CKK_SHA224_HMAC 0x0000002E+#define CKK_SEED 0x0000002F+#define CKK_GOSTR3410 0x00000030+#define CKK_GOSTR3411 0x00000031+#define CKK_GOST28147 0x00000032++#define CKK_VENDOR_DEFINED 0x80000000+++/* CK_CERTIFICATE_TYPE is a value that identifies a certificate+ * type */+typedef CK_ULONG CK_CERTIFICATE_TYPE;++/* The following certificate types are defined: */+#define CKC_X_509 0x00000000+#define CKC_X_509_ATTR_CERT 0x00000001+#define CKC_WTLS 0x00000002+#define CKC_VENDOR_DEFINED 0x80000000+++/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute+ * type */+typedef CK_ULONG CK_ATTRIBUTE_TYPE;++/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which+ consists of an array of values. */+#define CKF_ARRAY_ATTRIBUTE 0x40000000++/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */+#define CK_OTP_FORMAT_DECIMAL 0+#define CK_OTP_FORMAT_HEXADECIMAL 1+#define CK_OTP_FORMAT_ALPHANUMERIC 2+#define CK_OTP_FORMAT_BINARY 3++/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT attributes */+#define CK_OTP_PARAM_IGNORED 0+#define CK_OTP_PARAM_OPTIONAL 1+#define CK_OTP_PARAM_MANDATORY 2++/* The following attribute types are defined: */+#define CKA_CLASS 0x00000000+#define CKA_TOKEN 0x00000001+#define CKA_PRIVATE 0x00000002+#define CKA_LABEL 0x00000003+#define CKA_APPLICATION 0x00000010+#define CKA_VALUE 0x00000011+#define CKA_OBJECT_ID 0x00000012+#define CKA_CERTIFICATE_TYPE 0x00000080+#define CKA_ISSUER 0x00000081+#define CKA_SERIAL_NUMBER 0x00000082+#define CKA_AC_ISSUER 0x00000083+#define CKA_OWNER 0x00000084+#define CKA_ATTR_TYPES 0x00000085+#define CKA_TRUSTED 0x00000086+#define CKA_CERTIFICATE_CATEGORY 0x00000087+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088+#define CKA_URL 0x00000089+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B+#define CKA_CHECK_VALUE 0x00000090++#define CKA_KEY_TYPE 0x00000100+#define CKA_SUBJECT 0x00000101+#define CKA_ID 0x00000102+#define CKA_SENSITIVE 0x00000103+#define CKA_ENCRYPT 0x00000104+#define CKA_DECRYPT 0x00000105+#define CKA_WRAP 0x00000106+#define CKA_UNWRAP 0x00000107+#define CKA_SIGN 0x00000108+#define CKA_SIGN_RECOVER 0x00000109+#define CKA_VERIFY 0x0000010A+#define CKA_VERIFY_RECOVER 0x0000010B+#define CKA_DERIVE 0x0000010C+#define CKA_START_DATE 0x00000110+#define CKA_END_DATE 0x00000111+#define CKA_MODULUS 0x00000120+#define CKA_MODULUS_BITS 0x00000121+#define CKA_PUBLIC_EXPONENT 0x00000122+#define CKA_PRIVATE_EXPONENT 0x00000123+#define CKA_PRIME_1 0x00000124+#define CKA_PRIME_2 0x00000125+#define CKA_EXPONENT_1 0x00000126+#define CKA_EXPONENT_2 0x00000127+#define CKA_COEFFICIENT 0x00000128+#define CKA_PRIME 0x00000130+#define CKA_SUBPRIME 0x00000131+#define CKA_BASE 0x00000132++#define CKA_PRIME_BITS 0x00000133+#define CKA_SUBPRIME_BITS 0x00000134+/* (To retain backwards-compatibility) */+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS++#define CKA_VALUE_BITS 0x00000160+#define CKA_VALUE_LEN 0x00000161+#define CKA_EXTRACTABLE 0x00000162+#define CKA_LOCAL 0x00000163+#define CKA_NEVER_EXTRACTABLE 0x00000164+#define CKA_ALWAYS_SENSITIVE 0x00000165+#define CKA_KEY_GEN_MECHANISM 0x00000166++#define CKA_MODIFIABLE 0x00000170++/* CKA_ECDSA_PARAMS is deprecated in v2.11,+ * CKA_EC_PARAMS is preferred. */+#define CKA_ECDSA_PARAMS 0x00000180+#define CKA_EC_PARAMS 0x00000180++#define CKA_EC_POINT 0x00000181++/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,+ * are new for v2.10. Deprecated in v2.11 and onwards. */+#define CKA_SECONDARY_AUTH 0x00000200+#define CKA_AUTH_PIN_FLAGS 0x00000201++#define CKA_ALWAYS_AUTHENTICATE 0x00000202++#define CKA_WRAP_WITH_TRUSTED 0x00000210+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)+#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213)++#define CKA_OTP_FORMAT 0x00000220+#define CKA_OTP_LENGTH 0x00000221+#define CKA_OTP_TIME_INTERVAL 0x00000222+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224+#define CKA_OTP_TIME_REQUIREMENT 0x00000225+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226+#define CKA_OTP_PIN_REQUIREMENT 0x00000227+#define CKA_OTP_COUNTER 0x0000022E+#define CKA_OTP_TIME 0x0000022F+#define CKA_OTP_USER_IDENTIFIER 0x0000022A+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B+#define CKA_OTP_SERVICE_LOGO 0x0000022C+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D++#define CKA_GOSTR3410_PARAMS 0x00000250+#define CKA_GOSTR3411_PARAMS 0x00000251+#define CKA_GOST28147_PARAMS 0x00000252++#define CKA_HW_FEATURE_TYPE 0x00000300+#define CKA_RESET_ON_INIT 0x00000301+#define CKA_HAS_RESET 0x00000302++#define CKA_PIXEL_X 0x00000400+#define CKA_PIXEL_Y 0x00000401+#define CKA_RESOLUTION 0x00000402+#define CKA_CHAR_ROWS 0x00000403+#define CKA_CHAR_COLUMNS 0x00000404+#define CKA_COLOR 0x00000405+#define CKA_BITS_PER_PIXEL 0x00000406+#define CKA_CHAR_SETS 0x00000480+#define CKA_ENCODING_METHODS 0x00000481+#define CKA_MIME_TYPES 0x00000482+#define CKA_MECHANISM_TYPE 0x00000500+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)++#define CKA_VENDOR_DEFINED 