1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/* License to copy and use this software is granted provided that it is
5 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
6 * (Cryptoki)" in all material mentioning or referencing this software.
7
8 * License is also granted to make and use derivative works provided that
9 * such works are identified as "derived from the RSA Security Inc. PKCS #11
10 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
11 * referencing the derived work.
12
13 * RSA Security Inc. makes no representations concerning either the
14 * merchantability of this software or the suitability of this software for
15 * any particular purpose. It is provided "as is" without express or implied
16 * warranty of any kind.
17 */
18
19#ifndef _PKCS11T_H_
20#define _PKCS11T_H_ 1
21
22#define CK_TRUE 1
23#define CK_FALSE 0
24
25#include "prtypes.h"
26
27#define CK_PTR *
28#define CK_NULL_PTR 0
29#define CK_CALLBACK_FUNCTION(rtype, func) rtype(PR_CALLBACK *func)
30#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func
31#define CK_DECLARE_FUNCTION_POINTER(rtype, func) rtype(PR_CALLBACK *func)
32
33#define CK_INVALID_SESSION 0
34
35/* an unsigned 8-bit value */
36typedef unsigned char CK_BYTE;
37
38/* an unsigned 8-bit character */
39typedef CK_BYTE CK_CHAR;
40
41/* an 8-bit UTF-8 character */
42typedef CK_BYTE CK_UTF8CHAR;
43
44/* a BYTE-sized Boolean flag */
45typedef CK_BYTE CK_BBOOL;
46
47/* an unsigned value, at least 32 bits long */
48typedef unsigned long int CK_ULONG;
49
50/* a signed value, the same size as a CK_ULONG */
51/* CK_LONG is new for v2.0 */
52typedef long int CK_LONG;
53
54/* at least 32 bits; each bit is a Boolean flag */
55typedef CK_ULONG CK_FLAGS;
56
57/* some special values for certain CK_ULONG variables */
58#define CK_UNAVAILABLE_INFORMATION (~0UL)
59#define CK_EFFECTIVELY_INFINITE 0
60
61typedef CK_BYTE CK_PTR CK_BYTE_PTR;
62typedef CK_CHAR CK_PTR CK_CHAR_PTR;
63typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
64typedef CK_ULONG CK_PTR CK_ULONG_PTR;
65typedef void CK_PTR CK_VOID_PTR;
66
67/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
68typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
69
70/* The following value is always invalid if used as a session */
71/* handle or object handle */
72#define CK_INVALID_HANDLE 0
73
74/* pack */
75#include "pkcs11p.h"
76
77typedef struct CK_VERSION {
78 CK_BYTE major; /* integer portion of version number */
79 CK_BYTE minor; /* 1/100ths portion of version number */
80} CK_VERSION;
81
82typedef CK_VERSION CK_PTR CK_VERSION_PTR;
83
84typedef struct CK_INFO {
85 /* manufacturerID and libraryDecription have been changed from
86 * CK_CHAR to CK_UTF8CHAR for v2.10 */
87 CK_VERSION cryptokiVersion; /* PKCS #11 interface ver */
88 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
89 CK_FLAGS flags; /* must be zero */
90
91 /* libraryDescription and libraryVersion are new for v2.0 */
92 CK_UTF8CHAR libraryDescription[32]; /* blank padded */
93 CK_VERSION libraryVersion; /* version of library */
94} CK_INFO;
95
96typedef CK_INFO CK_PTR CK_INFO_PTR;
97
98/* CK_NOTIFICATION enumerates the types of notifications that
99 * PKCS #11 provides to an application */
100/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
101 * for v2.0 */
102typedef CK_ULONG CK_NOTIFICATION;
103#define CKN_SURRENDER 0
104
105typedef CK_ULONG CK_SLOT_ID;
106
107typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
108
109/* CK_SLOT_INFO provides information about a slot */
110typedef struct CK_SLOT_INFO {
111 /* slotDescription and manufacturerID have been changed from
112 * CK_CHAR to CK_UTF8CHAR for v2.10 */
113 CK_UTF8CHAR slotDescription[64]; /* blank padded */
114 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
115 CK_FLAGS flags;
116
117 /* hardwareVersion and firmwareVersion are new for v2.0 */
118 CK_VERSION hardwareVersion; /* version of hardware */
119 CK_VERSION firmwareVersion; /* version of firmware */
120} CK_SLOT_INFO;
121
122/* flags: bit flags that provide capabilities of the slot
123 * Bit Flag Mask Meaning
124 */
125#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */
126#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/
127#define CKF_HW_SLOT 0x00000004 /* hardware slot */
128
129typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
130
131/* CK_TOKEN_INFO provides information about a token */
132typedef struct CK_TOKEN_INFO {
133 /* label, manufacturerID, and model have been changed from
134 * CK_CHAR to CK_UTF8CHAR for v2.10 */
135 CK_UTF8CHAR label[32]; /* blank padded */
136 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
137 CK_UTF8CHAR model[16]; /* blank padded */
138 CK_CHAR serialNumber[16]; /* blank padded */
139 CK_FLAGS flags; /* see below */
140
141 /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
142 * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
143 * changed from CK_USHORT to CK_ULONG for v2.0 */
144 CK_ULONG ulMaxSessionCount; /* max open sessions */
145 CK_ULONG ulSessionCount; /* sess. now open */
146 CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
147 CK_ULONG ulRwSessionCount; /* R/W sess. now open */
148 CK_ULONG ulMaxPinLen; /* in bytes */
149 CK_ULONG ulMinPinLen; /* in bytes */
150 CK_ULONG ulTotalPublicMemory; /* in bytes */
151 CK_ULONG ulFreePublicMemory; /* in bytes */
152 CK_ULONG ulTotalPrivateMemory; /* in bytes */
153 CK_ULONG ulFreePrivateMemory; /* in bytes */
154
155 /* hardwareVersion, firmwareVersion, and time are new for
156 * v2.0 */
157 CK_VERSION hardwareVersion; /* version of hardware */
158 CK_VERSION firmwareVersion; /* version of firmware */
159 CK_CHAR utcTime[16]; /* time */
160} CK_TOKEN_INFO;
161
162/* The flags parameter is defined as follows:
163 * Bit Flag Mask Meaning
164 */
165#define CKF_RNG 0x00000001 /* has random # \
166 * generator */
167#define CKF_WRITE_PROTECTED 0x00000002 /* token is \
168 * write- \
169 * protected */
170#define CKF_LOGIN_REQUIRED 0x00000004 /* user must \
171 * login */
172#define CKF_USER_PIN_INITIALIZED 0x00000008 /* normal user's \
173 * PIN is set */
174
175/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
176 * that means that *every* time the state of cryptographic
177 * operations of a session is successfully saved, all keys
178 * needed to continue those operations are stored in the state */
179#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020
180
181/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
182 * that the token has some sort of clock. The time on that
183 * clock is returned in the token info structure */
184#define CKF_CLOCK_ON_TOKEN 0x00000040
185
186/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
187 * set, that means that there is some way for the user to login
188 * without sending a PIN through the PKCS #11 library itself */
189#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100
190
191/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
192 * that means that a single session with the token can perform
193 * dual simultaneous cryptographic operations (digest and
194 * encrypt; decrypt and digest; sign and encrypt; and decrypt
195 * and sign) */
196#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200
197
198/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
199 * token has been initialized using C_InitializeToken or an
200 * equivalent mechanism outside the scope of PKCS #11.
201 * Calling C_InitializeToken when this flag is set will cause
202 * the token to be reinitialized. */
203#define CKF_TOKEN_INITIALIZED 0x00000400
204
205/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
206 * true, the token supports secondary authentication for
207 * private key objects. This flag is deprecated in v2.11 and
208 onwards. */
209#define CKF_SECONDARY_AUTHENTICATION 0x00000800
210
211/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
212 * incorrect user login PIN has been entered at least once
213 * since the last successful authentication. */
214#define CKF_USER_PIN_COUNT_LOW 0x00010000
215
216/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
217 * supplying an incorrect user PIN will it to become locked. */
218#define CKF_USER_PIN_FINAL_TRY 0x00020000
219
220/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
221 * user PIN has been locked. User login to the token is not
222 * possible. */
223#define CKF_USER_PIN_LOCKED 0x00040000
224
225/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
226 * the user PIN value is the default value set by token
227 * initialization or manufacturing, or the PIN has been
228 * expired by the card. */
229#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000
230
231/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
232 * incorrect SO login PIN has been entered at least once since
233 * the last successful authentication. */
234#define CKF_SO_PIN_COUNT_LOW 0x00100000
235
236/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
237 * supplying an incorrect SO PIN will it to become locked. */
238#define CKF_SO_PIN_FINAL_TRY 0x00200000
239
240/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
241 * PIN has been locked. SO login to the token is not possible.
