0
|
1 |
diff -ruN openssl-0.9.8k/Configure openssl-0.9.8k/Configure
|
|
2 |
--- openssl-0.9.8k/Configure 2009-02-16 09:44:22.000000000 +0100
|
|
3 |
+++ openssl-0.9.8k/Configure 2009-05-15 11:01:47.963748957 +0200
|
|
4 |
@@ -12,7 +12,7 @@
|
|
5 |
|
|
6 |
# see INSTALL for instructions.
|
|
7 |
|
|
8 |
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
|
|
9 |
+my $usage="Usage: Configure --pk11-libname=PK11_LIB_LOCATION [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
|
|
10 |
|
|
11 |
# Options:
|
|
12 |
#
|
|
13 |
@@ -21,6 +21,9 @@
|
|
14 |
# --prefix prefix for the OpenSSL include, lib and bin directories
|
|
15 |
# (Default: the OPENSSLDIR directory)
|
|
16 |
#
|
|
17 |
+# --pk11-libname PKCS#11 library name.
|
|
18 |
+# (Default: none)
|
|
19 |
+#
|
|
20 |
# --install_prefix Additional prefix for package builders (empty by
|
|
21 |
# default). This needn't be set in advance, you can
|
|
22 |
# just as well use "make INSTALL_PREFIX=/whatever install".
|
|
23 |
@@ -580,6 +583,9 @@
|
|
24 |
my $idx_ranlib = $idx++;
|
|
25 |
my $idx_arflags = $idx++;
|
|
26 |
|
|
27 |
+# PKCS#11 engine patch
|
|
28 |
+my $pk11_libname="";
|
|
29 |
+
|
|
30 |
my $prefix="";
|
|
31 |
my $openssldir="";
|
|
32 |
my $exe_ext="";
|
|
33 |
@@ -812,6 +818,10 @@
|
|
34 |
{
|
|
35 |
$flags.=$_." ";
|
|
36 |
}
|
|
37 |
+ elsif (/^--pk11-libname=(.*)$/)
|
|
38 |
+ {
|
|
39 |
+ $pk11_libname=$1;
|
|
40 |
+ }
|
|
41 |
elsif (/^--prefix=(.*)$/)
|
|
42 |
{
|
|
43 |
$prefix=$1;
|
|
44 |
@@ -943,6 +953,13 @@
|
|
45 |
exit 0;
|
|
46 |
}
|
|
47 |
|
|
48 |
+if (! $pk11_libname)
|
|
49 |
+ {
|
|
50 |
+ print STDERR "You must set --pk11-libname for PKCS#11 library.\n";
|
|
51 |
+ print STDERR "See README.pkcs11 for more information.\n";
|
|
52 |
+ exit 1;
|
|
53 |
+ }
|
|
54 |
+
|
|
55 |
if ($target =~ m/^CygWin32(-.*)$/) {
|
|
56 |
$target = "Cygwin".$1;
|
|
57 |
}
|
|
58 |
@@ -1103,6 +1120,8 @@
|
|
59 |
if ($flags ne "") { $cflags="$flags$cflags"; }
|
|
60 |
else { $no_user_cflags=1; }
|
|
61 |
|
|
62 |
+$cflags="-DPK11_LIB_LOCATION=\"$pk11_libname\" $cflags";
|
|
63 |
+
|
|
64 |
# Kerberos settings. The flavor must be provided from outside, either through
|
|
65 |
# the script "config" or manually.
|
|
66 |
if (!$no_krb5)
|
|
67 |
@@ -1456,6 +1475,7 @@
|
|
68 |
s/^VERSION=.*/VERSION=$version/;
|
|
69 |
s/^MAJOR=.*/MAJOR=$major/;
|
|
70 |
s/^MINOR=.*/MINOR=$minor/;
|
|
71 |
+ s/^PK11_LIB_LOCATION=.*/PK11_LIB_LOCATION=$pk11_libname/;
|
|
72 |
s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
|
|
73 |
s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
|
|
74 |
s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
|
|
75 |
diff -ruN openssl-0.9.8k/Makefile.org openssl-0.9.8k/Makefile.org
|
|
76 |
--- openssl-0.9.8k/Makefile.org 2009-03-03 23:40:29.000000000 +0100
|
|
77 |
+++ openssl-0.9.8k/Makefile.org 2009-05-15 10:59:32.374211464 +0200
|
|
78 |
@@ -26,6 +26,9 @@
|
|
79 |
INSTALL_PREFIX=
|
|
80 |
INSTALLTOP=/usr/local/ssl
|
|
81 |
|
|
82 |
+# You must set this through --pk11-libname configure option.
|
|
83 |
+PK11_LIB_LOCATION=
|
|
84 |
+
|
|
85 |
# Do not edit this manually. Use Configure --openssldir=DIR do change this!
|
|
86 |
OPENSSLDIR=/usr/local/ssl
|
|
87 |
|
|
88 |
diff -ruN openssl-0.9.8k/crypto/engine/Makefile openssl-0.9.8k/crypto/engine/Makefile
|
|
89 |
--- openssl-0.9.8k/crypto/engine/Makefile 2008-09-17 19:10:59.000000000 +0200
|
|
90 |
+++ openssl-0.9.8k/crypto/engine/Makefile 2009-05-15 11:03:29.130900045 +0200
|
|
91 |
@@ -21,12 +21,14 @@
|
|
92 |
eng_table.c eng_pkey.c eng_fat.c eng_all.c \
|
|
93 |
tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c \
|
|
94 |
tb_cipher.c tb_digest.c \
|
|
95 |
- eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c
|
|
96 |
+ eng_openssl.c eng_cnf.c eng_dyn.c eng_cryptodev.c eng_padlock.c \
|
3
|
97 |
+ hw_pk11.c hw_pk11_pub.c hw_pk11_uri.c
|
0
|
98 |
LIBOBJ= eng_err.o eng_lib.o eng_list.o eng_init.o eng_ctrl.o \
|
|
99 |
eng_table.o eng_pkey.o eng_fat.o eng_all.o \
|
|
100 |
tb_rsa.o tb_dsa.o tb_ecdsa.o tb_dh.o tb_ecdh.o tb_rand.o tb_store.o \
|
|
101 |
tb_cipher.o tb_digest.o \
|
|
102 |
- eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o
|
|
103 |
+ eng_openssl.o eng_cnf.o eng_dyn.o eng_cryptodev.o eng_padlock.o \
|
3
|
104 |
+ hw_pk11.o hw_pk11_pub.o hw_pk11_uri.o
|
0
|
105 |
|
|
106 |
SRC= $(LIBSRC)
|
|
107 |
|
3
|
108 |
@@ -286,6 +288,62 @@
|
0
|
109 |
eng_table.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
|
|
110 |
eng_table.o: ../../include/openssl/x509_vfy.h ../cryptlib.h eng_int.h
|
|
111 |
eng_table.o: eng_table.c
|
|
112 |
+hw_pk11.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
|
113 |
+hw_pk11.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
|
|
114 |
+hw_pk11.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
|
|
115 |
+hw_pk11.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
|
116 |
+hw_pk11.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
|
|
117 |
+hw_pk11.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
|
|
118 |
+hw_pk11.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
|
|
119 |
+hw_pk11.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
|
|
120 |
+hw_pk11.o: ../../include/openssl/ui.h ../../include/openssl/err.h
|
|
121 |
+hw_pk11.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
|
|
122 |
+hw_pk11.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
|
|
123 |
+hw_pk11.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
|
|
124 |
+hw_pk11.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
|
|
125 |
+hw_pk11.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
|
|
126 |
+hw_pk11.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
|
|
127 |
+hw_pk11.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
|
|
128 |
+hw_pk11.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
|
|
129 |
+hw_pk11.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
|
|
130 |
+hw_pk11.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
|
|
131 |
+hw_pk11.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
|
|
132 |
+hw_pk11.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
|
|
133 |
+hw_pk11.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
|
3
|
134 |
+hw_pk11.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11_uri.h
|
|
135 |
+hw_pk11.o: ../../e_os.h hw_pk11_err.c hw_pk11_err.h hw_pk11.c hw_pk11.h
|
0
|
136 |
+hw_pk11_pub.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
|
|
137 |
+hw_pk11_pub.o: ../../include/openssl/engine.h ../../include/openssl/ossl_typ.h
|
|
138 |
+hw_pk11_pub.o: ../../include/openssl/bn.h ../../include/openssl/rsa.h
|
|
139 |
+hw_pk11_pub.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
|
|
140 |
+hw_pk11_pub.o: ../../include/openssl/crypto.h ../../include/openssl/stack.h
|
|
141 |
+hw_pk11_pub.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
|
|
142 |
+hw_pk11_pub.o: ../../include/openssl/symhacks.h ../../include/openssl/dsa.h
|
|
143 |
+hw_pk11_pub.o: ../../include/openssl/dh.h ../../include/openssl/rand.h
|
|
144 |
+hw_pk11_pub.o: ../../include/openssl/ui.h ../../include/openssl/err.h
|
|
145 |
+hw_pk11_pub.o: ../../include/openssl/lhash.h ../../include/openssl/dso.h
|
|
146 |
+hw_pk11_pub.o: ../../include/openssl/pem.h ../../include/openssl/evp.h
|
|
147 |
+hw_pk11_pub.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
|
|
148 |
+hw_pk11_pub.o: ../../include/openssl/md5.h ../../include/openssl/sha.h
|
|
149 |
+hw_pk11_pub.o: ../../include/openssl/ripemd.h ../../include/openssl/des.h
|
|
150 |
+hw_pk11_pub.o: ../../include/openssl/des_old.h ../../include/openssl/ui_compat.h
|
|
151 |
+hw_pk11_pub.o: ../../include/openssl/rc4.h ../../include/openssl/rc2.h
|
|
152 |
+hw_pk11_pub.o: ../../crypto/rc5/rc5.h ../../include/openssl/blowfish.h
|
|
153 |
+hw_pk11_pub.o: ../../include/openssl/cast.h ../../include/openssl/idea.h
|
|
154 |
+hw_pk11_pub.o: ../../crypto/mdc2/mdc2.h ../../include/openssl/aes.h
|
|
155 |
+hw_pk11_pub.o: ../../include/openssl/objects.h ../../include/openssl/obj_mac.h
|
|
156 |
+hw_pk11_pub.o: ../../include/openssl/x509.h ../../include/openssl/buffer.h
|
|
157 |
+hw_pk11_pub.o: ../../include/openssl/x509_vfy.h ../../include/openssl/pkcs7.h
|
3
|
158 |
+hw_pk11_pub.o: ../../include/openssl/pem2.h ../cryptlib.h hw_pk11.h hw_pk11_uri.h
|
|
159 |
+hw_pk11_pub.o: ../../e_os.h hw_pk11_pub.c hw_pk11.h hw_pk11_err.h
|
|
160 |
+hw_pk11_pub.o: hw_pk11_uri.h
|
|
161 |
+hw_pk11_uri.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
|
162 |
+hw_pk11_uri.o: ../../include/openssl/opensslconf.h ../../include/openssl/stack.h
|
|
163 |
+hw_pk11_uri.o: ../../include/openssl/safestack.h ../../include/openssl/opensslv.h
|
|
164 |
+hw_pk11_uri.o: ../../include/openssl/ossl_typ.h ../../include/openssl/symhacks.h
|
|
165 |
+hw_pk11_uri.o: ../../include/security/cryptoki.h ../../include/security/pkcs11.h
|
|
166 |
+hw_pk11_uri.o: ../../include/security/pkcs11t.h ../../include/security/pkcs11f.h
|
|
167 |
+hw_pk11_uri.o: hw_pk11.h hw_pk11_err.h hw_pk11_uri.h hw_pk11_uri.c
|
0
|
168 |
tb_cipher.o: ../../e_os.h ../../include/openssl/asn1.h
|
|
169 |
tb_cipher.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
|
|
170 |
tb_cipher.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
|
|
171 |
diff -ruN openssl-0.9.8k/crypto/engine/cryptoki.h openssl-0.9.8k/crypto/engine/cryptoki.h
|
|
172 |
--- openssl-0.9.8k/crypto/engine/cryptoki.h 1970-01-01 01:00:00.000000000 +0100
|
|
173 |
+++ openssl-0.9.8k/crypto/engine/cryptoki.h 2009-05-15 10:59:32.375765469 +0200
|
|
174 |
@@ -0,0 +1,103 @@
|
|
175 |
+/*
|
|
176 |
+ * CDDL HEADER START
|
|
177 |
+ *
|
|
178 |
+ * The contents of this file are subject to the terms of the
|
|
179 |
+ * Common Development and Distribution License, Version 1.0 only
|
|
180 |
+ * (the "License"). You may not use this file except in compliance
|
|
181 |
+ * with the License.
|
|
182 |
+ *
|
|
183 |
+ * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
|
|
184 |
+ * or http://www.opensolaris.org/os/licensing.
|
|
185 |
+ * See the License for the specific language governing permissions
|
|
186 |
+ * and limitations under the License.
|
|
187 |
+ *
|
|
188 |
+ * When distributing Covered Code, include this CDDL HEADER in each
|
|
189 |
+ * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
|
|
190 |
+ * If applicable, add the following below this CDDL HEADER, with the
|
|
191 |
+ * fields enclosed by brackets "[]" replaced with your own identifying
|
|
192 |
+ * information: Portions Copyright [yyyy] [name of copyright owner]
|
|
193 |
+ *
|
|
194 |
+ * CDDL HEADER END
|
|
195 |
+ */
|
|
196 |
+/*
|
|
197 |
+ * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
|
|
198 |
+ * Use is subject to license terms.
|
|
199 |
+ */
|
|
200 |
+
|
|
201 |
+#ifndef _CRYPTOKI_H
|
|
202 |
+#define _CRYPTOKI_H
|
|
203 |
+
|
|
204 |
+#pragma ident "@(#)cryptoki.h 1.2 05/06/08 SMI"
|
|
205 |
+
|
|
206 |
+#ifdef __cplusplus
|
|
207 |
+extern "C" {
|
|
208 |
+#endif
|
|
209 |
+
|
|
210 |
+#ifndef CK_PTR
|
|
211 |
+#define CK_PTR *
|
|
212 |
+#endif
|
|
213 |
+
|
|
214 |
+#ifndef CK_DEFINE_FUNCTION
|
|
215 |
+#define CK_DEFINE_FUNCTION(returnType, name) returnType name
|
|
216 |
+#endif
|
|
217 |
+
|
|
218 |
+#ifndef CK_DECLARE_FUNCTION
|
|
219 |
+#define CK_DECLARE_FUNCTION(returnType, name) returnType name
|
|
220 |
+#endif
|
|
221 |
+
|
|
222 |
+#ifndef CK_DECLARE_FUNCTION_POINTER
|
|
223 |
+#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType (* name)
|
|
224 |
+#endif
|
|
225 |
+
|
|
226 |
+#ifndef CK_CALLBACK_FUNCTION
|
|
227 |
+#define CK_CALLBACK_FUNCTION(returnType, name) returnType (* name)
|
|
228 |
+#endif
|
|
229 |
+
|
|
230 |
+#ifndef NULL_PTR
|
|
231 |
+#include <unistd.h> /* For NULL */
|
|
232 |
+#define NULL_PTR NULL
|
|
233 |
+#endif
|
|
234 |
+
|
|
235 |
+/*
|
|
236 |
+ * pkcs11t.h defines TRUE and FALSE in a way that upsets lint
|
|
237 |
+ */
|
|
238 |
+#ifndef CK_DISABLE_TRUE_FALSE
|
|
239 |
+#define CK_DISABLE_TRUE_FALSE
|
|
240 |
+#ifndef TRUE
|
|
241 |
+#define TRUE 1
|
|
242 |
+#endif /* TRUE */
|
|
243 |
+#ifndef FALSE
|
|
244 |
+#define FALSE 0
|
|
245 |
+#endif /* FALSE */
|
|
246 |
+#endif /* CK_DISABLE_TRUE_FALSE */
|
|
247 |
+
|
|
248 |
+#undef CK_PKCS11_FUNCTION_INFO
|
|
249 |
+
|
|
250 |
+#include "pkcs11.h"
|
|
251 |
+
|
|
252 |
+/* Solaris specific functions */
|
|
253 |
+
|
|
254 |
+#include <stdlib.h>
|
|
255 |
+
|
|
256 |
+/*
|
|
257 |
+ * SUNW_C_GetMechSession will initialize the framework and do all
|
|
258 |
+ * the necessary PKCS#11 calls to create a session capable of
|
|
259 |
+ * providing operations on the requested mechanism
|
|
260 |
+ */
|
|
261 |
+CK_RV SUNW_C_GetMechSession(CK_MECHANISM_TYPE mech,
|
|
262 |
+ CK_SESSION_HANDLE_PTR hSession);
|
|
263 |
+
|
|
264 |
+/*
|
|
265 |
+ * SUNW_C_KeyToObject will create a secret key object for the given
|
|
266 |
+ * mechanism from the rawkey data.
|
|
267 |
+ */
|
|
268 |
+CK_RV SUNW_C_KeyToObject(CK_SESSION_HANDLE hSession,
|
|
269 |
+ CK_MECHANISM_TYPE mech, const void *rawkey, size_t rawkey_len,
|
|
270 |
+ CK_OBJECT_HANDLE_PTR obj);
|
|
271 |
+
|
|
272 |
+
|
|
273 |
+#ifdef __cplusplus
|
|
274 |
+}
|
|
275 |
+#endif
|
|
276 |
+
|
|
277 |
+#endif /* _CRYPTOKI_H */
|
|
278 |
diff -ruN openssl-0.9.8k/crypto/engine/eng_all.c openssl-0.9.8k/crypto/engine/eng_all.c
|
|
279 |
--- openssl-0.9.8k/crypto/engine/eng_all.c 2008-06-04 20:01:39.000000000 +0200
|
|
280 |
+++ openssl-0.9.8k/crypto/engine/eng_all.c 2009-05-15 10:59:32.376328302 +0200
|
|
281 |
@@ -71,7 +71,17 @@
|
|
282 |
#if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
|
|
283 |
ENGINE_load_padlock();
|
|
284 |
#endif
|
|
285 |
+/*
|
|
286 |
+ * On Solaris we must disable the dynamic engine loading until we enforce
|
|
287 |
+ * signing of the modules, otherwise this is crypto with a hole.
|
|
288 |
+ * This is a US Government Export Approval required change.
|
|
289 |
+ */
|
|
290 |
+#ifndef SOLARIS_OPENSSL
|
|
291 |
ENGINE_load_dynamic();
|
|
292 |
+#endif
|
|
293 |
+#ifndef OPENSSL_NO_HW_PKCS11
|
|
294 |
+ ENGINE_load_pk11();
|
|
295 |
+#endif
|
|
296 |
#ifndef OPENSSL_NO_STATIC_ENGINE
|
|
297 |
#ifndef OPENSSL_NO_HW
|
|
298 |
#ifndef OPENSSL_NO_HW_4758_CCA
|
|
299 |
diff -ruN openssl-0.9.8k/crypto/engine/eng_cnf.c openssl-0.9.8k/crypto/engine/eng_cnf.c
|
|
300 |
--- openssl-0.9.8k/crypto/engine/eng_cnf.c 2008-11-05 19:36:43.000000000 +0100
|
|
301 |
+++ openssl-0.9.8k/crypto/engine/eng_cnf.c 2009-05-15 10:59:32.376911395 +0200
|
|
302 |
@@ -132,6 +132,13 @@
|
|
303 |
/* Load a dynamic ENGINE */
|
|
304 |
else if (!strcmp(ctrlname, "dynamic_path"))
|
|
305 |
{
|
|
306 |
+#ifdef SOLARIS_OPENSSL
|
|
307 |
+ /*
|
|
308 |
+ * Dynamic engines must be disabled until signature
|
|
309 |
+ * verification is implemented.
|
|
310 |
+ */
|
|
311 |
+ goto err;
|
|
312 |
+#endif /* SOLARIS_OPENSSL */
|
|
313 |
e = ENGINE_by_id("dynamic");
|
|
314 |
if (!e)
|
|
315 |
goto err;
|
|
316 |
diff -ruN openssl-0.9.8k/crypto/engine/engine.h openssl-0.9.8k/crypto/engine/engine.h
|
|
317 |
--- openssl-0.9.8k/crypto/engine/engine.h 2008-06-04 20:01:40.000000000 +0200
|
|
318 |
+++ openssl-0.9.8k/crypto/engine/engine.h 2009-05-15 10:59:32.377813267 +0200
|
|
319 |
@@ -337,6 +337,7 @@
|
|
320 |
void ENGINE_load_ubsec(void);
|
|
321 |
#endif
|
|
322 |
void ENGINE_load_cryptodev(void);
|
|
323 |
+void ENGINE_load_pk11(void);
|
|
324 |
void ENGINE_load_padlock(void);
|
|
325 |
void ENGINE_load_builtin_engines(void);
|
|
326 |
#ifndef OPENSSL_NO_CAPIENG
|
|
327 |
diff -ruN openssl-0.9.8k/crypto/engine/pkcs11.h openssl-0.9.8k/crypto/engine/pkcs11.h
|
|
328 |
--- openssl-0.9.8k/crypto/engine/pkcs11.h 1970-01-01 01:00:00.000000000 +0100
|
|
329 |
+++ openssl-0.9.8k/crypto/engine/pkcs11.h 2009-05-15 10:59:32.384822607 +0200
|
|
330 |
@@ -0,0 +1,299 @@
|
|
331 |
+/* pkcs11.h include file for PKCS #11. */
|
|
332 |
+/* $Revision: 1.4 $ */
|
|
333 |
+
|
|
334 |
+/* License to copy and use this software is granted provided that it is
|
|
335 |
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
|
336 |
+ * (Cryptoki)" in all material mentioning or referencing this software.
|
|
337 |
+
|
|
338 |
+ * License is also granted to make and use derivative works provided that
|
|
339 |
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
|
|
340 |
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
|
341 |
+ * referencing the derived work.
|
|
342 |
+
|
|
343 |
+ * RSA Security Inc. makes no representations concerning either the
|
|
344 |
+ * merchantability of this software or the suitability of this software for
|
|
345 |
+ * any particular purpose. It is provided "as is" without express or implied
|
|
346 |
+ * warranty of any kind.
|
|
347 |
+ */
|
|
348 |
+
|
|
349 |
+#ifndef _PKCS11_H_
|
|
350 |
+#define _PKCS11_H_ 1
|
|
351 |
+
|
|
352 |
+#ifdef __cplusplus
|
|
353 |
+extern "C" {
|
|
354 |
+#endif
|
|
355 |
+
|
|
356 |
+/* Before including this file (pkcs11.h) (or pkcs11t.h by
|
|
357 |
+ * itself), 6 platform-specific macros must be defined. These
|
|
358 |
+ * macros are described below, and typical definitions for them
|
|
359 |
+ * are also given. Be advised that these definitions can depend
|
|
360 |
+ * on both the platform and the compiler used (and possibly also
|
|
361 |
+ * on whether a Cryptoki library is linked statically or
|
|
362 |
+ * dynamically).
|
|
363 |
+ *
|
|
364 |
+ * In addition to defining these 6 macros, the packing convention
|
|
365 |
+ * for Cryptoki structures should be set. The Cryptoki
|
|
366 |
+ * convention on packing is that structures should be 1-byte
|
|
367 |
+ * aligned.
