1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 /* License to copy and use this software is granted provided that it is 5 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface 6 * (Cryptoki)" in all material mentioning or referencing this software. 7 8 * License is also granted to make and use derivative works provided that 9 * such works are identified as "derived from the RSA Security Inc. PKCS #11 10 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or 11 * referencing the derived work. 12 13 * RSA Security Inc. makes no representations concerning either the 14 * merchantability of this software or the suitability of this software for 15 * any particular purpose. It is provided "as is" without express or implied 16 * warranty of any kind. 17 */ 18 19 #ifndef _PKCS11T_H_ 20 #define _PKCS11T_H_ 1 21 22 #define CK_TRUE 1 23 #define CK_FALSE 0 24 25 #define CK_INVALID_SESSION 0 26 27 /* an unsigned 8-bit value */ 28 typedef unsigned char CK_BYTE; 29 30 /* an unsigned 8-bit character */ 31 typedef CK_BYTE CK_CHAR; 32 33 /* an 8-bit UTF-8 character */ 34 typedef CK_BYTE CK_UTF8CHAR; 35 36 /* a BYTE-sized Boolean flag */ 37 typedef CK_BYTE CK_BBOOL; 38 39 /* an unsigned value, at least 32 bits long */ 40 typedef unsigned long int CK_ULONG; 41 42 /* a signed value, the same size as a CK_ULONG */ 43 /* CK_LONG is new for v2.0 */ 44 typedef long int CK_LONG; 45 46 /* at least 32 bits; each bit is a Boolean flag */ 47 typedef CK_ULONG CK_FLAGS; 48 49 /* some special values for certain CK_ULONG variables */ 50 #define CK_UNAVAILABLE_INFORMATION (~0UL) 51 #define CK_EFFECTIVELY_INFINITE 0 52 53 typedef CK_BYTE CK_PTR CK_BYTE_PTR; 54 typedef CK_CHAR CK_PTR CK_CHAR_PTR; 55 typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; 56 typedef CK_ULONG CK_PTR CK_ULONG_PTR; 57 typedef void CK_PTR CK_VOID_PTR; 58 59 /* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ 60 typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; 61 62 /* The following value is always invalid if used as a session */ 63 /* handle or object handle */ 64 #define CK_INVALID_HANDLE 0 65 66 /* pack */ 67 #include "pkcs11p.h" 68 69 typedef struct CK_VERSION { 70 CK_BYTE major; /* integer portion of version number */ 71 CK_BYTE minor; /* 1/100ths portion of version number */ 72 } CK_VERSION; 73 74 typedef CK_VERSION CK_PTR CK_VERSION_PTR; 75 76 typedef struct CK_INFO { 77 /* manufacturerID and libraryDecription have been changed from 78 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 79 CK_VERSION cryptokiVersion; /* PKCS #11 interface ver */ 80 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 81 CK_FLAGS flags; /* must be zero */ 82 83 /* libraryDescription and libraryVersion are new for v2.0 */ 84 CK_UTF8CHAR libraryDescription[32]; /* blank padded */ 85 CK_VERSION libraryVersion; /* version of library */ 86 } CK_INFO; 87 88 typedef CK_INFO CK_PTR CK_INFO_PTR; 89 90 /* CK_NOTIFICATION enumerates the types of notifications that 91 * PKCS #11 provides to an application */ 92 /* CK_NOTIFICATION has been changed from an enum to a CK_ULONG 93 * for v2.0 */ 94 typedef CK_ULONG CK_NOTIFICATION; 95 #define CKN_SURRENDER 0 96 97 typedef CK_ULONG CK_SLOT_ID; 98 99 typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; 100 101 /* CK_SLOT_INFO provides information about a slot */ 102 typedef struct CK_SLOT_INFO { 103 /* slotDescription and manufacturerID have been changed from 104 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 105 CK_UTF8CHAR slotDescription[64]; /* blank padded */ 106 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 107 CK_FLAGS flags; 108 109 /* hardwareVersion and firmwareVersion are new for v2.0 */ 110 CK_VERSION hardwareVersion; /* version of hardware */ 111 CK_VERSION firmwareVersion; /* version of firmware */ 112 } CK_SLOT_INFO; 113 114 /* flags: bit flags that provide capabilities of the slot 115 * Bit Flag Mask Meaning 116 */ 117 #define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ 118 #define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ 119 #define CKF_HW_SLOT 0x00000004 /* hardware slot */ 120 121 typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; 122 123 /* CK_TOKEN_INFO provides information about a token */ 124 typedef struct CK_TOKEN_INFO { 125 /* label, manufacturerID, and model have been changed from 126 * CK_CHAR to CK_UTF8CHAR for v2.10 */ 127 CK_UTF8CHAR label[32]; /* blank padded */ 128 CK_UTF8CHAR manufacturerID[32]; /* blank padded */ 129 CK_UTF8CHAR model[16]; /* blank padded */ 130 CK_CHAR serialNumber[16]; /* blank padded */ 131 CK_FLAGS flags; /* see below */ 132 133 /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, 134 * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been 135 * changed from CK_USHORT to CK_ULONG for v2.0 */ 136 CK_ULONG ulMaxSessionCount; /* max open sessions */ 137 CK_ULONG ulSessionCount; /* sess. now open */ 138 CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ 139 CK_ULONG ulRwSessionCount; /* R/W sess. now open */ 140 CK_ULONG ulMaxPinLen; /* in bytes */ 141 CK_ULONG ulMinPinLen; /* in bytes */ 142 CK_ULONG ulTotalPublicMemory; /* in bytes */ 143 CK_ULONG ulFreePublicMemory; /* in bytes */ 144 CK_ULONG ulTotalPrivateMemory; /* in bytes */ 145 CK_ULONG ulFreePrivateMemory; /* in bytes */ 146 147 /* hardwareVersion, firmwareVersion, and time are new for 148 * v2.0 */ 149 CK_VERSION hardwareVersion; /* version of hardware */ 150 CK_VERSION firmwareVersion; /* version of firmware */ 151 CK_CHAR utcTime[16]; /* time */ 152 } CK_TOKEN_INFO; 153 154 /* The flags parameter is defined as follows: 155 * Bit Flag Mask Meaning 156 */ 157 #define CKF_RNG 0x00000001 /* has random # \ 158 * generator */ 159 #define CKF_WRITE_PROTECTED 0x00000002 /* token is \ 160 * write- \ 161 * protected */ 162 #define CKF_LOGIN_REQUIRED 0x00000004 /* user must \ 163 * login */ 164 #define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's \ 165 * PIN is set */ 166 167 /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, 168 * that means that *every* time the state of cryptographic 169 * operations of a session is successfully saved, all keys 170 * needed to continue those operations are stored in the state */ 171 #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 172 173 /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means 174 * that the token has some sort of clock. The time on that 175 * clock is returned in the token info structure */ 176 #define CKF_CLOCK_ON_TOKEN 0x00000040 177 178 /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is 179 * set, that means that there is some way for the user to login 180 * without sending a PIN through the PKCS #11 library itself */ 181 #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 182 183 /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, 184 * that means that a single session with the token can perform 185 * dual simultaneous cryptographic operations (digest and 186 * encrypt; decrypt and digest; sign and encrypt; and decrypt 187 * and sign) */ 188 #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 189 190 /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the 191 * token has been initialized using C_InitializeToken or an 192 * equivalent mechanism outside the scope of PKCS #11. 193 * Calling C_InitializeToken when this flag is set will cause 194 * the token to be reinitialized. */ 195 #define CKF_TOKEN_INITIALIZED 0x00000400 196 197 /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is 198 * true, the token supports secondary authentication for 199 * private key objects. This flag is deprecated in v2.11 and 200 onwards. */ 201 #define CKF_SECONDARY_AUTHENTICATION 0x00000800 202 203 /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an 204 * incorrect user login PIN has been entered at least once 205 * since the last successful authentication. */ 206 #define CKF_USER_PIN_COUNT_LOW 0x00010000 207 208 /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, 209 * supplying an incorrect user PIN will it to become locked. */ 210 #define CKF_USER_PIN_FINAL_TRY 0x00020000 211 212 /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the 213 * user PIN has been locked. User login to the token is not 214 * possible. */ 215 #define CKF_USER_PIN_LOCKED 0x00040000 216 217 /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 218 * the user PIN value is the default value set by token 219 * initialization or manufacturing, or the PIN has been 220 * expired by the card. */ 221 #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 222 223 /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an 224 * incorrect SO login PIN has been entered at least once since 225 * the last successful authentication. */ 226 #define CKF_SO_PIN_COUNT_LOW 0x00100000 227 228 /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, 229 * supplying an incorrect SO PIN will it to become locked. */ 230 #define CKF_SO_PIN_FINAL_TRY 0x00200000 231 232 /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO 233 * PIN has been locked. SO login to the token is not possible. 