pkcs11 0.2.4-x64-mingw32

Sign up to get free protection for your applications and to get access to all the features.
Files changed (55) hide show
  1. data.tar.gz.sig +0 -0
  2. data/.autotest +23 -0
  3. data/.gemtest +0 -0
  4. data/.yardopts +1 -0
  5. data/History.txt +57 -0
  6. data/MIT-LICENSE +22 -0
  7. data/Manifest.txt +57 -0
  8. data/README.rdoc +205 -0
  9. data/Rakefile +111 -0
  10. data/ext/extconf.rb +7 -0
  11. data/ext/generate_constants.rb +57 -0
  12. data/ext/generate_structs.rb +206 -0
  13. data/ext/generate_thread_funcs.rb +72 -0
  14. data/ext/include/cryptoki.h +66 -0
  15. data/ext/include/ct-kip.h +50 -0
  16. data/ext/include/otp-pkcs11.h +125 -0
  17. data/ext/include/pkcs-11v2-20a3.h +124 -0
  18. data/ext/include/pkcs11.h +299 -0
  19. data/ext/include/pkcs11f.h +912 -0
  20. data/ext/include/pkcs11t.h +1885 -0
  21. data/ext/pk11.c +1675 -0
  22. data/ext/pk11.h +81 -0
  23. data/ext/pk11_const.c +205 -0
  24. data/ext/pk11_const_def.inc +452 -0
  25. data/ext/pk11_const_macros.h +38 -0
  26. data/ext/pk11_struct.doc +792 -0
  27. data/ext/pk11_struct_def.inc +302 -0
  28. data/ext/pk11_struct_impl.inc +302 -0
  29. data/ext/pk11_struct_macros.h +435 -0
  30. data/ext/pk11_thread_funcs.c +411 -0
  31. data/ext/pk11_thread_funcs.h +482 -0
  32. data/ext/pk11_version.h +6 -0
  33. data/lib/2.0/pkcs11_ext.so +0 -0
  34. data/lib/pkcs11.rb +9 -0
  35. data/lib/pkcs11/extensions.rb +68 -0
  36. data/lib/pkcs11/helper.rb +144 -0
  37. data/lib/pkcs11/library.rb +140 -0
  38. data/lib/pkcs11/object.rb +171 -0
  39. data/lib/pkcs11/session.rb +765 -0
  40. data/lib/pkcs11/slot.rb +102 -0
  41. data/pkcs11_protect_server/Manifest.txt +14 -0
  42. data/pkcs11_protect_server/README_PROTECT_SERVER.rdoc +89 -0
  43. data/test/fixtures/softokn/cert8.db +0 -0
  44. data/test/fixtures/softokn/key3.db +0 -0
  45. data/test/fixtures/softokn/secmod.db +0 -0
  46. data/test/helper.rb +58 -0
  47. data/test/test_pkcs11.rb +71 -0
  48. data/test/test_pkcs11_crypt.rb +220 -0
  49. data/test/test_pkcs11_object.rb +122 -0
  50. data/test/test_pkcs11_session.rb +123 -0
  51. data/test/test_pkcs11_slot.rb +78 -0
  52. data/test/test_pkcs11_structs.rb +166 -0
  53. data/test/test_pkcs11_thread.rb +44 -0
  54. metadata +213 -0
  55. metadata.gz.sig +0 -0
@@ -0,0 +1,1885 @@
1
+ /* pkcs11t.h include file for PKCS #11. */
2
+ /* $Revision: 1.10 $ */
3
+
4
+ /* License to copy and use this software is granted provided that it is
5
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
6
+ * (Cryptoki)" in all material mentioning or referencing this software.
7
+
8
+ * License is also granted to make and use derivative works provided that
9
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
10
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
11
+ * referencing the derived work.
12
+
13
+ * RSA Security Inc. makes no representations concerning either the
14
+ * merchantability of this software or the suitability of this software for
15
+ * any particular purpose. It is provided "as is" without express or implied
16
+ * warranty of any kind.
17
+ */
18
+
19
+ /* See top of pkcs11.h for information about the macros that
20
+ * must be defined and the structure-packing conventions that
21
+ * must be set before including this file. */
22
+
23
+ #ifndef _PKCS11T_H_
24
+ #define _PKCS11T_H_ 1
25
+
26
+ #define CRYPTOKI_VERSION_MAJOR 2
27
+ #define CRYPTOKI_VERSION_MINOR 20
28
+ #define CRYPTOKI_VERSION_AMENDMENT 3
29
+
30
+ #define CK_TRUE 1
31
+ #define CK_FALSE 0
32
+
33
+ #ifndef CK_DISABLE_TRUE_FALSE
34
+ #ifndef FALSE
35
+ #define FALSE CK_FALSE
36
+ #endif
37
+
38
+ #ifndef TRUE
39
+ #define TRUE CK_TRUE
40
+ #endif
41
+ #endif
42
+
43
+ /* an unsigned 8-bit value */
44
+ typedef unsigned char CK_BYTE;
45
+
46
+ /* an unsigned 8-bit character */
47
+ typedef CK_BYTE CK_CHAR;
48
+
49
+ /* an 8-bit UTF-8 character */
50
+ typedef CK_BYTE CK_UTF8CHAR;
51
+
52
+ /* a BYTE-sized Boolean flag */
53
+ typedef CK_BYTE CK_BBOOL;
54
+
55
+ /* an unsigned value, at least 32 bits long */
56
+ typedef unsigned long int CK_ULONG;
57
+
58
+ /* a signed value, the same size as a CK_ULONG */
59
+ /* CK_LONG is new for v2.0 */
60
+ typedef long int CK_LONG;
61
+
62
+ /* at least 32 bits; each bit is a Boolean flag */
63
+ typedef CK_ULONG CK_FLAGS;
64
+
65
+
66
+ /* some special values for certain CK_ULONG variables */
67
+ #define CK_UNAVAILABLE_INFORMATION (~0UL)
68
+ #define CK_EFFECTIVELY_INFINITE 0
69
+
70
+
71
+ typedef CK_BYTE CK_PTR CK_BYTE_PTR;
72
+ typedef CK_CHAR CK_PTR CK_CHAR_PTR;
73
+ typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
74
+ typedef CK_ULONG CK_PTR CK_ULONG_PTR;
75
+ typedef void CK_PTR CK_VOID_PTR;
76
+
77
+ /* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
78
+ typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
79
+
80
+
81
+ /* The following value is always invalid if used as a session */
82
+ /* handle or object handle */
83
+ #define CK_INVALID_HANDLE 0
84
+
85
+
86
+ typedef struct CK_VERSION {
87
+ CK_BYTE major; /* integer portion of version number */
88
+ CK_BYTE minor; /* 1/100ths portion of version number */
89
+ } CK_VERSION;
90
+
91
+ typedef CK_VERSION CK_PTR CK_VERSION_PTR;
92
+
93
+
94
+ typedef struct CK_INFO {
95
+ /* manufacturerID and libraryDecription have been changed from
96
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
97
+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
98
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
99
+ CK_FLAGS flags; /* must be zero */
100
+
101
+ /* libraryDescription and libraryVersion are new for v2.0 */
102
+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
103
+ CK_VERSION libraryVersion; /* version of library */
104
+ } CK_INFO;
105
+
106
+ typedef CK_INFO CK_PTR CK_INFO_PTR;
107
+
108
+
109
+ /* CK_NOTIFICATION enumerates the types of notifications that
110
+ * Cryptoki provides to an application */
111
+ /* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
112
+ * for v2.0 */
113
+ typedef CK_ULONG CK_NOTIFICATION;
114
+ #define CKN_SURRENDER 0
115
+
116
+ /* The following notification is new for PKCS #11 v2.20 amendment 3 */
117
+ #define CKN_OTP_CHANGED 1
118
+
119
+
120
+ typedef CK_ULONG CK_SLOT_ID;
121
+
122
+ typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
123
+
124
+
125
+ /* CK_SLOT_INFO provides information about a slot */
126
+ typedef struct CK_SLOT_INFO {
127
+ /* slotDescription and manufacturerID have been changed from
128
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
129
+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
130
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
131
+ CK_FLAGS flags;
132
+
133
+ /* hardwareVersion and firmwareVersion are new for v2.0 */
134
+ CK_VERSION hardwareVersion; /* version of hardware */
135
+ CK_VERSION firmwareVersion; /* version of firmware */
136
+ } CK_SLOT_INFO;
137
+
138
+ /* flags: bit flags that provide capabilities of the slot
139
+ * Bit Flag Mask Meaning
140
+ */
141
+ #define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
142
+ #define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
143
+ #define CKF_HW_SLOT 0x00000004 /* hardware slot */
144
+
145
+ typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
146
+
147
+
148
+ /* CK_TOKEN_INFO provides information about a token */
149
+ typedef struct CK_TOKEN_INFO {
150
+ /* label, manufacturerID, and model have been changed from
151
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
152
+ CK_UTF8CHAR label[32]; /* blank padded */
153
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
154
+ CK_UTF8CHAR model[16]; /* blank padded */
155
+ CK_CHAR serialNumber[16]; /* blank padded */
156
+ CK_FLAGS flags; /* see below */
157
+
158
+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
159
+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
160
+ * changed from CK_USHORT to CK_ULONG for v2.0 */
161
+ CK_ULONG ulMaxSessionCount; /* max open sessions */
162
+ CK_ULONG ulSessionCount; /* sess. now open */
163
+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
164
+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
165
+ CK_ULONG ulMaxPinLen; /* in bytes */
166
+ CK_ULONG ulMinPinLen; /* in bytes */
167
+ CK_ULONG ulTotalPublicMemory; /* in bytes */
168
+ CK_ULONG ulFreePublicMemory; /* in bytes */
169
+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
170
+ CK_ULONG ulFreePrivateMemory; /* in bytes */
171
+
172
+ /* hardwareVersion, firmwareVersion, and time are new for
173
+ * v2.0 */
174
+ CK_VERSION hardwareVersion; /* version of hardware */
175
+ CK_VERSION firmwareVersion; /* version of firmware */
176
+ CK_CHAR utcTime[16]; /* time */
177
+ } CK_TOKEN_INFO;
178
+
179
+ /* The flags parameter is defined as follows:
180
+ * Bit Flag Mask Meaning
181
+ */
182
+ #define CKF_RNG 0x00000001 /* has random #
183
+ * generator */
184
+ #define CKF_WRITE_PROTECTED 0x00000002 /* token is
185
+ * write-
186
+ * protected */
187
+ #define CKF_LOGIN_REQUIRED 0x00000004 /* user must
188
+ * login */
189
+ #define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
190
+ * PIN is set */
191
+
192
+ /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
193
+ * that means that *every* time the state of cryptographic
194
+ * operations of a session is successfully saved, all keys
195
+ * needed to continue those operations are stored in the state */
196
+ #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
197
+
198
+ /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
199
+ * that the token has some sort of clock. The time on that
200
+ * clock is returned in the token info structure */
201
+ #define CKF_CLOCK_ON_TOKEN 0x00000040
202
+
203
+ /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
204
+ * set, that means that there is some way for the user to login
205
+ * without sending a PIN through the Cryptoki library itself */
206
+ #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
207
+
208
+ /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
209
+ * that means that a single session with the token can perform
210
+ * dual simultaneous cryptographic operations (digest and
211
+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
212
+ * and sign) */
213
+ #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
214
+
215
+ /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
216
+ * token has been initialized using C_InitializeToken or an
217
+ * equivalent mechanism outside the scope of PKCS #11.