242 */
243#define CKF_SO_PIN_LOCKED 0x00400000
244
245/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
246 * the SO PIN value is the default value set by token
247 * initialization or manufacturing, or the PIN has been
248 * expired by the card. */
249#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000
250
251typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
252
253/* CK_SESSION_HANDLE is a PKCS #11-assigned value that
254 * identifies a session */
255typedef CK_ULONG CK_SESSION_HANDLE;
256
257typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
258
259/* CK_USER_TYPE enumerates the types of PKCS #11 users */
260/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
261 * v2.0 */
262typedef CK_ULONG CK_USER_TYPE;
263/* Security Officer */
264#define CKU_SO 0
265/* Normal user */
266#define CKU_USER 1
267/* Context specific (added in v2.20) */
268#define CKU_CONTEXT_SPECIFIC 2
269
270/* CK_STATE enumerates the session states */
271/* CK_STATE has been changed from an enum to a CK_ULONG for
272 * v2.0 */
273typedef CK_ULONG CK_STATE;
274#define CKS_RO_PUBLIC_SESSION 0
275#define CKS_RO_USER_FUNCTIONS 1
276#define CKS_RW_PUBLIC_SESSION 2
277#define CKS_RW_USER_FUNCTIONS 3
278#define CKS_RW_SO_FUNCTIONS 4
279
280/* CK_SESSION_INFO provides information about a session */
281typedef struct CK_SESSION_INFO {
282 CK_SLOT_ID slotID;
283 CK_STATE state;
284 CK_FLAGS flags; /* see below */
285
286 /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
287 * v2.0 */
288 CK_ULONG ulDeviceError; /* device-dependent error code */
289} CK_SESSION_INFO;
290
291/* The flags are defined in the following table:
292 * Bit Flag Mask Meaning
293 */
294#define CKF_RW_SESSION 0x00000002 /* session is r/w */
295#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */
296
297typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
298
299/* CK_OBJECT_HANDLE is a token-specific identifier for an
300 * object */
301typedef CK_ULONG CK_OBJECT_HANDLE;
302
303typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
304
305/* CK_OBJECT_CLASS is a value that identifies the classes (or
306 * types) of objects that PKCS #11 recognizes. It is defined
307 * as follows: */
308/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
309 * v2.0 */
310typedef CK_ULONG CK_OBJECT_CLASS;
311
312/* The following classes of objects are defined: */
313/* CKO_HW_FEATURE is new for v2.10 */
314/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
315/* CKO_MECHANISM is new for v2.20 */
316#define CKO_DATA 0x00000000
317#define CKO_CERTIFICATE 0x00000001
318#define CKO_PUBLIC_KEY 0x00000002
319#define CKO_PRIVATE_KEY 0x00000003
320#define CKO_SECRET_KEY 0x00000004
321#define CKO_HW_FEATURE 0x00000005
322#define CKO_DOMAIN_PARAMETERS 0x00000006
323#define CKO_MECHANISM 0x00000007
324#define CKO_VENDOR_DEFINED 0x80000000
325
326typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
327
328/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
329 * value that identifies the hardware feature type of an object
330 * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
331typedef CK_ULONG CK_HW_FEATURE_TYPE;
332
333/* The following hardware feature types are defined */
334/* CKH_USER_INTERFACE is new for v2.20 */
335#define CKH_MONOTONIC_COUNTER 0x00000001
336#define CKH_CLOCK 0x00000002
337#define CKH_USER_INTERFACE 0x00000003
338#define CKH_VENDOR_DEFINED 0x80000000
339
340/* CK_KEY_TYPE is a value that identifies a key type */
341/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
342typedef CK_ULONG CK_KEY_TYPE;
343
344/* the following key types are defined: */
345#define CKK_RSA 0x00000000
346#define CKK_DSA 0x00000001
347#define CKK_DH 0x00000002
348
349/* CKK_ECDSA and CKK_KEA are new for v2.0 */
350/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
351#define CKK_ECDSA 0x00000003
352#define CKK_EC 0x00000003
353#define CKK_X9_42_DH 0x00000004
354#define CKK_KEA 0x00000005
355
356#define CKK_GENERIC_SECRET 0x00000010
357#define CKK_RC2 0x00000011
358#define CKK_RC4 0x00000012
359#define CKK_DES 0x00000013
360#define CKK_DES2 0x00000014
361#define CKK_DES3 0x00000015
362
363/* all these key types are new for v2.0 */
364#define CKK_CAST 0x00000016
365#define CKK_CAST3 0x00000017
366/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
367#define CKK_CAST5 0x00000018
368#define CKK_CAST128 0x00000018
369#define CKK_RC5 0x00000019
370#define CKK_IDEA 0x0000001A
371#define CKK_SKIPJACK 0x0000001B
372#define CKK_BATON 0x0000001C
373#define CKK_JUNIPER 0x0000001D
374#define CKK_CDMF 0x0000001E
375#define CKK_AES 0x0000001F
376
377/* BlowFish and TwoFish are new for v2.20 */
378#define CKK_BLOWFISH 0x00000020
379#define CKK_TWOFISH 0x00000021
380
381/* Camellia is proposed for v2.20 Amendment 3 */
382#define CKK_CAMELLIA 0x00000025
383
384#define CKK_SEED 0x00000026
385
386#define CKK_VENDOR_DEFINED 0x80000000
387
388/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
389 * type */
390/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
391 * for v2.0 */
392typedef CK_ULONG CK_CERTIFICATE_TYPE;
393
394/* The following certificate types are defined: */
395/* CKC_X_509_ATTR_CERT is new for v2.10 */
396/* CKC_WTLS is new for v2.20 */
397#define CKC_X_509 0x00000000
398#define CKC_X_509_ATTR_CERT 0x00000001
399#define CKC_WTLS 0x00000002
400#define CKC_VENDOR_DEFINED 0x80000000
401
402/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
403 * type */
404/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
405 * v2.0 */
406typedef CK_ULONG CK_ATTRIBUTE_TYPE;
407
408/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
409 consists of an array of values. */
410#define CKF_ARRAY_ATTRIBUTE 0x40000000
411
412/* The following attribute types are defined: */
413#define CKA_CLASS 0x00000000
414#define CKA_TOKEN 0x00000001
415#define CKA_PRIVATE 0x00000002
416#define CKA_LABEL 0x00000003
417#define CKA_APPLICATION 0x00000010
418#define CKA_VALUE 0x00000011
419
420/* CKA_OBJECT_ID is new for v2.10 */
421#define CKA_OBJECT_ID 0x00000012
422
423#define CKA_CERTIFICATE_TYPE 0x00000080
424#define CKA_ISSUER 0x00000081
425#define CKA_SERIAL_NUMBER 0x00000082
426
427/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
428 * for v2.10 */
429#define CKA_AC_ISSUER 0x00000083
430#define CKA_OWNER 0x00000084
431#define CKA_ATTR_TYPES 0x00000085
432
433/* CKA_TRUSTED is new for v2.11 */
434#define CKA_TRUSTED 0x00000086
435
436/* CKA_CERTIFICATE_CATEGORY ...
437 * CKA_CHECK_VALUE are new for v2.20 */
438#define CKA_CERTIFICATE_CATEGORY 0x00000087
439#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088
440#define CKA_URL 0x00000089
441#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A
442#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B
443#define CKA_CHECK_VALUE 0x00000090
444
445#define CKA_KEY_TYPE 0x00000100
446#define CKA_SUBJECT 0x00000101
447#define CKA_ID 0x00000102
448#define CKA_SENSITIVE 0x00000103
449#define CKA_ENCRYPT 0x00000104
450#define CKA_DECRYPT 0x00000105
451#define CKA_WRAP 0x00000106
452#define CKA_UNWRAP 0x00000107
453#define CKA_SIGN 0x00000108
454#define CKA_SIGN_RECOVER 0x00000109
455#define CKA_VERIFY 0x0000010A
456#define CKA_VERIFY_RECOVER 0x0000010B
457#define CKA_DERIVE 0x0000010C
458#define CKA_START_DATE 0x00000110
459#define CKA_END_DATE 0x00000111
460#define CKA_MODULUS 0x00000120
461#define CKA_MODULUS_BITS 0x00000121
462#define CKA_PUBLIC_EXPONENT 0x00000122
463#define CKA_PRIVATE_EXPONENT 0x00000123
464#define CKA_PRIME_1 0x00000124
465#define CKA_PRIME_2 0x00000125
466#define CKA_EXPONENT_1 0x00000126
467#define CKA_EXPONENT_2 0x00000127
468#define CKA_COEFFICIENT 0x00000128
469/* CKA_PUBLIC_KEY_INFO is new for v2.40 */
470#define CKA_PUBLIC_KEY_INFO 0x00000129
471#define CKA_PRIME 0x00000130
472#define CKA_SUBPRIME 0x00000131
473#define CKA_BASE 0x00000132
474
475/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
476#define CKA_PRIME_BITS 0x00000133
477#define CKA_SUBPRIME_BITS 0x00000134
478#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
479/* (To retain backwards-compatibility) */
480
481#define CKA_VALUE_BITS 0x00000160
482#define CKA_VALUE_LEN 0x00000161
483
484/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
485 * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
486 * and CKA_EC_POINT are new for v2.0 */
487#define CKA_EXTRACTABLE 0x00000162
488#define CKA_LOCAL 0x00000163
489#define CKA_NEVER_EXTRACTABLE 0x00000164
490#define CKA_ALWAYS_SENSITIVE 0x00000165
491
492/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
493#define CKA_KEY_GEN_MECHANISM 0x00000166
494
495#define CKA_MODIFIABLE 0x00000170
496
497/* CKA_ECDSA_PARAMS is deprecated in v2.11,
498 * CKA_EC_PARAMS is preferred. */
499#define CKA_ECDSA_PARAMS 0x00000180
500#define CKA_EC_PARAMS 0x00000180
501
502#define CKA_EC_POINT 0x00000181
503
504/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
505 * are new for v2.10. Deprecated in v2.11 and onwards. */
506#define CKA_SECONDARY_AUTH 0x00000200
507#define CKA_AUTH_PIN_FLAGS 0x00000201
508
509/* CKA_ALWAYS_AUTHENTICATE ...