234 */ 235 #define CKF_SO_PIN_LOCKED 0x00400000 236 237 /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 238 * the SO PIN value is the default value set by token 239 * initialization or manufacturing, or the PIN has been 240 * expired by the card. */ 241 #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 242 243 typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; 244 245 /* CK_SESSION_HANDLE is a PKCS #11-assigned value that 246 * identifies a session */ 247 typedef CK_ULONG CK_SESSION_HANDLE; 248 249 typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; 250 251 /* CK_USER_TYPE enumerates the types of PKCS #11 users */ 252 /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for 253 * v2.0 */ 254 typedef CK_ULONG CK_USER_TYPE; 255 /* Security Officer */ 256 #define CKU_SO 0 257 /* Normal user */ 258 #define CKU_USER 1 259 /* Context specific (added in v2.20) */ 260 #define CKU_CONTEXT_SPECIFIC 2 261 262 /* CK_STATE enumerates the session states */ 263 /* CK_STATE has been changed from an enum to a CK_ULONG for 264 * v2.0 */ 265 typedef CK_ULONG CK_STATE; 266 #define CKS_RO_PUBLIC_SESSION 0 267 #define CKS_RO_USER_FUNCTIONS 1 268 #define CKS_RW_PUBLIC_SESSION 2 269 #define CKS_RW_USER_FUNCTIONS 3 270 #define CKS_RW_SO_FUNCTIONS 4 271 272 /* CK_SESSION_INFO provides information about a session */ 273 typedef struct CK_SESSION_INFO { 274 CK_SLOT_ID slotID; 275 CK_STATE state; 276 CK_FLAGS flags; /* see below */ 277 278 /* ulDeviceError was changed from CK_USHORT to CK_ULONG for 279 * v2.0 */ 280 CK_ULONG ulDeviceError; /* device-dependent error code */ 281 } CK_SESSION_INFO; 282 283 /* The flags are defined in the following table: 284 * Bit Flag Mask Meaning 285 */ 286 #define CKF_RW_SESSION 0x00000002 /* session is r/w */ 287 #define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ 288 289 typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; 290 291 /* CK_OBJECT_HANDLE is a token-specific identifier for an 292 * object */ 293 typedef CK_ULONG CK_OBJECT_HANDLE; 294 295 typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; 296 297 /* CK_OBJECT_CLASS is a value that identifies the classes (or 298 * types) of objects that PKCS #11 recognizes. It is defined 299 * as follows: */ 300 /* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for 301 * v2.0 */ 302 typedef CK_ULONG CK_OBJECT_CLASS; 303 304 /* The following classes of objects are defined: */ 305 /* CKO_HW_FEATURE is new for v2.10 */ 306 /* CKO_DOMAIN_PARAMETERS is new for v2.11 */ 307 /* CKO_MECHANISM is new for v2.20 */ 308 #define CKO_DATA 0x00000000 309 #define CKO_CERTIFICATE 0x00000001 310 #define CKO_PUBLIC_KEY 0x00000002 311 #define CKO_PRIVATE_KEY 0x00000003 312 #define CKO_SECRET_KEY 0x00000004 313 #define CKO_HW_FEATURE 0x00000005 314 #define CKO_DOMAIN_PARAMETERS 0x00000006 315 #define CKO_MECHANISM 0x00000007 316 #define CKO_VENDOR_DEFINED 0x80000000 317 318 typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; 319 320 /* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a 321 * value that identifies the hardware feature type of an object 322 * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ 323 typedef CK_ULONG CK_HW_FEATURE_TYPE; 324 325 /* The following hardware feature types are defined */ 326 /* CKH_USER_INTERFACE is new for v2.20 */ 327 #define CKH_MONOTONIC_COUNTER 0x00000001 328 #define CKH_CLOCK 0x00000002 329 #define CKH_USER_INTERFACE 0x00000003 330 #define CKH_VENDOR_DEFINED 0x80000000 331 332 /* CK_KEY_TYPE is a value that identifies a key type */ 333 /* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ 334 typedef CK_ULONG CK_KEY_TYPE; 335 336 /* the following key types are defined: */ 337 #define CKK_RSA 0x00000000 338 #define CKK_DSA 0x00000001 339 #define CKK_DH 0x00000002 340 341 /* CKK_ECDSA and CKK_KEA are new for v2.0 */ 342 /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ 343 #define CKK_ECDSA 0x00000003 344 #define CKK_EC 0x00000003 345 #define CKK_X9_42_DH 0x00000004 346 #define CKK_KEA 0x00000005 347 348 #define CKK_GENERIC_SECRET 0x00000010 349 #define CKK_RC2 0x00000011 350 #define CKK_RC4 0x00000012 351 #define CKK_DES 0x00000013 352 #define CKK_DES2 0x00000014 353 #define CKK_DES3 0x00000015 354 355 /* all these key types are new for v2.0 */ 356 #define CKK_CAST 0x00000016 357 #define CKK_CAST3 0x00000017 358 /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ 359 #define CKK_CAST5 0x00000018 360 #define CKK_CAST128 0x00000018 361 #define CKK_RC5 0x00000019 362 #define CKK_IDEA 0x0000001A 363 #define CKK_SKIPJACK 0x0000001B 364 #define CKK_BATON 0x0000001C 365 #define CKK_JUNIPER 0x0000001D 366 #define CKK_CDMF 0x0000001E 367 #define CKK_AES 0x0000001F 368 369 /* BlowFish and TwoFish are new for v2.20 */ 370 #define CKK_BLOWFISH 0x00000020 371 #define CKK_TWOFISH 0x00000021 372 373 /* Camellia is proposed for v2.20 Amendment 3 */ 374 #define CKK_CAMELLIA 0x00000025 375 376 #define CKK_SEED 0x00000026 377 378 #define CKK_VENDOR_DEFINED 0x80000000 379 380 /* CK_CERTIFICATE_TYPE is a value that identifies a certificate 381 * type */ 382 /* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG 383 * for v2.0 */ 384 typedef CK_ULONG CK_CERTIFICATE_TYPE; 385 386 #define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL 387 #define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL 388 #define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL 389 #define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL 390 391 /* The following certificate types are defined: */ 392 /* CKC_X_509_ATTR_CERT is new for v2.10 */ 393 /* CKC_WTLS is new for v2.20 */ 394 #define CKC_X_509 0x00000000 395 #define CKC_X_509_ATTR_CERT 0x00000001 396 #define CKC_WTLS 0x00000002 397 #define CKC_VENDOR_DEFINED 0x80000000 398 399 /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute 400 * type */ 401 /* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for 402 * v2.0 */ 403 typedef CK_ULONG CK_ATTRIBUTE_TYPE; 404 405 /* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which 406 consists of an array of values. */ 407 #define CKF_ARRAY_ATTRIBUTE 0x40000000 408 409 /* The following attribute types are defined: */ 410 #define CKA_CLASS 0x00000000 411 #define CKA_TOKEN 0x00000001 412 #define CKA_PRIVATE 0x00000002 413 #define CKA_LABEL 0x00000003 414 #define CKA_APPLICATION 0x00000010 415 #define CKA_VALUE 0x00000011 416 417 /* CKA_OBJECT_ID is new for v2.10 */ 418 #define CKA_OBJECT_ID 0x00000012 419 420 #define CKA_CERTIFICATE_TYPE 0x00000080 421 #define CKA_ISSUER 0x00000081 422 #define CKA_SERIAL_NUMBER 0x00000082 423 424 /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new 425 * for v2.10 */ 426 #define CKA_AC_ISSUER 0x00000083 427 #define CKA_OWNER 0x00000084 428 #define CKA_ATTR_TYPES 0x00000085 429 430 /* CKA_TRUSTED is new for v2.11 */ 431 #define CKA_TRUSTED 0x00000086 432 433 /* CKA_CERTIFICATE_CATEGORY ... 