218
+ * Calling C_InitializeToken when this flag is set will cause
219
+ * the token to be reinitialized. */
220
+ #define CKF_TOKEN_INITIALIZED 0x00000400
221
+
222
+ /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
223
+ * true, the token supports secondary authentication for
224
+ * private key objects. This flag is deprecated in v2.11 and
225
+ onwards. */
226
+ #define CKF_SECONDARY_AUTHENTICATION 0x00000800
227
+
228
+ /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
229
+ * incorrect user login PIN has been entered at least once
230
+ * since the last successful authentication. */
231
+ #define CKF_USER_PIN_COUNT_LOW 0x00010000
232
+
233
+ /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
234
+ * supplying an incorrect user PIN will it to become locked. */
235
+ #define CKF_USER_PIN_FINAL_TRY 0x00020000
236
+
237
+ /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
238
+ * user PIN has been locked. User login to the token is not
239
+ * possible. */
240
+ #define CKF_USER_PIN_LOCKED 0x00040000
241
+
242
+ /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
243
+ * the user PIN value is the default value set by token
244
+ * initialization or manufacturing, or the PIN has been
245
+ * expired by the card. */
246
+ #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
247
+
248
+ /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
249
+ * incorrect SO login PIN has been entered at least once since
250
+ * the last successful authentication. */
251
+ #define CKF_SO_PIN_COUNT_LOW 0x00100000
252
+
253
+ /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
254
+ * supplying an incorrect SO PIN will it to become locked. */
255
+ #define CKF_SO_PIN_FINAL_TRY 0x00200000
256
+
257
+ /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
258
+ * PIN has been locked. SO login to the token is not possible.
259
+ */
260
+ #define CKF_SO_PIN_LOCKED 0x00400000
261
+
262
+ /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
263
+ * the SO PIN value is the default value set by token
264
+ * initialization or manufacturing, or the PIN has been
265
+ * expired by the card. */
266
+ #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
267
+
268
+ typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
269
+
270
+
271
+ /* CK_SESSION_HANDLE is a Cryptoki-assigned value that
272
+ * identifies a session */
273
+ typedef CK_ULONG CK_SESSION_HANDLE;
274
+
275
+ typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
276
+
277
+
278
+ /* CK_USER_TYPE enumerates the types of Cryptoki users */
279
+ /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
280
+ * v2.0 */
281
+ typedef CK_ULONG CK_USER_TYPE;
282
+ /* Security Officer */
283
+ #define CKU_SO 0
284
+ /* Normal user */
285
+ #define CKU_USER 1
286
+ /* Context specific (added in v2.20) */
287
+ #define CKU_CONTEXT_SPECIFIC 2
288
+
289
+ /* CK_STATE enumerates the session states */
290
+ /* CK_STATE has been changed from an enum to a CK_ULONG for
291
+ * v2.0 */
292
+ typedef CK_ULONG CK_STATE;
293
+ #define CKS_RO_PUBLIC_SESSION 0
294
+ #define CKS_RO_USER_FUNCTIONS 1
295
+ #define CKS_RW_PUBLIC_SESSION 2
296
+ #define CKS_RW_USER_FUNCTIONS 3
297
+ #define CKS_RW_SO_FUNCTIONS 4
298
+
299
+
300
+ /* CK_SESSION_INFO provides information about a session */
301
+ typedef struct CK_SESSION_INFO {
302
+ CK_SLOT_ID slotID;
303
+ CK_STATE state;
304
+ CK_FLAGS flags; /* see below */
305
+
306
+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
307
+ * v2.0 */
308
+ CK_ULONG ulDeviceError; /* device-dependent error code */
309
+ } CK_SESSION_INFO;
310
+
311
+ /* The flags are defined in the following table:
312
+ * Bit Flag Mask Meaning
313
+ */
314
+ #define CKF_RW_SESSION 0x00000002 /* session is r/w */
315
+ #define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
316
+
317
+ typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
318
+
319
+
320
+ /* CK_OBJECT_HANDLE is a token-specific identifier for an
321
+ * object */
322
+ typedef CK_ULONG CK_OBJECT_HANDLE;
323
+
324
+ typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
325
+
326
+
327
+ /* CK_OBJECT_CLASS is a value that identifies the classes (or
328
+ * types) of objects that Cryptoki recognizes. It is defined
329
+ * as follows: */
330
+ /* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
331
+ * v2.0 */
332
+ typedef CK_ULONG CK_OBJECT_CLASS;
333
+
334
+ /* The following classes of objects are defined: */
335
+ /* CKO_HW_FEATURE is new for v2.10 */
336
+ /* CKO_DOMAIN_PARAMETERS is new for v2.11 */
337
+ /* CKO_MECHANISM is new for v2.20 */
338
+ #define CKO_DATA 0x00000000
339
+ #define CKO_CERTIFICATE 0x00000001
340
+ #define CKO_PUBLIC_KEY 0x00000002
341
+ #define CKO_PRIVATE_KEY 0x00000003
342
+ #define CKO_SECRET_KEY 0x00000004
343
+ #define CKO_HW_FEATURE 0x00000005
344
+ #define CKO_DOMAIN_PARAMETERS 0x00000006
345
+ #define CKO_MECHANISM 0x00000007
346
+
347
+ /* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
348
+ #define CKO_OTP_KEY 0x00000008
349
+
350
+ #define CKO_VENDOR_DEFINED 0x80000000
351
+
352
+ typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
353
+
354
+ /* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
355
+ * value that identifies the hardware feature type of an object
356
+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
357
+ typedef CK_ULONG CK_HW_FEATURE_TYPE;
358
+
359
+ /* The following hardware feature types are defined */
360
+ /* CKH_USER_INTERFACE is new for v2.20 */
361
+ #define CKH_MONOTONIC_COUNTER 0x00000001
362
+ #define CKH_CLOCK 0x00000002
363
+ #define CKH_USER_INTERFACE 0x00000003
364
+ #define CKH_VENDOR_DEFINED 0x80000000
365
+
366
+ /* CK_KEY_TYPE is a value that identifies a key type */
367
+ /* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
368
+ typedef CK_ULONG CK_KEY_TYPE;
369
+
370
+ /* the following key types are defined: */
371
+ #define CKK_RSA 0x00000000
372
+ #define CKK_DSA 0x00000001
373
+ #define CKK_DH 0x00000002
374
+
375
+ /* CKK_ECDSA and CKK_KEA are new for v2.0 */
376
+ /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
377
+ #define CKK_ECDSA 0x00000003
378
+ #define CKK_EC 0x00000003
379
+ #define CKK_X9_42_DH 0x00000004
380
+ #define CKK_KEA 0x00000005
381
+
382
+ #define CKK_GENERIC_SECRET 0x00000010
383
+ #define CKK_RC2 0x00000011
384
+ #define CKK_RC4 0x00000012
385
+ #define CKK_DES 0x00000013
386
+ #define CKK_DES2 0x00000014
387
+ #define CKK_DES3 0x00000015
388
+
389
+ /* all these key types are new for v2.0 */
390
+ #define CKK_CAST 0x00000016
391
+ #define CKK_CAST3 0x00000017
392
+ /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
393
+ #define CKK_CAST5 0x00000018
394
+ #define CKK_CAST128 0x00000018
395
+ #define CKK_RC5 0x00000019
396
+ #define CKK_IDEA 0x0000001A
397
+ #define CKK_SKIPJACK 0x0000001B
398
+ #define CKK_BATON 0x0000001C
399
+ #define CKK_JUNIPER 0x0000001D
400
+ #define CKK_CDMF 0x0000001E
401
+ #define CKK_AES 0x0000001F
402
+
403
+ /* BlowFish and TwoFish are new for v2.20 */
404
+ #define CKK_BLOWFISH 0x00000020
405
+ #define CKK_TWOFISH 0x00000021
406
+
407
+ /* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
408
+ #define CKK_SECURID 0x00000022
409
+ #define CKK_HOTP 0x00000023
410
+ #define CKK_ACTI 0x00000024
411
+
412
+ /* Camellia is new for PKCS #11 v2.20 amendment 3 */
413
+ #define CKK_CAMELLIA 0x00000025
414
+ /* ARIA is new for PKCS #11 v2.20 amendment 3 */
415
+ #define CKK_ARIA 0x00000026
416
+
417
+
418
+ #define CKK_VENDOR_DEFINED 0x80000000
419
+
420
+
421
+ /* CK_CERTIFICATE_TYPE is a value that identifies a certificate
422
+ * type */
423
+ /* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
424
+ * for v2.0 */
425
+ typedef CK_ULONG CK_CERTIFICATE_TYPE;
426
+
427
+ /* The following certificate types are defined: */
428
+ /* CKC_X_509_ATTR_CERT is new for v2.10 */
429
+ /* CKC_WTLS is new for v2.20 */
430
+ #define CKC_X_509 0x00000000
431
+ #define CKC_X_509_ATTR_CERT 0x00000001
432
+ #define CKC_WTLS 0x00000002
433
+ #define CKC_VENDOR_DEFINED 0x80000000
434
+
435
+
436
+ /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
437
+ * type */
438
+ /* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
439
+ * v2.0 */
440
+ typedef CK_ULONG CK_ATTRIBUTE_TYPE;
441
+
442
+ /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
443
+ consists of an array of values. */
444
+ #define CKF_ARRAY_ATTRIBUTE 0x40000000
445
+
446
+ /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
447
+ and relates to the CKA_OTP_FORMAT attribute */
448
+ #define CK_OTP_FORMAT_DECIMAL 0
449
+ #define CK_OTP_FORMAT_HEXADECIMAL 1
450
+ #define CK_OTP_FORMAT_ALPHANUMERIC 2
451
+ #define CK_OTP_FORMAT_BINARY 3
452
+
453
+ /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
454
+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
455
+ #define CK_OTP_PARAM_IGNORED 0
456
+ #define CK_OTP_PARAM_OPTIONAL 1
457
+ #define CK_OTP_PARAM_MANDATORY 2
458
+
459
+ /* The following attribute types are defined: */
460
+ #define CKA_CLASS 0x00000000
461
+ #define CKA_TOKEN 0x00000001
462
+ #define CKA_PRIVATE 0x00000002
463
+ #define CKA_LABEL 0x00000003
464
+ #define CKA_APPLICATION 0x00000010
465
+ #define CKA_VALUE 0x00000011
466
+
467
+ /* CKA_OBJECT_ID is new for v2.10 */
468
+ #define CKA_OBJECT_ID 0x00000012
469
+
470
+ #define CKA_CERTIFICATE_TYPE 0x00000080
471
+ #define CKA_ISSUER 0x00000081
472
+ #define CKA_SERIAL_NUMBER 0x00000082
473
+
474
+ /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
475
+ * for v2.10 */
476
+ #define CKA_AC_ISSUER 0x00000083
477
+ #define CKA_OWNER 0x00000084
478
+ #define CKA_ATTR_TYPES 0x00000085
479
+
480
+ /* CKA_TRUSTED is new for v2.11 */
481
+ #define CKA_TRUSTED 0x00000086
482
+
483
+ /* CKA_CERTIFICATE_CATEGORY ...
