diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fe9b476 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/softhsm-2.4.0.tar.gz diff --git a/.softhsm.metadata b/.softhsm.metadata new file mode 100644 index 0000000..c899af6 --- /dev/null +++ b/.softhsm.metadata @@ -0,0 +1 @@ +398502be47a21deb7d10f259a7fc89a357d52ecd SOURCES/softhsm-2.4.0.tar.gz diff --git a/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch b/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch new file mode 100644 index 0000000..2bf4047 --- /dev/null +++ b/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch @@ -0,0 +1,72 @@ +From 16f994e7944a917fa81c8db11c56c594f4e78b40 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Tue, 31 Jul 2018 14:59:03 +0300 +Subject: [PATCH] Reset mutex callbacks to the default version when finished + +If a PKCS11 API caller provided own mutex handling callbacks, +we need to ensure they aren't used after C_Finalize is called +and SoftHSM instance is recycled. + +Inability to do so may lead to a situation where callbacks might +be provided by a different dynamically loaded object which is removed +after C_Finalize() call. Thus, callback pointers become invalid and +calling them leads to crashes. + +Fixes: https://github.com/opendnssec/SoftHSMv2/issues/408 + +Signed-off-by: Alexander Bokovoy +--- + src/lib/SoftHSM.cpp | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index ee94d3f..e4cc044 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -314,6 +314,15 @@ static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value) + /***************************************************************************** + Implementation of SoftHSM class specific functions + *****************************************************************************/ ++static void resetMutexFactoryCallbacks() ++{ ++ // Reset MutexFactory callbacks to our versions ++ MutexFactory::i()->setCreateMutex(OSCreateMutex); ++ MutexFactory::i()->setDestroyMutex(OSDestroyMutex); ++ MutexFactory::i()->setLockMutex(OSLockMutex); ++ MutexFactory::i()->setUnlockMutex(OSUnlockMutex); ++} ++ + + // Return the one-and-only instance + SoftHSM* SoftHSM::i() +@@ -342,6 +351,7 @@ SoftHSM::SoftHSM() + slotManager = NULL; + sessionManager = NULL; + handleManager = NULL; ++ resetMutexFactoryCallbacks(); + } + + // Destructor +@@ -352,6 +362,7 @@ SoftHSM::~SoftHSM() + if (slotManager != NULL) delete slotManager; + if (objectStore != NULL) delete objectStore; + if (sessionObjectStore != NULL) delete sessionObjectStore; ++ resetMutexFactoryCallbacks(); + } + + /***************************************************************************** +@@ -402,10 +413,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs) + if (args->flags & CKF_OS_LOCKING_OK) + { + // Use our own mutex functions. +- MutexFactory::i()->setCreateMutex(OSCreateMutex); +- MutexFactory::i()->setDestroyMutex(OSDestroyMutex); +- MutexFactory::i()->setLockMutex(OSLockMutex); +- MutexFactory::i()->setUnlockMutex(OSUnlockMutex); ++ resetMutexFactoryCallbacks(); + MutexFactory::i()->enable(); + } + else +-- +2.17.1 + diff --git a/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch b/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch new file mode 100644 index 0000000..7641c46 --- /dev/null +++ b/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch @@ -0,0 +1,5181 @@ +From 227aea681d6a3835134dccdf1e9e9e4fac8796d4 Mon Sep 17 00:00:00 2001 +From: Alexander Bokovoy +Date: Sat, 11 Aug 2018 11:31:23 +0300 +Subject: [PATCH] Replace PKCS11 headers with a version from p11-kit + +Since headers provided by OASIS PKCS11 TC have not-exactly free license +(they do not allow modification), use an alternative header from p11-kit +which is licensed under a more liberal license. + +Vendor-specific constants were also updated to PKCS11 standard v3.0 +where possible. +--- + src/bin/dump/tables.h | 2 +- + src/lib/P11Attributes.cpp | 4 +- + src/lib/SoftHSM.cpp | 8 +- + src/lib/object_store/DBObject.cpp | 2 +- + src/lib/object_store/test/DBObjectTests.cpp | 8 +- + src/lib/object_store/test/ObjectFileTests.cpp | 8 +- + .../object_store/test/SessionObjectTests.cpp | 8 +- + src/lib/pkcs11/pkcs11.h | 1991 +++++++++++++--- + src/lib/pkcs11/pkcs11f.h | 939 -------- + src/lib/pkcs11/pkcs11t.h | 2003 ----------------- + 10 files changed, 1758 insertions(+), 3215 deletions(-) + delete mode 100644 src/lib/pkcs11/pkcs11f.h + delete mode 100644 src/lib/pkcs11/pkcs11t.h + +diff --git a/src/bin/dump/tables.h b/src/bin/dump/tables.h +index 76d64fb..d125a2b 100644 +--- a/src/bin/dump/tables.h ++++ b/src/bin/dump/tables.h +@@ -88,7 +88,7 @@ void fill_CKA_table(std::map &t) + t[CKA_SUBPRIME] = "CKA_SUBPRIME"; + t[CKA_BASE] = "CKA_BASE"; + t[CKA_PRIME_BITS] = "CKA_PRIME_BITS"; +- t[CKA_SUBPRIME_BITS] = "CKA_SUBPRIME_BITS"; ++ t[CKA_SUB_PRIME_BITS] = "CKA_SUB_PRIME_BITS"; + t[CKA_VALUE_BITS] = "CKA_VALUE_BITS"; + t[CKA_VALUE_LEN] = "CKA_VALUE_LEN"; + t[CKA_EXTRACTABLE] = "CKA_EXTRACTABLE"; +diff --git a/src/lib/P11Attributes.cpp b/src/lib/P11Attributes.cpp +index 28d0f9b..02b71d7 100644 +--- a/src/lib/P11Attributes.cpp ++++ b/src/lib/P11Attributes.cpp +@@ -2350,7 +2350,7 @@ CK_RV P11AttrWrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_V + case CKA_KEY_GEN_MECHANISM: + case CKA_MODULUS_BITS: + case CKA_PRIME_BITS: +- case CKA_SUBPRIME_BITS: ++ case CKA_SUB_PRIME_BITS: + case CKA_VALUE_BITS: + case CKA_VALUE_LEN: + case CKA_AUTH_PIN_FLAGS: +@@ -2449,7 +2449,7 @@ CK_RV P11AttrUnwrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK + case CKA_KEY_GEN_MECHANISM: + case CKA_MODULUS_BITS: + case CKA_PRIME_BITS: +- case CKA_SUBPRIME_BITS: ++ case CKA_SUB_PRIME_BITS: + case CKA_VALUE_BITS: + case CKA_VALUE_LEN: + case CKA_AUTH_PIN_FLAGS: +diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp +index 7a23a8a..84a5f5f 100644 +--- a/src/lib/SoftHSM.cpp ++++ b/src/lib/SoftHSM.cpp +@@ -8149,10 +8149,10 @@ CK_RV SoftHSM::generateDSAParameters + } + bitLen = *(CK_ULONG*)pTemplate[i].pValue; + break; +- case CKA_SUBPRIME_BITS: ++ case CKA_SUB_PRIME_BITS: + if (pTemplate[i].ulValueLen != sizeof(CK_ULONG)) + { +- INFO_MSG("CKA_SUBPRIME_BITS does not have the size of CK_ULONG"); ++ INFO_MSG("CKA_SUB_PRIME_BITS does not have the size of CK_ULONG"); + return CKR_ATTRIBUTE_VALUE_INVALID; + } + qLen = *(CK_ULONG*)pTemplate[i].pValue; +@@ -8169,11 +8169,11 @@ CK_RV SoftHSM::generateDSAParameters + return CKR_TEMPLATE_INCOMPLETE; + } + +- // No real choice for CKA_SUBPRIME_BITS ++ // No real choice for CKA_SUB_PRIME_BITS + if ((qLen != 0) && + (((bitLen >= 2048) && (qLen != 256)) || + ((bitLen < 2048) && (qLen != 160)))) +- INFO_MSG("CKA_SUBPRIME_BITS is ignored"); ++ INFO_MSG("CKA_SUB_PRIME_BITS is ignored"); + + + // Generate domain parameters +diff --git a/src/lib/object_store/DBObject.cpp b/src/lib/object_store/DBObject.cpp +index d2515bd..1861aff 100644 +--- a/src/lib/object_store/DBObject.cpp ++++ b/src/lib/object_store/DBObject.cpp +@@ -452,7 +452,7 @@ static AttributeKind attributeKind(CK_ATTRIBUTE_TYPE type) + case CKA_SUBPRIME: return akBinary; + case CKA_BASE: return akBinary; + case CKA_PRIME_BITS: return akInteger; +- case CKA_SUBPRIME_BITS: return akInteger; ++ case CKA_SUB_PRIME_BITS: return akInteger; + case CKA_VALUE_BITS: return akInteger; + case CKA_VALUE_LEN: return akInteger; + case CKA_EXTRACTABLE: return akBoolean; +diff --git a/src/lib/object_store/test/DBObjectTests.cpp b/src/lib/object_store/test/DBObjectTests.cpp +index d856b06..22d252c 100644 +--- a/src/lib/object_store/test/DBObjectTests.cpp ++++ b/src/lib/object_store/test/DBObjectTests.cpp +@@ -202,7 +202,7 @@ void test_a_dbobject_with_an_object::should_store_unsigned_long_attributes() + CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); +- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); ++ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); + } + +@@ -215,20 +215,20 @@ void test_a_dbobject_with_an_object::should_store_unsigned_long_attributes() + CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); +- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); ++ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); + CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); + + CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); +- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); ++ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); + + CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue(), (unsigned long)0x12345678); + CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue(), (unsigned long)0x87654321); + CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue(), (unsigned long)0x01010101); +- CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue(), (unsigned long)0x10101010); ++ CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue(), (unsigned long)0x10101010); + CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue(), (unsigned long)0xABCDEF); + + unsigned long value6 = 0x90909090; +diff --git a/src/lib/object_store/test/ObjectFileTests.cpp b/src/lib/object_store/test/ObjectFileTests.cpp +index 9f0f5bd..f3c3ae5 100644 +--- a/src/lib/object_store/test/ObjectFileTests.cpp ++++ b/src/lib/object_store/test/ObjectFileTests.cpp +@@ -158,7 +158,7 @@ void ObjectFileTests::testULongAttr() + CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); +- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); ++ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); + } + +@@ -175,20 +175,20 @@ void ObjectFileTests::testULongAttr() + CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); +- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); ++ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); + CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); + + CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); +- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); ++ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); + + CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue() == 0x12345678); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue() == 0x87654321); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue() == 0x01010101); +- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue() == 0x10101010); ++ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue() == 0x10101010); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue() == 0xABCDEF); + + unsigned long value6 = 0x90909090; +diff --git a/src/lib/object_store/test/SessionObjectTests.cpp b/src/lib/object_store/test/SessionObjectTests.cpp +index 6183ec6..20d9052 100644 +--- a/src/lib/object_store/test/SessionObjectTests.cpp ++++ b/src/lib/object_store/test/SessionObjectTests.cpp +@@ -125,7 +125,7 @@ void SessionObjectTests::testULongAttr() + CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); +- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); ++ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); + CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); + + CPPUNIT_ASSERT(testObject.isValid()); +@@ -133,20 +133,20 @@ void SessionObjectTests::testULongAttr() + CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); +- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); ++ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); + CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); + CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); + + CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); +- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); ++ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); + + CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue() == 0x12345678); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue() == 0x87654321); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue() == 0x01010101); +- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue() == 0x10101010); ++ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue() == 0x10101010); + CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue() == 0xABCDEF); + + unsigned long value6 = 0x90909090; +diff --git a/src/lib/pkcs11/pkcs11.h b/src/lib/pkcs11/pkcs11.h +index 0d78dd7..9d31ce8 100644 +--- a/src/lib/pkcs11/pkcs11.h ++++ b/src/lib/pkcs11/pkcs11.h +@@ -1,265 +1,1750 @@ +-/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +- * /Distributed under the terms of the OASIS IPR Policy, +- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY +- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A +- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. +- */ +- +-/* Latest version of the specification: +- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html +- */ +- +-#ifndef _PKCS11_H_ +-#define _PKCS11_H_ 1 +- +-#ifdef __cplusplus ++/* pkcs11.h ++ Copyright 2006, 2007 g10 Code GmbH ++ Copyright 2006 Andreas Jellinghaus ++ Copyright 2017 Red Hat, Inc. ++ ++ This file is free software; as a special exception the author gives ++ unlimited permission to copy and/or distribute it, with or without ++ modifications, as long as this notice is preserved. ++ ++ This file is distributed in the hope that it will be useful, but ++ WITHOUT ANY WARRANTY, to the extent permitted by law; without even ++ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR ++ PURPOSE. */ ++ ++/* Please submit any changes back to the p11-kit project at ++ https://github.com/p11-glue/p11-kit/, so that ++ they can be picked up by other projects from there as well. */ ++ ++/* This file is a modified implementation of the PKCS #11 standard by ++ OASIS group. It is mostly a drop-in replacement, with the ++ following change: ++ ++ This header file does not require any macro definitions by the user ++ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros ++ for you (if useful, some are missing, let me know if you need ++ more). ++ ++ There is an additional API available that does comply better to the ++ GNU coding standard. It can be switched on by defining ++ CRYPTOKI_GNU before including this header file. For this, the ++ following changes are made to the specification: ++ ++ All structure types are changed to a "struct ck_foo" where CK_FOO ++ is the type name in PKCS #11. ++ ++ All non-structure types are changed to ck_foo_t where CK_FOO is the ++ lowercase version of the type name in PKCS #11. The basic types ++ (CK_ULONG et al.) are removed without substitute. ++ ++ All members of structures are modified in the following way: Type ++ indication prefixes are removed, and underscore characters are ++ inserted before words. Then the result is lowercased. ++ ++ Note that function names are still in the original case, as they ++ need for ABI compatibility. ++ ++ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use ++ . ++ ++ If CRYPTOKI_COMPAT is defined before including this header file, ++ then none of the API changes above take place, and the API is the ++ one defined by the PKCS #11 standard. */ ++ ++#ifndef PKCS11_H ++#define PKCS11_H 1 ++ ++#if defined(__cplusplus) + extern "C" { + #endif + +-/* Before including this file (pkcs11.h) (or pkcs11t.h by +- * itself), 5 platform-specific macros must be defined. These +- * macros are described below, and typical definitions for them +- * are also given. Be advised that these definitions can depend +- * on both the platform and the compiler used (and possibly also +- * on whether a Cryptoki library is linked statically or +- * dynamically). +- * +- * In addition to defining these 5 macros, the packing convention +- * for Cryptoki structures should be set. The Cryptoki +- * convention on packing is that structures should be 1-byte +- * aligned. +- * +- * If you're using Microsoft Developer Studio 5.0 to produce +- * Win32 stuff, this might be done by using the following +- * preprocessor directive before including pkcs11.h or pkcs11t.h: +- * +- * #pragma pack(push, cryptoki, 1) +- * +- * and using the following preprocessor directive after including +- * pkcs11.h or pkcs11t.h: +- * +- * #pragma pack(pop, cryptoki) +- * +- * If you're using an earlier version of Microsoft Developer +- * Studio to produce Win16 stuff, this might be done by using +- * the following preprocessor directive before including +- * pkcs11.h or pkcs11t.h: +- * +- * #pragma pack(1) +- * +- * In a UNIX environment, you're on your own for this. You might +- * not need to do (or be able to do!) anything. +- * +- * +- * Now for the macros: +- * +- * +- * 1. CK_PTR: The indirection string for making a pointer to an +- * object. It can be used like this: +- * +- * typedef CK_BYTE CK_PTR CK_BYTE_PTR; +- * +- * If you're using Microsoft Developer Studio 5.0 to produce +- * Win32 stuff, it might be defined by: +- * +- * #define CK_PTR * +- * +- * If you're using an earlier version of Microsoft Developer +- * Studio to produce Win16 stuff, it might be defined by: +- * +- * #define CK_PTR far * +- * +- * In a typical UNIX environment, it might be defined by: +- * +- * #define CK_PTR * +- * +- * +- * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes +- * an importable Cryptoki library function declaration out of a +- * return type and a function name. It should be used in the +- * following fashion: +- * +- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( +- * CK_VOID_PTR pReserved +- * ); +- * +- * If you're using Microsoft Developer Studio 5.0 to declare a +- * function in a Win32 Cryptoki .dll, it might be defined by: +- * +- * #define CK_DECLARE_FUNCTION(returnType, name) \ +- * returnType __declspec(dllimport) name +- * +- * If you're using an earlier version of Microsoft Developer +- * Studio to declare a function in a Win16 Cryptoki .dll, it +- * might be defined by: +- * +- * #define CK_DECLARE_FUNCTION(returnType, name) \ +- * returnType __export _far _pascal name +- * +- * In a UNIX environment, it might be defined by: +- * +- * #define CK_DECLARE_FUNCTION(returnType, name) \ +- * returnType name +- * +- * +- * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro +- * which makes a Cryptoki API function pointer declaration or +- * function pointer type declaration out of a return type and a +- * function name. It should be used in the following fashion: +- * +- * // Define funcPtr to be a pointer to a Cryptoki API function +- * // taking arguments args and returning CK_RV. +- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); +- * +- * or +- * +- * // Define funcPtrType to be the type of a pointer to a +- * // Cryptoki API function taking arguments args and returning +- * // CK_RV, and then define funcPtr to be a variable of type +- * // funcPtrType. +- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); +- * funcPtrType funcPtr; +- * +- * If you're using Microsoft Developer Studio 5.0 to access +- * functions in a Win32 Cryptoki .dll, in might be defined by: +- * +- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ +- * returnType __declspec(dllimport) (* name) +- * +- * If you're using an earlier version of Microsoft Developer +- * Studio to access functions in a Win16 Cryptoki .dll, it might +- * be defined by: +- * +- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ +- * returnType __export _far _pascal (* name) +- * +- * In a UNIX environment, it might be defined by: +- * +- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ +- * returnType (* name) +- * +- * +- * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes +- * a function pointer type for an application callback out of +- * a return type for the callback and a name for the callback. +- * It should be used in the following fashion: +- * +- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); +- * +- * to declare a function pointer, myCallback, to a callback +- * which takes arguments args and returns a CK_RV. It can also +- * be used like this: +- * +- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); +- * myCallbackType myCallback; +- * +- * If you're using Microsoft Developer Studio 5.0 to do Win32 +- * Cryptoki development, it might be defined by: +- * +- * #define CK_CALLBACK_FUNCTION(returnType, name) \ +- * returnType (* name) +- * +- * If you're using an earlier version of Microsoft Developer +- * Studio to do Win16 development, it might be defined by: +- * +- * #define CK_CALLBACK_FUNCTION(returnType, name) \ +- * returnType _far _pascal (* name) +- * +- * In a UNIX environment, it might be defined by: +- * +- * #define CK_CALLBACK_FUNCTION(returnType, name) \ +- * returnType (* name) +- * +- * +- * 5. NULL_PTR: This macro is the value of a NULL pointer. +- * +- * In any ANSI/ISO C environment (and in many others as well), +- * this should best be defined by +- * +- * #ifndef NULL_PTR +- * #define NULL_PTR 0 +- * #endif +- */ +- +- +-/* All the various Cryptoki types and #define'd values are in the +- * file pkcs11t.h. +- */ +-#include "pkcs11t.h" +- +-#define __PASTE(x,y) x##y +- +- +-/* ============================================================== +- * Define the "extern" form of all the entry points. +- * ============================================================== +- */ +- +-#define CK_NEED_ARG_LIST 1 +-#define CK_PKCS11_FUNCTION_INFO(name) \ +- extern CK_DECLARE_FUNCTION(CK_RV, name) +- +-/* pkcs11f.h has all the information about the Cryptoki +- * function prototypes. +- */ +-#include "pkcs11f.h" +- +-#undef CK_NEED_ARG_LIST +-#undef CK_PKCS11_FUNCTION_INFO +- +- +-/* ============================================================== +- * Define the typedef form of all the entry points. That is, for +- * each Cryptoki function C_XXX, define a type CK_C_XXX which is +- * a pointer to that kind of function. +- * ============================================================== +- */ +- +-#define CK_NEED_ARG_LIST 1 +-#define CK_PKCS11_FUNCTION_INFO(name) \ +- typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) +- +-/* pkcs11f.h has all the information about the Cryptoki +- * function prototypes. +- */ +-#include "pkcs11f.h" +- +-#undef CK_NEED_ARG_LIST +-#undef