510 * CKA_UNWRAP_TEMPLATE are new for v2.20 */
511#define CKA_ALWAYS_AUTHENTICATE 0x00000202
512
513#define CKA_WRAP_WITH_TRUSTED 0x00000210
514#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211)
515#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212)
516
517/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
518 * are new for v2.10 */
519#define CKA_HW_FEATURE_TYPE 0x00000300
520#define CKA_RESET_ON_INIT 0x00000301
521#define CKA_HAS_RESET 0x00000302
522
523/* The following attributes are new for v2.20 */
524#define CKA_PIXEL_X 0x00000400
525#define CKA_PIXEL_Y 0x00000401
526#define CKA_RESOLUTION 0x00000402
527#define CKA_CHAR_ROWS 0x00000403
528#define CKA_CHAR_COLUMNS 0x00000404
529#define CKA_COLOR 0x00000405
530#define CKA_BITS_PER_PIXEL 0x00000406
531#define CKA_CHAR_SETS 0x00000480
532#define CKA_ENCODING_METHODS 0x00000481
533#define CKA_MIME_TYPES 0x00000482
534#define CKA_MECHANISM_TYPE 0x00000500
535#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501
536#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502
537#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503
538#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600)
539
540#define CKA_VENDOR_DEFINED 0x80000000
541
542/* CK_ATTRIBUTE is a structure that includes the type, length
543 * and value of an attribute */
544typedef struct CK_ATTRIBUTE {
545 CK_ATTRIBUTE_TYPE type;
546 CK_VOID_PTR pValue;
547
548 /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
549 CK_ULONG ulValueLen; /* in bytes */
550} CK_ATTRIBUTE;
551
552typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
553
554/* CK_DATE is a structure that defines a date */
555typedef struct CK_DATE {
556 CK_CHAR year[4]; /* the year ("1900" - "9999") */
557 CK_CHAR month[2]; /* the month ("01" - "12") */
558 CK_CHAR day[2]; /* the day ("01" - "31") */
559} CK_DATE;
560
561/* CK_MECHANISM_TYPE is a value that identifies a mechanism
562 * type */
563/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
564 * v2.0 */
565typedef CK_ULONG CK_MECHANISM_TYPE;
566
567/* the following mechanism types are defined: */
568#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000
569#define CKM_RSA_PKCS 0x00000001
570#define CKM_RSA_9796 0x00000002
571#define CKM_RSA_X_509 0x00000003
572
573/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
574 * are new for v2.0. They are mechanisms which hash and sign */
575#define CKM_MD2_RSA_PKCS 0x00000004
576#define CKM_MD5_RSA_PKCS 0x00000005
577#define CKM_SHA1_RSA_PKCS 0x00000006
578
579/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
580 * CKM_RSA_PKCS_OAEP are new for v2.10 */
581#define CKM_RIPEMD128_RSA_PKCS 0x00000007
582#define CKM_RIPEMD160_RSA_PKCS 0x00000008
583#define CKM_RSA_PKCS_OAEP 0x00000009
584
585/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
586 * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
587#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A
588#define CKM_RSA_X9_31 0x0000000B
589#define CKM_SHA1_RSA_X9_31 0x0000000C
590#define CKM_RSA_PKCS_PSS 0x0000000D
591#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E
592
593#define CKM_DSA_KEY_PAIR_GEN 0x00000010
594#define CKM_DSA 0x00000011
595#define CKM_DSA_SHA1 0x00000012
596#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020
597#define CKM_DH_PKCS_DERIVE 0x00000021
598
599/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
600 * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
601 * v2.11 */
602#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030
603#define CKM_X9_42_DH_DERIVE 0x00000031
604#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032
605#define CKM_X9_42_MQV_DERIVE 0x00000033
606
607/* CKM_SHA256/384/512 are new for v2.20 */
608#define CKM_SHA256_RSA_PKCS 0x00000040
609#define CKM_SHA384_RSA_PKCS 0x00000041
610#define CKM_SHA512_RSA_PKCS 0x00000042
611#define CKM_SHA256_RSA_PKCS_PSS 0x00000043
612#define CKM_SHA384_RSA_PKCS_PSS 0x00000044
613#define CKM_SHA512_RSA_PKCS_PSS 0x00000045
614
615/* CKM_SHA224 new for v2.20 amendment 3 */
616#define CKM_SHA224_RSA_PKCS 0x00000046
617#define CKM_SHA224_RSA_PKCS_PSS 0x00000047
618
619#define CKM_RC2_KEY_GEN 0x00000100
620#define CKM_RC2_ECB 0x00000101
621#define CKM_RC2_CBC 0x00000102
622#define CKM_RC2_MAC 0x00000103
623
624/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
625#define CKM_RC2_MAC_GENERAL 0x00000104
626#define CKM_RC2_CBC_PAD 0x00000105
627
628#define CKM_RC4_KEY_GEN 0x00000110
629#define CKM_RC4 0x00000111
630#define CKM_DES_KEY_GEN 0x00000120
631#define CKM_DES_ECB 0x00000121
632#define CKM_DES_CBC 0x00000122
633#define CKM_DES_MAC 0x00000123
634
635/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
636#define CKM_DES_MAC_GENERAL 0x00000124
637#define CKM_DES_CBC_PAD 0x00000125
638
639#define CKM_DES2_KEY_GEN 0x00000130
640#define CKM_DES3_KEY_GEN 0x00000131
641#define CKM_DES3_ECB 0x00000132
642#define CKM_DES3_CBC 0x00000133
643#define CKM_DES3_MAC 0x00000134
644
645/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
646 * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
647 * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
648#define CKM_DES3_MAC_GENERAL 0x00000135
649#define CKM_DES3_CBC_PAD 0x00000136
650#define CKM_CDMF_KEY_GEN 0x00000140
651#define CKM_CDMF_ECB 0x00000141
652#define CKM_CDMF_CBC 0x00000142
653#define CKM_CDMF_MAC 0x00000143
654#define CKM_CDMF_MAC_GENERAL 0x00000144
655#define CKM_CDMF_CBC_PAD 0x00000145
656
657/* the following four DES mechanisms are new for v2.20 */
658#define CKM_DES_OFB64 0x00000150
659#define CKM_DES_OFB8 0x00000151
660#define CKM_DES_CFB64 0x00000152
661#define CKM_DES_CFB8 0x00000153
662
663#define CKM_MD2 0x00000200
664
665/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
666#define CKM_MD2_HMAC 0x00000201
667#define CKM_MD2_HMAC_GENERAL 0x00000202
668
669#define CKM_MD5 0x00000210
670
671/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
672#define CKM_MD5_HMAC 0x00000211
673#define CKM_MD5_HMAC_GENERAL 0x00000212
674
675#define CKM_SHA_1 0x00000220
676
677/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
678#define CKM_SHA_1_HMAC 0x00000221
679#define CKM_SHA_1_HMAC_GENERAL 0x00000222
680
681/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
682 * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
683 * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
684#define CKM_RIPEMD128 0x00000230
685#define CKM_RIPEMD128_HMAC 0x00000231
686#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232
687#define CKM_RIPEMD160 0x00000240
688#define CKM_RIPEMD160_HMAC 0x00000241
689#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242
690
691/* CKM_SHA256/384/512 are new for v2.20 */
692#define CKM_SHA256 0x00000250
693#define CKM_SHA256_HMAC 0x00000251
694#define CKM_SHA256_HMAC_GENERAL 0x00000252
695#define CKM_SHA384 0x00000260
696#define CKM_SHA384_HMAC 0x00000261
697#define CKM_SHA384_HMAC_GENERAL 0x00000262
698#define CKM_SHA512 0x00000270
699#define CKM_SHA512_HMAC 0x00000271
700#define CKM_SHA512_HMAC_GENERAL 0x00000272
701
702/* CKM_SHA224 new for v2.20 amendment 3 */
703#define CKM_SHA224 0x00000255
704#define CKM_SHA224_HMAC 0x00000256
705#define CKM_SHA224_HMAC_GENERAL 0x00000257
706
707/* All of the following mechanisms are new for v2.0 */
708/* Note that CAST128 and CAST5 are the same algorithm */
709#define CKM_CAST_KEY_GEN 0x00000300
710#define CKM_CAST_ECB 0x00000301
711#define CKM_CAST_CBC 0x00000302
712#define CKM_CAST_MAC 0x00000303
713#define CKM_CAST_MAC_GENERAL 0x00000304
714#define CKM_CAST_CBC_PAD 0x00000305
715#define CKM_CAST3_KEY_GEN 0x00000310
716#define CKM_CAST3_ECB 0x00000311
717#define CKM_CAST3_CBC 0x00000312
718#define CKM_CAST3_MAC 0x00000313
719#define CKM_CAST3_MAC_GENERAL 0x00000314
720#define CKM_CAST3_CBC_PAD 0x00000315
721#define CKM_CAST5_KEY_GEN 0x00000320
722#define CKM_CAST128_KEY_GEN 0x00000320
723#define CKM_CAST5_ECB 0x00000321
724#define CKM_CAST128_ECB 0x00000321
725#define CKM_CAST5_CBC 0x00000322
726#define CKM_CAST128_CBC 0x00000322