484
+ * CKA_CHECK_VALUE are new for v2.20 */
485
+ #define CKA_CERTIFICATE_CATEGORY 0x00000087
486
+ #define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
487
+ #define CKA_URL 0x00000089
488
+ #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
489
+ #define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
490
+ #define CKA_CHECK_VALUE 0x00000090
491
+
492
+ #define CKA_KEY_TYPE 0x00000100
493
+ #define CKA_SUBJECT 0x00000101
494
+ #define CKA_ID 0x00000102
495
+ #define CKA_SENSITIVE 0x00000103
496
+ #define CKA_ENCRYPT 0x00000104
497
+ #define CKA_DECRYPT 0x00000105
498
+ #define CKA_WRAP 0x00000106
499
+ #define CKA_UNWRAP 0x00000107
500
+ #define CKA_SIGN 0x00000108
501
+ #define CKA_SIGN_RECOVER 0x00000109
502
+ #define CKA_VERIFY 0x0000010A
503
+ #define CKA_VERIFY_RECOVER 0x0000010B
504
+ #define CKA_DERIVE 0x0000010C
505
+ #define CKA_START_DATE 0x00000110
506
+ #define CKA_END_DATE 0x00000111
507
+ #define CKA_MODULUS 0x00000120
508
+ #define CKA_MODULUS_BITS 0x00000121
509
+ #define CKA_PUBLIC_EXPONENT 0x00000122
510
+ #define CKA_PRIVATE_EXPONENT 0x00000123
511
+ #define CKA_PRIME_1 0x00000124
512
+ #define CKA_PRIME_2 0x00000125
513
+ #define CKA_EXPONENT_1 0x00000126
514
+ #define CKA_EXPONENT_2 0x00000127
515
+ #define CKA_COEFFICIENT 0x00000128
516
+ #define CKA_PRIME 0x00000130
517
+ #define CKA_SUBPRIME 0x00000131
518
+ #define CKA_BASE 0x00000132
519
+
520
+ /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
521
+ #define CKA_PRIME_BITS 0x00000133
522
+ #define CKA_SUBPRIME_BITS 0x00000134
523
+ #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
524
+ /* (To retain backwards-compatibility) */
525
+
526
+ #define CKA_VALUE_BITS 0x00000160
527
+ #define CKA_VALUE_LEN 0x00000161
528
+
529
+ /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
530
+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
531
+ * and CKA_EC_POINT are new for v2.0 */
532
+ #define CKA_EXTRACTABLE 0x00000162
533
+ #define CKA_LOCAL 0x00000163
534
+ #define CKA_NEVER_EXTRACTABLE 0x00000164
535
+ #define CKA_ALWAYS_SENSITIVE 0x00000165
536
+
537
+ /* CKA_KEY_GEN_MECHANISM is new for v2.11 */
538
+ #define CKA_KEY_GEN_MECHANISM 0x00000166
539
+
540
+ #define CKA_MODIFIABLE 0x00000170
541
+
542
+ /* CKA_ECDSA_PARAMS is deprecated in v2.11,
543
+ * CKA_EC_PARAMS is preferred. */
544
+ #define CKA_ECDSA_PARAMS 0x00000180
545
+ #define CKA_EC_PARAMS 0x00000180
546
+
547
+ #define CKA_EC_POINT 0x00000181
548
+
549
+ /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
550
+ * are new for v2.10. Deprecated in v2.11 and onwards. */
551
+ #define CKA_SECONDARY_AUTH 0x00000200
552
+ #define CKA_AUTH_PIN_FLAGS 0x00000201
553
+
554
+ /* CKA_ALWAYS_AUTHENTICATE ...
555
+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
556
+ #define CKA_ALWAYS_AUTHENTICATE 0x00000202
557
+
558
+ #define CKA_WRAP_WITH_TRUSTED 0x00000210
559
+ #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
560
+ #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
561
+
562
+ /* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
563
+ #define CKA_OTP_FORMAT 0x00000220
564
+ #define CKA_OTP_LENGTH 0x00000221
565
+ #define CKA_OTP_TIME_INTERVAL 0x00000222
566
+ #define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
567
+ #define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
568
+ #define CKA_OTP_TIME_REQUIREMENT 0x00000225
569
+ #define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
570
+ #define CKA_OTP_PIN_REQUIREMENT 0x00000227
571
+ #define CKA_OTP_COUNTER 0x0000022E
572
+ #define CKA_OTP_TIME 0x0000022F
573
+ #define CKA_OTP_USER_IDENTIFIER 0x0000022A
574
+ #define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
575
+ #define CKA_OTP_SERVICE_LOGO 0x0000022C
576
+ #define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
577
+
578
+
579
+ /* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
580
+ * are new for v2.10 */
581
+ #define CKA_HW_FEATURE_TYPE 0x00000300
582
+ #define CKA_RESET_ON_INIT 0x00000301
583
+ #define CKA_HAS_RESET 0x00000302
584
+
585
+ /* The following attributes are new for v2.20 */
586
+ #define CKA_PIXEL_X 0x00000400
587
+ #define CKA_PIXEL_Y 0x00000401
588
+ #define CKA_RESOLUTION 0x00000402
589
+ #define CKA_CHAR_ROWS 0x00000403
590
+ #define CKA_CHAR_COLUMNS 0x00000404
591
+ #define CKA_COLOR 0x00000405
592
+ #define CKA_BITS_PER_PIXEL 0x00000406
593
+ #define CKA_CHAR_SETS 0x00000480
594
+ #define CKA_ENCODING_METHODS 0x00000481
595
+ #define CKA_MIME_TYPES 0x00000482
596
+ #define CKA_MECHANISM_TYPE 0x00000500
597
+ #define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
598
+ #define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
599
+ #define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
600
+ #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
601
+
602
+ #define CKA_VENDOR_DEFINED 0x80000000
603
+
604
+ /* CK_ATTRIBUTE is a structure that includes the type, length
605
+ * and value of an attribute */
606
+ typedef struct CK_ATTRIBUTE {
607
+ CK_ATTRIBUTE_TYPE type;
608
+ CK_VOID_PTR pValue;
609
+
610
+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
611
+ CK_ULONG ulValueLen; /* in bytes */
612
+ } CK_ATTRIBUTE;
613
+
614
+ typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
615
+
616
+
617
+ /* CK_DATE is a structure that defines a date */
618
+ typedef struct CK_DATE{
619
+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
620
+ CK_CHAR month[2]; /* the month ("01" - "12") */
621
+ CK_CHAR day[2]; /* the day ("01" - "31") */
622
+ } CK_DATE;
623
+
624
+
625
+ /* CK_MECHANISM_TYPE is a value that identifies a mechanism
626
+ * type */
627
+ /* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
628
+ * v2.0 */
629
+ typedef CK_ULONG CK_MECHANISM_TYPE;
630
+
631
+ /* the following mechanism types are defined: */
632
+ #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
633
+ #define CKM_RSA_PKCS 0x00000001
634
+ #define CKM_RSA_9796 0x00000002
635
+ #define CKM_RSA_X_509 0x00000003
636
+
637
+ /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
638
+ * are new for v2.0. They are mechanisms which hash and sign */
639
+ #define CKM_MD2_RSA_PKCS 0x00000004
640
+ #define CKM_MD5_RSA_PKCS 0x00000005
641
+ #define CKM_SHA1_RSA_PKCS 0x00000006
642
+
643
+ /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
644
+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
645
+ #define CKM_RIPEMD128_RSA_PKCS 0x00000007
646
+ #define CKM_RIPEMD160_RSA_PKCS 0x00000008
647
+ #define CKM_RSA_PKCS_OAEP 0x00000009
648
+
649
+ /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
650
+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
651
+ #define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
652
+ #define CKM_RSA_X9_31 0x0000000B
653
+ #define CKM_SHA1_RSA_X9_31 0x0000000C
654
+ #define CKM_RSA_PKCS_PSS 0x0000000D
655
+ #define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
656
+
657
+ #define CKM_DSA_KEY_PAIR_GEN 0x00000010
658
+ #define CKM_DSA 0x00000011
659
+ #define CKM_DSA_SHA1 0x00000012
660
+ #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
661
+ #define CKM_DH_PKCS_DERIVE 0x00000021
662
+
663
+ /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
664
+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
665
+ * v2.11 */
666
+ #define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
667
+ #define CKM_X9_42_DH_DERIVE 0x00000031
668
+ #define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
669
+ #define CKM_X9_42_MQV_DERIVE 0x00000033
670
+
671
+ /* CKM_SHA256/384/512 are new for v2.20 */
672
+ #define CKM_SHA256_RSA_PKCS 0x00000040
673
+ #define CKM_SHA384_RSA_PKCS 0x00000041
674
+ #define CKM_SHA512_RSA_PKCS 0x00000042
675
+ #define CKM_SHA256_RSA_PKCS_PSS 0x00000043
676
+ #define CKM_SHA384_RSA_PKCS_PSS 0x00000044
677
+ #define CKM_SHA512_RSA_PKCS_PSS 0x00000045
678
+
679
+ /* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
680
+ #define CKM_SHA224_RSA_PKCS 0x00000046
681
+ #define CKM_SHA224_RSA_PKCS_PSS 0x00000047
682
+
683
+ #define CKM_RC2_KEY_GEN 0x00000100
684
+ #define CKM_RC2_ECB 0x00000101
685
+ #define CKM_RC2_CBC 0x00000102
686
+ #define CKM_RC2_MAC 0x00000103
687
+
688
+ /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
689
+ #define CKM_RC2_MAC_GENERAL 0x00000104
690
+ #define CKM_RC2_CBC_PAD 0x00000105
691
+
692
+ #define CKM_RC4_KEY_GEN 0x00000110
693
+ #define CKM_RC4 0x00000111
694
+ #define CKM_DES_KEY_GEN 0x00000120
695
+ #define CKM_DES_ECB 0x00000121
696
+ #define CKM_DES_CBC 0x00000122
697
+ #define CKM_DES_MAC 0x00000123
698
+
699
+ /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
700
+ #define CKM_DES_MAC_GENERAL 0x00000124
701
