diff --git a/.gitignore b/.gitignore index fe9b476..b8c2a03 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/softhsm-2.4.0.tar.gz +SOURCES/softhsm-2.6.0.tar.gz diff --git a/.softhsm.metadata b/.softhsm.metadata index c899af6..24b031a 100644 --- a/.softhsm.metadata +++ b/.softhsm.metadata @@ -1 +1 @@ -398502be47a21deb7d10f259a7fc89a357d52ecd SOURCES/softhsm-2.4.0.tar.gz +da4220189c358741a42a63442561ec07996badaf SOURCES/softhsm-2.6.0.tar.gz diff --git a/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch b/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch deleted file mode 100644 index 2bf4047..0000000 --- a/SOURCES/softhsm-2.3.0-reset-mutex-callbacks.patch +++ /dev/null @@ -1,72 +0,0 @@ -From 16f994e7944a917fa81c8db11c56c594f4e78b40 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Tue, 31 Jul 2018 14:59:03 +0300 -Subject: [PATCH] Reset mutex callbacks to the default version when finished - -If a PKCS11 API caller provided own mutex handling callbacks, -we need to ensure they aren't used after C_Finalize is called -and SoftHSM instance is recycled. - -Inability to do so may lead to a situation where callbacks might -be provided by a different dynamically loaded object which is removed -after C_Finalize() call. Thus, callback pointers become invalid and -calling them leads to crashes. - -Fixes: https://github.com/opendnssec/SoftHSMv2/issues/408 - -Signed-off-by: Alexander Bokovoy ---- - src/lib/SoftHSM.cpp | 16 ++++++++++++---- - 1 file changed, 12 insertions(+), 4 deletions(-) - -diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp -index ee94d3f..e4cc044 100644 ---- a/src/lib/SoftHSM.cpp -+++ b/src/lib/SoftHSM.cpp -@@ -314,6 +314,15 @@ static CK_ATTRIBUTE bsAttribute(CK_ATTRIBUTE_TYPE type, const ByteString &value) - /***************************************************************************** - Implementation of SoftHSM class specific functions - *****************************************************************************/ -+static void resetMutexFactoryCallbacks() -+{ -+ // Reset MutexFactory callbacks to our versions -+ MutexFactory::i()->setCreateMutex(OSCreateMutex); -+ MutexFactory::i()->setDestroyMutex(OSDestroyMutex); -+ MutexFactory::i()->setLockMutex(OSLockMutex); -+ MutexFactory::i()->setUnlockMutex(OSUnlockMutex); -+} -+ - - // Return the one-and-only instance - SoftHSM* SoftHSM::i() -@@ -342,6 +351,7 @@ SoftHSM::SoftHSM() - slotManager = NULL; - sessionManager = NULL; - handleManager = NULL; -+ resetMutexFactoryCallbacks(); - } - - // Destructor -@@ -352,6 +362,7 @@ SoftHSM::~SoftHSM() - if (slotManager != NULL) delete slotManager; - if (objectStore != NULL) delete objectStore; - if (sessionObjectStore != NULL) delete sessionObjectStore; -+ resetMutexFactoryCallbacks(); - } - - /***************************************************************************** -@@ -402,10 +413,7 @@ CK_RV SoftHSM::C_Initialize(CK_VOID_PTR pInitArgs) - if (args->flags & CKF_OS_LOCKING_OK) - { - // Use our own mutex functions. -- MutexFactory::i()->setCreateMutex(OSCreateMutex); -- MutexFactory::i()->setDestroyMutex(OSDestroyMutex); -- MutexFactory::i()->setLockMutex(OSLockMutex); -- MutexFactory::i()->setUnlockMutex(OSUnlockMutex); -+ resetMutexFactoryCallbacks(); - MutexFactory::i()->enable(); - } - else --- -2.17.1 - diff --git a/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch b/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch deleted file mode 100644 index 7641c46..0000000 --- a/SOURCES/softhsm-2.4.0-use-p11-kit-headers.patch +++ /dev/null @@ -1,5181 +0,0 @@ -From 227aea681d6a3835134dccdf1e9e9e4fac8796d4 Mon Sep 17 00:00:00 2001 -From: Alexander Bokovoy -Date: Sat, 11 Aug 2018 11:31:23 +0300 -Subject: [PATCH] Replace PKCS11 headers with a version from p11-kit - -Since headers provided by OASIS PKCS11 TC have not-exactly free license -(they do not allow modification), use an alternative header from p11-kit -which is licensed under a more liberal license. - -Vendor-specific constants were also updated to PKCS11 standard v3.0 -where possible. ---- - src/bin/dump/tables.h | 2 +- - src/lib/P11Attributes.cpp | 4 +- - src/lib/SoftHSM.cpp | 8 +- - src/lib/object_store/DBObject.cpp | 2 +- - src/lib/object_store/test/DBObjectTests.cpp | 8 +- - src/lib/object_store/test/ObjectFileTests.cpp | 8 +- - .../object_store/test/SessionObjectTests.cpp | 8 +- - src/lib/pkcs11/pkcs11.h | 1991 +++++++++++++--- - src/lib/pkcs11/pkcs11f.h | 939 -------- - src/lib/pkcs11/pkcs11t.h | 2003 ----------------- - 10 files changed, 1758 insertions(+), 3215 deletions(-) - delete mode 100644 src/lib/pkcs11/pkcs11f.h - delete mode 100644 src/lib/pkcs11/pkcs11t.h - -diff --git a/src/bin/dump/tables.h b/src/bin/dump/tables.h -index 76d64fb..d125a2b 100644 ---- a/src/bin/dump/tables.h -+++ b/src/bin/dump/tables.h -@@ -88,7 +88,7 @@ void fill_CKA_table(std::map &t) - t[CKA_SUBPRIME] = "CKA_SUBPRIME"; - t[CKA_BASE] = "CKA_BASE"; - t[CKA_PRIME_BITS] = "CKA_PRIME_BITS"; -- t[CKA_SUBPRIME_BITS] = "CKA_SUBPRIME_BITS"; -+ t[CKA_SUB_PRIME_BITS] = "CKA_SUB_PRIME_BITS"; - t[CKA_VALUE_BITS] = "CKA_VALUE_BITS"; - t[CKA_VALUE_LEN] = "CKA_VALUE_LEN"; - t[CKA_EXTRACTABLE] = "CKA_EXTRACTABLE"; -diff --git a/src/lib/P11Attributes.cpp b/src/lib/P11Attributes.cpp -index 28d0f9b..02b71d7 100644 ---- a/src/lib/P11Attributes.cpp -+++ b/src/lib/P11Attributes.cpp -@@ -2350,7 +2350,7 @@ CK_RV P11AttrWrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK_V - case CKA_KEY_GEN_MECHANISM: - case CKA_MODULUS_BITS: - case CKA_PRIME_BITS: -- case CKA_SUBPRIME_BITS: -+ case CKA_SUB_PRIME_BITS: - case CKA_VALUE_BITS: - case CKA_VALUE_LEN: - case CKA_AUTH_PIN_FLAGS: -@@ -2449,7 +2449,7 @@ CK_RV P11AttrUnwrapTemplate::updateAttr(Token* /*token*/, bool /*isPrivate*/, CK - case CKA_KEY_GEN_MECHANISM: - case CKA_MODULUS_BITS: - case CKA_PRIME_BITS: -- case CKA_SUBPRIME_BITS: -+ case CKA_SUB_PRIME_BITS: - case CKA_VALUE_BITS: - case CKA_VALUE_LEN: - case CKA_AUTH_PIN_FLAGS: -diff --git a/src/lib/SoftHSM.cpp b/src/lib/SoftHSM.cpp -index 7a23a8a..84a5f5f 100644 ---- a/src/lib/SoftHSM.cpp -+++ b/src/lib/SoftHSM.cpp -@@ -8149,10 +8149,10 @@ CK_RV SoftHSM::generateDSAParameters - } - bitLen = *(CK_ULONG*)pTemplate[i].pValue; - break; -- case CKA_SUBPRIME_BITS: -+ case CKA_SUB_PRIME_BITS: - if (pTemplate[i].ulValueLen != sizeof(CK_ULONG)) - { -- INFO_MSG("CKA_SUBPRIME_BITS does not have the size of CK_ULONG"); -+ INFO_MSG("CKA_SUB_PRIME_BITS does not have the size of CK_ULONG"); - return CKR_ATTRIBUTE_VALUE_INVALID; - } - qLen = *(CK_ULONG*)pTemplate[i].pValue; -@@ -8169,11 +8169,11 @@ CK_RV SoftHSM::generateDSAParameters - return CKR_TEMPLATE_INCOMPLETE; - } - -- // No real choice for CKA_SUBPRIME_BITS -+ // No real choice for CKA_SUB_PRIME_BITS - if ((qLen != 0) && - (((bitLen >= 2048) && (qLen != 256)) || - ((bitLen < 2048) && (qLen != 160)))) -- INFO_MSG("CKA_SUBPRIME_BITS is ignored"); -+ INFO_MSG("CKA_SUB_PRIME_BITS is ignored"); - - - // Generate domain parameters -diff --git a/src/lib/object_store/DBObject.cpp b/src/lib/object_store/DBObject.cpp -index d2515bd..1861aff 100644 ---- a/src/lib/object_store/DBObject.cpp -+++ b/src/lib/object_store/DBObject.cpp -@@ -452,7 +452,7 @@ static AttributeKind attributeKind(CK_ATTRIBUTE_TYPE type) - case CKA_SUBPRIME: return akBinary; - case CKA_BASE: return akBinary; - case CKA_PRIME_BITS: return akInteger; -- case CKA_SUBPRIME_BITS: return akInteger; -+ case CKA_SUB_PRIME_BITS: return akInteger; - case CKA_VALUE_BITS: return akInteger; - case CKA_VALUE_LEN: return akInteger; - case CKA_EXTRACTABLE: return akBoolean; -diff --git a/src/lib/object_store/test/DBObjectTests.cpp b/src/lib/object_store/test/DBObjectTests.cpp -index d856b06..22d252c 100644 ---- a/src/lib/object_store/test/DBObjectTests.cpp -+++ b/src/lib/object_store/test/DBObjectTests.cpp -@@ -202,7 +202,7 @@ void