0x80000000++/* CK_ATTRIBUTE is a structure that includes the type, length+ * and value of an attribute */+typedef struct CK_ATTRIBUTE {+ CK_ATTRIBUTE_TYPE type;+ CK_VOID_PTR pValue;+ CK_ULONG ulValueLen; /* in bytes */+} CK_ATTRIBUTE;++typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;+++/* CK_DATE is a structure that defines a date */+typedef struct CK_DATE{+ CK_CHAR year[4]; /* the year ("1900" - "9999") */+ CK_CHAR month[2]; /* the month ("01" - "12") */+ CK_CHAR day[2]; /* the day ("01" - "31") */+} CK_DATE;+++/* CK_MECHANISM_TYPE is a value that identifies a mechanism+ * type */+typedef CK_ULONG CK_MECHANISM_TYPE;++/* the following mechanism types are defined: */+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000+#define CKM_RSA_PKCS 0x00000001+#define CKM_RSA_9796 0x00000002+#define CKM_RSA_X_509 0x00000003++#define CKM_MD2_RSA_PKCS 0x00000004+#define CKM_MD5_RSA_PKCS 0x00000005+#define CKM_SHA1_RSA_PKCS 0x00000006++#define CKM_RIPEMD128_RSA_PKCS 0x00000007+#define CKM_RIPEMD160_RSA_PKCS 0x00000008+#define CKM_RSA_PKCS_OAEP 0x00000009++#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A+#define CKM_RSA_X9_31 0x0000000B+#define CKM_SHA1_RSA_X9_31 0x0000000C+#define CKM_RSA_PKCS_PSS 0x0000000D+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E++#define CKM_DSA_KEY_PAIR_GEN 0x00000010+#define CKM_DSA 0x00000011+#define CKM_DSA_SHA1 0x00000012+#define CKM_DSA_SHA224 0x00000013+#define CKM_DSA_SHA256 0x00000014+#define CKM_DSA_SHA384 0x00000015+#define CKM_DSA_SHA512 0x00000016+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020+#define CKM_DH_PKCS_DERIVE 0x00000021++#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030+#define CKM_X9_42_DH_DERIVE 0x00000031+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032+#define CKM_X9_42_MQV_DERIVE 0x00000033++#define CKM_SHA256_RSA_PKCS 0x00000040+#define CKM_SHA384_RSA_PKCS 0x00000041+#define CKM_SHA512_RSA_PKCS 0x00000042+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045++#define CKM_SHA224_RSA_PKCS 0x00000046+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047++#define CKM_RC2_KEY_GEN 0x00000100+#define CKM_RC2_ECB 0x00000101+#define CKM_RC2_CBC 0x00000102+#define CKM_RC2_MAC 0x00000103++#define CKM_RC2_MAC_GENERAL 0x00000104+#define CKM_RC2_CBC_PAD 0x00000105++#define CKM_RC4_KEY_GEN 0x00000110+#define CKM_RC4 0x00000111+#define CKM_DES_KEY_GEN 0x00000120+#define CKM_DES_ECB 0x00000121+#define CKM_DES_CBC 0x00000122+#define CKM_DES_MAC 0x00000123++#define CKM_DES_MAC_GENERAL 0x00000124+#define CKM_DES_CBC_PAD 0x00000125++#define CKM_DES2_KEY_GEN 0x00000130+#define CKM_DES3_KEY_GEN 0x00000131+#define CKM_DES3_ECB 0x00000132+#define CKM_DES3_CBC 0x00000133+#define CKM_DES3_MAC 0x00000134++#define CKM_DES3_MAC_GENERAL 0x00000135+#define CKM_DES3_CBC_PAD 0x00000136+#define CKM_DES3_CMAC_GENERAL 0x00000137+#define CKM_DES3_CMAC 0x00000138+#define CKM_CDMF_KEY_GEN 0x00000140+#define CKM_CDMF_ECB 0x00000141+#define CKM_CDMF_CBC 0x00000142+#define CKM_CDMF_MAC 0x00000143+#define CKM_CDMF_MAC_GENERAL 0x00000144+#define CKM_CDMF_CBC_PAD 0x00000145++#define CKM_DES_OFB64 0x00000150+#define CKM_DES_OFB8 0x00000151+#define CKM_DES_CFB64 0x00000152+#define CKM_DES_CFB8 0x00000153++#define CKM_MD2 0x00000200++#define CKM_MD2_HMAC 0x00000201+#define CKM_MD2_HMAC_GENERAL 0x00000202++#define CKM_MD5 0x00000210++#define CKM_MD5_HMAC 0x00000211+#define CKM_MD5_HMAC_GENERAL 0x00000212++#define CKM_SHA_1 0x00000220++#define CKM_SHA_1_HMAC 0x00000221+#define CKM_SHA_1_HMAC_GENERAL 0x00000222++#define CKM_RIPEMD128 0x00000230+#define CKM_RIPEMD128_HMAC 0x00000231+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232+#define CKM_RIPEMD160 0x00000240+#define CKM_RIPEMD160_HMAC 0x00000241+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242++#define CKM_SHA256 0x00000250+#define CKM_SHA256_HMAC 0x00000251+#define CKM_SHA256_HMAC_GENERAL 0x00000252++#define CKM_SHA224 0x00000255+#define CKM_SHA224_HMAC 0x00000256+#define CKM_SHA224_HMAC_GENERAL 0x00000257+#define CKM_SHA384 0x00000260+#define CKM_SHA384_HMAC 0x00000261+#define CKM_SHA384_HMAC_GENERAL 0x00000262+#define CKM_SHA512 0x00000270+#define CKM_SHA512_HMAC 0x00000271+#define CKM_SHA512_HMAC_GENERAL 0x00000272+#define CKM_SECURID_KEY_GEN 0x00000280+#define CKM_SECURID 0x00000282+#define CKM_HOTP_KEY_GEN 0x00000290+#define CKM_HOTP 0x00000291+#define CKM_ACTI 0x000002A0+#define CKM_ACTI_KEY_GEN 0x000002A1++#define CKM_CAST_KEY_GEN 0x00000300+#define CKM_CAST_ECB 0x00000301+#define CKM_CAST_CBC 0x00000302+#define CKM_CAST_MAC 0x00000303+#define CKM_CAST_MAC_GENERAL 0x00000304+#define CKM_CAST_CBC_PAD 0x00000305+#define CKM_CAST3_KEY_GEN 0x00000310+#define CKM_CAST3_ECB 0x00000311+#define CKM_CAST3_CBC 0x00000312+#define CKM_CAST3_MAC 0x00000313+#define CKM_CAST3_MAC_GENERAL 0x00000314+#define CKM_CAST3_CBC_PAD 0x00000315+/* Note that CAST128 and CAST5 are the same algorithm */+#define CKM_CAST5_KEY_GEN 0x00000320+#define CKM_CAST128_KEY_GEN 0x00000320+#define