|
|
368 |
+ *
|
|
369 |
+ * If you're using Microsoft Developer Studio 5.0 to produce
|
|
370 |
+ * Win32 stuff, this might be done by using the following
|
|
371 |
+ * preprocessor directive before including pkcs11.h or pkcs11t.h:
|
|
372 |
+ *
|
|
373 |
+ * #pragma pack(push, cryptoki, 1)
|
|
374 |
+ *
|
|
375 |
+ * and using the following preprocessor directive after including
|
|
376 |
+ * pkcs11.h or pkcs11t.h:
|
|
377 |
+ *
|
|
378 |
+ * #pragma pack(pop, cryptoki)
|
|
379 |
+ *
|
|
380 |
+ * If you're using an earlier version of Microsoft Developer
|
|
381 |
+ * Studio to produce Win16 stuff, this might be done by using
|
|
382 |
+ * the following preprocessor directive before including
|
|
383 |
+ * pkcs11.h or pkcs11t.h:
|
|
384 |
+ *
|
|
385 |
+ * #pragma pack(1)
|
|
386 |
+ *
|
|
387 |
+ * In a UNIX environment, you're on your own for this. You might
|
|
388 |
+ * not need to do (or be able to do!) anything.
|
|
389 |
+ *
|
|
390 |
+ *
|
|
391 |
+ * Now for the macros:
|
|
392 |
+ *
|
|
393 |
+ *
|
|
394 |
+ * 1. CK_PTR: The indirection string for making a pointer to an
|
|
395 |
+ * object. It can be used like this:
|
|
396 |
+ *
|
|
397 |
+ * typedef CK_BYTE CK_PTR CK_BYTE_PTR;
|
|
398 |
+ *
|
|
399 |
+ * If you're using Microsoft Developer Studio 5.0 to produce
|
|
400 |
+ * Win32 stuff, it might be defined by:
|
|
401 |
+ *
|
|
402 |
+ * #define CK_PTR *
|
|
403 |
+ *
|
|
404 |
+ * If you're using an earlier version of Microsoft Developer
|
|
405 |
+ * Studio to produce Win16 stuff, it might be defined by:
|
|
406 |
+ *
|
|
407 |
+ * #define CK_PTR far *
|
|
408 |
+ *
|
|
409 |
+ * In a typical UNIX environment, it might be defined by:
|
|
410 |
+ *
|
|
411 |
+ * #define CK_PTR *
|
|
412 |
+ *
|
|
413 |
+ *
|
|
414 |
+ * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes
|
|
415 |
+ * an exportable Cryptoki library function definition out of a
|
|
416 |
+ * return type and a function name. It should be used in the
|
|
417 |
+ * following fashion to define the exposed Cryptoki functions in
|
|
418 |
+ * a Cryptoki library:
|
|
419 |
+ *
|
|
420 |
+ * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)(
|
|
421 |
+ * CK_VOID_PTR pReserved
|
|
422 |
+ * )
|
|
423 |
+ * {
|
|
424 |
+ * ...
|
|
425 |
+ * }
|
|
426 |
+ *
|
|
427 |
+ * If you're using Microsoft Developer Studio 5.0 to define a
|
|
428 |
+ * function in a Win32 Cryptoki .dll, it might be defined by:
|
|
429 |
+ *
|
|
430 |
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
431 |
+ * returnType __declspec(dllexport) name
|
|
432 |
+ *
|
|
433 |
+ * If you're using an earlier version of Microsoft Developer
|
|
434 |
+ * Studio to define a function in a Win16 Cryptoki .dll, it
|
|
435 |
+ * might be defined by:
|
|
436 |
+ *
|
|
437 |
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
438 |
+ * returnType __export _far _pascal name
|
|
439 |
+ *
|
|
440 |
+ * In a UNIX environment, it might be defined by:
|
|
441 |
+ *
|
|
442 |
+ * #define CK_DEFINE_FUNCTION(returnType, name) \
|
|
443 |
+ * returnType name
|
|
444 |
+ *
|
|
445 |
+ *
|
|
446 |
+ * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes
|
|
447 |
+ * an importable Cryptoki library function declaration out of a
|
|
448 |
+ * return type and a function name. It should be used in the
|
|
449 |
+ * following fashion:
|
|
450 |
+ *
|
|
451 |
+ * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)(
|
|
452 |
+ * CK_VOID_PTR pReserved
|
|
453 |
+ * );
|
|
454 |
+ *
|
|
455 |
+ * If you're using Microsoft Developer Studio 5.0 to declare a
|
|
456 |
+ * function in a Win32 Cryptoki .dll, it might be defined by:
|
|
457 |
+ *
|
|
458 |
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
|
|
459 |
+ * returnType __declspec(dllimport) name
|
|
460 |
+ *
|
|
461 |
+ * If you're using an earlier version of Microsoft Developer
|
|
462 |
+ * Studio to declare a function in a Win16 Cryptoki .dll, it
|
|
463 |
+ * might be defined by:
|
|
464 |
+ *
|
|
465 |
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
|
|
466 |
+ * returnType __export _far _pascal name
|
|
467 |
+ *
|
|
468 |
+ * In a UNIX environment, it might be defined by:
|
|
469 |
+ *
|
|
470 |
+ * #define CK_DECLARE_FUNCTION(returnType, name) \
|
|
471 |
+ * returnType name
|
|
472 |
+ *
|
|
473 |
+ *
|
|
474 |
+ * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro
|
|
475 |
+ * which makes a Cryptoki API function pointer declaration or
|
|
476 |
+ * function pointer type declaration out of a return type and a
|
|
477 |
+ * function name. It should be used in the following fashion:
|
|
478 |
+ *
|
|
479 |
+ * // Define funcPtr to be a pointer to a Cryptoki API function
|
|
480 |
+ * // taking arguments args and returning CK_RV.
|
|
481 |
+ * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args);
|
|
482 |
+ *
|
|
483 |
+ * or
|
|
484 |
+ *
|
|
485 |
+ * // Define funcPtrType to be the type of a pointer to a
|
|
486 |
+ * // Cryptoki API function taking arguments args and returning
|
|
487 |
+ * // CK_RV, and then define funcPtr to be a variable of type
|
|
488 |
+ * // funcPtrType.
|
|
489 |
+ * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args);
|
|
490 |
+ * funcPtrType funcPtr;
|
|
491 |
+ *
|
|
492 |
+ * If you're using Microsoft Developer Studio 5.0 to access
|
|
493 |
+ * functions in a Win32 Cryptoki .dll, in might be defined by:
|
|
494 |
+ *
|
|
495 |
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
|
|
496 |
+ * returnType __declspec(dllimport) (* name)
|
|
497 |
+ *
|
|
498 |
+ * If you're using an earlier version of Microsoft Developer
|
|
499 |
+ * Studio to access functions in a Win16 Cryptoki .dll, it might
|
|
500 |
+ * be defined by:
|
|
501 |
+ *
|
|
502 |
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
|
|
503 |
+ * returnType __export _far _pascal (* name)
|
|
504 |
+ *
|
|
505 |
+ * In a UNIX environment, it might be defined by:
|
|
506 |
+ *
|
|
507 |
+ * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \
|
|
508 |
+ * returnType (* name)
|
|
509 |
+ *
|
|
510 |
+ *
|
|
511 |
+ * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes
|
|
512 |
+ * a function pointer type for an application callback out of
|
|
513 |
+ * a return type for the callback and a name for the callback.
|
|
514 |
+ * It should be used in the following fashion:
|
|
515 |
+ *
|
|
516 |
+ * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args);
|
|
517 |
+ *
|
|
518 |
+ * to declare a function pointer, myCallback, to a callback
|
|
519 |
+ * which takes arguments args and returns a CK_RV. It can also
|
|
520 |
+ * be used like this:
|
|
521 |
+ *
|
|
522 |
+ * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args);
|
|
523 |
+ * myCallbackType myCallback;
|
|
524 |
+ *
|
|
525 |
+ * If you're using Microsoft Developer Studio 5.0 to do Win32
|
|
526 |
+ * Cryptoki development, it might be defined by:
|
|
527 |
+ *
|
|
528 |
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
|
|
529 |
+ * returnType (* name)
|
|
530 |
+ *
|
|
531 |
+ * If you're using an earlier version of Microsoft Developer
|
|
532 |
+ * Studio to do Win16 development, it might be defined by:
|
|
533 |
+ *
|
|
534 |
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
|
|
535 |
+ * returnType _far _pascal (* name)
|
|
536 |
+ *
|
|
537 |
+ * In a UNIX environment, it might be defined by:
|
|
538 |
+ *
|
|
539 |
+ * #define CK_CALLBACK_FUNCTION(returnType, name) \
|
|
540 |
+ * returnType (* name)
|
|
541 |
+ *
|
|
542 |
+ *
|
|
543 |
+ * 6. NULL_PTR: This macro is the value of a NULL pointer.
|
|
544 |
+ *
|
|
545 |
+ * In any ANSI/ISO C environment (and in many others as well),
|
|
546 |
+ * this should best be defined by
|
|
547 |
+ *
|
|
548 |
+ * #ifndef NULL_PTR
|
|
549 |
+ * #define NULL_PTR 0
|
|
550 |
+ * #endif
|
|
551 |
+ */
|
|
552 |
+
|
|
553 |
+
|
|
554 |
+/* All the various Cryptoki types and #define'd values are in the
|
|
555 |
+ * file pkcs11t.h. */
|
|
556 |
+#include "pkcs11t.h"
|
|
557 |
+
|
|
558 |
+#define __PASTE(x,y) x##y
|
|
559 |
+
|
|
560 |
+
|
|
561 |
+/* ==============================================================
|
|
562 |
+ * Define the "extern" form of all the entry points.
|
|
563 |
+ * ==============================================================
|
|
564 |
+ */
|
|
565 |
+
|
|
566 |
+#define CK_NEED_ARG_LIST 1
|
|
567 |
+#define CK_PKCS11_FUNCTION_INFO(name) \
|
|
568 |
+ extern CK_DECLARE_FUNCTION(CK_RV, name)
|
|
569 |
+
|
|
570 |
+/* pkcs11f.h has all the information about the Cryptoki
|
|
571 |
+ * function prototypes. */
|
|
572 |
+#include "pkcs11f.h"
|
|
573 |
+
|
|
574 |
+#undef CK_NEED_ARG_LIST
|
|
575 |
+#undef CK_PKCS11_FUNCTION_INFO
|
|
576 |
+
|
|
577 |
+
|
|
578 |
+/* ==============================================================
|
|
579 |
+ * Define the typedef form of all the entry points. That is, for
|
|
580 |
+ * each Cryptoki function C_XXX, define a type CK_C_XXX which is
|
|
581 |
+ * a pointer to that kind of function.
|
|
582 |
+ * ==============================================================
|
|
583 |
+ */
|
|
584 |
+
|
|
585 |
+#define CK_NEED_ARG_LIST 1
|
|
586 |
+#define CK_PKCS11_FUNCTION_INFO(name) \
|
|
587 |
+ typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name))
|
|
588 |
+
|
|
589 |
+/* pkcs11f.h has all the information about the Cryptoki
|
|
590 |
+ * function prototypes. */
|
|
591 |
+#include "pkcs11f.h"
|
|
592 |
+
|
|
593 |
+#undef CK_NEED_ARG_LIST
|
|
594 |
+#undef CK_PKCS11_FUNCTION_INFO
|
|
595 |
+
|
|
596 |
+
|
|
597 |
+/* ==============================================================
|
|
598 |
+ * Define structed vector of entry points. A CK_FUNCTION_LIST
|
|
599 |
+ * contains a CK_VERSION indicating a library's Cryptoki version
|
|
600 |
+ * and then a whole slew of function pointers to the routines in
|
|
601 |
+ * the library. This type was declared, but not defined, in
|
|
602 |
+ * pkcs11t.h.
|
|
603 |
+ * ==============================================================
|
|
604 |
+ */
|
|
605 |
+
|
|
606 |
+#define CK_PKCS11_FUNCTION_INFO(name) \
|
|
607 |
+ __PASTE(CK_,name) name;
|
|
608 |
+
|
|
609 |
+struct CK_FUNCTION_LIST {
|
|
610 |
+
|
|
611 |
+ CK_VERSION version; /* Cryptoki version */
|
|
612 |
+
|
|
613 |
+/* Pile all the function pointers into the CK_FUNCTION_LIST. */
|
|
614 |
+/* pkcs11f.h has all the information about the Cryptoki
|
|
615 |
+ * function prototypes. */
|
|
616 |
+#include "pkcs11f.h"
|
|
617 |
+
|
|
618 |
+};
|
|
619 |
+
|
|
620 |
+#undef CK_PKCS11_FUNCTION_INFO
|
|
621 |
+
|
|
622 |
+
|
|
623 |
+#undef __PASTE
|
|
624 |
+
|
|
625 |
+#ifdef __cplusplus
|
|
626 |
+}
|
|
627 |
+#endif
|
|
628 |
+
|
|
629 |
+#endif
|
|
630 |
diff -ruN openssl-0.9.8k/crypto/engine/pkcs11f.h openssl-0.9.8k/crypto/engine/pkcs11f.h
|
|
631 |
--- openssl-0.9.8k/crypto/engine/pkcs11f.h 1970-01-01 01:00:00.000000000 +0100
|
|
632 |
+++ openssl-0.9.8k/crypto/engine/pkcs11f.h 2009-05-15 10:59:32.385809195 +0200
|
|
633 |
@@ -0,0 +1,912 @@
|
|
634 |
+/* pkcs11f.h include file for PKCS #11. */
|
|
635 |
+/* $Revision: 1.4 $ */
|
|
636 |
+
|
|
637 |
+/* License to copy and use this software is granted provided that it is
|
|
638 |
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
|
639 |
+ * (Cryptoki)" in all material mentioning or referencing this software.
|
|
640 |
+
|
|
641 |
+ * License is also granted to make and use derivative works provided that
|
|
642 |
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
|
|
643 |
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
|
644 |
+ * referencing the derived work.
|
|
645 |
+
|
|
646 |
+ * RSA Security Inc. makes no representations concerning either the
|
|
647 |
+ * merchantability of this software or the suitability of this software for
|
|
648 |
+ * any particular purpose. It is provided "as is" without express or implied
|
|
649 |
+ * warranty of any kind.
|
|
650 |
+ */
|
|
651 |
+
|
|
652 |
+/* This header file contains pretty much everything about all the */
|
|
653 |
+/* Cryptoki function prototypes. Because this information is */
|
|
654 |
+/* used for more than just declaring function prototypes, the */
|
|
655 |
+/* order of the functions appearing herein is important, and */
|
|
656 |
+/* should not be altered. */
|
|
657 |
+
|
|
658 |
+/* General-purpose */
|
|
659 |
+
|
|
660 |
+/* C_Initialize initializes the Cryptoki library. */
|
|
661 |
+CK_PKCS11_FUNCTION_INFO(C_Initialize)
|
|
662 |
+#ifdef CK_NEED_ARG_LIST
|
|
663 |
+(
|
|
664 |
+ CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
|
|
665 |
+ * cast to CK_C_INITIALIZE_ARGS_PTR
|
|
666 |
+ * and dereferenced */
|
|
667 |
+);
|
|
668 |
+#endif
|
|
669 |
+
|
|
670 |
+
|
|
671 |
+/* C_Finalize indicates that an application is done with the
|
|
672 |
+ * Cryptoki library. */
|
|
673 |
+CK_PKCS11_FUNCTION_INFO(C_Finalize)
|
|
674 |
+#ifdef CK_NEED_ARG_LIST
|
|
675 |
+(
|
|
676 |
+ CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
|
|
677 |
+);
|
|
678 |
+#endif
|
|
679 |
+
|
|
680 |
+
|
|
681 |
+/* C_GetInfo returns general information about Cryptoki. */
|
|
682 |
+CK_PKCS11_FUNCTION_INFO(C_GetInfo)
|
|
683 |
+#ifdef CK_NEED_ARG_LIST
|
|
684 |
+(
|
|
685 |
+ CK_INFO_PTR pInfo /* location that receives information */
|
|
686 |
+);
|
|
687 |
+#endif
|
|
688 |
+
|
|
689 |
+
|
|
690 |
+/* C_GetFunctionList returns the function list. */
|
|
691 |
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionList)
|
|
692 |
+#ifdef CK_NEED_ARG_LIST
|
|
693 |
+(
|
|
694 |
+ CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
|
|
695 |
+ * function list */
|
|
696 |
+);
|
|
697 |
+#endif
|
|
698 |
+
|
|
699 |
+
|
|
700 |
+
|
|
701 |
+/* Slot and token management */
|
|
702 |
+
|
|
703 |
+/* C_GetSlotList obtains a list of slots in the system. */
|
|
704 |
+CK_PKCS11_FUNCTION_INFO(C_GetSlotList)
|
|
705 |
+#ifdef CK_NEED_ARG_LIST
|
|
706 |
+(
|
|
707 |
+ CK_BBOOL tokenPresent, /* only slots with tokens? */
|
|
708 |
+ CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */
|
|
709 |
+ CK_ULONG_PTR pulCount /* receives number of slots */
|
|
710 |
+);
|
|
711 |
+#endif
|
|
712 |
+
|
|
713 |
+
|
|
714 |
+/* C_GetSlotInfo obtains information about a particular slot in
|
|
715 |
+ * the system. */
|
|
716 |
+CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo)
|
|
717 |
+#ifdef CK_NEED_ARG_LIST
|
|
718 |
+(
|
|
719 |
+ CK_SLOT_ID slotID, /* the ID of the slot */
|
|
720 |
+ CK_SLOT_INFO_PTR pInfo /* receives the slot information */
|
|
721 |
+);
|
|
722 |
+#endif
|
|
723 |
+
|
|
724 |
+
|
|
725 |
+/* C_GetTokenInfo obtains information about a particular token
|
|
726 |
+ * in the system. */
|
|
727 |
+CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo)
|
|
728 |
+#ifdef CK_NEED_ARG_LIST
|
|
729 |
+(
|
|
730 |
+ CK_SLOT_ID slotID, /* ID of the token's slot */
|
|
731 |
+ CK_TOKEN_INFO_PTR pInfo /* receives the token information */
|
|
732 |
+);
|
|
733 |
+#endif
|
|
734 |
+
|
|
735 |
+
|
|
736 |
+/* C_GetMechanismList obtains a list of mechanism types
|
|
737 |
+ * supported by a token. */
|
|
738 |
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismList)
|
|
739 |
+#ifdef CK_NEED_ARG_LIST
|
|
740 |
+(
|
|
741 |
+ CK_SLOT_ID slotID, /* ID of token's slot */
|
|
742 |
+ CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */
|
|
743 |
+ CK_ULONG_PTR pulCount /* gets # of mechs. */
|
|
744 |
+);
|
|
745 |
+#endif
|
|
746 |
+
|
|
747 |
+
|
|
748 |
+/* C_GetMechanismInfo obtains information about a particular
|
|
749 |
+ * mechanism possibly supported by a token. */
|
|
750 |
+CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo)
|
|
751 |
+#ifdef CK_NEED_ARG_LIST
|
|
752 |
+(
|
|
753 |
+ CK_SLOT_ID slotID, /* ID of the token's slot */
|
|
754 |
+ CK_MECHANISM_TYPE type, /* type of mechanism */
|
|
755 |
+ CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
|
|
756 |
+);
|
|
757 |
+#endif
|
|
758 |
+
|
|
759 |
+
|
|
760 |
+/* C_InitToken initializes a token. */
|
|
761 |
+CK_PKCS11_FUNCTION_INFO(C_InitToken)
|
|
762 |
+#ifdef CK_NEED_ARG_LIST
|
|
763 |
+/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
|
|
764 |
+(
|
|
765 |
+ CK_SLOT_ID slotID, /* ID of the token's slot */
|
|
766 |
+ CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */
|
|
767 |
+ CK_ULONG ulPinLen, /* length in bytes of the PIN */
|
|
768 |
+ CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
|
|
769 |
+);
|
|
770 |
+#endif
|
|
771 |
+
|
|
772 |
+
|
|
773 |
+/* C_InitPIN initializes the normal user's PIN. */
|
|
774 |
+CK_PKCS11_FUNCTION_INFO(C_InitPIN)
|
|
775 |
+#ifdef CK_NEED_ARG_LIST
|
|
776 |
+(
|
|
777 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
778 |
+ CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */
|
|
779 |
+ CK_ULONG ulPinLen /* length in bytes of the PIN */
|
|
780 |
+);
|
|
781 |
+#endif
|
|
782 |
+
|
|
783 |
+
|
|
784 |
+/* C_SetPIN modifies the PIN of the user who is logged in. */
|
|
785 |
+CK_PKCS11_FUNCTION_INFO(C_SetPIN)
|
|
786 |
+#ifdef CK_NEED_ARG_LIST
|
|
787 |
+(
|
|
788 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
789 |
+ CK_UTF8CHAR_PTR pOldPin, /* the old PIN */
|
|
790 |
+ CK_ULONG ulOldLen, /* length of the old PIN */
|
|
791 |
+ CK_UTF8CHAR_PTR pNewPin, /* the new PIN */
|
|
792 |
+ CK_ULONG ulNewLen /* length of the new PIN */
|
|
793 |
+);
|
|
794 |
+#endif
|
|
795 |
+
|
|
796 |
+
|
|
797 |
+
|
|
798 |
+/* Session management */
|
|
799 |
+
|
|
800 |
+/* C_OpenSession opens a session between an application and a
|
|
801 |
+ * token. */
|
|
802 |
+CK_PKCS11_FUNCTION_INFO(C_OpenSession)
|
|
803 |
+#ifdef CK_NEED_ARG_LIST
|
|
804 |
+(
|
|
805 |
+ CK_SLOT_ID slotID, /* the slot's ID */
|
|
806 |
+ CK_FLAGS flags, /* from CK_SESSION_INFO */
|
|
807 |
+ CK_VOID_PTR pApplication, /* passed to callback */
|
|
808 |
+ CK_NOTIFY Notify, /* callback function */
|
|
809 |
+ CK_SESSION_HANDLE_PTR phSession /* gets session handle */
|
|
810 |
+);
|
|
811 |
+#endif
|
|
812 |
+
|
|
813 |
+
|
|
814 |
+/* C_CloseSession closes a session between an application and a
|
|
815 |
+ * token. */
|
|
816 |
+CK_PKCS11_FUNCTION_INFO(C_CloseSession)
|
|
817 |
+#ifdef CK_NEED_ARG_LIST
|
|
818 |
+(
|
|
819 |
+ CK_SESSION_HANDLE hSession /* the session's handle */
|
|
820 |
+);
|
|
821 |
+#endif
|
|
822 |
+
|
|
823 |
+
|
|
824 |
+/* C_CloseAllSessions closes all sessions with a token. */
|
|
825 |
+CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions)
|
|
826 |
+#ifdef CK_NEED_ARG_LIST
|
|
827 |
+(
|
|
828 |
+ CK_SLOT_ID slotID /* the token's slot */
|
|
829 |
+);
|
|
830 |
+#endif
|
|
831 |
+
|
|
832 |
+
|
|
833 |
+/* C_GetSessionInfo obtains information about the session. */
|
|
834 |
+CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo)
|
|
835 |
+#ifdef CK_NEED_ARG_LIST
|
|
836 |
+(
|
|
837 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
838 |
+ CK_SESSION_INFO_PTR pInfo /* receives session info */
|
|
839 |
+);
|
|
840 |
+#endif
|
|
841 |
+
|
|
842 |
+
|
|
843 |
+/* C_GetOperationState obtains the state of the cryptographic operation
|
|
844 |
+ * in a session. */
|
|
845 |
+CK_PKCS11_FUNCTION_INFO(C_GetOperationState)
|
|
846 |
+#ifdef CK_NEED_ARG_LIST
|
|
847 |
+(
|
|
848 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
849 |
+ CK_BYTE_PTR pOperationState, /* gets state */
|
|
850 |
+ CK_ULONG_PTR pulOperationStateLen /* gets state length */
|
|
851 |
+);
|
|
852 |
+#endif
|
|
853 |
+
|
|
854 |
+
|
|
855 |
+/* C_SetOperationState restores the state of the cryptographic
|
|
856 |
+ * operation in a session. */
|
|
857 |
+CK_PKCS11_FUNCTION_INFO(C_SetOperationState)
|
|
858 |
+#ifdef CK_NEED_ARG_LIST
|
|
859 |
+(
|
|
860 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
861 |
+ CK_BYTE_PTR pOperationState, /* holds state */
|
|
862 |
+ CK_ULONG ulOperationStateLen, /* holds state length */
|
|
863 |
+ CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */
|
|
864 |
+ CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
|
|
865 |
+);
|
|
866 |
+#endif
|
|
867 |
+
|
|
868 |
+
|
|
869 |
+/* C_Login logs a user into a token. */
|
|
870 |
+CK_PKCS11_FUNCTION_INFO(C_Login)
|
|
871 |
+#ifdef CK_NEED_ARG_LIST
|
|
872 |
+(
|
|
873 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
874 |
+ CK_USER_TYPE userType, /* the user type */
|
|
875 |
+ CK_UTF8CHAR_PTR pPin, /* the user's PIN */
|
|
876 |
+ CK_ULONG ulPinLen /* the length of the PIN */
|
|
877 |
+);
|
|
878 |
+#endif
|
|
879 |
+
|
|
880 |
+
|
|
881 |
+/* C_Logout logs a user out from a token. */
|
|
882 |
+CK_PKCS11_FUNCTION_INFO(C_Logout)
|
|
883 |
+#ifdef CK_NEED_ARG_LIST
|
|
884 |
+(
|
|
885 |
+ CK_SESSION_HANDLE hSession /* the session's handle */
|
|
886 |
+);
|
|
887 |
+#endif
|
|
888 |
+
|
|
889 |
+
|
|
890 |
+
|
|
891 |
+/* Object management */
|
|
892 |
+
|
|
893 |
+/* C_CreateObject creates a new object. */
|
|
894 |
+CK_PKCS11_FUNCTION_INFO(C_CreateObject)
|
|
895 |
+#ifdef CK_NEED_ARG_LIST
|
|
896 |
+(
|
|