test_a_dbobject_with_an_object::should_store_unsigned_long_attributes() - CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); -- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); -+ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); - } - -@@ -215,20 +215,20 @@ void test_a_dbobject_with_an_object::should_store_unsigned_long_attributes() - CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); -- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); -+ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); - CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); - - CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); -- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); -+ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); - - CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue(), (unsigned long)0x12345678); - CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue(), (unsigned long)0x87654321); - CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue(), (unsigned long)0x01010101); -- CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue(), (unsigned long)0x10101010); -+ CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue(), (unsigned long)0x10101010); - CPPUNIT_ASSERT_EQUAL(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue(), (unsigned long)0xABCDEF); - - unsigned long value6 = 0x90909090; -diff --git a/src/lib/object_store/test/ObjectFileTests.cpp b/src/lib/object_store/test/ObjectFileTests.cpp -index 9f0f5bd..f3c3ae5 100644 ---- a/src/lib/object_store/test/ObjectFileTests.cpp -+++ b/src/lib/object_store/test/ObjectFileTests.cpp -@@ -158,7 +158,7 @@ void ObjectFileTests::testULongAttr() - CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); -- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); -+ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); - } - -@@ -175,20 +175,20 @@ void ObjectFileTests::testULongAttr() - CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); -- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); -+ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); - CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); - - CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); -- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); -+ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); - - CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue() == 0x12345678); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue() == 0x87654321); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue() == 0x01010101); -- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue() == 0x10101010); -+ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue() == 0x10101010); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue() == 0xABCDEF); - - unsigned long value6 = 0x90909090; -diff --git a/src/lib/object_store/test/SessionObjectTests.cpp b/src/lib/object_store/test/SessionObjectTests.cpp -index 6183ec6..20d9052 100644 ---- a/src/lib/object_store/test/SessionObjectTests.cpp -+++ b/src/lib/object_store/test/SessionObjectTests.cpp -@@ -125,7 +125,7 @@ void SessionObjectTests::testULongAttr() - CPPUNIT_ASSERT(testObject.setAttribute(CKA_MODULUS_BITS, attr1)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_PRIME_BITS, attr2)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_AUTH_PIN_FLAGS, attr3)); -- CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUBPRIME_BITS, attr4)); -+ CPPUNIT_ASSERT(testObject.setAttribute(CKA_SUB_PRIME_BITS, attr4)); - CPPUNIT_ASSERT(testObject.setAttribute(CKA_KEY_TYPE, attr5)); - - CPPUNIT_ASSERT(testObject.isValid()); -@@ -133,20 +133,20 @@ void SessionObjectTests::testULongAttr() - CPPUNIT_ASSERT(testObject.attributeExists(CKA_MODULUS_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_AUTH_PIN_FLAGS)); -- CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUBPRIME_BITS)); -+ CPPUNIT_ASSERT(testObject.attributeExists(CKA_SUB_PRIME_BITS)); - CPPUNIT_ASSERT(testObject.attributeExists(CKA_KEY_TYPE)); - CPPUNIT_ASSERT(!testObject.attributeExists(CKA_ID)); - - CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).isUnsignedLongAttribute()); -- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).isUnsignedLongAttribute()); -+ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).isUnsignedLongAttribute()); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).isUnsignedLongAttribute()); - - CPPUNIT_ASSERT(testObject.getAttribute(CKA_MODULUS_BITS).getUnsignedLongValue() == 0x12345678); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_PRIME_BITS).getUnsignedLongValue() == 0x87654321); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_AUTH_PIN_FLAGS).getUnsignedLongValue() == 0x01010101); -- CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUBPRIME_BITS).getUnsignedLongValue() == 0x10101010); -+ CPPUNIT_ASSERT(testObject.getAttribute(CKA_SUB_PRIME_BITS).getUnsignedLongValue() == 0x10101010); - CPPUNIT_ASSERT(testObject.getAttribute(CKA_KEY_TYPE).getUnsignedLongValue() == 0xABCDEF); - - unsigned long value6 = 0x90909090; -diff --git a/src/lib/pkcs11/pkcs11.h b/src/lib/pkcs11/pkcs11.h -index 0d78dd7..9d31ce8 100644 ---- a/src/lib/pkcs11/pkcs11.h -+++ b/src/lib/pkcs11/pkcs11.h -@@ -1,265 +1,1750 @@ --/* Copyright (c) OASIS Open 2016. All Rights Reserved./ -- * /Distributed under the terms of the OASIS IPR Policy, -- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY -- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A -- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. -- */ -- --/* Latest version of the specification: -- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html -- */ -- --#ifndef _PKCS11_H_ --#define _PKCS11_H_ 1 -- --#ifdef __cplusplus -+/* pkcs11.h -+ Copyright 2006, 2007 g10 Code GmbH -+ Copyright 2006 Andreas Jellinghaus -+ Copyright 2017 Red Hat, Inc. -+ -+ This file is free software; as a special exception the author gives -+ unlimited permission to copy and/or distribute it, with or without -+ modifications, as long as this notice is preserved. -+ -+ This file is distributed in the hope that it will be useful, but -+ WITHOUT ANY WARRANTY, to the extent permitted by law; without even -+ the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR -+ PURPOSE. */ -+ -+/* Please submit any changes back to the p11-kit project at -+ https://github.com/p11-glue/p11-kit/, so that -+ they can be picked up by other projects from there as well. */ -+ -+/* This file is a modified implementation of the PKCS #11 standard by -+ OASIS group. It is mostly a drop-in replacement, with the -+ following change: -+ -+ This header file does not require any macro definitions by the user -+ (like CK_DEFINE_FUNCTION etc). In fact, it defines those macros -+ for you (if useful, some are missing, let me know if you need -+ more). -+ -+ There is an additional API available that does comply better to the -+ GNU coding standard. It can be switched on by defining -+ CRYPTOKI_GNU before including this header file. For this, the -+ following changes are made to the specification: -+ -+ All structure types are changed to a "struct ck_foo" where CK_FOO -+ is the type name in PKCS #11. -+ -+ All non-structure types are changed to ck_foo_t where CK_FOO is the -+ lowercase version of the type name in PKCS #11. The basic types -+ (CK_ULONG et al.) are removed without substitute. -+ -+ All members of structures are modified in the following way: Type -+ indication prefixes are removed, and underscore characters are -+ inserted before words. Then the result is lowercased. -+ -+ Note that function names are still in the original case, as they -+ need for ABI compatibility. -+ -+ CK_FALSE, CK_TRUE and NULL_PTR are removed without substitute. Use -+ . -+ -+ If CRYPTOKI_COMPAT is defined before including this header file, -+ then none of the API changes above take place, and the API is the -+ one defined by the PKCS #11 standard. */ -+ -+#ifndef PKCS11_H -+#define PKCS11_H 1 -+ -+#if defined(__cplusplus) - extern "C" { - #endif - --/* Before