CKM_CAST5_ECB 0x00000321+#define CKM_CAST128_ECB 0x00000321+#define CKM_CAST5_CBC 0x00000322+#define CKM_CAST128_CBC 0x00000322+#define CKM_CAST5_MAC 0x00000323+#define CKM_CAST128_MAC 0x00000323+#define CKM_CAST5_MAC_GENERAL 0x00000324+#define CKM_CAST128_MAC_GENERAL 0x00000324+#define CKM_CAST5_CBC_PAD 0x00000325+#define CKM_CAST128_CBC_PAD 0x00000325+#define CKM_RC5_KEY_GEN 0x00000330+#define CKM_RC5_ECB 0x00000331+#define CKM_RC5_CBC 0x00000332+#define CKM_RC5_MAC 0x00000333+#define CKM_RC5_MAC_GENERAL 0x00000334+#define CKM_RC5_CBC_PAD 0x00000335+#define CKM_IDEA_KEY_GEN 0x00000340+#define CKM_IDEA_ECB 0x00000341+#define CKM_IDEA_CBC 0x00000342+#define CKM_IDEA_MAC 0x00000343+#define CKM_IDEA_MAC_GENERAL 0x00000344+#define CKM_IDEA_CBC_PAD 0x00000345+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363+#define CKM_XOR_BASE_AND_DATA 0x00000364+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372++#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377++#define CKM_TLS_PRF 0x00000378++#define CKM_SSL3_MD5_MAC 0x00000380+#define CKM_SSL3_SHA1_MAC 0x00000381+#define CKM_MD5_KEY_DERIVATION 0x00000390+#define CKM_MD2_KEY_DERIVATION 0x00000391+#define CKM_SHA1_KEY_DERIVATION 0x00000392++#define CKM_SHA256_KEY_DERIVATION 0x00000393+#define CKM_SHA384_KEY_DERIVATION 0x00000394+#define CKM_SHA512_KEY_DERIVATION 0x00000395++#define CKM_SHA224_KEY_DERIVATION 0x00000396++#define CKM_PBE_MD2_DES_CBC 0x000003A0+#define CKM_PBE_MD5_DES_CBC 0x000003A1+#define CKM_PBE_MD5_CAST_CBC 0x000003A2+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5+#define CKM_PBE_SHA1_RC4_128 0x000003A6+#define CKM_PBE_SHA1_RC4_40 0x000003A7+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB++#define CKM_PKCS5_PBKD2 0x000003B0++#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0++#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2+#define CKM_WTLS_PRF 0x000003D3+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5++#define CKM_KEY_WRAP_LYNKS 0x00000400+#define CKM_KEY_WRAP_SET_OAEP 0x00000401++#define CKM_CMS_SIG 0x00000500++#define CKM_KIP_DERIVE 0x00000510+#define CKM_KIP_WRAP 0x00000511+#define CKM_KIP_MAC 0x00000512++#define CKM_CAMELLIA_KEY_GEN 0x00000550+#define CKM_CAMELLIA_ECB 0x00000551+#define CKM_CAMELLIA_CBC 0x00000552+#define CKM_CAMELLIA_MAC 0x00000553+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554+#define CKM_CAMELLIA_CBC_PAD 0x00000555+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557+#define CKM_CAMELLIA_CTR 0x00000558++#define CKM_ARIA_KEY_GEN 0x00000560+#define CKM_ARIA_ECB 0x00000561+#define CKM_ARIA_CBC 0x00000562+#define CKM_ARIA_MAC 0x00000563+#define CKM_ARIA_MAC_GENERAL 0x00000564+#define CKM_ARIA_CBC_PAD 0x00000565+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567++#define CKM_SEED_KEY_GEN 0x00000650+#define CKM_SEED_ECB 0x00000651+#define CKM_SEED_CBC 0x00000652+#define CKM_SEED_MAC 0x00000653+#define CKM_SEED_MAC_GENERAL 0x00000654+#define CKM_SEED_CBC_PAD 0x00000655+#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656+#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657++#define CKM_SKIPJACK_KEY_GEN 0x00001000+#define CKM_SKIPJACK_ECB64 0x00001001+#define CKM_SKIPJACK_CBC64 0x00001002+#define CKM_SKIPJACK_OFB64 0x00001003+#define CKM_SKIPJACK_CFB64 0x00001004+#define CKM_SKIPJACK_CFB32 0x00001005+#define CKM_SKIPJACK_CFB16 0x00001006+#define CKM_SKIPJACK_CFB8 0x00001007+#define CKM_SKIPJACK_WRAP 0x00001008+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009+#define CKM_SKIPJACK_RELAYX 0x0000100a+#define CKM_KEA_KEY_PAIR_GEN 0x00001010+#define CKM_KEA_KEY_DERIVE 0x00001011+#define CKM_FORTEZZA_TIMESTAMP 0x00001020+#define CKM_BATON_KEY_GEN 0x00001030+#define CKM_BATON_ECB128 0x00001031+#define CKM_BATON_ECB96 0x00001032+#define CKM_BATON_CBC128 0x00001033+#define CKM_BATON_COUNTER 0x00001034+#define CKM_BATON_SHUFFLE 0x00001035+#define CKM_BATON_WRAP 0x00001036++/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,+ * CKM_EC_KEY_PAIR_GEN is preferred */+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040+#define CKM_EC_KEY_PAIR_GEN 0x00001040++#define CKM_ECDSA 0x00001041+#define CKM_ECDSA_SHA1 0x00001042+#define CKM_ECDSA_SHA224 0x00001043+#define CKM_ECDSA_SHA256 0x00001044+#define CKM_ECDSA_SHA384 0x00001045+#define CKM_ECDSA_SHA512 0x00001046++#define CKM_ECDH1_DERIVE 0x00001050+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051+#define CKM_ECMQV_DERIVE 0x00001052++#define CKM_JUNIPER_KEY_GEN 0x00001060+#define CKM_JUNIPER_ECB128 0x00001061+#define CKM_JUNIPER_CBC128 0x00001062+#define CKM_JUNIPER_COUNTER 0x00001063+#define CKM_JUNIPER_SHUFFLE 0x00001064+#define CKM_JUNIPER_WRAP 0x00001065+#define CKM_FASTHASH 0x00001070++#define CKM_AES_KEY_GEN 0x00001080+#define CKM_AES_ECB 0x00001081+#define CKM_AES_CBC 0x00001082+#define CKM_AES_MAC 0x00001083+#define CKM_AES_MAC_GENERAL 0x00001084+#define CKM_AES_CBC_PAD 0x00001085+#define CKM_AES_CTR 0x00001086+#define CKM_AES_CTS 0x00001089+#define CKM_AES_CMAC 0x0000108A+#define