727#define CKM_CAST5_MAC 0x00000323
728#define CKM_CAST128_MAC 0x00000323
729#define CKM_CAST5_MAC_GENERAL 0x00000324
730#define CKM_CAST128_MAC_GENERAL 0x00000324
731#define CKM_CAST5_CBC_PAD 0x00000325
732#define CKM_CAST128_CBC_PAD 0x00000325
733#define CKM_RC5_KEY_GEN 0x00000330
734#define CKM_RC5_ECB 0x00000331
735#define CKM_RC5_CBC 0x00000332
736#define CKM_RC5_MAC 0x00000333
737#define CKM_RC5_MAC_GENERAL 0x00000334
738#define CKM_RC5_CBC_PAD 0x00000335
739#define CKM_IDEA_KEY_GEN 0x00000340
740#define CKM_IDEA_ECB 0x00000341
741#define CKM_IDEA_CBC 0x00000342
742#define CKM_IDEA_MAC 0x00000343
743#define CKM_IDEA_MAC_GENERAL 0x00000344
744#define CKM_IDEA_CBC_PAD 0x00000345
745#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350
746#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360
747#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362
748#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363
749#define CKM_XOR_BASE_AND_DATA 0x00000364
750#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365
751#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370
752#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371
753#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372
754
755/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
756 * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
757 * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
758#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373
759#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374
760#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375
761#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376
762#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377
763
764/* CKM_TLS_PRF is new for v2.20 */
765#define CKM_TLS_PRF 0x00000378
766
767#define CKM_SSL3_MD5_MAC 0x00000380
768#define CKM_SSL3_SHA1_MAC 0x00000381
769#define CKM_MD5_KEY_DERIVATION 0x00000390
770#define CKM_MD2_KEY_DERIVATION 0x00000391
771#define CKM_SHA1_KEY_DERIVATION 0x00000392
772
773/* CKM_SHA256/384/512 are new for v2.20 */
774#define CKM_SHA256_KEY_DERIVATION 0x00000393
775#define CKM_SHA384_KEY_DERIVATION 0x00000394
776#define CKM_SHA512_KEY_DERIVATION 0x00000395
777
778/* CKM_SHA224 new for v2.20 amendment 3 */
779#define CKM_SHA224_KEY_DERIVATION 0x00000396
780
781#define CKM_PBE_MD2_DES_CBC 0x000003A0
782#define CKM_PBE_MD5_DES_CBC 0x000003A1
783#define CKM_PBE_MD5_CAST_CBC 0x000003A2
784#define CKM_PBE_MD5_CAST3_CBC 0x000003A3
785#define CKM_PBE_MD5_CAST5_CBC 0x000003A4
786#define CKM_PBE_MD5_CAST128_CBC 0x000003A4
787#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5
788#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5
789#define CKM_PBE_SHA1_RC4_128 0x000003A6
790#define CKM_PBE_SHA1_RC4_40 0x000003A7
791#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8
792#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9
793#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA
794#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB
795
796/* CKM_PKCS5_PBKD2 is new for v2.10 */
797#define CKM_PKCS5_PBKD2 0x000003B0
798
799#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0
800
801/* WTLS mechanisms are new for v2.20 */
802#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0
803#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1
804#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2
805#define CKM_WTLS_PRF 0x000003D3
806#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4
807#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5
808
809/* TLS 1.2 mechanisms are new for v2.40 */
810#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0
811#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1
812#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2
813#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3
814#define CKM_TLS12_MAC 0x000003E4
815#define CKM_TLS_MAC 0x000003E4
816#define CKM_TLS_KDF 0x000003E5
817
818#define CKM_KEY_WRAP_LYNKS 0x00000400
819#define CKM_KEY_WRAP_SET_OAEP 0x00000401
820
821/* CKM_CMS_SIG is new for v2.20 */
822#define CKM_CMS_SIG 0x00000500
823
824/* Fortezza mechanisms */
825#define CKM_SKIPJACK_KEY_GEN 0x00001000
826#define CKM_SKIPJACK_ECB64 0x00001001
827#define CKM_SKIPJACK_CBC64 0x00001002
828#define CKM_SKIPJACK_OFB64 0x00001003
829#define CKM_SKIPJACK_CFB64 0x00001004
830#define CKM_SKIPJACK_CFB32 0x00001005
831#define CKM_SKIPJACK_CFB16 0x00001006
832#define CKM_SKIPJACK_CFB8 0x00001007
833#define CKM_SKIPJACK_WRAP 0x00001008
834#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009
835#define CKM_SKIPJACK_RELAYX 0x0000100a
836#define CKM_KEA_KEY_PAIR_GEN 0x00001010
837#define CKM_KEA_KEY_DERIVE 0x00001011
838#define CKM_FORTEZZA_TIMESTAMP 0x00001020
839#define CKM_BATON_KEY_GEN 0x00001030
840#define CKM_BATON_ECB128 0x00001031
841#define CKM_BATON_ECB96 0x00001032
842#define CKM_BATON_CBC128 0x00001033
843#define CKM_BATON_COUNTER 0x00001034
844#define CKM_BATON_SHUFFLE 0x00001035
845#define CKM_BATON_WRAP 0x00001036
846
847/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
848 * CKM_EC_KEY_PAIR_GEN is preferred */
849#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040
850#define CKM_EC_KEY_PAIR_GEN 0x00001040
851
852#define CKM_ECDSA 0x00001041
853#define CKM_ECDSA_SHA1 0x00001042
854
855/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
856 * are new for v2.11 */
857#define CKM_ECDH1_DERIVE 0x00001050
858#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051
859#define CKM_ECMQV_DERIVE 0x00001052
860
861#define CKM_JUNIPER_KEY_GEN 0x00001060
862#define CKM_JUNIPER_ECB128 0x00001061
863#define CKM_JUNIPER_CBC128 0x00001062
864#define CKM_JUNIPER_COUNTER 0x00001063
865#define CKM_JUNIPER_SHUFFLE 0x00001064
866#define CKM_JUNIPER_WRAP 0x00001065
867#define CKM_FASTHASH 0x00001070
868
869/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
870 * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
871 * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
872 * new for v2.11 */
873#define CKM_AES_KEY_GEN 0x00001080
874#define CKM_AES_ECB 0x00001081
875#define CKM_AES_CBC 0x00001082
876#define CKM_AES_MAC 0x00001083
877#define CKM_AES_MAC_GENERAL 0x00001084
878#define CKM_AES_CBC_PAD 0x00001085
879/* new for v2.20 amendment 3 */
880#define CKM_AES_CTR 0x00001086
881/* new for v2.30 */
882#define CKM_AES_GCM 0x00001087
883#define CKM_AES_CCM 0x00001088
884#define CKM_AES_CTS 0x00001089
885
886/* BlowFish and TwoFish are new for v2.20 */
887#define CKM_BLOWFISH_KEY_GEN 0x00001090
888#define CKM_BLOWFISH_CBC 0x00001091
889#define CKM_TWOFISH_KEY_GEN 0x00001092
890#define CKM_TWOFISH_CBC 0x00001093
891
892/* Camellia is proposed for v2.20 Amendment 3 */
893#define CKM_CAMELLIA_KEY_GEN 0x00000550
894#define CKM_CAMELLIA_ECB 0x00000551
895#define CKM_CAMELLIA_CBC 0x00000552
896#define CKM_CAMELLIA_MAC 0x00000553
897#define CKM_CAMELLIA_MAC_GENERAL 0x00000554
898#define CKM_CAMELLIA_CBC_PAD 0x00000555
899#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556
900#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557
901
902#define CKM_SEED_KEY_GEN 0x00000650
903#define CKM_SEED_ECB 0x00000651
904#define CKM_SEED_CBC 0x00000652
905#define CKM_SEED_MAC 0x00000653
906#define CKM_SEED_MAC_GENERAL 0x00000654
907#define CKM_SEED_CBC_PAD 0x00000655
908#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656
909#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657
910
911/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
912#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100
913#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101
914#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102
915#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103
916#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104
917#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105
918
919#define CKM_DSA_PARAMETER_GEN 0x00002000
920#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001
921#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002
922
923#define CKM_VENDOR_DEFINED 0x80000000