including this file (pkcs11.h) (or pkcs11t.h by -- * itself), 5 platform-specific macros must be defined. These -- * macros are described below, and typical definitions for them -- * are also given. Be advised that these definitions can depend -- * on both the platform and the compiler used (and possibly also -- * on whether a Cryptoki library is linked statically or -- * dynamically). -- * -- * In addition to defining these 5 macros, the packing convention -- * for Cryptoki structures should be set. The Cryptoki -- * convention on packing is that structures should be 1-byte -- * aligned. -- * -- * If you're using Microsoft Developer Studio 5.0 to produce -- * Win32 stuff, this might be done by using the following -- * preprocessor directive before including pkcs11.h or pkcs11t.h: -- * -- * #pragma pack(push, cryptoki, 1) -- * -- * and using the following preprocessor directive after including -- * pkcs11.h or pkcs11t.h: -- * -- * #pragma pack(pop, cryptoki) -- * -- * If you're using an earlier version of Microsoft Developer -- * Studio to produce Win16 stuff, this might be done by using -- * the following preprocessor directive before including -- * pkcs11.h or pkcs11t.h: -- * -- * #pragma pack(1) -- * -- * In a UNIX environment, you're on your own for this. You might -- * not need to do (or be able to do!) anything. -- * -- * -- * Now for the macros: -- * -- * -- * 1. CK_PTR: The indirection string for making a pointer to an -- * object. It can be used like this: -- * -- * typedef CK_BYTE CK_PTR CK_BYTE_PTR; -- * -- * If you're using Microsoft Developer Studio 5.0 to produce -- * Win32 stuff, it might be defined by: -- * -- * #define CK_PTR * -- * -- * If you're using an earlier version of Microsoft Developer -- * Studio to produce Win16 stuff, it might be defined by: -- * -- * #define CK_PTR far * -- * -- * In a typical UNIX environment, it might be defined by: -- * -- * #define CK_PTR * -- * -- * -- * 2. CK_DECLARE_FUNCTION(returnType, name): A macro which makes -- * an importable Cryptoki library function declaration out of a -- * return type and a function name. It should be used in the -- * following fashion: -- * -- * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( -- * CK_VOID_PTR pReserved -- * ); -- * -- * If you're using Microsoft Developer Studio 5.0 to declare a -- * function in a Win32 Cryptoki .dll, it might be defined by: -- * -- * #define CK_DECLARE_FUNCTION(returnType, name) \ -- * returnType __declspec(dllimport) name -- * -- * If you're using an earlier version of Microsoft Developer -- * Studio to declare a function in a Win16 Cryptoki .dll, it -- * might be defined by: -- * -- * #define CK_DECLARE_FUNCTION(returnType, name) \ -- * returnType __export _far _pascal name -- * -- * In a UNIX environment, it might be defined by: -- * -- * #define CK_DECLARE_FUNCTION(returnType, name) \ -- * returnType name -- * -- * -- * 3. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro -- * which makes a Cryptoki API function pointer declaration or -- * function pointer type declaration out of a return type and a -- * function name. It should be used in the following fashion: -- * -- * // Define funcPtr to be a pointer to a Cryptoki API function -- * // taking arguments args and returning CK_RV. -- * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); -- * -- * or -- * -- * // Define funcPtrType to be the type of a pointer to a -- * // Cryptoki API function taking arguments args and returning -- * // CK_RV, and then define funcPtr to be a variable of type -- * // funcPtrType. -- * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); -- * funcPtrType funcPtr; -- * -- * If you're using Microsoft Developer Studio 5.0 to access -- * functions in a Win32 Cryptoki .dll, in might be defined by: -- * -- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ -- * returnType __declspec(dllimport) (* name) -- * -- * If you're using an earlier version of Microsoft Developer -- * Studio to access functions in a Win16 Cryptoki .dll, it might -- * be defined by: -- * -- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ -- * returnType __export _far _pascal (* name) -- * -- * In a UNIX environment, it might be defined by: -- * -- * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ -- * returnType (* name) -- * -- * -- * 4. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes -- * a function pointer type for an application callback out of -- * a return type for the callback and a name for the callback. -- * It should be used in the following fashion: -- * -- * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); -- * -- * to declare a function pointer, myCallback, to a callback -- * which takes arguments args and returns a CK_RV. It can also -- * be used like this: -- * -- * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); -- * myCallbackType myCallback; -- * -- * If you're using Microsoft Developer Studio 5.0 to do Win32 -- * Cryptoki development, it might be defined by: -- * -- * #define CK_CALLBACK_FUNCTION(returnType, name) \ -- * returnType (* name) -- * -- * If you're using an earlier version of Microsoft Developer -- * Studio to do Win16 development, it might be defined by: -- * -- * #define CK_CALLBACK_FUNCTION(returnType, name) \ -- * returnType _far _pascal (* name) -- * -- * In a UNIX environment, it might be defined by: -- * -- * #define CK_CALLBACK_FUNCTION(returnType, name) \ -- * returnType (* name) -- * -- * -- * 5. NULL_PTR: This macro is the value of a NULL pointer. -- * -- * In any ANSI/ISO C environment (and in many others as well), -- * this should best be defined by -- * -- * #ifndef NULL_PTR -- * #define NULL_PTR 0 -- * #endif -- */ -- -- --/* All the various Cryptoki types and #define'd values are in the -- * file pkcs11t.h. -- */ --#include "pkcs11t.h" -- --#define __PASTE(x,y) x##y -- -- --/* ============================================================== -- * Define the "extern" form of all the entry points. -- * ============================================================== -- */ -- --#define CK_NEED_ARG_LIST 1 --#define CK_PKCS11_FUNCTION_INFO(name) \ -- extern CK_DECLARE_FUNCTION(CK_RV, name) -- --/* pkcs11f.h has all the information about the Cryptoki -- * function prototypes. -- */ --#include "pkcs11f.h" -- --#undef CK_NEED_ARG_LIST --#undef CK_PKCS11_FUNCTION_INFO -- -- --/* ============================================================== -- * Define the typedef form of all the entry points. That is, for -- * each Cryptoki function C_XXX, define a type CK_C_XXX which is -- * a pointer to that kind of function. -- * ============================================================== -- */ -- --#define CK_NEED_ARG_LIST 1 --#define CK_PKCS11_FUNCTION_INFO(name) \ -- typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_,name)) -- --/* pkcs11f.h has all the information about the Cryptoki -- * function prototypes. -- */ --#include "pkcs11f.h" -- --#undef CK_NEED_ARG_LIST --#undef CK_PKCS11_FUNCTION_INFO -- -- --/* ============================================================== -- * Define structed vector of entry points. A CK_FUNCTION_LIST -- * contains a CK_VERSION indicating a library's Cryptoki version -- * and then a whole slew of function pointers to the routines in -- * the library. This type was declared, but not defined, in -- * pkcs11t.h. -- * ============================================================== -- */ -- --#define CK_PKCS11_FUNCTION_INFO(name) \ -- __PASTE(CK_,name) name; -- --struct CK_FUNCTION_LIST { -- -- CK_VERSION version; /* Cryptoki version */ -- --/* Pile all the function pointers into the CK_FUNCTION_LIST. */ --/* pkcs11f.h has all the information about the Cryptoki -- * function prototypes. -- */ --#include "pkcs11f.h" - -+/* The version of cryptoki we implement. The revision is changed with -+ each modification of this file. */ -+#define CRYPTOKI_VERSION_MAJOR 2 -+#define CRYPTOKI_VERSION_MINOR 