897 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
898 |
+ CK_ATTRIBUTE_PTR pTemplate, /* the object's template */
|
|
899 |
+ CK_ULONG ulCount, /* attributes in template */
|
|
900 |
+ CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
|
|
901 |
+);
|
|
902 |
+#endif
|
|
903 |
+
|
|
904 |
+
|
|
905 |
+/* C_CopyObject copies an object, creating a new object for the
|
|
906 |
+ * copy. */
|
|
907 |
+CK_PKCS11_FUNCTION_INFO(C_CopyObject)
|
|
908 |
+#ifdef CK_NEED_ARG_LIST
|
|
909 |
+(
|
|
910 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
911 |
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
|
|
912 |
+ CK_ATTRIBUTE_PTR pTemplate, /* template for new object */
|
|
913 |
+ CK_ULONG ulCount, /* attributes in template */
|
|
914 |
+ CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
|
|
915 |
+);
|
|
916 |
+#endif
|
|
917 |
+
|
|
918 |
+
|
|
919 |
+/* C_DestroyObject destroys an object. */
|
|
920 |
+CK_PKCS11_FUNCTION_INFO(C_DestroyObject)
|
|
921 |
+#ifdef CK_NEED_ARG_LIST
|
|
922 |
+(
|
|
923 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
924 |
+ CK_OBJECT_HANDLE hObject /* the object's handle */
|
|
925 |
+);
|
|
926 |
+#endif
|
|
927 |
+
|
|
928 |
+
|
|
929 |
+/* C_GetObjectSize gets the size of an object in bytes. */
|
|
930 |
+CK_PKCS11_FUNCTION_INFO(C_GetObjectSize)
|
|
931 |
+#ifdef CK_NEED_ARG_LIST
|
|
932 |
+(
|
|
933 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
934 |
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
|
|
935 |
+ CK_ULONG_PTR pulSize /* receives size of object */
|
|
936 |
+);
|
|
937 |
+#endif
|
|
938 |
+
|
|
939 |
+
|
|
940 |
+/* C_GetAttributeValue obtains the value of one or more object
|
|
941 |
+ * attributes. */
|
|
942 |
+CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue)
|
|
943 |
+#ifdef CK_NEED_ARG_LIST
|
|
944 |
+(
|
|
945 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
946 |
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
|
|
947 |
+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */
|
|
948 |
+ CK_ULONG ulCount /* attributes in template */
|
|
949 |
+);
|
|
950 |
+#endif
|
|
951 |
+
|
|
952 |
+
|
|
953 |
+/* C_SetAttributeValue modifies the value of one or more object
|
|
954 |
+ * attributes */
|
|
955 |
+CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue)
|
|
956 |
+#ifdef CK_NEED_ARG_LIST
|
|
957 |
+(
|
|
958 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
959 |
+ CK_OBJECT_HANDLE hObject, /* the object's handle */
|
|
960 |
+ CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */
|
|
961 |
+ CK_ULONG ulCount /* attributes in template */
|
|
962 |
+);
|
|
963 |
+#endif
|
|
964 |
+
|
|
965 |
+
|
|
966 |
+/* C_FindObjectsInit initializes a search for token and session
|
|
967 |
+ * objects that match a template. */
|
|
968 |
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit)
|
|
969 |
+#ifdef CK_NEED_ARG_LIST
|
|
970 |
+(
|
|
971 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
972 |
+ CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */
|
|
973 |
+ CK_ULONG ulCount /* attrs in search template */
|
|
974 |
+);
|
|
975 |
+#endif
|
|
976 |
+
|
|
977 |
+
|
|
978 |
+/* C_FindObjects continues a search for token and session
|
|
979 |
+ * objects that match a template, obtaining additional object
|
|
980 |
+ * handles. */
|
|
981 |
+CK_PKCS11_FUNCTION_INFO(C_FindObjects)
|
|
982 |
+#ifdef CK_NEED_ARG_LIST
|
|
983 |
+(
|
|
984 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
985 |
+ CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */
|
|
986 |
+ CK_ULONG ulMaxObjectCount, /* max handles to get */
|
|
987 |
+ CK_ULONG_PTR pulObjectCount /* actual # returned */
|
|
988 |
+);
|
|
989 |
+#endif
|
|
990 |
+
|
|
991 |
+
|
|
992 |
+/* C_FindObjectsFinal finishes a search for token and session
|
|
993 |
+ * objects. */
|
|
994 |
+CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal)
|
|
995 |
+#ifdef CK_NEED_ARG_LIST
|
|
996 |
+(
|
|
997 |
+ CK_SESSION_HANDLE hSession /* the session's handle */
|
|
998 |
+);
|
|
999 |
+#endif
|
|
1000 |
+
|
|
1001 |
+
|
|
1002 |
+
|
|
1003 |
+/* Encryption and decryption */
|
|
1004 |
+
|
|
1005 |
+/* C_EncryptInit initializes an encryption operation. */
|
|
1006 |
+CK_PKCS11_FUNCTION_INFO(C_EncryptInit)
|
|
1007 |
+#ifdef CK_NEED_ARG_LIST
|
|
1008 |
+(
|
|
1009 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1010 |
+ CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */
|
|
1011 |
+ CK_OBJECT_HANDLE hKey /* handle of encryption key */
|
|
1012 |
+);
|
|
1013 |
+#endif
|
|
1014 |
+
|
|
1015 |
+
|
|
1016 |
+/* C_Encrypt encrypts single-part data. */
|
|
1017 |
+CK_PKCS11_FUNCTION_INFO(C_Encrypt)
|
|
1018 |
+#ifdef CK_NEED_ARG_LIST
|
|
1019 |
+(
|
|
1020 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1021 |
+ CK_BYTE_PTR pData, /* the plaintext data */
|
|
1022 |
+ CK_ULONG ulDataLen, /* bytes of plaintext */
|
|
1023 |
+ CK_BYTE_PTR pEncryptedData, /* gets ciphertext */
|
|
1024 |
+ CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
|
|
1025 |
+);
|
|
1026 |
+#endif
|
|
1027 |
+
|
|
1028 |
+
|
|
1029 |
+/* C_EncryptUpdate continues a multiple-part encryption
|
|
1030 |
+ * operation. */
|
|
1031 |
+CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate)
|
|
1032 |
+#ifdef CK_NEED_ARG_LIST
|
|
1033 |
+(
|
|
1034 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1035 |
+ CK_BYTE_PTR pPart, /* the plaintext data */
|
|
1036 |
+ CK_ULONG ulPartLen, /* plaintext data len */
|
|
1037 |
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
|
|
1038 |
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
|
|
1039 |
+);
|
|
1040 |
+#endif
|
|
1041 |
+
|
|
1042 |
+
|
|
1043 |
+/* C_EncryptFinal finishes a multiple-part encryption
|
|
1044 |
+ * operation. */
|
|
1045 |
+CK_PKCS11_FUNCTION_INFO(C_EncryptFinal)
|
|
1046 |
+#ifdef CK_NEED_ARG_LIST
|
|
1047 |
+(
|
|
1048 |
+ CK_SESSION_HANDLE hSession, /* session handle */
|
|
1049 |
+ CK_BYTE_PTR pLastEncryptedPart, /* last c-text */
|
|
1050 |
+ CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
|
|
1051 |
+);
|
|
1052 |
+#endif
|
|
1053 |
+
|
|
1054 |
+
|
|
1055 |
+/* C_DecryptInit initializes a decryption operation. */
|
|
1056 |
+CK_PKCS11_FUNCTION_INFO(C_DecryptInit)
|
|
1057 |
+#ifdef CK_NEED_ARG_LIST
|
|
1058 |
+(
|
|
1059 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1060 |
+ CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */
|
|
1061 |
+ CK_OBJECT_HANDLE hKey /* handle of decryption key */
|
|
1062 |
+);
|
|
1063 |
+#endif
|
|
1064 |
+
|
|
1065 |
+
|
|
1066 |
+/* C_Decrypt decrypts encrypted data in a single part. */
|
|
1067 |
+CK_PKCS11_FUNCTION_INFO(C_Decrypt)
|
|
1068 |
+#ifdef CK_NEED_ARG_LIST
|
|
1069 |
+(
|
|
1070 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1071 |
+ CK_BYTE_PTR pEncryptedData, /* ciphertext */
|
|
1072 |
+ CK_ULONG ulEncryptedDataLen, /* ciphertext length */
|
|
1073 |
+ CK_BYTE_PTR pData, /* gets plaintext */
|
|
1074 |
+ CK_ULONG_PTR pulDataLen /* gets p-text size */
|
|
1075 |
+);
|
|
1076 |
+#endif
|
|
1077 |
+
|
|
1078 |
+
|
|
1079 |
+/* C_DecryptUpdate continues a multiple-part decryption
|
|
1080 |
+ * operation. */
|
|
1081 |
+CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate)
|
|
1082 |
+#ifdef CK_NEED_ARG_LIST
|
|
1083 |
+(
|
|
1084 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1085 |
+ CK_BYTE_PTR pEncryptedPart, /* encrypted data */
|
|
1086 |
+ CK_ULONG ulEncryptedPartLen, /* input length */
|
|
1087 |
+ CK_BYTE_PTR pPart, /* gets plaintext */
|
|
1088 |
+ CK_ULONG_PTR pulPartLen /* p-text size */
|
|
1089 |
+);
|
|
1090 |
+#endif
|
|
1091 |
+
|
|
1092 |
+
|
|
1093 |
+/* C_DecryptFinal finishes a multiple-part decryption
|
|
1094 |
+ * operation. */
|
|
1095 |
+CK_PKCS11_FUNCTION_INFO(C_DecryptFinal)
|
|
1096 |
+#ifdef CK_NEED_ARG_LIST
|
|
1097 |
+(
|
|
1098 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1099 |
+ CK_BYTE_PTR pLastPart, /* gets plaintext */
|
|
1100 |
+ CK_ULONG_PTR pulLastPartLen /* p-text size */
|
|
1101 |
+);
|
|
1102 |
+#endif
|
|
1103 |
+
|
|
1104 |
+
|
|
1105 |
+
|
|
1106 |
+/* Message digesting */
|
|
1107 |
+
|
|
1108 |
+/* C_DigestInit initializes a message-digesting operation. */
|
|
1109 |
+CK_PKCS11_FUNCTION_INFO(C_DigestInit)
|
|
1110 |
+#ifdef CK_NEED_ARG_LIST
|
|
1111 |
+(
|
|
1112 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1113 |
+ CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
|
|
1114 |
+);
|
|
1115 |
+#endif
|
|
1116 |
+
|
|
1117 |
+
|
|
1118 |
+/* C_Digest digests data in a single part. */
|
|
1119 |
+CK_PKCS11_FUNCTION_INFO(C_Digest)
|
|
1120 |
+#ifdef CK_NEED_ARG_LIST
|
|
1121 |
+(
|
|
1122 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1123 |
+ CK_BYTE_PTR pData, /* data to be digested */
|
|
1124 |
+ CK_ULONG ulDataLen, /* bytes of data to digest */
|
|
1125 |
+ CK_BYTE_PTR pDigest, /* gets the message digest */
|
|
1126 |
+ CK_ULONG_PTR pulDigestLen /* gets digest length */
|
|
1127 |
+);
|
|
1128 |
+#endif
|
|
1129 |
+
|
|
1130 |
+
|
|
1131 |
+/* C_DigestUpdate continues a multiple-part message-digesting
|
|
1132 |
+ * operation. */
|
|
1133 |
+CK_PKCS11_FUNCTION_INFO(C_DigestUpdate)
|
|
1134 |
+#ifdef CK_NEED_ARG_LIST
|
|
1135 |
+(
|
|
1136 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1137 |
+ CK_BYTE_PTR pPart, /* data to be digested */
|
|
1138 |
+ CK_ULONG ulPartLen /* bytes of data to be digested */
|
|
1139 |
+);
|
|
1140 |
+#endif
|
|
1141 |
+
|
|
1142 |
+
|
|
1143 |
+/* C_DigestKey continues a multi-part message-digesting
|
|
1144 |
+ * operation, by digesting the value of a secret key as part of
|
|
1145 |
+ * the data already digested. */
|
|
1146 |
+CK_PKCS11_FUNCTION_INFO(C_DigestKey)
|
|
1147 |
+#ifdef CK_NEED_ARG_LIST
|
|
1148 |
+(
|
|
1149 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1150 |
+ CK_OBJECT_HANDLE hKey /* secret key to digest */
|
|
1151 |
+);
|
|
1152 |
+#endif
|
|
1153 |
+
|
|
1154 |
+
|
|
1155 |
+/* C_DigestFinal finishes a multiple-part message-digesting
|
|
1156 |
+ * operation. */
|
|
1157 |
+CK_PKCS11_FUNCTION_INFO(C_DigestFinal)
|
|
1158 |
+#ifdef CK_NEED_ARG_LIST
|
|
1159 |
+(
|
|
1160 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1161 |
+ CK_BYTE_PTR pDigest, /* gets the message digest */
|
|
1162 |
+ CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
|
|
1163 |
+);
|
|
1164 |
+#endif
|
|
1165 |
+
|
|
1166 |
+
|
|
1167 |
+
|
|
1168 |
+/* Signing and MACing */
|
|
1169 |
+
|
|
1170 |
+/* C_SignInit initializes a signature (private key encryption)
|
|
1171 |
+ * operation, where the signature is (will be) an appendix to
|
|
1172 |
+ * the data, and plaintext cannot be recovered from the
|
|
1173 |
+ *signature. */
|
|
1174 |
+CK_PKCS11_FUNCTION_INFO(C_SignInit)
|
|
1175 |
+#ifdef CK_NEED_ARG_LIST
|
|
1176 |
+(
|
|
1177 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1178 |
+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
|
|
1179 |
+ CK_OBJECT_HANDLE hKey /* handle of signature key */
|
|
1180 |
+);
|
|
1181 |
+#endif
|
|
1182 |
+
|
|
1183 |
+
|
|
1184 |
+/* C_Sign signs (encrypts with private key) data in a single
|
|
1185 |
+ * part, where the signature is (will be) an appendix to the
|
|
1186 |
+ * data, and plaintext cannot be recovered from the signature. */
|
|
1187 |
+CK_PKCS11_FUNCTION_INFO(C_Sign)
|
|
1188 |
+#ifdef CK_NEED_ARG_LIST
|
|
1189 |
+(
|
|
1190 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1191 |
+ CK_BYTE_PTR pData, /* the data to sign */
|
|
1192 |
+ CK_ULONG ulDataLen, /* count of bytes to sign */
|
|
1193 |
+ CK_BYTE_PTR pSignature, /* gets the signature */
|
|
1194 |
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
|
|
1195 |
+);
|
|
1196 |
+#endif
|
|
1197 |
+
|
|
1198 |
+
|
|
1199 |
+/* C_SignUpdate continues a multiple-part signature operation,
|
|
1200 |
+ * where the signature is (will be) an appendix to the data,
|
|
1201 |
+ * and plaintext cannot be recovered from the signature. */
|
|
1202 |
+CK_PKCS11_FUNCTION_INFO(C_SignUpdate)
|
|
1203 |
+#ifdef CK_NEED_ARG_LIST
|
|
1204 |
+(
|
|
1205 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1206 |
+ CK_BYTE_PTR pPart, /* the data to sign */
|
|
1207 |
+ CK_ULONG ulPartLen /* count of bytes to sign */
|
|
1208 |
+);
|
|
1209 |
+#endif
|
|
1210 |
+
|
|
1211 |
+
|
|
1212 |
+/* C_SignFinal finishes a multiple-part signature operation,
|
|
1213 |
+ * returning the signature. */
|
|
1214 |
+CK_PKCS11_FUNCTION_INFO(C_SignFinal)
|
|
1215 |
+#ifdef CK_NEED_ARG_LIST
|
|
1216 |
+(
|
|
1217 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1218 |
+ CK_BYTE_PTR pSignature, /* gets the signature */
|
|
1219 |
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
|
|
1220 |
+);
|
|
1221 |
+#endif
|
|
1222 |
+
|
|
1223 |
+
|
|
1224 |
+/* C_SignRecoverInit initializes a signature operation, where
|
|
1225 |
+ * the data can be recovered from the signature. */
|
|
1226 |
+CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit)
|
|
1227 |
+#ifdef CK_NEED_ARG_LIST
|
|
1228 |
+(
|
|
1229 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1230 |
+ CK_MECHANISM_PTR pMechanism, /* the signature mechanism */
|
|
1231 |
+ CK_OBJECT_HANDLE hKey /* handle of the signature key */
|
|
1232 |
+);
|
|
1233 |
+#endif
|
|
1234 |
+
|
|
1235 |
+
|
|
1236 |
+/* C_SignRecover signs data in a single operation, where the
|
|
1237 |
+ * data can be recovered from the signature. */
|
|
1238 |
+CK_PKCS11_FUNCTION_INFO(C_SignRecover)
|
|
1239 |
+#ifdef CK_NEED_ARG_LIST
|
|
1240 |
+(
|
|
1241 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1242 |
+ CK_BYTE_PTR pData, /* the data to sign */
|
|
1243 |
+ CK_ULONG ulDataLen, /* count of bytes to sign */
|
|
1244 |
+ CK_BYTE_PTR pSignature, /* gets the signature */
|
|
1245 |
+ CK_ULONG_PTR pulSignatureLen /* gets signature length */
|
|
1246 |
+);
|
|
1247 |
+#endif
|
|
1248 |
+
|
|
1249 |
+
|
|
1250 |
+
|
|
1251 |
+/* Verifying signatures and MACs */
|
|
1252 |
+
|
|
1253 |
+/* C_VerifyInit initializes a verification operation, where the
|
|
1254 |
+ * signature is an appendix to the data, and plaintext cannot
|
|
1255 |
+ * cannot be recovered from the signature (e.g. DSA). */
|
|
1256 |
+CK_PKCS11_FUNCTION_INFO(C_VerifyInit)
|
|
1257 |
+#ifdef CK_NEED_ARG_LIST
|
|
1258 |
+(
|
|
1259 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1260 |
+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
|
|
1261 |
+ CK_OBJECT_HANDLE hKey /* verification key */
|
|
1262 |
+);
|
|
1263 |
+#endif
|
|
1264 |
+
|
|
1265 |
+
|
|
1266 |
+/* C_Verify verifies a signature in a single-part operation,
|
|
1267 |
+ * where the signature is an appendix to the data, and plaintext
|
|
1268 |
+ * cannot be recovered from the signature. */
|
|
1269 |
+CK_PKCS11_FUNCTION_INFO(C_Verify)
|
|
1270 |
+#ifdef CK_NEED_ARG_LIST
|
|
1271 |
+(
|
|
1272 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1273 |
+ CK_BYTE_PTR pData, /* signed data */
|
|
1274 |
+ CK_ULONG ulDataLen, /* length of signed data */
|
|
1275 |
+ CK_BYTE_PTR pSignature, /* signature */
|
|
1276 |
+ CK_ULONG ulSignatureLen /* signature length*/
|
|
1277 |
+);
|
|
1278 |
+#endif
|
|
1279 |
+
|
|
1280 |
+
|
|
1281 |
+/* C_VerifyUpdate continues a multiple-part verification
|
|
1282 |
+ * operation, where the signature is an appendix to the data,
|
|
1283 |
+ * and plaintext cannot be recovered from the signature. */
|
|
1284 |
+CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate)
|
|
1285 |
+#ifdef CK_NEED_ARG_LIST
|
|
1286 |
+(
|
|
1287 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1288 |
+ CK_BYTE_PTR pPart, /* signed data */
|
|
1289 |
+ CK_ULONG ulPartLen /* length of signed data */
|
|
1290 |
+);
|
|
1291 |
+#endif
|
|
1292 |
+
|
|
1293 |
+
|
|
1294 |
+/* C_VerifyFinal finishes a multiple-part verification
|
|
1295 |
+ * operation, checking the signature. */
|
|
1296 |
+CK_PKCS11_FUNCTION_INFO(C_VerifyFinal)
|
|
1297 |
+#ifdef CK_NEED_ARG_LIST
|
|
1298 |
+(
|
|
1299 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1300 |
+ CK_BYTE_PTR pSignature, /* signature to verify */
|
|
1301 |
+ CK_ULONG ulSignatureLen /* signature length */
|
|
1302 |
+);
|
|
1303 |
+#endif
|
|
1304 |
+
|
|
1305 |
+
|
|
1306 |
+/* C_VerifyRecoverInit initializes a signature verification
|
|
1307 |
+ * operation, where the data is recovered from the signature. */
|
|
1308 |
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit)
|
|
1309 |
+#ifdef CK_NEED_ARG_LIST
|
|
1310 |
+(
|
|
1311 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1312 |
+ CK_MECHANISM_PTR pMechanism, /* the verification mechanism */
|
|
1313 |
+ CK_OBJECT_HANDLE hKey /* verification key */
|
|
1314 |
+);
|
|
1315 |
+#endif
|
|
1316 |
+
|
|
1317 |
+
|
|
1318 |
+/* C_VerifyRecover verifies a signature in a single-part
|
|
1319 |
+ * operation, where the data is recovered from the signature. */
|
|
1320 |
+CK_PKCS11_FUNCTION_INFO(C_VerifyRecover)
|
|
1321 |
+#ifdef CK_NEED_ARG_LIST
|
|
1322 |
+(
|
|
1323 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1324 |
+ CK_BYTE_PTR pSignature, /* signature to verify */
|
|
1325 |
+ CK_ULONG ulSignatureLen, /* signature length */
|
|
1326 |
+ CK_BYTE_PTR pData, /* gets signed data */
|
|
1327 |
+ CK_ULONG_PTR pulDataLen /* gets signed data len */
|
|
1328 |
+);
|
|
1329 |
+#endif
|
|
1330 |
+
|
|
1331 |
+
|
|
1332 |
+
|
|
1333 |
+/* Dual-function cryptographic operations */
|
|
1334 |
+
|
|
1335 |
+/* C_DigestEncryptUpdate continues a multiple-part digesting
|
|
1336 |
+ * and encryption operation. */
|
|
1337 |
+CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate)
|
|
1338 |
+#ifdef CK_NEED_ARG_LIST
|
|
1339 |
+(
|
|
1340 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1341 |
+ CK_BYTE_PTR pPart, /* the plaintext data */
|
|
1342 |
+ CK_ULONG ulPartLen, /* plaintext length */
|
|
1343 |
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
|
|
1344 |
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
|
|
1345 |
+);
|
|
1346 |
+#endif
|
|
1347 |
+
|
|
1348 |
+
|
|
1349 |
+/* C_DecryptDigestUpdate continues a multiple-part decryption and
|
|
1350 |
+ * digesting operation. */
|
|
1351 |
+CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate)
|
|
1352 |
+#ifdef CK_NEED_ARG_LIST
|
|
1353 |
+(
|
|
1354 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1355 |
+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
|
|
1356 |
+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
|
|
1357 |
+ CK_BYTE_PTR pPart, /* gets plaintext */
|
|
1358 |
+ CK_ULONG_PTR pulPartLen /* gets plaintext len */
|
|
1359 |
+);
|
|
1360 |
+#endif
|
|
1361 |
+
|
|
1362 |
+
|
|
1363 |
+/* C_SignEncryptUpdate continues a multiple-part signing and
|
|
1364 |
+ * encryption operation. */
|
|
1365 |
+CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate)
|
|
1366 |
+#ifdef CK_NEED_ARG_LIST
|
|
1367 |
+(
|
|
1368 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1369 |
+ CK_BYTE_PTR pPart, /* the plaintext data */
|
|
1370 |
+ CK_ULONG ulPartLen, /* plaintext length */
|
|
1371 |
+ CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */
|
|
1372 |
+ CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
|
|
1373 |
+);
|
|
1374 |
+#endif
|
|
1375 |
+
|
|
1376 |
+
|
|
1377 |
+/* C_DecryptVerifyUpdate continues a multiple-part decryption and
|
|
1378 |
+ * verify operation. */
|
|
1379 |
+CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate)
|
|
1380 |
+#ifdef CK_NEED_ARG_LIST
|
|
1381 |
+(
|
|
1382 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1383 |
+ CK_BYTE_PTR pEncryptedPart, /* ciphertext */
|
|
1384 |
+ CK_ULONG ulEncryptedPartLen, /* ciphertext length */
|
|
1385 |
+ CK_BYTE_PTR pPart, /* gets plaintext */
|
|
1386 |
+ CK_ULONG_PTR pulPartLen /* gets p-text length */
|
|
1387 |
+);
|
|
1388 |
+#endif
|
|
1389 |
+
|
|
1390 |
+
|
|
1391 |
+
|
|
1392 |
+/* Key management */
|
|
1393 |
+
|
|
1394 |
+/* C_GenerateKey generates a secret key, creating a new key
|
|
1395 |
+ * object. */
|
|
1396 |
+CK_PKCS11_FUNCTION_INFO(C_GenerateKey)
|
|
1397 |
+#ifdef CK_NEED_ARG_LIST
|
|
1398 |
+(
|
|
1399 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1400 |
+ CK_MECHANISM_PTR pMechanism, /* key generation mech. */
|
|
1401 |
+ CK_ATTRIBUTE_PTR pTemplate, /* template for new key */
|
|
1402 |
+ CK_ULONG ulCount, /* # of attrs in template */
|
|
1403 |
+ CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
|
|
1404 |
+);
|
|
1405 |
+#endif
|
|
1406 |
+
|
|
1407 |
+
|
|
1408 |
+/* C_GenerateKeyPair generates a public-key/private-key pair,
|
|
1409 |
+ * creating new key objects. */
|
|
1410 |
+CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair)
|
|
1411 |
+#ifdef CK_NEED_ARG_LIST
|
|
1412 |
+(
|
|
1413 |
+ CK_SESSION_HANDLE hSession, /* session
|
|
1414 |
+ * handle */
|
|
1415 |
+ CK_MECHANISM_PTR pMechanism, /* key-gen
|
|
1416 |
+ * mech. */
|
|
1417 |
+ CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template
|
|
1418 |
+ * for pub.