CK_PKCS11_FUNCTION_INFO +- +- +-/* ============================================================== +- * Define structed vector of entry points. A CK_FUNCTION_LIST +- * contains a CK_VERSION indicating a library's Cryptoki version +- * and then a whole slew of function pointers to the routines in +- * the library. This type was declared, but not defined, in +- * pkcs11t.h. +- * ============================================================== +- */ +- +-#define CK_PKCS11_FUNCTION_INFO(name) \ +- __PASTE(CK_,name) name; +- +-struct CK_FUNCTION_LIST { +- +- CK_VERSION version; /* Cryptoki version */ +- +-/* Pile all the function pointers into the CK_FUNCTION_LIST. */ +-/* pkcs11f.h has all the information about the Cryptoki +- * function prototypes. +- */ +-#include "pkcs11f.h" + ++/* The version of cryptoki we implement. The revision is changed with ++ each modification of this file. */ ++#define CRYPTOKI_VERSION_MAJOR 2 ++#define CRYPTOKI_VERSION_MINOR 40 ++#define P11_KIT_CRYPTOKI_VERSION_REVISION 0 ++ ++ ++/* Compatibility interface is default, unless CRYPTOKI_GNU is ++ given. */ ++#ifndef CRYPTOKI_GNU ++#ifndef CRYPTOKI_COMPAT ++#define CRYPTOKI_COMPAT 1 ++#endif ++#endif ++ ++/* System dependencies. */ ++ ++#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) ++ ++/* There is a matching pop below. */ ++#pragma pack(push, cryptoki, 1) ++ ++#ifdef CRYPTOKI_EXPORTS ++#define CK_SPEC __declspec(dllexport) ++#else ++#define CK_SPEC __declspec(dllimport) ++#endif ++ ++#else ++ ++#define CK_SPEC ++ ++#endif ++ ++ ++#ifdef CRYPTOKI_COMPAT ++ /* If we are in compatibility mode, switch all exposed names to the ++ PKCS #11 variant. There are corresponding #undefs below. */ ++ ++#define ck_flags_t CK_FLAGS ++#define ck_version _CK_VERSION ++ ++#define ck_info _CK_INFO ++#define cryptoki_version cryptokiVersion ++#define manufacturer_id manufacturerID ++#define library_description libraryDescription ++#define library_version libraryVersion ++ ++#define ck_notification_t CK_NOTIFICATION ++#define ck_slot_id_t CK_SLOT_ID ++ ++#define ck_slot_info _CK_SLOT_INFO ++#define slot_description slotDescription ++#define hardware_version hardwareVersion ++#define firmware_version firmwareVersion ++ ++#define ck_token_info _CK_TOKEN_INFO ++#define serial_number serialNumber ++#define max_session_count ulMaxSessionCount ++#define session_count ulSessionCount ++#define max_rw_session_count ulMaxRwSessionCount ++#define rw_session_count ulRwSessionCount ++#define max_pin_len ulMaxPinLen ++#define min_pin_len ulMinPinLen ++#define total_public_memory ulTotalPublicMemory ++#define free_public_memory ulFreePublicMemory ++#define total_private_memory ulTotalPrivateMemory ++#define free_private_memory ulFreePrivateMemory ++#define utc_time utcTime ++ ++#define ck_session_handle_t CK_SESSION_HANDLE ++#define ck_user_type_t CK_USER_TYPE ++#define ck_state_t CK_STATE ++ ++#define ck_session_info _CK_SESSION_INFO ++#define slot_id slotID ++#define device_error ulDeviceError ++ ++#define ck_object_handle_t CK_OBJECT_HANDLE ++#define ck_object_class_t CK_OBJECT_CLASS ++#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE ++#define ck_key_type_t CK_KEY_TYPE ++#define ck_certificate_type_t CK_CERTIFICATE_TYPE ++#define ck_attribute_type_t CK_ATTRIBUTE_TYPE ++ ++#define ck_attribute _CK_ATTRIBUTE ++#define value pValue ++#define value_len ulValueLen ++ ++#define count ulCount ++ ++#define ck_date _CK_DATE ++ ++#define ck_mechanism_type_t CK_MECHANISM_TYPE ++ ++#define ck_mechanism _CK_MECHANISM ++#define parameter pParameter ++#define parameter_len ulParameterLen ++ ++#define params pParams ++ ++#define ck_mechanism_info _CK_MECHANISM_INFO ++#define min_key_size ulMinKeySize ++#define max_key_size ulMaxKeySize ++ ++#define ck_param_type CK_PARAM_TYPE ++#define ck_otp_param CK_OTP_PARAM ++#define ck_otp_params CK_OTP_PARAMS ++#define ck_otp_signature_info CK_OTP_SIGNATURE_INFO ++ ++#define ck_rv_t CK_RV ++#define ck_notify_t CK_NOTIFY ++ ++#define ck_function_list _CK_FUNCTION_LIST ++ ++#define ck_createmutex_t CK_CREATEMUTEX ++#define ck_destroymutex_t CK_DESTROYMUTEX ++#define ck_lockmutex_t CK_LOCKMUTEX ++#define ck_unlockmutex_t CK_UNLOCKMUTEX ++ ++#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS ++#define create_mutex CreateMutex ++#define destroy_mutex DestroyMutex ++#define lock_mutex LockMutex ++#define unlock_mutex UnlockMutex ++#define reserved pReserved ++ ++#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE ++#define ck_rsa_pkcs_oaep_source_type_t CK_RSA_PKCS_OAEP_SOURCE_TYPE ++#define hash_alg hashAlg ++#define s_len sLen ++#define source_data pSourceData ++#define source_data_len ulSourceDataLen ++ ++#define counter_bits ulCounterBits ++#define iv_ptr pIv ++#define iv_len ulIvLen ++#define iv_bits ulIvBits ++#define aad_ptr pAAD ++#define aad_len ulAADLen ++#define tag_bits ulTagBits ++#define shared_data_len ulSharedDataLen ++#define shared_data pSharedData ++#define public_data_len ulPublicDataLen ++#define public_data pPublicData ++#define string_data pData ++#define string_data_len ulLen ++#define data_params pData ++#endif /* CRYPTOKI_COMPAT */ ++ ++ ++ ++typedef unsigned long ck_flags_t; ++ ++struct ck_version ++{ ++ unsigned char major; ++ unsigned char minor; + }; + +-#undef CK_PKCS11_FUNCTION_INFO + ++struct ck_info ++{ ++ struct ck_version cryptoki_version; ++ unsigned char manufacturer_id[32]; ++ ck_flags_t flags; ++ unsigned char library_description[32]; ++ struct ck_version library_version; ++}; + +-#undef __PASTE + +-#ifdef __cplusplus +-} ++typedef unsigned long ck_notification_t; ++ ++#define CKN_SURRENDER (0UL) ++ ++ ++typedef unsigned long ck_slot_id_t; ++ ++ ++struct ck_slot_info ++{ ++ unsigned char slot_description[64]; ++ unsigned char manufacturer_id[32]; ++ ck_flags_t flags; ++ struct ck_version hardware_version; ++ struct ck_version firmware_version; ++}; ++ ++ ++#define CKF_TOKEN_PRESENT (1UL << 0) ++#define CKF_REMOVABLE_DEVICE (1UL << 1) ++#define CKF_HW_SLOT (1UL << 2) ++#define CKF_ARRAY_ATTRIBUTE (1UL << 30) ++ ++ ++struct ck_token_info ++{ ++ unsigned char label[32]; ++ unsigned char manufacturer_id[32]; ++ unsigned char model[16]; ++ unsigned char serial_number[16]; ++ ck_flags_t flags; ++ unsigned long max_session_count; ++ unsigned long session_count; ++ unsigned long max_rw_session_count; ++ unsigned long rw_session_count; ++ unsigned long max_pin_len; ++ unsigned long min_pin_len; ++ unsigned long total_public_memory; ++ unsigned long free_public_memory; ++ unsigned long total_private_memory; ++ unsigned long free_private_memory; ++ struct ck_version hardware_version; ++ struct ck_version firmware_version; ++ unsigned char utc_time[16]; ++}; ++ ++ ++#define CKF_RNG (1UL << 0) ++#define CKF_WRITE_PROTECTED (1UL << 1) ++#define CKF_LOGIN_REQUIRED (1UL << 2) ++#define CKF_USER_PIN_INITIALIZED (1UL << 3) ++#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) ++#define CKF_CLOCK_ON_TOKEN (1UL << 6) ++#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) ++#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) ++#define CKF_TOKEN_INITIALIZED (1UL << 10) ++#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) ++#define CKF_USER_PIN_COUNT_LOW (1UL << 16) ++#define CKF_USER_PIN_FINAL_TRY (1UL << 17) ++#define CKF_USER_PIN_LOCKED (1UL << 18) ++#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) ++#define CKF_SO_PIN_COUNT_LOW (1UL << 20) ++#define CKF_SO_PIN_FINAL_TRY (1UL << 21) ++#define CKF_SO_PIN_LOCKED (1UL << 22) ++#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) ++ ++#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) ++#define CK_EFFECTIVELY_INFINITE (0UL) ++ ++ ++typedef unsigned long ck_session_handle_t; ++ ++#define CK_INVALID_HANDLE (0UL) ++ ++ ++typedef unsigned long ck_user_type_t; ++ ++#define CKU_SO (0UL) ++#define CKU_USER (1UL) ++#define CKU_CONTEXT_SPECIFIC (2UL) ++ ++ ++typedef unsigned long ck_state_t; ++ ++#define CKS_RO_PUBLIC_SESSION (0UL) ++#define CKS_RO_USER_FUNCTIONS (1UL) ++#define CKS_RW_PUBLIC_SESSION (2UL) ++#define CKS_RW_USER_FUNCTIONS (3UL) ++#define CKS_RW_SO_FUNCTIONS (4UL) ++ ++ ++struct ck_session_info ++{ ++ ck_slot_id_t slot_id; ++ ck_state_t state; ++ ck_flags_t flags; ++ unsigned long device_error; ++}; ++ ++#define CKF_RW_SESSION (1UL << 1) ++#define CKF_SERIAL_SESSION (1UL << 2) ++ ++ ++typedef unsigned long ck_object_handle_t; ++ ++ ++typedef unsigned long ck_object_class_t; ++ ++#define CKO_DATA (0UL) ++#define CKO_CERTIFICATE (1UL) ++#define CKO_PUBLIC_KEY (2UL) ++#define CKO_PRIVATE_KEY (3UL) ++#define CKO_SECRET_KEY (4UL) ++#define CKO_HW_FEATURE (5UL) ++#define CKO_DOMAIN_PARAMETERS (6UL) ++#define CKO_MECHANISM (7UL) ++#define CKO_OTP_KEY (8UL) ++#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++ ++typedef unsigned long ck_hw_feature_type_t; ++ ++#define CKH_MONOTONIC_COUNTER (1UL) ++#define CKH_CLOCK (2UL) ++#define CKH_USER_INTERFACE (3UL) ++#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++ ++typedef unsigned long ck_key_type_t; ++ ++#define CKK_RSA (0UL) ++#define CKK_DSA (1UL) ++#define CKK_DH (2UL) ++#define CKK_ECDSA (3UL) ++#define CKK_EC (3UL) ++#define CKK_X9_42_DH (4UL) ++#define CKK_KEA (5UL) ++#define CKK_GENERIC_SECRET (0x10UL) ++#define CKK_RC2 (0x11UL) ++#define CKK_RC4 (0x12UL) ++#define CKK_DES (0x13UL) ++#define CKK_DES2 (0x14UL) ++#define CKK_DES3 (0x15UL) ++#define CKK_CAST (0x16UL) ++#define CKK_CAST3 (0x17UL) ++#define CKK_CAST128 (0x18UL) ++#define CKK_RC5 (0x19UL) ++#define CKK_IDEA (0x1aUL) ++#define CKK_SKIPJACK (0x1bUL) ++#define CKK_BATON (0x1cUL) ++#define CKK_JUNIPER (0x1dUL) ++#define CKK_CDMF (0x1eUL) ++#define CKK_AES (0x1fUL) ++#define CKK_BLOWFISH (0x20UL) ++#define CKK_TWOFISH (0x21UL) ++#define CKK_SECURID (0x22UL) ++#define CKK_HOTP (0x23UL) ++#define CKK_ACTI (0x24UL) ++#define CKK_CAMELLIA (0x25UL) ++#define CKK_ARIA (0x26UL) ++#define CKK_MD5_HMAC (0x27UL) ++#define CKK_SHA_1_HMAC (0x28UL) ++#define CKK_RIPEMD128_HMAC (0x29UL) ++#define CKK_RIPEMD160_HMAC (0x2aUL) ++#define CKK_SHA256_HMAC (0x2bUL) ++#define CKK_SHA384_HMAC (0x2cUL) ++#define CKK_SHA512_HMAC (0x2dUL) ++#define CKK_SHA224_HMAC (0x2eUL) ++#define CKK_SEED (0x2fUL) ++#define CKK_GOSTR3410 (0x30UL) ++#define CKK_GOSTR3411 (0x31UL) ++#define CKK_GOST28147 (0x32UL) ++#define CKK_EC_EDWARDS (0x40UL) ++#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++ ++typedef unsigned long ck_certificate_type_t; ++ ++#define CKC_X_509 (0UL) ++#define CKC_X_509_ATTR_CERT (1UL) ++#define CKC_WTLS (2UL) ++#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x504750UL) ++ ++typedef unsigned long ck_attribute_type_t; ++ ++#define CKA_CLASS (0UL) ++#define CKA_TOKEN (1UL) ++#define CKA_PRIVATE (2UL) ++#define CKA_LABEL (3UL) ++#define CKA_APPLICATION (0x10UL) ++#define CKA_VALUE (0x11UL) ++#define CKA_OBJECT_ID (0x12UL) ++#define CKA_CERTIFICATE_TYPE (0x80UL) ++#define CKA_ISSUER (0x81UL) ++#define CKA_SERIAL_NUMBER (0x82UL) ++#define CKA_AC_ISSUER (0x83UL) ++#define CKA_OWNER (0x84UL) ++#define CKA_ATTR_TYPES (0x85UL) ++#define CKA_TRUSTED (0x86UL) ++#define CKA_CERTIFICATE_CATEGORY (0x87UL) ++#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) ++#define CKA_URL (0x89UL) ++#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) ++#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) ++#define CKA_NAME_HASH_ALGORITHM (0x8cUL) ++#define CKA_CHECK_VALUE (0x90UL) ++#define CKA_KEY_TYPE (0x100UL) ++#define CKA_SUBJECT (0x101UL) ++#define CKA_ID (0x102UL) ++#define CKA_SENSITIVE (0x103UL) ++#define CKA_ENCRYPT (0x104UL) ++#define CKA_DECRYPT (0x105UL) ++#define CKA_WRAP (0x106UL) ++#define CKA_UNWRAP (0x107UL) ++#define CKA_SIGN (0x108UL) ++#define CKA_SIGN_RECOVER (0x109UL) ++#define CKA_VERIFY (0x10aUL) ++#define CKA_VERIFY_RECOVER (0x10bUL) ++#define CKA_DERIVE (0x10cUL) ++#define CKA_START_DATE (0x110UL) ++#define CKA_END_DATE (0x111UL) ++#define CKA_MODULUS (0x120UL) ++#define CKA_MODULUS_BITS (0x121UL) ++#define CKA_PUBLIC_EXPONENT (0x122UL) ++#define CKA_PRIVATE_EXPONENT (0x123UL) ++#define CKA_PRIME_1 (0x124UL) ++#define CKA_PRIME_2 (0x125UL) ++#define CKA_EXPONENT_1 (0x126UL) ++#define CKA_EXPONENT_2 (0x127UL) ++#define CKA_COEFFICIENT (0x128UL) ++#define CKA_PUBLIC_KEY_INFO (0x129UL) ++#define CKA_PRIME (0x130UL) ++#define CKA_SUBPRIME (0x131UL) ++#define CKA_BASE (0x132UL) ++#define CKA_PRIME_BITS (0x133UL) ++#define CKA_SUB_PRIME_BITS (0x134UL) ++#define CKA_VALUE_BITS (0x160UL) ++#define CKA_VALUE_LEN (0x161UL) ++#define CKA_EXTRACTABLE (0x162UL) ++#define CKA_LOCAL (0x163UL) ++#define CKA_NEVER_EXTRACTABLE (0x164UL) ++#define CKA_ALWAYS_SENSITIVE (0x165UL) ++#define CKA_KEY_GEN_MECHANISM (0x166UL) ++#define CKA_MODIFIABLE (0x170UL) ++#define CKA_COPYABLE (0x171UL) ++#define CKA_DESTROYABLE (0x172UL) ++#define CKA_ECDSA_PARAMS (0x180UL) ++#define CKA_EC_PARAMS (0x180UL) ++#define CKA_EC_POINT (0x181UL) ++#define CKA_SECONDARY_AUTH (0x200UL) ++#define CKA_AUTH_PIN_FLAGS (0x201UL) ++#define CKA_ALWAYS_AUTHENTICATE (0x202UL) ++#define CKA_WRAP_WITH_TRUSTED (0x210UL) ++#define CKA_OTP_FORMAT (0x220UL) ++#define CKA_OTP_LENGTH (0x221UL) ++#define CKA_OTP_TIME_INTERVAL (0x222UL) ++#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL) ++#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL) ++#define CKA_OTP_TIME_REQUIREMENT (0x225UL) ++#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL) ++#define CKA_OTP_PIN_REQUIREMENT (0x227UL) ++#define CKA_OTP_USER_IDENTIFIER (0x22AUL) ++#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL) ++#define CKA_OTP_SERVICE_LOGO (0x22CUL) ++#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL) ++#define CKA_OTP_COUNTER (0x22EUL) ++#define CKA_OTP_TIME (0x22FUL) ++#define CKA_GOSTR3410_PARAMS (0x250UL) ++#define CKA_GOSTR3411_PARAMS (0x251UL) ++#define CKA_GOST28147_PARAMS (0x252UL) ++#define CKA_HW_FEATURE_TYPE (0x300UL) ++#define CKA_RESET_ON_INIT (0x301UL) ++#define CKA_HAS_RESET (0x302UL) ++#define CKA_PIXEL_X (0x400UL) ++#define CKA_PIXEL_Y (0x401UL) ++#define CKA_RESOLUTION (0x402UL) ++#define CKA_CHAR_ROWS (0x403UL) ++#define CKA_CHAR_COLUMNS (0x404UL) ++#define CKA_COLOR (0x405UL) ++#define CKA_BITS_PER_PIXEL (0x406UL) ++#define CKA_CHAR_SETS (0x480UL) ++#define CKA_ENCODING_METHODS (0x481UL) ++#define CKA_MIME_TYPES (0x482UL) ++#define CKA_MECHANISM_TYPE (0x500UL) ++#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) ++#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) ++#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) ++#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) ++#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) ++#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x213UL) ++#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) ++#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++ ++struct ck_attribute ++{ ++ ck_attribute_type_t type; ++ void *value; ++ unsigned long value_len; ++}; ++ ++ ++struct ck_date ++{ ++ unsigned char year[4]; ++ unsigned char month[2]; ++ unsigned char day[2]; ++}; ++ ++ ++typedef unsigned long ck_mechanism_type_t; ++ ++#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) ++#define CKM_RSA_PKCS (1UL) ++#define CKM_RSA_9796 (2UL) ++#define CKM_RSA_X_509 (3UL) ++#define CKM_MD2_RSA_PKCS (4UL) ++#define CKM_MD5_RSA_PKCS (5UL) ++#define CKM_SHA1_RSA_PKCS (6UL) ++#define CKM_RIPEMD128_RSA_PKCS (7UL) ++#define CKM_RIPEMD160_RSA_PKCS (8UL) ++#define CKM_RSA_PKCS_OAEP (9UL) ++#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) ++#define CKM_RSA_X9_31 (0xbUL) ++#define CKM_SHA1_RSA_X9_31 (0xcUL) ++#define CKM_RSA_PKCS_PSS (0xdUL) ++#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) ++#define CKM_DSA_KEY_PAIR_GEN (0x10UL) ++#define CKM_DSA (0x11UL) ++#define CKM_DSA_SHA1 (0x12UL) ++#define CKM_DSA_SHA224 (0x13UL) ++#define CKM_DSA_SHA256 (0x14UL) ++#define CKM_DSA_SHA384 (0x15UL) ++#define CKM_DSA_SHA512 (0x16UL) ++#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) ++#define CKM_DH_PKCS_DERIVE (0x21UL) ++#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) ++#define CKM_X9_42_DH_DERIVE (0x31UL) ++#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) ++#define CKM_X9_42_MQV_DERIVE (0x33UL) ++#define CKM_SHA256_RSA_PKCS (0x40UL) ++#define CKM_SHA384_RSA_PKCS (0x41UL) ++#define CKM_SHA512_RSA_PKCS (0x42UL) ++#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) ++#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) ++#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) ++#define CKM_SHA512_224 (0x48UL) ++#define CKM_SHA512_224_HMAC (0x49UL) ++#define CKM_SHA512_224_HMAC_GENERAL (0x4aUL) ++#define CKM_SHA512_224_KEY_DERIVATION (0x4bUL) ++#define CKM_SHA512_256 (0x4cUL) ++#define CKM_SHA512_256_HMAC (0x4dUL) ++#define CKM_SHA512_256_HMAC_GENERAL (0x4eUL) ++#define CKM_SHA512_256_KEY_DERIVATION (0x4fUL) ++#define CKM_SHA512_T (0x50UL) ++#define CKM_SHA512_T_HMAC (0x51UL) ++#define CKM_SHA512_T_HMAC_GENERAL (0x52UL) ++#define CKM_SHA512_T_KEY_DERIVATION (0x53UL) ++#define CKM_RC2_KEY_GEN (0x100UL) ++#define CKM_RC2_ECB (0x101UL) ++#define CKM_RC2_CBC (0x102UL) ++#define CKM_RC2_MAC (0x103UL) ++#define CKM_RC2_MAC_GENERAL (0x104UL) ++#define CKM_RC2_CBC_PAD (0x105UL) ++#define CKM_RC4_KEY_GEN (0x110UL) ++#define CKM_RC4 (0x111UL) ++#define CKM_DES_KEY_GEN (0x120UL) ++#define CKM_DES_ECB (0x121UL) ++#define CKM_DES_CBC (0x122UL) ++#define CKM_DES_MAC (0x123UL) ++#define CKM_DES_MAC_GENERAL (0x124UL) ++#define CKM_DES_CBC_PAD (0x125UL) ++#define CKM_DES2_KEY_GEN (0x130UL) ++#define CKM_DES3_KEY_GEN (0x131UL) ++#define CKM_DES3_ECB (0x132UL) ++#define CKM_DES3_CBC (0x133UL) ++#define CKM_DES3_MAC (0x134UL) ++#define CKM_DES3_MAC_GENERAL (0x135UL) ++#define CKM_DES3_CBC_PAD (0x136UL) ++#define CKM_DES3_CMAC_GENERAL (0x137UL) ++#define CKM_DES3_CMAC (0x138UL) ++#define CKM_CDMF_KEY_GEN (0x140UL) ++#define CKM_CDMF_ECB (0x141UL) ++#define CKM_CDMF_CBC (0x142UL) ++#define CKM_CDMF_MAC (0x143UL) ++#define CKM_CDMF_MAC_GENERAL (0x144UL) ++#define CKM_CDMF_CBC_PAD (0x145UL) ++#define CKM_DES_OFB64 (0x150UL) ++#define CKM_DES_OFB8 (0x151UL) ++#define CKM_DES_CFB64 (0x152UL) ++#define CKM_DES_CFB8 (0x153UL) ++#define CKM_MD2 (0x200UL) ++#define CKM_MD2_HMAC (0x201UL) ++#define CKM_MD2_HMAC_GENERAL (0x202UL) ++#define CKM_MD5 (0x210UL) ++#define CKM_MD5_HMAC (0x211UL) ++#define CKM_MD5_HMAC_GENERAL (0x212UL) ++#define CKM_SHA_1 (0x220UL) ++#define CKM_SHA_1_HMAC (0x221UL) ++#define CKM_SHA_1_HMAC_GENERAL (0x222UL) ++#define CKM_RIPEMD128 (0x230UL) ++#define CKM_RIPEMD128_HMAC (0x231UL) ++#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) ++#define CKM_RIPEMD160 (0x240UL) ++#define CKM_RIPEMD160_HMAC (0x241UL) ++#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) ++#define CKM_SHA256 (0x250UL) ++#define CKM_SHA256_HMAC (0x251UL) ++#define CKM_SHA256_HMAC_GENERAL (0x252UL) ++#define CKM_SHA384 (0x260UL) ++#define CKM_SHA384_HMAC (0x261UL) ++#define CKM_SHA384_HMAC_GENERAL (0x262UL) ++#define CKM_SHA512 (0x270UL) ++#define CKM_SHA512_HMAC (0x271UL) ++#define CKM_SHA512_HMAC_GENERAL (0x272UL) ++#define CKM_SECURID_KEY_GEN (0x280UL) ++#define CKM_SECURID (0x282UL) ++#define CKM_HOTP_KEY_GEN (0x290UL) ++#define CKM_HOTP (0x291UL) ++#define CKM_ACTI (0x2a0UL) ++#define CKM_ACTI_KEY_GEN (0x2a1UL) ++#define CKM_CAST_KEY_GEN (0x300UL) ++#define CKM_CAST_ECB (0x301UL) ++#define CKM_CAST_CBC (0x302UL) ++#define CKM_CAST_MAC (0x303UL) ++#define CKM_CAST_MAC_GENERAL (0x304UL) ++#define CKM_CAST_CBC_PAD (0x305UL) ++#define CKM_CAST3_KEY_GEN (0x310UL) ++#define CKM_CAST3_ECB (0x311UL) ++#define CKM_CAST3_CBC (0x312UL) ++#define CKM_CAST3_MAC (0x313UL) ++#define CKM_CAST3_MAC_GENERAL (0x314UL) ++#define CKM_CAST3_CBC_PAD (0x315UL) ++#define CKM_CAST5_KEY_GEN (0x320UL) ++#define CKM_CAST128_KEY_GEN (0x320UL) ++#define CKM_CAST5_ECB (0x321UL) ++#define CKM_CAST128_ECB (0x321UL) ++#define CKM_CAST5_CBC (0x322UL) ++#define CKM_CAST128_CBC (0x322UL) ++#define CKM_CAST5_MAC (0x323UL) ++#define CKM_CAST128_MAC (0x323UL) ++#define CKM_CAST5_MAC_GENERAL (0x324UL) ++#define CKM_CAST128_MAC_GENERAL (0x324UL) ++#define CKM_CAST5_CBC_PAD (0x325UL) ++#define CKM_CAST128_CBC_PAD (0x325UL) ++#define CKM_RC5_KEY_GEN (0x330UL) ++#define CKM_RC5_ECB (0x331UL) ++#define CKM_RC5_CBC (0x332UL) ++#define CKM_RC5_MAC (0x333UL) ++#define CKM_RC5_MAC_GENERAL (0x334UL) ++#define CKM_RC5_CBC_PAD (0x335UL) ++#define CKM_IDEA_KEY_GEN (0x340UL) ++#define CKM_IDEA_ECB (0x341UL) ++#define CKM_IDEA_CBC (0x342UL) ++#define CKM_IDEA_MAC (0x343UL) ++#define CKM_IDEA_MAC_GENERAL (0x344UL) ++#define CKM_IDEA_CBC_PAD (0x345UL) ++#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) ++#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) ++#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) ++#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) ++#define CKM_XOR_BASE_AND_DATA (0x364UL) ++#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) ++#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) ++#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) ++#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) ++#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) ++#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) ++#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) ++#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) ++#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) ++#define CKM_TLS_PRF (0x378UL) ++#define CKM_SSL3_MD5_MAC (0x380UL) ++#define CKM_SSL3_SHA1_MAC (0x381UL) ++#define CKM_MD5_KEY_DERIVATION (0x390UL) ++#define CKM_MD2_KEY_DERIVATION (0x391UL) ++#define CKM_SHA1_KEY_DERIVATION (0x392UL) ++#define CKM_SHA256_KEY_DERIVATION (0x393UL) ++#define CKM_SHA384_KEY_DERIVATION (0x394UL) ++#define CKM_SHA512_KEY_DERIVATION (0x395UL) ++#define CKM_PBE_MD2_DES_CBC (0x3a0UL) ++#define CKM_PBE_MD5_DES_CBC (0x3a1UL) ++#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) ++#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) ++#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) ++#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) ++#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) ++#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) ++#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) ++#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) ++#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) ++#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) ++#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) ++#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) ++#define CKM_PKCS5_PBKD2 (0x3b0UL) ++#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) ++#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) ++#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) ++#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) ++#define CKM_WTLS_PRF (0x3d3UL) ++#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) ++#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) ++#define CKM_TLS10_MAC_SERVER (0x3d6UL) ++#define CKM_TLS10_MAC_CLIENT (0x3d7UL) ++#define CKM_TLS12_MAC (0x3d8UL) ++#define CKM_TLS12_KDF (0x3d9UL) ++#define CKM_TLS12_MASTER_KEY_DERIVE (0x3e0UL) ++#define CKM_TLS12_KEY_AND_MAC_DERIVE (0x3e1UL) ++#define CKM_TLS12_MASTER_KEY_DERIVE_DH (0x3e2UL) ++#define CKM_TLS12_KEY_SAFE_DERIVE (0x3e3UL) ++#define CKM_TLS_MAC (0x3e4UL) ++#define CKM_TLS_KDF (0x3e5UL) ++#define CKM_KEY_WRAP_LYNKS (0x400UL) ++#define CKM_KEY_WRAP_SET_OAEP (0x401UL) ++#define CKM_CMS_SIG (0x500UL) ++#define CKM_KIP_DERIVE (0x510UL) ++#define CKM_KIP_WRAP (0x511UL) ++#define CKM_KIP_MAC (0x512UL) ++#define CKM_CAMELLIA_KEY_GEN (0x550UL) ++#define CKM_CAMELLIA_CTR (0x558UL) ++#define CKM_ARIA_KEY_GEN (0x560UL) ++#define CKM_ARIA_ECB (0x561UL) ++#define CKM_ARIA_CBC (0x562UL) ++#define CKM_ARIA_MAC (0x563UL) ++#define CKM_ARIA_MAC_GENERAL (0x564UL) ++#define CKM_ARIA_CBC_PAD (0x565UL) ++#define CKM_ARIA_ECB_ENCRYPT_DATA (0x566UL) ++#define CKM_ARIA_CBC_ENCRYPT_DATA (0x567UL) ++#define CKM_SEED_KEY_GEN (0x650UL) ++#define CKM_SEED_ECB (0x651UL) ++#define CKM_SEED_CBC (0x652UL) ++#define CKM_SEED_MAC (0x653UL) ++#define CKM_SEED_MAC_GENERAL (0x654UL) ++#define CKM_SEED_CBC_PAD (0x655UL) ++#define CKM_SEED_ECB_ENCRYPT_DATA (0x656UL) ++#define CKM_SEED_CBC_ENCRYPT_DATA (0x657UL) ++#define CKM_SKIPJACK_KEY_GEN (0x1000UL) ++#define CKM_SKIPJACK_ECB64 (0x1001UL) ++#define CKM_SKIPJACK_CBC64 (0x1002UL) ++#define CKM_SKIPJACK_OFB64 (0x1003UL) ++#define CKM_SKIPJACK_CFB64 (0x1004UL) ++#define CKM_SKIPJACK_CFB32 (0x1005UL) ++#define CKM_SKIPJACK_CFB16 (0x1006UL) ++#define CKM_SKIPJACK_CFB8 (0x1007UL) ++#define CKM_SKIPJACK_WRAP (0x1008UL) ++#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) ++#define CKM_SKIPJACK_RELAYX (0x100aUL) ++#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) ++#define CKM_KEA_KEY_DERIVE (0x1011UL) ++#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) ++#define CKM_BATON_KEY_GEN (0x1030UL) ++#define CKM_BATON_ECB128 (0x1031UL) ++#define CKM_BATON_ECB96 (0x1032UL) ++#define CKM_BATON_CBC128 (0x1033UL) ++#define CKM_BATON_COUNTER (0x1034UL) ++#define CKM_BATON_SHUFFLE (0x1035UL) ++#define CKM_BATON_WRAP (0x1036UL) ++#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) ++#define CKM_EC_KEY_PAIR_GEN (0x1040UL) ++#define CKM_ECDSA (0x1041UL) ++#define CKM_ECDSA_SHA1 (0x1042UL) ++#define CKM_ECDSA_SHA224 (0x1043UL) ++#define CKM_ECDSA_SHA256 (0x1044UL) ++#define CKM_ECDSA_SHA384 (0x1045UL) ++#define CKM_ECDSA_SHA512 (0x1046UL) ++#define CKM_ECDH1_DERIVE (0x1050UL) ++#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) ++#define CKM_ECMQV_DERIVE (0x1052UL) ++#define CKM_ECDH_AES_KEY_WRAP (0x1053UL) ++#define CKM_RSA_AES_KEY_WRAP (0x1054UL) ++#define CKM_JUNIPER_KEY_GEN (0x1060UL) ++#define CKM_JUNIPER_ECB128 (0x1061UL) ++#define CKM_JUNIPER_CBC128 (0x1062UL) ++#define CKM_JUNIPER_COUNTER (0x1063UL) ++#define CKM_JUNIPER_SHUFFLE (0x1064UL) ++#define CKM_JUNIPER_WRAP (0x1065UL) ++#define CKM_FASTHASH (0x1070UL) ++#define CKM_AES_KEY_GEN (0x1080UL) ++#define CKM_AES_ECB (0x1081UL) ++#define CKM_AES_CBC (0x1082UL) ++#define CKM_AES_MAC (0x1083UL) ++#define CKM_AES_MAC_GENERAL (0x1084UL) ++#define CKM_AES_CBC_PAD (0x1085UL) ++#define CKM_AES_CTR (0x1086UL) ++#define CKM_AES_GCM (0x1087UL) ++#define CKM_AES_CCM (0x1088UL) ++#define CKM_AES_CTS (0x1089UL) ++#define CKM_AES_CMAC (0x108aUL) ++#define CKM_AES_CMAC_GENERAL (0x108bUL) ++#define CKM_AES_XCBC_MAC (0x108cUL) ++#define CKM_AES_XCBC_MAC_96 (0x108dUL) ++#define CKM_AES_GMAC (0x108eUL) ++#define CKM_BLOWFISH_KEY_GEN (0x1090UL) ++#define CKM_BLOWFISH_CBC (0x1091UL) ++#define CKM_TWOFISH_KEY_GEN (0x1092UL) ++#define CKM_TWOFISH_CBC (0x1093UL) ++#define CKM_BLOWFISH_CBC_PAD (0x1094UL) ++#define CKM_TWOFISH_CBC_PAD (0x1095UL) ++#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) ++#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) ++#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) ++#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) ++#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) ++#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) ++#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) ++#define CKM_GOSTR3410 (0x1201UL) ++#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) ++#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) ++#define CKM_GOSTR3410_DERIVE (0x1204UL) ++#define CKM_GOSTR3411 (0x1210UL) ++#define CKM_GOSTR3411_HMAC (0x1211UL) ++#define CKM_GOST28147_KEY_GEN (0x1220UL) ++#define CKM_GOST28147_ECB (0x1221UL) ++#define CKM_GOST28147 (0x1222UL) ++#define CKM_GOST28147_MAC (0x1223UL) ++#define CKM_GOST28147_KEY_WRAP (0x1224UL) ++#define CKM_DSA_PARAMETER_GEN (0x2000UL) ++#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) ++#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) ++#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN (0x2003UL) ++#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN (0x2004UL) ++#define CKM_AES_OFB (0x2104UL) ++#define CKM_AES_CFB64 (0x2105UL) ++#define CKM_AES_CFB8 (0x2106UL) ++#define CKM_AES_CFB128 (0x2107UL) ++#define CKM_AES_CFB1 (0x2108UL) ++ ++#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++/* Ammendments */ ++#define CKM_SHA224 (0x255UL) ++#define CKM_SHA224_HMAC (0x256UL) ++#define CKM_SHA224_HMAC_GENERAL (0x257UL) ++#define CKM_SHA224_RSA_PKCS (0x46UL) ++#define CKM_SHA224_RSA_PKCS_PSS (0x47UL) ++#define CKM_SHA224_KEY_DERIVATION (0x396UL) ++ ++#define CKM_CAMELLIA_KEY_GEN (0x550UL) ++#define CKM_CAMELLIA_ECB (0x551UL) ++#define CKM_CAMELLIA_CBC (0x552UL) ++#define CKM_CAMELLIA_MAC (0x553UL) ++#define CKM_CAMELLIA_MAC_GENERAL (0x554UL) ++#define CKM_CAMELLIA_CBC_PAD (0x555UL) ++#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) ++#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) ++ ++#define CKM_AES_KEY_WRAP (0x2109UL) ++#define CKM_AES_KEY_WRAP_PAD (0x210aUL) ++ ++#define CKM_RSA_PKCS_TPM_1_1 (0x4001UL) ++#define CKM_RSA_PKCS_OAEP_TPM_1_1 (0x4002UL) ++ ++/* From version 3.0 */ ++#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL) ++#define CKM_EDDSA (0x1057UL) ++ ++/* Attribute and other constants related to OTP */ ++#define CK_OTP_FORMAT_DECIMAL (0UL) ++#define CK_OTP_FORMAT_HEXADECIMAL (1UL) ++#define CK_OTP_FORMAT_ALPHANUMERIC (2UL) ++#define CK_OTP_FORMAT_BINARY (3UL) ++#define CK_OTP_PARAM_IGNORED (0UL) ++#define CK_OTP_PARAM_OPTIONAL (1UL) ++#define CK_OTP_PARAM_MANDATORY (2UL) ++ ++#define CK_OTP_VALUE (0UL) ++#define CK_OTP_PIN (1UL) ++#define CK_OTP_CHALLENGE (2UL) ++#define CK_OTP_TIME (3UL) ++#define CK_OTP_COUNTER (4UL) ++#define CK_OTP_FLAGS (5UL) ++#define CK_OTP_OUTPUT_LENGTH (6UL) ++#define CK_OTP_FORMAT (7UL) ++ ++/* OTP mechanism flags */ ++#define CKF_NEXT_OTP (0x01UL) ++#define CKF_EXCLUDE_TIME (0x02UL) ++#define CKF_EXCLUDE_COUNTER (0x04UL) ++#define CKF_EXCLUDE_CHALLENGE (0x08UL) ++#define CKF_EXCLUDE_PIN (0x10UL) ++#define CKF_USER_FRIENDLY_OTP (0x20UL) ++ ++#define CKN_OTP_CHANGED (0x01UL) ++ ++struct ck_mechanism ++{ ++ ck_mechanism_type_t mechanism; ++ void *parameter; ++ unsigned long parameter_len; ++}; ++ ++ ++struct ck_mechanism_info ++{ ++ unsigned long min_key_size; ++ unsigned long max_key_size; ++ ck_flags_t flags; ++}; ++ ++typedef unsigned long ck_param_type; ++ ++typedef struct ck_otp_param { ++ ck_param_type type; ++ void *value; ++ unsigned long value_len; ++} ck_otp_param; ++ ++typedef struct ck_otp_params { ++ struct ck_otp_param *params; ++ unsigned long count; ++} ck_otp_params; ++ ++typedef struct ck_otp_signature_info ++{ ++ struct ck_otp_param *params; ++ unsigned long count; ++} ck_otp_signature_info; ++ ++#define CKG_MGF1_SHA1 0x00000001UL ++#define CKG_MGF1_SHA224 0x00000005UL ++#define CKG_MGF1_SHA256 0x00000002UL ++#define CKG_MGF1_SHA384 0x00000003UL ++#define CKG_MGF1_SHA512 0x00000004UL ++ ++typedef unsigned long ck_rsa_pkcs_mgf_type_t; ++ ++struct ck_rsa_pkcs_pss_params { ++ ck_mechanism_type_t hash_alg; ++ ck_rsa_pkcs_mgf_type_t mgf; ++ unsigned long s_len; ++}; ++ ++typedef unsigned long ck_rsa_pkcs_oaep_source_type_t; ++ ++struct ck_rsa_pkcs_oaep_params { ++ ck_mechanism_type_t hash_alg; ++ ck_rsa_pkcs_mgf_type_t mgf; ++ ck_rsa_pkcs_oaep_source_type_t source; ++ void *source_data; ++ unsigned long source_data_len; ++}; ++ ++struct ck_aes_ctr_params { ++ unsigned long counter_bits; ++ unsigned char cb[16]; ++}; ++ ++struct ck_gcm_params { ++ unsigned char *iv_ptr; ++ unsigned long iv_len; ++ unsigned long iv_bits; ++ unsigned char *aad_ptr; ++ unsigned long aad_len; ++ unsigned long tag_bits; ++}; ++ ++ ++/* The following EC Key Derivation Functions are defined */ ++#define CKD_NULL (0x01UL) ++#define CKD_SHA1_KDF (0x02UL) ++ ++/* The following X9.42 DH key derivation functions are defined */ ++#define CKD_SHA1_KDF_ASN1 (0x03UL) ++#define CKD_SHA1_KDF_CONCATENATE (0x04UL) ++#define CKD_SHA224_KDF (0x05UL) ++#define CKD_SHA256_KDF (0x06UL) ++#define CKD_SHA384_KDF (0x07UL) ++#define CKD_SHA512_KDF (0x08UL) ++#define CKD_CPDIVERSIFY_KDF (0x09UL) ++ ++typedef unsigned long ck_ec_kdf_t; ++ ++struct ck_ecdh1_derive_params { ++ ck_ec_kdf_t kdf; ++ unsigned long shared_data_len; ++ unsigned char *shared_data; ++ unsigned long public_data_len; ++ unsigned char *public_data; ++}; ++ ++struct ck_key_derivation_string_data { ++ unsigned char *string_data; ++ unsigned long string_data_len; ++}; ++ ++struct ck_des_cbc_encrypt_data_params { ++ unsigned char iv[8]; ++ unsigned char *data_params; ++ unsigned long length; ++}; ++ ++struct ck_aes_cbc_encrypt_data_params { ++ unsigned char iv[16]; ++ unsigned char *data_params; ++ unsigned long length; ++}; ++ ++#define CKF_HW (1UL << 0) ++#define CKF_ENCRYPT (1UL << 8) ++#define CKF_DECRYPT (1UL << 9) ++#define CKF_DIGEST (1UL << 10) ++#define CKF_SIGN (1UL << 11) ++#define CKF_SIGN_RECOVER (1UL << 12) ++#define CKF_VERIFY (1UL << 13) ++#define CKF_VERIFY_RECOVER (1UL << 14) ++#define CKF_GENERATE (1UL << 15) ++#define CKF_GENERATE_KEY_PAIR (1UL << 16) ++#define CKF_WRAP (1UL << 17) ++#define CKF_UNWRAP (1UL << 18) ++#define CKF_DERIVE (1UL << 19) ++#define CKF_EXTENSION ((unsigned long) (1UL << 31)) ++ ++#define CKF_EC_F_P (1UL << 20) ++#define CKF_EC_NAMEDCURVE (1UL << 23) ++#define CKF_EC_UNCOMPRESS (1UL << 24) ++#define CKF_EC_COMPRESS (1UL << 25) ++ ++ ++/* Flags for C_WaitForSlotEvent. */ ++#define CKF_DONT_BLOCK (1UL) ++ ++ ++typedef unsigned long ck_rv_t; ++ ++ ++typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, ++ ck_notification_t event, void *application); ++ ++/* Forward reference. */ ++struct ck_function_list; ++ ++#define _CK_DECLARE_FUNCTION(name, args) \ ++typedef ck_rv_t (*CK_ ## name) args; \ ++ck_rv_t CK_SPEC name args ++ ++_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); ++_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); ++_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); ++_CK_DECLARE_FUNCTION (C_GetFunctionList, ++ (struct ck_function_list **function_list)); ++ ++_CK_DECLARE_FUNCTION (C_GetSlotList, ++ (unsigned char token_present, ck_slot_id_t *slot_list, ++ unsigned long *count)); ++_CK_DECLARE_FUNCTION (C_GetSlotInfo, ++ (ck_slot_id_t slot_id, struct ck_slot_info *info)); ++_CK_DECLARE_FUNCTION (C_GetTokenInfo, ++ (ck_slot_id_t slot_id, struct ck_token_info *info)); ++_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, ++ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); ++_CK_DECLARE_FUNCTION (C_GetMechanismList, ++ (ck_slot_id_t slot_id, ++ ck_mechanism_type_t *mechanism_list, ++ unsigned long *count)); ++_CK_DECLARE_FUNCTION (C_GetMechanismInfo, ++ (ck_slot_id_t slot_id, ck_mechanism_type_t type, ++ struct ck_mechanism_info *info)); ++_CK_DECLARE_FUNCTION (C_InitToken, ++ (ck_slot_id_t slot_id, unsigned char *pin, ++ unsigned long pin_len, unsigned char *label)); ++_CK_DECLARE_FUNCTION (C_InitPIN, ++ (ck_session_handle_t session, unsigned char *pin, ++ unsigned long pin_len)); ++_CK_DECLARE_FUNCTION (C_SetPIN, ++ (ck_session_handle_t session, unsigned char *old_pin, ++ unsigned long old_len, unsigned char *new_pin, ++ unsigned long new_len)); ++ ++_CK_DECLARE_FUNCTION (C_OpenSession, ++ (ck_slot_id_t slot_id, ck_flags_t flags, ++ void *application, ck_notify_t notify, ++ ck_session_handle_t *session)); ++_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); ++_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); ++_CK_DECLARE_FUNCTION (C_GetSessionInfo, ++ (ck_session_handle_t session, ++ struct ck_session_info *info)); ++_CK_DECLARE_FUNCTION (C_GetOperationState, ++ (ck_session_handle_t session, ++ unsigned char *operation_state, ++ unsigned long *operation_state_len)); ++_CK_DECLARE_FUNCTION (C_SetOperationState, ++ (ck_session_handle_t session, ++ unsigned char *operation_state, ++ unsigned long operation_state_len, ++ ck_object_handle_t encryption_key, ++ ck_object_handle_t authentiation_key)); ++_CK_DECLARE_FUNCTION (C_Login, ++ (ck_session_handle_t session, ck_user_type_t user_type, ++ unsigned char *pin, unsigned long pin_len)); ++_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); ++ ++_CK_DECLARE_FUNCTION (C_CreateObject, ++ (ck_session_handle_t session, ++ struct ck_attribute *templ, ++ unsigned long count, ck_object_handle_t *object)); ++_CK_DECLARE_FUNCTION (C_CopyObject, ++ (ck_session_handle_t session, ck_object_handle_t object, ++ struct ck_attribute *templ, unsigned long count, ++ ck_object_handle_t *new_object)); ++_CK_DECLARE_FUNCTION (C_DestroyObject, ++ (ck_session_handle_t session, ++ ck_object_handle_t object)); ++_CK_DECLARE_FUNCTION (C_GetObjectSize, ++ (ck_session_handle_t session, ++ ck_object_handle_t object, ++ unsigned long *size)); ++_CK_DECLARE_FUNCTION (C_GetAttributeValue, ++ (ck_session_handle_t session, ++ ck_object_handle_t object, ++ struct ck_attribute *templ, ++ unsigned long count)); ++_CK_DECLARE_FUNCTION (C_SetAttributeValue, ++ (ck_session_handle_t session, ++ ck_object_handle_t object, ++ struct ck_attribute *templ, ++ unsigned long count)); ++_CK_DECLARE_FUNCTION (C_FindObjectsInit, ++ (ck_session_handle_t session, ++ struct ck_attribute *templ, ++ unsigned long count)); ++_CK_DECLARE_FUNCTION (C_FindObjects, ++ (ck_session_handle_t session, ++ ck_object_handle_t *object, ++ unsigned long max_object_count, ++ unsigned long *object_count)); ++_CK_DECLARE_FUNCTION (C_FindObjectsFinal, ++ (ck_session_handle_t session)); ++ ++_CK_DECLARE_FUNCTION (C_EncryptInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_Encrypt, ++ (ck_session_handle_t session, ++ unsigned char *data, unsigned long data_len, ++ unsigned char *encrypted_data, ++ unsigned long *encrypted_data_len)); ++_CK_DECLARE_FUNCTION (C_EncryptUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len, ++ unsigned char *encrypted_part, ++ unsigned long *encrypted_part_len)); ++_CK_DECLARE_FUNCTION (C_EncryptFinal, ++ (ck_session_handle_t session, ++ unsigned char *last_encrypted_part, ++ unsigned long *last_encrypted_part_len)); ++ ++_CK_DECLARE_FUNCTION (C_DecryptInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_Decrypt, ++ (ck_session_handle_t session, ++ unsigned char *encrypted_data, ++ unsigned long encrypted_data_len, ++ unsigned char *data, unsigned long *data_len)); ++_CK_DECLARE_FUNCTION (C_DecryptUpdate, ++ (ck_session_handle_t session, ++ unsigned char *encrypted_part, ++ unsigned long encrypted_part_len, ++ unsigned char *part, unsigned long *part_len)); ++_CK_DECLARE_FUNCTION (C_DecryptFinal, ++ (ck_session_handle_t session, ++ unsigned char *last_part, ++ unsigned long *last_part_len)); ++ ++_CK_DECLARE_FUNCTION (C_DigestInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism)); ++_CK_DECLARE_FUNCTION (C_Digest, ++ (ck_session_handle_t session, ++ unsigned char *data, unsigned long data_len, ++ unsigned char *digest, ++ unsigned long *digest_len)); ++_CK_DECLARE_FUNCTION (C_DigestUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len)); ++_CK_DECLARE_FUNCTION (C_DigestKey, ++ (ck_session_handle_t session, ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_DigestFinal, ++ (ck_session_handle_t session, ++ unsigned char *digest, ++ unsigned long *digest_len)); ++ ++_CK_DECLARE_FUNCTION (C_SignInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_Sign, ++ (ck_session_handle_t session, ++ unsigned char *data, unsigned long data_len, ++ unsigned char *signature, ++ unsigned long *signature_len)); ++_CK_DECLARE_FUNCTION (C_SignUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len)); ++_CK_DECLARE_FUNCTION (C_SignFinal, ++ (ck_session_handle_t session, ++ unsigned char *signature, ++ unsigned long *signature_len)); ++_CK_DECLARE_FUNCTION (C_SignRecoverInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_SignRecover, ++ (ck_session_handle_t session, ++ unsigned char *data, unsigned long data_len, ++ unsigned char *signature, ++ unsigned long *signature_len)); ++ ++_CK_DECLARE_FUNCTION (C_VerifyInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_Verify, ++ (ck_session_handle_t session, ++ unsigned char *data, unsigned long data_len, ++ unsigned char *signature, ++ unsigned long signature_len)); ++_CK_DECLARE_FUNCTION (C_VerifyUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len)); ++_CK_DECLARE_FUNCTION (C_VerifyFinal, ++ (ck_session_handle_t session, ++ unsigned char *signature, ++ unsigned long signature_len)); ++_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t key)); ++_CK_DECLARE_FUNCTION (C_VerifyRecover, ++ (ck_session_handle_t session, ++ unsigned char *signature, ++ unsigned long signature_len, ++ unsigned char *data, ++ unsigned long *data_len)); ++ ++_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len, ++ unsigned char *encrypted_part, ++ unsigned long *encrypted_part_len)); ++_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, ++ (ck_session_handle_t session, ++ unsigned char *encrypted_part, ++ unsigned long encrypted_part_len, ++ unsigned char *part, ++ unsigned long *part_len)); ++_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, ++ (ck_session_handle_t session, ++ unsigned char *part, unsigned long part_len, ++ unsigned char *encrypted_part, ++ unsigned long *encrypted_part_len)); ++_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, ++ (ck_session_handle_t session, ++ unsigned char *encrypted_part, ++ unsigned long encrypted_part_len, ++ unsigned char *part, ++ unsigned long *part_len)); ++ ++_CK_DECLARE_FUNCTION (C_GenerateKey, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ struct ck_attribute *templ, ++ unsigned long count, ++ ck_object_handle_t *key)); ++_CK_DECLARE_FUNCTION (C_GenerateKeyPair, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ struct ck_attribute *public_key_template, ++ unsigned long public_key_attribute_count, ++ struct ck_attribute *private_key_template, ++ unsigned long private_key_attribute_count, ++ ck_object_handle_t *public_key, ++ ck_object_handle_t *private_key)); ++_CK_DECLARE_FUNCTION (C_WrapKey, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t wrapping_key, ++ ck_object_handle_t key, ++ unsigned char *wrapped_key, ++ unsigned long *wrapped_key_len)); ++_CK_DECLARE_FUNCTION (C_UnwrapKey, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t unwrapping_key, ++ unsigned char *wrapped_key, ++ unsigned long wrapped_key_len, ++ struct ck_attribute *templ, ++ unsigned long attribute_count, ++ ck_object_handle_t *key)); ++_CK_DECLARE_FUNCTION (C_DeriveKey, ++ (ck_session_handle_t session, ++ struct ck_mechanism *mechanism, ++ ck_object_handle_t base_key, ++ struct ck_attribute *templ, ++ unsigned long attribute_count, ++ ck_object_handle_t *key)); ++ ++_CK_DECLARE_FUNCTION (C_SeedRandom, ++ (ck_session_handle_t session, unsigned char *seed, ++ unsigned long seed_len)); ++_CK_DECLARE_FUNCTION (C_GenerateRandom, ++ (ck_session_handle_t session, ++ unsigned char *random_data, ++ unsigned long random_len)); ++ ++_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); ++_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); ++ ++ ++struct ck_function_list ++{ ++ struct ck_version version; ++ CK_C_Initialize C_Initialize; ++ CK_C_Finalize C_Finalize; ++ CK_C_GetInfo C_GetInfo; ++ CK_C_GetFunctionList C_GetFunctionList; ++ CK_C_GetSlotList C_GetSlotList; ++ CK_C_GetSlotInfo C_GetSlotInfo; ++ CK_C_GetTokenInfo C_GetTokenInfo; ++ CK_C_GetMechanismList C_GetMechanismList; ++ CK_C_GetMechanismInfo C_GetMechanismInfo; ++ CK_C_InitToken C_InitToken; ++ CK_C_InitPIN C_InitPIN; ++ CK_C_SetPIN C_SetPIN; ++ CK_C_OpenSession C_OpenSession; ++ CK_C_CloseSession C_CloseSession; ++ CK_C_CloseAllSessions C_CloseAllSessions; ++ CK_C_GetSessionInfo C_GetSessionInfo; ++ CK_C_GetOperationState C_GetOperationState; ++ CK_C_SetOperationState C_SetOperationState; ++ CK_C_Login C_Login; ++ CK_C_Logout C_Logout; ++ CK_C_CreateObject C_CreateObject; ++ CK_C_CopyObject C_CopyObject; ++ CK_C_DestroyObject C_DestroyObject; ++ CK_C_GetObjectSize C_GetObjectSize; ++ CK_C_GetAttributeValue C_GetAttributeValue; ++ CK_C_SetAttributeValue