CKM_AES_CMAC_GENERAL 0x0000108B++#define CKM_BLOWFISH_KEY_GEN 0x00001090+#define CKM_BLOWFISH_CBC 0x00001091+#define CKM_TWOFISH_KEY_GEN 0x00001092+#define CKM_TWOFISH_CBC 0x00001093++#define CKM_AES_GCM 0x00001087+#define CKM_AES_CCM 0x00001088+#define CKM_AES_KEY_WRAP 0x00001090+#define CKM_AES_KEY_WRAP_PAD 0x00001091++#define CKM_BLOWFISH_CBC_PAD 0x00001094+#define CKM_TWOFISH_CBC_PAD 0x00001095++#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105++#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200+#define CKM_GOSTR3410 0x00001201+#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202+#define CKM_GOSTR3410_KEY_WRAP 0x00001203+#define CKM_GOSTR3410_DERIVE 0x00001204+#define CKM_GOSTR3411 0x00001210+#define CKM_GOSTR3411_HMAC 0x00001211+#define CKM_GOST28147_KEY_GEN 0x00001220+#define CKM_GOST28147_ECB 0x00001221+#define CKM_GOST28147 0x00001222+#define CKM_GOST28147_MAC 0x00001223+#define CKM_GOST28147_KEY_WRAP 0x00001224++#define CKM_DSA_PARAMETER_GEN 0x00002000+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002++#define CKM_AES_OFB 0x00002104+#define CKM_AES_CFB64 0x00002105+#define CKM_AES_CFB8 0x00002106+#define CKM_AES_CFB128 0x00002107++#define CKM_RSA_PKCS_TPM_1_1 0x00004001+#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002++#define CKM_VENDOR_DEFINED 0x80000000++typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;+++/* CK_MECHANISM is a structure that specifies a particular+ * mechanism */+typedef struct CK_MECHANISM {+ CK_MECHANISM_TYPE mechanism;+ CK_VOID_PTR pParameter;+ CK_ULONG ulParameterLen; /* in bytes */+} CK_MECHANISM;++typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;+++/* CK_MECHANISM_INFO provides information about a particular+ * mechanism */+typedef struct CK_MECHANISM_INFO {+ CK_ULONG ulMinKeySize;+ CK_ULONG ulMaxKeySize;+ CK_FLAGS flags;+} CK_MECHANISM_INFO;++/* The flags are defined as follows:+ * Bit Flag Mask Meaning */+#define CKF_HW 0x00000001 /* performed by HW */++/* Specify whether or not a mechanism can be used for a particular task */+#define CKF_ENCRYPT 0x00000100+#define CKF_DECRYPT 0x00000200+#define CKF_DIGEST 0x00000400+#define CKF_SIGN 0x00000800+#define CKF_SIGN_RECOVER 0x00001000+#define CKF_VERIFY 0x00002000+#define CKF_VERIFY_RECOVER 0x00004000+#define CKF_GENERATE 0x00008000+#define CKF_GENERATE_KEY_PAIR 0x00010000+#define CKF_WRAP 0x00020000+#define CKF_UNWRAP 0x00040000+#define CKF_DERIVE 0x00080000++/* Describe a token's EC capabilities not available in mechanism+ * information. */+#define CKF_EC_F_P 0x00100000+#define CKF_EC_F_2M 0x00200000+#define CKF_EC_ECPARAMETERS 0x00400000+#define CKF_EC_NAMEDCURVE 0x00800000+#define CKF_EC_UNCOMPRESS 0x01000000+#define CKF_EC_COMPRESS 0x02000000++#define CKF_EXTENSION 0x80000000 /* FALSE for this version */++typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;+++/* CK_RV is a value that identifies the return value of a+ * Cryptoki function */+typedef CK_ULONG CK_RV;++#define CKR_OK 0x00000000+#define CKR_CANCEL 0x00000001+#define CKR_HOST_MEMORY 0x00000002+#define CKR_SLOT_ID_INVALID 0x00000003++/* CKR_FLAGS_INVALID was removed for v2.0 */++#define CKR_GENERAL_ERROR 0x00000005+#define CKR_FUNCTION_FAILED 0x00000006++#define CKR_ARGUMENTS_BAD 0x00000007+#define CKR_NO_EVENT 0x00000008+#define CKR_NEED_TO_CREATE_THREADS 0x00000009+#define CKR_CANT_LOCK 0x0000000A++#define CKR_ATTRIBUTE_READ_ONLY 0x00000010+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013+#define CKR_DATA_INVALID 0x00000020+#define CKR_DATA_LEN_RANGE 0x00000021+#define CKR_DEVICE_ERROR 0x00000030+#define CKR_DEVICE_MEMORY 0x00000031+#define CKR_DEVICE_REMOVED 0x00000032+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041+#define CKR_FUNCTION_CANCELED 0x00000050+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051++#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054++#define CKR_KEY_HANDLE_INVALID 0x00000060++/* CKR_KEY_SENSITIVE was removed for v2.0 */++#define CKR_KEY_SIZE_RANGE 0x00000062+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063++#define CKR_KEY_NOT_NEEDED 0x00000064+#define CKR_KEY_CHANGED 0x00000065+#define CKR_KEY_NEEDED 0x00000066+#define CKR_KEY_INDIGESTIBLE 0x00000067+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068+#define CKR_KEY_NOT_WRAPPABLE 0x00000069+#define CKR_KEY_UNEXTRACTABLE 0x0000006A++#define CKR_MECHANISM_INVALID 0x00000070+#define CKR_MECHANISM_PARAM_INVALID 0x00000071++/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID+ * were removed for v2.0 */+#define CKR_OBJECT_HANDLE_INVALID 0x00000082+#define CKR_OPERATION_ACTIVE 0x00000090+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091+#define CKR_PIN_INCORRECT 0x000000A0+#define CKR_PIN_INVALID 0x000000A1+#define CKR_PIN_LEN_RANGE 0x000000A2++#define CKR_PIN_EXPIRED 0x000000A3+#define CKR_PIN_LOCKED 0x000000A4++#define CKR_SESSION_CLOSED 0x000000B0+#define CKR_SESSION_COUNT 0x000000B1+#define CKR_SESSION_HANDLE_INVALID 