|
|
1419 |
+ * key */
|
|
1420 |
+ CK_ULONG ulPublicKeyAttributeCount, /* # pub.
|
|
1421 |
+ * attrs. */
|
|
1422 |
+ CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template
|
|
1423 |
+ * for priv.
|
|
1424 |
+ * key */
|
|
1425 |
+ CK_ULONG ulPrivateKeyAttributeCount, /* # priv.
|
|
1426 |
+ * attrs. */
|
|
1427 |
+ CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub.
|
|
1428 |
+ * key
|
|
1429 |
+ * handle */
|
|
1430 |
+ CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
|
|
1431 |
+ * priv. key
|
|
1432 |
+ * handle */
|
|
1433 |
+);
|
|
1434 |
+#endif
|
|
1435 |
+
|
|
1436 |
+
|
|
1437 |
+/* C_WrapKey wraps (i.e., encrypts) a key. */
|
|
1438 |
+CK_PKCS11_FUNCTION_INFO(C_WrapKey)
|
|
1439 |
+#ifdef CK_NEED_ARG_LIST
|
|
1440 |
+(
|
|
1441 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1442 |
+ CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */
|
|
1443 |
+ CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */
|
|
1444 |
+ CK_OBJECT_HANDLE hKey, /* key to be wrapped */
|
|
1445 |
+ CK_BYTE_PTR pWrappedKey, /* gets wrapped key */
|
|
1446 |
+ CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
|
|
1447 |
+);
|
|
1448 |
+#endif
|
|
1449 |
+
|
|
1450 |
+
|
|
1451 |
+/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
|
|
1452 |
+ * key object. */
|
|
1453 |
+CK_PKCS11_FUNCTION_INFO(C_UnwrapKey)
|
|
1454 |
+#ifdef CK_NEED_ARG_LIST
|
|
1455 |
+(
|
|
1456 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1457 |
+ CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */
|
|
1458 |
+ CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */
|
|
1459 |
+ CK_BYTE_PTR pWrappedKey, /* the wrapped key */
|
|
1460 |
+ CK_ULONG ulWrappedKeyLen, /* wrapped key len */
|
|
1461 |
+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
|
|
1462 |
+ CK_ULONG ulAttributeCount, /* template length */
|
|
1463 |
+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
|
|
1464 |
+);
|
|
1465 |
+#endif
|
|
1466 |
+
|
|
1467 |
+
|
|
1468 |
+/* C_DeriveKey derives a key from a base key, creating a new key
|
|
1469 |
+ * object. */
|
|
1470 |
+CK_PKCS11_FUNCTION_INFO(C_DeriveKey)
|
|
1471 |
+#ifdef CK_NEED_ARG_LIST
|
|
1472 |
+(
|
|
1473 |
+ CK_SESSION_HANDLE hSession, /* session's handle */
|
|
1474 |
+ CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */
|
|
1475 |
+ CK_OBJECT_HANDLE hBaseKey, /* base key */
|
|
1476 |
+ CK_ATTRIBUTE_PTR pTemplate, /* new key template */
|
|
1477 |
+ CK_ULONG ulAttributeCount, /* template length */
|
|
1478 |
+ CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
|
|
1479 |
+);
|
|
1480 |
+#endif
|
|
1481 |
+
|
|
1482 |
+
|
|
1483 |
+
|
|
1484 |
+/* Random number generation */
|
|
1485 |
+
|
|
1486 |
+/* C_SeedRandom mixes additional seed material into the token's
|
|
1487 |
+ * random number generator. */
|
|
1488 |
+CK_PKCS11_FUNCTION_INFO(C_SeedRandom)
|
|
1489 |
+#ifdef CK_NEED_ARG_LIST
|
|
1490 |
+(
|
|
1491 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1492 |
+ CK_BYTE_PTR pSeed, /* the seed material */
|
|
1493 |
+ CK_ULONG ulSeedLen /* length of seed material */
|
|
1494 |
+);
|
|
1495 |
+#endif
|
|
1496 |
+
|
|
1497 |
+
|
|
1498 |
+/* C_GenerateRandom generates random data. */
|
|
1499 |
+CK_PKCS11_FUNCTION_INFO(C_GenerateRandom)
|
|
1500 |
+#ifdef CK_NEED_ARG_LIST
|
|
1501 |
+(
|
|
1502 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
1503 |
+ CK_BYTE_PTR RandomData, /* receives the random data */
|
|
1504 |
+ CK_ULONG ulRandomLen /* # of bytes to generate */
|
|
1505 |
+);
|
|
1506 |
+#endif
|
|
1507 |
+
|
|
1508 |
+
|
|
1509 |
+
|
|
1510 |
+/* Parallel function management */
|
|
1511 |
+
|
|
1512 |
+/* C_GetFunctionStatus is a legacy function; it obtains an
|
|
1513 |
+ * updated status of a function running in parallel with an
|
|
1514 |
+ * application. */
|
|
1515 |
+CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus)
|
|
1516 |
+#ifdef CK_NEED_ARG_LIST
|
|
1517 |
+(
|
|
1518 |
+ CK_SESSION_HANDLE hSession /* the session's handle */
|
|
1519 |
+);
|
|
1520 |
+#endif
|
|
1521 |
+
|
|
1522 |
+
|
|
1523 |
+/* C_CancelFunction is a legacy function; it cancels a function
|
|
1524 |
+ * running in parallel. */
|
|
1525 |
+CK_PKCS11_FUNCTION_INFO(C_CancelFunction)
|
|
1526 |
+#ifdef CK_NEED_ARG_LIST
|
|
1527 |
+(
|
|
1528 |
+ CK_SESSION_HANDLE hSession /* the session's handle */
|
|
1529 |
+);
|
|
1530 |
+#endif
|
|
1531 |
+
|
|
1532 |
+
|
|
1533 |
+
|
|
1534 |
+/* Functions added in for Cryptoki Version 2.01 or later */
|
|
1535 |
+
|
|
1536 |
+/* C_WaitForSlotEvent waits for a slot event (token insertion,
|
|
1537 |
+ * removal, etc.) to occur. */
|
|
1538 |
+CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent)
|
|
1539 |
+#ifdef CK_NEED_ARG_LIST
|
|
1540 |
+(
|
|
1541 |
+ CK_FLAGS flags, /* blocking/nonblocking flag */
|
|
1542 |
+ CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */
|
|
1543 |
+ CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
|
|
1544 |
+);
|
|
1545 |
+#endif
|
|
1546 |
diff -ruN openssl-0.9.8k/crypto/engine/pkcs11t.h openssl-0.9.8k/crypto/engine/pkcs11t.h
|
|
1547 |
--- openssl-0.9.8k/crypto/engine/pkcs11t.h 1970-01-01 01:00:00.000000000 +0100
|
|
1548 |
+++ openssl-0.9.8k/crypto/engine/pkcs11t.h 2009-05-15 10:59:32.387525683 +0200
|
|
1549 |
@@ -0,0 +1,1885 @@
|
|
1550 |
+/* pkcs11t.h include file for PKCS #11. */
|
|
1551 |
+/* $Revision: 1.10 $ */
|
|
1552 |
+
|
|
1553 |
+/* License to copy and use this software is granted provided that it is
|
|
1554 |
+ * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
|
|
1555 |
+ * (Cryptoki)" in all material mentioning or referencing this software.
|
|
1556 |
+
|
|
1557 |
+ * License is also granted to make and use derivative works provided that
|
|
1558 |
+ * such works are identified as "derived from the RSA Security Inc. PKCS #11
|
|
1559 |
+ * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
|
|
1560 |
+ * referencing the derived work.
|
|
1561 |
+
|
|
1562 |
+ * RSA Security Inc. makes no representations concerning either the
|
|
1563 |
+ * merchantability of this software or the suitability of this software for
|
|
1564 |
+ * any particular purpose. It is provided "as is" without express or implied
|
|
1565 |
+ * warranty of any kind.
|
|
1566 |
+ */
|
|
1567 |
+
|
|
1568 |
+/* See top of pkcs11.h for information about the macros that
|
|
1569 |
+ * must be defined and the structure-packing conventions that
|
|
1570 |
+ * must be set before including this file. */
|
|
1571 |
+
|
|
1572 |
+#ifndef _PKCS11T_H_
|
|
1573 |
+#define _PKCS11T_H_ 1
|
|
1574 |
+
|
|
1575 |
+#define CRYPTOKI_VERSION_MAJOR 2
|
|
1576 |
+#define CRYPTOKI_VERSION_MINOR 20
|
|
1577 |
+#define CRYPTOKI_VERSION_AMENDMENT 3
|
|
1578 |
+
|
|
1579 |
+#define CK_TRUE 1
|
|
1580 |
+#define CK_FALSE 0
|
|
1581 |
+
|
|
1582 |
+#ifndef CK_DISABLE_TRUE_FALSE
|
|
1583 |
+#ifndef FALSE
|
|
1584 |
+#define FALSE CK_FALSE
|
|
1585 |
+#endif
|
|
1586 |
+
|
|
1587 |
+#ifndef TRUE
|
|
1588 |
+#define TRUE CK_TRUE
|
|
1589 |
+#endif
|
|
1590 |
+#endif
|
|
1591 |
+
|
|
1592 |
+/* an unsigned 8-bit value */
|
|
1593 |
+typedef unsigned char CK_BYTE;
|
|
1594 |
+
|
|
1595 |
+/* an unsigned 8-bit character */
|
|
1596 |
+typedef CK_BYTE CK_CHAR;
|
|
1597 |
+
|
|
1598 |
+/* an 8-bit UTF-8 character */
|
|
1599 |
+typedef CK_BYTE CK_UTF8CHAR;
|
|
1600 |
+
|
|
1601 |
+/* a BYTE-sized Boolean flag */
|
|
1602 |
+typedef CK_BYTE CK_BBOOL;
|
|
1603 |
+
|
|
1604 |
+/* an unsigned value, at least 32 bits long */
|
|
1605 |
+typedef unsigned long int CK_ULONG;
|
|
1606 |
+
|
|
1607 |
+/* a signed value, the same size as a CK_ULONG */
|
|
1608 |
+/* CK_LONG is new for v2.0 */
|
|
1609 |
+typedef long int CK_LONG;
|
|
1610 |
+
|
|
1611 |
+/* at least 32 bits; each bit is a Boolean flag */
|
|
1612 |
+typedef CK_ULONG CK_FLAGS;
|
|
1613 |
+
|
|
1614 |
+
|
|
1615 |
+/* some special values for certain CK_ULONG variables */
|
|
1616 |
+#define CK_UNAVAILABLE_INFORMATION (~0UL)
|
|
1617 |
+#define CK_EFFECTIVELY_INFINITE 0
|
|
1618 |
+
|
|
1619 |
+
|
|
1620 |
+typedef CK_BYTE CK_PTR CK_BYTE_PTR;
|
|
1621 |
+typedef CK_CHAR CK_PTR CK_CHAR_PTR;
|
|
1622 |
+typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
|
|
1623 |
+typedef CK_ULONG CK_PTR CK_ULONG_PTR;
|
|
1624 |
+typedef void CK_PTR CK_VOID_PTR;
|
|
1625 |
+
|
|
1626 |
+/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
|
|
1627 |
+typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
|
|
1628 |
+
|
|
1629 |
+
|
|
1630 |
+/* The following value is always invalid if used as a session */
|
|
1631 |
+/* handle or object handle */
|
|
1632 |
+#define CK_INVALID_HANDLE 0
|
|
1633 |
+
|
|
1634 |
+
|
|
1635 |
+typedef struct CK_VERSION {
|
|
1636 |
+ CK_BYTE major; /* integer portion of version number */
|
|
1637 |
+ CK_BYTE minor; /* 1/100ths portion of version number */
|
|
1638 |
+} CK_VERSION;
|
|
1639 |
+
|
|
1640 |
+typedef CK_VERSION CK_PTR CK_VERSION_PTR;
|
|
1641 |
+
|
|
1642 |
+
|
|
1643 |
+typedef struct CK_INFO {
|
|
1644 |
+ /* manufacturerID and libraryDecription have been changed from
|
|
1645 |
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
|
|
1646 |
+ CK_VERSION cryptokiVersion; /* Cryptoki interface ver */
|
|
1647 |
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
|
|
1648 |
+ CK_FLAGS flags; /* must be zero */
|
|
1649 |
+
|
|
1650 |
+ /* libraryDescription and libraryVersion are new for v2.0 */
|
|
1651 |
+ CK_UTF8CHAR libraryDescription[32]; /* blank padded */
|
|
1652 |
+ CK_VERSION libraryVersion; /* version of library */
|
|
1653 |
+} CK_INFO;
|
|
1654 |
+
|
|
1655 |
+typedef CK_INFO CK_PTR CK_INFO_PTR;
|
|
1656 |
+
|
|
1657 |
+
|
|
1658 |
+/* CK_NOTIFICATION enumerates the types of notifications that
|
|
1659 |
+ * Cryptoki provides to an application */
|
|
1660 |
+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
|
|
1661 |
+ * for v2.0 */
|
|
1662 |
+typedef CK_ULONG CK_NOTIFICATION;
|
|
1663 |
+#define CKN_SURRENDER 0
|
|
1664 |
+
|
|
1665 |
+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
|
|
1666 |
+#define CKN_OTP_CHANGED 1
|
|
1667 |
+
|
|
1668 |
+
|
|
1669 |
+typedef CK_ULONG CK_SLOT_ID;
|
|
1670 |
+
|
|
1671 |
+typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
|
|
1672 |
+
|
|
1673 |
+
|
|
1674 |
+/* CK_SLOT_INFO provides information about a slot */
|
|
1675 |
+typedef struct CK_SLOT_INFO {
|
|
1676 |
+ /* slotDescription and manufacturerID have been changed from
|
|
1677 |
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
|
|
1678 |
+ CK_UTF8CHAR slotDescription[64]; /* blank padded */
|
|
1679 |
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
|
|
1680 |
+ CK_FLAGS flags;
|
|
1681 |
+
|
|
1682 |
+ /* hardwareVersion and firmwareVersion are new for v2.0 */
|
|
1683 |
+ CK_VERSION hardwareVersion; /* version of hardware */
|
|
1684 |
+ CK_VERSION firmwareVersion; /* version of firmware */
|
|
1685 |
+} CK_SLOT_INFO;
|
|
1686 |
+
|
|
1687 |
+/* flags: bit flags that provide capabilities of the slot
|
|
1688 |
+ * Bit Flag Mask Meaning
|
|
1689 |
+ */
|
|
1690 |
+#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
|
|
1691 |
+#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
|
|
1692 |
+#define CKF_HW_SLOT 0x00000004 /* hardware slot */
|
|
1693 |
+
|
|
1694 |
+typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
|
|
1695 |
+
|
|
1696 |
+
|
|
1697 |
+/* CK_TOKEN_INFO provides information about a token */
|
|
1698 |
+typedef struct CK_TOKEN_INFO {
|
|
1699 |
+ /* label, manufacturerID, and model have been changed from
|
|
1700 |
+ * CK_CHAR to CK_UTF8CHAR for v2.10 */
|
|
1701 |
+ CK_UTF8CHAR label[32]; /* blank padded */
|
|
1702 |
+ CK_UTF8CHAR manufacturerID[32]; /* blank padded */
|
|
1703 |
+ CK_UTF8CHAR model[16]; /* blank padded */
|
|
1704 |
+ CK_CHAR serialNumber[16]; /* blank padded */
|
|
1705 |
+ CK_FLAGS flags; /* see below */
|
|
1706 |
+
|
|
1707 |
+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
|
|
1708 |
+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
|
|
1709 |
+ * changed from CK_USHORT to CK_ULONG for v2.0 */
|
|
1710 |
+ CK_ULONG ulMaxSessionCount; /* max open sessions */
|
|
1711 |
+ CK_ULONG ulSessionCount; /* sess. now open */
|
|
1712 |
+ CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
|
|
1713 |
+ CK_ULONG ulRwSessionCount; /* R/W sess. now open */
|
|
1714 |
+ CK_ULONG ulMaxPinLen; /* in bytes */
|
|
1715 |
+ CK_ULONG ulMinPinLen; /* in bytes */
|
|
1716 |
+ CK_ULONG ulTotalPublicMemory; /* in bytes */
|
|
1717 |
+ CK_ULONG ulFreePublicMemory; /* in bytes */
|
|
1718 |
+ CK_ULONG ulTotalPrivateMemory; /* in bytes */
|
|
1719 |
+ CK_ULONG ulFreePrivateMemory; /* in bytes */
|
|
1720 |
+
|
|
1721 |
+ /* hardwareVersion, firmwareVersion, and time are new for
|
|
1722 |
+ * v2.0 */
|
|
1723 |
+ CK_VERSION hardwareVersion; /* version of hardware */
|
|
1724 |
+ CK_VERSION firmwareVersion; /* version of firmware */
|
|
1725 |
+ CK_CHAR utcTime[16]; /* time */
|
|
1726 |
+} CK_TOKEN_INFO;
|
|
1727 |
+
|
|
1728 |
+/* The flags parameter is defined as follows:
|
|
1729 |
+ * Bit Flag Mask Meaning
|
|
1730 |
+ */
|
|
1731 |
+#define CKF_RNG 0x00000001 /* has random #
|
|
1732 |
+ * generator */
|
|
1733 |
+#define CKF_WRITE_PROTECTED 0x00000002 /* token is
|
|
1734 |
+ * write-
|
|
1735 |
+ * protected */
|
|
1736 |
+#define CKF_LOGIN_REQUIRED 0x00000004 /* user must
|
|
1737 |
+ * login */
|
|
1738 |
+#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's
|
|
1739 |
+ * PIN is set */
|
|
1740 |
+
|
|
1741 |
+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
|
|
1742 |
+ * that means that *every* time the state of cryptographic
|
|
1743 |
+ * operations of a session is successfully saved, all keys
|
|
1744 |
+ * needed to continue those operations are stored in the state */
|
|
1745 |
+#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
|
|
1746 |
+
|
|
1747 |
+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
|
|
1748 |
+ * that the token has some sort of clock. The time on that
|
|
1749 |
+ * clock is returned in the token info structure */
|
|
1750 |
+#define CKF_CLOCK_ON_TOKEN 0x00000040
|
|
1751 |
+
|
|
1752 |
+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
|
|
1753 |
+ * set, that means that there is some way for the user to login
|
|
1754 |
+ * without sending a PIN through the Cryptoki library itself */
|
|
1755 |
+#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
|
|
1756 |
+
|
|
1757 |
+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
|
|
1758 |
+ * that means that a single session with the token can perform
|
|
1759 |
+ * dual simultaneous cryptographic operations (digest and
|
|
1760 |
+ * encrypt; decrypt and digest; sign and encrypt; and decrypt
|
|
1761 |
+ * and sign) */
|
|
1762 |
+#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
|
|
1763 |
+
|
|
1764 |
+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
|
|
1765 |
+ * token has been initialized using C_InitializeToken or an
|
|
1766 |
+ * equivalent mechanism outside the scope of PKCS #11.