434 * CKA_CHECK_VALUE are new for v2.20 */ 435 #define CKA_CERTIFICATE_CATEGORY 0x00000087 436 #define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 437 #define CKA_URL 0x00000089 438 #define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A 439 #define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B 440 #define CKA_CHECK_VALUE 0x00000090 441 442 #define CKA_KEY_TYPE 0x00000100 443 #define CKA_SUBJECT 0x00000101 444 #define CKA_ID 0x00000102 445 #define CKA_SENSITIVE 0x00000103 446 #define CKA_ENCRYPT 0x00000104 447 #define CKA_DECRYPT 0x00000105 448 #define CKA_WRAP 0x00000106 449 #define CKA_UNWRAP 0x00000107 450 #define CKA_SIGN 0x00000108 451 #define CKA_SIGN_RECOVER 0x00000109 452 #define CKA_VERIFY 0x0000010A 453 #define CKA_VERIFY_RECOVER 0x0000010B 454 #define CKA_DERIVE 0x0000010C 455 #define CKA_START_DATE 0x00000110 456 #define CKA_END_DATE 0x00000111 457 #define CKA_MODULUS 0x00000120 458 #define CKA_MODULUS_BITS 0x00000121 459 #define CKA_PUBLIC_EXPONENT 0x00000122 460 #define CKA_PRIVATE_EXPONENT 0x00000123 461 #define CKA_PRIME_1 0x00000124 462 #define CKA_PRIME_2 0x00000125 463 #define CKA_EXPONENT_1 0x00000126 464 #define CKA_EXPONENT_2 0x00000127 465 #define CKA_COEFFICIENT 0x00000128 466 /* CKA_PUBLIC_KEY_INFO is new for v2.40 */ 467 #define CKA_PUBLIC_KEY_INFO 0x00000129 468 #define CKA_PRIME 0x00000130 469 #define CKA_SUBPRIME 0x00000131 470 #define CKA_BASE 0x00000132 471 472 /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ 473 #define CKA_PRIME_BITS 0x00000133 474 #define CKA_SUBPRIME_BITS 0x00000134 475 #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS 476 /* (To retain backwards-compatibility) */ 477 478 #define CKA_VALUE_BITS 0x00000160 479 #define CKA_VALUE_LEN 0x00000161 480 481 /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, 482 * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, 483 * and CKA_EC_POINT are new for v2.0 */ 484 #define CKA_EXTRACTABLE 0x00000162 485 #define CKA_LOCAL 0x00000163 486 #define CKA_NEVER_EXTRACTABLE 0x00000164 487 #define CKA_ALWAYS_SENSITIVE 0x00000165 488 489 /* CKA_KEY_GEN_MECHANISM is new for v2.11 */ 490 #define CKA_KEY_GEN_MECHANISM 0x00000166 491 492 #define CKA_MODIFIABLE 0x00000170 493 494 /* CKA_ECDSA_PARAMS is deprecated in v2.11, 495 * CKA_EC_PARAMS is preferred. */ 496 #define CKA_ECDSA_PARAMS 0x00000180 497 #define CKA_EC_PARAMS 0x00000180 498 499 #define CKA_EC_POINT 0x00000181 500 501 /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, 502 * are new for v2.10. Deprecated in v2.11 and onwards. */ 503 #define CKA_SECONDARY_AUTH 0x00000200 504 #define CKA_AUTH_PIN_FLAGS 0x00000201 505 506 /* CKA_ALWAYS_AUTHENTICATE ... 507 * CKA_UNWRAP_TEMPLATE are new for v2.20 */ 508 #define CKA_ALWAYS_AUTHENTICATE 0x00000202 509 510 #define CKA_WRAP_WITH_TRUSTED 0x00000210 511 #define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211) 512 #define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212) 513 514 /* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET 515 * are new for v2.10 */ 516 #define CKA_HW_FEATURE_TYPE 0x00000300 517 #define CKA_RESET_ON_INIT 0x00000301 518 #define CKA_HAS_RESET 0x00000302 519 520 /* The following attributes are new for v2.20 */ 521 #define CKA_PIXEL_X 0x00000400 522 #define CKA_PIXEL_Y 0x00000401 523 #define CKA_RESOLUTION 0x00000402 524 #define CKA_CHAR_ROWS 0x00000403 525 #define CKA_CHAR_COLUMNS 0x00000404 526 #define CKA_COLOR 0x00000405 527 #define CKA_BITS_PER_PIXEL 0x00000406 528 #define CKA_CHAR_SETS 0x00000480 529 #define CKA_ENCODING_METHODS 0x00000481 530 #define CKA_MIME_TYPES 0x00000482 531 #define CKA_MECHANISM_TYPE 0x00000500 532 #define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 533 #define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 534 #define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 535 #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600) 536 537 #define CKA_VENDOR_DEFINED 0x80000000 538 539 /* CK_ATTRIBUTE is a structure that includes the type, length 540 * and value of an attribute */ 541 typedef struct CK_ATTRIBUTE { 542 CK_ATTRIBUTE_TYPE type; 543 CK_VOID_PTR pValue; 544 545 /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ 546 CK_ULONG ulValueLen; /* in bytes */ 547 } CK_ATTRIBUTE; 548 549 typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; 550 551 /* CK_DATE is a structure that defines a date */ 552 typedef struct CK_DATE { 553 CK_CHAR year[4]; /* the year ("1900" - "9999") */ 554 CK_CHAR month[2]; /* the month ("01" - "12") */ 555 CK_CHAR day[2]; /* the day ("01" - "31") */ 556 } CK_DATE; 557 558 /* CK_MECHANISM_TYPE is a value that identifies a mechanism 559 * type */ 560 /* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for 561 * v2.0 */ 562 typedef CK_ULONG CK_MECHANISM_TYPE; 563 564 /* the following mechanism types are defined: */ 565 #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 566 #define CKM_RSA_PKCS 0x00000001 567 #define CKM_RSA_9796 0x00000002 568 #define CKM_RSA_X_509 0x00000003 569 570 /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS 571 * are new for v2.0. They are mechanisms which hash and sign */ 572 #define CKM_MD2_RSA_PKCS 0x00000004 573 #define CKM_MD5_RSA_PKCS 0x00000005 574 #define CKM_SHA1_RSA_PKCS 0x00000006 575 576 /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and 577 * CKM_RSA_PKCS_OAEP are new for v2.10 */ 578 #define CKM_RIPEMD128_RSA_PKCS 0x00000007 579 #define CKM_RIPEMD160_RSA_PKCS 0x00000008 580 #define CKM_RSA_PKCS_OAEP 0x00000009 581 582 /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, 583 * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ 584 #define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A 585 #define CKM_RSA_X9_31 0x0000000B 586 #define CKM_SHA1_RSA_X9_31 0x0000000C 587 #define CKM_RSA_PKCS_PSS 0x0000000D 588 #define CKM_SHA1_RSA_PKCS_PSS 0x0000000E 589 590 #define CKM_DSA_KEY_PAIR_GEN 0x00000010 591 #define CKM_DSA 0x00000011 592 #define CKM_DSA_SHA1 0x00000012 593 #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 594 #define CKM_DH_PKCS_DERIVE 0x00000021 595 596 /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, 597 * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for 598 * v2.11 */ 599 #define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 600 #define CKM_X9_42_DH_DERIVE 0x00000031 601 #define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 602 #define CKM_X9_42_MQV_DERIVE 0x00000033 603 604 /* CKM_SHA256/384/512 are new for v2.20 */ 605 #define CKM_SHA256_RSA_PKCS 0x00000040 606 #define CKM_SHA384_RSA_PKCS 0x00000041 607 #define CKM_SHA512_RSA_PKCS 0x00000042 608 #define CKM_SHA256_RSA_PKCS_PSS 0x00000043 609 #define CKM_SHA384_RSA_PKCS_PSS 0x00000044 610 #define CKM_SHA512_RSA_PKCS_PSS 0x00000045 611 612 /* CKM_SHA224 new for v2.20 amendment 3 */ 613 #define CKM_SHA224_RSA_PKCS 0x00000046 614 #define CKM_SHA224_RSA_PKCS_PSS 0x00000047 615 616 #define CKM_RC2_KEY_GEN 0x00000100 617 #define CKM_RC2_ECB 0x00000101 618 #define CKM_RC2_CBC 0x00000102 619 #define CKM_RC2_MAC 0x00000103 620 621 /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ 622 #define CKM_RC2_MAC_GENERAL 0x00000104 623 #define CKM_RC2_CBC_PAD 0x00000105 624 625 #define CKM_RC4_KEY_GEN 0x00000110 626 #define CKM_RC4 0x00000111 627 #define CKM_DES_KEY_GEN 0x00000120 628 #define CKM_DES_ECB 0x00000121 629 #define CKM_DES_CBC 0x00000122 630 #define CKM_DES_MAC 0x00000123 631 632 /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ 633 #define CKM_DES_MAC_GENERAL 0x00000124 634 #define CKM_DES_CBC_PAD 0x00000125 635 636 #define CKM_DES2_KEY_GEN 0x00000130 637 #define CKM_DES3_KEY_GEN 0x00000131 638 #define CKM_DES3_ECB 0x00000132 639 #define CKM_DES3_CBC 0x00000133 640 #define CKM_DES3_MAC 0x00000134 641 642 /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, 643 * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, 644 * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ 645 #define CKM_DES3_MAC_GENERAL 0x00000135 646 #define CKM_DES3_CBC_PAD 0x00000136 647 #define CKM_CDMF_KEY_GEN 0x00000140 648 #define CKM_CDMF_ECB 0x00000141 649 #define CKM_CDMF_CBC 0x00000142 650 #define CKM_CDMF_MAC 0x00000143 651 #define CKM_CDMF_MAC_GENERAL 0x00000144 652 #define CKM_CDMF_CBC_PAD 0x00000145 653 654 /* the following four DES mechanisms are new for v2.20 */ 655 #define CKM_DES_OFB64 0x00000150 656 #define CKM_DES_OFB8 0x00000151 657 #define CKM_DES_CFB64 0x00000152 658 #define CKM_DES_CFB8 0x00000153 659 660 #define CKM_MD2 0x00000200 661 662 /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ 663 #define CKM_MD2_HMAC 0x00000201 664 #define CKM_MD2_HMAC_GENERAL 0x00000202 665 666 #define CKM_MD5 0x00000210 667 668 /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ 669 #define CKM_MD5_HMAC 0x00000211 670 #define CKM_MD5_HMAC_GENERAL 0x00000212 671 672 #define CKM_SHA_1 0x00000220 673 674 /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ 675 #define CKM_SHA_1_HMAC 0x00000221 676 #define CKM_SHA_1_HMAC_GENERAL 0x00000222 677 678 /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, 679 * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, 680 * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ 681 #define CKM_RIPEMD128 0x00000230 682 #define CKM_RIPEMD128_HMAC 0x00000231 683 #define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 684 #define CKM_RIPEMD160 0x00000240 685 #define CKM_RIPEMD160_HMAC 0x00000241 686 #define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 