924
925typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
926
927/* CK_MECHANISM is a structure that specifies a particular
928 * mechanism */
929typedef struct CK_MECHANISM {
930 CK_MECHANISM_TYPE mechanism;
931 CK_VOID_PTR pParameter;
932
933 /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
934 * v2.0 */
935 CK_ULONG ulParameterLen; /* in bytes */
936} CK_MECHANISM;
937
938typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
939
940/* CK_MECHANISM_INFO provides information about a particular
941 * mechanism */
942typedef struct CK_MECHANISM_INFO {
943 CK_ULONG ulMinKeySize;
944 CK_ULONG ulMaxKeySize;
945 CK_FLAGS flags;
946} CK_MECHANISM_INFO;
947
948/* The flags are defined as follows:
949 * Bit Flag Mask Meaning */
950#define CKF_HW 0x00000001 /* performed by HW */
951
952/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
953 * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
954 * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
955 * and CKF_DERIVE are new for v2.0. They specify whether or not
956 * a mechanism can be used for a particular task */
957#define CKF_ENCRYPT 0x00000100
958#define CKF_DECRYPT 0x00000200
959#define CKF_DIGEST 0x00000400
960#define CKF_SIGN 0x00000800
961#define CKF_SIGN_RECOVER 0x00001000
962#define CKF_VERIFY 0x00002000
963#define CKF_VERIFY_RECOVER 0x00004000
964#define CKF_GENERATE 0x00008000
965#define CKF_GENERATE_KEY_PAIR 0x00010000
966#define CKF_WRAP 0x00020000
967#define CKF_UNWRAP 0x00040000
968#define CKF_DERIVE 0x00080000
969
970/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
971 * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
972 * describe a token's EC capabilities not available in mechanism
973 * information. */
974#define CKF_EC_F_P 0x00100000
975#define CKF_EC_F_2M 0x00200000
976#define CKF_EC_ECPARAMETERS 0x00400000
977#define CKF_EC_NAMEDCURVE 0x00800000
978#define CKF_EC_UNCOMPRESS 0x01000000
979#define CKF_EC_COMPRESS 0x02000000
980
981#define CKF_EXTENSION 0x80000000 /* FALSE for this version */
982
983typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
984
985/* CK_RV is a value that identifies the return value of a
986 * PKCS #11 function */
987/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
988typedef CK_ULONG CK_RV;
989
990#define CKR_OK 0x00000000
991#define CKR_CANCEL 0x00000001
992#define CKR_HOST_MEMORY 0x00000002
993#define CKR_SLOT_ID_INVALID 0x00000003
994
995/* CKR_FLAGS_INVALID was removed for v2.0 */
996
997/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
998#define CKR_GENERAL_ERROR 0x00000005
999#define CKR_FUNCTION_FAILED 0x00000006
1000
1001/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
1002 * and CKR_CANT_LOCK are new for v2.01 */
1003#define CKR_ARGUMENTS_BAD 0x00000007
1004#define CKR_NO_EVENT 0x00000008
1005#define CKR_NEED_TO_CREATE_THREADS 0x00000009
1006#define CKR_CANT_LOCK 0x0000000A
1007
1008#define CKR_ATTRIBUTE_READ_ONLY 0x00000010
1009#define CKR_ATTRIBUTE_SENSITIVE 0x00000011
1010#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012
1011#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013
1012#define CKR_DATA_INVALID 0x00000020
1013#define CKR_DATA_LEN_RANGE 0x00000021
1014#define CKR_DEVICE_ERROR 0x00000030
1015#define CKR_DEVICE_MEMORY 0x00000031
1016#define CKR_DEVICE_REMOVED 0x00000032
1017#define CKR_ENCRYPTED_DATA_INVALID 0x00000040
1018#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041
1019#define CKR_FUNCTION_CANCELED 0x00000050
1020#define CKR_FUNCTION_NOT_PARALLEL 0x00000051
1021
1022/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
1023#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054
1024
1025#define CKR_KEY_HANDLE_INVALID 0x00000060
1026
1027/* CKR_KEY_SENSITIVE was removed for v2.0 */
1028
1029#define CKR_KEY_SIZE_RANGE 0x00000062
1030#define CKR_KEY_TYPE_INCONSISTENT 0x00000063
1031
1032/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
1033 * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
1034 * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
1035 * v2.0 */
1036#define CKR_KEY_NOT_NEEDED 0x00000064
1037#define CKR_KEY_CHANGED 0x00000065
1038#define CKR_KEY_NEEDED 0x00000066
1039#define CKR_KEY_INDIGESTIBLE 0x00000067
1040#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068
1041#define CKR_KEY_NOT_WRAPPABLE 0x00000069
1042#define CKR_KEY_UNEXTRACTABLE 0x0000006A
1043
1044#define CKR_MECHANISM_INVALID 0x00000070
1045#define CKR_MECHANISM_PARAM_INVALID 0x00000071
1046
1047/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
1048 * were removed for v2.0 */
1049#define CKR_OBJECT_HANDLE_INVALID 0x00000082
1050#define CKR_OPERATION_ACTIVE 0x00000090
1051#define CKR_OPERATION_NOT_INITIALIZED 0x00000091
1052#define CKR_PIN_INCORRECT 0x000000A0
1053#define CKR_PIN_INVALID 0x000000A1
1054#define CKR_PIN_LEN_RANGE 0x000000A2
1055
1056/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
1057#define CKR_PIN_EXPIRED 0x000000A3
1058#define CKR_PIN_LOCKED 0x000000A4
1059
1060#define CKR_SESSION_CLOSED 0x000000B0
1061#define CKR_SESSION_COUNT 0x000000B1
1062#define CKR_SESSION_HANDLE_INVALID 0x000000B3
1063#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4
1064#define CKR_SESSION_READ_ONLY 0x000000B5
1065#define CKR_SESSION_EXISTS 0x000000B6
1066
1067/* CKR_SESSION_READ_ONLY_EXISTS and
1068 * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
1069#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7
1070#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8
1071
1072#define CKR_SIGNATURE_INVALID 0x000000C0
1073#define CKR_SIGNATURE_LEN_RANGE 0x000000C1
1074#define CKR_TEMPLATE_INCOMPLETE 0x000000D0
1075#define CKR_TEMPLATE_INCONSISTENT 0x000000D1
1076#define CKR_TOKEN_NOT_PRESENT 0x000000E0
1077#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1
1078#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2
1079#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0
1080#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1
1081#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2
1082#define CKR_USER_ALREADY_LOGGED_IN 0x00000100
1083#define CKR_USER_NOT_LOGGED_IN 0x00000101
1084#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102
1085#define CKR_USER_TYPE_INVALID 0x00000103
1086
1087/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
1088 * are new to v2.01 */
1089#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104
1090#define CKR_USER_TOO_MANY_TYPES 0x00000105
1091
1092#define CKR_WRAPPED_KEY_INVALID 0x00000110
1093#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112
1094#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113
1095#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114
1096#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115
1097#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120
1098
1099/* These are new to v2.0 */
1100#define CKR_RANDOM_NO_RNG 0x00000121
1101
1102/* These are new to v2.11 */
1103#define CKR_DOMAIN_PARAMS_INVALID 0x00000130
1104
1105/* These are new to v2.0 */
1106#define CKR_BUFFER_TOO_SMALL 0x00000150
1107#define CKR_SAVED_STATE_INVALID 0x00000160
1108#define CKR_INFORMATION_SENSITIVE 0x00000170
1109#define CKR_STATE_UNSAVEABLE 0x00000180
1110
1111/* These are new to v2.01 */
1112#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190
1113#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191
1114#define CKR_MUTEX_BAD 0x000001A0
1115#define CKR_MUTEX_NOT_LOCKED 0x000001A1
1116
1117/* This is new to v2.20 */
1118#define CKR_FUNCTION_REJECTED 0x00000200
1119
1120#define CKR_VENDOR_DEFINED 0x80000000
1121
1122/* CK_NOTIFY is an application callback that processes events */
1123typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
1124 CK_SESSION_HANDLE hSession, /* the session's handle */
1125 CK_NOTIFICATION event,
1126 CK_VOID_PTR pApplication /* passed to C_OpenSession */
1127 );
1128
1129/* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec
1130 * version and pointers of appropriate types to all the
1131 * PKCS #11 functions */