|
|
1767 |
+ * Calling C_InitializeToken when this flag is set will cause
|
|
1768 |
+ * the token to be reinitialized. */
|
|
1769 |
+#define CKF_TOKEN_INITIALIZED 0x00000400
|
|
1770 |
+
|
|
1771 |
+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
|
|
1772 |
+ * true, the token supports secondary authentication for
|
|
1773 |
+ * private key objects. This flag is deprecated in v2.11 and
|
|
1774 |
+ onwards. */
|
|
1775 |
+#define CKF_SECONDARY_AUTHENTICATION 0x00000800
|
|
1776 |
+
|
|
1777 |
+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
|
|
1778 |
+ * incorrect user login PIN has been entered at least once
|
|
1779 |
+ * since the last successful authentication. */
|
|
1780 |
+#define CKF_USER_PIN_COUNT_LOW 0x00010000
|
|
1781 |
+
|
|
1782 |
+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
|
|
1783 |
+ * supplying an incorrect user PIN will it to become locked. */
|
|
1784 |
+#define CKF_USER_PIN_FINAL_TRY 0x00020000
|
|
1785 |
+
|
|
1786 |
+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
|
|
1787 |
+ * user PIN has been locked. User login to the token is not
|
|
1788 |
+ * possible. */
|
|
1789 |
+#define CKF_USER_PIN_LOCKED 0x00040000
|
|
1790 |
+
|
|
1791 |
+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
|
|
1792 |
+ * the user PIN value is the default value set by token
|
|
1793 |
+ * initialization or manufacturing, or the PIN has been
|
|
1794 |
+ * expired by the card. */
|
|
1795 |
+#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
|
|
1796 |
+
|
|
1797 |
+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
|
|
1798 |
+ * incorrect SO login PIN has been entered at least once since
|
|
1799 |
+ * the last successful authentication. */
|
|
1800 |
+#define CKF_SO_PIN_COUNT_LOW 0x00100000
|
|
1801 |
+
|
|
1802 |
+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
|
|
1803 |
+ * supplying an incorrect SO PIN will it to become locked. */
|
|
1804 |
+#define CKF_SO_PIN_FINAL_TRY 0x00200000
|
|
1805 |
+
|
|
1806 |
+/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
|
|
1807 |
+ * PIN has been locked. SO login to the token is not possible.
|
|
1808 |
+ */
|
|
1809 |
+#define CKF_SO_PIN_LOCKED 0x00400000
|
|
1810 |
+
|
|
1811 |
+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
|
|
1812 |
+ * the SO PIN value is the default value set by token
|
|
1813 |
+ * initialization or manufacturing, or the PIN has been
|
|
1814 |
+ * expired by the card. */
|
|
1815 |
+#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
|
|
1816 |
+
|
|
1817 |
+typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
|
|
1818 |
+
|
|
1819 |
+
|
|
1820 |
+/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
|
|
1821 |
+ * identifies a session */
|
|
1822 |
+typedef CK_ULONG CK_SESSION_HANDLE;
|
|
1823 |
+
|
|
1824 |
+typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
|
|
1825 |
+
|
|
1826 |
+
|
|
1827 |
+/* CK_USER_TYPE enumerates the types of Cryptoki users */
|
|
1828 |
+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
|
|
1829 |
+ * v2.0 */
|
|
1830 |
+typedef CK_ULONG CK_USER_TYPE;
|
|
1831 |
+/* Security Officer */
|
|
1832 |
+#define CKU_SO 0
|
|
1833 |
+/* Normal user */
|
|
1834 |
+#define CKU_USER 1
|
|
1835 |
+/* Context specific (added in v2.20) */
|
|
1836 |
+#define CKU_CONTEXT_SPECIFIC 2
|
|
1837 |
+
|
|
1838 |
+/* CK_STATE enumerates the session states */
|
|
1839 |
+/* CK_STATE has been changed from an enum to a CK_ULONG for
|
|
1840 |
+ * v2.0 */
|
|
1841 |
+typedef CK_ULONG CK_STATE;
|
|
1842 |
+#define CKS_RO_PUBLIC_SESSION 0
|
|
1843 |
+#define CKS_RO_USER_FUNCTIONS 1
|
|
1844 |
+#define CKS_RW_PUBLIC_SESSION 2
|
|
1845 |
+#define CKS_RW_USER_FUNCTIONS 3
|
|
1846 |
+#define CKS_RW_SO_FUNCTIONS 4
|
|
1847 |
+
|
|
1848 |
+
|
|
1849 |
+/* CK_SESSION_INFO provides information about a session */
|
|
1850 |
+typedef struct CK_SESSION_INFO {
|
|
1851 |
+ CK_SLOT_ID slotID;
|
|
1852 |
+ CK_STATE state;
|
|
1853 |
+ CK_FLAGS flags; /* see below */
|
|
1854 |
+
|
|
1855 |
+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
|
|
1856 |
+ * v2.0 */
|
|
1857 |
+ CK_ULONG ulDeviceError; /* device-dependent error code */
|
|
1858 |
+} CK_SESSION_INFO;
|
|
1859 |
+
|
|
1860 |
+/* The flags are defined in the following table:
|
|
1861 |
+ * Bit Flag Mask Meaning
|
|
1862 |
+ */
|
|
1863 |
+#define CKF_RW_SESSION 0x00000002 /* session is r/w */
|
|
1864 |
+#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
|
|
1865 |
+
|
|
1866 |
+typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
|
|
1867 |
+
|
|
1868 |
+
|
|
1869 |
+/* CK_OBJECT_HANDLE is a token-specific identifier for an
|
|
1870 |
+ * object */
|
|
1871 |
+typedef CK_ULONG CK_OBJECT_HANDLE;
|
|
1872 |
+
|
|
1873 |
+typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
|
|
1874 |
+
|
|
1875 |
+
|
|
1876 |
+/* CK_OBJECT_CLASS is a value that identifies the classes (or
|
|
1877 |
+ * types) of objects that Cryptoki recognizes. It is defined
|
|
1878 |
+ * as follows: */
|
|
1879 |
+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
|
|
1880 |
+ * v2.0 */
|
|
1881 |
+typedef CK_ULONG CK_OBJECT_CLASS;
|
|
1882 |
+
|
|
1883 |
+/* The following classes of objects are defined: */
|
|
1884 |
+/* CKO_HW_FEATURE is new for v2.10 */
|
|
1885 |
+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
|
|
1886 |
+/* CKO_MECHANISM is new for v2.20 */
|
|
1887 |
+#define CKO_DATA 0x00000000
|
|
1888 |
+#define CKO_CERTIFICATE 0x00000001
|
|
1889 |
+#define CKO_PUBLIC_KEY 0x00000002
|
|
1890 |
+#define CKO_PRIVATE_KEY 0x00000003
|
|
1891 |
+#define CKO_SECRET_KEY 0x00000004
|
|
1892 |
+#define CKO_HW_FEATURE 0x00000005
|
|
1893 |
+#define CKO_DOMAIN_PARAMETERS 0x00000006
|
|
1894 |
+#define CKO_MECHANISM 0x00000007
|
|
1895 |
+
|
|
1896 |
+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
|
|
1897 |
+#define CKO_OTP_KEY 0x00000008
|
|
1898 |
+
|
|
1899 |
+#define CKO_VENDOR_DEFINED 0x80000000
|
|
1900 |
+
|
|
1901 |
+typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
|
|
1902 |
+
|
|
1903 |
+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
|
|
1904 |
+ * value that identifies the hardware feature type of an object
|
|
1905 |
+ * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
|
|
1906 |
+typedef CK_ULONG CK_HW_FEATURE_TYPE;
|
|
1907 |
+
|
|
1908 |
+/* The following hardware feature types are defined */
|
|
1909 |
+/* CKH_USER_INTERFACE is new for v2.20 */
|
|
1910 |
+#define CKH_MONOTONIC_COUNTER 0x00000001
|
|
1911 |
+#define CKH_CLOCK 0x00000002
|
|
1912 |
+#define CKH_USER_INTERFACE 0x00000003
|
|
1913 |
+#define CKH_VENDOR_DEFINED 0x80000000
|
|
1914 |
+
|
|
1915 |
+/* CK_KEY_TYPE is a value that identifies a key type */
|
|
1916 |
+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
|
|
1917 |
+typedef CK_ULONG CK_KEY_TYPE;
|
|
1918 |
+
|
|
1919 |
+/* the following key types are defined: */
|
|
1920 |
+#define CKK_RSA 0x00000000
|
|
1921 |
+#define CKK_DSA 0x00000001
|
|
1922 |
+#define CKK_DH 0x00000002
|
|
1923 |
+
|
|
1924 |
+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
|
|
1925 |
+/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
|
|
1926 |
+#define CKK_ECDSA 0x00000003
|
|
1927 |
+#define CKK_EC 0x00000003
|
|
1928 |
+#define CKK_X9_42_DH 0x00000004
|
|
1929 |
+#define CKK_KEA 0x00000005
|
|
1930 |
+
|
|
1931 |
+#define CKK_GENERIC_SECRET 0x00000010
|
|
1932 |
+#define CKK_RC2 0x00000011
|
|
1933 |
+#define CKK_RC4 0x00000012
|
|
1934 |
+#define CKK_DES 0x00000013
|
|
1935 |
+#define CKK_DES2 0x00000014
|
|
1936 |
+#define CKK_DES3 0x00000015
|
|
1937 |
+
|
|
1938 |
+/* all these key types are new for v2.0 */
|
|
1939 |
+#define CKK_CAST 0x00000016
|
|
1940 |
+#define CKK_CAST3 0x00000017
|
|
1941 |
+/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
|
|
1942 |
+#define CKK_CAST5 0x00000018
|
|
1943 |
+#define CKK_CAST128 0x00000018
|
|
1944 |
+#define CKK_RC5 0x00000019
|
|
1945 |
+#define CKK_IDEA 0x0000001A
|
|
1946 |
+#define CKK_SKIPJACK 0x0000001B
|
|
1947 |
+#define CKK_BATON 0x0000001C
|
|
1948 |
+#define CKK_JUNIPER 0x0000001D
|
|
1949 |
+#define CKK_CDMF 0x0000001E
|
|
1950 |
+#define CKK_AES 0x0000001F
|
|
1951 |
+
|
|
1952 |
+/* BlowFish and TwoFish are new for v2.20 */
|
|
1953 |
+#define CKK_BLOWFISH 0x00000020
|
|
1954 |
+#define CKK_TWOFISH 0x00000021
|
|
1955 |
+
|
|
1956 |
+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
|
|
1957 |
+#define CKK_SECURID 0x00000022
|
|
1958 |
+#define CKK_HOTP 0x00000023
|
|
1959 |
+#define CKK_ACTI 0x00000024
|
|
1960 |
+
|
|
1961 |
+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
|
|
1962 |
+#define CKK_CAMELLIA 0x00000025
|
|
1963 |
+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
|
|
1964 |
+#define CKK_ARIA 0x00000026
|
|
1965 |
+
|
|
1966 |
+
|
|
1967 |
+#define CKK_VENDOR_DEFINED 0x80000000
|
|
1968 |
+
|
|
1969 |
+
|
|
1970 |
+/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
|
|
1971 |
+ * type */
|
|
1972 |
+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
|
|
1973 |
+ * for v2.0 */
|
|
1974 |
+typedef CK_ULONG CK_CERTIFICATE_TYPE;
|
|
1975 |
+
|
|
1976 |
+/* The following certificate types are defined: */
|
|
1977 |
+/* CKC_X_509_ATTR_CERT is new for v2.10 */
|
|
1978 |
+/* CKC_WTLS is new for v2.20 */
|
|
1979 |
+#define CKC_X_509 0x00000000
|
|
1980 |
+#define CKC_X_509_ATTR_CERT 0x00000001
|
|
1981 |
+#define CKC_WTLS 0x00000002
|
|
1982 |
+#define CKC_VENDOR_DEFINED 0x80000000
|
|
1983 |
+
|
|
1984 |
+
|
|
1985 |
+/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
|
|
1986 |
+ * type */
|
|
1987 |
+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
|
|
1988 |
+ * v2.0 */
|
|
1989 |
+typedef CK_ULONG CK_ATTRIBUTE_TYPE;
|
|
1990 |
+
|
|
1991 |
+/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
|
|
1992 |
+ consists of an array of values. */
|
|
1993 |
+#define CKF_ARRAY_ATTRIBUTE 0x40000000
|
|
1994 |
+
|
|
1995 |
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
|
|
1996 |
+ and relates to the CKA_OTP_FORMAT attribute */
|
|
1997 |
+#define CK_OTP_FORMAT_DECIMAL 0
|
|
1998 |
+#define CK_OTP_FORMAT_HEXADECIMAL 1
|
|
1999 |
+#define CK_OTP_FORMAT_ALPHANUMERIC 2
|
|
2000 |
+#define CK_OTP_FORMAT_BINARY 3
|
|
2001 |
+
|
|
2002 |
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
|
|
2003 |
+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
|
|
2004 |
+#define CK_OTP_PARAM_IGNORED 0
|
|
2005 |
+#define CK_OTP_PARAM_OPTIONAL 1
|
|
2006 |
+#define CK_OTP_PARAM_MANDATORY 2
|
|
2007 |
+
|
|
2008 |
+/* The following attribute types are defined: */
|
|
2009 |
+#define CKA_CLASS 0x00000000
|
|
2010 |
+#define CKA_TOKEN 0x00000001
|
|
2011 |
+#define CKA_PRIVATE 0x00000002
|
|
2012 |
+#define CKA_LABEL 0x00000003
|
|
2013 |
+#define CKA_APPLICATION 0x00000010
|
|
2014 |
+#define CKA_VALUE 0x00000011
|
|
2015 |
+
|
|
2016 |
+/* CKA_OBJECT_ID is new for v2.10 */
|
|
2017 |
+#define CKA_OBJECT_ID 0x00000012
|
|
2018 |
+
|
|
2019 |
+#define CKA_CERTIFICATE_TYPE 0x00000080
|
|
2020 |
+#define CKA_ISSUER 0x00000081
|
|
2021 |
+#define CKA_SERIAL_NUMBER 0x00000082
|
|
2022 |
+
|
|
2023 |
+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
|
|
2024 |
+ * for v2.10 */
|
|
2025 |
+#define CKA_AC_ISSUER 0x00000083
|
|
2026 |
+#define CKA_OWNER 0x00000084
|
|
2027 |
+#define CKA_ATTR_TYPES 0x00000085
|
|
2028 |
+
|
|
2029 |
+/* CKA_TRUSTED is new for v2.11 */
|
|
2030 |
+#define CKA_TRUSTED 0x00000086
|
|
2031 |
+
|
|
2032 |
+/* CKA_CERTIFICATE_CATEGORY ...
|
|
2033 |
+ * CKA_CHECK_VALUE are new for v2.20 */
|
|
2034 |
+#define CKA_CERTIFICATE_CATEGORY 0x00000087
|
|
2035 |
+#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
|
|
2036 |
+#define CKA_URL 0x00000089
|
|
2037 |
+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
|
|
2038 |
+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
|
|
2039 |
+#define CKA_CHECK_VALUE 0x00000090
|
|
2040 |
+
|
|
2041 |
+#define CKA_KEY_TYPE 0x00000100
|
|
2042 |
+#define CKA_SUBJECT 0x00000101
|
|
2043 |
+#define CKA_ID 0x00000102
|
|
2044 |
+#define CKA_SENSITIVE 0x00000103
|
|
2045 |
+#define CKA_ENCRYPT 0x00000104
|
|
2046 |
+#define CKA_DECRYPT 0x00000105
|
|
2047 |
+#define CKA_WRAP 0x00000106
|
|
2048 |
+#define CKA_UNWRAP 0x00000107
|
|
2049 |
+#define CKA_SIGN 0x00000108
|
|
2050 |
+#define CKA_SIGN_RECOVER 0x00000109
|
|
2051 |
+#define CKA_VERIFY 0x0000010A
|
|
2052 |
+#define CKA_VERIFY_RECOVER 0x0000010B
|
|
2053 |
+#define CKA_DERIVE 0x0000010C
|
|
2054 |
+#define CKA_START_DATE 0x00000110
|
|
2055 |
+#define CKA_END_DATE 0x00000111
|
|
2056 |
+#define CKA_MODULUS 0x00000120
|
|
2057 |
+#define CKA_MODULUS_BITS 0x00000121
|
|
2058 |
+#define CKA_PUBLIC_EXPONENT 0x00000122
|
|
2059 |
+#define CKA_PRIVATE_EXPONENT 0x00000123
|
|
2060 |
+#define CKA_PRIME_1 0x00000124
|
|
2061 |
+#define CKA_PRIME_2 0x00000125
|
|
2062 |
+#define CKA_EXPONENT_1 0x00000126
|
|
2063 |
+#define CKA_EXPONENT_2 0x00000127
|
|
2064 |
+#define CKA_COEFFICIENT 0x00000128
|
|
2065 |
+#define CKA_PRIME 0x00000130
|
|
2066 |
+#define CKA_SUBPRIME 0x00000131
|
|
2067 |
+#define CKA_BASE 0x00000132
|
|
2068 |
+
|
|
2069 |
+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
|
|
2070 |
+#define CKA_PRIME_BITS 0x00000133
|
|
2071 |
+#define CKA_SUBPRIME_BITS 0x00000134
|
|
2072 |
+#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
|
|
2073 |
+/* (To retain backwards-compatibility) */
|
|
2074 |
+
|
|
2075 |
+#define CKA_VALUE_BITS 0x00000160
|
|
2076 |
+#define CKA_VALUE_LEN 0x00000161
|
|
2077 |
+
|
|
2078 |
+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
|
|
2079 |
+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
|
|
2080 |
+ * and CKA_EC_POINT are new for v2.0 */
|
|
2081 |
+#define CKA_EXTRACTABLE 0x00000162
|
|
2082 |
+#define CKA_LOCAL 0x00000163
|
|
2083 |
+#define CKA_NEVER_EXTRACTABLE 0x00000164
|
|
2084 |
+#define CKA_ALWAYS_SENSITIVE 0x00000165
|
|
2085 |
+
|
|
2086 |
+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
|
|
2087 |
+#define CKA_KEY_GEN_MECHANISM 0x00000166
|
|
2088 |
+
|
|
2089 |
+#define CKA_MODIFIABLE 0x00000170
|
|
2090 |
+
|
|
2091 |
+/* CKA_ECDSA_PARAMS is deprecated in v2.11,
|
|
2092 |
+ * CKA_EC_PARAMS is preferred. */
|
|
2093 |
+#define CKA_ECDSA_PARAMS 0x00000180
|
|
2094 |
+#define CKA_EC_PARAMS 0x00000180
|
|
2095 |
+
|
|
2096 |
+#define CKA_EC_POINT 0x00000181
|
|
2097 |
+
|
|
2098 |
+/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
|
|
2099 |
+ * are new for v2.10. Deprecated in v2.11 and onwards. */
|
|
2100 |
+#define CKA_SECONDARY_AUTH 0x00000200
|
|
2101 |
+#define CKA_AUTH_PIN_FLAGS 0x00000201
|
|
2102 |
+
|
|
2103 |
+/* CKA_ALWAYS_AUTHENTICATE ...