687 688 /* CKM_SHA256/384/512 are new for v2.20 */ 689 #define CKM_SHA256 0x00000250 690 #define CKM_SHA256_HMAC 0x00000251 691 #define CKM_SHA256_HMAC_GENERAL 0x00000252 692 #define CKM_SHA384 0x00000260 693 #define CKM_SHA384_HMAC 0x00000261 694 #define CKM_SHA384_HMAC_GENERAL 0x00000262 695 #define CKM_SHA512 0x00000270 696 #define CKM_SHA512_HMAC 0x00000271 697 #define CKM_SHA512_HMAC_GENERAL 0x00000272 698 699 /* CKM_SHA224 new for v2.20 amendment 3 */ 700 #define CKM_SHA224 0x00000255 701 #define CKM_SHA224_HMAC 0x00000256 702 #define CKM_SHA224_HMAC_GENERAL 0x00000257 703 704 /* All of the following mechanisms are new for v2.0 */ 705 /* Note that CAST128 and CAST5 are the same algorithm */ 706 #define CKM_CAST_KEY_GEN 0x00000300 707 #define CKM_CAST_ECB 0x00000301 708 #define CKM_CAST_CBC 0x00000302 709 #define CKM_CAST_MAC 0x00000303 710 #define CKM_CAST_MAC_GENERAL 0x00000304 711 #define CKM_CAST_CBC_PAD 0x00000305 712 #define CKM_CAST3_KEY_GEN 0x00000310 713 #define CKM_CAST3_ECB 0x00000311 714 #define CKM_CAST3_CBC 0x00000312 715 #define CKM_CAST3_MAC 0x00000313 716 #define CKM_CAST3_MAC_GENERAL 0x00000314 717 #define CKM_CAST3_CBC_PAD 0x00000315 718 #define CKM_CAST5_KEY_GEN 0x00000320 719 #define CKM_CAST128_KEY_GEN 0x00000320 720 #define CKM_CAST5_ECB 0x00000321 721 #define CKM_CAST128_ECB 0x00000321 722 #define CKM_CAST5_CBC 0x00000322 723 #define CKM_CAST128_CBC 0x00000322 724 #define CKM_CAST5_MAC 0x00000323 725 #define CKM_CAST128_MAC 0x00000323 726 #define CKM_CAST5_MAC_GENERAL 0x00000324 727 #define CKM_CAST128_MAC_GENERAL 0x00000324 728 #define CKM_CAST5_CBC_PAD 0x00000325 729 #define CKM_CAST128_CBC_PAD 0x00000325 730 #define CKM_RC5_KEY_GEN 0x00000330 731 #define CKM_RC5_ECB 0x00000331 732 #define CKM_RC5_CBC 0x00000332 733 #define CKM_RC5_MAC 0x00000333 734 #define CKM_RC5_MAC_GENERAL 0x00000334 735 #define CKM_RC5_CBC_PAD 0x00000335 736 #define CKM_IDEA_KEY_GEN 0x00000340 737 #define CKM_IDEA_ECB 0x00000341 738 #define CKM_IDEA_CBC 0x00000342 739 #define CKM_IDEA_MAC 0x00000343 740 #define CKM_IDEA_MAC_GENERAL 0x00000344 741 #define CKM_IDEA_CBC_PAD 0x00000345 742 #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 743 #define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 744 #define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 745 #define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 746 #define CKM_XOR_BASE_AND_DATA 0x00000364 747 #define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 748 #define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 749 #define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 750 #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 751 752 /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, 753 * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and 754 * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ 755 #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 756 #define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 757 #define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 758 #define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 759 #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 760 761 /* CKM_TLS_PRF is new for v2.20 */ 762 #define CKM_TLS_PRF 0x00000378 763 764 #define CKM_SSL3_MD5_MAC 0x00000380 765 #define CKM_SSL3_SHA1_MAC 0x00000381 766 #define CKM_MD5_KEY_DERIVATION 0x00000390 767 #define CKM_MD2_KEY_DERIVATION 0x00000391 768 #define CKM_SHA1_KEY_DERIVATION 0x00000392 769 770 /* CKM_SHA256/384/512 are new for v2.20 */ 771 #define CKM_SHA256_KEY_DERIVATION 0x00000393 772 #define CKM_SHA384_KEY_DERIVATION 0x00000394 773 #define CKM_SHA512_KEY_DERIVATION 0x00000395 774 775 /* CKM_SHA224 new for v2.20 amendment 3 */ 776 #define CKM_SHA224_KEY_DERIVATION 0x00000396 777 778 #define CKM_PBE_MD2_DES_CBC 0x000003A0 779 #define CKM_PBE_MD5_DES_CBC 0x000003A1 780 #define CKM_PBE_MD5_CAST_CBC 0x000003A2 781 #define CKM_PBE_MD5_CAST3_CBC 0x000003A3 782 #define CKM_PBE_MD5_CAST5_CBC 0x000003A4 783 #define CKM_PBE_MD5_CAST128_CBC 0x000003A4 784 #define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 785 #define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 786 #define CKM_PBE_SHA1_RC4_128 0x000003A6 787 #define CKM_PBE_SHA1_RC4_40 0x000003A7 788 #define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 789 #define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 790 #define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA 791 #define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB 792 793 /* CKM_PKCS5_PBKD2 is new for v2.10 */ 794 #define CKM_PKCS5_PBKD2 0x000003B0 795 796 #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 797 798 /* WTLS mechanisms are new for v2.20 */ 799 #define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 800 #define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 801 #define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 802 #define CKM_WTLS_PRF 0x000003D3 803 #define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 804 #define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 805 806 /* TLS 1.2 mechanisms are new for v2.40 */ 807 #define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0 808 #define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1 809 #define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2 810 #define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3 811 #define CKM_TLS12_MAC 0x000003E4 812 #define CKM_TLS_MAC 0x000003E4 813 #define CKM_TLS_KDF 0x000003E5 814 815 #define CKM_KEY_WRAP_LYNKS 0x00000400 816 #define CKM_KEY_WRAP_SET_OAEP 0x00000401 817 818 /* CKM_CMS_SIG is new for v2.20 */ 819 #define CKM_CMS_SIG 0x00000500 820 821 /* Fortezza mechanisms */ 822 #define CKM_SKIPJACK_KEY_GEN 0x00001000 823 #define CKM_SKIPJACK_ECB64 0x00001001 824 #define CKM_SKIPJACK_CBC64 0x00001002 825 #define CKM_SKIPJACK_OFB64 0x00001003 826 #define CKM_SKIPJACK_CFB64 0x00001004 827 #define CKM_SKIPJACK_CFB32 0x00001005 828 #define CKM_SKIPJACK_CFB16 0x00001006 829 #define CKM_SKIPJACK_CFB8 0x00001007 830 #define CKM_SKIPJACK_WRAP 0x00001008 831 #define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 832 #define CKM_SKIPJACK_RELAYX 0x0000100a 833 #define CKM_KEA_KEY_PAIR_GEN 0x00001010 834 #define CKM_KEA_KEY_DERIVE 0x00001011 835 #define CKM_FORTEZZA_TIMESTAMP 0x00001020 836 #define CKM_BATON_KEY_GEN 0x00001030 837 #define CKM_BATON_ECB128 0x00001031 838 #define CKM_BATON_ECB96 0x00001032 839 #define CKM_BATON_CBC128 0x00001033 840 #define CKM_BATON_COUNTER 0x00001034 841 #define CKM_BATON_SHUFFLE 0x00001035 842 #define CKM_BATON_WRAP 0x00001036 843 844 /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, 845 * CKM_EC_KEY_PAIR_GEN is preferred */ 846 #define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 847 #define CKM_EC_KEY_PAIR_GEN 0x00001040 848 849 #define CKM_ECDSA 0x00001041 850 #define CKM_ECDSA_SHA1 0x00001042 851 852 /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE 853 * are new for v2.11 */ 854 #define CKM_ECDH1_DERIVE 0x00001050 855 #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 856 #define CKM_ECMQV_DERIVE 0x00001052 857 858 #define CKM_JUNIPER_KEY_GEN 0x00001060 859 #define CKM_JUNIPER_ECB128 0x00001061 860 #define CKM_JUNIPER_CBC128 0x00001062 861 #define CKM_JUNIPER_COUNTER 0x00001063 862 #define CKM_JUNIPER_SHUFFLE 0x00001064 863 #define CKM_JUNIPER_WRAP 0x00001065 864 #define CKM_FASTHASH 0x00001070 865 866 /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, 867 * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, 868 * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are 869 * new for v2.11 */ 870 #define CKM_AES_KEY_GEN 0x00001080 871 #define CKM_AES_ECB 0x00001081 872 #define CKM_AES_CBC 0x00001082 873 #define CKM_AES_MAC 0x00001083 874 #define CKM_AES_MAC_GENERAL 0x00001084 875 #define CKM_AES_CBC_PAD 0x00001085 876 /* new for v2.20 amendment 3 */ 877 #define CKM_AES_CTR 0x00001086 878 /* new for v2.30 */ 879 #define CKM_AES_GCM 0x00001087 880 #define CKM_AES_CCM 0x00001088 881 #define CKM_AES_CTS 0x00001089 882 #define CKM_AES_XCBC_MAC 0x0000108C 883 #define CKM_AES_XCBC_MAC_96 0x0000108D 884 885 /* BlowFish and TwoFish are new for v2.20 */ 886 #define CKM_BLOWFISH_KEY_GEN 0x00001090 887 #define CKM_BLOWFISH_CBC 0x00001091 888 #define CKM_TWOFISH_KEY_GEN 0x00001092 889 #define CKM_TWOFISH_CBC 0x00001093 890 891 /* Camellia is proposed for v2.20 Amendment 3 */ 892 #define CKM_CAMELLIA_KEY_GEN 