40 -+#define P11_KIT_CRYPTOKI_VERSION_REVISION 0 -+ -+ -+/* Compatibility interface is default, unless CRYPTOKI_GNU is -+ given. */ -+#ifndef CRYPTOKI_GNU -+#ifndef CRYPTOKI_COMPAT -+#define CRYPTOKI_COMPAT 1 -+#endif -+#endif -+ -+/* System dependencies. */ -+ -+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) -+ -+/* There is a matching pop below. */ -+#pragma pack(push, cryptoki, 1) -+ -+#ifdef CRYPTOKI_EXPORTS -+#define CK_SPEC __declspec(dllexport) -+#else -+#define CK_SPEC __declspec(dllimport) -+#endif -+ -+#else -+ -+#define CK_SPEC -+ -+#endif -+ -+ -+#ifdef CRYPTOKI_COMPAT -+ /* If we are in compatibility mode, switch all exposed names to the -+ PKCS #11 variant. There are corresponding #undefs below. */ -+ -+#define ck_flags_t CK_FLAGS -+#define ck_version _CK_VERSION -+ -+#define ck_info _CK_INFO -+#define cryptoki_version cryptokiVersion -+#define manufacturer_id manufacturerID -+#define library_description libraryDescription -+#define library_version libraryVersion -+ -+#define ck_notification_t CK_NOTIFICATION -+#define ck_slot_id_t CK_SLOT_ID -+ -+#define ck_slot_info _CK_SLOT_INFO -+#define slot_description slotDescription -+#define hardware_version hardwareVersion -+#define firmware_version firmwareVersion -+ -+#define ck_token_info _CK_TOKEN_INFO -+#define serial_number serialNumber -+#define max_session_count ulMaxSessionCount -+#define session_count ulSessionCount -+#define max_rw_session_count ulMaxRwSessionCount -+#define rw_session_count ulRwSessionCount -+#define max_pin_len ulMaxPinLen -+#define min_pin_len ulMinPinLen -+#define total_public_memory ulTotalPublicMemory -+#define free_public_memory ulFreePublicMemory -+#define total_private_memory ulTotalPrivateMemory -+#define free_private_memory ulFreePrivateMemory -+#define utc_time utcTime -+ -+#define ck_session_handle_t CK_SESSION_HANDLE -+#define ck_user_type_t CK_USER_TYPE -+#define ck_state_t CK_STATE -+ -+#define ck_session_info _CK_SESSION_INFO -+#define slot_id slotID -+#define device_error ulDeviceError -+ -+#define ck_object_handle_t CK_OBJECT_HANDLE -+#define ck_object_class_t CK_OBJECT_CLASS -+#define ck_hw_feature_type_t CK_HW_FEATURE_TYPE -+#define ck_key_type_t CK_KEY_TYPE -+#define ck_certificate_type_t CK_CERTIFICATE_TYPE -+#define ck_attribute_type_t CK_ATTRIBUTE_TYPE -+ -+#define ck_attribute _CK_ATTRIBUTE -+#define value pValue -+#define value_len ulValueLen -+ -+#define count ulCount -+ -+#define ck_date _CK_DATE -+ -+#define ck_mechanism_type_t CK_MECHANISM_TYPE -+ -+#define ck_mechanism _CK_MECHANISM -+#define parameter pParameter -+#define parameter_len ulParameterLen -+ -+#define params pParams -+ -+#define ck_mechanism_info _CK_MECHANISM_INFO -+#define min_key_size ulMinKeySize -+#define max_key_size ulMaxKeySize -+ -+#define ck_param_type CK_PARAM_TYPE -+#define ck_otp_param CK_OTP_PARAM -+#define ck_otp_params CK_OTP_PARAMS -+#define ck_otp_signature_info CK_OTP_SIGNATURE_INFO -+ -+#define ck_rv_t CK_RV -+#define ck_notify_t CK_NOTIFY -+ -+#define ck_function_list _CK_FUNCTION_LIST -+ -+#define ck_createmutex_t CK_CREATEMUTEX -+#define ck_destroymutex_t CK_DESTROYMUTEX -+#define ck_lockmutex_t CK_LOCKMUTEX -+#define ck_unlockmutex_t CK_UNLOCKMUTEX -+ -+#define ck_c_initialize_args _CK_C_INITIALIZE_ARGS -+#define create_mutex CreateMutex -+#define destroy_mutex DestroyMutex -+#define lock_mutex LockMutex -+#define unlock_mutex UnlockMutex -+#define reserved pReserved -+ -+#define ck_rsa_pkcs_mgf_type_t CK_RSA_PKCS_MGF_TYPE -+#define ck_rsa_pkcs_oaep_source_type_t CK_RSA_PKCS_OAEP_SOURCE_TYPE -+#define hash_alg hashAlg -+#define s_len sLen -+#define source_data pSourceData -+#define source_data_len ulSourceDataLen -+ -+#define counter_bits ulCounterBits -+#define iv_ptr pIv -+#define iv_len ulIvLen -+#define iv_bits ulIvBits -+#define aad_ptr pAAD -+#define aad_len ulAADLen -+#define tag_bits ulTagBits -+#define shared_data_len ulSharedDataLen -+#define shared_data pSharedData -+#define public_data_len ulPublicDataLen -+#define public_data pPublicData -+#define string_data pData -+#define string_data_len ulLen -+#define data_params pData -+#endif /* CRYPTOKI_COMPAT */ -+ -+ -+ -+typedef unsigned long ck_flags_t; -+ -+struct ck_version -+{ -+ unsigned char major; -+ unsigned char minor; - }; - --#undef CK_PKCS11_FUNCTION_INFO - -+struct ck_info -+{ -+ struct ck_version cryptoki_version; -+ unsigned char manufacturer_id[32]; -+ ck_flags_t flags; -+ unsigned char library_description[32]; -+ struct ck_version library_version; -+}; - --#undef __PASTE - --#ifdef __cplusplus --} -+typedef unsigned long ck_notification_t; -+ -+#define CKN_SURRENDER (0UL) -+ -+ -+typedef unsigned long ck_slot_id_t; -+ -+ -+struct ck_slot_info -+{ -+ unsigned char slot_description[64]; -+ unsigned char manufacturer_id[32]; -+ ck_flags_t flags; -+ struct ck_version hardware_version; -+ struct ck_version firmware_version; -+}; -+ -+ -+#define CKF_TOKEN_PRESENT (1UL << 0) -+#define CKF_REMOVABLE_DEVICE (1UL << 1) -+#define CKF_HW_SLOT (1UL << 2) -+#define CKF_ARRAY_ATTRIBUTE (1UL << 30) -+ -+ -+struct ck_token_info -+{ -+ unsigned char label[32]; -+ unsigned char manufacturer_id[32]; -+ unsigned char model[16]; -+ unsigned char serial_number[16]; -+ ck_flags_t flags; -+ unsigned long max_session_count; -+ unsigned long session_count; -+ unsigned long max_rw_session_count; -+ unsigned long rw_session_count; -+ unsigned long max_pin_len; -+ unsigned long min_pin_len; -+ unsigned long total_public_memory; -+ unsigned long free_public_memory; -+ unsigned long total_private_memory; -+ unsigned long free_private_memory; -+ struct ck_version hardware_version; -+ struct ck_version firmware_version; -+ unsigned char utc_time[16]; -+}; -+ -+ -+#define CKF_RNG (1UL << 0) -+#define CKF_WRITE_PROTECTED (1UL << 1) -+#define CKF_LOGIN_REQUIRED (1UL << 2) -+#define CKF_USER_PIN_INITIALIZED (1UL << 3) -+#define CKF_RESTORE_KEY_NOT_NEEDED (1UL << 5) -+#define CKF_CLOCK_ON_TOKEN (1UL << 6) -+#define CKF_PROTECTED_AUTHENTICATION_PATH (1UL << 8) -+#define CKF_DUAL_CRYPTO_OPERATIONS (1UL << 9) -+#define CKF_TOKEN_INITIALIZED (1UL << 10) -+#define CKF_SECONDARY_AUTHENTICATION (1UL << 11) -+#define CKF_USER_PIN_COUNT_LOW (1UL << 16) -+#define CKF_USER_PIN_FINAL_TRY (1UL << 17) -+#define CKF_USER_PIN_LOCKED (1UL << 18) -+#define CKF_USER_PIN_TO_BE_CHANGED (1UL << 19) -+#define CKF_SO_PIN_COUNT_LOW (1UL << 20) -+#define CKF_SO_PIN_FINAL_TRY (1UL << 21) -+#define CKF_SO_PIN_LOCKED (1UL << 22) -+#define CKF_SO_PIN_TO_BE_CHANGED (1UL << 23) -+ -+#define CK_UNAVAILABLE_INFORMATION ((unsigned long)-1L) -+#define CK_EFFECTIVELY_INFINITE (0UL) -+ -+ -+typedef unsigned long ck_session_handle_t; -+ -+#define CK_INVALID_HANDLE (0UL) -+ -+ -+typedef unsigned long ck_user_type_t; -+ -+#define CKU_SO (0UL) -+#define CKU_USER (1UL) -+#define CKU_CONTEXT_SPECIFIC (2UL) -+ -+ -+typedef unsigned long ck_state_t; -+ -+#define CKS_RO_PUBLIC_SESSION (0UL) -+#define CKS_RO_USER_FUNCTIONS (1UL) -+#define CKS_RW_PUBLIC_SESSION (2UL) -+#define CKS_RW_USER_FUNCTIONS (3UL) -+#define CKS_RW_SO_FUNCTIONS (4UL) -+ -+ -+struct ck_session_info -+{ -+ ck_slot_id_t slot_id; -+ ck_state_t state; -+ ck_flags_t flags; -+ unsigned long device_error; -+}; -+ -+#define CKF_RW_SESSION (1UL << 1) -+#define CKF_SERIAL_SESSION (1UL << 2) -+ -+ -+typedef unsigned long ck_object_handle_t; -+ -+ -+typedef unsigned long ck_object_class_t; -+ -+#define CKO_DATA (0UL) -+#define CKO_CERTIFICATE (1UL) -+#define CKO_PUBLIC_KEY (2UL) -+#define CKO_PRIVATE_KEY (3UL) -+#define CKO_SECRET_KEY (4UL) -+#define CKO_HW_FEATURE (5UL) -+#define CKO_DOMAIN_PARAMETERS (6UL) -+#define CKO_MECHANISM (7UL) -+#define CKO_OTP_KEY (8UL) -+#define CKO_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+ -+typedef unsigned long ck_hw_feature_type_t; -+ -+#define CKH_MONOTONIC_COUNTER (1UL) -+#define CKH_CLOCK (2UL) -+#define CKH_USER_INTERFACE (3UL) -+#define