0x000000B3+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4+#define CKR_SESSION_READ_ONLY 0x000000B5+#define CKR_SESSION_EXISTS 0x000000B6++#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8++#define CKR_SIGNATURE_INVALID 0x000000C0+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1+#define CKR_TOKEN_NOT_PRESENT 0x000000E0+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100+#define CKR_USER_NOT_LOGGED_IN 0x00000101+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102+#define CKR_USER_TYPE_INVALID 0x00000103++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104+#define CKR_USER_TOO_MANY_TYPES 0x00000105++#define CKR_WRAPPED_KEY_INVALID 0x00000110+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120++#define CKR_RANDOM_NO_RNG 0x00000121++#define CKR_DOMAIN_PARAMS_INVALID 0x00000130++#define CKR_BUFFER_TOO_SMALL 0x00000150+#define CKR_SAVED_STATE_INVALID 0x00000160+#define CKR_INFORMATION_SENSITIVE 0x00000170+#define CKR_STATE_UNSAVEABLE 0x00000180++#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191+#define CKR_MUTEX_BAD 0x000001A0+#define CKR_MUTEX_NOT_LOCKED 0x000001A1++#define CKR_NEW_PIN_MODE 0x000001B0+#define CKR_NEXT_OTP 0x000001B1+#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5+#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6+#define CKR_LIBRARY_LOAD_FAILED 0x000001B7+#define CKR_PIN_TOO_WEAK 0x000001B8+#define CKR_PUBLIC_KEY_INVALID 0x000001B9++#define CKR_FUNCTION_REJECTED 0x00000200++#define CKR_VENDOR_DEFINED 0x80000000+++/* CK_NOTIFY is an application callback that processes events */+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(+ CK_SESSION_HANDLE hSession, /* the session's handle */+ CK_NOTIFICATION event,+ CK_VOID_PTR pApplication /* passed to C_OpenSession */+);+++/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec+ * version and pointers of appropriate types to all the+ * Cryptoki functions */+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;++typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;++typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;+++/* CK_CREATEMUTEX is an application callback for creating a+ * mutex object */+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */+);+++/* CK_DESTROYMUTEX is an application callback for destroying a+ * mutex object */+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(+ CK_VOID_PTR pMutex /* pointer to mutex */+);+++/* CK_LOCKMUTEX is an application callback for locking a mutex */+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(+ CK_VOID_PTR pMutex /* pointer to mutex */+);+++/* CK_UNLOCKMUTEX is an application callback for unlocking a+ * mutex */+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(+ CK_VOID_PTR pMutex /* pointer to mutex */+);+++/* CK_C_INITIALIZE_ARGS provides the optional arguments to+ * C_Initialize */+typedef struct CK_C_INITIALIZE_ARGS {+ CK_CREATEMUTEX CreateMutex;+ CK_DESTROYMUTEX DestroyMutex;+ CK_LOCKMUTEX LockMutex;+ CK_UNLOCKMUTEX UnlockMutex;+ CK_FLAGS flags;+ CK_VOID_PTR pReserved;+} CK_C_INITIALIZE_ARGS;++/* flags: bit flags that provide capabilities of the slot+ * Bit Flag Mask Meaning+ */+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001+#define CKF_OS_LOCKING_OK 0x00000002++typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;+++/* additional flags for parameters to functions */++/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */+#define CKF_DONT_BLOCK 1++/*+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message+ * Generation Function (MGF) applied to a message block when+ * formatting a message block for the PKCS #1 OAEP encryption+ * scheme. */+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;++typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;++/* The following MGFs are defined */+#define CKG_MGF1_SHA1 0x00000001+#define CKG_MGF1_SHA256 0x00000002+#define CKG_MGF1_SHA384 0x00000003+#define CKG_MGF1_SHA512 0x00000004+#define CKG_MGF1_SHA224 0x00000005++/*+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source+ * of the encoding parameter when formatting a message block+ * for the PKCS #1 OAEP encryption scheme. */+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;++typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;++/* The following encoding parameter sources are defined */+#define CKZ_DATA_SPECIFIED 0x00000001++/*+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the+ * CKM_RSA_PKCS_OAEP mechanism. */+typedef struct CK_RSA_PKCS_OAEP_PARAMS {+ CK_MECHANISM_TYPE hashAlg;+ CK_RSA_PKCS_MGF_TYPE mgf;+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;+ CK_VOID_PTR pSourceData;+ CK_ULONG ulSourceDataLen;+} CK_RSA_PKCS_OAEP_PARAMS;++typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;++/*+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the+ * CKM_RSA_PKCS_PSS mechanism(s). */+typedef struct CK_RSA_PKCS_PSS_PARAMS {+ CK_MECHANISM_TYPE hashAlg;+ CK_RSA_PKCS_MGF_TYPE mgf;+ CK_ULONG sLen;+} CK_RSA_PKCS_PSS_PARAMS;++typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;++typedef CK_ULONG CK_EC_KDF_TYPE;++/* The following EC Key Derivation Functions are defined */+#define CKD_NULL 0x00000001+#define CKD_SHA1_KDF 0x00000002+/* The following X9.42 DH key derivation functions are defined */+#define CKD_SHA1_KDF_ASN1 0x00000003+#define CKD_SHA1_KDF_CONCATENATE 0x00000004+#define CKD_SHA224_KDF 0x00000005+#define CKD_SHA256_KDF 0x00000006+#define CKD_SHA384_KDF 0x00000007+#define CKD_SHA512_KDF 0x00000008+#define CKD_CPDIVERSIFY_KDF 0x00000009+++/*+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,+ * where each party contributes one key pair.