|
|
2104 |
+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
|
|
2105 |
+#define CKA_ALWAYS_AUTHENTICATE 0x00000202
|
|
2106 |
+
|
|
2107 |
+#define CKA_WRAP_WITH_TRUSTED 0x00000210
|
|
2108 |
+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211)
|
|
2109 |
+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212)
|
|
2110 |
+
|
|
2111 |
+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
|
|
2112 |
+#define CKA_OTP_FORMAT 0x00000220
|
|
2113 |
+#define CKA_OTP_LENGTH 0x00000221
|
|
2114 |
+#define CKA_OTP_TIME_INTERVAL 0x00000222
|
|
2115 |
+#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223
|
|
2116 |
+#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224
|
|
2117 |
+#define CKA_OTP_TIME_REQUIREMENT 0x00000225
|
|
2118 |
+#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226
|
|
2119 |
+#define CKA_OTP_PIN_REQUIREMENT 0x00000227
|
|
2120 |
+#define CKA_OTP_COUNTER 0x0000022E
|
|
2121 |
+#define CKA_OTP_TIME 0x0000022F
|
|
2122 |
+#define CKA_OTP_USER_IDENTIFIER 0x0000022A
|
|
2123 |
+#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B
|
|
2124 |
+#define CKA_OTP_SERVICE_LOGO 0x0000022C
|
|
2125 |
+#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D
|
|
2126 |
+
|
|
2127 |
+
|
|
2128 |
+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
|
|
2129 |
+ * are new for v2.10 */
|
|
2130 |
+#define CKA_HW_FEATURE_TYPE 0x00000300
|
|
2131 |
+#define CKA_RESET_ON_INIT 0x00000301
|
|
2132 |
+#define CKA_HAS_RESET 0x00000302
|
|
2133 |
+
|
|
2134 |
+/* The following attributes are new for v2.20 */
|
|
2135 |
+#define CKA_PIXEL_X 0x00000400
|
|
2136 |
+#define CKA_PIXEL_Y 0x00000401
|
|
2137 |
+#define CKA_RESOLUTION 0x00000402
|
|
2138 |
+#define CKA_CHAR_ROWS 0x00000403
|
|
2139 |
+#define CKA_CHAR_COLUMNS 0x00000404
|
|
2140 |
+#define CKA_COLOR 0x00000405
|
|
2141 |
+#define CKA_BITS_PER_PIXEL 0x00000406
|
|
2142 |
+#define CKA_CHAR_SETS 0x00000480
|
|
2143 |
+#define CKA_ENCODING_METHODS 0x00000481
|
|
2144 |
+#define CKA_MIME_TYPES 0x00000482
|
|
2145 |
+#define CKA_MECHANISM_TYPE 0x00000500
|
|
2146 |
+#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
|
|
2147 |
+#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
|
|
2148 |
+#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
|
|
2149 |
+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600)
|
|
2150 |
+
|
|
2151 |
+#define CKA_VENDOR_DEFINED 0x80000000
|
|
2152 |
+
|
|
2153 |
+/* CK_ATTRIBUTE is a structure that includes the type, length
|
|
2154 |
+ * and value of an attribute */
|
|
2155 |
+typedef struct CK_ATTRIBUTE {
|
|
2156 |
+ CK_ATTRIBUTE_TYPE type;
|
|
2157 |
+ CK_VOID_PTR pValue;
|
|
2158 |
+
|
|
2159 |
+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
|
|
2160 |
+ CK_ULONG ulValueLen; /* in bytes */
|
|
2161 |
+} CK_ATTRIBUTE;
|
|
2162 |
+
|
|
2163 |
+typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
|
|
2164 |
+
|
|
2165 |
+
|
|
2166 |
+/* CK_DATE is a structure that defines a date */
|
|
2167 |
+typedef struct CK_DATE{
|
|
2168 |
+ CK_CHAR year[4]; /* the year ("1900" - "9999") */
|
|
2169 |
+ CK_CHAR month[2]; /* the month ("01" - "12") */
|
|
2170 |
+ CK_CHAR day[2]; /* the day ("01" - "31") */
|
|
2171 |
+} CK_DATE;
|
|
2172 |
+
|
|
2173 |
+
|
|
2174 |
+/* CK_MECHANISM_TYPE is a value that identifies a mechanism
|
|
2175 |
+ * type */
|
|
2176 |
+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
|
|
2177 |
+ * v2.0 */
|
|
2178 |
+typedef CK_ULONG CK_MECHANISM_TYPE;
|
|
2179 |
+
|
|
2180 |
+/* the following mechanism types are defined: */
|
|
2181 |
+#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
|
|
2182 |
+#define CKM_RSA_PKCS 0x00000001
|
|
2183 |
+#define CKM_RSA_9796 0x00000002
|
|
2184 |
+#define CKM_RSA_X_509 0x00000003
|
|
2185 |
+
|
|
2186 |
+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
|
|
2187 |
+ * are new for v2.0. They are mechanisms which hash and sign */
|
|
2188 |
+#define CKM_MD2_RSA_PKCS 0x00000004
|
|
2189 |
+#define CKM_MD5_RSA_PKCS 0x00000005
|
|
2190 |
+#define CKM_SHA1_RSA_PKCS 0x00000006
|
|
2191 |
+
|
|
2192 |
+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
|
|
2193 |
+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
|
|
2194 |
+#define CKM_RIPEMD128_RSA_PKCS 0x00000007
|
|
2195 |
+#define CKM_RIPEMD160_RSA_PKCS 0x00000008
|
|
2196 |
+#define CKM_RSA_PKCS_OAEP 0x00000009
|
|
2197 |
+
|
|
2198 |
+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
|
|
2199 |
+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
|
|
2200 |
+#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
|
|
2201 |
+#define CKM_RSA_X9_31 0x0000000B
|
|
2202 |
+#define CKM_SHA1_RSA_X9_31 0x0000000C
|
|
2203 |
+#define CKM_RSA_PKCS_PSS 0x0000000D
|
|
2204 |
+#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
|
|
2205 |
+
|
|
2206 |
+#define CKM_DSA_KEY_PAIR_GEN 0x00000010
|
|
2207 |
+#define CKM_DSA 0x00000011
|
|
2208 |
+#define CKM_DSA_SHA1 0x00000012
|
|
2209 |
+#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
|
|
2210 |
+#define CKM_DH_PKCS_DERIVE 0x00000021
|
|
2211 |
+
|
|
2212 |
+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
|
|
2213 |
+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
|
|
2214 |
+ * v2.11 */
|
|
2215 |
+#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
|
|
2216 |
+#define CKM_X9_42_DH_DERIVE 0x00000031
|
|
2217 |
+#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
|
|
2218 |
+#define CKM_X9_42_MQV_DERIVE 0x00000033
|
|
2219 |
+
|
|
2220 |
+/* CKM_SHA256/384/512 are new for v2.20 */
|
|
2221 |
+#define CKM_SHA256_RSA_PKCS 0x00000040
|
|
2222 |
+#define CKM_SHA384_RSA_PKCS 0x00000041
|
|
2223 |
+#define CKM_SHA512_RSA_PKCS 0x00000042
|
|
2224 |
+#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
|
|
2225 |
+#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
|
|
2226 |
+#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
|
|
2227 |
+
|
|
2228 |
+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
|
|
2229 |
+#define CKM_SHA224_RSA_PKCS 0x00000046
|
|
2230 |
+#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
|
|
2231 |
+
|
|
2232 |
+#define CKM_RC2_KEY_GEN 0x00000100
|
|
2233 |
+#define CKM_RC2_ECB 0x00000101
|
|
2234 |
+#define CKM_RC2_CBC 0x00000102
|
|
2235 |
+#define CKM_RC2_MAC 0x00000103
|
|
2236 |
+
|
|
2237 |
+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
|
|
2238 |
+#define CKM_RC2_MAC_GENERAL 0x00000104
|
|
2239 |
+#define CKM_RC2_CBC_PAD 0x00000105
|
|
2240 |
+
|
|
2241 |
+#define CKM_RC4_KEY_GEN 0x00000110
|
|
2242 |
+#define CKM_RC4 0x00000111
|
|
2243 |
+#define CKM_DES_KEY_GEN 0x00000120
|
|
2244 |
+#define CKM_DES_ECB 0x00000121
|
|
2245 |
+#define CKM_DES_CBC 0x00000122
|
|
2246 |
+#define CKM_DES_MAC 0x00000123
|
|
2247 |
+
|
|
2248 |
+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
|
|
2249 |
+#define CKM_DES_MAC_GENERAL 0x00000124
|
|
2250 |
+#define CKM_DES_CBC_PAD 0x00000125
|
|
2251 |
+
|
|
2252 |
+#define CKM_DES2_KEY_GEN 0x00000130
|
|
2253 |
+#define CKM_DES3_KEY_GEN 0x00000131
|
|
2254 |
+#define CKM_DES3_ECB 0x00000132
|
|
2255 |
+#define CKM_DES3_CBC 0x00000133
|
|
2256 |
+#define CKM_DES3_MAC 0x00000134
|
|
2257 |
+
|
|
2258 |
+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
|
|
2259 |
+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
|
|
2260 |
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
|
|
2261 |
+#define CKM_DES3_MAC_GENERAL 0x00000135
|
|
2262 |
+#define CKM_DES3_CBC_PAD 0x00000136
|
|
2263 |
+#define CKM_CDMF_KEY_GEN 0x00000140
|
|
2264 |
+#define CKM_CDMF_ECB 0x00000141
|
|
2265 |
+#define CKM_CDMF_CBC 0x00000142
|
|
2266 |
+#define CKM_CDMF_MAC 0x00000143
|
|
2267 |
+#define CKM_CDMF_MAC_GENERAL 0x00000144
|
|
2268 |
+#define CKM_CDMF_CBC_PAD 0x00000145
|
|
2269 |
+
|
|
2270 |
+/* the following four DES mechanisms are new for v2.20 */
|
|
2271 |
+#define CKM_DES_OFB64 0x00000150
|
|
2272 |
+#define CKM_DES_OFB8 0x00000151
|
|
2273 |
+#define CKM_DES_CFB64 0x00000152
|
|
2274 |
+#define CKM_DES_CFB8 0x00000153
|
|
2275 |
+
|
|
2276 |
+#define CKM_MD2 0x00000200
|
|
2277 |
+
|
|
2278 |
+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
|
|
2279 |
+#define CKM_MD2_HMAC 0x00000201
|
|
2280 |
+#define CKM_MD2_HMAC_GENERAL 0x00000202
|
|
2281 |
+
|
|
2282 |
+#define CKM_MD5 0x00000210
|
|
2283 |
+
|
|
2284 |
+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
|
|
2285 |
+#define CKM_MD5_HMAC 0x00000211
|
|
2286 |
+#define CKM_MD5_HMAC_GENERAL 0x00000212
|
|
2287 |
+
|
|
2288 |
+#define CKM_SHA_1 0x00000220
|
|
2289 |
+
|
|
2290 |
+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
|
|
2291 |
+#define CKM_SHA_1_HMAC 0x00000221
|
|
2292 |
+#define CKM_SHA_1_HMAC_GENERAL 0x00000222
|
|
2293 |
+
|
|
2294 |
+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
|
|
2295 |
+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
|
|
2296 |
+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
|
|
2297 |
+#define CKM_RIPEMD128 0x00000230
|
|
2298 |
+#define CKM_RIPEMD128_HMAC 0x00000231
|
|
2299 |
+#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
|
|
2300 |
+#define CKM_RIPEMD160 0x00000240
|
|
2301 |
+#define CKM_RIPEMD160_HMAC 0x00000241
|
|
2302 |
+#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
|
|
2303 |
+
|
|
2304 |
+/* CKM_SHA256/384/512 are new for v2.20 */
|
|
2305 |
+#define CKM_SHA256 0x00000250
|
|
2306 |
+#define CKM_SHA256_HMAC 0x00000251
|
|
2307 |
+#define CKM_SHA256_HMAC_GENERAL 0x00000252
|
|
2308 |
+
|
|
2309 |
+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
|
|
2310 |
+#define CKM_SHA224 0x00000255
|
|
2311 |
+#define CKM_SHA224_HMAC 0x00000256
|
|
2312 |
+#define CKM_SHA224_HMAC_GENERAL 0x00000257
|
|
2313 |
+
|
|
2314 |
+#define CKM_SHA384 0x00000260
|
|
2315 |
+#define CKM_SHA384_HMAC 0x00000261
|
|
2316 |
+#define CKM_SHA384_HMAC_GENERAL 0x00000262
|
|
2317 |
+#define CKM_SHA512 0x00000270
|
|
2318 |
+#define CKM_SHA512_HMAC 0x00000271
|
|
2319 |
+#define CKM_SHA512_HMAC_GENERAL 0x00000272
|
|
2320 |
+
|
|
2321 |
+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
|
|
2322 |
+#define CKM_SECURID_KEY_GEN 0x00000280
|
|
2323 |
+#define CKM_SECURID 0x00000282
|
|
2324 |
+
|
|
2325 |
+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
|
|
2326 |
+#define CKM_HOTP_KEY_GEN 0x00000290
|
|
2327 |
+#define CKM_HOTP 0x00000291
|
|
2328 |
+
|
|
2329 |
+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
|
|
2330 |
+#define CKM_ACTI 0x000002A0
|
|
2331 |
+#define CKM_ACTI_KEY_GEN 0x000002A1
|
|
2332 |
+
|
|
2333 |
+/* All of the following mechanisms are new for v2.0 */
|
|
2334 |
+/* Note that CAST128 and CAST5 are the same algorithm */
|
|
2335 |
+#define CKM_CAST_KEY_GEN 0x00000300
|
|
2336 |
+#define CKM_CAST_ECB 0x00000301
|
|
2337 |
+#define CKM_CAST_CBC 0x00000302
|
|
2338 |
+#define CKM_CAST_MAC 0x00000303
|
|
2339 |
+#define CKM_CAST_MAC_GENERAL 0x00000304
|
|
2340 |
+#define CKM_CAST_CBC_PAD 0x00000305
|
|
2341 |
+#define CKM_CAST3_KEY_GEN 0x00000310
|
|
2342 |
+#define CKM_CAST3_ECB 0x00000311
|
|
2343 |
+#define CKM_CAST3_CBC 0x00000312
|
|
2344 |
+#define CKM_CAST3_MAC 0x00000313
|
|
2345 |
+#define CKM_CAST3_MAC_GENERAL 0x00000314
|
|
2346 |
+#define CKM_CAST3_CBC_PAD 0x00000315
|
|
2347 |
+#define CKM_CAST5_KEY_GEN 0x00000320
|
|
2348 |
+#define CKM_CAST128_KEY_GEN 0x00000320
|
|
2349 |
+#define CKM_CAST5_ECB 0x00000321
|
|
2350 |
+#define CKM_CAST128_ECB 0x00000321
|
|
2351 |
+#define CKM_CAST5_CBC 0x00000322
|
|
2352 |
+#define CKM_CAST128_CBC 0x00000322
|
|
2353 |
+#define CKM_CAST5_MAC 0x00000323
|
|
2354 |
+#define CKM_CAST128_MAC 0x00000323
|
|
2355 |
+#define CKM_CAST5_MAC_GENERAL 0x00000324
|
|
2356 |
+#define CKM_CAST128_MAC_GENERAL 0x00000324
|
|
2357 |
+#define CKM_CAST5_CBC_PAD 0x00000325
|
|
2358 |
+#define CKM_CAST128_CBC_PAD 0x00000325
|
|
2359 |
+#define CKM_RC5_KEY_GEN 0x00000330
|
|
2360 |
+#define CKM_RC5_ECB 0x00000331
|
|
2361 |
+#define CKM_RC5_CBC 0x00000332
|
|
2362 |
+#define CKM_RC5_MAC 0x00000333
|
|
2363 |
+#define CKM_RC5_MAC_GENERAL 0x00000334
|
|
2364 |
+#define CKM_RC5_CBC_PAD 0x00000335
|
|
2365 |
+#define CKM_IDEA_KEY_GEN 0x00000340
|
|
2366 |
+#define CKM_IDEA_ECB 0x00000341
|
|
2367 |
+#define CKM_IDEA_CBC 0x00000342
|
|
2368 |
+#define CKM_IDEA_MAC 0x00000343
|
|
2369 |
+#define CKM_IDEA_MAC_GENERAL 0x00000344
|
|
2370 |
+#define CKM_IDEA_CBC_PAD 0x00000345
|
|
2371 |
+#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
|
|
2372 |
+#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
|
|
2373 |
+#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
|
|
2374 |
+#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
|
|
2375 |
+#define CKM_XOR_BASE_AND_DATA 0x00000364
|
|
2376 |
+#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
|
|
2377 |
+#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
|
|
2378 |
+#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
|
|
2379 |
+#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
|
|
2380 |
+
|
|
2381 |
+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
|
|
2382 |
+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
|
|
2383 |
+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
|
|
2384 |
+#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
|
|
2385 |
+#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
|
|
2386 |
+#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
|
|
2387 |
+#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
|
|
2388 |
+#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
|
|
2389 |
+
|
|
2390 |
+/* CKM_TLS_PRF is new for v2.20 */
|
|
2391 |
+#define CKM_TLS_PRF 0x00000378
|
|
2392 |
+
|
|
2393 |
+#define CKM_SSL3_MD5_MAC 0x00000380
|
|
2394 |
+#define CKM_SSL3_SHA1_MAC 0x00000381
|
|
2395 |
+#define CKM_MD5_KEY_DERIVATION 0x00000390
|
|
2396 |
+#define CKM_MD2_KEY_DERIVATION 0x00000391
|
|
2397 |
+#define CKM_SHA1_KEY_DERIVATION 0x00000392
|
|
2398 |
+
|
|
2399 |
+/* CKM_SHA256/384/512 are new for v2.20 */
|
|
2400 |
+#define CKM_SHA256_KEY_DERIVATION 0x00000393
|
|
2401 |
+#define CKM_SHA384_KEY_DERIVATION 0x00000394
|
|
2402 |
+#define CKM_SHA512_KEY_DERIVATION 0x00000395
|
|
2403 |
+
|
|
2404 |
+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
|
|
2405 |
+#define CKM_SHA224_KEY_DERIVATION 0x00000396
|
|
2406 |
+
|
|
2407 |
+#define CKM_PBE_MD2_DES_CBC 0x000003A0
|
|
2408 |
+#define CKM_PBE_MD5_DES_CBC 0x000003A1
|
|
2409 |
+#define CKM_PBE_MD5_CAST_CBC 0x000003A2
|
|
2410 |
+#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
|
|
2411 |
+#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
|
|
2412 |
+#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
|
|
2413 |
+#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
|
|
2414 |
+#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
|
|
2415 |
+#define CKM_PBE_SHA1_RC4_128 0x000003A6
|
|
2416 |
+#define CKM_PBE_SHA1_RC4_40 0x000003A7
|
|
2417 |
+#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
|
|
2418 |
+#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
|
|
2419 |
+#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
|
|
2420 |
+#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
|
|
2421 |
+
|
|
2422 |
+/* CKM_PKCS5_PBKD2 is new for v2.10 */
|
|
2423 |
+#define CKM_PKCS5_PBKD2 0x000003B0
|
|
2424 |
+
|
|
2425 |
+#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
|
|
2426 |
+
|
|
2427 |
+/* WTLS mechanisms are new for v2.20 */
|
|
2428 |
+#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
|
|
2429 |
+#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
|
|
2430 |
+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
|
|
2431 |
+#define CKM_WTLS_PRF 0x000003D3
|
|
2432 |
+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
|
|
2433 |
+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
|
|
2434 |
+
|
|
2435 |
+#define CKM_KEY_WRAP_LYNKS 0x00000400
|
|
2436 |
+#define CKM_KEY_WRAP_SET_OAEP 0x00000401
|
|
2437 |
+
|
|
2438 |
+/* CKM_CMS_SIG is new for v2.20 */
|
|
2439 |
+#define CKM_CMS_SIG 0x00000500
|
|
2440 |
+
|
|
2441 |
+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
|
|
2442 |
+#define CKM_KIP_DERIVE 0x00000510
|
|
2443 |
+#define CKM_KIP_WRAP 0x00000511
|
|
2444 |
+#define CKM_KIP_MAC 0x00000512
|
|
2445 |
+
|
|
2446 |
+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
|
|
2447 |
+#define CKM_CAMELLIA_KEY_GEN 0x00000550
|
|
2448 |
+#define CKM_CAMELLIA_ECB 0x00000551
|
|
2449 |
+#define CKM_CAMELLIA_CBC 0x00000552
|
|
2450 |
+#define CKM_CAMELLIA_MAC 0x00000553
|
|
2451 |
+#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
|
|
2452 |
+#define CKM_CAMELLIA_CBC_PAD 0x00000555
|
|
2453 |
+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
|
|
2454 |
+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
|
|
2455 |
+#define CKM_CAMELLIA_CTR 0x00000558
|
|
2456 |
+
|
|
2457 |
+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
|
|
2458 |
+#define CKM_ARIA_KEY_GEN 0x00000560
|
|
2459 |
+#define CKM_ARIA_ECB 0x00000561
|
|
2460 |
+#define CKM_ARIA_CBC 0x00000562
|
|
2461 |
+#define CKM_ARIA_MAC 0x00000563
|
|
2462 |
+#define CKM_ARIA_MAC_GENERAL 0x00000564
|
|
2463 |
+#define CKM_ARIA_CBC_PAD 0x00000565
|
|
2464 |
+#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566
|
|
2465 |
+#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567
|
|
2466 |
+
|
|
2467 |
+/* Fortezza mechanisms */
|
|
2468 |
+#define CKM_SKIPJACK_KEY_GEN 0x00001000
|
|
2469 |
+#define CKM_SKIPJACK_ECB64 0x00001001
|
|
2470 |
+#define CKM_SKIPJACK_CBC64 0x00001002
|
|
2471 |
+#define CKM_SKIPJACK_OFB64 0x00001003
|
|
2472 |
+#define CKM_SKIPJACK_CFB64 0x00001004
|
|
2473 |
+#define CKM_SKIPJACK_CFB32 0x00001005
|
|
2474 |
+#define CKM_SKIPJACK_CFB16 0x00001006
|
|
2475 |
+#define CKM_SKIPJACK_CFB8 0x00001007
|
|
2476 |
+#define CKM_SKIPJACK_WRAP 0x00001008
|
|
2477 |
+#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
|
|
2478 |
+#define CKM_SKIPJACK_RELAYX 0x0000100a
|
|
2479 |
+#define CKM_KEA_KEY_PAIR_GEN 0x00001010
|
|
2480 |
+#define CKM_KEA_KEY_DERIVE 0x00001011
|
|
2481 |
+#define CKM_FORTEZZA_TIMESTAMP 0x00001020
|
|
2482 |
+#define CKM_BATON_KEY_GEN 0x00001030
|
|
2483 |
+#define CKM_BATON_ECB128 0x00001031
|
|
2484 |
+#define CKM_BATON_ECB96 0x00001032
|
|
2485 |
+#define CKM_BATON_CBC128 0x00001033
|
|
2486 |