+ #define CKM_DES_CBC_PAD 0x00000125
702
+
703
+ #define CKM_DES2_KEY_GEN 0x00000130
704
+ #define CKM_DES3_KEY_GEN 0x00000131
705
+ #define CKM_DES3_ECB 0x00000132
706
+ #define CKM_DES3_CBC 0x00000133
707
+ #define CKM_DES3_MAC 0x00000134
708
+
709
+ /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
710
+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
711
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
712
+ #define CKM_DES3_MAC_GENERAL 0x00000135
713
+ #define CKM_DES3_CBC_PAD 0x00000136
714
+ #define CKM_CDMF_KEY_GEN 0x00000140
715
+ #define CKM_CDMF_ECB 0x00000141
716
+ #define CKM_CDMF_CBC 0x00000142
717
+ #define CKM_CDMF_MAC 0x00000143
718
+ #define CKM_CDMF_MAC_GENERAL 0x00000144
719
+ #define CKM_CDMF_CBC_PAD 0x00000145
720
+
721
+ /* the following four DES mechanisms are new for v2.20 */
722
+ #define CKM_DES_OFB64 0x00000150
723
+ #define CKM_DES_OFB8 0x00000151
724
+ #define CKM_DES_CFB64 0x00000152
725
+ #define CKM_DES_CFB8 0x00000153
726
+
727
+ #define CKM_MD2 0x00000200
728
+
729
+ /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
730
+ #define CKM_MD2_HMAC 0x00000201
731
+ #define CKM_MD2_HMAC_GENERAL 0x00000202
732
+
733
+ #define CKM_MD5 0x00000210
734
+
735
+ /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
736
+ #define CKM_MD5_HMAC 0x00000211
737
+ #define CKM_MD5_HMAC_GENERAL 0x00000212
738
+
739
+ #define CKM_SHA_1 0x00000220
740
+
741
+ /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
742
+ #define CKM_SHA_1_HMAC 0x00000221
743
+ #define CKM_SHA_1_HMAC_GENERAL 0x00000222
744
+
745
+ /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
746
+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
747
+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
748
+ #define CKM_RIPEMD128 0x00000230
749
+ #define CKM_RIPEMD128_HMAC 0x00000231
750
+ #define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
751
+ #define CKM_RIPEMD160 0x00000240
752
+ #define CKM_RIPEMD160_HMAC 0x00000241
753
+ #define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
754
+
755
+ /* CKM_SHA256/384/512 are new for v2.20 */
756
+ #define CKM_SHA256 0x00000250
757
+ #define CKM_SHA256_HMAC 0x00000251
758
+ #define CKM_SHA256_HMAC_GENERAL 0x00000252
759
+
760
+ /* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
761
+ #define CKM_SHA224 0x00000255
762
+ #define CKM_SHA224_HMAC 0x00000256
763
+ #define CKM_SHA224_HMAC_GENERAL 0x00000257
764
+
765
+ #define CKM_SHA384 0x00000260
766
+ #define CKM_SHA384_HMAC 0x00000261
767
+ #define CKM_SHA384_HMAC_GENERAL 0x00000262
768
+ #define CKM_SHA512 0x00000270
769
+ #define CKM_SHA512_HMAC 0x00000271
770
+ #define CKM_SHA512_HMAC_GENERAL 0x00000272
771
+
772
+ /* SecurID is new for PKCS #11 v2.20 amendment 1 */
773
+ #define CKM_SECURID_KEY_GEN 0x00000280
774
+ #define CKM_SECURID 0x00000282
775
+
776
+ /* HOTP is new for PKCS #11 v2.20 amendment 1 */
777
+ #define CKM_HOTP_KEY_GEN 0x00000290
778
+ #define CKM_HOTP 0x00000291
779
+
780
+ /* ACTI is new for PKCS #11 v2.20 amendment 1 */
781
+ #define CKM_ACTI 0x000002A0
782
+ #define CKM_ACTI_KEY_GEN 0x000002A1
783
+
784
+ /* All of the following mechanisms are new for v2.0 */
785
+ /* Note that CAST128 and CAST5 are the same algorithm */
786
+ #define CKM_CAST_KEY_GEN 0x00000300
787
+ #define CKM_CAST_ECB 0x00000301
788
+ #define CKM_CAST_CBC 0x00000302
789
+ #define CKM_CAST_MAC 0x00000303
790
+ #define CKM_CAST_MAC_GENERAL 0x00000304
791
+ #define CKM_CAST_CBC_PAD 0x00000305
792
+ #define CKM_CAST3_KEY_GEN 0x00000310
793
+ #define CKM_CAST3_ECB 0x00000311
794
+ #define CKM_CAST3_CBC 0x00000312
795
+ #define CKM_CAST3_MAC 0x00000313
796
+ #define CKM_CAST3_MAC_GENERAL 0x00000314
797
+ #define CKM_CAST3_CBC_PAD 0x00000315
798
+ #define CKM_CAST5_KEY_GEN 0x00000320
799
+ #define CKM_CAST128_KEY_GEN 0x00000320
800
+ #define CKM_CAST5_ECB 0x00000321
801
+ #define CKM_CAST128_ECB 0x00000321
802
+ #define CKM_CAST5_CBC 0x00000322
803
+ #define CKM_CAST128_CBC 0x00000322
804
+ #define CKM_CAST5_MAC 0x00000323
805
+ #define CKM_CAST128_MAC 0x00000323
806
+ #define CKM_CAST5_MAC_GENERAL 0x00000324
807
+ #define CKM_CAST128_MAC_GENERAL 0x00000324
808
+ #define CKM_CAST5_CBC_PAD 0x00000325
809
+ #define CKM_CAST128_CBC_PAD 0x00000325
810
+ #define CKM_RC5_KEY_GEN 0x00000330
811
+ #define CKM_RC5_ECB 0x00000331
812
+ #define CKM_RC5_CBC 0x00000332
813
+ #define CKM_RC5_MAC 0x00000333
814
+ #define CKM_RC5_MAC_GENERAL 0x00000334
815
+ #define CKM_RC5_CBC_PAD 0x00000335
816
+ #define CKM_IDEA_KEY_GEN 0x00000340
817
+ #define CKM_IDEA_ECB 0x00000341
818
+ #define CKM_IDEA_CBC 0x00000342
819
+ #define CKM_IDEA_MAC 0x00000343
820
+ #define CKM_IDEA_MAC_GENERAL 0x00000344
821
+ #define CKM_IDEA_CBC_PAD 0x00000345
822
+ #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
823
+ #define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
824
+ #define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
825
+ #define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
826
+ #define CKM_XOR_BASE_AND_DATA 0x00000364
827
+ #define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
828
+ #define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
829
+ #define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
830
+ #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
831
+
832
+ /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
833
+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
834
+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
835
+ #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
836
+ #define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
837
+ #define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
838
+ #define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
839
+ #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
840
+
841
+ /* CKM_TLS_PRF is new for v2.20 */
842
+ #define CKM_TLS_PRF 0x00000378
843
+
844
+ #define CKM_SSL3_MD5_MAC 0x00000380
845
+ #define CKM_SSL3_SHA1_MAC 0x00000381
846
+ #define CKM_MD5_KEY_DERIVATION 0x00000390
847
+ #define CKM_MD2_KEY_DERIVATION 0x00000391
848
+ #define CKM_SHA1_KEY_DERIVATION 0x00000392
849
+
850
+ /* CKM_SHA256/384/512 are new for v2.20 */
851
+ #define CKM_SHA256_KEY_DERIVATION 0x00000393
852
+ #define CKM_SHA384_KEY_DERIVATION 0x00000394
853
+ #define CKM_SHA512_KEY_DERIVATION 0x00000395
854
+
855
+ /* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
856
+ #define CKM_SHA224_KEY_DERIVATION 0x00000396
857
+
858
+ #define CKM_PBE_MD2_DES_CBC 0x000003A0
859
+ #define CKM_PBE_MD5_DES_CBC 0x000003A1
860
+ #define CKM_PBE_MD5_CAST_CBC 0x000003A2
861
+ #define CKM_PBE_MD5_CAST3_CBC 0x000003A3
862
+ #define CKM_PBE_MD5_CAST5_CBC 0x000003A4
863
+ #define CKM_PBE_MD5_CAST128_CBC 0x000003A4
864
+ #define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
865
+ #define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
866
+ #define CKM_PBE_SHA1_RC4_128 0x000003A6
867
+ #define CKM_PBE_SHA1_RC4_40 0x000003A7
868
+ #define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
869
+ #define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
870
+ #define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
871
+ #define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
872
+
873
+ /* CKM_PKCS5_PBKD2 is new for v2.10 */
874
+ #define CKM_PKCS5_PBKD2 0x000003B0
875
+
876
+ #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
877
+
878
+ /* WTLS mechanisms are new for v2.20 */
879
+ #define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
880
+ #define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
881
+ #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
882
+ #define CKM_WTLS_PRF 0x000003D3
883
+ #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
884
+ #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
885
+
886
+ #define CKM_KEY_WRAP_LYNKS 0x00000400
887
+ #define CKM_KEY_WRAP_SET_OAEP 0x00000401
888
+
889
+ /* CKM_CMS_SIG is new for v2.20 */
890
+ #define CKM_CMS_SIG 0x00000500
891
+
892
+ /* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
893
+ #define CKM_KIP_DERIVE 0x00000510
894
+ #define CKM_KIP_WRAP 0x00000511
895
+ #define CKM_KIP_MAC 0x00000512
896
+
897
+ /* Camellia is new for PKCS #11 v2.20 amendment 3 */
898
+ #define CKM_CAMELLIA_KEY_GEN 0x00000550
899
+ #define CKM_CAMELLIA_ECB 0x00000551
900
+ #define CKM_CAMELLIA_CBC 0x00000552
901
+ #define CKM_CAMELLIA_MAC 0x00000553
902
+ #define CKM_CAMELLIA_MAC_GENERAL 0x00000554
903
+ #define CKM_CAMELLIA_CBC_PAD 0x00000555
904
+ #define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
905
+ #define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
906
+ #define CKM_CAMELLIA_CTR 0x00000558
907
+