1132/* CK_FUNCTION_LIST is new for v2.0 */
1133typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
1134
1135typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
1136
1137typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
1138
1139/* CK_CREATEMUTEX is an application callback for creating a
1140 * mutex object */
1141typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
1142 CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
1143 );
1144
1145/* CK_DESTROYMUTEX is an application callback for destroying a
1146 * mutex object */
1147typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
1148 CK_VOID_PTR pMutex /* pointer to mutex */
1149 );
1150
1151/* CK_LOCKMUTEX is an application callback for locking a mutex */
1152typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
1153 CK_VOID_PTR pMutex /* pointer to mutex */
1154 );
1155
1156/* CK_UNLOCKMUTEX is an application callback for unlocking a
1157 * mutex */
1158typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
1159 CK_VOID_PTR pMutex /* pointer to mutex */
1160 );
1161
1162/* CK_C_INITIALIZE_ARGS provides the optional arguments to
1163 * C_Initialize */
1164typedef struct CK_C_INITIALIZE_ARGS {
1165 CK_CREATEMUTEX CreateMutex;
1166 CK_DESTROYMUTEX DestroyMutex;
1167 CK_LOCKMUTEX LockMutex;
1168 CK_UNLOCKMUTEX UnlockMutex;
1169 CK_FLAGS flags;
1170 /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
1171 * a reserved field. NSS needs a way to pass instance-specific information
1172 * to the library (like where to find its config files, etc). This
1173 * information is usually provided by the installer and passed uninterpreted
1174 * by NSS to the library, though NSS does know the specifics of the softoken
1175 * version of this parameter. Most compliant PKCS#11 modules expect this
1176 * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
1177 * C_Initialize if Library parameters is supplied. */
1178 CK_CHAR_PTR *LibraryParameters;
1179 /* This field is only present if the LibraryParameters is not NULL. It must
1180 * be NULL in all cases */
1181 CK_VOID_PTR pReserved;
1182} CK_C_INITIALIZE_ARGS;
1183
1184/* flags: bit flags that provide capabilities of the slot
1185 * Bit Flag Mask Meaning
1186 */
1187#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001
1188#define CKF_OS_LOCKING_OK 0x00000002
1189
1190typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
1191
1192/* additional flags for parameters to functions */
1193
1194/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
1195#define CKF_DONT_BLOCK 1
1196
1197/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
1198 * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
1199 * Generation Function (MGF) applied to a message block when
1200 * formatting a message block for the PKCS #1 OAEP encryption
1201 * scheme. */
1202typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
1203
1204typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
1205
1206/* The following MGFs are defined */
1207/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
1208 * are new for v2.20 */
1209#define CKG_MGF1_SHA1 0x00000001
1210#define CKG_MGF1_SHA256 0x00000002
1211#define CKG_MGF1_SHA384 0x00000003
1212#define CKG_MGF1_SHA512 0x00000004
1213
1214/* v2.20 amendment 3 */
1215#define CKG_MGF1_SHA224 0x00000005
1216
1217/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
1218 * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
1219 * of the encoding parameter when formatting a message block
1220 * for the PKCS #1 OAEP encryption scheme. */
1221typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
1222
1223typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
1224
1225/* The following encoding parameter sources are defined */
1226#define CKZ_DATA_SPECIFIED 0x00000001
1227
1228/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
1229 * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
1230 * CKM_RSA_PKCS_OAEP mechanism. */
1231typedef struct CK_RSA_PKCS_OAEP_PARAMS {
1232 CK_MECHANISM_TYPE hashAlg;
1233 CK_RSA_PKCS_MGF_TYPE mgf;
1234 CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
1235 CK_VOID_PTR pSourceData;
1236 CK_ULONG ulSourceDataLen;
1237} CK_RSA_PKCS_OAEP_PARAMS;
1238
1239typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
1240
1241/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
1242 * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
1243 * CKM_RSA_PKCS_PSS mechanism(s). */
1244typedef struct CK_RSA_PKCS_PSS_PARAMS {
1245 CK_MECHANISM_TYPE hashAlg;
1246 CK_RSA_PKCS_MGF_TYPE mgf;
1247 CK_ULONG sLen;
1248} CK_RSA_PKCS_PSS_PARAMS;
1249
1250typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
1251
1252/* CK_EC_KDF_TYPE is new for v2.11. */
1253typedef CK_ULONG CK_EC_KDF_TYPE;
1254
1255/* The following EC Key Derivation Functions are defined */
1256#define CKD_NULL 0x00000001
1257#define CKD_SHA1_KDF 0x00000002
1258#define CKD_SHA224_KDF 0x00000005
1259#define CKD_SHA256_KDF 0x00000006
1260#define CKD_SHA384_KDF 0x00000007
1261#define CKD_SHA512_KDF 0x00000008
1262
1263/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
1264 * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
1265 * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
1266 * where each party contributes one key pair.
1267 */
1268typedef struct CK_ECDH1_DERIVE_PARAMS {
1269 CK_EC_KDF_TYPE kdf;
1270 CK_ULONG ulSharedDataLen;
1271 CK_BYTE_PTR pSharedData;
1272 CK_ULONG ulPublicDataLen;
1273 CK_BYTE_PTR pPublicData;
1274} CK_ECDH1_DERIVE_PARAMS;
1275
1276typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
1277
1278/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
1279 * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
1280 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
1281typedef struct CK_ECDH2_DERIVE_PARAMS {
1282 CK_EC_KDF_TYPE kdf;
1283 CK_ULONG ulSharedDataLen;
1284 CK_BYTE_PTR pSharedData;
1285 CK_ULONG ulPublicDataLen;
1286 CK_BYTE_PTR pPublicData;
1287 CK_ULONG ulPrivateDataLen;
1288 CK_OBJECT_HANDLE hPrivateData;
1289 CK_ULONG ulPublicDataLen2;
1290 CK_BYTE_PTR pPublicData2;
1291} CK_ECDH2_DERIVE_PARAMS;
1292
1293typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
1294
1295typedef struct CK_ECMQV_DERIVE_PARAMS {
1296 CK_EC_KDF_TYPE kdf;
1297 CK_ULONG ulSharedDataLen;
1298 CK_BYTE_PTR pSharedData;
1299 CK_ULONG ulPublicDataLen;
1300 CK_BYTE_PTR pPublicData;
1301 CK_ULONG ulPrivateDataLen;
1302 CK_OBJECT_HANDLE hPrivateData;
1303 CK_ULONG ulPublicDataLen2;
1304 CK_BYTE_PTR pPublicData2;
1305 CK_OBJECT_HANDLE publicKey;
1306} CK_ECMQV_DERIVE_PARAMS;
1307
1308typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
1309
1310/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
1311 * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
1312typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
1313typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
1314
1315/* The following X9.42 DH key derivation functions are defined
1316 (besides CKD_NULL already defined : */
1317#define CKD_SHA1_KDF_ASN1 0x00000003
1318#define CKD_SHA1_KDF_CONCATENATE 0x00000004
1319
1320/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
1321 * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
1322 * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
1323 * contributes one key pair */
1324typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
1325 CK_X9_42_DH_KDF_TYPE kdf;
1326 CK_ULONG ulOtherInfoLen;
1327 CK_BYTE_PTR pOtherInfo;
1328 CK_ULONG ulPublicDataLen;
1329 CK_BYTE_PTR pPublicData;
1330} CK_X9_42_DH1_DERIVE_PARAMS;
1331
1332typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
1333
1334/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
1335 * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
1336 * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
1337 * mechanisms, where each party contributes two key pairs */
1338typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
1339 CK_X9_42_DH_KDF_TYPE kdf;
1340 CK_ULONG ulOtherInfoLen;
1341 CK_BYTE_PTR pOtherInfo;
1342 CK_ULONG ulPublicDataLen;