CKH_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+ -+typedef unsigned long ck_key_type_t; -+ -+#define CKK_RSA (0UL) -+#define CKK_DSA (1UL) -+#define CKK_DH (2UL) -+#define CKK_ECDSA (3UL) -+#define CKK_EC (3UL) -+#define CKK_X9_42_DH (4UL) -+#define CKK_KEA (5UL) -+#define CKK_GENERIC_SECRET (0x10UL) -+#define CKK_RC2 (0x11UL) -+#define CKK_RC4 (0x12UL) -+#define CKK_DES (0x13UL) -+#define CKK_DES2 (0x14UL) -+#define CKK_DES3 (0x15UL) -+#define CKK_CAST (0x16UL) -+#define CKK_CAST3 (0x17UL) -+#define CKK_CAST128 (0x18UL) -+#define CKK_RC5 (0x19UL) -+#define CKK_IDEA (0x1aUL) -+#define CKK_SKIPJACK (0x1bUL) -+#define CKK_BATON (0x1cUL) -+#define CKK_JUNIPER (0x1dUL) -+#define CKK_CDMF (0x1eUL) -+#define CKK_AES (0x1fUL) -+#define CKK_BLOWFISH (0x20UL) -+#define CKK_TWOFISH (0x21UL) -+#define CKK_SECURID (0x22UL) -+#define CKK_HOTP (0x23UL) -+#define CKK_ACTI (0x24UL) -+#define CKK_CAMELLIA (0x25UL) -+#define CKK_ARIA (0x26UL) -+#define CKK_MD5_HMAC (0x27UL) -+#define CKK_SHA_1_HMAC (0x28UL) -+#define CKK_RIPEMD128_HMAC (0x29UL) -+#define CKK_RIPEMD160_HMAC (0x2aUL) -+#define CKK_SHA256_HMAC (0x2bUL) -+#define CKK_SHA384_HMAC (0x2cUL) -+#define CKK_SHA512_HMAC (0x2dUL) -+#define CKK_SHA224_HMAC (0x2eUL) -+#define CKK_SEED (0x2fUL) -+#define CKK_GOSTR3410 (0x30UL) -+#define CKK_GOSTR3411 (0x31UL) -+#define CKK_GOST28147 (0x32UL) -+#define CKK_EC_EDWARDS (0x40UL) -+#define CKK_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+ -+typedef unsigned long ck_certificate_type_t; -+ -+#define CKC_X_509 (0UL) -+#define CKC_X_509_ATTR_CERT (1UL) -+#define CKC_WTLS (2UL) -+#define CKC_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x504750UL) -+ -+typedef unsigned long ck_attribute_type_t; -+ -+#define CKA_CLASS (0UL) -+#define CKA_TOKEN (1UL) -+#define CKA_PRIVATE (2UL) -+#define CKA_LABEL (3UL) -+#define CKA_APPLICATION (0x10UL) -+#define CKA_VALUE (0x11UL) -+#define CKA_OBJECT_ID (0x12UL) -+#define CKA_CERTIFICATE_TYPE (0x80UL) -+#define CKA_ISSUER (0x81UL) -+#define CKA_SERIAL_NUMBER (0x82UL) -+#define CKA_AC_ISSUER (0x83UL) -+#define CKA_OWNER (0x84UL) -+#define CKA_ATTR_TYPES (0x85UL) -+#define CKA_TRUSTED (0x86UL) -+#define CKA_CERTIFICATE_CATEGORY (0x87UL) -+#define CKA_JAVA_MIDP_SECURITY_DOMAIN (0x88UL) -+#define CKA_URL (0x89UL) -+#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY (0x8aUL) -+#define CKA_HASH_OF_ISSUER_PUBLIC_KEY (0x8bUL) -+#define CKA_NAME_HASH_ALGORITHM (0x8cUL) -+#define CKA_CHECK_VALUE (0x90UL) -+#define CKA_KEY_TYPE (0x100UL) -+#define CKA_SUBJECT (0x101UL) -+#define CKA_ID (0x102UL) -+#define CKA_SENSITIVE (0x103UL) -+#define CKA_ENCRYPT (0x104UL) -+#define CKA_DECRYPT (0x105UL) -+#define CKA_WRAP (0x106UL) -+#define CKA_UNWRAP (0x107UL) -+#define CKA_SIGN (0x108UL) -+#define CKA_SIGN_RECOVER (0x109UL) -+#define CKA_VERIFY (0x10aUL) -+#define CKA_VERIFY_RECOVER (0x10bUL) -+#define CKA_DERIVE (0x10cUL) -+#define CKA_START_DATE (0x110UL) -+#define CKA_END_DATE (0x111UL) -+#define CKA_MODULUS (0x120UL) -+#define CKA_MODULUS_BITS (0x121UL) -+#define CKA_PUBLIC_EXPONENT (0x122UL) -+#define CKA_PRIVATE_EXPONENT (0x123UL) -+#define CKA_PRIME_1 (0x124UL) -+#define CKA_PRIME_2 (0x125UL) -+#define CKA_EXPONENT_1 (0x126UL) -+#define CKA_EXPONENT_2 (0x127UL) -+#define CKA_COEFFICIENT (0x128UL) -+#define CKA_PUBLIC_KEY_INFO (0x129UL) -+#define CKA_PRIME (0x130UL) -+#define CKA_SUBPRIME (0x131UL) -+#define CKA_BASE (0x132UL) -+#define CKA_PRIME_BITS (0x133UL) -+#define CKA_SUB_PRIME_BITS (0x134UL) -+#define CKA_VALUE_BITS (0x160UL) -+#define CKA_VALUE_LEN (0x161UL) -+#define CKA_EXTRACTABLE (0x162UL) -+#define CKA_LOCAL (0x163UL) -+#define CKA_NEVER_EXTRACTABLE (0x164UL) -+#define CKA_ALWAYS_SENSITIVE (0x165UL) -+#define CKA_KEY_GEN_MECHANISM (0x166UL) -+#define CKA_MODIFIABLE (0x170UL) -+#define CKA_COPYABLE (0x171UL) -+#define CKA_DESTROYABLE (0x172UL) -+#define CKA_ECDSA_PARAMS (0x180UL) -+#define CKA_EC_PARAMS (0x180UL) -+#define CKA_EC_POINT (0x181UL) -+#define CKA_SECONDARY_AUTH (0x200UL) -+#define CKA_AUTH_PIN_FLAGS (0x201UL) -+#define CKA_ALWAYS_AUTHENTICATE (0x202UL) -+#define CKA_WRAP_WITH_TRUSTED (0x210UL) -+#define CKA_OTP_FORMAT (0x220UL) -+#define CKA_OTP_LENGTH (0x221UL) -+#define CKA_OTP_TIME_INTERVAL (0x222UL) -+#define CKA_OTP_USER_FRIENDLY_MODE (0x223UL) -+#define CKA_OTP_CHALLENGE_REQUIREMENT (0x224UL) -+#define CKA_OTP_TIME_REQUIREMENT (0x225UL) -+#define CKA_OTP_COUNTER_REQUIREMENT (0x226UL) -+#define CKA_OTP_PIN_REQUIREMENT (0x227UL) -+#define CKA_OTP_USER_IDENTIFIER (0x22AUL) -+#define CKA_OTP_SERVICE_IDENTIFIER (0x22BUL) -+#define CKA_OTP_SERVICE_LOGO (0x22CUL) -+#define CKA_OTP_SERVICE_LOGO_TYPE (0x22DUL) -+#define CKA_OTP_COUNTER (0x22EUL) -+#define CKA_OTP_TIME (0x22FUL) -+#define CKA_GOSTR3410_PARAMS (0x250UL) -+#define CKA_GOSTR3411_PARAMS (0x251UL) -+#define CKA_GOST28147_PARAMS (0x252UL) -+#define CKA_HW_FEATURE_TYPE (0x300UL) -+#define CKA_RESET_ON_INIT (0x301UL) -+#define CKA_HAS_RESET (0x302UL) -+#define CKA_PIXEL_X (0x400UL) -+#define CKA_PIXEL_Y (0x401UL) -+#define CKA_RESOLUTION (0x402UL) -+#define CKA_CHAR_ROWS (0x403UL) -+#define CKA_CHAR_COLUMNS (0x404UL) -+#define CKA_COLOR (0x405UL) -+#define CKA_BITS_PER_PIXEL (0x406UL) -+#define CKA_CHAR_SETS (0x480UL) -+#define CKA_ENCODING_METHODS (0x481UL) -+#define CKA_MIME_TYPES (0x482UL) -+#define CKA_MECHANISM_TYPE (0x500UL) -+#define CKA_REQUIRED_CMS_ATTRIBUTES (0x501UL) -+#define CKA_DEFAULT_CMS_ATTRIBUTES (0x502UL) -+#define CKA_SUPPORTED_CMS_ATTRIBUTES (0x503UL) -+#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x211UL) -+#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x212UL) -+#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x213UL) -+#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x600UL) -+#define CKA_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+ -+struct ck_attribute -+{ -+ ck_attribute_type_t type; -+ void *value; -+ unsigned long value_len; -+}; -+ -+ -+struct ck_date -+{ -+ unsigned char year[4]; -+ unsigned char month[2]; -+ unsigned char day[2]; -+}; -+ -+ -+typedef unsigned long ck_mechanism_type_t; -+ -+#define CKM_RSA_PKCS_KEY_PAIR_GEN (0UL) -+#define CKM_RSA_PKCS (1UL) -+#define CKM_RSA_9796 (2UL) -+#define CKM_RSA_X_509 (3UL) -+#define CKM_MD2_RSA_PKCS (4UL) -+#define CKM_MD5_RSA_PKCS (5UL) -+#define CKM_SHA1_RSA_PKCS (6UL) -+#define CKM_RIPEMD128_RSA_PKCS (7UL) -+#define CKM_RIPEMD160_RSA_PKCS (8UL) -+#define CKM_RSA_PKCS_OAEP (9UL) -+#define CKM_RSA_X9_31_KEY_PAIR_GEN (0xaUL) -+#define CKM_RSA_X9_31 (0xbUL) -+#define CKM_SHA1_RSA_X9_31 (0xcUL) -+#define CKM_RSA_PKCS_PSS (0xdUL) -+#define CKM_SHA1_RSA_PKCS_PSS (0xeUL) -+#define CKM_DSA_KEY_PAIR_GEN (0x10UL) -+#define CKM_DSA (0x11UL) -+#define CKM_DSA_SHA1 (0x12UL) -+#define CKM_DSA_SHA224 (0x13UL) -+#define CKM_DSA_SHA256 (0x14UL) -+#define CKM_DSA_SHA384 (0x15UL) -+#define CKM_DSA_SHA512 (0x16UL) -+#define CKM_DH_PKCS_KEY_PAIR_GEN (0x20UL) -+#define CKM_DH_PKCS_DERIVE (0x21UL) -+#define CKM_X9_42_DH_KEY_PAIR_GEN (0x30UL) -+#define CKM_X9_42_DH_DERIVE (0x31UL) -+#define CKM_X9_42_DH_HYBRID_DERIVE (0x32UL) -+#define CKM_X9_42_MQV_DERIVE (0x33UL) -+#define CKM_SHA256_RSA_PKCS (0x40UL) -+#define CKM_SHA384_RSA_PKCS (0x41UL) -+#define CKM_SHA512_RSA_PKCS (0x42UL) -+#define CKM_SHA256_RSA_PKCS_PSS (0x43UL) -+#define CKM_SHA384_RSA_PKCS_PSS (0x44UL) -+#define CKM_SHA512_RSA_PKCS_PSS (0x45UL) -+#define CKM_SHA512_224 (0x48UL) -+#define CKM_SHA512_224_HMAC (0x49UL) -+#define CKM_SHA512_224_HMAC_GENERAL (0x4aUL) -+#define CKM_SHA512_224_KEY_DERIVATION (0x4bUL) -+#define CKM_SHA512_256 (0x4cUL) -+#define CKM_SHA512_256_HMAC (0x4dUL) -+#define CKM_SHA512_256_HMAC_GENERAL (0x4eUL) -+#define CKM_SHA512_256_KEY_DERIVATION (0x4fUL) -+#define CKM_SHA512_T (0x50UL) -+#define CKM_SHA512_T_HMAC (0x51UL) -+#define CKM_SHA512_T_HMAC_GENERAL (0x52UL) -+#define CKM_SHA512_T_KEY_DERIVATION (0x53UL) -+#define CKM_RC2_KEY_GEN (0x100UL) -+#define CKM_RC2_ECB (0x101UL) -+#define