+ */+typedef struct CK_ECDH1_DERIVE_PARAMS {+ CK_EC_KDF_TYPE kdf;+ CK_ULONG ulSharedDataLen;+ CK_BYTE_PTR pSharedData;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+} CK_ECDH1_DERIVE_PARAMS;++typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;+++/*+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */+typedef struct CK_ECDH2_DERIVE_PARAMS {+ CK_EC_KDF_TYPE kdf;+ CK_ULONG ulSharedDataLen;+ CK_BYTE_PTR pSharedData;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+ CK_ULONG ulPrivateDataLen;+ CK_OBJECT_HANDLE hPrivateData;+ CK_ULONG ulPublicDataLen2;+ CK_BYTE_PTR pPublicData2;+} CK_ECDH2_DERIVE_PARAMS;++typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;++typedef struct CK_ECMQV_DERIVE_PARAMS {+ CK_EC_KDF_TYPE kdf;+ CK_ULONG ulSharedDataLen;+ CK_BYTE_PTR pSharedData;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+ CK_ULONG ulPrivateDataLen;+ CK_OBJECT_HANDLE hPrivateData;+ CK_ULONG ulPublicDataLen2;+ CK_BYTE_PTR pPublicData2;+ CK_OBJECT_HANDLE publicKey;+} CK_ECMQV_DERIVE_PARAMS;++typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;++/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms */+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;++/*+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party+ * contributes one key pair */+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {+ CK_X9_42_DH_KDF_TYPE kdf;+ CK_ULONG ulOtherInfoLen;+ CK_BYTE_PTR pOtherInfo;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+} CK_X9_42_DH1_DERIVE_PARAMS;++typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;++/*+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation+ * mechanisms, where each party contributes two key pairs */+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {+ CK_X9_42_DH_KDF_TYPE kdf;+ CK_ULONG ulOtherInfoLen;+ CK_BYTE_PTR pOtherInfo;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+ CK_ULONG ulPrivateDataLen;+ CK_OBJECT_HANDLE hPrivateData;+ CK_ULONG ulPublicDataLen2;+ CK_BYTE_PTR pPublicData2;+} CK_X9_42_DH2_DERIVE_PARAMS;++typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;++typedef struct CK_X9_42_MQV_DERIVE_PARAMS {+ CK_X9_42_DH_KDF_TYPE kdf;+ CK_ULONG ulOtherInfoLen;+ CK_BYTE_PTR pOtherInfo;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+ CK_ULONG ulPrivateDataLen;+ CK_OBJECT_HANDLE hPrivateData;+ CK_ULONG ulPublicDataLen2;+ CK_BYTE_PTR pPublicData2;+ CK_OBJECT_HANDLE publicKey;+} CK_X9_42_MQV_DERIVE_PARAMS;++typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;++/* CK_KEA_DERIVE_PARAMS provides the parameters to the+ * CKM_KEA_DERIVE mechanism */+typedef struct CK_KEA_DERIVE_PARAMS {+ CK_BBOOL isSender;+ CK_ULONG ulRandomLen;+ CK_BYTE_PTR pRandomA;+ CK_BYTE_PTR pRandomB;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+} CK_KEA_DERIVE_PARAMS;++typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;+++/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just+ * holds the effective keysize */+typedef CK_ULONG CK_RC2_PARAMS;++typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;+++/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC+ * mechanism */+typedef struct CK_RC2_CBC_PARAMS {+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */++ CK_BYTE iv[8]; /* IV for CBC mode */+} CK_RC2_CBC_PARAMS;++typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;+++/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the+ * CKM_RC2_MAC_GENERAL mechanism */+typedef struct CK_RC2_MAC_GENERAL_PARAMS {+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */+ CK_ULONG ulMacLength; /* Length of MAC in bytes */+} CK_RC2_MAC_GENERAL_PARAMS;++typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \+ CK_RC2_MAC_GENERAL_PARAMS_PTR;+++/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and+ * CKM_RC5_MAC mechanisms */+typedef struct CK_RC5_PARAMS {+ CK_ULONG ulWordsize; /* wordsize in bits */+ CK_ULONG ulRounds; /* number of rounds */+} CK_RC5_PARAMS;++typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;+++/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC+ * mechanism */+typedef struct CK_RC5_CBC_PARAMS {+ CK_ULONG ulWordsize; /* wordsize in bits */+ CK_ULONG ulRounds; /* number of rounds */+ CK_BYTE_PTR pIv; /* pointer to IV */+ CK_ULONG ulIvLen; /* length of IV in bytes */+} CK_RC5_CBC_PARAMS;++typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;+++/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the+ * CKM_RC5_MAC_GENERAL mechanism */+typedef struct CK_RC5_MAC_GENERAL_PARAMS {+ CK_ULONG ulWordsize; /* wordsize in bits */+ CK_ULONG ulRounds; /* number of rounds */+ CK_ULONG ulMacLength; /* Length of MAC in bytes */+} CK_RC5_MAC_GENERAL_PARAMS;++typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \+ CK_RC5_MAC_GENERAL_PARAMS_PTR;+++/* CK_MAC_GENERAL_PARAMS provides the parameters to most block+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of+ * the MAC */+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;++typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;++typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {+ CK_BYTE iv[8];+ CK_BYTE_PTR pData;+ CK_ULONG length;+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;++typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;++typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {+ CK_BYTE iv[16];+ CK_BYTE_PTR pData;+ CK_ULONG length;+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;++typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;++/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {+ CK_ULONG ulPasswordLen;+ CK_BYTE_PTR pPassword;+ CK_ULONG ulPublicDataLen;+ CK_BYTE_PTR pPublicData;+ CK_ULONG ulPAndGLen;+ CK_ULONG ulQLen;+ CK_ULONG ulRandomLen;+ CK_BYTE_PTR pRandomA;+ CK_BYTE_PTR pPrimeP;+ CK_BYTE_PTR pBaseG;+ CK_BYTE_PTR pSubprimeQ;+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;++typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \+ CK_SKIPJACK_PRIVATE_WRAP_PTR;+++/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the+ * CKM_SKIPJACK_RELAYX mechanism */+typedef struct CK_SKIPJACK_RELAYX_PARAMS {+ CK_ULONG ulOldWrappedXLen;+ CK_BYTE_PTR pOldWrappedX;+ CK_ULONG ulOldPasswordLen;+ CK_BYTE_PTR pOldPassword;+ CK_ULONG ulOldPublicDataLen;+ CK_BYTE_PTR pOldPublicData;+ CK_ULONG ulOldRandomLen;+ CK_BYTE_PTR pOldRandomA;+ CK_ULONG ulNewPasswordLen;+ CK_BYTE_PTR pNewPassword;+ CK_ULONG ulNewPublicDataLen;+ CK_BYTE_PTR pNewPublicData;+ CK_ULONG ulNewRandomLen;+ CK_BYTE_PTR pNewRandomA;+} CK_SKIPJACK_RELAYX_PARAMS;++typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \+ CK_SKIPJACK_RELAYX_PARAMS_PTR;+++typedef struct CK_PBE_PARAMS {+ CK_BYTE_PTR pInitVector;+ CK_UTF8CHAR_PTR pPassword;+ CK_ULONG ulPasswordLen;+ CK_BYTE_PTR pSalt;+ CK_ULONG ulSaltLen;+ CK_ULONG ulIteration;+} CK_PBE_PARAMS;++typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;+++/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the+ * CKM_KEY_WRAP_SET_OAEP mechanism */+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {+ CK_BYTE bBC; /* block contents byte */+ CK_BYTE_PTR pX; /* extra data */+ CK_ULONG ulXLen; /* length of extra data in bytes */+} CK_KEY_WRAP_SET_OAEP_PARAMS;++typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;+++typedef struct CK_SSL3_RANDOM_DATA {+ CK_BYTE_PTR pClientRandom;+ CK_ULONG ulClientRandomLen;+ CK_BYTE_PTR pServerRandom;+ CK_ULONG ulServerRandomLen;+} CK_SSL3_RANDOM_DATA;+++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {+ CK_SSL3_RANDOM_DATA RandomInfo;+ CK_VERSION_PTR pVersion;+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;++typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;+++typedef struct CK_SSL3_KEY_MAT_OUT {+ CK_OBJECT_HANDLE hClientMacSecret;+ CK_OBJECT_HANDLE hServerMacSecret;+ CK_OBJECT_HANDLE hClientKey;+ CK_OBJECT_HANDLE hServerKey;+ CK_BYTE_PTR pIVClient;+ CK_BYTE_PTR pIVServer;+} CK_SSL3_KEY_MAT_OUT;++typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;+++typedef struct CK_SSL3_KEY_MAT_PARAMS {+ CK_ULONG ulMacSizeInBits;+ CK_ULONG ulKeySizeInBits;+ CK_ULONG ulIVSizeInBits;+ CK_BBOOL bIsExport;+ CK_SSL3_RANDOM_DATA RandomInfo;+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;+} CK_SSL3_KEY_MAT_PARAMS;++typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;++typedef struct CK_TLS_PRF_PARAMS {+ CK_BYTE_PTR pSeed;+ CK_ULONG ulSeedLen;+ CK_BYTE_PTR pLabel;+ CK_ULONG ulLabelLen;+ CK_BYTE_PTR pOutput;+ CK_ULONG_PTR pulOutputLen;+} CK_TLS_PRF_PARAMS;++typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;++typedef struct CK_WTLS_RANDOM_DATA {+ CK_BYTE_PTR pClientRandom;+ CK_ULONG ulClientRandomLen;+ CK_BYTE_PTR pServerRandom;+ CK_ULONG ulServerRandomLen;+} CK_WTLS_RANDOM_DATA;++typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;++typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {+ CK_MECHANISM_TYPE DigestMechanism;+ CK_WTLS_RANDOM_DATA RandomInfo;+ CK_BYTE_PTR pVersion;+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;++typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;++typedef struct CK_WTLS_PRF_PARAMS {+ CK_MECHANISM_TYPE DigestMechanism;+ CK_BYTE_PTR pSeed;+ CK_ULONG ulSeedLen;+ CK_BYTE_PTR pLabel;+ CK_ULONG ulLabelLen;+ CK_BYTE_PTR pOutput;+ CK_ULONG_PTR pulOutputLen;+} CK_WTLS_PRF_PARAMS;++typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;++typedef struct CK_WTLS_KEY_MAT_OUT {+ CK_OBJECT_HANDLE hMacSecret;+ CK_OBJECT_HANDLE hKey;+ CK_BYTE_PTR pIV;+} CK_WTLS_KEY_MAT_OUT;++typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;++typedef