0x00000550 893 #define CKM_CAMELLIA_ECB 0x00000551 894 #define CKM_CAMELLIA_CBC 0x00000552 895 #define CKM_CAMELLIA_MAC 0x00000553 896 #define CKM_CAMELLIA_MAC_GENERAL 0x00000554 897 #define CKM_CAMELLIA_CBC_PAD 0x00000555 898 #define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 899 #define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 900 901 #define CKM_SEED_KEY_GEN 0x00000650 902 #define CKM_SEED_ECB 0x00000651 903 #define CKM_SEED_CBC 0x00000652 904 #define CKM_SEED_MAC 0x00000653 905 #define CKM_SEED_MAC_GENERAL 0x00000654 906 #define CKM_SEED_CBC_PAD 0x00000655 907 #define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656 908 #define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657 909 910 /* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ 911 #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 912 #define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 913 #define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 914 #define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 915 #define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 916 #define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 917 918 #define CKM_DSA_PARAMETER_GEN 0x00002000 919 #define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 920 #define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 921 922 #define CKM_VENDOR_DEFINED 0x80000000 923 924 typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; 925 926 /* CK_MECHANISM is a structure that specifies a particular 927 * mechanism */ 928 typedef struct CK_MECHANISM { 929 CK_MECHANISM_TYPE mechanism; 930 CK_VOID_PTR pParameter; 931 932 /* ulParameterLen was changed from CK_USHORT to CK_ULONG for 933 * v2.0 */ 934 CK_ULONG ulParameterLen; /* in bytes */ 935 } CK_MECHANISM; 936 937 typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; 938 939 /* CK_MECHANISM_INFO provides information about a particular 940 * mechanism */ 941 typedef struct CK_MECHANISM_INFO { 942 CK_ULONG ulMinKeySize; 943 CK_ULONG ulMaxKeySize; 944 CK_FLAGS flags; 945 } CK_MECHANISM_INFO; 946 947 /* The flags are defined as follows: 948 * Bit Flag Mask Meaning */ 949 #define CKF_HW 0x00000001 /* performed by HW */ 950 951 /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, 952 * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, 953 * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, 954 * and CKF_DERIVE are new for v2.0. They specify whether or not 955 * a mechanism can be used for a particular task */ 956 #define CKF_ENCRYPT 0x00000100 957 #define CKF_DECRYPT 0x00000200 958 #define CKF_DIGEST 0x00000400 959 #define CKF_SIGN 0x00000800 960 #define CKF_SIGN_RECOVER 0x00001000 961 #define CKF_VERIFY 0x00002000 962 #define CKF_VERIFY_RECOVER 0x00004000 963 #define CKF_GENERATE 0x00008000 964 #define CKF_GENERATE_KEY_PAIR 0x00010000 965 #define CKF_WRAP 0x00020000 966 #define CKF_UNWRAP 0x00040000 967 #define CKF_DERIVE 0x00080000 968 969 /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, 970 * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They 971 * describe a token's EC capabilities not available in mechanism 972 * information. */ 973 #define CKF_EC_F_P 0x00100000 974 #define CKF_EC_F_2M 0x00200000 975 #define CKF_EC_ECPARAMETERS 0x00400000 976 #define CKF_EC_NAMEDCURVE 0x00800000 977 #define CKF_EC_UNCOMPRESS 0x01000000 978 #define CKF_EC_COMPRESS 0x02000000 979 980 #define CKF_EXTENSION 0x80000000 /* FALSE for this version */ 981 982 typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; 983 984 /* CK_RV is a value that identifies the return value of a 985 * PKCS #11 function */ 986 /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ 987 typedef CK_ULONG CK_RV; 988 989 #define CKR_OK 0x00000000 990 #define CKR_CANCEL 0x00000001 991 #define CKR_HOST_MEMORY 0x00000002 992 #define CKR_SLOT_ID_INVALID 0x00000003 993 994 /* CKR_FLAGS_INVALID was removed for v2.0 */ 995 996 /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ 997 #define CKR_GENERAL_ERROR 0x00000005 998 #define CKR_FUNCTION_FAILED 0x00000006 999 1000 /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, 1001 * and CKR_CANT_LOCK are new for v2.01 */ 1002 #define CKR_ARGUMENTS_BAD 0x00000007 1003 #define CKR_NO_EVENT 0x00000008 1004 #define CKR_NEED_TO_CREATE_THREADS 0x00000009 1005 #define CKR_CANT_LOCK 0x0000000A 1006 1007 #define CKR_ATTRIBUTE_READ_ONLY 0x00000010 1008 #define CKR_ATTRIBUTE_SENSITIVE 0x00000011 1009 #define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 1010 #define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 1011 #define CKR_DATA_INVALID 0x00000020 1012 #define CKR_DATA_LEN_RANGE 0x00000021 1013 #define CKR_DEVICE_ERROR 0x00000030 1014 #define CKR_DEVICE_MEMORY 0x00000031 1015 #define CKR_DEVICE_REMOVED 0x00000032 1016 #define CKR_ENCRYPTED_DATA_INVALID 0x00000040 1017 #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 1018 #define CKR_FUNCTION_CANCELED 0x00000050 1019 #define CKR_FUNCTION_NOT_PARALLEL 0x00000051 1020 1021 /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ 1022 #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 1023 1024 #define CKR_KEY_HANDLE_INVALID 0x00000060 1025 1026 /* CKR_KEY_SENSITIVE was removed for v2.0 */ 1027 1028 #define CKR_KEY_SIZE_RANGE 0x00000062 1029 #define CKR_KEY_TYPE_INCONSISTENT 0x00000063 1030 1031 /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, 1032 * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, 1033 * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for 1034 * v2.0 */ 1035 #define CKR_KEY_NOT_NEEDED 0x00000064 1036 #define CKR_KEY_CHANGED 0x00000065 1037 #define CKR_KEY_NEEDED 0x00000066 1038 #define CKR_KEY_INDIGESTIBLE 0x00000067 1039 #define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 1040 #define CKR_KEY_NOT_WRAPPABLE 0x00000069 1041 #define CKR_KEY_UNEXTRACTABLE 0x0000006A 1042 1043 #define CKR_MECHANISM_INVALID 0x00000070 1044 #define CKR_MECHANISM_PARAM_INVALID 0x00000071 1045 1046 /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID 1047 * were removed for v2.0 */ 1048 #define CKR_OBJECT_HANDLE_INVALID 0x00000082 1049 #define CKR_OPERATION_ACTIVE 0x00000090 1050 #define CKR_OPERATION_NOT_INITIALIZED 0x00000091 1051 #define CKR_PIN_INCORRECT 0x000000A0 1052 #define CKR_PIN_INVALID 0x000000A1 1053 #define CKR_PIN_LEN_RANGE 0x000000A2 1054 1055 /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ 1056 #define CKR_PIN_EXPIRED 0x000000A3 1057 #define CKR_PIN_LOCKED 0x000000A4 1058 1059 #define CKR_SESSION_CLOSED 0x000000B0 1060 #define CKR_SESSION_COUNT 0x000000B1 1061 #define CKR_SESSION_HANDLE_INVALID 0x000000B3 1062 #define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 1063 #define CKR_SESSION_READ_ONLY 0x000000B5 1064 #define CKR_SESSION_EXISTS 0x000000B6 1065 1066 /* CKR_SESSION_READ_ONLY_EXISTS and 1067 * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ 1068 #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 1069 #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 1070 1071 #define CKR_SIGNATURE_INVALID 0x000000C0 1072 #define CKR_SIGNATURE_LEN_RANGE 0x000000C1 1073 #define CKR_TEMPLATE_INCOMPLETE 0x000000D0 1074 #define CKR_TEMPLATE_INCONSISTENT 0x000000D1 1075 #define CKR_TOKEN_NOT_PRESENT 0x000000E0 1076 #define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 1077 #define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 1078 #define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 1079 #define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 1080 #define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 1081 #define CKR_USER_ALREADY_LOGGED_IN 0x00000100 1082 #define CKR_USER_NOT_LOGGED_IN 0x00000101 1083 #define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 1084 #define CKR_USER_TYPE_INVALID 0x00000103 1085 1086 /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES 1087 * are new to v2.01 */ 1088 #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 1089 #define CKR_USER_TOO_MANY_TYPES 0x00000105 1090 1091 #define CKR_WRAPPED_KEY_INVALID 0x00000110 1092 #define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 1093 #define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 1094 #define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 1095 #define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 1096 #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 1097 1098 /* These are new to v2.0 */ 1099 #define CKR_RANDOM_NO_RNG 0x00000121 1100 1101 /* These are new to v2.11 */ 1102 #define CKR_DOMAIN_PARAMS_INVALID 0x00000130 1103 1104 /* These are new to v2.0 */ 1105 #define CKR_BUFFER_TOO_SMALL 0x00000150 1106 #define CKR_SAVED_STATE_INVALID 0x00000160 1107 #define CKR_INFORMATION_SENSITIVE 0x00000170 1108 #define CKR_STATE_UNSAVEABLE 0x00000180 1109 1110 /* These are new to v2.01 */ 1111 #define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 1112 #define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 1113 #define CKR_MUTEX_BAD 0x000001A0 1114 #define CKR_MUTEX_NOT_LOCKED 0x000001A1 1115 1116 /* This is new to v2.20 */ 1117 #define CKR_FUNCTION_REJECTED 0x00000200 1118 1119 #define CKR_VENDOR_DEFINED 0x80000000 1120 1121 /* CK_NOTIFY is an application callback that processes events */ 1122 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( 1123 CK_SESSION_HANDLE hSession, /* the session's handle */ 1124 CK_NOTIFICATION event, 1125 CK_VOID_PTR pApplication /* passed to C_OpenSession */ 1126 ); 1127 1128 /* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec 1129 * version and pointers of appropriate types to all the 1130 * PKCS #11 functions */ 1131 /* CK_FUNCTION_LIST is new for v2.0 */ 1132 typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; 1133 1134 typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; 1135 1136 typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; 1137 1138 /* CK_CREATEMUTEX is an application callback for creating a 1139 * mutex object */ 1140 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( 1141 CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ 1142 ); 1143 1144 /* CK_DESTROYMUTEX is an application callback for destroying a 1145 * mutex object */ 1146 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( 1147 CK_VOID_PTR pMutex /* pointer to mutex */ 1148 ); 1149 1150 /* CK_LOCKMUTEX is an application callback for locking a mutex */ 1151 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( 1152 CK_VOID_PTR pMutex /* pointer to mutex */ 1153 ); 1154 1155 /* CK_UNLOCKMUTEX is an application callback for unlocking a 1156 * mutex */ 1157 typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( 1158 CK_VOID_PTR pMutex /* pointer to mutex */ 1159 ); 1160 1161 /* CK_C_INITIALIZE_ARGS provides the optional arguments to 1162 * C_Initialize */ 1163 typedef struct CK_C_INITIALIZE_ARGS { 1164 CK_CREATEMUTEX CreateMutex; 1165 CK_DESTROYMUTEX DestroyMutex; 1166 CK_LOCKMUTEX LockMutex; 1167 CK_UNLOCKMUTEX UnlockMutex; 1168 CK_FLAGS flags; 1169 /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but 1170 * a reserved field. NSS needs a way to pass instance-specific information 1171 * to the library (like where to find its config files, etc). This 1172 * information is usually provided by the installer and passed uninterpreted 1173 * by NSS to the library, though NSS does know the specifics of the softoken 1174 * version of this parameter. Most compliant PKCS#11 modules expect this 1175 * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from 1176 * C_Initialize if Library parameters is supplied. */ 1177 CK_CHAR_PTR *LibraryParameters; 1178 /* This field is only present if the LibraryParameters is not NULL. It must 1179 * be NULL in all cases */ 1180 CK_VOID_PTR pReserved; 1181 } CK_C_INITIALIZE_ARGS; 1182 1183 /* flags: bit flags that provide capabilities of the slot 1184 * Bit Flag Mask Meaning 1185 */ 1186 #define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 1187 #define CKF_OS_LOCKING_OK 0x00000002 1188 1189 typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; 1190 1191 /* additional flags for parameters to functions */ 1192 1193 /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ 1194 #define CKF_DONT_BLOCK 1 1195 1196 /* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. 1197 * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message 1198 * Generation Function (MGF) applied to a message block when 1199 * formatting a message block for the PKCS #1 OAEP encryption 1200 * scheme. */ 1201 typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; 1202 1203 typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; 1204 1205 /* The following MGFs are defined */ 1206 /* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 1207 * are new for v2.20 */ 1208 #define CKG_MGF1_SHA1 0x00000001 1209 #define CKG_MGF1_SHA256 0x00000002 1210 #define CKG_MGF1_SHA384 0x00000003 1211 #define CKG_MGF1_SHA512 0x00000004 1212 1213 /* v2.20 amendment 3 */ 1214 #define CKG_MGF1_SHA224 0x00000005 1215 1216 /* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. 1217 * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source 1218 * of the encoding parameter when formatting a message block 1219 * for the PKCS #1 OAEP encryption scheme. */ 1220 typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; 1221 1222 typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; 1223 1224 /* The following encoding parameter sources are defined */ 1225 #define CKZ_DATA_SPECIFIED 0x00000001 1226 1227 /* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. 1228 * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the 1229 * CKM_RSA_PKCS_OAEP mechanism. */ 1230 typedef struct CK_RSA_PKCS_OAEP_PARAMS { 1231 CK_MECHANISM_TYPE hashAlg; 1232 CK_RSA_PKCS_MGF_TYPE mgf; 1233 CK_RSA_PKCS_OAEP_SOURCE_TYPE source; 1234 CK_VOID_PTR pSourceData; 1235 CK_ULONG ulSourceDataLen; 1236 } CK_RSA_PKCS_OAEP_PARAMS; 1237 1238 typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; 1239 1240 /* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. 1241 * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the 1242 * CKM_RSA_PKCS_PSS mechanism(s). */ 1243 typedef struct CK_RSA_PKCS_PSS_PARAMS { 1244 CK_MECHANISM_TYPE hashAlg; 1245 CK_RSA_PKCS_MGF_TYPE mgf; 1246 CK_ULONG sLen; 1247 } CK_RSA_PKCS_PSS_PARAMS; 1248 1249 typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; 1250 1251 /* CK_EC_KDF_TYPE is new for v2.11. */ 1252 typedef CK_ULONG CK_EC_KDF_TYPE; 1253 1254 /* The following EC Key Derivation Functions are defined */ 1255 #define CKD_NULL 0x00000001 1256 #define CKD_SHA1_KDF 0x00000002 1257 #define CKD_SHA224_KDF 0x00000005 1258 #define CKD_SHA256_KDF 0x00000006 1259 #define CKD_SHA384_KDF 0x00000007 1260 #define CKD_SHA512_KDF 0x00000008 1261 1262 /* CK_ECDH1_DERIVE_PARAMS is new for v2.11. 1263 * CK_ECDH1_DERIVE_PARAMS provides the parameters to the 1264 * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, 1265 * where each party contributes one key pair. 1266 */ 1267 typedef struct CK_ECDH1_DERIVE_PARAMS { 1268 CK_EC_KDF_TYPE kdf; 1269 CK_ULONG ulSharedDataLen; 1270 CK_BYTE_PTR pSharedData; 1271 CK_ULONG ulPublicDataLen; 1272 CK_BYTE_PTR pPublicData; 1273 } CK_ECDH1_DERIVE_PARAMS; 1274 1275 typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; 1276 1277 /* CK_ECDH2_DERIVE_PARAMS is new for v2.11. 1278 * CK_ECDH2_DERIVE_PARAMS provides the parameters to the 1279 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ 1280 typedef struct CK_ECDH2_DERIVE_PARAMS { 1281 CK_EC_KDF_TYPE kdf; 1282 CK_ULONG ulSharedDataLen; 1283 CK_BYTE_PTR pSharedData; 1284 CK_ULONG ulPublicDataLen; 1285 CK_BYTE_PTR pPublicData; 1286 CK_ULONG ulPrivateDataLen; 1287 CK_OBJECT_HANDLE hPrivateData; 1288 CK_ULONG ulPublicDataLen2; 1289 CK_BYTE_PTR pPublicData2; 1290 } CK_ECDH2_DERIVE_PARAMS; 1291 1292 typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; 1293 1294 typedef struct CK_ECMQV_DERIVE_PARAMS { 1295 CK_EC_KDF_TYPE kdf; 1296 CK_ULONG ulSharedDataLen; 1297 CK_BYTE_PTR pSharedData; 1298 CK_ULONG ulPublicDataLen; 1299 CK_BYTE_PTR pPublicData; 1300 CK_ULONG ulPrivateDataLen; 1301 CK_OBJECT_HANDLE hPrivateData; 1302 CK_ULONG ulPublicDataLen2; 1303 CK_BYTE_PTR pPublicData2; 1304 CK_OBJECT_HANDLE publicKey; 1305 } CK_ECMQV_DERIVE_PARAMS; 1306 1307 typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; 1308 1309 /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the 1310 * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ 1311 typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; 1312 typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; 1313 1314 /* The following X9.42 DH key derivation functions are defined 1315 (besides CKD_NULL already defined : */ 1316 #define CKD_SHA1_KDF_ASN1 0x00000003 1317 #define CKD_SHA1_KDF_CONCATENATE 0x00000004 1318 1319 /* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. 