908
+ /* ARIA is new for PKCS #11 v2.20 amendment 3 */
909
+ #define CKM_ARIA_KEY_GEN 0x00000560
910
+ #define CKM_ARIA_ECB 0x00000561
911
+ #define CKM_ARIA_CBC 0x00000562
912
+ #define CKM_ARIA_MAC 0x00000563
913
+ #define CKM_ARIA_MAC_GENERAL 0x00000564
914
+ #define CKM_ARIA_CBC_PAD 0x00000565
915
+ #define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
916
+ #define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
917
+
918
+ /* Fortezza mechanisms */
919
+ #define CKM_SKIPJACK_KEY_GEN 0x00001000
920
+ #define CKM_SKIPJACK_ECB64 0x00001001
921
+ #define CKM_SKIPJACK_CBC64 0x00001002
922
+ #define CKM_SKIPJACK_OFB64 0x00001003
923
+ #define CKM_SKIPJACK_CFB64 0x00001004
924
+ #define CKM_SKIPJACK_CFB32 0x00001005
925
+ #define CKM_SKIPJACK_CFB16 0x00001006
926
+ #define CKM_SKIPJACK_CFB8 0x00001007
927
+ #define CKM_SKIPJACK_WRAP 0x00001008
928
+ #define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
929
+ #define CKM_SKIPJACK_RELAYX 0x0000100a
930
+ #define CKM_KEA_KEY_PAIR_GEN 0x00001010
931
+ #define CKM_KEA_KEY_DERIVE 0x00001011
932
+ #define CKM_FORTEZZA_TIMESTAMP 0x00001020
933
+ #define CKM_BATON_KEY_GEN 0x00001030
934
+ #define CKM_BATON_ECB128 0x00001031
935
+ #define CKM_BATON_ECB96 0x00001032
936
+ #define CKM_BATON_CBC128 0x00001033
937
+ #define CKM_BATON_COUNTER 0x00001034
938
+ #define CKM_BATON_SHUFFLE 0x00001035
939
+ #define CKM_BATON_WRAP 0x00001036
940
+
941
+ /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
942
+ * CKM_EC_KEY_PAIR_GEN is preferred */
943
+ #define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
944
+ #define CKM_EC_KEY_PAIR_GEN 0x00001040
945
+
946
+ #define CKM_ECDSA 0x00001041
947
+ #define CKM_ECDSA_SHA1 0x00001042
948
+
949
+ /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
950
+ * are new for v2.11 */
951
+ #define CKM_ECDH1_DERIVE 0x00001050
952
+ #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
953
+ #define CKM_ECMQV_DERIVE 0x00001052
954
+
955
+ #define CKM_JUNIPER_KEY_GEN 0x00001060
956
+ #define CKM_JUNIPER_ECB128 0x00001061
957
+ #define CKM_JUNIPER_CBC128 0x00001062
958
+ #define CKM_JUNIPER_COUNTER 0x00001063
959
+ #define CKM_JUNIPER_SHUFFLE 0x00001064
960
+ #define CKM_JUNIPER_WRAP 0x00001065
961
+ #define CKM_FASTHASH 0x00001070
962
+
963
+ /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
964
+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
965
+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
966
+ * new for v2.11 */
967
+ #define CKM_AES_KEY_GEN 0x00001080
968
+ #define CKM_AES_ECB 0x00001081
969
+ #define CKM_AES_CBC 0x00001082
970
+ #define CKM_AES_MAC 0x00001083
971
+ #define CKM_AES_MAC_GENERAL 0x00001084
972
+ #define CKM_AES_CBC_PAD 0x00001085
973
+
974
+ /* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
975
+ #define CKM_AES_CTR 0x00001086
976
+
977
+ /* BlowFish and TwoFish are new for v2.20 */
978
+ #define CKM_BLOWFISH_KEY_GEN 0x00001090
979
+ #define CKM_BLOWFISH_CBC 0x00001091
980
+ #define CKM_TWOFISH_KEY_GEN 0x00001092
981
+ #define CKM_TWOFISH_CBC 0x00001093
982
+
983
+
984
+ /* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
985
+ #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
986
+ #define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
987
+ #define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
988
+ #define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
989
+ #define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
990
+ #define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
991
+
992
+ #define CKM_DSA_PARAMETER_GEN 0x00002000
993
+ #define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
994
+ #define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
995
+
996
+ #define CKM_VENDOR_DEFINED 0x80000000
997
+
998
+ typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
999
+
1000
+
1001
+ /* CK_MECHANISM is a structure that specifies a particular
1002
+ * mechanism */
1003
+ typedef struct CK_MECHANISM {
1004
+ CK_MECHANISM_TYPE mechanism;
1005
+ CK_VOID_PTR pParameter;
1006
+
1007
+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
1008
+ * v2.0 */
1009
+ CK_ULONG ulParameterLen; /* in bytes */
1010
+ } CK_MECHANISM;
1011
+
1012
+ typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
1013
+
1014
+
1015
+ /* CK_MECHANISM_INFO provides information about a particular
1016
+ * mechanism */
1017
+ typedef struct CK_MECHANISM_INFO {
1018
+ CK_ULONG ulMinKeySize;
1019
+ CK_ULONG ulMaxKeySize;
1020
+ CK_FLAGS flags;
1021
+ } CK_MECHANISM_INFO;
1022
+
1023
+ /* The flags are defined as follows:
1024
+ * Bit Flag Mask Meaning */
1025
+ #define CKF_HW 0x00000001 /* performed by HW */
1026
+
1027
+ /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
1028
+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
1029
+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
1030
+ * and CKF_DERIVE are new for v2.0. They specify whether or not
1031
+ * a mechanism can be used for a particular task */
1032
+ #define CKF_ENCRYPT 0x00000100
1033
+ #define CKF_DECRYPT 0x00000200
1034
+ #define CKF_DIGEST 0x00000400
1035
+ #define CKF_SIGN 0x00000800
1036
+ #define CKF_SIGN_RECOVER 0x00001000
1037
+ #define CKF_VERIFY 0x00002000
1038
+ #define CKF_VERIFY_RECOVER 0x00004000
1039
+ #define CKF_GENERATE 0x00008000
1040
+ #define CKF_GENERATE_KEY_PAIR 0x00010000
1041
+ #define CKF_WRAP 0x00020000
1042
+ #define CKF_UNWRAP 0x00040000
1043
+ #define CKF_DERIVE 0x00080000
1044
+
1045
+ /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
1046
+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
1047
+ * describe a token's EC capabilities not available in mechanism
1048
+ * information. */
1049
+ #define CKF_EC_F_P 0x00100000
1050
+ #define CKF_EC_F_2M 0x00200000
1051
+ #define CKF_EC_ECPARAMETERS 0x00400000
1052
+ #define CKF_EC_NAMEDCURVE 0x00800000
1053
+ #define CKF_EC_UNCOMPRESS 0x01000000
1054
+ #define CKF_EC_COMPRESS 0x02000000
1055
+
1056
+ #define CKF_EXTENSION 0x80000000 /* FALSE for this version */
1057
+
1058
+ typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
1059
+
1060
+
1061
+ /* CK_RV is a value that identifies the return value of a
1062
+ * Cryptoki function */
1063
+ /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
1064
+ typedef CK_ULONG CK_RV;
1065
+
1066
+ #define CKR_OK 0x00000000
1067
+ #define CKR_CANCEL 0x00000001
1068
+ #define CKR_HOST_MEMORY 0x00000002
1069
+ #define CKR_SLOT_ID_INVALID 0x00000003
1070
+
1071
+ /* CKR_FLAGS_INVALID was removed for v2.0 */
1072
+
1073
+ /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
1074
+ #define CKR_GENERAL_ERROR 0x00000005
1075
+ #define CKR_FUNCTION_FAILED 0x00000006
1076
+
1077
+ /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
1078
+ * and CKR_CANT_LOCK are new for v2.01 */
1079
+ #define CKR_ARGUMENTS_BAD 0x00000007
1080
+ #define CKR_NO_EVENT 0x00000008
1081
+ #define CKR_NEED_TO_CREATE_THREADS 0x00000009
1082
+ #define CKR_CANT_LOCK 0x0000000A
1083
+
1084
+ #define CKR_ATTRIBUTE_READ_ONLY 0x00000010
1085
+ #define CKR_ATTRIBUTE_SENSITIVE 0x00000011
1086
+ #define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
1087
+ #define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
1088
+ #define CKR_DATA_INVALID 0x00000020
1089
+ #define CKR_DATA_LEN_RANGE 0x00000021
1090
+ #define CKR_DEVICE_ERROR 0x00000030
1091
+ #define CKR_DEVICE_MEMORY 0x00000031
1092
+ #define CKR_DEVICE_REMOVED 0x00000032
1093
+ #define CKR_ENCRYPTED_DATA_INVALID 0x00000040
1094
+ #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
1095
+ #define CKR_FUNCTION_CANCELED 0x00000050
1096
+ #define CKR_FUNCTION_NOT_PARALLEL 0x00000051
1097
+
1098
+ /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
1099
+ #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
1100
+
1101
+ #define CKR_KEY_HANDLE_INVALID 0x00000060
1102
+
1103
+ /* CKR_KEY_SENSITIVE was removed for v2.0 */
1104
+
1105
+ #define CKR_KEY_SIZE_RANGE 0x00000062
1106
+ #define CKR_KEY_TYPE_INCONSISTENT 0x00000063
1107
+
1108
+ /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
1109
+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
1110
+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
1111
+ * v2.0 */
1112
+ #define CKR_KEY_NOT_NEEDED 0x00000064
1113
+ #define CKR_KEY_CHANGED 0x00000065
1114
+ #define CKR_KEY_NEEDED 0x00000066
1115
+ #define CKR_KEY_INDIGESTIBLE 0x00000067
1116
+ #define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
1117
+ #define CKR_KEY_NOT_WRAPPABLE 0x00000069
1118
+ #define CKR_KEY_UNEXTRACTABLE 0x0000006A
1119
+
1120
+ #define CKR_MECHANISM_INVALID 0x00000070
1121
+ #define CKR_MECHANISM_PARAM_INVALID 0x00000071
1122
+
1123