CKM_RC2_CBC (0x102UL) -+#define CKM_RC2_MAC (0x103UL) -+#define CKM_RC2_MAC_GENERAL (0x104UL) -+#define CKM_RC2_CBC_PAD (0x105UL) -+#define CKM_RC4_KEY_GEN (0x110UL) -+#define CKM_RC4 (0x111UL) -+#define CKM_DES_KEY_GEN (0x120UL) -+#define CKM_DES_ECB (0x121UL) -+#define CKM_DES_CBC (0x122UL) -+#define CKM_DES_MAC (0x123UL) -+#define CKM_DES_MAC_GENERAL (0x124UL) -+#define CKM_DES_CBC_PAD (0x125UL) -+#define CKM_DES2_KEY_GEN (0x130UL) -+#define CKM_DES3_KEY_GEN (0x131UL) -+#define CKM_DES3_ECB (0x132UL) -+#define CKM_DES3_CBC (0x133UL) -+#define CKM_DES3_MAC (0x134UL) -+#define CKM_DES3_MAC_GENERAL (0x135UL) -+#define CKM_DES3_CBC_PAD (0x136UL) -+#define CKM_DES3_CMAC_GENERAL (0x137UL) -+#define CKM_DES3_CMAC (0x138UL) -+#define CKM_CDMF_KEY_GEN (0x140UL) -+#define CKM_CDMF_ECB (0x141UL) -+#define CKM_CDMF_CBC (0x142UL) -+#define CKM_CDMF_MAC (0x143UL) -+#define CKM_CDMF_MAC_GENERAL (0x144UL) -+#define CKM_CDMF_CBC_PAD (0x145UL) -+#define CKM_DES_OFB64 (0x150UL) -+#define CKM_DES_OFB8 (0x151UL) -+#define CKM_DES_CFB64 (0x152UL) -+#define CKM_DES_CFB8 (0x153UL) -+#define CKM_MD2 (0x200UL) -+#define CKM_MD2_HMAC (0x201UL) -+#define CKM_MD2_HMAC_GENERAL (0x202UL) -+#define CKM_MD5 (0x210UL) -+#define CKM_MD5_HMAC (0x211UL) -+#define CKM_MD5_HMAC_GENERAL (0x212UL) -+#define CKM_SHA_1 (0x220UL) -+#define CKM_SHA_1_HMAC (0x221UL) -+#define CKM_SHA_1_HMAC_GENERAL (0x222UL) -+#define CKM_RIPEMD128 (0x230UL) -+#define CKM_RIPEMD128_HMAC (0x231UL) -+#define CKM_RIPEMD128_HMAC_GENERAL (0x232UL) -+#define CKM_RIPEMD160 (0x240UL) -+#define CKM_RIPEMD160_HMAC (0x241UL) -+#define CKM_RIPEMD160_HMAC_GENERAL (0x242UL) -+#define CKM_SHA256 (0x250UL) -+#define CKM_SHA256_HMAC (0x251UL) -+#define CKM_SHA256_HMAC_GENERAL (0x252UL) -+#define CKM_SHA384 (0x260UL) -+#define CKM_SHA384_HMAC (0x261UL) -+#define CKM_SHA384_HMAC_GENERAL (0x262UL) -+#define CKM_SHA512 (0x270UL) -+#define CKM_SHA512_HMAC (0x271UL) -+#define CKM_SHA512_HMAC_GENERAL (0x272UL) -+#define CKM_SECURID_KEY_GEN (0x280UL) -+#define CKM_SECURID (0x282UL) -+#define CKM_HOTP_KEY_GEN (0x290UL) -+#define CKM_HOTP (0x291UL) -+#define CKM_ACTI (0x2a0UL) -+#define CKM_ACTI_KEY_GEN (0x2a1UL) -+#define CKM_CAST_KEY_GEN (0x300UL) -+#define CKM_CAST_ECB (0x301UL) -+#define CKM_CAST_CBC (0x302UL) -+#define CKM_CAST_MAC (0x303UL) -+#define CKM_CAST_MAC_GENERAL (0x304UL) -+#define CKM_CAST_CBC_PAD (0x305UL) -+#define CKM_CAST3_KEY_GEN (0x310UL) -+#define CKM_CAST3_ECB (0x311UL) -+#define CKM_CAST3_CBC (0x312UL) -+#define CKM_CAST3_MAC (0x313UL) -+#define CKM_CAST3_MAC_GENERAL (0x314UL) -+#define CKM_CAST3_CBC_PAD (0x315UL) -+#define CKM_CAST5_KEY_GEN (0x320UL) -+#define CKM_CAST128_KEY_GEN (0x320UL) -+#define CKM_CAST5_ECB (0x321UL) -+#define CKM_CAST128_ECB (0x321UL) -+#define CKM_CAST5_CBC (0x322UL) -+#define CKM_CAST128_CBC (0x322UL) -+#define CKM_CAST5_MAC (0x323UL) -+#define CKM_CAST128_MAC (0x323UL) -+#define CKM_CAST5_MAC_GENERAL (0x324UL) -+#define CKM_CAST128_MAC_GENERAL (0x324UL) -+#define CKM_CAST5_CBC_PAD (0x325UL) -+#define CKM_CAST128_CBC_PAD (0x325UL) -+#define CKM_RC5_KEY_GEN (0x330UL) -+#define CKM_RC5_ECB (0x331UL) -+#define CKM_RC5_CBC (0x332UL) -+#define CKM_RC5_MAC (0x333UL) -+#define CKM_RC5_MAC_GENERAL (0x334UL) -+#define CKM_RC5_CBC_PAD (0x335UL) -+#define CKM_IDEA_KEY_GEN (0x340UL) -+#define CKM_IDEA_ECB (0x341UL) -+#define CKM_IDEA_CBC (0x342UL) -+#define CKM_IDEA_MAC (0x343UL) -+#define CKM_IDEA_MAC_GENERAL (0x344UL) -+#define CKM_IDEA_CBC_PAD (0x345UL) -+#define CKM_GENERIC_SECRET_KEY_GEN (0x350UL) -+#define CKM_CONCATENATE_BASE_AND_KEY (0x360UL) -+#define CKM_CONCATENATE_BASE_AND_DATA (0x362UL) -+#define CKM_CONCATENATE_DATA_AND_BASE (0x363UL) -+#define CKM_XOR_BASE_AND_DATA (0x364UL) -+#define CKM_EXTRACT_KEY_FROM_KEY (0x365UL) -+#define CKM_SSL3_PRE_MASTER_KEY_GEN (0x370UL) -+#define CKM_SSL3_MASTER_KEY_DERIVE (0x371UL) -+#define CKM_SSL3_KEY_AND_MAC_DERIVE (0x372UL) -+#define CKM_SSL3_MASTER_KEY_DERIVE_DH (0x373UL) -+#define CKM_TLS_PRE_MASTER_KEY_GEN (0x374UL) -+#define CKM_TLS_MASTER_KEY_DERIVE (0x375UL) -+#define CKM_TLS_KEY_AND_MAC_DERIVE (0x376UL) -+#define CKM_TLS_MASTER_KEY_DERIVE_DH (0x377UL) -+#define CKM_TLS_PRF (0x378UL) -+#define CKM_SSL3_MD5_MAC (0x380UL) -+#define CKM_SSL3_SHA1_MAC (0x381UL) -+#define CKM_MD5_KEY_DERIVATION (0x390UL) -+#define CKM_MD2_KEY_DERIVATION (0x391UL) -+#define CKM_SHA1_KEY_DERIVATION (0x392UL) -+#define CKM_SHA256_KEY_DERIVATION (0x393UL) -+#define CKM_SHA384_KEY_DERIVATION (0x394UL) -+#define CKM_SHA512_KEY_DERIVATION (0x395UL) -+#define CKM_PBE_MD2_DES_CBC (0x3a0UL) -+#define CKM_PBE_MD5_DES_CBC (0x3a1UL) -+#define CKM_PBE_MD5_CAST_CBC (0x3a2UL) -+#define CKM_PBE_MD5_CAST3_CBC (0x3a3UL) -+#define CKM_PBE_MD5_CAST5_CBC (0x3a4UL) -+#define CKM_PBE_MD5_CAST128_CBC (0x3a4UL) -+#define CKM_PBE_SHA1_CAST5_CBC (0x3a5UL) -+#define CKM_PBE_SHA1_CAST128_CBC (0x3a5UL) -+#define CKM_PBE_SHA1_RC4_128 (0x3a6UL) -+#define CKM_PBE_SHA1_RC4_40 (0x3a7UL) -+#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8UL) -+#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9UL) -+#define CKM_PBE_SHA1_RC2_128_CBC (0x3aaUL) -+#define CKM_PBE_SHA1_RC2_40_CBC (0x3abUL) -+#define CKM_PKCS5_PBKD2 (0x3b0UL) -+#define CKM_PBA_SHA1_WITH_SHA1_HMAC (0x3c0UL) -+#define CKM_WTLS_PRE_MASTER_KEY_GEN (0x3d0UL) -+#define CKM_WTLS_MASTER_KEY_DERIVE (0x3d1UL) -+#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC (0x3d2UL) -+#define CKM_WTLS_PRF (0x3d3UL) -+#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE (0x3d4UL) -+#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE (0x3d5UL) -+#define CKM_TLS10_MAC_SERVER (0x3d6UL) -+#define CKM_TLS10_MAC_CLIENT (0x3d7UL) -+#define CKM_TLS12_MAC (0x3d8UL) -+#define CKM_TLS12_KDF (0x3d9UL) -+#define CKM_TLS12_MASTER_KEY_DERIVE (0x3e0UL) -+#define CKM_TLS12_KEY_AND_MAC_DERIVE (0x3e1UL) -+#define CKM_TLS12_MASTER_KEY_DERIVE_DH (0x3e2UL) -+#define CKM_TLS12_KEY_SAFE_DERIVE (0x3e3UL) -+#define CKM_TLS_MAC (0x3e4UL) -+#define CKM_TLS_KDF (0x3e5UL) -+#define CKM_KEY_WRAP_LYNKS (0x400UL) -+#define CKM_KEY_WRAP_SET_OAEP (0x401UL) -+#define CKM_CMS_SIG (0x500UL) -+#define CKM_KIP_DERIVE (0x510UL) -+#define CKM_KIP_WRAP (0x511UL) -+#define CKM_KIP_MAC (0x512UL) -+#define CKM_CAMELLIA_KEY_GEN (0x550UL) -+#define CKM_CAMELLIA_CTR (0x558UL) -+#define CKM_ARIA_KEY_GEN (0x560UL) -+#define CKM_ARIA_ECB (0x561UL) -+#define CKM_ARIA_CBC (0x562UL) -+#define CKM_ARIA_MAC (0x563UL) -+#define CKM_ARIA_MAC_GENERAL (0x564UL) -+#define CKM_ARIA_CBC_PAD (0x565UL) -+#define CKM_ARIA_ECB_ENCRYPT_DATA (0x566UL) -+#define CKM_ARIA_CBC_ENCRYPT_DATA (0x567UL) -+#define CKM_SEED_KEY_GEN (0x650UL) -+#define CKM_SEED_ECB (0x651UL) -+#define CKM_SEED_CBC (0x652UL) -+#define CKM_SEED_MAC (0x653UL) -+#define CKM_SEED_MAC_GENERAL (0x654UL) -+#define CKM_SEED_CBC_PAD (0x655UL) -+#define CKM_SEED_ECB_ENCRYPT_DATA (0x656UL) -+#define CKM_SEED_CBC_ENCRYPT_DATA (0x657UL) -+#define CKM_SKIPJACK_KEY_GEN (0x1000UL) -+#define CKM_SKIPJACK_ECB64 (0x1001UL) -+#define CKM_SKIPJACK_CBC64 (0x1002UL) -+#define CKM_SKIPJACK_OFB64 (0x1003UL) -+#define CKM_SKIPJACK_CFB64 (0x1004UL) -+#define CKM_SKIPJACK_CFB32 (0x1005UL) -+#define CKM_SKIPJACK_CFB16 (0x1006UL) -+#define CKM_SKIPJACK_CFB8 (0x1007UL) -+#define CKM_SKIPJACK_WRAP (0x1008UL) -+#define CKM_SKIPJACK_PRIVATE_WRAP (0x1009UL) -+#define CKM_SKIPJACK_RELAYX (0x100aUL) -+#define CKM_KEA_KEY_PAIR_GEN (0x1010UL) -+#define CKM_KEA_KEY_DERIVE (0x1011UL) -+#define CKM_FORTEZZA_TIMESTAMP (0x1020UL) -+#define CKM_BATON_KEY_GEN (0x1030UL) -+#define CKM_BATON_ECB128 (0x1031UL) -+#define CKM_BATON_ECB96 (0x1032UL) -+#define CKM_BATON_CBC128 (0x1033UL) -+#define CKM_BATON_COUNTER (0x1034UL) -+#define CKM_BATON_SHUFFLE (0x1035UL) -+#define CKM_BATON_WRAP (0x1036UL) -+#define CKM_ECDSA_KEY_PAIR_GEN (0x1040UL) -+#define CKM_EC_KEY_PAIR_GEN (0x1040UL) -+#define CKM_ECDSA (0x1041UL) -+#define CKM_ECDSA_SHA1 (0x1042UL) -+#define CKM_ECDSA_SHA224 (0x1043UL) -+#define