1320 * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the 1321 * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party 1322 * contributes one key pair */ 1323 typedef struct CK_X9_42_DH1_DERIVE_PARAMS { 1324 CK_X9_42_DH_KDF_TYPE kdf; 1325 CK_ULONG ulOtherInfoLen; 1326 CK_BYTE_PTR pOtherInfo; 1327 CK_ULONG ulPublicDataLen; 1328 CK_BYTE_PTR pPublicData; 1329 } CK_X9_42_DH1_DERIVE_PARAMS; 1330 1331 typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; 1332 1333 /* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. 1334 * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the 1335 * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation 1336 * mechanisms, where each party contributes two key pairs */ 1337 typedef struct CK_X9_42_DH2_DERIVE_PARAMS { 1338 CK_X9_42_DH_KDF_TYPE kdf; 1339 CK_ULONG ulOtherInfoLen; 1340 CK_BYTE_PTR pOtherInfo; 1341 CK_ULONG ulPublicDataLen; 1342 CK_BYTE_PTR pPublicData; 1343 CK_ULONG ulPrivateDataLen; 1344 CK_OBJECT_HANDLE hPrivateData; 1345 CK_ULONG ulPublicDataLen2; 1346 CK_BYTE_PTR pPublicData2; 1347 } CK_X9_42_DH2_DERIVE_PARAMS; 1348 1349 typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; 1350 1351 typedef struct CK_X9_42_MQV_DERIVE_PARAMS { 1352 CK_X9_42_DH_KDF_TYPE kdf; 1353 CK_ULONG ulOtherInfoLen; 1354 CK_BYTE_PTR pOtherInfo; 1355 CK_ULONG ulPublicDataLen; 1356 CK_BYTE_PTR pPublicData; 1357 CK_ULONG ulPrivateDataLen; 1358 CK_OBJECT_HANDLE hPrivateData; 1359 CK_ULONG ulPublicDataLen2; 1360 CK_BYTE_PTR pPublicData2; 1361 CK_OBJECT_HANDLE publicKey; 1362 } CK_X9_42_MQV_DERIVE_PARAMS; 1363 1364 typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; 1365 1366 /* CK_KEA_DERIVE_PARAMS provides the parameters to the 1367 * CKM_KEA_DERIVE mechanism */ 1368 /* CK_KEA_DERIVE_PARAMS is new for v2.0 */ 1369 typedef struct CK_KEA_DERIVE_PARAMS { 1370 CK_BBOOL isSender; 1371 CK_ULONG ulRandomLen; 1372 CK_BYTE_PTR pRandomA; 1373 CK_BYTE_PTR pRandomB; 1374 CK_ULONG ulPublicDataLen; 1375 CK_BYTE_PTR pPublicData; 1376 } CK_KEA_DERIVE_PARAMS; 1377 1378 typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; 1379 1380 /* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and 1381 * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just 1382 * holds the effective keysize */ 1383 typedef CK_ULONG CK_RC2_PARAMS; 1384 1385 typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; 1386 1387 /* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC 1388 * mechanism */ 1389 typedef struct CK_RC2_CBC_PARAMS { 1390 /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for 1391 * v2.0 */ 1392 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ 1393 1394 CK_BYTE iv[8]; /* IV for CBC mode */ 1395 } CK_RC2_CBC_PARAMS; 1396 1397 typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; 1398 1399 /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the 1400 * CKM_RC2_MAC_GENERAL mechanism */ 1401 /* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ 1402 typedef struct CK_RC2_MAC_GENERAL_PARAMS { 1403 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ 1404 CK_ULONG ulMacLength; /* Length of MAC in bytes */ 1405 } CK_RC2_MAC_GENERAL_PARAMS; 1406 1407 typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR 1408 CK_RC2_MAC_GENERAL_PARAMS_PTR; 1409 1410 /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and 1411 * CKM_RC5_MAC mechanisms */ 1412 /* CK_RC5_PARAMS is new for v2.0 */ 1413 typedef struct CK_RC5_PARAMS { 1414 CK_ULONG ulWordsize; /* wordsize in bits */ 1415 CK_ULONG ulRounds; /* number of rounds */ 1416 } CK_RC5_PARAMS; 1417 1418 typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; 1419 1420 /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC 1421 * mechanism */ 1422 /* CK_RC5_CBC_PARAMS is new for v2.0 */ 1423 typedef struct CK_RC5_CBC_PARAMS { 1424 CK_ULONG ulWordsize; /* wordsize in bits */ 1425 CK_ULONG ulRounds; /* number of rounds */ 1426 CK_BYTE_PTR pIv; /* pointer to IV */ 1427 CK_ULONG ulIvLen; /* length of IV in bytes */ 1428 } CK_RC5_CBC_PARAMS; 1429 1430 typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; 1431 1432 /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the 1433 * CKM_RC5_MAC_GENERAL mechanism */ 1434 /* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ 1435 typedef struct CK_RC5_MAC_GENERAL_PARAMS { 1436 CK_ULONG ulWordsize; /* wordsize in bits */ 1437 CK_ULONG ulRounds; /* number of rounds */ 1438 CK_ULONG ulMacLength; /* Length of MAC in bytes */ 1439 } CK_RC5_MAC_GENERAL_PARAMS; 1440 1441 typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR 1442 CK_RC5_MAC_GENERAL_PARAMS_PTR; 1443 1444 /* CK_MAC_GENERAL_PARAMS provides the parameters to most block 1445 * ciphers' MAC_GENERAL mechanisms. Its value is the length of 1446 * the MAC */ 1447 /* CK_MAC_GENERAL_PARAMS is new for v2.0 */ 1448 typedef CK_ULONG CK_MAC_GENERAL_PARAMS; 1449 1450 typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; 1451 1452 /* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ 1453 typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { 1454 CK_BYTE iv[8]; 1455 CK_BYTE_PTR pData; 1456 CK_ULONG length; 1457 } CK_DES_CBC_ENCRYPT_DATA_PARAMS; 1458 1459 typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; 1460 1461 typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { 1462 CK_BYTE iv[16]; 1463 CK_BYTE_PTR pData; 1464 CK_ULONG length; 1465 } CK_AES_CBC_ENCRYPT_DATA_PARAMS; 1466 1467 typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; 1468 1469 /* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ 1470 typedef struct CK_AES_CTR_PARAMS { 1471 CK_ULONG ulCounterBits; 1472 CK_BYTE cb[16]; 1473 } CK_AES_CTR_PARAMS; 1474 1475 typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; 1476 1477 /* CK_GCM_PARAMS is new for version 2.30 */ 1478 typedef struct CK_GCM_PARAMS { 1479 CK_BYTE_PTR pIv; 1480 CK_ULONG ulIvLen; 1481 CK_BYTE_PTR pAAD; 1482 CK_ULONG ulAADLen; 1483 CK_ULONG ulTagBits; 1484 } CK_GCM_PARAMS; 1485 1486 typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; 1487 1488 /* CK_CCM_PARAMS is new for version 2.30 */ 1489 typedef struct CK_CCM_PARAMS { 1490 CK_ULONG ulDataLen; 1491 CK_BYTE_PTR pNonce; 1492 CK_ULONG ulNonceLen; 1493 CK_BYTE_PTR pAAD; 1494 CK_ULONG ulAADLen; 1495 CK_ULONG ulMACLen; 1496 } CK_CCM_PARAMS; 1497 1498 typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; 1499 1500 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the 1501 * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ 1502 /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ 1503 typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { 1504 CK_ULONG ulPasswordLen; 1505 CK_BYTE_PTR pPassword; 1506 CK_ULONG ulPublicDataLen; 1507 CK_BYTE_PTR pPublicData; 1508 CK_ULONG ulPAndGLen; 1509 CK_ULONG ulQLen; 1510 CK_ULONG ulRandomLen; 1511 CK_BYTE_PTR pRandomA; 1512 CK_BYTE_PTR pPrimeP; 1513 CK_BYTE_PTR pBaseG; 1514 CK_BYTE_PTR pSubprimeQ; 1515 } CK_SKIPJACK_PRIVATE_WRAP_PARAMS; 1516 1517 typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR 1518 CK_SKIPJACK_PRIVATE_WRAP_PTR; 1519 1520 /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the 1521 * CKM_SKIPJACK_RELAYX mechanism */ 1522 /* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ 1523 typedef struct CK_SKIPJACK_RELAYX_PARAMS { 1524 CK_ULONG ulOldWrappedXLen; 1525 CK_BYTE_PTR pOldWrappedX; 1526 CK_ULONG ulOldPasswordLen; 1527 CK_BYTE_PTR pOldPassword; 1528 CK_ULONG ulOldPublicDataLen; 1529 CK_BYTE_PTR pOldPublicData; 1530 CK_ULONG ulOldRandomLen; 1531 CK_BYTE_PTR pOldRandomA; 1532 CK_ULONG ulNewPasswordLen; 1533 CK_BYTE_PTR pNewPassword; 1534 CK_ULONG ulNewPublicDataLen; 1535 CK_BYTE_PTR pNewPublicData; 1536 CK_ULONG ulNewRandomLen; 1537 CK_BYTE_PTR pNewRandomA; 1538 } CK_SKIPJACK_RELAYX_PARAMS; 1539 1540 typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR 1541 CK_SKIPJACK_RELAYX_PARAMS_PTR; 1542 1543 typedef struct CK_PBE_PARAMS { 1544 CK_BYTE_PTR pInitVector; 1545 CK_UTF8CHAR_PTR pPassword; 1546 CK_ULONG ulPasswordLen; 1547 CK_BYTE_PTR pSalt; 1548 CK_ULONG ulSaltLen; 1549 CK_ULONG ulIteration; 1550 } CK_PBE_PARAMS; 1551 1552 typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; 1553 1554 /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the 1555 * CKM_KEY_WRAP_SET_OAEP mechanism */ 1556 /* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ 1557 typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { 1558 CK_BYTE bBC; /* block contents byte */ 1559 CK_BYTE_PTR pX; /* extra data */ 1560 CK_ULONG ulXLen; /* length of extra data in bytes */ 1561 } CK_KEY_WRAP_SET_OAEP_PARAMS; 1562 1563 typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR 1564 CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; 1565 1566 typedef struct CK_SSL3_RANDOM_DATA { 1567 CK_BYTE_PTR pClientRandom; 1568 CK_ULONG ulClientRandomLen; 1569 CK_BYTE_PTR pServerRandom; 1570 CK_ULONG ulServerRandomLen; 1571 } CK_SSL3_RANDOM_DATA; 1572 1573 typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { 1574 CK_SSL3_RANDOM_DATA RandomInfo; 1575 CK_VERSION_PTR pVersion; 1576 } CK_SSL3_MASTER_KEY_DERIVE_PARAMS; 1577 1578 typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR 1579 CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; 1580 1581 typedef struct CK_SSL3_KEY_MAT_OUT { 1582 CK_OBJECT_HANDLE hClientMacSecret; 1583 CK_OBJECT_HANDLE hServerMacSecret; 1584 CK_OBJECT_HANDLE hClientKey; 1585 CK_OBJECT_HANDLE hServerKey; 1586 CK_BYTE_PTR pIVClient; 1587 CK_BYTE_PTR pIVServer; 1588 } CK_SSL3_KEY_MAT_OUT; 1589 1590 typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; 1591 1592 typedef struct CK_SSL3_KEY_MAT_PARAMS { 1593 CK_ULONG ulMacSizeInBits; 1594 CK_ULONG ulKeySizeInBits; 1595 CK_ULONG ulIVSizeInBits; 1596 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ 1597 CK_SSL3_RANDOM_DATA RandomInfo; 1598 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; 1599 } CK_SSL3_KEY_MAT_PARAMS; 1600 1601 typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; 1602 1603 /* CK_TLS_PRF_PARAMS is new for version 2.20 */ 1604 typedef struct CK_TLS_PRF_PARAMS { 1605 CK_BYTE_PTR pSeed; 1606 CK_ULONG ulSeedLen; 1607 CK_BYTE_PTR pLabel; 1608 CK_ULONG ulLabelLen; 1609 CK_BYTE_PTR pOutput; 1610 CK_ULONG_PTR pulOutputLen; 1611 } CK_TLS_PRF_PARAMS; 1612 1613 typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; 1614 1615 /* TLS 1.2 is new for version 2.40 */ 1616 typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { 1617 CK_SSL3_RANDOM_DATA RandomInfo; 1618 CK_VERSION_PTR pVersion; 1619 CK_MECHANISM_TYPE prfHashMechanism; 1620 } CK_TLS12_MASTER_KEY_DERIVE_PARAMS; 1621 1622 typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR 1623 CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; 1624 1625 typedef struct CK_TLS12_KEY_MAT_PARAMS { 1626 CK_ULONG ulMacSizeInBits; 1627 CK_ULONG ulKeySizeInBits; 1628 CK_ULONG ulIVSizeInBits; 1629 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ 1630 CK_SSL3_RANDOM_DATA RandomInfo; 1631 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; 1632 CK_MECHANISM_TYPE prfHashMechanism; 1633 } CK_TLS12_KEY_MAT_PARAMS; 1634 1635 typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; 1636 1637 typedef struct CK_TLS_KDF_PARAMS { 1638 CK_MECHANISM_TYPE prfMechanism; 1639 CK_BYTE_PTR pLabel; 1640 CK_ULONG ulLabelLength; 1641 CK_SSL3_RANDOM_DATA RandomInfo; 1642 CK_BYTE_PTR pContextData; 1643 CK_ULONG ulContextDataLength; 1644 } CK_TLS_KDF_PARAMS; 1645 1646 typedef struct CK_TLS_MAC_PARAMS { 1647 CK_MECHANISM_TYPE prfMechanism; 1648 CK_ULONG ulMacLength; 1649 CK_ULONG ulServerOrClient; 1650 } CK_TLS_MAC_PARAMS; 1651 1652 typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; 1653 1654 /* WTLS is new for version 2.20 */ 1655 typedef struct CK_WTLS_RANDOM_DATA { 1656 CK_BYTE_PTR pClientRandom; 1657 CK_ULONG ulClientRandomLen; 1658 CK_BYTE_PTR pServerRandom; 1659 CK_ULONG ulServerRandomLen; 1660 } CK_WTLS_RANDOM_DATA; 1661 1662 typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; 1663 1664 typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { 1665 CK_MECHANISM_TYPE DigestMechanism; 1666 CK_WTLS_RANDOM_DATA RandomInfo; 1667 CK_BYTE_PTR pVersion; 1668 } CK_WTLS_MASTER_KEY_DERIVE_PARAMS; 1669 1670 typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR 1671 CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; 1672 1673 typedef struct CK_WTLS_PRF_PARAMS { 1674 CK_MECHANISM_TYPE DigestMechanism; 1675 CK_BYTE_PTR pSeed; 1676 CK_ULONG ulSeedLen; 1677 CK_BYTE_PTR pLabel; 1678 CK_ULONG ulLabelLen; 1679 CK_BYTE_PTR pOutput; 1680 CK_ULONG_PTR pulOutputLen; 1681 } CK_WTLS_PRF_PARAMS; 1682 1683 typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; 1684 1685 typedef struct CK_WTLS_KEY_MAT_OUT { 1686 CK_OBJECT_HANDLE hMacSecret; 1687 CK_OBJECT_HANDLE hKey; 1688 CK_BYTE_PTR pIV; 1689 } CK_WTLS_KEY_MAT_OUT; 1690 1691 typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; 1692 1693 typedef struct CK_WTLS_KEY_MAT_PARAMS { 1694 CK_MECHANISM_TYPE DigestMechanism; 1695 CK_ULONG ulMacSizeInBits; 1696 CK_ULONG ulKeySizeInBits; 1697 CK_ULONG ulIVSizeInBits; 1698 CK_ULONG ulSequenceNumber; 1699 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */ 1700 CK_WTLS_RANDOM_DATA RandomInfo; 1701 CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; 1702 } CK_WTLS_KEY_MAT_PARAMS; 1703 1704 typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; 1705 1706 /* CMS is new for version 2.20 */ 1707 typedef struct CK_CMS_SIG_PARAMS { 1708 CK_OBJECT_HANDLE certificateHandle; 1709 CK_MECHANISM_PTR pSigningMechanism; 1710 CK_MECHANISM_PTR pDigestMechanism; 1711 CK_UTF8CHAR_PTR pContentType; 1712 CK_BYTE_PTR pRequestedAttributes; 1713 CK_ULONG ulRequestedAttributesLen; 1714 CK_BYTE_PTR pRequiredAttributes; 1715 CK_ULONG ulRequiredAttributesLen; 1716 } CK_CMS_SIG_PARAMS; 1717 1718 typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; 1719 1720 typedef struct CK_KEY_DERIVATION_STRING_DATA { 1721 CK_BYTE_PTR pData; 1722 CK_ULONG ulLen; 1723 } CK_KEY_DERIVATION_STRING_DATA; 1724 1725 typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR 1726 CK_KEY_DERIVATION_STRING_DATA_PTR; 1727 1728 /* The CK_EXTRACT_PARAMS is used for the 1729 * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit 1730 * of the base key should be used as the first bit of the 1731 * derived key */ 1732 /* CK_EXTRACT_PARAMS is new for v2.0 */ 1733 typedef CK_ULONG CK_EXTRACT_PARAMS; 1734 1735 typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; 1736 1737 /* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. 1738 * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to 1739 * indicate the Pseudo-Random Function (PRF) used to generate 1740 * key bits using PKCS #5 PBKDF2. */ 1741 typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; 1742 1743 typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; 1744 1745 /* The following PRFs are defined in PKCS #5 v2.1. */ 1746 #define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 1747 #define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002 1748 #define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003 1749 #define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004 1750 #define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005 1751 #define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006 1752 #define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007 1753 #define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008 1754 1755 /* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. 1756 * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the 1757 * source of the salt value when deriving a key using PKCS #5 1758 * PBKDF2. */ 1759 typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; 1760 1761 typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; 1762 1763 /* The following salt value sources are defined in PKCS #5 v2.0. */ 1764 #define CKZ_SALT_SPECIFIED 0x00000001 1765 1766 /* CK_PKCS5_PBKD2_PARAMS is new for v2.10. 1767 * CK_PKCS5_PBKD2_PARAMS is a structure that provides the 1768 * parameters to the CKM_PKCS5_PBKD2 mechanism. */ 1769 typedef struct CK_PKCS5_PBKD2_PARAMS { 1770 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; 1771 CK_VOID_PTR pSaltSourceData; 1772 CK_ULONG ulSaltSourceDataLen; 1773 CK_ULONG iterations; 1774 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; 1775 CK_VOID_PTR pPrfData; 1776 CK_ULONG ulPrfDataLen; 1777 CK_UTF8CHAR_PTR pPassword; 1778 CK_ULONG_PTR ulPasswordLen; 1779 } CK_PKCS5_PBKD2_PARAMS; 1780 1781 typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; 1782 1783 /* NSS Specific defines */ 1784 1785 /* defines that have been deprecated in 2.20, but maintained in our 1786 * header file for backward compatibility */ 1787 #define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS 1788 #define CKF_EC_FP CKF_EC_F_P 1789 /* new in v2.11 deprecated by 2.20 */ 1790 #define CKR_KEY_PARAMS_INVALID 0x0000006B 1791 1792 /* stuff that for historic reasons is in this header file but should have 1793 * been in pkcs11n.h */ 1794 #define CKK_INVALID_KEY_TYPE 0xffffffff 1795 1796 /* undo packing */ 1797 #include "pkcs11u.h" 1798 1799 #endif