C_SetAttributeValue; ++ CK_C_FindObjectsInit C_FindObjectsInit; ++ CK_C_FindObjects C_FindObjects; ++ CK_C_FindObjectsFinal C_FindObjectsFinal; ++ CK_C_EncryptInit C_EncryptInit; ++ CK_C_Encrypt C_Encrypt; ++ CK_C_EncryptUpdate C_EncryptUpdate; ++ CK_C_EncryptFinal C_EncryptFinal; ++ CK_C_DecryptInit C_DecryptInit; ++ CK_C_Decrypt C_Decrypt; ++ CK_C_DecryptUpdate C_DecryptUpdate; ++ CK_C_DecryptFinal C_DecryptFinal; ++ CK_C_DigestInit C_DigestInit; ++ CK_C_Digest C_Digest; ++ CK_C_DigestUpdate C_DigestUpdate; ++ CK_C_DigestKey C_DigestKey; ++ CK_C_DigestFinal C_DigestFinal; ++ CK_C_SignInit C_SignInit; ++ CK_C_Sign C_Sign; ++ CK_C_SignUpdate C_SignUpdate; ++ CK_C_SignFinal C_SignFinal; ++ CK_C_SignRecoverInit C_SignRecoverInit; ++ CK_C_SignRecover C_SignRecover; ++ CK_C_VerifyInit C_VerifyInit; ++ CK_C_Verify C_Verify; ++ CK_C_VerifyUpdate C_VerifyUpdate; ++ CK_C_VerifyFinal C_VerifyFinal; ++ CK_C_VerifyRecoverInit C_VerifyRecoverInit; ++ CK_C_VerifyRecover C_VerifyRecover; ++ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; ++ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; ++ CK_C_SignEncryptUpdate C_SignEncryptUpdate; ++ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; ++ CK_C_GenerateKey C_GenerateKey; ++ CK_C_GenerateKeyPair C_GenerateKeyPair; ++ CK_C_WrapKey C_WrapKey; ++ CK_C_UnwrapKey C_UnwrapKey; ++ CK_C_DeriveKey C_DeriveKey; ++ CK_C_SeedRandom C_SeedRandom; ++ CK_C_GenerateRandom C_GenerateRandom; ++ CK_C_GetFunctionStatus C_GetFunctionStatus; ++ CK_C_CancelFunction C_CancelFunction; ++ CK_C_WaitForSlotEvent C_WaitForSlotEvent; ++}; ++ ++ ++typedef ck_rv_t (*ck_createmutex_t) (void **mutex); ++typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); ++typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); ++typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); ++ ++ ++struct ck_c_initialize_args ++{ ++ ck_createmutex_t create_mutex; ++ ck_destroymutex_t destroy_mutex; ++ ck_lockmutex_t lock_mutex; ++ ck_unlockmutex_t unlock_mutex; ++ ck_flags_t flags; ++ void *reserved; ++}; ++ ++ ++#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) ++#define CKF_OS_LOCKING_OK (1UL << 1) ++ ++#define CKR_OK (0UL) ++#define CKR_CANCEL (1UL) ++#define CKR_HOST_MEMORY (2UL) ++#define CKR_SLOT_ID_INVALID (3UL) ++#define CKR_GENERAL_ERROR (5UL) ++#define CKR_FUNCTION_FAILED (6UL) ++#define CKR_ARGUMENTS_BAD (7UL) ++#define CKR_NO_EVENT (8UL) ++#define CKR_NEED_TO_CREATE_THREADS (9UL) ++#define CKR_CANT_LOCK (0xaUL) ++#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) ++#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) ++#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) ++#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) ++#define CKR_ACTION_PROHIBITED (0x1BUL) ++#define CKR_DATA_INVALID (0x20UL) ++#define CKR_DATA_LEN_RANGE (0x21UL) ++#define CKR_DEVICE_ERROR (0x30UL) ++#define CKR_DEVICE_MEMORY (0x31UL) ++#define CKR_DEVICE_REMOVED (0x32UL) ++#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) ++#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) ++#define CKR_FUNCTION_CANCELED (0x50UL) ++#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) ++#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) ++#define CKR_KEY_HANDLE_INVALID (0x60UL) ++#define CKR_KEY_SIZE_RANGE (0x62UL) ++#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) ++#define CKR_KEY_NOT_NEEDED (0x64UL) ++#define CKR_KEY_CHANGED (0x65UL) ++#define CKR_KEY_NEEDED (0x66UL) ++#define CKR_KEY_INDIGESTIBLE (0x67UL) ++#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) ++#define CKR_KEY_NOT_WRAPPABLE (0x69UL) ++#define CKR_KEY_UNEXTRACTABLE (0x6aUL) ++#define CKR_MECHANISM_INVALID (0x70UL) ++#define CKR_MECHANISM_PARAM_INVALID (0x71UL) ++#define CKR_OBJECT_HANDLE_INVALID (0x82UL) ++#define CKR_OPERATION_ACTIVE (0x90UL) ++#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) ++#define CKR_PIN_INCORRECT (0xa0UL) ++#define CKR_PIN_INVALID (0xa1UL) ++#define CKR_PIN_LEN_RANGE (0xa2UL) ++#define CKR_PIN_EXPIRED (0xa3UL) ++#define CKR_PIN_LOCKED (0xa4UL) ++#define CKR_SESSION_CLOSED (0xb0UL) ++#define CKR_SESSION_COUNT (0xb1UL) ++#define CKR_SESSION_HANDLE_INVALID (0xb3UL) ++#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) ++#define CKR_SESSION_READ_ONLY (0xb5UL) ++#define CKR_SESSION_EXISTS (0xb6UL) ++#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) ++#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) ++#define CKR_SIGNATURE_INVALID (0xc0UL) ++#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) ++#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) ++#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) ++#define CKR_TOKEN_NOT_PRESENT (0xe0UL) ++#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) ++#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) ++#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) ++#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) ++#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) ++#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) ++#define CKR_USER_NOT_LOGGED_IN (0x101UL) ++#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) ++#define CKR_USER_TYPE_INVALID (0x103UL) ++#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) ++#define CKR_USER_TOO_MANY_TYPES (0x105UL) ++#define CKR_WRAPPED_KEY_INVALID (0x110UL) ++#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) ++#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) ++#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) ++#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) ++#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) ++#define CKR_RANDOM_NO_RNG (0x121UL) ++#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) ++#define CKR_BUFFER_TOO_SMALL (0x150UL) ++#define CKR_SAVED_STATE_INVALID (0x160UL) ++#define CKR_INFORMATION_SENSITIVE (0x170UL) ++#define CKR_STATE_UNSAVEABLE (0x180UL) ++#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) ++#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) ++#define CKR_MUTEX_BAD (0x1a0UL) ++#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) ++#define CKR_NEW_PIN_MODE (0x1b0UL) ++#define CKR_NEXT_OTP (0x1b1UL) ++#define CKR_EXCEEDED_MAX_ITERATIONS (0x1c0UL) ++#define CKR_FIPS_SELF_TEST_FAILED (0x1c1UL) ++#define CKR_LIBRARY_LOAD_FAILED (0x1c2UL) ++#define CKR_PIN_TOO_WEAK (0x1c3UL) ++#define CKR_PUBLIC_KEY_INVALID (0x1c4UL) ++#define CKR_FUNCTION_REJECTED (0x200UL) ++#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) ++ ++ ++#define CKZ_DATA_SPECIFIED (0x01UL) ++ ++ ++ ++/* Compatibility layer. */ ++ ++#ifdef CRYPTOKI_COMPAT ++ ++#undef CK_DEFINE_FUNCTION ++#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name ++ ++/* For NULL. */ ++#include ++ ++typedef unsigned char CK_BYTE; ++typedef unsigned char CK_CHAR; ++typedef unsigned char CK_UTF8CHAR; ++typedef unsigned char CK_BBOOL; ++typedef unsigned long int CK_ULONG; ++typedef long int CK_LONG; ++typedef CK_BYTE *CK_BYTE_PTR; ++typedef CK_CHAR *CK_CHAR_PTR; ++typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; ++typedef CK_ULONG *CK_ULONG_PTR; ++typedef void *CK_VOID_PTR; ++typedef void **CK_VOID_PTR_PTR; ++#define CK_FALSE 0 ++#define CK_TRUE 1 ++#ifndef CK_DISABLE_TRUE_FALSE ++#ifndef FALSE ++#define FALSE 0 ++#endif ++#ifndef TRUE ++#define TRUE 1 ++#endif ++#endif ++ ++typedef struct ck_version CK_VERSION; ++typedef struct ck_version *CK_VERSION_PTR; ++ ++typedef struct ck_info CK_INFO; ++typedef struct ck_info *CK_INFO_PTR; ++ ++typedef ck_slot_id_t *CK_SLOT_ID_PTR; ++ ++typedef struct ck_slot_info CK_SLOT_INFO; ++typedef struct ck_slot_info *CK_SLOT_INFO_PTR; ++ ++typedef struct ck_token_info CK_TOKEN_INFO; ++typedef struct ck_token_info *CK_TOKEN_INFO_PTR; ++ ++typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; ++ ++typedef struct ck_session_info CK_SESSION_INFO; ++typedef struct ck_session_info *CK_SESSION_INFO_PTR; ++ ++typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; ++ ++typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; ++ ++typedef struct ck_attribute CK_ATTRIBUTE; ++typedef struct ck_attribute *CK_ATTRIBUTE_PTR; ++ ++typedef struct ck_date CK_DATE; ++typedef struct ck_date *CK_DATE_PTR; ++ ++typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; ++ ++typedef struct ck_mechanism CK_MECHANISM; ++typedef struct ck_mechanism *CK_MECHANISM_PTR; ++ ++typedef struct ck_mechanism_info CK_MECHANISM_INFO; ++typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; ++ ++typedef struct ck_otp_mechanism_info CK_OTP_MECHANISM_INFO; ++typedef struct ck_otp_mechanism_info *CK_OTP_MECHANISM_INFO_PTR; ++ ++typedef struct ck_function_list CK_FUNCTION_LIST; ++typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; ++typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; ++ ++typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; ++typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; ++ ++typedef struct ck_rsa_pkcs_pss_params CK_RSA_PKCS_PSS_PARAMS; ++typedef struct ck_rsa_pkcs_pss_params *CK_RSA_PKCS_PSS_PARAMS_PTR; ++ ++typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS; ++typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR; ++ ++typedef struct ck_aes_ctr_params CK_AES_CTR_PARAMS; ++typedef struct ck_aes_ctr_params *CK_AES_CTR_PARAMS_PTR; ++ ++typedef struct ck_gcm_params CK_GCM_PARAMS; ++typedef struct ck_gcm_params *CK_GCM_PARAMS_PTR; ++ ++typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS; ++typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR; ++ ++typedef struct ck_key_derivation_string_data CK_KEY_DERIVATION_STRING_DATA; ++typedef struct ck_key_derivation_string_data *CK_KEY_DERIVATION_STRING_DATA_PTR; ++ ++typedef struct ck_des_cbc_encrypt_data_params CK_DES_CBC_ENCRYPT_DATA_PARAMS; ++typedef struct ck_des_cbc_encrypt_data_params *CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; ++ ++typedef struct ck_aes_cbc_encrypt_data_params CK_AES_CBC_ENCRYPT_DATA_PARAMS; ++typedef struct ck_aes_cbc_encrypt_data_params *CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; ++ ++#ifndef NULL_PTR ++#define NULL_PTR NULL + #endif + +-#endif /* _PKCS11_H_ */ ++/* Delete the helper macros defined at the top of the file. */ ++#undef ck_flags_t ++#undef ck_version ++ ++#undef ck_info ++#undef cryptoki_version ++#undef manufacturer_id ++#undef library_description ++#undef library_version ++ ++#undef ck_notification_t ++#undef ck_slot_id_t ++ ++#undef ck_slot_info ++#undef slot_description ++#undef hardware_version ++#undef firmware_version ++ ++#undef ck_token_info ++#undef serial_number ++#undef max_session_count ++#undef session_count ++#undef max_rw_session_count ++#undef rw_session_count ++#undef max_pin_len ++#undef min_pin_len ++#undef total_public_memory ++#undef free_public_memory ++#undef total_private_memory ++#undef free_private_memory ++#undef utc_time ++ ++#undef ck_session_handle_t ++#undef ck_user_type_t ++#undef ck_state_t ++ ++#undef ck_session_info ++#undef slot_id ++#undef device_error ++ ++#undef ck_object_handle_t ++#undef ck_object_class_t ++#undef ck_hw_feature_type_t ++#undef ck_key_type_t ++#undef ck_certificate_type_t ++#undef ck_attribute_type_t ++ ++#undef ck_attribute ++#undef value ++#undef value_len ++ ++#undef params ++#undef count ++ ++#undef ck_date ++ ++#undef ck_mechanism_type_t ++ ++#undef ck_mechanism ++#undef parameter ++#undef parameter_len ++ ++#undef ck_mechanism_info ++ ++#undef ck_param_type ++#undef ck_otp_param ++#undef ck_otp_params ++#undef ck_otp_signature_info ++ ++#undef min_key_size ++#undef max_key_size ++ ++#undef ck_rv_t ++#undef ck_notify_t ++ ++#undef ck_function_list ++ ++#undef ck_createmutex_t ++#undef ck_destroymutex_t ++#undef ck_lockmutex_t ++#undef ck_unlockmutex_t ++ ++#undef ck_c_initialize_args ++#undef create_mutex ++#undef destroy_mutex ++#undef lock_mutex ++#undef unlock_mutex ++#undef reserved ++ ++#endif /* CRYPTOKI_COMPAT */ ++ ++ ++/* System dependencies. */ ++#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) ++#pragma pack(pop, cryptoki) ++#endif ++ ++#if defined(__cplusplus) ++} ++#endif + ++#endif /* PKCS11_H */ +diff --git a/src/lib/pkcs11/pkcs11f.h b/src/lib/pkcs11/pkcs11f.h +deleted file mode 100644 +index ed90aff..0000000 +--- a/src/lib/pkcs11/pkcs11f.h ++++ /dev/null +@@ -1,939 +0,0 @@ +-/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +- * /Distributed under the terms of the OASIS IPR Policy, +- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY +- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A +- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. +- */ +- +-/* Latest version of the specification: +- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html +- */ +- +-/* This header file contains pretty much everything about all the +- * Cryptoki function prototypes. Because this information is +- * used for more than just declaring function prototypes, the +- * order of the functions appearing herein is important, and +- * should not be altered. +- */ +- +-/* General-purpose */ +- +-/* C_Initialize initializes the Cryptoki library. */ +-CK_PKCS11_FUNCTION_INFO(C_Initialize) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets +- * cast to CK_C_INITIALIZE_ARGS_PTR +- * and dereferenced +- */ +-); +-#endif +- +- +-/* C_Finalize indicates that an application is done with the +- * Cryptoki library. +- */ +-CK_PKCS11_FUNCTION_INFO(C_Finalize) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ +-); +-#endif +- +- +-/* C_GetInfo returns general information about Cryptoki. */ +-CK_PKCS11_FUNCTION_INFO(C_GetInfo) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_INFO_PTR pInfo /* location that receives information */ +-); +-#endif +- +- +-/* C_GetFunctionList returns the function list. */ +-CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to +- * function list +- */ +-); +-#endif +- +- +- +-/* Slot and token management */ +- +-/* C_GetSlotList obtains a list of slots in the system. */ +-CK_PKCS11_FUNCTION_INFO(C_GetSlotList) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_BBOOL tokenPresent, /* only slots with tokens */ +- CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ +- CK_ULONG_PTR pulCount /* receives number of slots */ +-); +-#endif +- +- +-/* C_GetSlotInfo obtains information about a particular slot in +- * the system. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* the ID of the slot */ +- CK_SLOT_INFO_PTR pInfo /* receives the slot information */ +-); +-#endif +- +- +-/* C_GetTokenInfo obtains information about a particular token +- * in the system. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* ID of the token's slot */ +- CK_TOKEN_INFO_PTR pInfo /* receives the token information */ +-); +-#endif +- +- +-/* C_GetMechanismList obtains a list of mechanism types +- * supported by a token. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* ID of token's slot */ +- CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ +- CK_ULONG_PTR pulCount /* gets # of mechs. */ +-); +-#endif +- +- +-/* C_GetMechanismInfo obtains information about a particular +- * mechanism possibly supported by a token. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* ID of the token's slot */ +- CK_MECHANISM_TYPE type, /* type of mechanism */ +- CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ +-); +-#endif +- +- +-/* C_InitToken initializes a token. */ +-CK_PKCS11_FUNCTION_INFO(C_InitToken) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* ID of the token's slot */ +- CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ +- CK_ULONG ulPinLen, /* length in bytes of the PIN */ +- CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ +-); +-#endif +- +- +-/* C_InitPIN initializes the normal user's PIN. */ +-CK_PKCS11_FUNCTION_INFO(C_InitPIN) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ +- CK_ULONG ulPinLen /* length in bytes of the PIN */ +-); +-#endif +- +- +-/* C_SetPIN modifies the PIN of the user who is logged in. */ +-CK_PKCS11_FUNCTION_INFO(C_SetPIN) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ +- CK_ULONG ulOldLen, /* length of the old PIN */ +- CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ +- CK_ULONG ulNewLen /* length of the new PIN */ +-); +-#endif +- +- +- +-/* Session management */ +- +-/* C_OpenSession opens a session between an application and a +- * token. +- */ +-CK_PKCS11_FUNCTION_INFO(C_OpenSession) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID, /* the slot's ID */ +- CK_FLAGS flags, /* from CK_SESSION_INFO */ +- CK_VOID_PTR pApplication, /* passed to callback */ +- CK_NOTIFY Notify, /* callback function */ +- CK_SESSION_HANDLE_PTR phSession /* gets session handle */ +-); +-#endif +- +- +-/* C_CloseSession closes a session between an application and a +- * token. +- */ +-CK_PKCS11_FUNCTION_INFO(C_CloseSession) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession /* the session's handle */ +-); +-#endif +- +- +-/* C_CloseAllSessions closes all sessions with a token. */ +-CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SLOT_ID slotID /* the token's slot */ +-); +-#endif +- +- +-/* C_GetSessionInfo obtains information about the session. */ +-CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_SESSION_INFO_PTR pInfo /* receives session info */ +-); +-#endif +- +- +-/* C_GetOperationState obtains the state of the cryptographic operation +- * in a session. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetOperationState) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pOperationState, /* gets state */ +- CK_ULONG_PTR pulOperationStateLen /* gets state length */ +-); +-#endif +- +- +-/* C_SetOperationState restores the state of the cryptographic +- * operation in a session. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SetOperationState) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pOperationState, /* holds state */ +- CK_ULONG ulOperationStateLen, /* holds state length */ +- CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ +- CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ +-); +-#endif +- +- +-/* C_Login logs a user into a token. */ +-CK_PKCS11_FUNCTION_INFO(C_Login) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_USER_TYPE userType, /* the user type */ +- CK_UTF8CHAR_PTR pPin, /* the user's PIN */ +- CK_ULONG ulPinLen /* the length of the PIN */ +-); +-#endif +- +- +-/* C_Logout logs a user out from a token. */ +-CK_PKCS11_FUNCTION_INFO(C_Logout) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession /* the session's handle */ +-); +-#endif +- +- +- +-/* Object management */ +- +-/* C_CreateObject creates a new object. */ +-CK_PKCS11_FUNCTION_INFO(C_CreateObject) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ +- CK_ULONG ulCount, /* attributes in template */ +- CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ +-); +-#endif +- +- +-/* C_CopyObject copies an object, creating a new object for the +- * copy. +- */ +-CK_PKCS11_FUNCTION_INFO(C_CopyObject) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hObject, /* the object's handle */ +- CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ +- CK_ULONG ulCount, /* attributes in template */ +- CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ +-); +-#endif +- +- +-/* C_DestroyObject destroys an object. */ +-CK_PKCS11_FUNCTION_INFO(C_DestroyObject) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hObject /* the object's handle */ +-); +-#endif +- +- +-/* C_GetObjectSize gets the size of an object in bytes. */ +-CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hObject, /* the object's handle */ +- CK_ULONG_PTR pulSize /* receives size of object */ +-); +-#endif +- +- +-/* C_GetAttributeValue obtains the value of one or more object +- * attributes. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hObject, /* the object's handle */ +- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ +- CK_ULONG ulCount /* attributes in template */ +-); +-#endif +- +- +-/* C_SetAttributeValue modifies the value of one or more object +- * attributes. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hObject, /* the object's handle */ +- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ +- CK_ULONG ulCount /* attributes in template */ +-); +-#endif +- +- +-/* C_FindObjectsInit initializes a search for token and session +- * objects that match a template. +- */ +-CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ +- CK_ULONG ulCount /* attrs in search template */ +-); +-#endif +- +- +-/* C_FindObjects continues a search for token and session +- * objects that match a template, obtaining additional object +- * handles. +- */ +-CK_PKCS11_FUNCTION_INFO(C_FindObjects) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ +- CK_ULONG ulMaxObjectCount, /* max handles to get */ +- CK_ULONG_PTR pulObjectCount /* actual # returned */ +-); +-#endif +- +- +-/* C_FindObjectsFinal finishes a search for token and session +- * objects. +- */ +-CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession /* the session's handle */ +-); +-#endif +- +- +- +-/* Encryption and decryption */ +- +-/* C_EncryptInit initializes an encryption operation. */ +-CK_PKCS11_FUNCTION_INFO(C_EncryptInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ +- CK_OBJECT_HANDLE hKey /* handle of encryption key */ +-); +-#endif +- +- +-/* C_Encrypt encrypts single-part data. */ +-CK_PKCS11_FUNCTION_INFO(C_Encrypt) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pData, /* the plaintext data */ +- CK_ULONG ulDataLen, /* bytes of plaintext */ +- CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ +- CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ +-); +-#endif +- +- +-/* C_EncryptUpdate continues a multiple-part encryption +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pPart, /* the plaintext data */ +- CK_ULONG ulPartLen, /* plaintext data len */ +- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ +- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ +-); +-#endif +- +- +-/* C_EncryptFinal finishes a multiple-part encryption +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session handle */ +- CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ +- CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ +-); +-#endif +- +- +-/* C_DecryptInit initializes a decryption operation. */ +-CK_PKCS11_FUNCTION_INFO(C_DecryptInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ +- CK_OBJECT_HANDLE hKey /* handle of decryption key */ +-); +-#endif +- +- +-/* C_Decrypt decrypts encrypted data in a single part. */ +-CK_PKCS11_FUNCTION_INFO(C_Decrypt) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pEncryptedData, /* ciphertext */ +- CK_ULONG ulEncryptedDataLen, /* ciphertext length */ +- CK_BYTE_PTR pData, /* gets plaintext */ +- CK_ULONG_PTR pulDataLen /* gets p-text size */ +-); +-#endif +- +- +-/* C_DecryptUpdate continues a multiple-part decryption +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pEncryptedPart, /* encrypted data */ +- CK_ULONG ulEncryptedPartLen, /* input length */ +- CK_BYTE_PTR pPart, /* gets plaintext */ +- CK_ULONG_PTR pulPartLen /* p-text size */ +-); +-#endif +- +- +-/* C_DecryptFinal finishes a multiple-part decryption +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pLastPart, /* gets plaintext */ +- CK_ULONG_PTR pulLastPartLen /* p-text size */ +-); +-#endif +- +- +- +-/* Message digesting */ +- +-/* C_DigestInit initializes a message-digesting operation. */ +-CK_PKCS11_FUNCTION_INFO(C_DigestInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ +-); +-#endif +- +- +-/* C_Digest digests data in a single part. */ +-CK_PKCS11_FUNCTION_INFO(C_Digest) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pData, /* data to be digested */ +- CK_ULONG ulDataLen, /* bytes of data to digest */ +- CK_BYTE_PTR pDigest, /* gets the message digest */ +- CK_ULONG_PTR pulDigestLen /* gets digest length */ +-); +-#endif +- +- +-/* C_DigestUpdate continues a multiple-part message-digesting +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pPart, /* data to be digested */ +- CK_ULONG ulPartLen /* bytes of data to be digested */ +-); +-#endif +- +- +-/* C_DigestKey continues a multi-part message-digesting +- * operation, by digesting the value of a secret key as part of +- * the data already digested. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DigestKey) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_OBJECT_HANDLE hKey /* secret key to digest */ +-); +-#endif +- +- +-/* C_DigestFinal finishes a multiple-part message-digesting +- * operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DigestFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pDigest, /* gets the message digest */ +- CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ +-); +-#endif +- +- +- +-/* Signing and MACing */ +- +-/* C_SignInit initializes a signature (private key encryption) +- * operation, where the signature is (will be) an appendix to +- * the data, and plaintext cannot be recovered from the +- * signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ +- CK_OBJECT_HANDLE hKey /* handle of signature key */ +-); +-#endif +- +- +-/* C_Sign signs (encrypts with private key) data in a single +- * part, where the signature is (will be) an appendix to the +- * data, and plaintext cannot be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_Sign) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pData, /* the data to sign */ +- CK_ULONG ulDataLen, /* count of bytes to sign */ +- CK_BYTE_PTR pSignature, /* gets the signature */ +- CK_ULONG_PTR pulSignatureLen /* gets signature length */ +-); +-#endif +- +- +-/* C_SignUpdate continues a multiple-part signature operation, +- * where the signature is (will be) an appendix to the data, +- * and plaintext cannot be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pPart, /* the data to sign */ +- CK_ULONG ulPartLen /* count of bytes to sign */ +-); +-#endif +- +- +-/* C_SignFinal finishes a multiple-part signature operation, +- * returning the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pSignature, /* gets the signature */ +- CK_ULONG_PTR pulSignatureLen /* gets signature length */ +-); +-#endif +- +- +-/* C_SignRecoverInit initializes a signature operation, where +- * the data can be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ +- CK_OBJECT_HANDLE hKey /* handle of the signature key */ +-); +-#endif +- +- +-/* C_SignRecover signs data in a single operation, where the +- * data can be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignRecover) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pData, /* the data to sign */ +- CK_ULONG ulDataLen, /* count of bytes to sign */ +- CK_BYTE_PTR pSignature, /* gets the signature */ +- CK_ULONG_PTR pulSignatureLen /* gets signature length */ +-); +-#endif +- +- +- +-/* Verifying signatures and MACs */ +- +-/* C_VerifyInit initializes a verification operation, where the +- * signature is an appendix to the data, and plaintext cannot +- * cannot be recovered from the signature (e.g. DSA). +- */ +-CK_PKCS11_FUNCTION_INFO(C_VerifyInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ +- CK_OBJECT_HANDLE hKey /* verification key */ +-); +-#endif +- +- +-/* C_Verify verifies a signature in a single-part operation, +- * where the signature is an appendix to the data, and plaintext +- * cannot be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_Verify) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pData, /* signed data */ +- CK_ULONG ulDataLen, /* length of signed data */ +- CK_BYTE_PTR pSignature, /* signature */ +- CK_ULONG ulSignatureLen /* signature length*/ +-); +-#endif +- +- +-/* C_VerifyUpdate continues a multiple-part verification +- * operation, where the signature is an appendix to the data, +- * and plaintext cannot be recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pPart, /* signed data */ +- CK_ULONG ulPartLen /* length of signed data */ +-); +-#endif +- +- +-/* C_VerifyFinal finishes a multiple-part verification +- * operation, checking the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pSignature, /* signature to verify */ +- CK_ULONG ulSignatureLen /* signature length */ +-); +-#endif +- +- +-/* C_VerifyRecoverInit initializes a signature verification +- * operation, where the data is recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ +- CK_OBJECT_HANDLE hKey /* verification key */ +-); +-#endif +- +- +-/* C_VerifyRecover verifies a signature in a single-part +- * operation, where the data is recovered from the signature. +- */ +-CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pSignature, /* signature to verify */ +- CK_ULONG ulSignatureLen, /* signature length */ +- CK_BYTE_PTR pData, /* gets signed data */ +- CK_ULONG_PTR pulDataLen /* gets signed data len */ +-); +-#endif +- +- +- +-/* Dual-function cryptographic operations */ +- +-/* C_DigestEncryptUpdate continues a multiple-part digesting +- * and encryption operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pPart, /* the plaintext data */ +- CK_ULONG ulPartLen, /* plaintext length */ +- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ +- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +-); +-#endif +- +- +-/* C_DecryptDigestUpdate continues a multiple-part decryption and +- * digesting operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pEncryptedPart, /* ciphertext */ +- CK_ULONG ulEncryptedPartLen, /* ciphertext length */ +- CK_BYTE_PTR pPart, /* gets plaintext */ +- CK_ULONG_PTR pulPartLen /* gets plaintext len */ +-); +-#endif +- +- +-/* C_SignEncryptUpdate continues a multiple-part signing and +- * encryption operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pPart, /* the plaintext data */ +- CK_ULONG ulPartLen, /* plaintext length */ +- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ +- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +-); +-#endif +- +- +-/* C_DecryptVerifyUpdate continues a multiple-part decryption and +- * verify operation. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_BYTE_PTR pEncryptedPart, /* ciphertext */ +- CK_ULONG ulEncryptedPartLen, /* ciphertext length */ +- CK_BYTE_PTR pPart, /* gets plaintext */ +- CK_ULONG_PTR pulPartLen /* gets p-text length */ +-); +-#endif +- +- +- +-/* Key management */ +- +-/* C_GenerateKey generates a secret key, creating a new key +- * object. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GenerateKey) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* key generation mech. */ +- CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ +- CK_ULONG ulCount, /* # of attrs in template */ +- CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ +-); +-#endif +- +- +-/* C_GenerateKeyPair generates a public-key/private-key pair, +- * creating new key objects. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session handle */ +- CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ +- CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ +- CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ +- CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ +- CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ +- CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ +- CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ +-); +-#endif +- +- +-/* C_WrapKey wraps (i.e., encrypts) a key. */ +-CK_PKCS11_FUNCTION_INFO(C_WrapKey) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ +- CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ +- CK_OBJECT_HANDLE hKey, /* key to be wrapped */ +- CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ +- CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ +-); +-#endif +- +- +-/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new +- * key object. +- */ +-CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ +- CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ +- CK_BYTE_PTR pWrappedKey, /* the wrapped key */ +- CK_ULONG ulWrappedKeyLen, /* wrapped key len */ +- CK_ATTRIBUTE_PTR pTemplate, /* new key template */ +- CK_ULONG ulAttributeCount, /* template length */ +- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +-); +-#endif +- +- +-/* C_DeriveKey derives a key from a base key, creating a new key +- * object. +- */ +-CK_PKCS11_FUNCTION_INFO(C_DeriveKey) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* session's handle */ +- CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ +- CK_OBJECT_HANDLE hBaseKey, /* base key */ +- CK_ATTRIBUTE_PTR pTemplate, /* new key template */ +- CK_ULONG ulAttributeCount, /* template length */ +- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +-); +-#endif +- +- +- +-/* Random number generation */ +- +-/* C_SeedRandom mixes additional seed material into the token's +- * random number generator. +- */ +-CK_PKCS11_FUNCTION_INFO(C_SeedRandom) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR pSeed, /* the seed material */ +- CK_ULONG ulSeedLen /* length of seed material */ +-); +-#endif +- +- +-/* C_GenerateRandom generates random data. */ +-CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_BYTE_PTR RandomData, /* receives the random data */ +- CK_ULONG ulRandomLen /* # of bytes to generate */ +-); +-#endif +- +- +- +-/* Parallel function management */ +- +-/* C_GetFunctionStatus is a legacy function; it obtains an +- * updated status of a function running in parallel with an +- * application. +- */ +-CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession /* the session's handle */ +-); +-#endif +- +- +-/* C_CancelFunction is a legacy function; it cancels a function +- * running in parallel. +- */ +-CK_PKCS11_FUNCTION_INFO(C_CancelFunction) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_SESSION_HANDLE hSession /* the session's handle */ +-); +-#endif +- +- +-/* C_WaitForSlotEvent waits for a slot event (token insertion, +- * removal, etc.) to occur. +- */ +-CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) +-#ifdef CK_NEED_ARG_LIST +-( +- CK_FLAGS flags, /* blocking/nonblocking flag */ +- CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ +- CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ +-); +-#endif +- +diff --git a/src/lib/pkcs11/pkcs11t.h b/src/lib/pkcs11/pkcs11t.h +deleted file mode 100644 +index 0cf3acc..0000000 +--- a/src/lib/pkcs11/pkcs11t.h ++++ /dev/null +@@ -1,2003 +0,0 @@ +-/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +- * /Distributed under the terms of the OASIS IPR Policy, +- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY +- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A +- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. +- */ +- +-/* Latest version of the specification: +- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html +- */ +- +-/* See top of pkcs11.h for information about the macros that +- * must be defined and the structure-packing conventions that +- * must be set before including this file. +- */ +- +-#ifndef _PKCS11T_H_ +-#define _PKCS11T_H_ 1 +- +-#define CRYPTOKI_VERSION_MAJOR 2 +-#define CRYPTOKI_VERSION_MINOR 40 +-#define CRYPTOKI_VERSION_AMENDMENT 0 +- +-#define CK_TRUE 1 +-#define CK_FALSE 0 +- +-#ifndef CK_DISABLE_TRUE_FALSE +-#ifndef FALSE +-#define FALSE CK_FALSE +-#endif +-#ifndef TRUE +-#define TRUE CK_TRUE +-#endif +-#endif +- +-/* an unsigned 8-bit value */ +-typedef unsigned char CK_BYTE; +- +-/* an unsigned 8-bit character */ +-typedef CK_BYTE CK_CHAR; +- +-/* an 8-bit UTF-8 character */ +-typedef CK_BYTE CK_UTF8CHAR; +- +-/* a BYTE-sized Boolean flag */ +-typedef CK_BYTE CK_BBOOL; +- +-/* an unsigned value, at least 32 bits long */ +-typedef unsigned long int CK_ULONG; +- +-/* a signed value, the same size as a CK_ULONG */ +-typedef long int CK_LONG; +- +-/* at least 32 bits; each bit is a Boolean flag */ +-typedef CK_ULONG CK_FLAGS; +- +- +-/* some special values for certain CK_ULONG variables */ +-#define CK_UNAVAILABLE_INFORMATION (~0UL) +-#define CK_EFFECTIVELY_INFINITE 0UL +- +- +-typedef CK_BYTE CK_PTR CK_BYTE_PTR; +-typedef CK_CHAR CK_PTR CK_CHAR_PTR; +-typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; +-typedef CK_ULONG CK_PTR CK_ULONG_PTR; +-typedef void CK_PTR CK_VOID_PTR; +- +-/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ +-typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; +- +- +-/* The following value is always invalid if used as a session +- * handle or object handle +- */ +-#define CK_INVALID_HANDLE 0UL +- +- +-typedef struct CK_VERSION { +- CK_BYTE major; /* integer portion of version number */ +- CK_BYTE minor; /* 1/100ths portion of version number */ +-} CK_VERSION; +- +-typedef CK_VERSION CK_PTR CK_VERSION_PTR; +- +- +-typedef struct CK_INFO { +- CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ +- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ +- CK_FLAGS flags; /* must be zero */ +- CK_UTF8CHAR libraryDescription[32]; /* blank padded */ +- CK_VERSION libraryVersion; /* version of library */ +-} CK_INFO; +- +-typedef CK_INFO CK_PTR CK_INFO_PTR; +- +- +-/* CK_NOTIFICATION enumerates the types of notifications that +- * Cryptoki provides to an application +- */ +-typedef CK_ULONG CK_NOTIFICATION; +-#define CKN_SURRENDER 0UL +-#define CKN_OTP_CHANGED 1UL +- +-typedef CK_ULONG CK_SLOT_ID; +- +-typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; +- +- +-/* CK_SLOT_INFO provides information about a slot */ +-typedef struct CK_SLOT_INFO { +- CK_UTF8CHAR slotDescription[64]; /* blank padded */ +- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ +- CK_FLAGS flags; +- +- CK_VERSION hardwareVersion; /* version of hardware */ +- CK_VERSION firmwareVersion; /* version of firmware */ +-} CK_SLOT_INFO; +- +-/* flags: bit flags that provide capabilities of the slot +- * Bit Flag Mask Meaning +- */ +-#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ +-#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ +-#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ +- +-typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; +- +- +-/* CK_TOKEN_INFO provides information about a token */ +-typedef struct CK_TOKEN_INFO { +- CK_UTF8CHAR label[32]; /* blank padded */ +- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ +- CK_UTF8CHAR model[16]; /* blank padded */ +- CK_CHAR serialNumber[16]; /* blank padded */ +- CK_FLAGS flags; /* see below */ +- +- CK_ULONG ulMaxSessionCount; /* max open sessions */ +- CK_ULONG ulSessionCount; /* sess. now open */ +- CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ +- CK_ULONG ulRwSessionCount; /* R/W sess. now open */ +- CK_ULONG ulMaxPinLen; /* in bytes */ +- CK_ULONG ulMinPinLen; /* in bytes */ +- CK_ULONG ulTotalPublicMemory; /* in bytes */ +- CK_ULONG ulFreePublicMemory; /* in bytes */ +- CK_ULONG ulTotalPrivateMemory; /* in bytes */ +- CK_ULONG ulFreePrivateMemory; /* in bytes */ +- CK_VERSION hardwareVersion; /* version of hardware */ +- CK_VERSION firmwareVersion; /* version of firmware */ +- CK_CHAR utcTime[16]; /* time */ +-} CK_TOKEN_INFO; +- +-/* The flags parameter is defined as follows: +- * Bit Flag Mask Meaning +- */ +-#define CKF_RNG 0x00000001UL /* has random # generator */ +-#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ +-#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ +-#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ +- +-/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, +- * that means that *every* time the state of cryptographic +- * operations of a session is successfully saved, all keys +- * needed to continue those operations are stored in the state +- */ +-#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL +- +-/* CKF_CLOCK_ON_TOKEN. If it is set, that means +- * that the token has some sort of clock. The time on that +- * clock is returned in the token info structure +- */ +-#define CKF_CLOCK_ON_TOKEN 0x00000040UL +- +-/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is +- * set, that means that there is some way for the user to login +- * without sending a PIN through the Cryptoki library itself +- */ +-#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL +- +-/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, +- * that means that a single session with the token can perform +- * dual simultaneous cryptographic operations (digest and +- * encrypt; decrypt and digest; sign and encrypt; and decrypt +- * and sign) +- */ +-#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL +- +-/* CKF_TOKEN_INITIALIZED. If it is true, the +- * token has been initialized using C_InitializeToken or an +- * equivalent mechanism outside the scope of PKCS #11. +- * Calling C_InitializeToken when this flag is set will cause +- * the token to be reinitialized. +- */ +-#define CKF_TOKEN_INITIALIZED 0x00000400UL +- +-/* CKF_SECONDARY_AUTHENTICATION. If it is +- * true, the token supports secondary authentication for +- * private key objects. +- */ +-#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL +- +-/* CKF_USER_PIN_COUNT_LOW. If it is true, an +- * incorrect user login PIN has been entered at least once +- * since the last successful authentication. +- */ +-#define CKF_USER_PIN_COUNT_LOW 0x00010000UL +- +-/* CKF_USER_PIN_FINAL_TRY. If it is true, +- * supplying an incorrect user PIN will it to become locked. +- */ +-#define CKF_USER_PIN_FINAL_TRY 0x00020000UL +- +-/* CKF_USER_PIN_LOCKED. If it is true, the +- * user PIN has been locked. User login to the token is not +- * possible. +- */ +-#define CKF_USER_PIN_LOCKED 0x00040000UL +- +-/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, +- * the user PIN value is the default value set by token +- * initialization or manufacturing, or the PIN has been +- * expired by the card. +- */ +-#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL +- +-/* CKF_SO_PIN_COUNT_LOW. If it is true, an +- * incorrect SO login PIN has been entered at least once since +- * the last successful authentication. +- */ +-#define CKF_SO_PIN_COUNT_LOW 0x00100000UL +- +-/* CKF_SO_PIN_FINAL_TRY. If it is true, +- * supplying an incorrect SO PIN will it to become locked. +- */ +-#define CKF_SO_PIN_FINAL_TRY 0x00200000UL +- +-/* CKF_SO_PIN_LOCKED. If it is true, the SO +- * PIN has been locked. SO login to the token is not possible. +- */ +-#define CKF_SO_PIN_LOCKED 0x00400000UL +- +-/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, +- * the SO PIN value is the default value set by token +- * initialization or manufacturing, or the PIN has been +- * expired by the card. +- */ +-#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL +- +-#define CKF_ERROR_STATE 0x01000000UL +- +-typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; +- +- +-/* CK_SESSION_HANDLE is a Cryptoki-assigned value that +- * identifies a session +- */ +-typedef CK_ULONG CK_SESSION_HANDLE; +- +-typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; +- +- +-/* CK_USER_TYPE enumerates the types of Cryptoki users */ +-typedef CK_ULONG CK_USER_TYPE; +-/* Security Officer */ +-#define CKU_SO 0UL +-/* Normal user */ +-#define CKU_USER 1UL +-/* Context specific */ +-#define CKU_CONTEXT_SPECIFIC 2UL +- +-/* CK_STATE enumerates the session states */ +-typedef CK_ULONG CK_STATE; +-#define CKS_RO_PUBLIC_SESSION 0UL +-#define CKS_RO_USER_FUNCTIONS 1UL +-#define CKS_RW_PUBLIC_SESSION 2UL +-#define CKS_RW_USER_FUNCTIONS 3UL +-#define CKS_RW_SO_FUNCTIONS 4UL +- +-/* CK_SESSION_INFO provides information about a session */ +-typedef struct CK_SESSION_INFO { +- CK_SLOT_ID slotID; +- CK_STATE state; +- CK_FLAGS flags; /* see below */ +- CK_ULONG ulDeviceError; /* device-dependent error code */ +-} CK_SESSION_INFO; +- +-/* The flags are defined in the following table: +- * Bit Flag Mask Meaning +- */ +-#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ +-#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ +- +-typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; +- +- +-/* CK_OBJECT_HANDLE is a token-specific