struct CK_WTLS_KEY_MAT_PARAMS {+ CK_MECHANISM_TYPE DigestMechanism;+ CK_ULONG ulMacSizeInBits;+ CK_ULONG ulKeySizeInBits;+ CK_ULONG ulIVSizeInBits;+ CK_ULONG ulSequenceNumber;+ CK_BBOOL bIsExport;+ CK_WTLS_RANDOM_DATA RandomInfo;+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;+} CK_WTLS_KEY_MAT_PARAMS;++typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;++typedef struct CK_CMS_SIG_PARAMS {+ CK_OBJECT_HANDLE certificateHandle;+ CK_MECHANISM_PTR pSigningMechanism;+ CK_MECHANISM_PTR pDigestMechanism;+ CK_UTF8CHAR_PTR pContentType;+ CK_BYTE_PTR pRequestedAttributes;+ CK_ULONG ulRequestedAttributesLen;+ CK_BYTE_PTR pRequiredAttributes;+ CK_ULONG ulRequiredAttributesLen;+} CK_CMS_SIG_PARAMS;++typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;++typedef struct CK_KEY_DERIVATION_STRING_DATA {+ CK_BYTE_PTR pData;+ CK_ULONG ulLen;+} CK_KEY_DERIVATION_STRING_DATA;++typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \+ CK_KEY_DERIVATION_STRING_DATA_PTR;+++/* The CK_EXTRACT_PARAMS is used for the+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit+ * of the base key should be used as the first bit of the+ * derived key */+typedef CK_ULONG CK_EXTRACT_PARAMS;++typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;++/*+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to+ * indicate the Pseudo-Random Function (PRF) used to generate+ * key bits using PKCS #5 PBKDF2. */+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;++typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;++#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001+++/*+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the+ * source of the salt value when deriving a key using PKCS #5+ * PBKDF2. */+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;++typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;++/* The following salt value sources are defined in PKCS #5 v2.0. */+#define CKZ_SALT_SPECIFIED 0x00000001++/*+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */+typedef struct CK_PKCS5_PBKD2_PARAMS {+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;+ CK_VOID_PTR pSaltSourceData;+ CK_ULONG ulSaltSourceDataLen;+ CK_ULONG iterations;+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;+ CK_VOID_PTR pPrfData;+ CK_ULONG ulPrfDataLen;+ CK_UTF8CHAR_PTR pPassword;+ CK_ULONG_PTR ulPasswordLen;+} CK_PKCS5_PBKD2_PARAMS;++typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;++typedef CK_ULONG CK_OTP_PARAM_TYPE;+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */++typedef struct CK_OTP_PARAM {+ CK_OTP_PARAM_TYPE type;+ CK_VOID_PTR pValue;+ CK_ULONG ulValueLen;+} CK_OTP_PARAM;++typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;++typedef struct CK_OTP_PARAMS {+ CK_OTP_PARAM_PTR pParams;+ CK_ULONG ulCount;+} CK_OTP_PARAMS;++typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;++typedef struct CK_OTP_SIGNATURE_INFO {+ CK_OTP_PARAM_PTR pParams;+ CK_ULONG ulCount;+} CK_OTP_SIGNATURE_INFO;++typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;++#define CK_OTP_VALUE 0+#define CK_OTP_PIN 1+#define CK_OTP_CHALLENGE 2+#define CK_OTP_TIME 3+#define CK_OTP_COUNTER 4+#define CK_OTP_FLAGS 5+#define CK_OTP_OUTPUT_LENGTH 6+#define CK_OTP_OUTPUT_FORMAT 7++#define CKF_NEXT_OTP 0x00000001+#define CKF_EXCLUDE_TIME 0x00000002+#define CKF_EXCLUDE_COUNTER 0x00000004+#define CKF_EXCLUDE_CHALLENGE 0x00000008+#define CKF_EXCLUDE_PIN 0x00000010+#define CKF_USER_FRIENDLY_OTP 0x00000020++typedef struct CK_KIP_PARAMS {+ CK_MECHANISM_PTR pMechanism;+ CK_OBJECT_HANDLE hKey;+ CK_BYTE_PTR pSeed;+ CK_ULONG ulSeedLen;+} CK_KIP_PARAMS;++typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;++typedef struct CK_AES_CTR_PARAMS {+ CK_ULONG ulCounterBits;+ CK_BYTE cb[16];+} CK_AES_CTR_PARAMS;++typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;++typedef struct CK_AES_GCM_PARAMS {+ CK_BYTE_PTR pIv;+ CK_ULONG ulIvLen;+ CK_ULONG ulIvBits;+ CK_BYTE_PTR pAAD;+ CK_ULONG ulAADLen;+ CK_ULONG ulTagBits;+} CK_AES_GCM_PARAMS;++typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR;++typedef struct CK_AES_CCM_PARAMS {+ CK_ULONG ulDataLen; /*plaintext or ciphertext*/+ CK_BYTE_PTR pNonce;+ CK_ULONG ulNonceLen;+ CK_BYTE_PTR pAAD;+ CK_ULONG ulAADLen;+ CK_ULONG ulMACLen;+} CK_AES_CCM_PARAMS;++typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR;++typedef struct CK_CAMELLIA_CTR_PARAMS {+ CK_ULONG ulCounterBits;+ CK_BYTE cb[16];+} CK_CAMELLIA_CTR_PARAMS;++typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;++typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {+ CK_BYTE iv[16];+ CK_BYTE_PTR pData;+ CK_ULONG length;+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;++typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;++typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {+ CK_BYTE iv[16];+ CK_BYTE_PTR pData;+ CK_ULONG length;+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;++typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;++#endif