+ /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
1124
+ * were removed for v2.0 */
1125
+ #define CKR_OBJECT_HANDLE_INVALID 0x00000082
1126
+ #define CKR_OPERATION_ACTIVE 0x00000090
1127
+ #define CKR_OPERATION_NOT_INITIALIZED 0x00000091
1128
+ #define CKR_PIN_INCORRECT 0x000000A0
1129
+ #define CKR_PIN_INVALID 0x000000A1
1130
+ #define CKR_PIN_LEN_RANGE 0x000000A2
1131
+
1132
+ /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
1133
+ #define CKR_PIN_EXPIRED 0x000000A3
1134
+ #define CKR_PIN_LOCKED 0x000000A4
1135
+
1136
+ #define CKR_SESSION_CLOSED 0x000000B0
1137
+ #define CKR_SESSION_COUNT 0x000000B1
1138
+ #define CKR_SESSION_HANDLE_INVALID 0x000000B3
1139
+ #define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
1140
+ #define CKR_SESSION_READ_ONLY 0x000000B5
1141
+ #define CKR_SESSION_EXISTS 0x000000B6
1142
+
1143
+ /* CKR_SESSION_READ_ONLY_EXISTS and
1144
+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
1145
+ #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
1146
+ #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
1147
+
1148
+ #define CKR_SIGNATURE_INVALID 0x000000C0
1149
+ #define CKR_SIGNATURE_LEN_RANGE 0x000000C1
1150
+ #define CKR_TEMPLATE_INCOMPLETE 0x000000D0
1151
+ #define CKR_TEMPLATE_INCONSISTENT 0x000000D1
1152
+ #define CKR_TOKEN_NOT_PRESENT 0x000000E0
1153
+ #define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
1154
+ #define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
1155
+ #define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
1156
+ #define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
1157
+ #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
1158
+ #define CKR_USER_ALREADY_LOGGED_IN 0x00000100
1159
+ #define CKR_USER_NOT_LOGGED_IN 0x00000101
1160
+ #define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
1161
+ #define CKR_USER_TYPE_INVALID 0x00000103
1162
+
1163
+ /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
1164
+ * are new to v2.01 */
1165
+ #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
1166
+ #define CKR_USER_TOO_MANY_TYPES 0x00000105
1167
+
1168
+ #define CKR_WRAPPED_KEY_INVALID 0x00000110
1169
+ #define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
1170
+ #define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
1171
+ #define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
1172
+ #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
1173
+ #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
1174
+
1175
+ /* These are new to v2.0 */
1176
+ #define CKR_RANDOM_NO_RNG 0x00000121
1177
+
1178
+ /* These are new to v2.11 */
1179
+ #define CKR_DOMAIN_PARAMS_INVALID 0x00000130
1180
+
1181
+ /* These are new to v2.0 */
1182
+ #define CKR_BUFFER_TOO_SMALL 0x00000150
1183
+ #define CKR_SAVED_STATE_INVALID 0x00000160
1184
+ #define CKR_INFORMATION_SENSITIVE 0x00000170
1185
+ #define CKR_STATE_UNSAVEABLE 0x00000180
1186
+
1187
+ /* These are new to v2.01 */
1188
+ #define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
1189
+ #define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
1190
+ #define CKR_MUTEX_BAD 0x000001A0
1191
+ #define CKR_MUTEX_NOT_LOCKED 0x000001A1
1192
+
1193
+ /* The following return values are new for PKCS #11 v2.20 amendment 3 */
1194
+ #define CKR_NEW_PIN_MODE 0x000001B0
1195
+ #define CKR_NEXT_OTP 0x000001B1
1196
+
1197
+ /* This is new to v2.20 */
1198
+ #define CKR_FUNCTION_REJECTED 0x00000200
1199
+
1200
+ #define CKR_VENDOR_DEFINED 0x80000000
1201
+
1202
+
1203
+ /* CK_NOTIFY is an application callback that processes events */
1204
+ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
1205
+ CK_SESSION_HANDLE hSession, /* the session's handle */
1206
+ CK_NOTIFICATION event,
1207
+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
1208
+ );
1209
+
1210
+
1211
+ /* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
1212
+ * version and pointers of appropriate types to all the
1213
+ * Cryptoki functions */
1214
+ /* CK_FUNCTION_LIST is new for v2.0 */
1215
+ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
1216
+
1217
+ typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
1218
+
1219
+ typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
1220
+
1221
+
1222
+ /* CK_CREATEMUTEX is an application callback for creating a
1223
+ * mutex object */
1224
+ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
1225
+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
1226
+ );
1227
+
1228
+
1229
+ /* CK_DESTROYMUTEX is an application callback for destroying a
1230
+ * mutex object */
1231
+ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
1232
+ CK_VOID_PTR pMutex /* pointer to mutex */
1233
+ );
1234
+
1235
+
1236
+ /* CK_LOCKMUTEX is an application callback for locking a mutex */
1237
+ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
1238
+ CK_VOID_PTR pMutex /* pointer to mutex */
1239
+ );
1240
+
1241
+
1242
+ /* CK_UNLOCKMUTEX is an application callback for unlocking a
1243
+ * mutex */
1244
+ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
1245
+ CK_VOID_PTR pMutex /* pointer to mutex */
1246
+ );
1247
+
1248
+
1249
+ /* CK_C_INITIALIZE_ARGS provides the optional arguments to
1250
+ * C_Initialize */
1251
+ typedef struct CK_C_INITIALIZE_ARGS {
1252
+ CK_CREATEMUTEX CreateMutex;
1253
+ CK_DESTROYMUTEX DestroyMutex;
1254
+ CK_LOCKMUTEX LockMutex;
1255
+ CK_UNLOCKMUTEX UnlockMutex;
1256
+ CK_FLAGS flags;
1257
+ CK_VOID_PTR pReserved;
1258
+ } CK_C_INITIALIZE_ARGS;
1259
+
1260
+ /* flags: bit flags that provide capabilities of the slot
1261
+ * Bit Flag Mask Meaning
1262
+ */
1263
+ #define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
1264
+ #define CKF_OS_LOCKING_OK 0x00000002
1265
+
1266
+ typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
1267
+
1268
+
1269
+ /* additional flags for parameters to functions */
1270
+
1271
+ /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
1272
+ #define CKF_DONT_BLOCK 1
1273
+
1274
+ /* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
1275
+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
1276
+ * Generation Function (MGF) applied to a message block when
1277
+ * formatting a message block for the PKCS #1 OAEP encryption
1278
+ * scheme. */
1279
+ typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
1280
+
1281
+ typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
1282
+
1283
+ /* The following MGFs are defined */
1284
+ /* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
1285
+ * are new for v2.20 */
1286
+ #define CKG_MGF1_SHA1 0x00000001
1287
+ #define CKG_MGF1_SHA256 0x00000002
1288
+ #define CKG_MGF1_SHA384 0x00000003
1289
+ #define CKG_MGF1_SHA512 0x00000004
1290
+ /* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
1291
+ #define CKG_MGF1_SHA224 0x00000005
1292
+
1293
+ /* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
1294
+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
1295
+ * of the encoding parameter when formatting a message block
1296
+ * for the PKCS #1 OAEP encryption scheme. */
1297
+ typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
1298
+
1299
+ typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
1300
+
1301
+ /* The following encoding parameter sources are defined */
1302
+ #define CKZ_DATA_SPECIFIED 0x00000001
1303
+
1304
+ /* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
1305
+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
1306
+ * CKM_RSA_PKCS_OAEP mechanism. */
1307
+ typedef struct CK_RSA_PKCS_OAEP_PARAMS {
1308
+ CK_MECHANISM_TYPE hashAlg;
1309
+ CK_RSA_PKCS_MGF_TYPE mgf;
1310
+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
1311
+ CK_VOID_PTR pSourceData;
1312
+ CK_ULONG ulSourceDataLen;
1313
+ } CK_RSA_PKCS_OAEP_PARAMS;
1314
+
1315
+ typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
1316
+
1317
+ /* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
1318
+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
1319
+ * CKM_RSA_PKCS_PSS mechanism(s). */
1320
+ typedef struct CK_RSA_PKCS_PSS_PARAMS {
1321
+ CK_MECHANISM_TYPE hashAlg;
1322
+ CK_RSA_PKCS_MGF_TYPE mgf;
1323
+ CK_ULONG sLen;
1324
+ } CK_RSA_PKCS_PSS_PARAMS;
1325
+
1326
+ typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
1327
+
1328
+ /* CK_EC_KDF_TYPE is new for v2.11. */
1329
+ typedef CK_ULONG CK_EC_KDF_TYPE;
1330
+
1331
+ /* The following EC Key Derivation Functions are defined */
1332
+ #define CKD_NULL 0x00000001
1333
+ #define CKD_SHA1_KDF 0x00000002
1334
+
1335
+ /* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
1336
+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
1337
+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
1338
+ * where each party contributes one key pair.