identifier for an +- * object +- */ +-typedef CK_ULONG CK_OBJECT_HANDLE; +- +-typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; +- +- +-/* CK_OBJECT_CLASS is a value that identifies the classes (or +- * types) of objects that Cryptoki recognizes. It is defined +- * as follows: +- */ +-typedef CK_ULONG CK_OBJECT_CLASS; +- +-/* The following classes of objects are defined: */ +-#define CKO_DATA 0x00000000UL +-#define CKO_CERTIFICATE 0x00000001UL +-#define CKO_PUBLIC_KEY 0x00000002UL +-#define CKO_PRIVATE_KEY 0x00000003UL +-#define CKO_SECRET_KEY 0x00000004UL +-#define CKO_HW_FEATURE 0x00000005UL +-#define CKO_DOMAIN_PARAMETERS 0x00000006UL +-#define CKO_MECHANISM 0x00000007UL +-#define CKO_OTP_KEY 0x00000008UL +- +-#define CKO_VENDOR_DEFINED 0x80000000UL +- +-typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; +- +-/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type +- * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. +- */ +-typedef CK_ULONG CK_HW_FEATURE_TYPE; +- +-/* The following hardware feature types are defined */ +-#define CKH_MONOTONIC_COUNTER 0x00000001UL +-#define CKH_CLOCK 0x00000002UL +-#define CKH_USER_INTERFACE 0x00000003UL +-#define CKH_VENDOR_DEFINED 0x80000000UL +- +-/* CK_KEY_TYPE is a value that identifies a key type */ +-typedef CK_ULONG CK_KEY_TYPE; +- +-/* the following key types are defined: */ +-#define CKK_RSA 0x00000000UL +-#define CKK_DSA 0x00000001UL +-#define CKK_DH 0x00000002UL +-#define CKK_ECDSA 0x00000003UL /* Deprecated */ +-#define CKK_EC 0x00000003UL +-#define CKK_X9_42_DH 0x00000004UL +-#define CKK_KEA 0x00000005UL +-#define CKK_GENERIC_SECRET 0x00000010UL +-#define CKK_RC2 0x00000011UL +-#define CKK_RC4 0x00000012UL +-#define CKK_DES 0x00000013UL +-#define CKK_DES2 0x00000014UL +-#define CKK_DES3 0x00000015UL +-#define CKK_CAST 0x00000016UL +-#define CKK_CAST3 0x00000017UL +-#define CKK_CAST5 0x00000018UL /* Deprecated */ +-#define CKK_CAST128 0x00000018UL +-#define CKK_RC5 0x00000019UL +-#define CKK_IDEA 0x0000001AUL +-#define CKK_SKIPJACK 0x0000001BUL +-#define CKK_BATON 0x0000001CUL +-#define CKK_JUNIPER 0x0000001DUL +-#define CKK_CDMF 0x0000001EUL +-#define CKK_AES 0x0000001FUL +-#define CKK_BLOWFISH 0x00000020UL +-#define CKK_TWOFISH 0x00000021UL +-#define CKK_SECURID 0x00000022UL +-#define CKK_HOTP 0x00000023UL +-#define CKK_ACTI 0x00000024UL +-#define CKK_CAMELLIA 0x00000025UL +-#define CKK_ARIA 0x00000026UL +- +-#define CKK_MD5_HMAC 0x00000027UL +-#define CKK_SHA_1_HMAC 0x00000028UL +-#define CKK_RIPEMD128_HMAC 0x00000029UL +-#define CKK_RIPEMD160_HMAC 0x0000002AUL +-#define CKK_SHA256_HMAC 0x0000002BUL +-#define CKK_SHA384_HMAC 0x0000002CUL +-#define CKK_SHA512_HMAC 0x0000002DUL +-#define CKK_SHA224_HMAC 0x0000002EUL +- +-#define CKK_SEED 0x0000002FUL +-#define CKK_GOSTR3410 0x00000030UL +-#define CKK_GOSTR3411 0x00000031UL +-#define CKK_GOST28147 0x00000032UL +- +- +- +-#define CKK_VENDOR_DEFINED 0x80000000UL +- +- +-/* CK_CERTIFICATE_TYPE is a value that identifies a certificate +- * type +- */ +-typedef CK_ULONG CK_CERTIFICATE_TYPE; +- +-#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL +-#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL +-#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL +-#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL +- +-#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL +-#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL +-#define CK_SECURITY_DOMAIN_OPERATOR 2UL +-#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL +- +- +-/* The following certificate types are defined: */ +-#define CKC_X_509 0x00000000UL +-#define CKC_X_509_ATTR_CERT 0x00000001UL +-#define CKC_WTLS 0x00000002UL +-#define CKC_VENDOR_DEFINED 0x80000000UL +-#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x00504750) +- +-/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute +- * type +- */ +-typedef CK_ULONG CK_ATTRIBUTE_TYPE; +- +-/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which +- * consists of an array of values. +- */ +-#define CKF_ARRAY_ATTRIBUTE 0x40000000UL +- +-/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +-#define CK_OTP_FORMAT_DECIMAL 0UL +-#define CK_OTP_FORMAT_HEXADECIMAL 1UL +-#define CK_OTP_FORMAT_ALPHANUMERIC 2UL +-#define CK_OTP_FORMAT_BINARY 3UL +- +-/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT +- * attributes +- */ +-#define CK_OTP_PARAM_IGNORED 0UL +-#define CK_OTP_PARAM_OPTIONAL 1UL +-#define CK_OTP_PARAM_MANDATORY 2UL +- +-/* The following attribute types are defined: */ +-#define CKA_CLASS 0x00000000UL +-#define CKA_TOKEN 0x00000001UL +-#define CKA_PRIVATE 0x00000002UL +-#define CKA_LABEL 0x00000003UL +-#define CKA_APPLICATION 0x00000010UL +-#define CKA_VALUE 0x00000011UL +-#define CKA_OBJECT_ID 0x00000012UL +-#define CKA_CERTIFICATE_TYPE 0x00000080UL +-#define CKA_ISSUER 0x00000081UL +-#define CKA_SERIAL_NUMBER 0x00000082UL +-#define CKA_AC_ISSUER 0x00000083UL +-#define CKA_OWNER 0x00000084UL +-#define CKA_ATTR_TYPES 0x00000085UL +-#define CKA_TRUSTED 0x00000086UL +-#define CKA_CERTIFICATE_CATEGORY 0x00000087UL +-#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL +-#define CKA_URL 0x00000089UL +-#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL +-#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL +-#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +-#define CKA_CHECK_VALUE 0x00000090UL +- +-#define CKA_KEY_TYPE 0x00000100UL +-#define CKA_SUBJECT 0x00000101UL +-#define CKA_ID 0x00000102UL +-#define CKA_SENSITIVE 0x00000103UL +-#define CKA_ENCRYPT 0x00000104UL +-#define CKA_DECRYPT 0x00000105UL +-#define CKA_WRAP 0x00000106UL +-#define CKA_UNWRAP 0x00000107UL +-#define CKA_SIGN 0x00000108UL +-#define CKA_SIGN_RECOVER 0x00000109UL +-#define CKA_VERIFY 0x0000010AUL +-#define CKA_VERIFY_RECOVER 0x0000010BUL +-#define CKA_DERIVE 0x0000010CUL +-#define CKA_START_DATE 0x00000110UL +-#define CKA_END_DATE 0x00000111UL +-#define CKA_MODULUS 0x00000120UL +-#define CKA_MODULUS_BITS 0x00000121UL +-#define CKA_PUBLIC_EXPONENT 0x00000122UL +-#define CKA_PRIVATE_EXPONENT 0x00000123UL +-#define CKA_PRIME_1 0x00000124UL +-#define CKA_PRIME_2 0x00000125UL +-#define CKA_EXPONENT_1 0x00000126UL +-#define CKA_EXPONENT_2 0x00000127UL +-#define CKA_COEFFICIENT 0x00000128UL +-#define CKA_PUBLIC_KEY_INFO 0x00000129UL +-#define CKA_PRIME 0x00000130UL +-#define CKA_SUBPRIME 0x00000131UL +-#define CKA_BASE 0x00000132UL +- +-#define CKA_PRIME_BITS 0x00000133UL +-#define CKA_SUBPRIME_BITS 0x00000134UL +-#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS +- +-#define CKA_VALUE_BITS 0x00000160UL +-#define CKA_VALUE_LEN 0x00000161UL +-#define CKA_EXTRACTABLE 0x00000162UL +-#define CKA_LOCAL 0x00000163UL +-#define CKA_NEVER_EXTRACTABLE 0x00000164UL +-#define CKA_ALWAYS_SENSITIVE 0x00000165UL +-#define CKA_KEY_GEN_MECHANISM 0x00000166UL +- +-#define CKA_MODIFIABLE 0x00000170UL +-#define CKA_COPYABLE 0x00000171UL +- +-#define CKA_DESTROYABLE 0x00000172UL +- +-#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ +-#define CKA_EC_PARAMS 0x00000180UL +- +-#define CKA_EC_POINT 0x00000181UL +- +-#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ +-#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ +- +-#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL +- +-#define CKA_WRAP_WITH_TRUSTED 0x00000210UL +-#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) +-#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) +-#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) +- +-#define CKA_OTP_FORMAT 0x00000220UL +-#define CKA_OTP_LENGTH 0x00000221UL +-#define CKA_OTP_TIME_INTERVAL 0x00000222UL +-#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL +-#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL +-#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL +-#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL +-#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL +-#define CKA_OTP_COUNTER 0x0000022EUL +-#define CKA_OTP_TIME 0x0000022FUL +-#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL +-#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL +-#define CKA_OTP_SERVICE_LOGO 0x0000022CUL +-#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL +- +-#define CKA_GOSTR3410_PARAMS 0x00000250UL +-#define CKA_GOSTR3411_PARAMS 0x00000251UL +-#define CKA_GOST28147_PARAMS 0x00000252UL +- +-#define CKA_HW_FEATURE_TYPE 0x00000300UL +-#define CKA_RESET_ON_INIT 0x00000301UL +-#define CKA_HAS_RESET 0x00000302UL +- +-#define CKA_PIXEL_X 0x00000400UL +-#define CKA_PIXEL_Y 0x00000401UL +-#define CKA_RESOLUTION 0x00000402UL +-#define CKA_CHAR_ROWS 0x00000403UL +-#define CKA_CHAR_COLUMNS 0x00000404UL +-#define CKA_COLOR 0x00000405UL +-#define CKA_BITS_PER_PIXEL 0x00000406UL +-#define CKA_CHAR_SETS 0x00000480UL +-#define CKA_ENCODING_METHODS 0x00000481UL +-#define CKA_MIME_TYPES 0x00000482UL +-#define CKA_MECHANISM_TYPE 0x00000500UL +-#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL +-#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL +-#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL +-#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) +- +-#define CKA_VENDOR_DEFINED 0x80000000UL +- +-/* CK_ATTRIBUTE is a structure that includes the type, length +- * and value of an attribute +- */ +-typedef struct CK_ATTRIBUTE { +- CK_ATTRIBUTE_TYPE type; +- CK_VOID_PTR pValue; +- CK_ULONG ulValueLen; /* in bytes */ +-} CK_ATTRIBUTE; +- +-typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; +- +-/* CK_DATE is a structure that defines a date */ +-typedef struct CK_DATE{ +- CK_CHAR year[4]; /* the year ("1900" - "9999") */ +- CK_CHAR month[2]; /* the month ("01" - "12") */ +- CK_CHAR day[2]; /* the day ("01" - "31") */ +-} CK_DATE; +- +- +-/* CK_MECHANISM_TYPE is a value that identifies a mechanism +- * type +- */ +-typedef CK_ULONG CK_MECHANISM_TYPE; +- +-/* the following mechanism types are defined: */ +-#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +-#define CKM_RSA_PKCS 0x00000001UL +-#define CKM_RSA_9796 0x00000002UL +-#define CKM_RSA_X_509 0x00000003UL +- +-#define CKM_MD2_RSA_PKCS 0x00000004UL +-#define CKM_MD5_RSA_PKCS 0x00000005UL +-#define CKM_SHA1_RSA_PKCS 0x00000006UL +- +-#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL +-#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL +-#define CKM_RSA_PKCS_OAEP 0x00000009UL +- +-#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL +-#define CKM_RSA_X9_31 0x0000000BUL +-#define CKM_SHA1_RSA_X9_31 0x0000000CUL +-#define CKM_RSA_PKCS_PSS 0x0000000DUL +-#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +- +-#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL +-#define CKM_DSA 0x00000011UL +-#define CKM_DSA_SHA1 0x00000012UL +-#define CKM_DSA_SHA224 0x00000013UL +-#define CKM_DSA_SHA256 0x00000014UL +-#define CKM_DSA_SHA384 0x00000015UL +-#define CKM_DSA_SHA512 0x00000016UL +- +-#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL +-#define CKM_DH_PKCS_DERIVE 0x00000021UL +- +-#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL +-#define CKM_X9_42_DH_DERIVE 0x00000031UL +-#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL +-#define CKM_X9_42_MQV_DERIVE 0x00000033UL +- +-#define CKM_SHA256_RSA_PKCS 0x00000040UL +-#define CKM_SHA384_RSA_PKCS 0x00000041UL +-#define CKM_SHA512_RSA_PKCS 0x00000042UL +-#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +-#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +-#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +- +-#define CKM_SHA224_RSA_PKCS 0x00000046UL +-#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL +- +-#define CKM_SHA512_224 0x00000048UL +-#define CKM_SHA512_224_HMAC 0x00000049UL +-#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL +-#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL +-#define CKM_SHA512_256 0x0000004CUL +-#define CKM_SHA512_256_HMAC 0x0000004DUL +-#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL +-#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL +- +-#define CKM_SHA512_T 0x00000050UL +-#define CKM_SHA512_T_HMAC 0x00000051UL +-#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL +-#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL +- +-#define CKM_RC2_KEY_GEN 0x00000100UL +-#define CKM_RC2_ECB 0x00000101UL +-#define CKM_RC2_CBC 0x00000102UL +-#define CKM_RC2_MAC 0x00000103UL +- +-#define CKM_RC2_MAC_GENERAL 0x00000104UL +-#define CKM_RC2_CBC_PAD 0x00000105UL +- +-#define CKM_RC4_KEY_GEN 0x00000110UL +-#define CKM_RC4 0x00000111UL +-#define CKM_DES_KEY_GEN 0x00000120UL +-#define CKM_DES_ECB 0x00000121UL +-#define CKM_DES_CBC 0x00000122UL +-#define CKM_DES_MAC 0x00000123UL +- +-#define CKM_DES_MAC_GENERAL 0x00000124UL +-#define CKM_DES_CBC_PAD 0x00000125UL +- +-#define CKM_DES2_KEY_GEN 0x00000130UL +-#define CKM_DES3_KEY_GEN 0x00000131UL +-#define CKM_DES3_ECB 0x00000132UL +-#define CKM_DES3_CBC 0x00000133UL +-#define CKM_DES3_MAC 0x00000134UL +- +-#define CKM_DES3_MAC_GENERAL 0x00000135UL +-#define CKM_DES3_CBC_PAD 0x00000136UL +-#define CKM_DES3_CMAC_GENERAL 0x00000137UL +-#define CKM_DES3_CMAC 0x00000138UL +-#define CKM_CDMF_KEY_GEN 0x00000140UL +-#define CKM_CDMF_ECB 0x00000141UL +-#define CKM_CDMF_CBC 0x00000142UL +-#define CKM_CDMF_MAC 0x00000143UL +-#define CKM_CDMF_MAC_GENERAL 0x00000144UL +-#define CKM_CDMF_CBC_PAD 0x00000145UL +- +-#define CKM_DES_OFB64 0x00000150UL +-#define CKM_DES_OFB8 0x00000151UL +-#define CKM_DES_CFB64 0x00000152UL +-#define CKM_DES_CFB8 0x00000153UL +- +-#define CKM_MD2 0x00000200UL +- +-#define CKM_MD2_HMAC 0x00000201UL +-#define CKM_MD2_HMAC_GENERAL 0x00000202UL +- +-#define CKM_MD5 0x00000210UL +- +-#define CKM_MD5_HMAC 0x00000211UL +-#define CKM_MD5_HMAC_GENERAL 0x00000212UL +- +-#define CKM_SHA_1 0x00000220UL +- +-#define CKM_SHA_1_HMAC 0x00000221UL +-#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL +- +-#define CKM_RIPEMD128 0x00000230UL +-#define CKM_RIPEMD128_HMAC 0x00000231UL +-#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL +-#define CKM_RIPEMD160 0x00000240UL +-#define CKM_RIPEMD160_HMAC 0x00000241UL +-#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL +- +-#define CKM_SHA256 0x00000250UL +-#define CKM_SHA256_HMAC 0x00000251UL +-#define CKM_SHA256_HMAC_GENERAL 0x00000252UL +-#define CKM_SHA224 0x00000255UL +-#define CKM_SHA224_HMAC 0x00000256UL +-#define CKM_SHA224_HMAC_GENERAL 0x00000257UL +-#define CKM_SHA384 0x00000260UL +-#define CKM_SHA384_HMAC 0x00000261UL +-#define CKM_SHA384_HMAC_GENERAL 0x00000262UL +-#define CKM_SHA512 0x00000270UL +-#define CKM_SHA512_HMAC 0x00000271UL +-#define CKM_SHA512_HMAC_GENERAL 0x00000272UL +-#define CKM_SECURID_KEY_GEN 0x00000280UL +-#define CKM_SECURID 0x00000282UL +-#define CKM_HOTP_KEY_GEN 0x00000290UL +-#define CKM_HOTP 0x00000291UL +-#define CKM_ACTI 0x000002A0UL +-#define CKM_ACTI_KEY_GEN 0x000002A1UL +- +-#define CKM_CAST_KEY_GEN 0x00000300UL +-#define CKM_CAST_ECB 0x00000301UL +-#define CKM_CAST_CBC 0x00000302UL +-#define CKM_CAST_MAC 0x00000303UL +-#define CKM_CAST_MAC_GENERAL 0x00000304UL +-#define CKM_CAST_CBC_PAD 0x00000305UL +-#define CKM_CAST3_KEY_GEN 0x00000310UL +-#define CKM_CAST3_ECB 0x00000311UL +-#define CKM_CAST3_CBC 0x00000312UL +-#define CKM_CAST3_MAC 0x00000313UL +-#define CKM_CAST3_MAC_GENERAL 0x00000314UL +-#define CKM_CAST3_CBC_PAD 0x00000315UL +-/* Note that CAST128 and CAST5 are the same algorithm */ +-#define CKM_CAST5_KEY_GEN 0x00000320UL +-#define CKM_CAST128_KEY_GEN 0x00000320UL +-#define CKM_CAST5_ECB 0x00000321UL +-#define CKM_CAST128_ECB 0x00000321UL +-#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ +-#define CKM_CAST128_CBC 0x00000322UL +-#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ +-#define CKM_CAST128_MAC 0x00000323UL +-#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ +-#define CKM_CAST128_MAC_GENERAL 0x00000324UL +-#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ +-#define CKM_CAST128_CBC_PAD 0x00000325UL +-#define CKM_RC5_KEY_GEN 0x00000330UL +-#define CKM_RC5_ECB 0x00000331UL +-#define CKM_RC5_CBC 0x00000332UL +-#define CKM_RC5_MAC 0x00000333UL +-#define CKM_RC5_MAC_GENERAL 0x00000334UL +-#define CKM_RC5_CBC_PAD 0x00000335UL +-#define CKM_IDEA_KEY_GEN 0x00000340UL +-#define CKM_IDEA_ECB 0x00000341UL +-#define CKM_IDEA_CBC 0x00000342UL +-#define CKM_IDEA_MAC 0x00000343UL +-#define CKM_IDEA_MAC_GENERAL 0x00000344UL +-#define CKM_IDEA_CBC_PAD 0x00000345UL +-#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL +-#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL +-#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL +-#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL +-#define CKM_XOR_BASE_AND_DATA 0x00000364UL +-#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL +-#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL +-#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL +-#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL +- +-#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL +-#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL +-#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL +-#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL +-#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL +- +-#define CKM_TLS_PRF 0x00000378UL +- +-#define CKM_SSL3_MD5_MAC 0x00000380UL +-#define CKM_SSL3_SHA1_MAC 0x00000381UL +-#define CKM_MD5_KEY_DERIVATION 0x00000390UL +-#define CKM_MD2_KEY_DERIVATION 0x00000391UL +-#define CKM_SHA1_KEY_DERIVATION 0x00000392UL +- +-#define CKM_SHA256_KEY_DERIVATION 0x00000393UL +-#define CKM_SHA384_KEY_DERIVATION 0x00000394UL +-#define CKM_SHA512_KEY_DERIVATION 0x00000395UL +-#define CKM_SHA224_KEY_DERIVATION 0x00000396UL +- +-#define CKM_PBE_MD2_DES_CBC 0x000003A0UL +-#define CKM_PBE_MD5_DES_CBC 0x000003A1UL +-#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL +-#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL +-#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ +-#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL +-#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ +-#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL +-#define CKM_PBE_SHA1_RC4_128 0x000003A6UL +-#define CKM_PBE_SHA1_RC4_40 0x000003A7UL +-#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL +-#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL +-#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL +-#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL +- +-#define CKM_PKCS5_PBKD2 0x000003B0UL +- +-#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL +- +-#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL +-#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL +-#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL +-#define CKM_WTLS_PRF 0x000003D3UL +-#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL +-#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL +- +-#define CKM_TLS10_MAC_SERVER 0x000003D6UL +-#define CKM_TLS10_MAC_CLIENT 0x000003D7UL +-#define CKM_TLS12_MAC 0x000003D8UL +-#define CKM_TLS12_KDF 0x000003D9UL +-#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL +-#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL +-#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL +-#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL +-#define CKM_TLS_MAC 0x000003E4UL +-#define CKM_TLS_KDF 0x000003E5UL +- +-#define CKM_KEY_WRAP_LYNKS 0x00000400UL +-#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL +- +-#define CKM_CMS_SIG 0x00000500UL +-#define CKM_KIP_DERIVE 0x00000510UL +-#define CKM_KIP_WRAP 0x00000511UL +-#define CKM_KIP_MAC 0x00000512UL +- +-#define CKM_CAMELLIA_KEY_GEN 0x00000550UL +-#define CKM_CAMELLIA_ECB 0x00000551UL +-#define CKM_CAMELLIA_CBC 0x00000552UL +-#define CKM_CAMELLIA_MAC 0x00000553UL +-#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL +-#define CKM_CAMELLIA_CBC_PAD 0x00000555UL +-#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL +-#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL +-#define CKM_CAMELLIA_CTR 0x00000558UL +- +-#define CKM_ARIA_KEY_GEN 0x00000560UL +-#define CKM_ARIA_ECB 0x00000561UL +-#define CKM_ARIA_CBC 0x00000562UL +-#define CKM_ARIA_MAC 0x00000563UL +-#define CKM_ARIA_MAC_GENERAL 0x00000564UL +-#define CKM_ARIA_CBC_PAD 0x00000565UL +-#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL +-#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL +- +-#define CKM_SEED_KEY_GEN 0x00000650UL +-#define CKM_SEED_ECB 0x00000651UL +-#define CKM_SEED_CBC 0x00000652UL +-#define CKM_SEED_MAC 0x00000653UL +-#define CKM_SEED_MAC_GENERAL 0x00000654UL +-#define CKM_SEED_CBC_PAD 0x00000655UL +-#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL +-#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL +- +-#define CKM_SKIPJACK_KEY_GEN 0x00001000UL +-#define CKM_SKIPJACK_ECB64 0x00001001UL +-#define CKM_SKIPJACK_CBC64 0x00001002UL +-#define CKM_SKIPJACK_OFB64 0x00001003UL +-#define CKM_SKIPJACK_CFB64 0x00001004UL +-#define CKM_SKIPJACK_CFB32 0x00001005UL +-#define CKM_SKIPJACK_CFB16 0x00001006UL +-#define CKM_SKIPJACK_CFB8 0x00001007UL +-#define CKM_SKIPJACK_WRAP 0x00001008UL +-#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL +-#define CKM_SKIPJACK_RELAYX 0x0000100aUL +-#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL +-#define CKM_KEA_KEY_DERIVE 0x00001011UL +-#define CKM_KEA_DERIVE 0x00001012UL +-#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL +-#define CKM_BATON_KEY_GEN 0x00001030UL +-#define CKM_BATON_ECB128 0x00001031UL +-#define CKM_BATON_ECB96 0x00001032UL +-#define CKM_BATON_CBC128 0x00001033UL +-#define CKM_BATON_COUNTER 0x00001034UL +-#define CKM_BATON_SHUFFLE 0x00001035UL +-#define CKM_BATON_WRAP 0x00001036UL +- +-#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ +-#define CKM_EC_KEY_PAIR_GEN 0x00001040UL +- +-#define CKM_ECDSA 0x00001041UL +-#define CKM_ECDSA_SHA1 0x00001042UL +-#define CKM_ECDSA_SHA224 0x00001043UL +-#define CKM_ECDSA_SHA256 0x00001044UL +-#define CKM_ECDSA_SHA384 0x00001045UL +-#define CKM_ECDSA_SHA512 