1343 CK_BYTE_PTR pPublicData;
1344 CK_ULONG ulPrivateDataLen;
1345 CK_OBJECT_HANDLE hPrivateData;
1346 CK_ULONG ulPublicDataLen2;
1347 CK_BYTE_PTR pPublicData2;
1348} CK_X9_42_DH2_DERIVE_PARAMS;
1349
1350typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
1351
1352typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
1353 CK_X9_42_DH_KDF_TYPE kdf;
1354 CK_ULONG ulOtherInfoLen;
1355 CK_BYTE_PTR pOtherInfo;
1356 CK_ULONG ulPublicDataLen;
1357 CK_BYTE_PTR pPublicData;
1358 CK_ULONG ulPrivateDataLen;
1359 CK_OBJECT_HANDLE hPrivateData;
1360 CK_ULONG ulPublicDataLen2;
1361 CK_BYTE_PTR pPublicData2;
1362 CK_OBJECT_HANDLE publicKey;
1363} CK_X9_42_MQV_DERIVE_PARAMS;
1364
1365typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
1366
1367/* CK_KEA_DERIVE_PARAMS provides the parameters to the
1368 * CKM_KEA_DERIVE mechanism */
1369/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
1370typedef struct CK_KEA_DERIVE_PARAMS {
1371 CK_BBOOL isSender;
1372 CK_ULONG ulRandomLen;
1373 CK_BYTE_PTR pRandomA;
1374 CK_BYTE_PTR pRandomB;
1375 CK_ULONG ulPublicDataLen;
1376 CK_BYTE_PTR pPublicData;
1377} CK_KEA_DERIVE_PARAMS;
1378
1379typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
1380
1381/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
1382 * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
1383 * holds the effective keysize */
1384typedef CK_ULONG CK_RC2_PARAMS;
1385
1386typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
1387
1388/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
1389 * mechanism */
1390typedef struct CK_RC2_CBC_PARAMS {
1391 /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
1392 * v2.0 */
1393 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1394
1395 CK_BYTE iv[8]; /* IV for CBC mode */
1396} CK_RC2_CBC_PARAMS;
1397
1398typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
1399
1400/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
1401 * CKM_RC2_MAC_GENERAL mechanism */
1402/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
1403typedef struct CK_RC2_MAC_GENERAL_PARAMS {
1404 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1405 CK_ULONG ulMacLength; /* Length of MAC in bytes */
1406} CK_RC2_MAC_GENERAL_PARAMS;
1407
1408typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR
1409 CK_RC2_MAC_GENERAL_PARAMS_PTR;
1410
1411/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
1412 * CKM_RC5_MAC mechanisms */
1413/* CK_RC5_PARAMS is new for v2.0 */
1414typedef struct CK_RC5_PARAMS {
1415 CK_ULONG ulWordsize; /* wordsize in bits */
1416 CK_ULONG ulRounds; /* number of rounds */
1417} CK_RC5_PARAMS;
1418
1419typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
1420
1421/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
1422 * mechanism */
1423/* CK_RC5_CBC_PARAMS is new for v2.0 */
1424typedef struct CK_RC5_CBC_PARAMS {
1425 CK_ULONG ulWordsize; /* wordsize in bits */
1426 CK_ULONG ulRounds; /* number of rounds */
1427 CK_BYTE_PTR pIv; /* pointer to IV */
1428 CK_ULONG ulIvLen; /* length of IV in bytes */
1429} CK_RC5_CBC_PARAMS;
1430
1431typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
1432
1433/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
1434 * CKM_RC5_MAC_GENERAL mechanism */
1435/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
1436typedef struct CK_RC5_MAC_GENERAL_PARAMS {
1437 CK_ULONG ulWordsize; /* wordsize in bits */
1438 CK_ULONG ulRounds; /* number of rounds */
1439 CK_ULONG ulMacLength; /* Length of MAC in bytes */
1440} CK_RC5_MAC_GENERAL_PARAMS;
1441
1442typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR
1443 CK_RC5_MAC_GENERAL_PARAMS_PTR;
1444
1445/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
1446 * ciphers' MAC_GENERAL mechanisms. Its value is the length of
1447 * the MAC */
1448/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
1449typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
1450
1451typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
1452
1453/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
1454typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
1455 CK_BYTE iv[8];
1456 CK_BYTE_PTR pData;
1457 CK_ULONG length;
1458} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
1459
1460typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1461
1462typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
1463 CK_BYTE iv[16];
1464 CK_BYTE_PTR pData;
1465 CK_ULONG length;
1466} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
1467
1468typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1469
1470/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1471typedef struct CK_AES_CTR_PARAMS {
1472 CK_ULONG ulCounterBits;
1473 CK_BYTE cb[16];
1474} CK_AES_CTR_PARAMS;
1475
1476typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
1477
1478/* CK_GCM_PARAMS is new for version 2.30 */
1479typedef struct CK_GCM_PARAMS {
1480 CK_BYTE_PTR pIv;
1481 CK_ULONG ulIvLen;
1482 CK_BYTE_PTR pAAD;
1483 CK_ULONG ulAADLen;
1484 CK_ULONG ulTagBits;
1485} CK_GCM_PARAMS;
1486
1487typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR;
1488
1489/* CK_CCM_PARAMS is new for version 2.30 */
1490typedef struct CK_CCM_PARAMS {
1491 CK_ULONG ulDataLen;
1492 CK_BYTE_PTR pNonce;
1493 CK_ULONG ulNonceLen;
1494 CK_BYTE_PTR pAAD;
1495 CK_ULONG ulAADLen;
1496 CK_ULONG ulMACLen;
1497} CK_CCM_PARAMS;
1498
1499typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
1500
1501/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
1502 * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
1503/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
1504typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
1505 CK_ULONG ulPasswordLen;
1506 CK_BYTE_PTR pPassword;
1507 CK_ULONG ulPublicDataLen;
1508 CK_BYTE_PTR pPublicData;
1509 CK_ULONG ulPAndGLen;
1510 CK_ULONG ulQLen;
1511 CK_ULONG ulRandomLen;
1512 CK_BYTE_PTR pRandomA;
1513 CK_BYTE_PTR pPrimeP;
1514 CK_BYTE_PTR pBaseG;
1515 CK_BYTE_PTR pSubprimeQ;
1516} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
1517
1518typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR
1519 CK_SKIPJACK_PRIVATE_WRAP_PTR;
1520
1521/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
1522 * CKM_SKIPJACK_RELAYX mechanism */
1523/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
1524typedef struct CK_SKIPJACK_RELAYX_PARAMS {
1525 CK_ULONG ulOldWrappedXLen;
1526 CK_BYTE_PTR pOldWrappedX;
1527 CK_ULONG ulOldPasswordLen;
1528 CK_BYTE_PTR pOldPassword;
1529 CK_ULONG ulOldPublicDataLen;
1530 CK_BYTE_PTR pOldPublicData;
1531 CK_ULONG ulOldRandomLen;
1532 CK_BYTE_PTR pOldRandomA;
1533 CK_ULONG ulNewPasswordLen;
1534 CK_BYTE_PTR pNewPassword;
1535 CK_ULONG ulNewPublicDataLen;
1536 CK_BYTE_PTR pNewPublicData;
1537 CK_ULONG ulNewRandomLen;
1538 CK_BYTE_PTR pNewRandomA;
1539} CK_SKIPJACK_RELAYX_PARAMS;
1540
1541typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR
1542 CK_SKIPJACK_RELAYX_PARAMS_PTR;
1543
1544typedef struct CK_PBE_PARAMS {
1545 CK_BYTE_PTR pInitVector;
1546 CK_UTF8CHAR_PTR pPassword;
1547 CK_ULONG ulPasswordLen;
1548 CK_BYTE_PTR pSalt;
1549 CK_ULONG ulSaltLen;
1550 CK_ULONG ulIteration;
1551} CK_PBE_PARAMS;
1552
1553typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
1554
1555/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
1556 * CKM_KEY_WRAP_SET_OAEP mechanism */
1557/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
1558typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
1559 CK_BYTE bBC; /* block contents byte */
1560 CK_BYTE_PTR pX; /* extra data */
1561 CK_ULONG ulXLen; /* length of extra data in bytes */
1562} CK_KEY_WRAP_SET_OAEP_PARAMS;
1563
1564typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR
1565 CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
1566
1567typedef struct CK_SSL3_RANDOM_DATA {
1568 CK_BYTE_PTR pClientRandom;
1569 CK_ULONG ulClientRandomLen;
1570 CK_BYTE_PTR pServerRandom;
1571 CK_ULONG ulServerRandomLen;
1572} CK_SSL3_RANDOM_DATA;
1573
1574typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
1575 CK_SSL3_RANDOM_DATA RandomInfo;