1339
+ */
1340
+ typedef struct CK_ECDH1_DERIVE_PARAMS {
1341
+ CK_EC_KDF_TYPE kdf;
1342
+ CK_ULONG ulSharedDataLen;
1343
+ CK_BYTE_PTR pSharedData;
1344
+ CK_ULONG ulPublicDataLen;
1345
+ CK_BYTE_PTR pPublicData;
1346
+ } CK_ECDH1_DERIVE_PARAMS;
1347
+
1348
+ typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
1349
+
1350
+
1351
+ /* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
1352
+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
1353
+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
1354
+ typedef struct CK_ECDH2_DERIVE_PARAMS {
1355
+ CK_EC_KDF_TYPE kdf;
1356
+ CK_ULONG ulSharedDataLen;
1357
+ CK_BYTE_PTR pSharedData;
1358
+ CK_ULONG ulPublicDataLen;
1359
+ CK_BYTE_PTR pPublicData;
1360
+ CK_ULONG ulPrivateDataLen;
1361
+ CK_OBJECT_HANDLE hPrivateData;
1362
+ CK_ULONG ulPublicDataLen2;
1363
+ CK_BYTE_PTR pPublicData2;
1364
+ } CK_ECDH2_DERIVE_PARAMS;
1365
+
1366
+ typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
1367
+
1368
+ typedef struct CK_ECMQV_DERIVE_PARAMS {
1369
+ CK_EC_KDF_TYPE kdf;
1370
+ CK_ULONG ulSharedDataLen;
1371
+ CK_BYTE_PTR pSharedData;
1372
+ CK_ULONG ulPublicDataLen;
1373
+ CK_BYTE_PTR pPublicData;
1374
+ CK_ULONG ulPrivateDataLen;
1375
+ CK_OBJECT_HANDLE hPrivateData;
1376
+ CK_ULONG ulPublicDataLen2;
1377
+ CK_BYTE_PTR pPublicData2;
1378
+ CK_OBJECT_HANDLE publicKey;
1379
+ } CK_ECMQV_DERIVE_PARAMS;
1380
+
1381
+ typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
1382
+
1383
+ /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
1384
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
1385
+ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
1386
+ typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
1387
+
1388
+ /* The following X9.42 DH key derivation functions are defined
1389
+ (besides CKD_NULL already defined : */
1390
+ #define CKD_SHA1_KDF_ASN1 0x00000003
1391
+ #define CKD_SHA1_KDF_CONCATENATE 0x00000004
1392
+
1393
+ /* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
1394
+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
1395
+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
1396
+ * contributes one key pair */
1397
+ typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
1398
+ CK_X9_42_DH_KDF_TYPE kdf;
1399
+ CK_ULONG ulOtherInfoLen;
1400
+ CK_BYTE_PTR pOtherInfo;
1401
+ CK_ULONG ulPublicDataLen;
1402
+ CK_BYTE_PTR pPublicData;
1403
+ } CK_X9_42_DH1_DERIVE_PARAMS;
1404
+
1405
+ typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
1406
+
1407
+ /* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
1408
+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
1409
+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
1410
+ * mechanisms, where each party contributes two key pairs */
1411
+ typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
1412
+ CK_X9_42_DH_KDF_TYPE kdf;
1413
+ CK_ULONG ulOtherInfoLen;
1414
+ CK_BYTE_PTR pOtherInfo;
1415
+ CK_ULONG ulPublicDataLen;
1416
+ CK_BYTE_PTR pPublicData;
1417
+ CK_ULONG ulPrivateDataLen;
1418
+ CK_OBJECT_HANDLE hPrivateData;
1419
+ CK_ULONG ulPublicDataLen2;
1420
+ CK_BYTE_PTR pPublicData2;
1421
+ } CK_X9_42_DH2_DERIVE_PARAMS;
1422
+
1423
+ typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
1424
+
1425
+ typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
1426
+ CK_X9_42_DH_KDF_TYPE kdf;
1427
+ CK_ULONG ulOtherInfoLen;
1428
+ CK_BYTE_PTR pOtherInfo;
1429
+ CK_ULONG ulPublicDataLen;
1430
+ CK_BYTE_PTR pPublicData;
1431
+ CK_ULONG ulPrivateDataLen;
1432
+ CK_OBJECT_HANDLE hPrivateData;
1433
+ CK_ULONG ulPublicDataLen2;
1434
+ CK_BYTE_PTR pPublicData2;
1435
+ CK_OBJECT_HANDLE publicKey;
1436
+ } CK_X9_42_MQV_DERIVE_PARAMS;
1437
+
1438
+ typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
1439
+
1440
+ /* CK_KEA_DERIVE_PARAMS provides the parameters to the
1441
+ * CKM_KEA_DERIVE mechanism */
1442
+ /* CK_KEA_DERIVE_PARAMS is new for v2.0 */
1443
+ typedef struct CK_KEA_DERIVE_PARAMS {
1444
+ CK_BBOOL isSender;
1445
+ CK_ULONG ulRandomLen;
1446
+ CK_BYTE_PTR pRandomA;
1447
+ CK_BYTE_PTR pRandomB;
1448
+ CK_ULONG ulPublicDataLen;
1449
+ CK_BYTE_PTR pPublicData;
1450
+ } CK_KEA_DERIVE_PARAMS;
1451
+
1452
+ typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
1453
+
1454
+
1455
+ /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
1456
+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
1457
+ * holds the effective keysize */
1458
+ typedef CK_ULONG CK_RC2_PARAMS;
1459
+
1460
+ typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
1461
+
1462
+
1463
+ /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
1464
+ * mechanism */
1465
+ typedef struct CK_RC2_CBC_PARAMS {
1466
+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
1467
+ * v2.0 */
1468
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1469
+
1470
+ CK_BYTE iv[8]; /* IV for CBC mode */
1471
+ } CK_RC2_CBC_PARAMS;
1472
+
1473
+ typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
1474
+
1475
+
1476
+ /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
1477
+ * CKM_RC2_MAC_GENERAL mechanism */
1478
+ /* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
1479
+ typedef struct CK_RC2_MAC_GENERAL_PARAMS {
1480
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1481
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
1482
+ } CK_RC2_MAC_GENERAL_PARAMS;
1483
+
1484
+ typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
1485
+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
1486
+
1487
+
1488
+ /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
1489
+ * CKM_RC5_MAC mechanisms */
1490
+ /* CK_RC5_PARAMS is new for v2.0 */
1491
+ typedef struct CK_RC5_PARAMS {
1492
+ CK_ULONG ulWordsize; /* wordsize in bits */
1493
+ CK_ULONG ulRounds; /* number of rounds */
1494
+ } CK_RC5_PARAMS;
1495
+
1496
+ typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
1497
+
1498
+
1499
+ /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
1500
+ * mechanism */
1501
+ /* CK_RC5_CBC_PARAMS is new for v2.0 */
1502
+ typedef struct CK_RC5_CBC_PARAMS {
1503
+ CK_ULONG ulWordsize; /* wordsize in bits */
1504
+ CK_ULONG ulRounds; /* number of rounds */
1505
+ CK_BYTE_PTR pIv; /* pointer to IV */
1506
+ CK_ULONG ulIvLen; /* length of IV in bytes */
1507
+ } CK_RC5_CBC_PARAMS;
1508
+
1509
+ typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
1510
+
1511
+
1512
+ /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
1513
+ * CKM_RC5_MAC_GENERAL mechanism */
1514
+ /* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
1515
+ typedef struct CK_RC5_MAC_GENERAL_PARAMS {
1516
+ CK_ULONG ulWordsize; /* wordsize in bits */
1517
+ CK_ULONG ulRounds; /* number of rounds */
1518
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
1519
+ } CK_RC5_MAC_GENERAL_PARAMS;
1520
+
1521
+ typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
1522
+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
1523
+
1524
+
1525
+ /* CK_MAC_GENERAL_PARAMS provides the parameters to most block
1526
+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
1527
+ * the MAC */
1528
+ /* CK_MAC_GENERAL_PARAMS is new for v2.0 */
1529
+ typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
1530
+
1531
+ typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
1532
+
1533
+ /* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
1534
+ typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
1535
+ CK_BYTE iv[8];
1536
+ CK_BYTE_PTR pData;
1537
+ CK_ULONG length;
1538
+ } CK_DES_CBC_ENCRYPT_DATA_PARAMS;
1539
+
1540
+ typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1541
+
1542
+ typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
1543
+ CK_BYTE iv[16];
1544
+ CK_BYTE_PTR pData;
1545
+ CK_ULONG length;
1546
+ } CK_AES_CBC_ENCRYPT_DATA_PARAMS;
1547
+
1548
+ typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1549
+
1550
+ /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
1551
+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
1552
+ /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
1553
+ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
1554
+ CK_ULONG ulPasswordLen;
1555
+ CK_BYTE_PTR pPassword;
1556
+ CK_ULONG ulPublicDataLen;
1557
+ CK_BYTE_PTR pPublicData;
1558
+ CK_ULONG ulPAndGLen;
1559
+ CK_ULONG ulQLen;
1560
+ CK_ULONG ulRandomLen;
1561
+ CK_BYTE_PTR pRandomA;
1562
+ CK_BYTE_PTR pPrimeP;
1563
+ CK_BYTE_PTR pBaseG;
1564
+ CK_BYTE_PTR pSubprimeQ;
1565
+ } CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
1566
+
1567
+ typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
1568
+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
1569
+
1570
+
1571
+ /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
1572
+ * CKM_SKIPJACK_RELAYX mechanism */
1573
+ /* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
1574
+ typedef struct CK_SKIPJACK_RELAYX_PARAMS {
1575
+ CK_ULONG ulOldWrappedXLen;
1576
+ CK_BYTE_PTR pOldWrappedX;
1577
+ CK_ULONG ulOldPasswordLen;
1578
+ CK_BYTE_PTR pOldPassword;
1579
+ CK_ULONG ulOldPublicDataLen;
1580
+ CK_BYTE_PTR pOldPublicData;
1581
+ CK_ULONG ulOldRandomLen;
1582
+ CK_BYTE_PTR pOldRandomA;
1583
+ CK_ULONG ulNewPasswordLen;
1584
+ CK_BYTE_PTR pNewPassword;
1585
+ CK_ULONG ulNewPublicDataLen;
1586
+ CK_BYTE_PTR pNewPublicData;
1587
+ CK_ULONG ulNewRandomLen;
1588
+ CK_BYTE_PTR pNewRandomA;
1589
+ } CK_SKIPJACK_RELAYX_PARAMS;
1590
+
1591
+ typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
1592
+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
1593
+
1594
+
1595
+ typedef struct CK_PBE_PARAMS {
1596
+ CK_BYTE_PTR pInitVector;
1597
+ CK_UTF8CHAR_PTR pPassword;
1598
+ CK_ULONG ulPasswordLen;
1599
+ CK_BYTE_PTR pSalt;
1600
+ CK_ULONG ulSaltLen;
1601
+ CK_ULONG ulIteration;
1602
+ } CK_PBE_PARAMS;
1603
+
1604
+ typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
1605
+
1606
+
1607
+ /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
1608