0x00001046UL +- +-#define CKM_ECDH1_DERIVE 0x00001050UL +-#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL +-#define CKM_ECMQV_DERIVE 0x00001052UL +- +-#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL +-#define CKM_RSA_AES_KEY_WRAP 0x00001054UL +- +-#define CKM_JUNIPER_KEY_GEN 0x00001060UL +-#define CKM_JUNIPER_ECB128 0x00001061UL +-#define CKM_JUNIPER_CBC128 0x00001062UL +-#define CKM_JUNIPER_COUNTER 0x00001063UL +-#define CKM_JUNIPER_SHUFFLE 0x00001064UL +-#define CKM_JUNIPER_WRAP 0x00001065UL +-#define CKM_FASTHASH 0x00001070UL +- +-#define CKM_AES_KEY_GEN 0x00001080UL +-#define CKM_AES_ECB 0x00001081UL +-#define CKM_AES_CBC 0x00001082UL +-#define CKM_AES_MAC 0x00001083UL +-#define CKM_AES_MAC_GENERAL 0x00001084UL +-#define CKM_AES_CBC_PAD 0x00001085UL +-#define CKM_AES_CTR 0x00001086UL +-#define CKM_AES_GCM 0x00001087UL +-#define CKM_AES_CCM 0x00001088UL +-#define CKM_AES_CTS 0x00001089UL +-#define CKM_AES_CMAC 0x0000108AUL +-#define CKM_AES_CMAC_GENERAL 0x0000108BUL +- +-#define CKM_AES_XCBC_MAC 0x0000108CUL +-#define CKM_AES_XCBC_MAC_96 0x0000108DUL +-#define CKM_AES_GMAC 0x0000108EUL +- +-#define CKM_BLOWFISH_KEY_GEN 0x00001090UL +-#define CKM_BLOWFISH_CBC 0x00001091UL +-#define CKM_TWOFISH_KEY_GEN 0x00001092UL +-#define CKM_TWOFISH_CBC 0x00001093UL +-#define CKM_BLOWFISH_CBC_PAD 0x00001094UL +-#define CKM_TWOFISH_CBC_PAD 0x00001095UL +- +-#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL +-#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL +-#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL +-#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL +-#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL +-#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL +- +-#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL +-#define CKM_GOSTR3410 0x00001201UL +-#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL +-#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL +-#define CKM_GOSTR3410_DERIVE 0x00001204UL +-#define CKM_GOSTR3411 0x00001210UL +-#define CKM_GOSTR3411_HMAC 0x00001211UL +-#define CKM_GOST28147_KEY_GEN 0x00001220UL +-#define CKM_GOST28147_ECB 0x00001221UL +-#define CKM_GOST28147 0x00001222UL +-#define CKM_GOST28147_MAC 0x00001223UL +-#define CKM_GOST28147_KEY_WRAP 0x00001224UL +- +-#define CKM_DSA_PARAMETER_GEN 0x00002000UL +-#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL +-#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL +-#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +-#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL +- +-#define CKM_AES_OFB 0x00002104UL +-#define CKM_AES_CFB64 0x00002105UL +-#define CKM_AES_CFB8 0x00002106UL +-#define CKM_AES_CFB128 0x00002107UL +- +-#define CKM_AES_CFB1 0x00002108UL +-#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ +-#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ +- +-#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL +-#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL +- +-#define CKM_VENDOR_DEFINED 0x80000000UL +- +-typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; +- +- +-/* CK_MECHANISM is a structure that specifies a particular +- * mechanism +- */ +-typedef struct CK_MECHANISM { +- CK_MECHANISM_TYPE mechanism; +- CK_VOID_PTR pParameter; +- CK_ULONG ulParameterLen; /* in bytes */ +-} CK_MECHANISM; +- +-typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; +- +- +-/* CK_MECHANISM_INFO provides information about a particular +- * mechanism +- */ +-typedef struct CK_MECHANISM_INFO { +- CK_ULONG ulMinKeySize; +- CK_ULONG ulMaxKeySize; +- CK_FLAGS flags; +-} CK_MECHANISM_INFO; +- +-/* The flags are defined as follows: +- * Bit Flag Mask Meaning */ +-#define CKF_HW 0x00000001UL /* performed by HW */ +- +-/* Specify whether or not a mechanism can be used for a particular task */ +-#define CKF_ENCRYPT 0x00000100UL +-#define CKF_DECRYPT 0x00000200UL +-#define CKF_DIGEST 0x00000400UL +-#define CKF_SIGN 0x00000800UL +-#define CKF_SIGN_RECOVER 0x00001000UL +-#define CKF_VERIFY 0x00002000UL +-#define CKF_VERIFY_RECOVER 0x00004000UL +-#define CKF_GENERATE 0x00008000UL +-#define CKF_GENERATE_KEY_PAIR 0x00010000UL +-#define CKF_WRAP 0x00020000UL +-#define CKF_UNWRAP 0x00040000UL +-#define CKF_DERIVE 0x00080000UL +- +-/* Describe a token's EC capabilities not available in mechanism +- * information. +- */ +-#define CKF_EC_F_P 0x00100000UL +-#define CKF_EC_F_2M 0x00200000UL +-#define CKF_EC_ECPARAMETERS 0x00400000UL +-#define CKF_EC_NAMEDCURVE 0x00800000UL +-#define CKF_EC_UNCOMPRESS 0x01000000UL +-#define CKF_EC_COMPRESS 0x02000000UL +- +-#define CKF_EXTENSION 0x80000000UL +- +-typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; +- +-/* CK_RV is a value that identifies the return value of a +- * Cryptoki function +- */ +-typedef CK_ULONG CK_RV; +- +-#define CKR_OK 0x00000000UL +-#define CKR_CANCEL 0x00000001UL +-#define CKR_HOST_MEMORY 0x00000002UL +-#define CKR_SLOT_ID_INVALID 0x00000003UL +- +-#define CKR_GENERAL_ERROR 0x00000005UL +-#define CKR_FUNCTION_FAILED 0x00000006UL +- +-#define CKR_ARGUMENTS_BAD 0x00000007UL +-#define CKR_NO_EVENT 0x00000008UL +-#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL +-#define CKR_CANT_LOCK 0x0000000AUL +- +-#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL +-#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL +-#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL +-#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL +- +-#define CKR_ACTION_PROHIBITED 0x0000001BUL +- +-#define CKR_DATA_INVALID 0x00000020UL +-#define CKR_DATA_LEN_RANGE 0x00000021UL +-#define CKR_DEVICE_ERROR 0x00000030UL +-#define CKR_DEVICE_MEMORY 0x00000031UL +-#define CKR_DEVICE_REMOVED 0x00000032UL +-#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL +-#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +-#define CKR_FUNCTION_CANCELED 0x00000050UL +-#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL +- +-#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL +- +-#define CKR_KEY_HANDLE_INVALID 0x00000060UL +- +-#define CKR_KEY_SIZE_RANGE 0x00000062UL +-#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL +- +-#define CKR_KEY_NOT_NEEDED 0x00000064UL +-#define CKR_KEY_CHANGED 0x00000065UL +-#define CKR_KEY_NEEDED 0x00000066UL +-#define CKR_KEY_INDIGESTIBLE 0x00000067UL +-#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL +-#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL +-#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL +- +-#define CKR_MECHANISM_INVALID 0x00000070UL +-#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL +- +-#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL +-#define CKR_OPERATION_ACTIVE 0x00000090UL +-#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL +-#define CKR_PIN_INCORRECT 0x000000A0UL +-#define CKR_PIN_INVALID 0x000000A1UL +-#define CKR_PIN_LEN_RANGE 0x000000A2UL +- +-#define CKR_PIN_EXPIRED 0x000000A3UL +-#define CKR_PIN_LOCKED 0x000000A4UL +- +-#define CKR_SESSION_CLOSED 0x000000B0UL +-#define CKR_SESSION_COUNT 0x000000B1UL +-#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL +-#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL +-#define CKR_SESSION_READ_ONLY 0x000000B5UL +-#define CKR_SESSION_EXISTS 0x000000B6UL +- +-#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL +-#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL +- +-#define CKR_SIGNATURE_INVALID 0x000000C0UL +-#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL +-#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL +-#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL +-#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL +-#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL +-#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL +-#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL +-#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL +-#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL +-#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL +-#define CKR_USER_NOT_LOGGED_IN 0x00000101UL +-#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL +-#define CKR_USER_TYPE_INVALID 0x00000103UL +- +-#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL +-#define CKR_USER_TOO_MANY_TYPES 0x00000105UL +- +-#define CKR_WRAPPED_KEY_INVALID 0x00000110UL +-#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL +-#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL +-#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL +-#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL +-#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL +- +-#define CKR_RANDOM_NO_RNG 0x00000121UL +- +-#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL +- +-#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL +- +-#define CKR_BUFFER_TOO_SMALL 0x00000150UL +-#define CKR_SAVED_STATE_INVALID 0x00000160UL +-#define CKR_INFORMATION_SENSITIVE 0x00000170UL +-#define CKR_STATE_UNSAVEABLE 0x00000180UL +- +-#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL +-#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL +-#define CKR_MUTEX_BAD 0x000001A0UL +-#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL +- +-#define CKR_NEW_PIN_MODE 0x000001B0UL +-#define CKR_NEXT_OTP 0x000001B1UL +- +-#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL +-#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL +-#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL +-#define CKR_PIN_TOO_WEAK 0x000001B8UL +-#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL +- +-#define CKR_FUNCTION_REJECTED 0x00000200UL +- +-#define CKR_VENDOR_DEFINED 0x80000000UL +- +- +-/* CK_NOTIFY is an application callback that processes events */ +-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( +- CK_SESSION_HANDLE hSession, /* the session's handle */ +- CK_NOTIFICATION event, +- CK_VOID_PTR pApplication /* passed to C_OpenSession */ +-); +- +- +-/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec +- * version and pointers of appropriate types to all the +- * Cryptoki functions +- */ +-typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; +- +-typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; +- +-typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; +- +- +-/* CK_CREATEMUTEX is an application callback for creating a +- * mutex object +- */ +-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( +- CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ +-); +- +- +-/* CK_DESTROYMUTEX is an application callback for destroying a +- * mutex object +- */ +-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( +- CK_VOID_PTR pMutex /* pointer to mutex */ +-); +- +- +-/* CK_LOCKMUTEX is an application callback for locking a mutex */ +-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( +- CK_VOID_PTR pMutex /* pointer to mutex */ +-); +- +- +-/* CK_UNLOCKMUTEX is an application callback for unlocking a +- * mutex +- */ +-typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( +- CK_VOID_PTR pMutex /* pointer to mutex */ +-); +- +- +-/* CK_C_INITIALIZE_ARGS provides the optional arguments to +- * C_Initialize +- */ +-typedef struct CK_C_INITIALIZE_ARGS { +- CK_CREATEMUTEX CreateMutex; +- CK_DESTROYMUTEX DestroyMutex; +- CK_LOCKMUTEX LockMutex; +- CK_UNLOCKMUTEX UnlockMutex; +- CK_FLAGS flags; +- CK_VOID_PTR pReserved; +-} CK_C_INITIALIZE_ARGS; +- +-/* flags: bit flags that provide capabilities of the slot +- * Bit Flag Mask Meaning +- */ +-#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL +-#define CKF_OS_LOCKING_OK 0x00000002UL +- +-typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; +- +- +-/* additional flags for parameters to functions */ +- +-/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ +-#define CKF_DONT_BLOCK 1 +- +-/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message +- * Generation Function (MGF) applied to a message block when +- * formatting a message block for the PKCS #1 OAEP encryption +- * scheme. +- */ +-typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; +- +-typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; +- +-/* The following MGFs are defined */ +-#define CKG_MGF1_SHA1 0x00000001UL +-#define CKG_MGF1_SHA256 0x00000002UL +-#define CKG_MGF1_SHA384 0x00000003UL +-#define CKG_MGF1_SHA512 0x00000004UL +-#define CKG_MGF1_SHA224 0x00000005UL +- +-/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source +- * of the encoding parameter when formatting a message block +- * for the PKCS #1 OAEP encryption scheme. +- */ +-typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; +- +-typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; +- +-/* The following encoding parameter sources are defined */ +-#define CKZ_DATA_SPECIFIED 0x00000001UL +- +-/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the +- * CKM_RSA_PKCS_OAEP mechanism. +- */ +-typedef struct CK_RSA_PKCS_OAEP_PARAMS { +- CK_MECHANISM_TYPE hashAlg; +- CK_RSA_PKCS_MGF_TYPE mgf; +- CK_RSA_PKCS_OAEP_SOURCE_TYPE source; +- CK_VOID_PTR pSourceData; +- CK_ULONG ulSourceDataLen; +-} CK_RSA_PKCS_OAEP_PARAMS; +- +-typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; +- +-/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the +- * CKM_RSA_PKCS_PSS mechanism(s). +- */ +-typedef struct CK_RSA_PKCS_PSS_PARAMS { +- CK_MECHANISM_TYPE hashAlg; +- CK_RSA_PKCS_MGF_TYPE mgf; +- CK_ULONG sLen; +-} CK_RSA_PKCS_PSS_PARAMS; +- +-typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; +- +-typedef CK_ULONG CK_EC_KDF_TYPE; +- +-/* The following EC Key Derivation Functions are defined */ +-#define CKD_NULL 0x00000001UL +-#define CKD_SHA1_KDF 0x00000002UL +- +-/* The following X9.42 DH key derivation functions are defined */ +-#define CKD_SHA1_KDF_ASN1 0x00000003UL +-#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL +-#define CKD_SHA224_KDF 0x00000005UL +-#define CKD_SHA256_KDF 0x00000006UL +-#define CKD_SHA384_KDF 0x00000007UL +-#define CKD_SHA512_KDF 0x00000008UL +-#define CKD_CPDIVERSIFY_KDF 0x00000009UL +- +- +-/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the +- * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, +- * where each party contributes one key pair. +- */ +-typedef struct CK_ECDH1_DERIVE_PARAMS { +- CK_EC_KDF_TYPE kdf; +- CK_ULONG ulSharedDataLen; +- CK_BYTE_PTR pSharedData; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +-} CK_ECDH1_DERIVE_PARAMS; +- +-typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; +- +-/* +- * CK_ECDH2_DERIVE_PARAMS provides the parameters to the +- * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. +- */ +-typedef struct CK_ECDH2_DERIVE_PARAMS { +- CK_EC_KDF_TYPE kdf; +- CK_ULONG ulSharedDataLen; +- CK_BYTE_PTR pSharedData; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPrivateDataLen; +- CK_OBJECT_HANDLE hPrivateData; +- CK_ULONG ulPublicDataLen2; +- CK_BYTE_PTR pPublicData2; +-} CK_ECDH2_DERIVE_PARAMS; +- +-typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; +- +-typedef struct CK_ECMQV_DERIVE_PARAMS { +- CK_EC_KDF_TYPE kdf; +- CK_ULONG ulSharedDataLen; +- CK_BYTE_PTR pSharedData; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPrivateDataLen; +- CK_OBJECT_HANDLE hPrivateData; +- CK_ULONG ulPublicDataLen2; +- CK_BYTE_PTR pPublicData2; +- CK_OBJECT_HANDLE publicKey; +-} CK_ECMQV_DERIVE_PARAMS; +- +-typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; +- +-/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the +- * CKM_X9_42_DH_PARAMETER_GEN mechanisms +- */ +-typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; +-typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; +- +-/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the +- * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party +- * contributes one key pair +- */ +-typedef struct CK_X9_42_DH1_DERIVE_PARAMS { +- CK_X9_42_DH_KDF_TYPE kdf; +- CK_ULONG ulOtherInfoLen; +- CK_BYTE_PTR pOtherInfo; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +-} CK_X9_42_DH1_DERIVE_PARAMS; +- +-typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; +- +-/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the +- * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation +- * mechanisms, where each party contributes two key pairs +- */ +-typedef struct CK_X9_42_DH2_DERIVE_PARAMS { +- CK_X9_42_DH_KDF_TYPE kdf; +- CK_ULONG ulOtherInfoLen; +- CK_BYTE_PTR pOtherInfo; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPrivateDataLen; +- CK_OBJECT_HANDLE hPrivateData; +- CK_ULONG ulPublicDataLen2; +- CK_BYTE_PTR pPublicData2; +-} CK_X9_42_DH2_DERIVE_PARAMS; +- +-typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; +- +-typedef struct CK_X9_42_MQV_DERIVE_PARAMS { +- CK_X9_42_DH_KDF_TYPE kdf; +- CK_ULONG ulOtherInfoLen; +- CK_BYTE_PTR pOtherInfo; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPrivateDataLen; +- CK_OBJECT_HANDLE hPrivateData; +- CK_ULONG ulPublicDataLen2; +- CK_BYTE_PTR pPublicData2; +- CK_OBJECT_HANDLE publicKey; +-} CK_X9_42_MQV_DERIVE_PARAMS; +- +-typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; +- +-/* CK_KEA_DERIVE_PARAMS provides the parameters to the +- * CKM_KEA_DERIVE mechanism +- */ +-typedef struct CK_KEA_DERIVE_PARAMS { +- CK_BBOOL isSender; +- CK_ULONG ulRandomLen; +- CK_BYTE_PTR pRandomA; +- CK_BYTE_PTR pRandomB; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +-} CK_KEA_DERIVE_PARAMS; +- +-typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; +- +- +-/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and +- * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just +- * holds the effective keysize +- */ +-typedef CK_ULONG CK_RC2_PARAMS; +- +-typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; +- +- +-/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC +- * mechanism +- */ +-typedef struct CK_RC2_CBC_PARAMS { +- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ +- CK_BYTE iv[8]; /* IV for CBC mode */ +-} CK_RC2_CBC_PARAMS; +- +-typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; +- +- +-/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the +- * CKM_RC2_MAC_GENERAL mechanism +- */ +-typedef struct CK_RC2_MAC_GENERAL_PARAMS { +- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ +- CK_ULONG ulMacLength; /* Length of MAC in bytes */ +-} CK_RC2_MAC_GENERAL_PARAMS; +- +-typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ +- CK_RC2_MAC_GENERAL_PARAMS_PTR; +- +- +-/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and +- * CKM_RC5_MAC mechanisms +- */ +-typedef struct CK_RC5_PARAMS { +- CK_ULONG ulWordsize; /* wordsize in bits */ +- CK_ULONG ulRounds; /* number of rounds */ +-} CK_RC5_PARAMS; +- +-typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; +- +- +-/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC +- * mechanism +- */ +-typedef struct CK_RC5_CBC_PARAMS { +- CK_ULONG ulWordsize; /* wordsize in bits */ +- CK_ULONG ulRounds; /* number of rounds */ +- CK_BYTE_PTR pIv; /* pointer to IV */ +- CK_ULONG ulIvLen; /* length of IV in bytes */ +-} CK_RC5_CBC_PARAMS; +- +-typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; +- +- +-/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the +- * CKM_RC5_MAC_GENERAL mechanism +- */ +-typedef struct CK_RC5_MAC_GENERAL_PARAMS { +- CK_ULONG ulWordsize; /* wordsize in bits */ +- CK_ULONG ulRounds; /* number of rounds */ +- CK_ULONG ulMacLength; /* Length of MAC in bytes */ +-} CK_RC5_MAC_GENERAL_PARAMS; +- +-typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ +- CK_RC5_MAC_GENERAL_PARAMS_PTR; +- +-/* CK_MAC_GENERAL_PARAMS provides the parameters to most block +- * ciphers' MAC_GENERAL mechanisms. Its value is the length of +- * the MAC +- */ +-typedef CK_ULONG CK_MAC_GENERAL_PARAMS; +- +-typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; +- +-typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { +- CK_BYTE iv[8]; +- CK_BYTE_PTR pData; +- CK_ULONG length; +-} CK_DES_CBC_ENCRYPT_DATA_PARAMS; +- +-typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; +- +-typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { +- CK_BYTE iv[16]; +- CK_BYTE_PTR pData; +- CK_ULONG length; +-} CK_AES_CBC_ENCRYPT_DATA_PARAMS; +- +-typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; +- +-/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the +- * CKM_SKIPJACK_PRIVATE_WRAP mechanism +- */ +-typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { +- CK_ULONG ulPasswordLen; +- CK_BYTE_PTR pPassword; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPAndGLen; +- CK_ULONG ulQLen; +- CK_ULONG ulRandomLen; +- CK_BYTE_PTR pRandomA; +- CK_BYTE_PTR pPrimeP; +- CK_BYTE_PTR pBaseG; +- CK_BYTE_PTR pSubprimeQ; +-} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; +- +-typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ +- CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; +- +- +-/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the +- * CKM_SKIPJACK_RELAYX mechanism +- */ +-typedef struct CK_SKIPJACK_RELAYX_PARAMS { +- CK_ULONG ulOldWrappedXLen; +- CK_BYTE_PTR pOldWrappedX; +- CK_ULONG ulOldPasswordLen; +- CK_BYTE_PTR pOldPassword; +- CK_ULONG ulOldPublicDataLen; +- CK_BYTE_PTR pOldPublicData; +- CK_ULONG ulOldRandomLen; +- CK_BYTE_PTR pOldRandomA; +- CK_ULONG ulNewPasswordLen; +- CK_BYTE_PTR pNewPassword; +- CK_ULONG ulNewPublicDataLen; +- CK_BYTE_PTR pNewPublicData; +- CK_ULONG ulNewRandomLen; +- CK_BYTE_PTR pNewRandomA; +-} CK_SKIPJACK_RELAYX_PARAMS; +- +-typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \ +- CK_SKIPJACK_RELAYX_PARAMS_PTR; +- +- +-typedef struct CK_PBE_PARAMS { +- CK_BYTE_PTR pInitVector; +- CK_UTF8CHAR_PTR pPassword; +- CK_ULONG ulPasswordLen; +- CK_BYTE_PTR pSalt; +- CK_ULONG ulSaltLen; +- CK_ULONG ulIteration; +-} CK_PBE_PARAMS; +- +-typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; +- +- +-/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the +- * CKM_KEY_WRAP_SET_OAEP mechanism +- */ +-typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { +- CK_BYTE bBC; /* block