+#define CKM_BATON_COUNTER 0x00001034
|
|
2487 |
+#define CKM_BATON_SHUFFLE 0x00001035
|
|
2488 |
+#define CKM_BATON_WRAP 0x00001036
|
|
2489 |
+
|
|
2490 |
+/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
|
|
2491 |
+ * CKM_EC_KEY_PAIR_GEN is preferred */
|
|
2492 |
+#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
|
|
2493 |
+#define CKM_EC_KEY_PAIR_GEN 0x00001040
|
|
2494 |
+
|
|
2495 |
+#define CKM_ECDSA 0x00001041
|
|
2496 |
+#define CKM_ECDSA_SHA1 0x00001042
|
|
2497 |
+
|
|
2498 |
+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
|
|
2499 |
+ * are new for v2.11 */
|
|
2500 |
+#define CKM_ECDH1_DERIVE 0x00001050
|
|
2501 |
+#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
|
|
2502 |
+#define CKM_ECMQV_DERIVE 0x00001052
|
|
2503 |
+
|
|
2504 |
+#define CKM_JUNIPER_KEY_GEN 0x00001060
|
|
2505 |
+#define CKM_JUNIPER_ECB128 0x00001061
|
|
2506 |
+#define CKM_JUNIPER_CBC128 0x00001062
|
|
2507 |
+#define CKM_JUNIPER_COUNTER 0x00001063
|
|
2508 |
+#define CKM_JUNIPER_SHUFFLE 0x00001064
|
|
2509 |
+#define CKM_JUNIPER_WRAP 0x00001065
|
|
2510 |
+#define CKM_FASTHASH 0x00001070
|
|
2511 |
+
|
|
2512 |
+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
|
|
2513 |
+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
|
|
2514 |
+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
|
|
2515 |
+ * new for v2.11 */
|
|
2516 |
+#define CKM_AES_KEY_GEN 0x00001080
|
|
2517 |
+#define CKM_AES_ECB 0x00001081
|
|
2518 |
+#define CKM_AES_CBC 0x00001082
|
|
2519 |
+#define CKM_AES_MAC 0x00001083
|
|
2520 |
+#define CKM_AES_MAC_GENERAL 0x00001084
|
|
2521 |
+#define CKM_AES_CBC_PAD 0x00001085
|
|
2522 |
+
|
|
2523 |
+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
|
|
2524 |
+#define CKM_AES_CTR 0x00001086
|
|
2525 |
+
|
|
2526 |
+/* BlowFish and TwoFish are new for v2.20 */
|
|
2527 |
+#define CKM_BLOWFISH_KEY_GEN 0x00001090
|
|
2528 |
+#define CKM_BLOWFISH_CBC 0x00001091
|
|
2529 |
+#define CKM_TWOFISH_KEY_GEN 0x00001092
|
|
2530 |
+#define CKM_TWOFISH_CBC 0x00001093
|
|
2531 |
+
|
|
2532 |
+
|
|
2533 |
+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
|
|
2534 |
+#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
|
|
2535 |
+#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
|
|
2536 |
+#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
|
|
2537 |
+#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
|
|
2538 |
+#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
|
|
2539 |
+#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
|
|
2540 |
+
|
|
2541 |
+#define CKM_DSA_PARAMETER_GEN 0x00002000
|
|
2542 |
+#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
|
|
2543 |
+#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
|
|
2544 |
+
|
|
2545 |
+#define CKM_VENDOR_DEFINED 0x80000000
|
|
2546 |
+
|
|
2547 |
+typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
|
|
2548 |
+
|
|
2549 |
+
|
|
2550 |
+/* CK_MECHANISM is a structure that specifies a particular
|
|
2551 |
+ * mechanism */
|
|
2552 |
+typedef struct CK_MECHANISM {
|
|
2553 |
+ CK_MECHANISM_TYPE mechanism;
|
|
2554 |
+ CK_VOID_PTR pParameter;
|
|
2555 |
+
|
|
2556 |
+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
|
|
2557 |
+ * v2.0 */
|
|
2558 |
+ CK_ULONG ulParameterLen; /* in bytes */
|
|
2559 |
+} CK_MECHANISM;
|
|
2560 |
+
|
|
2561 |
+typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
|
|
2562 |
+
|
|
2563 |
+
|
|
2564 |
+/* CK_MECHANISM_INFO provides information about a particular
|
|
2565 |
+ * mechanism */
|
|
2566 |
+typedef struct CK_MECHANISM_INFO {
|
|
2567 |
+ CK_ULONG ulMinKeySize;
|
|
2568 |
+ CK_ULONG ulMaxKeySize;
|
|
2569 |
+ CK_FLAGS flags;
|
|
2570 |
+} CK_MECHANISM_INFO;
|
|
2571 |
+
|
|
2572 |
+/* The flags are defined as follows:
|
|
2573 |
+ * Bit Flag Mask Meaning */
|
|
2574 |
+#define CKF_HW 0x00000001 /* performed by HW */
|
|
2575 |
+
|
|
2576 |
+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
|
|
2577 |
+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
|
|
2578 |
+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
|
|
2579 |
+ * and CKF_DERIVE are new for v2.0. They specify whether or not
|
|
2580 |
+ * a mechanism can be used for a particular task */
|
|
2581 |
+#define CKF_ENCRYPT 0x00000100
|
|
2582 |
+#define CKF_DECRYPT 0x00000200
|
|
2583 |
+#define CKF_DIGEST 0x00000400
|
|
2584 |
+#define CKF_SIGN 0x00000800
|
|
2585 |
+#define CKF_SIGN_RECOVER 0x00001000
|
|
2586 |
+#define CKF_VERIFY 0x00002000
|
|
2587 |
+#define CKF_VERIFY_RECOVER 0x00004000
|
|
2588 |
+#define CKF_GENERATE 0x00008000
|
|
2589 |
+#define CKF_GENERATE_KEY_PAIR 0x00010000
|
|
2590 |
+#define CKF_WRAP 0x00020000
|
|
2591 |
+#define CKF_UNWRAP 0x00040000
|
|
2592 |
+#define CKF_DERIVE 0x00080000
|
|
2593 |
+
|
|
2594 |
+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
|
|
2595 |
+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
|
|
2596 |
+ * describe a token's EC capabilities not available in mechanism
|
|
2597 |
+ * information. */
|
|
2598 |
+#define CKF_EC_F_P 0x00100000
|
|
2599 |
+#define CKF_EC_F_2M 0x00200000
|
|
2600 |
+#define CKF_EC_ECPARAMETERS 0x00400000
|
|
2601 |
+#define CKF_EC_NAMEDCURVE 0x00800000
|
|
2602 |
+#define CKF_EC_UNCOMPRESS 0x01000000
|
|
2603 |
+#define CKF_EC_COMPRESS 0x02000000
|
|
2604 |
+
|
|
2605 |
+#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
|
|
2606 |
+
|
|
2607 |
+typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
|
|
2608 |
+
|
|
2609 |
+
|
|
2610 |
+/* CK_RV is a value that identifies the return value of a
|
|
2611 |
+ * Cryptoki function */
|
|
2612 |
+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
|
|
2613 |
+typedef CK_ULONG CK_RV;
|
|
2614 |
+
|
|
2615 |
+#define CKR_OK 0x00000000
|
|
2616 |
+#define CKR_CANCEL 0x00000001
|
|
2617 |
+#define CKR_HOST_MEMORY 0x00000002
|
|
2618 |
+#define CKR_SLOT_ID_INVALID 0x00000003
|
|
2619 |
+
|
|
2620 |
+/* CKR_FLAGS_INVALID was removed for v2.0 */
|
|
2621 |
+
|
|
2622 |
+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
|
|
2623 |
+#define CKR_GENERAL_ERROR 0x00000005
|
|
2624 |
+#define CKR_FUNCTION_FAILED 0x00000006
|
|
2625 |
+
|
|
2626 |
+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
|
|
2627 |
+ * and CKR_CANT_LOCK are new for v2.01 */
|
|
2628 |
+#define CKR_ARGUMENTS_BAD 0x00000007
|
|
2629 |
+#define CKR_NO_EVENT 0x00000008
|
|
2630 |
+#define CKR_NEED_TO_CREATE_THREADS 0x00000009
|
|
2631 |
+#define CKR_CANT_LOCK 0x0000000A
|
|
2632 |
+
|
|
2633 |
+#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
|
|
2634 |
+#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
|
|
2635 |
+#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
|
|
2636 |
+#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
|
|
2637 |
+#define CKR_DATA_INVALID 0x00000020
|
|
2638 |
+#define CKR_DATA_LEN_RANGE 0x00000021
|
|
2639 |
+#define CKR_DEVICE_ERROR 0x00000030
|
|
2640 |
+#define CKR_DEVICE_MEMORY 0x00000031
|
|
2641 |
+#define CKR_DEVICE_REMOVED 0x00000032
|
|
2642 |
+#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
|
|
2643 |
+#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
|
|
2644 |
+#define CKR_FUNCTION_CANCELED 0x00000050
|
|
2645 |
+#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
|
|
2646 |
+
|
|
2647 |
+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
|
|
2648 |
+#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
|
|
2649 |
+
|
|
2650 |
+#define CKR_KEY_HANDLE_INVALID 0x00000060
|
|
2651 |
+
|
|
2652 |
+/* CKR_KEY_SENSITIVE was removed for v2.0 */
|
|
2653 |
+
|
|
2654 |
+#define CKR_KEY_SIZE_RANGE 0x00000062
|
|
2655 |
+#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
|
|
2656 |
+
|
|
2657 |
+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
|
|
2658 |
+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
|
|
2659 |
+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
|
|
2660 |
+ * v2.0 */
|
|
2661 |
+#define CKR_KEY_NOT_NEEDED 0x00000064
|
|
2662 |
+#define CKR_KEY_CHANGED 0x00000065
|
|
2663 |
+#define CKR_KEY_NEEDED 0x00000066
|
|
2664 |
+#define CKR_KEY_INDIGESTIBLE 0x00000067
|
|
2665 |
+#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
|
|
2666 |
+#define CKR_KEY_NOT_WRAPPABLE 0x00000069
|
|
2667 |
+#define CKR_KEY_UNEXTRACTABLE 0x0000006A
|
|
2668 |
+
|
|
2669 |
+#define CKR_MECHANISM_INVALID 0x00000070
|
|
2670 |
+#define CKR_MECHANISM_PARAM_INVALID 0x00000071
|
|
2671 |
+
|
|
2672 |
+/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
|
|
2673 |
+ * were removed for v2.0 */
|
|
2674 |
+#define CKR_OBJECT_HANDLE_INVALID 0x00000082
|
|
2675 |
+#define CKR_OPERATION_ACTIVE 0x00000090
|
|
2676 |
+#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
|
|
2677 |
+#define CKR_PIN_INCORRECT 0x000000A0
|
|
2678 |
+#define CKR_PIN_INVALID 0x000000A1
|
|
2679 |
+#define CKR_PIN_LEN_RANGE 0x000000A2
|
|
2680 |
+
|
|
2681 |
+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
|
|
2682 |
+#define CKR_PIN_EXPIRED 0x000000A3
|
|
2683 |
+#define CKR_PIN_LOCKED 0x000000A4
|
|
2684 |
+
|
|
2685 |
+#define CKR_SESSION_CLOSED 0x000000B0
|
|
2686 |
+#define CKR_SESSION_COUNT 0x000000B1
|
|
2687 |
+#define CKR_SESSION_HANDLE_INVALID 0x000000B3
|
|
2688 |
+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
|
|
2689 |
+#define CKR_SESSION_READ_ONLY 0x000000B5
|
|
2690 |
+#define CKR_SESSION_EXISTS 0x000000B6
|
|
2691 |
+
|
|
2692 |
+/* CKR_SESSION_READ_ONLY_EXISTS and
|
|
2693 |
+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
|
|
2694 |
+#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
|
|
2695 |
+#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
|
|
2696 |
+
|
|
2697 |
+#define CKR_SIGNATURE_INVALID 0x000000C0
|
|
2698 |
+#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
|
|
2699 |
+#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
|
|
2700 |
+#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
|
|
2701 |
+#define CKR_TOKEN_NOT_PRESENT 0x000000E0
|
|
2702 |
+#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
|
|
2703 |
+#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
|
|
2704 |
+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
|
|
2705 |
+#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
|
|
2706 |
+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
|
|
2707 |
+#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
|
|
2708 |
+#define CKR_USER_NOT_LOGGED_IN 0x00000101
|
|
2709 |
+#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
|
|
2710 |
+#define CKR_USER_TYPE_INVALID 0x00000103
|
|
2711 |
+
|
|
2712 |
+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
|
|
2713 |
+ * are new to v2.01 */
|
|
2714 |
+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
|
|
2715 |
+#define CKR_USER_TOO_MANY_TYPES 0x00000105
|
|
2716 |
+
|
|
2717 |
+#define CKR_WRAPPED_KEY_INVALID 0x00000110
|
|
2718 |
+#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
|
|
2719 |
+#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
|
|
2720 |
+#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
|
|
2721 |
+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
|
|
2722 |
+#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
|
|
2723 |
+
|
|
2724 |
+/* These are new to v2.0 */
|
|
2725 |
+#define CKR_RANDOM_NO_RNG 0x00000121
|
|
2726 |
+
|
|
2727 |
+/* These are new to v2.11 */
|
|
2728 |
+#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
|
|
2729 |
+
|
|
2730 |
+/* These are new to v2.0 */
|
|
2731 |
+#define CKR_BUFFER_TOO_SMALL 0x00000150
|
|
2732 |
+#define CKR_SAVED_STATE_INVALID 0x00000160
|
|
2733 |
+#define CKR_INFORMATION_SENSITIVE 0x00000170
|
|
2734 |
+#define CKR_STATE_UNSAVEABLE 0x00000180
|
|
2735 |
+
|
|
2736 |
+/* These are new to v2.01 */
|
|
2737 |
+#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
|
|
2738 |
+#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
|
|
2739 |
+#define CKR_MUTEX_BAD 0x000001A0
|
|
2740 |
+#define CKR_MUTEX_NOT_LOCKED 0x000001A1
|
|
2741 |
+
|
|
2742 |
+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
|
|
2743 |
+#define CKR_NEW_PIN_MODE 0x000001B0
|
|
2744 |
+#define CKR_NEXT_OTP 0x000001B1
|
|
2745 |
+
|
|
2746 |
+/* This is new to v2.20 */
|
|
2747 |
+#define CKR_FUNCTION_REJECTED 0x00000200
|
|
2748 |
+
|
|
2749 |
+#define CKR_VENDOR_DEFINED 0x80000000
|
|
2750 |
+
|
|
2751 |
+
|
|
2752 |
+/* CK_NOTIFY is an application callback that processes events */
|
|
2753 |
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
|
|
2754 |
+ CK_SESSION_HANDLE hSession, /* the session's handle */
|
|
2755 |
+ CK_NOTIFICATION event,
|
|
2756 |
+ CK_VOID_PTR pApplication /* passed to C_OpenSession */
|
|
2757 |
+);
|
|
2758 |
+
|
|
2759 |
+
|
|
2760 |
+/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
|
|
2761 |
+ * version and pointers of appropriate types to all the
|
|
2762 |
+ * Cryptoki functions */
|
|
2763 |
+/* CK_FUNCTION_LIST is new for v2.0 */
|
|
2764 |
+typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
|
|
2765 |
+
|
|
2766 |
+typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
|
|
2767 |
+
|
|
2768 |
+typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
|
|
2769 |
+
|
|
2770 |
+
|
|
2771 |
+/* CK_CREATEMUTEX is an application callback for creating a
|
|
2772 |
+ * mutex object */
|
|
2773 |
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
|
|
2774 |
+ CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
|
|
2775 |
+);
|
|
2776 |
+
|
|
2777 |
+
|
|
2778 |
+/* CK_DESTROYMUTEX is an application callback for destroying a
|
|
2779 |
+ * mutex object */
|
|
2780 |
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
|
|
2781 |
+ CK_VOID_PTR pMutex /* pointer to mutex */
|
|
2782 |
+);
|
|
2783 |
+
|
|
2784 |
+
|
|
2785 |
+/* CK_LOCKMUTEX is an application callback for locking a mutex */
|
|
2786 |
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
|
|
2787 |
+ CK_VOID_PTR pMutex /* pointer to mutex */
|
|
2788 |
+);
|
|
2789 |
+
|
|
2790 |
+
|
|
2791 |
+/* CK_UNLOCKMUTEX is an application callback for unlocking a
|
|
2792 |
+ * mutex */
|
|
2793 |
+typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
|
|
2794 |
+ CK_VOID_PTR pMutex /* pointer to mutex */
|
|
2795 |
+);
|
|
2796 |
+
|
|
2797 |
+
|
|
2798 |
+/* CK_C_INITIALIZE_ARGS provides the optional arguments to
|
|
2799 |
+ * C_Initialize */
|
|
2800 |
+typedef struct CK_C_INITIALIZE_ARGS {
|
|
2801 |
+ CK_CREATEMUTEX CreateMutex;
|
|
2802 |
+ CK_DESTROYMUTEX DestroyMutex;
|
|
2803 |
+ CK_LOCKMUTEX LockMutex;
|
|
2804 |
+ CK_UNLOCKMUTEX UnlockMutex;
|
|
2805 |
+ CK_FLAGS flags;
|
|
2806 |
+ CK_VOID_PTR pReserved;
|
|
2807 |
+} CK_C_INITIALIZE_ARGS;
|
|
2808 |
+
|
|
2809 |
+/* flags: bit flags that provide capabilities of the slot
|
|
2810 |
+ * Bit Flag Mask Meaning
|
|
2811 |
+ */
|
|
2812 |
+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
|
|
2813 |
+#define CKF_OS_LOCKING_OK 0x00000002
|
|
2814 |
+
|
|
2815 |
+typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
|
|
2816 |
+
|
|
2817 |
+
|
|
2818 |
+/* additional flags for parameters to functions */
|
|
2819 |
+
|
|
2820 |
+/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
|
|
2821 |
+#define CKF_DONT_BLOCK 1
|
|
2822 |
+
|
|
2823 |
+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
|
|
2824 |
+ * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
|
|
2825 |
+ * Generation Function (MGF) applied to a message block when
|
|
2826 |
+ * formatting a message block for the PKCS #1 OAEP encryption
|
|
2827 |
+ * scheme. */
|
|
2828 |
+typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
|
|
2829 |
+
|
|
2830 |
+typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
|
|
2831 |
+
|
|
2832 |
+/* The following MGFs are defined */
|
|
2833 |
+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
|
|
2834 |
+ * are new for v2.20 */
|
|
2835 |
+#define CKG_MGF1_SHA1 0x00000001
|
|
2836 |
+#define CKG_MGF1_SHA256 0x00000002
|
|
2837 |
+#define CKG_MGF1_SHA384 0x00000003
|
|
2838 |
+#define CKG_MGF1_SHA512 0x00000004
|
|
2839 |
+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
|
|
2840 |
+#define CKG_MGF1_SHA224 0x00000005
|
|
2841 |
+
|
|
2842 |
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
|
|
2843 |
+ * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
|
|
2844 |
+ * of the encoding parameter when formatting a message block
|
|
2845 |
+ * for the PKCS #1 OAEP encryption scheme. */
|
|
2846 |
+typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
|
|
2847 |
+
|
|
2848 |
+typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
|
|
2849 |
+
|
|
2850 |
+/* The following encoding parameter sources are defined */
|
|
2851 |
+#define CKZ_DATA_SPECIFIED 0x00000001
|
|
2852 |
+
|
|
2853 |
+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
|
|
2854 |
+ * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
|
|
2855 |
+ * CKM_RSA_PKCS_OAEP mechanism. */
|
|
2856 |
+typedef struct CK_RSA_PKCS_OAEP_PARAMS {
|
|
2857 |
+ CK_MECHANISM_TYPE hashAlg;
|
|
2858 |
+ CK_RSA_PKCS_MGF_TYPE mgf;
|
|
2859 |
+ CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
|
|
2860 |
+ CK_VOID_PTR pSourceData;
|
|
2861 |
+ CK_ULONG ulSourceDataLen;
|
|
2862 |
+} CK_RSA_PKCS_OAEP_PARAMS;
|
|
2863 |
+
|
|
2864 |
+typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
|
|
2865 |
+
|
|
2866 |
+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
|
|
2867 |
+ * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
|
|
2868 |
+ * CKM_RSA_PKCS_PSS mechanism(s). */
|
|
2869 |
+typedef struct CK_RSA_PKCS_PSS_PARAMS {
|
|
2870 |
+ CK_MECHANISM_TYPE hashAlg;
|
|
2871 |
+ CK_RSA_PKCS_MGF_TYPE mgf;
|
|
2872 |
+ CK_ULONG sLen;
|
|
2873 |
+} CK_RSA_PKCS_PSS_PARAMS;
|
|
2874 |
+
|
|
2875 |
+typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
|
|
2876 |
+
|
|
2877 |
+/* CK_EC_KDF_TYPE is new for v2.11. */
|
|
2878 |
+typedef CK_ULONG CK_EC_KDF_TYPE;
|
|
2879 |
+
|
|
2880 |
+/* The following EC Key Derivation Functions are defined */
|
|
2881 |
+#define CKD_NULL 0x00000001
|
|
2882 |
+#define CKD_SHA1_KDF 0x00000002
|
|
2883 |
+
|
|
2884 |
+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
|
|
2885 |
+ * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
|
|
2886 |
+ * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
|
|
2887 |
+ * where each party contributes one key pair.