+ * CKM_KEY_WRAP_SET_OAEP mechanism */
1609
+ /* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
1610
+ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
1611
+ CK_BYTE bBC; /* block contents byte */
1612
+ CK_BYTE_PTR pX; /* extra data */
1613
+ CK_ULONG ulXLen; /* length of extra data in bytes */
1614
+ } CK_KEY_WRAP_SET_OAEP_PARAMS;
1615
+
1616
+ typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
1617
+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
1618
+
1619
+
1620
+ typedef struct CK_SSL3_RANDOM_DATA {
1621
+ CK_BYTE_PTR pClientRandom;
1622
+ CK_ULONG ulClientRandomLen;
1623
+ CK_BYTE_PTR pServerRandom;
1624
+ CK_ULONG ulServerRandomLen;
1625
+ } CK_SSL3_RANDOM_DATA;
1626
+
1627
+
1628
+ typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
1629
+ CK_SSL3_RANDOM_DATA RandomInfo;
1630
+ CK_VERSION_PTR pVersion;
1631
+ } CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
1632
+
1633
+ typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
1634
+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
1635
+
1636
+
1637
+ typedef struct CK_SSL3_KEY_MAT_OUT {
1638
+ CK_OBJECT_HANDLE hClientMacSecret;
1639
+ CK_OBJECT_HANDLE hServerMacSecret;
1640
+ CK_OBJECT_HANDLE hClientKey;
1641
+ CK_OBJECT_HANDLE hServerKey;
1642
+ CK_BYTE_PTR pIVClient;
1643
+ CK_BYTE_PTR pIVServer;
1644
+ } CK_SSL3_KEY_MAT_OUT;
1645
+
1646
+ typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
1647
+
1648
+
1649
+ typedef struct CK_SSL3_KEY_MAT_PARAMS {
1650
+ CK_ULONG ulMacSizeInBits;
1651
+ CK_ULONG ulKeySizeInBits;
1652
+ CK_ULONG ulIVSizeInBits;
1653
+ CK_BBOOL bIsExport;
1654
+ CK_SSL3_RANDOM_DATA RandomInfo;
1655
+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
1656
+ } CK_SSL3_KEY_MAT_PARAMS;
1657
+
1658
+ typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
1659
+
1660
+ /* CK_TLS_PRF_PARAMS is new for version 2.20 */
1661
+ typedef struct CK_TLS_PRF_PARAMS {
1662
+ CK_BYTE_PTR pSeed;
1663
+ CK_ULONG ulSeedLen;
1664
+ CK_BYTE_PTR pLabel;
1665
+ CK_ULONG ulLabelLen;
1666
+ CK_BYTE_PTR pOutput;
1667
+ CK_ULONG_PTR pulOutputLen;
1668
+ } CK_TLS_PRF_PARAMS;
1669
+
1670
+ typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
1671
+
1672
+ /* WTLS is new for version 2.20 */
1673
+ typedef struct CK_WTLS_RANDOM_DATA {
1674
+ CK_BYTE_PTR pClientRandom;
1675
+ CK_ULONG ulClientRandomLen;
1676
+ CK_BYTE_PTR pServerRandom;
1677
+ CK_ULONG ulServerRandomLen;
1678
+ } CK_WTLS_RANDOM_DATA;
1679
+
1680
+ typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
1681
+
1682
+ typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
1683
+ CK_MECHANISM_TYPE DigestMechanism;
1684
+ CK_WTLS_RANDOM_DATA RandomInfo;
1685
+ CK_BYTE_PTR pVersion;
1686
+ } CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
1687
+
1688
+ typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
1689
+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
1690
+
1691
+ typedef struct CK_WTLS_PRF_PARAMS {
1692
+ CK_MECHANISM_TYPE DigestMechanism;
1693
+ CK_BYTE_PTR pSeed;
1694
+ CK_ULONG ulSeedLen;
1695
+ CK_BYTE_PTR pLabel;
1696
+ CK_ULONG ulLabelLen;
1697
+ CK_BYTE_PTR pOutput;
1698
+ CK_ULONG_PTR pulOutputLen;
1699
+ } CK_WTLS_PRF_PARAMS;
1700
+
1701
+ typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
1702
+
1703
+ typedef struct CK_WTLS_KEY_MAT_OUT {
1704
+ CK_OBJECT_HANDLE hMacSecret;
1705
+ CK_OBJECT_HANDLE hKey;
1706
+ CK_BYTE_PTR pIV;
1707
+ } CK_WTLS_KEY_MAT_OUT;
1708
+
1709
+ typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
1710
+
1711
+ typedef struct CK_WTLS_KEY_MAT_PARAMS {
1712
+ CK_MECHANISM_TYPE DigestMechanism;
1713
+ CK_ULONG ulMacSizeInBits;
1714
+ CK_ULONG ulKeySizeInBits;
1715
+ CK_ULONG ulIVSizeInBits;
1716
+ CK_ULONG ulSequenceNumber;
1717
+ CK_BBOOL bIsExport;
1718
+ CK_WTLS_RANDOM_DATA RandomInfo;
1719
+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
1720
+ } CK_WTLS_KEY_MAT_PARAMS;
1721
+
1722
+ typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
1723
+
1724
+ /* CMS is new for version 2.20 */
1725
+ typedef struct CK_CMS_SIG_PARAMS {
1726
+ CK_OBJECT_HANDLE certificateHandle;
1727
+ CK_MECHANISM_PTR pSigningMechanism;
1728
+ CK_MECHANISM_PTR pDigestMechanism;
1729
+ CK_UTF8CHAR_PTR pContentType;
1730
+ CK_BYTE_PTR pRequestedAttributes;
1731
+ CK_ULONG ulRequestedAttributesLen;
1732
+ CK_BYTE_PTR pRequiredAttributes;
1733
+ CK_ULONG ulRequiredAttributesLen;
1734
+ } CK_CMS_SIG_PARAMS;
1735
+
1736
+ typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
1737
+
1738
+ typedef struct CK_KEY_DERIVATION_STRING_DATA {
1739
+ CK_BYTE_PTR pData;
1740
+ CK_ULONG ulLen;
1741
+ } CK_KEY_DERIVATION_STRING_DATA;
1742
+
1743
+ typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
1744
+ CK_KEY_DERIVATION_STRING_DATA_PTR;
1745
+
1746
+
1747
+ /* The CK_EXTRACT_PARAMS is used for the
1748
+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
1749
+ * of the base key should be used as the first bit of the
1750
+ * derived key */
1751
+ /* CK_EXTRACT_PARAMS is new for v2.0 */
1752
+ typedef CK_ULONG CK_EXTRACT_PARAMS;
1753
+
1754
+ typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
1755
+
1756
+ /* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
1757
+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
1758
+ * indicate the Pseudo-Random Function (PRF) used to generate
1759
+ * key bits using PKCS #5 PBKDF2. */
1760
+ typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
1761
+
1762
+ typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
1763
+
1764
+ /* The following PRFs are defined in PKCS #5 v2.0. */
1765
+ #define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
1766
+
1767
+
1768
+ /* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
1769
+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
1770
+ * source of the salt value when deriving a key using PKCS #5
1771
+ * PBKDF2. */
1772
+ typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
1773
+
1774
+ typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
1775
+
1776
+ /* The following salt value sources are defined in PKCS #5 v2.0. */
1777
+ #define CKZ_SALT_SPECIFIED 0x00000001
1778
+
1779
+ /* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
1780
+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
1781
+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
1782
+ typedef struct CK_PKCS5_PBKD2_PARAMS {
1783
+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
1784
+ CK_VOID_PTR pSaltSourceData;
1785
+ CK_ULONG ulSaltSourceDataLen;
1786
+ CK_ULONG iterations;
1787
+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
1788
+ CK_VOID_PTR pPrfData;
1789
+ CK_ULONG ulPrfDataLen;
1790
+ CK_UTF8CHAR_PTR pPassword;
1791
+ CK_ULONG_PTR ulPasswordLen;
1792
+ } CK_PKCS5_PBKD2_PARAMS;
1793
+
1794
+ typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
1795
+
1796
+ /* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
1797
+
1798
+ typedef CK_ULONG CK_OTP_PARAM_TYPE;
1799
+ typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
1800
+
1801
+ typedef struct CK_OTP_PARAM {
1802
+ CK_OTP_PARAM_TYPE type;
1803
+ CK_VOID_PTR pValue;
1804
+ CK_ULONG ulValueLen;
1805
+ } CK_OTP_PARAM;
1806
+
1807
+ typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
1808
+
1809
+ typedef struct CK_OTP_PARAMS {
1810
+ CK_OTP_PARAM_PTR pParams;
1811
+ CK_ULONG ulCount;
1812
+ } CK_OTP_PARAMS;
1813
+
1814
+ typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
1815
+
1816
+ typedef struct CK_OTP_SIGNATURE_INFO {
1817
+ CK_OTP_PARAM_PTR pParams;
1818
+ CK_ULONG ulCount;
1819
+ } CK_OTP_SIGNATURE_INFO;
1820
+
1821
+ typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
1822
+
1823
+ /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
1824
+ #define CK_OTP_VALUE 0
1825
+ #define CK_OTP_PIN 1
1826
+ #define CK_OTP_CHALLENGE 2
1827
+ #define CK_OTP_TIME 3
1828
+ #define CK_OTP_COUNTER 4
1829
+ #define CK_OTP_FLAGS 5
1830
+ #define CK_OTP_OUTPUT_LENGTH 6
1831
+ #define CK_OTP_OUTPUT_FORMAT 7
1832
+
1833
+ /* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
1834
+ #define CKF_NEXT_OTP 0x00000001
1835
+ #define CKF_EXCLUDE_TIME 0x00000002
1836
+ #define CKF_EXCLUDE_COUNTER 0x00000004
1837
+ #define CKF_EXCLUDE_CHALLENGE 0x00000008
1838
+ #define CKF_EXCLUDE_PIN 0x00000010
1839
+ #define CKF_USER_FRIENDLY_OTP 0x00000020
1840
+
1841
+ /* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
1842
+ typedef struct CK_KIP_PARAMS {
1843
+ CK_MECHANISM_PTR pMechanism;
1844
+ CK_OBJECT_HANDLE hKey;
1845
+ CK_BYTE_PTR pSeed;
1846
+ CK_ULONG ulSeedLen;
1847
+ } CK_KIP_PARAMS;
1848
+
1849
+ typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
1850
+
1851
+ /* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1852
+ typedef struct CK_AES_CTR_PARAMS {
1853
+ CK_ULONG ulCounterBits;
1854
+ CK_BYTE cb[16];
1855
+ } CK_AES_CTR_PARAMS;
1856
+
1857
+ typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
1858
+
1859
+ /* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1860
+ typedef struct CK_CAMELLIA_CTR_PARAMS {
1861
+ CK_ULONG ulCounterBits;
1862
+ CK_BYTE cb[16];
1863
+ } CK_CAMELLIA_CTR_PARAMS;
1864
+
1865
+ typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
1866
+
1867
+ /* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1868
+ typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
1869
+ CK_BYTE iv[16];
1870
+ CK_BYTE_PTR pData;
1871
+ CK_ULONG length;
1872
+ } CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
1873
+
1874
+ typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
1875
+
1876
+ /* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1877
+ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
1878
+ CK_BYTE iv[16];
1879
+ CK_BYTE_PTR pData;
1880
+ CK_ULONG length;
1881
+ } CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
1882
+
1883
+ typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
1884
+
1885
+ #endif