1576 CK_VERSION_PTR pVersion;
1577} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
1578
1579typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR
1580 CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
1581
1582typedef struct CK_SSL3_KEY_MAT_OUT {
1583 CK_OBJECT_HANDLE hClientMacSecret;
1584 CK_OBJECT_HANDLE hServerMacSecret;
1585 CK_OBJECT_HANDLE hClientKey;
1586 CK_OBJECT_HANDLE hServerKey;
1587 CK_BYTE_PTR pIVClient;
1588 CK_BYTE_PTR pIVServer;
1589} CK_SSL3_KEY_MAT_OUT;
1590
1591typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
1592
1593typedef struct CK_SSL3_KEY_MAT_PARAMS {
1594 CK_ULONG ulMacSizeInBits;
1595 CK_ULONG ulKeySizeInBits;
1596 CK_ULONG ulIVSizeInBits;
1597 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
1598 CK_SSL3_RANDOM_DATA RandomInfo;
1599 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
1600} CK_SSL3_KEY_MAT_PARAMS;
1601
1602typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
1603
1604/* CK_TLS_PRF_PARAMS is new for version 2.20 */
1605typedef struct CK_TLS_PRF_PARAMS {
1606 CK_BYTE_PTR pSeed;
1607 CK_ULONG ulSeedLen;
1608 CK_BYTE_PTR pLabel;
1609 CK_ULONG ulLabelLen;
1610 CK_BYTE_PTR pOutput;
1611 CK_ULONG_PTR pulOutputLen;
1612} CK_TLS_PRF_PARAMS;
1613
1614typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
1615
1616/* TLS 1.2 is new for version 2.40 */
1617typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
1618 CK_SSL3_RANDOM_DATA RandomInfo;
1619 CK_VERSION_PTR pVersion;
1620 CK_MECHANISM_TYPE prfHashMechanism;
1621} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
1622
1623typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR
1624 CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
1625
1626typedef struct CK_TLS12_KEY_MAT_PARAMS {
1627 CK_ULONG ulMacSizeInBits;
1628 CK_ULONG ulKeySizeInBits;
1629 CK_ULONG ulIVSizeInBits;
1630 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
1631 CK_SSL3_RANDOM_DATA RandomInfo;
1632 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
1633 CK_MECHANISM_TYPE prfHashMechanism;
1634} CK_TLS12_KEY_MAT_PARAMS;
1635
1636typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
1637
1638typedef struct CK_TLS_KDF_PARAMS {
1639 CK_MECHANISM_TYPE prfMechanism;
1640 CK_BYTE_PTR pLabel;
1641 CK_ULONG ulLabelLength;
1642 CK_SSL3_RANDOM_DATA RandomInfo;
1643 CK_BYTE_PTR pContextData;
1644 CK_ULONG ulContextDataLength;
1645} CK_TLS_KDF_PARAMS;
1646
1647typedef struct CK_TLS_MAC_PARAMS {
1648 CK_MECHANISM_TYPE prfMechanism;
1649 CK_ULONG ulMacLength;
1650 CK_ULONG ulServerOrClient;
1651} CK_TLS_MAC_PARAMS;
1652
1653typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
1654
1655/* WTLS is new for version 2.20 */
1656typedef struct CK_WTLS_RANDOM_DATA {
1657 CK_BYTE_PTR pClientRandom;
1658 CK_ULONG ulClientRandomLen;
1659 CK_BYTE_PTR pServerRandom;
1660 CK_ULONG ulServerRandomLen;
1661} CK_WTLS_RANDOM_DATA;
1662
1663typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
1664
1665typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
1666 CK_MECHANISM_TYPE DigestMechanism;
1667 CK_WTLS_RANDOM_DATA RandomInfo;
1668 CK_BYTE_PTR pVersion;
1669} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
1670
1671typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR
1672 CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
1673
1674typedef struct CK_WTLS_PRF_PARAMS {
1675 CK_MECHANISM_TYPE DigestMechanism;
1676 CK_BYTE_PTR pSeed;
1677 CK_ULONG ulSeedLen;
1678 CK_BYTE_PTR pLabel;
1679 CK_ULONG ulLabelLen;
1680 CK_BYTE_PTR pOutput;
1681 CK_ULONG_PTR pulOutputLen;
1682} CK_WTLS_PRF_PARAMS;
1683
1684typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
1685
1686typedef struct CK_WTLS_KEY_MAT_OUT {
1687 CK_OBJECT_HANDLE hMacSecret;
1688 CK_OBJECT_HANDLE hKey;
1689 CK_BYTE_PTR pIV;
1690} CK_WTLS_KEY_MAT_OUT;
1691
1692typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
1693
1694typedef struct CK_WTLS_KEY_MAT_PARAMS {
1695 CK_MECHANISM_TYPE DigestMechanism;
1696 CK_ULONG ulMacSizeInBits;
1697 CK_ULONG ulKeySizeInBits;
1698 CK_ULONG ulIVSizeInBits;
1699 CK_ULONG ulSequenceNumber;
1700 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
1701 CK_WTLS_RANDOM_DATA RandomInfo;
1702 CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
1703} CK_WTLS_KEY_MAT_PARAMS;
1704
1705typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
1706
1707/* CMS is new for version 2.20 */
1708typedef struct CK_CMS_SIG_PARAMS {
1709 CK_OBJECT_HANDLE certificateHandle;
1710 CK_MECHANISM_PTR pSigningMechanism;
1711 CK_MECHANISM_PTR pDigestMechanism;
1712 CK_UTF8CHAR_PTR pContentType;
1713 CK_BYTE_PTR pRequestedAttributes;
1714 CK_ULONG ulRequestedAttributesLen;
1715 CK_BYTE_PTR pRequiredAttributes;
1716 CK_ULONG ulRequiredAttributesLen;
1717} CK_CMS_SIG_PARAMS;
1718
1719typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
1720
1721typedef struct CK_KEY_DERIVATION_STRING_DATA {
1722 CK_BYTE_PTR pData;
1723 CK_ULONG ulLen;
1724} CK_KEY_DERIVATION_STRING_DATA;
1725
1726typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR
1727 CK_KEY_DERIVATION_STRING_DATA_PTR;
1728
1729/* The CK_EXTRACT_PARAMS is used for the
1730 * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
1731 * of the base key should be used as the first bit of the
1732 * derived key */
1733/* CK_EXTRACT_PARAMS is new for v2.0 */
1734typedef CK_ULONG CK_EXTRACT_PARAMS;
1735
1736typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
1737
1738/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
1739 * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
1740 * indicate the Pseudo-Random Function (PRF) used to generate
1741 * key bits using PKCS #5 PBKDF2. */
1742typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
1743
1744typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
1745
1746/* The following PRFs are defined in PKCS #5 v2.1. */
1747#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001
1748#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002
1749#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003
1750#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004
1751#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005
1752#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006
1753#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007
1754#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008
1755
1756/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
1757 * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
1758 * source of the salt value when deriving a key using PKCS #5
1759 * PBKDF2. */
1760typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
1761
1762typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
1763
1764/* The following salt value sources are defined in PKCS #5 v2.0. */
1765#define CKZ_SALT_SPECIFIED 0x00000001
1766
1767/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
1768 * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
1769 * parameters to the CKM_PKCS5_PBKD2 mechanism. */
1770typedef struct CK_PKCS5_PBKD2_PARAMS {
1771 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
1772 CK_VOID_PTR pSaltSourceData;
1773 CK_ULONG ulSaltSourceDataLen;
1774 CK_ULONG iterations;
1775 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
1776 CK_VOID_PTR pPrfData;
1777 CK_ULONG ulPrfDataLen;
1778 CK_UTF8CHAR_PTR pPassword;
1779 CK_ULONG_PTR ulPasswordLen;
1780} CK_PKCS5_PBKD2_PARAMS;
1781
1782typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
1783
1784/* NSS Specific defines */
1785
1786/* defines that have been deprecated in 2.20, but maintained in our
1787 * header file for backward compatibility */
1788#define CKO_KG_PARAMETERS CKO_DOMAIN_PARAMETERS
1789#define CKF_EC_FP CKF_EC_F_P
1790/* new in v2.11 deprecated by 2.20 */
1791#define CKR_KEY_PARAMS_INVALID 0x0000006B
1792
1793/* stuff that for historic reasons is in this header file but should have
1794 * been in pkcs11n.h */
1795#define CKK_INVALID_KEY_TYPE 0xffffffff
1796
1797#include "pkcs11n.h"
1798
1799/* undo packing */
1800#include "pkcs11u.h"
1801
1802#endif
1803