|
|
2888 |
+ */
|
|
2889 |
+typedef struct CK_ECDH1_DERIVE_PARAMS {
|
|
2890 |
+ CK_EC_KDF_TYPE kdf;
|
|
2891 |
+ CK_ULONG ulSharedDataLen;
|
|
2892 |
+ CK_BYTE_PTR pSharedData;
|
|
2893 |
+ CK_ULONG ulPublicDataLen;
|
|
2894 |
+ CK_BYTE_PTR pPublicData;
|
|
2895 |
+} CK_ECDH1_DERIVE_PARAMS;
|
|
2896 |
+
|
|
2897 |
+typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
|
|
2898 |
+
|
|
2899 |
+
|
|
2900 |
+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
|
|
2901 |
+ * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
|
|
2902 |
+ * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
|
|
2903 |
+typedef struct CK_ECDH2_DERIVE_PARAMS {
|
|
2904 |
+ CK_EC_KDF_TYPE kdf;
|
|
2905 |
+ CK_ULONG ulSharedDataLen;
|
|
2906 |
+ CK_BYTE_PTR pSharedData;
|
|
2907 |
+ CK_ULONG ulPublicDataLen;
|
|
2908 |
+ CK_BYTE_PTR pPublicData;
|
|
2909 |
+ CK_ULONG ulPrivateDataLen;
|
|
2910 |
+ CK_OBJECT_HANDLE hPrivateData;
|
|
2911 |
+ CK_ULONG ulPublicDataLen2;
|
|
2912 |
+ CK_BYTE_PTR pPublicData2;
|
|
2913 |
+} CK_ECDH2_DERIVE_PARAMS;
|
|
2914 |
+
|
|
2915 |
+typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
|
|
2916 |
+
|
|
2917 |
+typedef struct CK_ECMQV_DERIVE_PARAMS {
|
|
2918 |
+ CK_EC_KDF_TYPE kdf;
|
|
2919 |
+ CK_ULONG ulSharedDataLen;
|
|
2920 |
+ CK_BYTE_PTR pSharedData;
|
|
2921 |
+ CK_ULONG ulPublicDataLen;
|
|
2922 |
+ CK_BYTE_PTR pPublicData;
|
|
2923 |
+ CK_ULONG ulPrivateDataLen;
|
|
2924 |
+ CK_OBJECT_HANDLE hPrivateData;
|
|
2925 |
+ CK_ULONG ulPublicDataLen2;
|
|
2926 |
+ CK_BYTE_PTR pPublicData2;
|
|
2927 |
+ CK_OBJECT_HANDLE publicKey;
|
|
2928 |
+} CK_ECMQV_DERIVE_PARAMS;
|
|
2929 |
+
|
|
2930 |
+typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
|
|
2931 |
+
|
|
2932 |
+/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
|
|
2933 |
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
|
|
2934 |
+typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
|
|
2935 |
+typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
|
|
2936 |
+
|
|
2937 |
+/* The following X9.42 DH key derivation functions are defined
|
|
2938 |
+ (besides CKD_NULL already defined : */
|
|
2939 |
+#define CKD_SHA1_KDF_ASN1 0x00000003
|
|
2940 |
+#define CKD_SHA1_KDF_CONCATENATE 0x00000004
|
|
2941 |
+
|
|
2942 |
+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
|
|
2943 |
+ * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
|
|
2944 |
+ * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
|
|
2945 |
+ * contributes one key pair */
|
|
2946 |
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
|
|
2947 |
+ CK_X9_42_DH_KDF_TYPE kdf;
|
|
2948 |
+ CK_ULONG ulOtherInfoLen;
|
|
2949 |
+ CK_BYTE_PTR pOtherInfo;
|
|
2950 |
+ CK_ULONG ulPublicDataLen;
|
|
2951 |
+ CK_BYTE_PTR pPublicData;
|
|
2952 |
+} CK_X9_42_DH1_DERIVE_PARAMS;
|
|
2953 |
+
|
|
2954 |
+typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
|
|
2955 |
+
|
|
2956 |
+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
|
|
2957 |
+ * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
|
|
2958 |
+ * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
|
|
2959 |
+ * mechanisms, where each party contributes two key pairs */
|
|
2960 |
+typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
|
|
2961 |
+ CK_X9_42_DH_KDF_TYPE kdf;
|
|
2962 |
+ CK_ULONG ulOtherInfoLen;
|
|
2963 |
+ CK_BYTE_PTR pOtherInfo;
|
|
2964 |
+ CK_ULONG ulPublicDataLen;
|
|
2965 |
+ CK_BYTE_PTR pPublicData;
|
|
2966 |
+ CK_ULONG ulPrivateDataLen;
|
|
2967 |
+ CK_OBJECT_HANDLE hPrivateData;
|
|
2968 |
+ CK_ULONG ulPublicDataLen2;
|
|
2969 |
+ CK_BYTE_PTR pPublicData2;
|
|
2970 |
+} CK_X9_42_DH2_DERIVE_PARAMS;
|
|
2971 |
+
|
|
2972 |
+typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
|
|
2973 |
+
|
|
2974 |
+typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
|
|
2975 |
+ CK_X9_42_DH_KDF_TYPE kdf;
|
|
2976 |
+ CK_ULONG ulOtherInfoLen;
|
|
2977 |
+ CK_BYTE_PTR pOtherInfo;
|
|
2978 |
+ CK_ULONG ulPublicDataLen;
|
|
2979 |
+ CK_BYTE_PTR pPublicData;
|
|
2980 |
+ CK_ULONG ulPrivateDataLen;
|
|
2981 |
+ CK_OBJECT_HANDLE hPrivateData;
|
|
2982 |
+ CK_ULONG ulPublicDataLen2;
|
|
2983 |
+ CK_BYTE_PTR pPublicData2;
|
|
2984 |
+ CK_OBJECT_HANDLE publicKey;
|
|
2985 |
+} CK_X9_42_MQV_DERIVE_PARAMS;
|
|
2986 |
+
|
|
2987 |
+typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
|
|
2988 |
+
|
|
2989 |
+/* CK_KEA_DERIVE_PARAMS provides the parameters to the
|
|
2990 |
+ * CKM_KEA_DERIVE mechanism */
|
|
2991 |
+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
|
|
2992 |
+typedef struct CK_KEA_DERIVE_PARAMS {
|
|
2993 |
+ CK_BBOOL isSender;
|
|
2994 |
+ CK_ULONG ulRandomLen;
|
|
2995 |
+ CK_BYTE_PTR pRandomA;
|
|
2996 |
+ CK_BYTE_PTR pRandomB;
|
|
2997 |
+ CK_ULONG ulPublicDataLen;
|
|
2998 |
+ CK_BYTE_PTR pPublicData;
|
|
2999 |
+} CK_KEA_DERIVE_PARAMS;
|
|
3000 |
+
|
|
3001 |
+typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
|
|
3002 |
+
|
|
3003 |
+
|
|
3004 |
+/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
|
|
3005 |
+ * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
|
|
3006 |
+ * holds the effective keysize */
|
|
3007 |
+typedef CK_ULONG CK_RC2_PARAMS;
|
|
3008 |
+
|
|
3009 |
+typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
|
|
3010 |
+
|
|
3011 |
+
|
|
3012 |
+/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
|
|
3013 |
+ * mechanism */
|
|
3014 |
+typedef struct CK_RC2_CBC_PARAMS {
|
|
3015 |
+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
|
|
3016 |
+ * v2.0 */
|
|
3017 |
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
|
|
3018 |
+
|
|
3019 |
+ CK_BYTE iv[8]; /* IV for CBC mode */
|
|
3020 |
+} CK_RC2_CBC_PARAMS;
|
|
3021 |
+
|
|
3022 |
+typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
|
|
3023 |
+
|
|
3024 |
+
|
|
3025 |
+/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
|
|
3026 |
+ * CKM_RC2_MAC_GENERAL mechanism */
|
|
3027 |
+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
|
|
3028 |
+typedef struct CK_RC2_MAC_GENERAL_PARAMS {
|
|
3029 |
+ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
|
|
3030 |
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
|
|
3031 |
+} CK_RC2_MAC_GENERAL_PARAMS;
|
|
3032 |
+
|
|
3033 |
+typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
|
|
3034 |
+ CK_RC2_MAC_GENERAL_PARAMS_PTR;
|
|
3035 |
+
|
|
3036 |
+
|
|
3037 |
+/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
|
|
3038 |
+ * CKM_RC5_MAC mechanisms */
|
|
3039 |
+/* CK_RC5_PARAMS is new for v2.0 */
|
|
3040 |
+typedef struct CK_RC5_PARAMS {
|
|
3041 |
+ CK_ULONG ulWordsize; /* wordsize in bits */
|
|
3042 |
+ CK_ULONG ulRounds; /* number of rounds */
|
|
3043 |
+} CK_RC5_PARAMS;
|
|
3044 |
+
|
|
3045 |
+typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
|
|
3046 |
+
|
|
3047 |
+
|
|
3048 |
+/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
|
|
3049 |
+ * mechanism */
|
|
3050 |
+/* CK_RC5_CBC_PARAMS is new for v2.0 */
|
|
3051 |
+typedef struct CK_RC5_CBC_PARAMS {
|
|
3052 |
+ CK_ULONG ulWordsize; /* wordsize in bits */
|
|
3053 |
+ CK_ULONG ulRounds; /* number of rounds */
|
|
3054 |
+ CK_BYTE_PTR pIv; /* pointer to IV */
|
|
3055 |
+ CK_ULONG ulIvLen; /* length of IV in bytes */
|
|
3056 |
+} CK_RC5_CBC_PARAMS;
|
|
3057 |
+
|
|
3058 |
+typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
|
|
3059 |
+
|
|
3060 |
+
|
|
3061 |
+/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
|
|
3062 |
+ * CKM_RC5_MAC_GENERAL mechanism */
|
|
3063 |
+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
|
|
3064 |
+typedef struct CK_RC5_MAC_GENERAL_PARAMS {
|
|
3065 |
+ CK_ULONG ulWordsize; /* wordsize in bits */
|
|
3066 |
+ CK_ULONG ulRounds; /* number of rounds */
|
|
3067 |
+ CK_ULONG ulMacLength; /* Length of MAC in bytes */
|
|
3068 |
+} CK_RC5_MAC_GENERAL_PARAMS;
|
|
3069 |
+
|
|
3070 |
+typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
|
|
3071 |
+ CK_RC5_MAC_GENERAL_PARAMS_PTR;
|
|
3072 |
+
|
|
3073 |
+
|
|
3074 |
+/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
|
|
3075 |
+ * ciphers' MAC_GENERAL mechanisms. Its value is the length of
|
|
3076 |
+ * the MAC */
|
|
3077 |
+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
|
|
3078 |
+typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
|
|
3079 |
+
|
|
3080 |
+typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
|
|
3081 |
+
|
|
3082 |
+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
|
|
3083 |
+typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
|
|
3084 |
+ CK_BYTE iv[8];
|
|
3085 |
+ CK_BYTE_PTR pData;
|
|
3086 |
+ CK_ULONG length;
|
|
3087 |
+} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
|
|
3088 |
+
|
|
3089 |
+typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
|
|
3090 |
+
|
|
3091 |
+typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
|
|
3092 |
+ CK_BYTE iv[16];
|
|
3093 |
+ CK_BYTE_PTR pData;
|
|
3094 |
+ CK_ULONG length;
|
|
3095 |
+} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
|
|
3096 |
+
|
|
3097 |
+typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
|
|
3098 |
+
|
|
3099 |
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
|
|
3100 |
+ * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
|
|
3101 |
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
|
|
3102 |
+typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
|
|
3103 |
+ CK_ULONG ulPasswordLen;
|
|
3104 |
+ CK_BYTE_PTR pPassword;
|
|
3105 |
+ CK_ULONG ulPublicDataLen;
|
|
3106 |
+ CK_BYTE_PTR pPublicData;
|
|
3107 |
+ CK_ULONG ulPAndGLen;
|
|
3108 |
+ CK_ULONG ulQLen;
|
|
3109 |
+ CK_ULONG ulRandomLen;
|
|
3110 |
+ CK_BYTE_PTR pRandomA;
|
|
3111 |
+ CK_BYTE_PTR pPrimeP;
|
|
3112 |
+ CK_BYTE_PTR pBaseG;
|
|
3113 |
+ CK_BYTE_PTR pSubprimeQ;
|
|
3114 |
+} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
|
|
3115 |
+
|
|
3116 |
+typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
|
|
3117 |
+ CK_SKIPJACK_PRIVATE_WRAP_PTR;
|
|
3118 |
+
|
|
3119 |
+
|
|
3120 |
+/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
|
|
3121 |
+ * CKM_SKIPJACK_RELAYX mechanism */
|
|
3122 |
+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
|
|
3123 |
+typedef struct CK_SKIPJACK_RELAYX_PARAMS {
|
|
3124 |
+ CK_ULONG ulOldWrappedXLen;
|
|
3125 |
+ CK_BYTE_PTR pOldWrappedX;
|
|
3126 |
+ CK_ULONG ulOldPasswordLen;
|
|
3127 |
+ CK_BYTE_PTR pOldPassword;
|
|
3128 |
+ CK_ULONG ulOldPublicDataLen;
|
|
3129 |
+ CK_BYTE_PTR pOldPublicData;
|
|
3130 |
+ CK_ULONG ulOldRandomLen;
|
|
3131 |
+ CK_BYTE_PTR pOldRandomA;
|
|
3132 |
+ CK_ULONG ulNewPasswordLen;
|
|
3133 |
+ CK_BYTE_PTR pNewPassword;
|
|
3134 |
+ CK_ULONG ulNewPublicDataLen;
|
|
3135 |
+ CK_BYTE_PTR pNewPublicData;
|
|
3136 |
+ CK_ULONG ulNewRandomLen;
|
|
3137 |
+ CK_BYTE_PTR pNewRandomA;
|
|
3138 |
+} CK_SKIPJACK_RELAYX_PARAMS;
|
|
3139 |
+
|
|
3140 |
+typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
|
|
3141 |
+ CK_SKIPJACK_RELAYX_PARAMS_PTR;
|
|
3142 |
+
|
|
3143 |
+
|
|
3144 |
+typedef struct CK_PBE_PARAMS {
|
|
3145 |
+ CK_BYTE_PTR pInitVector;
|
|
3146 |
+ CK_UTF8CHAR_PTR pPassword;
|
|
3147 |
+ CK_ULONG ulPasswordLen;
|
|
3148 |
+ CK_BYTE_PTR pSalt;
|
|
3149 |
+ CK_ULONG ulSaltLen;
|
|
3150 |
+ CK_ULONG ulIteration;
|
|
3151 |
+} CK_PBE_PARAMS;
|
|
3152 |
+
|
|
3153 |
+typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
|
|
3154 |
+
|
|
3155 |
+
|
|
3156 |
+/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
|
|
3157 |
+ * CKM_KEY_WRAP_SET_OAEP mechanism */
|
|
3158 |
+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
|
|
3159 |
+typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
|
|
3160 |
+ CK_BYTE bBC; /* block contents byte */
|
|
3161 |
+ CK_BYTE_PTR pX; /* extra data */
|
|
3162 |
+ CK_ULONG ulXLen; /* length of extra data in bytes */
|
|
3163 |
+} CK_KEY_WRAP_SET_OAEP_PARAMS;
|
|
3164 |
+
|
|
3165 |
+typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
|
|
3166 |
+ CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
|
|
3167 |
+
|
|
3168 |
+
|
|
3169 |
+typedef struct CK_SSL3_RANDOM_DATA {
|
|
3170 |
+ CK_BYTE_PTR pClientRandom;
|
|
3171 |
+ CK_ULONG ulClientRandomLen;
|
|
3172 |
+ CK_BYTE_PTR pServerRandom;
|
|
3173 |
+ CK_ULONG ulServerRandomLen;
|
|
3174 |
+} CK_SSL3_RANDOM_DATA;
|
|
3175 |
+
|
|
3176 |
+
|
|
3177 |
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
|
|
3178 |
+ CK_SSL3_RANDOM_DATA RandomInfo;
|
|
3179 |
+ CK_VERSION_PTR pVersion;
|
|
3180 |
+} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
|
|
3181 |
+
|
|
3182 |
+typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
|
|
3183 |
+ CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
|
|
3184 |
+
|
|
3185 |
+
|
|
3186 |
+typedef struct CK_SSL3_KEY_MAT_OUT {
|
|
3187 |
+ CK_OBJECT_HANDLE hClientMacSecret;
|
|
3188 |
+ CK_OBJECT_HANDLE hServerMacSecret;
|
|
3189 |
+ CK_OBJECT_HANDLE hClientKey;
|
|
3190 |
+ CK_OBJECT_HANDLE hServerKey;
|
|
3191 |
+ CK_BYTE_PTR pIVClient;
|
|
3192 |
+ CK_BYTE_PTR pIVServer;
|
|
3193 |
+} CK_SSL3_KEY_MAT_OUT;
|
|
3194 |
+
|
|
3195 |
+typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
|
|
3196 |
+
|
|
3197 |
+
|
|
3198 |
+typedef struct CK_SSL3_KEY_MAT_PARAMS {
|
|
3199 |
+ CK_ULONG ulMacSizeInBits;
|
|
3200 |
+ CK_ULONG ulKeySizeInBits;
|
|
3201 |
+ CK_ULONG ulIVSizeInBits;
|
|
3202 |
+ CK_BBOOL bIsExport;
|
|
3203 |
+ CK_SSL3_RANDOM_DATA RandomInfo;
|
|
3204 |
+ CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
|
|
3205 |
+} CK_SSL3_KEY_MAT_PARAMS;
|
|
3206 |
+
|
|
3207 |
+typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
|
|
3208 |
+
|
|
3209 |
+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
|
|
3210 |
+typedef struct CK_TLS_PRF_PARAMS {
|
|
3211 |
+ CK_BYTE_PTR pSeed;
|
|
3212 |
+ CK_ULONG ulSeedLen;
|
|
3213 |
+ CK_BYTE_PTR pLabel;
|
|
3214 |
+ CK_ULONG ulLabelLen;
|
|
3215 |
+ CK_BYTE_PTR pOutput;
|
|
3216 |
+ CK_ULONG_PTR pulOutputLen;
|
|
3217 |
+} CK_TLS_PRF_PARAMS;
|
|
3218 |
+
|
|
3219 |
+typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
|
|
3220 |
+
|
|
3221 |
+/* WTLS is new for version 2.20 */
|
|
3222 |
+typedef struct CK_WTLS_RANDOM_DATA {
|
|
3223 |
+ CK_BYTE_PTR pClientRandom;
|
|
3224 |
+ CK_ULONG ulClientRandomLen;
|
|
3225 |
+ CK_BYTE_PTR pServerRandom;
|
|
3226 |
+ CK_ULONG ulServerRandomLen;
|
|
3227 |
+} CK_WTLS_RANDOM_DATA;
|
|
3228 |
+
|
|
3229 |
+typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
|
|
3230 |
+
|
|
3231 |
+typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
|
|
3232 |
+ CK_MECHANISM_TYPE DigestMechanism;
|
|
3233 |
+ CK_WTLS_RANDOM_DATA RandomInfo;
|
|
3234 |
+ CK_BYTE_PTR pVersion;
|
|
3235 |
+} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
|
|
3236 |
+
|
|
3237 |
+typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
|
|
3238 |
+ CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
|
|
3239 |
+
|
|
3240 |
+typedef struct CK_WTLS_PRF_PARAMS {
|
|
3241 |
+ CK_MECHANISM_TYPE DigestMechanism;
|
|
3242 |
+ CK_BYTE_PTR pSeed;
|
|
3243 |
+ CK_ULONG ulSeedLen;
|
|
3244 |
+ CK_BYTE_PTR pLabel;
|
|
3245 |
+ CK_ULONG ulLabelLen;
|
|
3246 |
+ CK_BYTE_PTR pOutput;
|
|
3247 |
+ CK_ULONG_PTR pulOutputLen;
|
|
3248 |
+} CK_WTLS_PRF_PARAMS;
|
|
3249 |
+
|
|
3250 |
+typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
|
|
3251 |
+
|
|
3252 |
+typedef struct CK_WTLS_KEY_MAT_OUT {
|
|
3253 |
+ CK_OBJECT_HANDLE hMacSecret;
|
|
3254 |
+ CK_OBJECT_HANDLE hKey;
|
|
3255 |
+ CK_BYTE_PTR pIV;
|
|
3256 |
+} CK_WTLS_KEY_MAT_OUT;
|
|
3257 |
+
|
|
3258 |
+typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
|
|
3259 |
+
|
|
3260 |
+typedef struct CK_WTLS_KEY_MAT_PARAMS {
|
|
3261 |
+ CK_MECHANISM_TYPE DigestMechanism;
|
|
3262 |
+ CK_ULONG ulMacSizeInBits;
|
|
3263 |
+ CK_ULONG ulKeySizeInBits;
|
|
3264 |
+ CK_ULONG ulIVSizeInBits;
|
|
3265 |
+ CK_ULONG ulSequenceNumber;
|
|
3266 |
+ CK_BBOOL bIsExport;
|
|
3267 |
+ CK_WTLS_RANDOM_DATA RandomInfo;
|
|
3268 |
+ CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
|
|
3269 |
+} CK_WTLS_KEY_MAT_PARAMS;
|
|
3270 |
+
|
|
3271 |
+typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
|
|
3272 |
+
|
|
3273 |
+/* CMS is new for version 2.20 */
|
|
3274 |
+typedef struct CK_CMS_SIG_PARAMS {
|
|
3275 |
+ CK_OBJECT_HANDLE certificateHandle;
|
|
3276 |
+ CK_MECHANISM_PTR pSigningMechanism;
|
|
3277 |
+ CK_MECHANISM_PTR pDigestMechanism;
|
|
3278 |
+ CK_UTF8CHAR_PTR pContentType;
|
|
3279 |
+ CK_BYTE_PTR pRequestedAttributes;
|
|
3280 |
+ CK_ULONG ulRequestedAttributesLen;
|
|
3281 |
+ CK_BYTE_PTR pRequiredAttributes;
|
|
3282 |
+ CK_ULONG ulRequiredAttributesLen;
|
|
3283 |
+} CK_CMS_SIG_PARAMS;
|
|
3284 |
+
|
|
3285 |
+typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
|
|
3286 |
+
|
|
3287 |
+typedef struct CK_KEY_DERIVATION_STRING_DATA {
|
|
3288 |
+ CK_BYTE_PTR pData;
|
|
3289 |
+ CK_ULONG ulLen;
|
|
3290 |
+} CK_KEY_DERIVATION_STRING_DATA;
|
|
3291 |
+
|
|
3292 |
+typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
|
|
3293 |
+ CK_KEY_DERIVATION_STRING_DATA_PTR;
|
|
3294 |
+
|
|
3295 |
+
|
|
3296 |
+/* The CK_EXTRACT_PARAMS is used for the
|
|
3297 |
+ * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
|
|
3298 |
+ * of the base key should be used as the first bit of the
|
|
3299 |
+ * derived key */
|
|
3300 |
+/* CK_EXTRACT_PARAMS is new for v2.0 */
|
|
3301 |
+typedef CK_ULONG CK_EXTRACT_PARAMS;
|
|
3302 |
+
|
|
3303 |
+typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
|
|
3304 |
+
|
|
3305 |
+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
|
|
3306 |
+ * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
|
|
3307 |
+ * indicate the Pseudo-Random Function (PRF) used to generate
|
|
3308 |
+ * key bits using PKCS #5 PBKDF2. */
|
|
3309 |
+typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
|
|
3310 |
+
|
|
3311 |
+typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
|
|
3312 |
+
|
|
3313 |
+/* The following PRFs are defined in PKCS #5 v2.0. */
|
|
3314 |
+#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
|
|
3315 |
+
|
|
3316 |
+
|
|
3317 |
+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
|
|
3318 |
+ * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
|
|
3319 |
+ * source of the salt value when deriving a key using PKCS #5
|
|
3320 |
+ * PBKDF2. */
|
|
3321 |
+typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
|
|
3322 |
+
|
|
3323 |
+typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
|
|
3324 |
+
|
|
3325 |
+/* The following salt value sources are defined in PKCS #5 v2.0. */
|
|
3326 |
+#define CKZ_SALT_SPECIFIED 0x00000001
|
|
3327 |
+
|
|
3328 |
+/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
|
|
3329 |
+ * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
|
|
3330 |
+ * parameters to the CKM_PKCS5_PBKD2 mechanism. */
|
|
3331 |
+typedef struct CK_PKCS5_PBKD2_PARAMS {
|
|
3332 |
+ CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
|
|
3333 |
+ CK_VOID_PTR pSaltSourceData;
|
|
3334 |
+ CK_ULONG ulSaltSourceDataLen;
|
|
3335 |
+ CK_ULONG iterations;
|
|
3336 |
+ CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
|
|
3337 |
+ CK_VOID_PTR pPrfData;
|
|
3338 |
+ CK_ULONG ulPrfDataLen;
|
|
3339 |
+ CK_UTF8CHAR_PTR pPassword;
|
|
3340 |
+ CK_ULONG_PTR ulPasswordLen;
|
|
3341 |
+} CK_PKCS5_PBKD2_PARAMS;
|
|
3342 |
+
|
|
3343 |
+typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
|
|
3344 |
+
|
|
3345 |
+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
|
|
3346 |
+
|
|
3347 |
+typedef CK_ULONG CK_OTP_PARAM_TYPE;
|
|
3348 |
+typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
|
|
3349 |
+
|
|
3350 |
+typedef struct CK_OTP_PARAM {
|
|
3351 |
+ CK_OTP_PARAM_TYPE type;
|
|
3352 |
+ CK_VOID_PTR pValue;
|
|
3353 |
+ CK_ULONG ulValueLen;
|
|
3354 |
+} CK_OTP_PARAM;
|
|
3355 |
+
|
|
3356 |
+typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
|
|
3357 |
+
|
|
3358 |
+typedef struct CK_OTP_PARAMS {
|
|
3359 |
+ CK_OTP_PARAM_PTR pParams;
|
|
3360 |
+ CK_ULONG ulCount;
|
|
3361 |
+} CK_OTP_PARAMS;
|
|
3362 |
+
|
|
3363 |
+typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
|
|
3364 |
+
|
|
3365 |
+typedef struct CK_OTP_SIGNATURE_INFO {
|
|
3366 |
+ CK_OTP_PARAM_PTR pParams;
|
|
3367 |
+ CK_ULONG ulCount;
|
|
3368 |
+} CK_OTP_SIGNATURE_INFO;
|
|
3369 |
+
|
|
3370 |
+typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
|
|
3371 |
+
|
|
3372 |
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
|
|
3373 |
+#define CK_OTP_VALUE 0
|
|
3374 |
+#define CK_OTP_PIN 1
|
|
3375 |
+#define CK_OTP_CHALLENGE 2
|
|
3376 |
+#define CK_OTP_TIME 3
|
|
3377 |
+#define CK_OTP_COUNTER 4
|
|
3378 |
+#define CK_OTP_FLAGS 5
|
|
3379 |
+#define CK_OTP_OUTPUT_LENGTH 6
|
|
3380 |
+#define CK_OTP_OUTPUT_FORMAT 7
|
|
3381 |
+
|
|
3382 |
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
|
|
3383 |
+#define CKF_NEXT_OTP 0x00000001
|
|
3384 |
+#define CKF_EXCLUDE_TIME 0x00000002
|
|
3385 |
+#define CKF_EXCLUDE_COUNTER 0x00000004
|
|
3386 |
+#define CKF_EXCLUDE_CHALLENGE 0x00000008
|
|
3387 |
+#define CKF_EXCLUDE_PIN 0x00000010
|
|
3388 |
+#define CKF_USER_FRIENDLY_OTP 0x00000020
|
|
3389 |
+
|
|
3390 |
+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
|
|
3391 |
+typedef struct CK_KIP_PARAMS {
|
|
3392 |
+ CK_MECHANISM_PTR pMechanism;
|
|
3393 |
+ CK_OBJECT_HANDLE hKey;
|
|
3394 |
+ CK_BYTE_PTR pSeed;
|
|
3395 |
+ CK_ULONG ulSeedLen;
|
|
3396 |
+} CK_KIP_PARAMS;
|
|
3397 |
+
|
|
3398 |
+typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
|
|
3399 |
+
|
|
3400 |
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
|
|
3401 |
+typedef struct CK_AES_CTR_PARAMS {
|
|
3402 |
+ CK_ULONG ulCounterBits;
|
|
3403 |
+ CK_BYTE cb[16];
|
|
3404 |
+} CK_AES_CTR_PARAMS;
|
|
3405 |
+
|
|
3406 |
+typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
|
|
3407 |
+
|
|
3408 |
+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
|
|
3409 |
+typedef struct CK_CAMELLIA_CTR_PARAMS {
|
|
3410 |
+ CK_ULONG ulCounterBits;
|
|
3411 |
+ CK_BYTE cb[16];
|
|
3412 |
+} CK_CAMELLIA_CTR_PARAMS;
|
|
3413 |
+
|
|
3414 |
+typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
|
|
3415 |
+
|
|
3416 |
+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
|
|
3417 |
+typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
|
|
3418 |
+ CK_BYTE iv[16];
|
|
3419 |
+ CK_BYTE_PTR pData;
|
|
3420 |
+ CK_ULONG length;
|
|
3421 |
+} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
|
|
3422 |
+
|
|
3423 |
+typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
|
|
3424 |
+
|
|
3425 |
+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
|
|
3426 |
+typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
|
|
3427 |
+ CK_BYTE iv[16];
|
|
3428 |
+ CK_BYTE_PTR pData;
|
|
3429 |
+ CK_ULONG length;
|
|
3430 |
+} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
|
|
3431 |
+
|
|
3432 |
+typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
|
|
3433 |
+
|
|
3434 |
+#endif
|