contents byte */ +- CK_BYTE_PTR pX; /* extra data */ +- CK_ULONG ulXLen; /* length of extra data in bytes */ +-} CK_KEY_WRAP_SET_OAEP_PARAMS; +- +-typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; +- +-typedef struct CK_SSL3_RANDOM_DATA { +- CK_BYTE_PTR pClientRandom; +- CK_ULONG ulClientRandomLen; +- CK_BYTE_PTR pServerRandom; +- CK_ULONG ulServerRandomLen; +-} CK_SSL3_RANDOM_DATA; +- +- +-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { +- CK_SSL3_RANDOM_DATA RandomInfo; +- CK_VERSION_PTR pVersion; +-} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; +- +-typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ +- CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; +- +-typedef struct CK_SSL3_KEY_MAT_OUT { +- CK_OBJECT_HANDLE hClientMacSecret; +- CK_OBJECT_HANDLE hServerMacSecret; +- CK_OBJECT_HANDLE hClientKey; +- CK_OBJECT_HANDLE hServerKey; +- CK_BYTE_PTR pIVClient; +- CK_BYTE_PTR pIVServer; +-} CK_SSL3_KEY_MAT_OUT; +- +-typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; +- +- +-typedef struct CK_SSL3_KEY_MAT_PARAMS { +- CK_ULONG ulMacSizeInBits; +- CK_ULONG ulKeySizeInBits; +- CK_ULONG ulIVSizeInBits; +- CK_BBOOL bIsExport; +- CK_SSL3_RANDOM_DATA RandomInfo; +- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +-} CK_SSL3_KEY_MAT_PARAMS; +- +-typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; +- +-typedef struct CK_TLS_PRF_PARAMS { +- CK_BYTE_PTR pSeed; +- CK_ULONG ulSeedLen; +- CK_BYTE_PTR pLabel; +- CK_ULONG ulLabelLen; +- CK_BYTE_PTR pOutput; +- CK_ULONG_PTR pulOutputLen; +-} CK_TLS_PRF_PARAMS; +- +-typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; +- +-typedef struct CK_WTLS_RANDOM_DATA { +- CK_BYTE_PTR pClientRandom; +- CK_ULONG ulClientRandomLen; +- CK_BYTE_PTR pServerRandom; +- CK_ULONG ulServerRandomLen; +-} CK_WTLS_RANDOM_DATA; +- +-typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; +- +-typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { +- CK_MECHANISM_TYPE DigestMechanism; +- CK_WTLS_RANDOM_DATA RandomInfo; +- CK_BYTE_PTR pVersion; +-} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; +- +-typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \ +- CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; +- +-typedef struct CK_WTLS_PRF_PARAMS { +- CK_MECHANISM_TYPE DigestMechanism; +- CK_BYTE_PTR pSeed; +- CK_ULONG ulSeedLen; +- CK_BYTE_PTR pLabel; +- CK_ULONG ulLabelLen; +- CK_BYTE_PTR pOutput; +- CK_ULONG_PTR pulOutputLen; +-} CK_WTLS_PRF_PARAMS; +- +-typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; +- +-typedef struct CK_WTLS_KEY_MAT_OUT { +- CK_OBJECT_HANDLE hMacSecret; +- CK_OBJECT_HANDLE hKey; +- CK_BYTE_PTR pIV; +-} CK_WTLS_KEY_MAT_OUT; +- +-typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; +- +-typedef struct CK_WTLS_KEY_MAT_PARAMS { +- CK_MECHANISM_TYPE DigestMechanism; +- CK_ULONG ulMacSizeInBits; +- CK_ULONG ulKeySizeInBits; +- CK_ULONG ulIVSizeInBits; +- CK_ULONG ulSequenceNumber; +- CK_BBOOL bIsExport; +- CK_WTLS_RANDOM_DATA RandomInfo; +- CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +-} CK_WTLS_KEY_MAT_PARAMS; +- +-typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; +- +-typedef struct CK_CMS_SIG_PARAMS { +- CK_OBJECT_HANDLE certificateHandle; +- CK_MECHANISM_PTR pSigningMechanism; +- CK_MECHANISM_PTR pDigestMechanism; +- CK_UTF8CHAR_PTR pContentType; +- CK_BYTE_PTR pRequestedAttributes; +- CK_ULONG ulRequestedAttributesLen; +- CK_BYTE_PTR pRequiredAttributes; +- CK_ULONG ulRequiredAttributesLen; +-} CK_CMS_SIG_PARAMS; +- +-typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; +- +-typedef struct CK_KEY_DERIVATION_STRING_DATA { +- CK_BYTE_PTR pData; +- CK_ULONG ulLen; +-} CK_KEY_DERIVATION_STRING_DATA; +- +-typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ +- CK_KEY_DERIVATION_STRING_DATA_PTR; +- +- +-/* The CK_EXTRACT_PARAMS is used for the +- * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit +- * of the base key should be used as the first bit of the +- * derived key +- */ +-typedef CK_ULONG CK_EXTRACT_PARAMS; +- +-typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; +- +-/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to +- * indicate the Pseudo-Random Function (PRF) used to generate +- * key bits using PKCS #5 PBKDF2. +- */ +-typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; +- +-typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ +- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; +- +-#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL +-#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL +-#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL +- +-/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the +- * source of the salt value when deriving a key using PKCS #5 +- * PBKDF2. +- */ +-typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; +- +-typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ +- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; +- +-/* The following salt value sources are defined in PKCS #5 v2.0. */ +-#define CKZ_SALT_SPECIFIED 0x00000001UL +- +-/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the +- * parameters to the CKM_PKCS5_PBKD2 mechanism. +- */ +-typedef struct CK_PKCS5_PBKD2_PARAMS { +- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; +- CK_VOID_PTR pSaltSourceData; +- CK_ULONG ulSaltSourceDataLen; +- CK_ULONG iterations; +- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; +- CK_VOID_PTR pPrfData; +- CK_ULONG ulPrfDataLen; +- CK_UTF8CHAR_PTR pPassword; +- CK_ULONG_PTR ulPasswordLen; +-} CK_PKCS5_PBKD2_PARAMS; +- +-typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; +- +-/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS +- * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism +- * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. +- */ +-typedef struct CK_PKCS5_PBKD2_PARAMS2 { +- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; +- CK_VOID_PTR pSaltSourceData; +- CK_ULONG ulSaltSourceDataLen; +- CK_ULONG iterations; +- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; +- CK_VOID_PTR pPrfData; +- CK_ULONG ulPrfDataLen; +- CK_UTF8CHAR_PTR pPassword; +- CK_ULONG ulPasswordLen; +-} CK_PKCS5_PBKD2_PARAMS2; +- +-typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; +- +-typedef CK_ULONG CK_OTP_PARAM_TYPE; +-typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ +- +-typedef struct CK_OTP_PARAM { +- CK_OTP_PARAM_TYPE type; +- CK_VOID_PTR pValue; +- CK_ULONG ulValueLen; +-} CK_OTP_PARAM; +- +-typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; +- +-typedef struct CK_OTP_PARAMS { +- CK_OTP_PARAM_PTR pParams; +- CK_ULONG ulCount; +-} CK_OTP_PARAMS; +- +-typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; +- +-typedef struct CK_OTP_SIGNATURE_INFO { +- CK_OTP_PARAM_PTR pParams; +- CK_ULONG ulCount; +-} CK_OTP_SIGNATURE_INFO; +- +-typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; +- +-#define CK_OTP_VALUE 0UL +-#define CK_OTP_PIN 1UL +-#define CK_OTP_CHALLENGE 2UL +-#define CK_OTP_TIME 3UL +-#define CK_OTP_COUNTER 4UL +-#define CK_OTP_FLAGS 5UL +-#define CK_OTP_OUTPUT_LENGTH 6UL +-#define CK_OTP_OUTPUT_FORMAT 7UL +- +-#define CKF_NEXT_OTP 0x00000001UL +-#define CKF_EXCLUDE_TIME 0x00000002UL +-#define CKF_EXCLUDE_COUNTER 0x00000004UL +-#define CKF_EXCLUDE_CHALLENGE 0x00000008UL +-#define CKF_EXCLUDE_PIN 0x00000010UL +-#define CKF_USER_FRIENDLY_OTP 0x00000020UL +- +-typedef struct CK_KIP_PARAMS { +- CK_MECHANISM_PTR pMechanism; +- CK_OBJECT_HANDLE hKey; +- CK_BYTE_PTR pSeed; +- CK_ULONG ulSeedLen; +-} CK_KIP_PARAMS; +- +-typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; +- +-typedef struct CK_AES_CTR_PARAMS { +- CK_ULONG ulCounterBits; +- CK_BYTE cb[16]; +-} CK_AES_CTR_PARAMS; +- +-typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; +- +-typedef struct CK_GCM_PARAMS { +- CK_BYTE_PTR pIv; +- CK_ULONG ulIvLen; +- CK_ULONG ulIvBits; +- CK_BYTE_PTR pAAD; +- CK_ULONG ulAADLen; +- CK_ULONG ulTagBits; +-} CK_GCM_PARAMS; +- +-typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; +- +-typedef struct CK_CCM_PARAMS { +- CK_ULONG ulDataLen; +- CK_BYTE_PTR pNonce; +- CK_ULONG ulNonceLen; +- CK_BYTE_PTR pAAD; +- CK_ULONG ulAADLen; +- CK_ULONG ulMACLen; +-} CK_CCM_PARAMS; +- +-typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; +- +-/* Deprecated. Use CK_GCM_PARAMS */ +-typedef struct CK_AES_GCM_PARAMS { +- CK_BYTE_PTR pIv; +- CK_ULONG ulIvLen; +- CK_ULONG ulIvBits; +- CK_BYTE_PTR pAAD; +- CK_ULONG ulAADLen; +- CK_ULONG ulTagBits; +-} CK_AES_GCM_PARAMS; +- +-typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; +- +-/* Deprecated. Use CK_CCM_PARAMS */ +-typedef struct CK_AES_CCM_PARAMS { +- CK_ULONG ulDataLen; +- CK_BYTE_PTR pNonce; +- CK_ULONG ulNonceLen; +- CK_BYTE_PTR pAAD; +- CK_ULONG ulAADLen; +- CK_ULONG ulMACLen; +-} CK_AES_CCM_PARAMS; +- +-typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; +- +-typedef struct CK_CAMELLIA_CTR_PARAMS { +- CK_ULONG ulCounterBits; +- CK_BYTE cb[16]; +-} CK_CAMELLIA_CTR_PARAMS; +- +-typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; +- +-typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { +- CK_BYTE iv[16]; +- CK_BYTE_PTR pData; +- CK_ULONG length; +-} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; +- +-typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ +- CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +- +-typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { +- CK_BYTE iv[16]; +- CK_BYTE_PTR pData; +- CK_ULONG length; +-} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; +- +-typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ +- CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +- +-typedef struct CK_DSA_PARAMETER_GEN_PARAM { +- CK_MECHANISM_TYPE hash; +- CK_BYTE_PTR pSeed; +- CK_ULONG ulSeedLen; +- CK_ULONG ulIndex; +-} CK_DSA_PARAMETER_GEN_PARAM; +- +-typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; +- +-typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { +- CK_ULONG ulAESKeyBits; +- CK_EC_KDF_TYPE kdf; +- CK_ULONG ulSharedDataLen; +- CK_BYTE_PTR pSharedData; +-} CK_ECDH_AES_KEY_WRAP_PARAMS; +- +-typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; +- +-typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; +- +-typedef CK_ULONG CK_CERTIFICATE_CATEGORY; +- +-typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { +- CK_ULONG ulAESKeyBits; +- CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; +-} CK_RSA_AES_KEY_WRAP_PARAMS; +- +-typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; +- +-typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { +- CK_SSL3_RANDOM_DATA RandomInfo; +- CK_VERSION_PTR pVersion; +- CK_MECHANISM_TYPE prfHashMechanism; +-} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; +- +-typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ +- CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; +- +-typedef struct CK_TLS12_KEY_MAT_PARAMS { +- CK_ULONG ulMacSizeInBits; +- CK_ULONG ulKeySizeInBits; +- CK_ULONG ulIVSizeInBits; +- CK_BBOOL bIsExport; +- CK_SSL3_RANDOM_DATA RandomInfo; +- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +- CK_MECHANISM_TYPE prfHashMechanism; +-} CK_TLS12_KEY_MAT_PARAMS; +- +-typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; +- +-typedef struct CK_TLS_KDF_PARAMS { +- CK_MECHANISM_TYPE prfMechanism; +- CK_BYTE_PTR pLabel; +- CK_ULONG ulLabelLength; +- CK_SSL3_RANDOM_DATA RandomInfo; +- CK_BYTE_PTR pContextData; +- CK_ULONG ulContextDataLength; +-} CK_TLS_KDF_PARAMS; +- +-typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; +- +-typedef struct CK_TLS_MAC_PARAMS { +- CK_MECHANISM_TYPE prfHashMechanism; +- CK_ULONG ulMacLength; +- CK_ULONG ulServerOrClient; +-} CK_TLS_MAC_PARAMS; +- +-typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; +- +-typedef struct CK_GOSTR3410_DERIVE_PARAMS { +- CK_EC_KDF_TYPE kdf; +- CK_BYTE_PTR pPublicData; +- CK_ULONG ulPublicDataLen; +- CK_BYTE_PTR pUKM; +- CK_ULONG ulUKMLen; +-} CK_GOSTR3410_DERIVE_PARAMS; +- +-typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; +- +-typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { +- CK_BYTE_PTR pWrapOID; +- CK_ULONG ulWrapOIDLen; +- CK_BYTE_PTR pUKM; +- CK_ULONG ulUKMLen; +- CK_OBJECT_HANDLE hKey; +-} CK_GOSTR3410_KEY_WRAP_PARAMS; +- +-typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; +- +-typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { +- CK_BYTE iv[16]; +- CK_BYTE_PTR pData; +- CK_ULONG length; +-} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; +- +-typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ +- CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; +- +-#endif /* _PKCS11T_H_ */ +- +-- +2.17.1 + diff --git a/SOURCES/softhsm-2.4.0.tar.gz.sig b/SOURCES/softhsm-2.4.0.tar.gz.sig new file mode 100644 index 0000000..341ad2c Binary files /dev/null and b/SOURCES/softhsm-2.4.0.tar.gz.sig differ diff --git a/SPECS/softhsm.spec b/SPECS/softhsm.spec new file mode 100644 index 0000000..fcdb948 --- /dev/null +++ b/SPECS/softhsm.spec @@ -0,0 +1,258 @@ +#global prever rc1 + +Summary: Software version of a PKCS#11 Hardware Security Module +Name: softhsm +Version: 2.4.0 +Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} +License: BSD +Url: http://www.opendnssec.org/ +Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz +Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig + +Patch1: softhsm-2.3.0-reset-mutex-callbacks.patch +Patch2: softhsm-2.4.0-use-p11-kit-headers.patch + +Group: Applications/System +BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel +BuildRequires: gcc-c++, pkgconfig, p11-kit-devel, nss-devel + +Requires(pre): shadow-utils +Requires: p11-kit, nss-tools +Requires: openssl-libs >= 1.0.1k-6 + +%global _hardened_build 1 + +%global softhsm_module "SoftHSM PKCS #11 Module" + +%description +OpenDNSSEC is providing a software implementation of a generic +cryptographic device with a PKCS#11 interface, the SoftHSM. SoftHSM is +designed to meet the requirements of OpenDNSSEC, but can also work together +with other cryptographic products because of the PKCS#11 interface. + +%package devel +Summary: Development package of softhsm that includes the header files +Group: Development/Libraries +Requires: %{name} = %{version}-%{release}, openssl-devel, sqlite-devel +%if 0%{?prever:1} +BuildRequires: autoconf, libtool, automake +%endif + +%description devel +The devel package contains the libsofthsm include files + +%prep +%setup -q -n %{name}-%{version}%{?prever} + +%patch1 -p1 +%patch2 -p1 + +%if 0%{?prever:1} +autoreconf -fiv +%endif + +# remove softhsm/ subdir auto-added to --libdir +sed -i "s:full_libdir/softhsm:full_libdir:g" configure +%if 0%{?prever:1} +sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac +%endif +sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in + +%build +%configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \ + --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/ + +make %{?_smp_mflags} +# install our copy of pk11install taken from coolkey package + +%check +# skip while cppunit is broken +#make check + +%install +rm -rf %{buildroot} +make DESTDIR=%{buildroot} install + +rm %{buildroot}/%{_sysconfdir}/softhsm2.conf.sample +rm -f %{buildroot}/%{_libdir}/pkcs11/*a +mkdir -p %{buildroot}%{_includedir}/softhsm +cp src/lib/*.h %{buildroot}%{_includedir}/softhsm +mkdir -p %{buildroot}/%{_sharedstatedir}/softhsm/tokens + +# leave a softlink where softhsm-1 installed its library. Programs like +# opendnssec have that filename in their configuration file. +mkdir -p %{buildroot}/%{_libdir}/softhsm/ +ln -s ../pkcs11/libsofthsm2.so %{buildroot}/%{_libdir}/softhsm/libsofthsm.so +# rhbz#1272423 NSS needs it to be in the search path too +( cd %{buildroot}/%{_libdir} ; ln -s pkcs11/libsofthsm2.so) + +%files +%config(noreplace) %{_sysconfdir}/softhsm2.conf +%{_bindir}/* +%dir %{_libdir}/softhsm +%{_libdir}/pkcs11/libsofthsm2.so +%{_libdir}/libsofthsm2.so +%{_libdir}/softhsm/libsofthsm.so +%attr(0664,root,root) %{_datadir}/p11-kit/modules/softhsm2.module +%attr(0750,ods,ods) %dir %{_sharedstatedir}/softhsm +%attr(1770,ods,ods) %dir %{_sharedstatedir}/softhsm/tokens +%doc LICENSE README.md NEWS +%{_mandir}/*/* + +%files devel +%attr(0755,root,root) %dir %{_includedir}/softhsm +%{_includedir}/softhsm/*.h + +%pre +getent group ods >/dev/null || groupadd -r ods +getent passwd ods >/dev/null || \ + useradd -r -g ods -d %{_sharedstatedir}/softhsm -s /sbin/nologin \ + -c "softhsm private keys owner" ods +exit 0 + +%post + +%triggerpostun -- softhsm < 2.0.0 +if [ -f /var/softhsm/slot0.db ]; then + runuser -g ods ods -c 'softhsm2-migrate --db /var/softhsm/slot0.db --pin 1234 --slot 0' || : +fi + +%changelog +* Fri Aug 17 2018 Alexander Bokovoy - 2.4.0-2 +- Replace PKCS11 headers by a more liberal version from p11-kit +- Fixes: rhbz#1615766 + +* Sat Aug 11 2018 Nikos Mavrogiannopoulos - 2.4.0-1 +- Updated to latest upstream release + +* Tue Jul 31 2018 Alexander Bokovoy - 2.3.0-4 +- Fix crash when used as a PKCS11 library via p11-kit (#1608690) + +* Fri Feb 09 2018 Fedora Release Engineering - 2.3.0-3.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Fri Feb 02 2018 Nikos Mavrogiannopoulos - 2.3.0-3 +- Remove softhsm2-pk11install. Software modules are to be registered with + p11-kit as in https://fedoraproject.org/wiki/PackagingDrafts/Pkcs11Support (#1541095). + +* Tue Dec 05 2017 Jakub Jelen - 2.3.0-2 +- Add support for RSA-PSS from upstrem PR#335 + +* Tue Dec 05 2017 Jakub Jelen - 2.3.0-1 +- New upstream release (#1467329) + +* Thu Aug 03 2017 Fedora Release Engineering - 2.2.0-2.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 2.2.0-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jun 27 2017 Nikos Mavrogiannopoulos - 2.2.0-2 +- Increased the level of messages that go to syslog, thus softhsm + will no longer write on syslog when it cannot open the shared DB (#1425135) +- Allow users in the 'ods' group to store their keys in /var/lib/softhsm/tokens/ + while at the same time disallow deleting other users' keys (using the + sticky bit). Prevent users in the 'ods' group from writing in /var/lib/softhsm. + +* Thu Jun 22 2017 Nikos Mavrogiannopoulos - 2.2.0-1 +- Rebased to latest upstream release + +* Sat Feb 11 2017 Fedora Release Engineering - 2.1.0-2.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Fri Sep 23 2016 Paul Wouters - 2.1.0-2 +- Resolves: rhbz#1378800 Module cleanup crash + +* Mon May 16 2016 Paul Wouters - 2.1.0-1 +- Resolves: rhbz#1244461 Updated to 2.1.0 +- Resolves: rhbz#1272423 Softhsm PKCS#11 module not visible to NSS becasue it is not in the search path +- Resolves: rhbz#1177086 A marked as trusted certificate cannot be written in a softhsmv2 db +- Resolves: rhbz#1272453 - A marked as CA certificate cannot be written in a softhsmv2 db +- Removed merged in bug#162 patch +- Temporarily disable make check because cppunit is broken + +* Thu Feb 25 2016 Paul Wouters - 2.0.0-2 +- Resolves: rhbz#1272453 A marked as CA certificate cannot be written in a softhsmv2 db + +* Fri Feb 05 2016 Fedora Release Engineering - 2.0.0-1.1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Sep 02 2015 Paul Wouters - 2.0.0-1 +- Resolves: rhbz#1244461 Update to softhsm-2.0.0 +- Resolves: rhbz#1177086 A marked as trusted certificate cannot be written in a softhsmv2 db +- Resolves: rhbz#1159827 Typo in homedir in /etc/passwd +- Added global prever to toggle snapshot vs full release build changes + +* Fri Jun 26 2015 Petr Spacek - 2.0.0rc1-3 +- Add dependency on OpenSSL with fixed AES wrapping support + +* Fri Jun 19 2015 Fedora Release Engineering - 2.0.0rc1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Mon Jun 01 2015 Petr Spacek - 2.0.0rc1-1 +- Rebase to latest upstream release + +* Sat May 02 2015 Kalev Lember - 2.0.0b1-4 +- Rebuilt for GCC 5 C++11 ABI change + +* Tue Sep 30 2014 Paul Wouters - 2.0.0b1-3 +- Add support for CKM_RSA_PKCS_OAEP key un/wrapping [Petr Spacek] +- Use OpenSSL EVP interface for AES key wrapping [Petr Spacek] +- Fix softhsm2-pk11install buid and post call +- Do not use --with-objectstore-backend-db (causes issues on i686) +- Change install directory to /usr/lib*/pkcs11/ +- Install pkcs11 module file +- Use official upstream tar ball +- Create ods user to own softhsm/token files +- Enable migration tools (for softhsm-v1 installs) +- Add softlink for softhsm-v1 .so (needed for opendnssec's conf.xml) +- Require p11-kit, nss-tools, for SoftHSM PKCS #11 Module file +- Copy pk11install.c from coolkey package +- Enable hardened build +- Add upstream official source url + +* Mon Aug 18 2014 Fedora Release Engineering - 1.3.6-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 1.3.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Apr 18 2014 Paul Wouters - 1.3.6-1 +- Updated to 1.3.6 (rhbz#1070196) +- Provide a p11-kit module file (rhbz#1085327) + +* Sun Nov 03 2013 Paul Wouters - 1.3.5-1 +- Updated to 1.3.5 (rhbz#987721) + +* Tue Jul 30 2013 Paul Wouters - 1.3.3-4 +- Rebuilt for new botan - requires --with-botan argument + +* Fri Feb 15 2013 Fedora Release Engineering - 1.3.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Sat Jul 21 2012 Fedora Release Engineering - 1.3.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon Jun 04 2012 Paul Wouters - 1.3.3-1 +- Updated to 1.3.3 + +* Tue Apr 03 2012 Paul Wouters - 1.3.2-1 +- Updated to 1.3.2. +- Changed user from opendnssec to ods, as used in the opendnssec package + +* Sat Jan 14 2012 Fedora Release Engineering - 1.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Oct 27 2011 Paul Wouters - 1.3.0-3 +- Initial Fedora package +- Do not install the .a file +- Use a separate "opendnssec" user to own /var/sofhsm + +* Tue Oct 25 2011 Paul Wouters - 1.3.0-2 +- Fix description texts w.r.t. include files + +* Wed Oct 05 2011 Paul Wouters - 1.3.0-1 +- Upgraded to 1.3.0 + +* Thu Mar 3 2011 Paul Wouters - 1.2.0-1 +- Initial package for Fedora