CKM_ECDSA_SHA256 (0x1044UL) -+#define CKM_ECDSA_SHA384 (0x1045UL) -+#define CKM_ECDSA_SHA512 (0x1046UL) -+#define CKM_ECDH1_DERIVE (0x1050UL) -+#define CKM_ECDH1_COFACTOR_DERIVE (0x1051UL) -+#define CKM_ECMQV_DERIVE (0x1052UL) -+#define CKM_ECDH_AES_KEY_WRAP (0x1053UL) -+#define CKM_RSA_AES_KEY_WRAP (0x1054UL) -+#define CKM_JUNIPER_KEY_GEN (0x1060UL) -+#define CKM_JUNIPER_ECB128 (0x1061UL) -+#define CKM_JUNIPER_CBC128 (0x1062UL) -+#define CKM_JUNIPER_COUNTER (0x1063UL) -+#define CKM_JUNIPER_SHUFFLE (0x1064UL) -+#define CKM_JUNIPER_WRAP (0x1065UL) -+#define CKM_FASTHASH (0x1070UL) -+#define CKM_AES_KEY_GEN (0x1080UL) -+#define CKM_AES_ECB (0x1081UL) -+#define CKM_AES_CBC (0x1082UL) -+#define CKM_AES_MAC (0x1083UL) -+#define CKM_AES_MAC_GENERAL (0x1084UL) -+#define CKM_AES_CBC_PAD (0x1085UL) -+#define CKM_AES_CTR (0x1086UL) -+#define CKM_AES_GCM (0x1087UL) -+#define CKM_AES_CCM (0x1088UL) -+#define CKM_AES_CTS (0x1089UL) -+#define CKM_AES_CMAC (0x108aUL) -+#define CKM_AES_CMAC_GENERAL (0x108bUL) -+#define CKM_AES_XCBC_MAC (0x108cUL) -+#define CKM_AES_XCBC_MAC_96 (0x108dUL) -+#define CKM_AES_GMAC (0x108eUL) -+#define CKM_BLOWFISH_KEY_GEN (0x1090UL) -+#define CKM_BLOWFISH_CBC (0x1091UL) -+#define CKM_TWOFISH_KEY_GEN (0x1092UL) -+#define CKM_TWOFISH_CBC (0x1093UL) -+#define CKM_BLOWFISH_CBC_PAD (0x1094UL) -+#define CKM_TWOFISH_CBC_PAD (0x1095UL) -+#define CKM_DES_ECB_ENCRYPT_DATA (0x1100UL) -+#define CKM_DES_CBC_ENCRYPT_DATA (0x1101UL) -+#define CKM_DES3_ECB_ENCRYPT_DATA (0x1102UL) -+#define CKM_DES3_CBC_ENCRYPT_DATA (0x1103UL) -+#define CKM_AES_ECB_ENCRYPT_DATA (0x1104UL) -+#define CKM_AES_CBC_ENCRYPT_DATA (0x1105UL) -+#define CKM_GOSTR3410_KEY_PAIR_GEN (0x1200UL) -+#define CKM_GOSTR3410 (0x1201UL) -+#define CKM_GOSTR3410_WITH_GOSTR3411 (0x1202UL) -+#define CKM_GOSTR3410_KEY_WRAP (0x1203UL) -+#define CKM_GOSTR3410_DERIVE (0x1204UL) -+#define CKM_GOSTR3411 (0x1210UL) -+#define CKM_GOSTR3411_HMAC (0x1211UL) -+#define CKM_GOST28147_KEY_GEN (0x1220UL) -+#define CKM_GOST28147_ECB (0x1221UL) -+#define CKM_GOST28147 (0x1222UL) -+#define CKM_GOST28147_MAC (0x1223UL) -+#define CKM_GOST28147_KEY_WRAP (0x1224UL) -+#define CKM_DSA_PARAMETER_GEN (0x2000UL) -+#define CKM_DH_PKCS_PARAMETER_GEN (0x2001UL) -+#define CKM_X9_42_DH_PARAMETER_GEN (0x2002UL) -+#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN (0x2003UL) -+#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN (0x2004UL) -+#define CKM_AES_OFB (0x2104UL) -+#define CKM_AES_CFB64 (0x2105UL) -+#define CKM_AES_CFB8 (0x2106UL) -+#define CKM_AES_CFB128 (0x2107UL) -+#define CKM_AES_CFB1 (0x2108UL) -+ -+#define CKM_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+/* Ammendments */ -+#define CKM_SHA224 (0x255UL) -+#define CKM_SHA224_HMAC (0x256UL) -+#define CKM_SHA224_HMAC_GENERAL (0x257UL) -+#define CKM_SHA224_RSA_PKCS (0x46UL) -+#define CKM_SHA224_RSA_PKCS_PSS (0x47UL) -+#define CKM_SHA224_KEY_DERIVATION (0x396UL) -+ -+#define CKM_CAMELLIA_KEY_GEN (0x550UL) -+#define CKM_CAMELLIA_ECB (0x551UL) -+#define CKM_CAMELLIA_CBC (0x552UL) -+#define CKM_CAMELLIA_MAC (0x553UL) -+#define CKM_CAMELLIA_MAC_GENERAL (0x554UL) -+#define CKM_CAMELLIA_CBC_PAD (0x555UL) -+#define CKM_CAMELLIA_ECB_ENCRYPT_DATA (0x556UL) -+#define CKM_CAMELLIA_CBC_ENCRYPT_DATA (0x557UL) -+ -+#define CKM_AES_KEY_WRAP (0x2109UL) -+#define CKM_AES_KEY_WRAP_PAD (0x210aUL) -+ -+#define CKM_RSA_PKCS_TPM_1_1 (0x4001UL) -+#define CKM_RSA_PKCS_OAEP_TPM_1_1 (0x4002UL) -+ -+/* From version 3.0 */ -+#define CKM_EC_EDWARDS_KEY_PAIR_GEN (0x1055UL) -+#define CKM_EDDSA (0x1057UL) -+ -+/* Attribute and other constants related to OTP */ -+#define CK_OTP_FORMAT_DECIMAL (0UL) -+#define CK_OTP_FORMAT_HEXADECIMAL (1UL) -+#define CK_OTP_FORMAT_ALPHANUMERIC (2UL) -+#define CK_OTP_FORMAT_BINARY (3UL) -+#define CK_OTP_PARAM_IGNORED (0UL) -+#define CK_OTP_PARAM_OPTIONAL (1UL) -+#define CK_OTP_PARAM_MANDATORY (2UL) -+ -+#define CK_OTP_VALUE (0UL) -+#define CK_OTP_PIN (1UL) -+#define CK_OTP_CHALLENGE (2UL) -+#define CK_OTP_TIME (3UL) -+#define CK_OTP_COUNTER (4UL) -+#define CK_OTP_FLAGS (5UL) -+#define CK_OTP_OUTPUT_LENGTH (6UL) -+#define CK_OTP_FORMAT (7UL) -+ -+/* OTP mechanism flags */ -+#define CKF_NEXT_OTP (0x01UL) -+#define CKF_EXCLUDE_TIME (0x02UL) -+#define CKF_EXCLUDE_COUNTER (0x04UL) -+#define CKF_EXCLUDE_CHALLENGE (0x08UL) -+#define CKF_EXCLUDE_PIN (0x10UL) -+#define CKF_USER_FRIENDLY_OTP (0x20UL) -+ -+#define CKN_OTP_CHANGED (0x01UL) -+ -+struct ck_mechanism -+{ -+ ck_mechanism_type_t mechanism; -+ void *parameter; -+ unsigned long parameter_len; -+}; -+ -+ -+struct ck_mechanism_info -+{ -+ unsigned long min_key_size; -+ unsigned long max_key_size; -+ ck_flags_t flags; -+}; -+ -+typedef unsigned long ck_param_type; -+ -+typedef struct ck_otp_param { -+ ck_param_type type; -+ void *value; -+ unsigned long value_len; -+} ck_otp_param; -+ -+typedef struct ck_otp_params { -+ struct ck_otp_param *params; -+ unsigned long count; -+} ck_otp_params; -+ -+typedef struct ck_otp_signature_info -+{ -+ struct ck_otp_param *params; -+ unsigned long count; -+} ck_otp_signature_info; -+ -+#define CKG_MGF1_SHA1 0x00000001UL -+#define CKG_MGF1_SHA224 0x00000005UL -+#define CKG_MGF1_SHA256 0x00000002UL -+#define CKG_MGF1_SHA384 0x00000003UL -+#define CKG_MGF1_SHA512 0x00000004UL -+ -+typedef unsigned long ck_rsa_pkcs_mgf_type_t; -+ -+struct ck_rsa_pkcs_pss_params { -+ ck_mechanism_type_t hash_alg; -+ ck_rsa_pkcs_mgf_type_t mgf; -+ unsigned long s_len; -+}; -+ -+typedef unsigned long ck_rsa_pkcs_oaep_source_type_t; -+ -+struct ck_rsa_pkcs_oaep_params { -+ ck_mechanism_type_t hash_alg; -+ ck_rsa_pkcs_mgf_type_t mgf; -+ ck_rsa_pkcs_oaep_source_type_t source; -+ void *source_data; -+ unsigned long source_data_len; -+}; -+ -+struct ck_aes_ctr_params { -+ unsigned long counter_bits; -+ unsigned char cb[16]; -+}; -+ -+struct ck_gcm_params { -+ unsigned char *iv_ptr; -+ unsigned long iv_len; -+ unsigned long iv_bits; -+ unsigned char *aad_ptr; -+ unsigned long aad_len; -+ unsigned long tag_bits; -+}; -+ -+ -+/* The following EC Key Derivation Functions are defined */ -+#define CKD_NULL (0x01UL) -+#define CKD_SHA1_KDF (0x02UL) -+ -+/* The following X9.42 DH key derivation functions are defined */ -+#define CKD_SHA1_KDF_ASN1 (0x03UL) -+#define CKD_SHA1_KDF_CONCATENATE (0x04UL) -+#define CKD_SHA224_KDF (0x05UL) -+#define CKD_SHA256_KDF (0x06UL) -+#define CKD_SHA384_KDF (0x07UL) -+#define CKD_SHA512_KDF (0x08UL) -+#define CKD_CPDIVERSIFY_KDF (0x09UL) -+ -+typedef unsigned long ck_ec_kdf_t; -+ -+struct ck_ecdh1_derive_params { -+ ck_ec_kdf_t kdf; -+ unsigned long shared_data_len; -+ unsigned char *shared_data; -+ unsigned long public_data_len; -+ unsigned char *public_data; -+}; -+ -+struct ck_key_derivation_string_data { -+ unsigned char *string_data; -+ unsigned long string_data_len; -+}; -+ -+struct ck_des_cbc_encrypt_data_params { -+ unsigned char iv[8]; -+ unsigned char *data_params; -+ unsigned long length; -+}; -+ -+struct ck_aes_cbc_encrypt_data_params { -+ unsigned char iv[16]; -+ unsigned char *data_params; -+ unsigned long length; -+}; -+ -+#define CKF_HW (1UL << 0) -+#define CKF_ENCRYPT (1UL << 8) -+#define CKF_DECRYPT (1UL << 9) -+#define CKF_DIGEST (1UL << 10) -+#define CKF_SIGN (1UL << 11) -+#define CKF_SIGN_RECOVER (1UL << 12) -+#define CKF_VERIFY (1UL << 13) -+#define CKF_VERIFY_RECOVER (1UL << 14) -+#define CKF_GENERATE (1UL << 15) -+#define CKF_GENERATE_KEY_PAIR (1UL << 16) -+#define CKF_WRAP (1UL << 17) -+#define CKF_UNWRAP (1UL << 18) -+#define CKF_DERIVE (1UL << 19) -+#define CKF_EXTENSION ((unsigned long) (1UL << 31)) -+ -+#define CKF_EC_F_P (1UL << 20) -+#define CKF_EC_NAMEDCURVE (1UL << 23) -+#define CKF_EC_UNCOMPRESS (1UL << 24) -+#define CKF_EC_COMPRESS (1UL << 25) -+ -+ -+/* Flags for C_WaitForSlotEvent. */ -+#define CKF_DONT_BLOCK (1UL) -+ -+ -+typedef unsigned long ck_rv_t; -+ -+ -+typedef ck_rv_t (*ck_notify_t) (ck_session_handle_t session, -+ ck_notification_t event, void *application); -+ -+/* Forward reference. */ -+struct ck_function_list; -+ -+#define _CK_DECLARE_FUNCTION(name, args) \ -+typedef ck_rv_t (*CK_ ## name) args; \ -+ck_rv_t CK_SPEC name args -+ -+_CK_DECLARE_FUNCTION (C_Initialize, (void *init_args)); -+_CK_DECLARE_FUNCTION (C_Finalize, (void *reserved)); -+_CK_DECLARE_FUNCTION (C_GetInfo, (struct ck_info *info)); -+_CK_DECLARE_FUNCTION (C_GetFunctionList, -+ (struct ck_function_list **function_list)); -+ -+_CK_DECLARE_FUNCTION (C_GetSlotList, -+ (unsigned char token_present, ck_slot_id_t *slot_list, -+ unsigned long *count)); -+_CK_DECLARE_FUNCTION (C_GetSlotInfo, -+ (ck_slot_id_t slot_id, struct ck_slot_info *info)); -+_CK_DECLARE_FUNCTION (C_GetTokenInfo, -+ (ck_slot_id_t slot_id, struct ck_token_info *info)); -+_CK_DECLARE_FUNCTION (C_WaitForSlotEvent, -+ (ck_flags_t flags, ck_slot_id_t *slot, void *reserved)); -+_CK_DECLARE_FUNCTION (C_GetMechanismList, -+ (ck_slot_id_t slot_id, -+ ck_mechanism_type_t *mechanism_list, -+ unsigned long *count)); -+_CK_DECLARE_FUNCTION (C_GetMechanismInfo, -+ (ck_slot_id_t slot_id, ck_mechanism_type_t type, -+ struct ck_mechanism_info *info)); -+_CK_DECLARE_FUNCTION (C_InitToken, -+ (ck_slot_id_t slot_id, unsigned char *pin, -+ unsigned long pin_len, unsigned char *label)); -+_CK_DECLARE_FUNCTION (C_InitPIN, -+ (ck_session_handle_t session, unsigned char *pin, -+ unsigned long pin_len)); -+_CK_DECLARE_FUNCTION (C_SetPIN, -+ (ck_session_handle_t session, unsigned char *old_pin, -+ unsigned long old_len, unsigned char *new_pin, -+ unsigned long new_len)); -+ -+_CK_DECLARE_FUNCTION (C_OpenSession, -+ (ck_slot_id_t slot_id, ck_flags_t flags, -+ void *application, ck_notify_t notify, -+ ck_session_handle_t *session)); -+_CK_DECLARE_FUNCTION (C_CloseSession, (ck_session_handle_t session)); -+_CK_DECLARE_FUNCTION (C_CloseAllSessions, (ck_slot_id_t slot_id)); -+_CK_DECLARE_FUNCTION (C_GetSessionInfo, -+ (ck_session_handle_t session, -+ struct ck_session_info *info)); -+_CK_DECLARE_FUNCTION (C_GetOperationState, -+ (ck_session_handle_t session, -+ unsigned char *operation_state, -+ unsigned long *operation_state_len)); -+_CK_DECLARE_FUNCTION (C_SetOperationState, -+ (ck_session_handle_t session, -+ unsigned char *operation_state, -+ unsigned long operation_state_len, -+ ck_object_handle_t encryption_key, -+ ck_object_handle_t authentiation_key)); -+_CK_DECLARE_FUNCTION (C_Login, -+ (ck_session_handle_t session, ck_user_type_t user_type, -+ unsigned char *pin, unsigned long pin_len)); -+_CK_DECLARE_FUNCTION (C_Logout, (ck_session_handle_t session)); -+ -+_CK_DECLARE_FUNCTION (C_CreateObject, -+ (ck_session_handle_t session, -+ struct ck_attribute *templ, -+ unsigned long count, ck_object_handle_t *object)); -+_CK_DECLARE_FUNCTION (C_CopyObject, -+ (ck_session_handle_t session, ck_object_handle_t object, -+ struct ck_attribute *templ, unsigned long count, -+ ck_object_handle_t *new_object)); -+_CK_DECLARE_FUNCTION (C_DestroyObject, -+ (ck_session_handle_t session, -+ ck_object_handle_t object)); -+_CK_DECLARE_FUNCTION (C_GetObjectSize, -+ (ck_session_handle_t session, -+ ck_object_handle_t object, -+ unsigned long *size)); -+_CK_DECLARE_FUNCTION (C_GetAttributeValue, -+ (ck_session_handle_t session, -+ ck_object_handle_t object, -+ struct ck_attribute *templ, -+ unsigned long count)); -+_CK_DECLARE_FUNCTION (C_SetAttributeValue, -+ (ck_session_handle_t session, -+ ck_object_handle_t object, -+ struct ck_attribute *templ, -+ unsigned long count)); -+_CK_DECLARE_FUNCTION (C_FindObjectsInit, -+ (ck_session_handle_t session, -+ struct ck_attribute *templ, -+ unsigned long count)); -+_CK_DECLARE_FUNCTION (C_FindObjects, -+ (ck_session_handle_t session, -+ ck_object_handle_t *object, -+ unsigned long max_object_count, -+ unsigned long *object_count)); -+_CK_DECLARE_FUNCTION (C_FindObjectsFinal, -+ (ck_session_handle_t session)); -+ -+_CK_DECLARE_FUNCTION (C_EncryptInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_Encrypt, -+ (ck_session_handle_t session, -+ unsigned char *data, unsigned long data_len, -+ unsigned char *encrypted_data, -+ unsigned long *encrypted_data_len)); -+_CK_DECLARE_FUNCTION (C_EncryptUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len, -+ unsigned char *encrypted_part, -+ unsigned long *encrypted_part_len)); -+_CK_DECLARE_FUNCTION (C_EncryptFinal, -+ (ck_session_handle_t session, -+ unsigned char *last_encrypted_part, -+ unsigned long *last_encrypted_part_len)); -+ -+_CK_DECLARE_FUNCTION (C_DecryptInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_Decrypt, -+ (ck_session_handle_t session, -+ unsigned char *encrypted_data, -+ unsigned long encrypted_data_len, -+ unsigned char *data, unsigned long *data_len)); -+_CK_DECLARE_FUNCTION (C_DecryptUpdate, -+ (ck_session_handle_t session, -+ unsigned char *encrypted_part, -+ unsigned long encrypted_part_len, -+ unsigned char *part, unsigned long *part_len)); -+_CK_DECLARE_FUNCTION (C_DecryptFinal, -+ (ck_session_handle_t session, -+ unsigned char *last_part, -+ unsigned long *last_part_len)); -+ -+_CK_DECLARE_FUNCTION (C_DigestInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism)); -+_CK_DECLARE_FUNCTION (C_Digest, -+ (ck_session_handle_t session, -+ unsigned char *data, unsigned long data_len, -+ unsigned char *digest, -+ unsigned long *digest_len)); -+_CK_DECLARE_FUNCTION (C_DigestUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len)); -+_CK_DECLARE_FUNCTION (C_DigestKey, -+ (ck_session_handle_t session, ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_DigestFinal, -+ (ck_session_handle_t session, -+ unsigned char *digest, -+ unsigned long *digest_len)); -+ -+_CK_DECLARE_FUNCTION (C_SignInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_Sign, -+ (ck_session_handle_t session, -+ unsigned char *data, unsigned long data_len, -+ unsigned char *signature, -+ unsigned long *signature_len)); -+_CK_DECLARE_FUNCTION (C_SignUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len)); -+_CK_DECLARE_FUNCTION (C_SignFinal, -+ (ck_session_handle_t session, -+ unsigned char *signature, -+ unsigned long *signature_len)); -+_CK_DECLARE_FUNCTION (C_SignRecoverInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_SignRecover, -+ (ck_session_handle_t session, -+ unsigned char *data, unsigned long data_len, -+ unsigned char *signature, -+ unsigned long *signature_len)); -+ -+_CK_DECLARE_FUNCTION (C_VerifyInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_Verify, -+ (ck_session_handle_t session, -+ unsigned char *data, unsigned long data_len, -+ unsigned char *signature, -+ unsigned long signature_len)); -+_CK_DECLARE_FUNCTION (C_VerifyUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len)); -+_CK_DECLARE_FUNCTION (C_VerifyFinal, -+ (ck_session_handle_t session, -+ unsigned char *signature, -+ unsigned long signature_len)); -+_CK_DECLARE_FUNCTION (C_VerifyRecoverInit, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t key)); -+_CK_DECLARE_FUNCTION (C_VerifyRecover, -+ (ck_session_handle_t session, -+ unsigned char *signature, -+ unsigned long signature_len, -+ unsigned char *data, -+ unsigned long *data_len)); -+ -+_CK_DECLARE_FUNCTION (C_DigestEncryptUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len, -+ unsigned char *encrypted_part, -+ unsigned long *encrypted_part_len)); -+_CK_DECLARE_FUNCTION (C_DecryptDigestUpdate, -+ (ck_session_handle_t session, -+ unsigned char *encrypted_part, -+ unsigned long encrypted_part_len, -+ unsigned char *part, -+ unsigned long *part_len)); -+_CK_DECLARE_FUNCTION (C_SignEncryptUpdate, -+ (ck_session_handle_t session, -+ unsigned char *part, unsigned long part_len, -+ unsigned char *encrypted_part, -+ unsigned long *encrypted_part_len)); -+_CK_DECLARE_FUNCTION (C_DecryptVerifyUpdate, -+ (ck_session_handle_t session, -+ unsigned char *encrypted_part, -+ unsigned long encrypted_part_len, -+ unsigned char *part, -+ unsigned long *part_len)); -+ -+_CK_DECLARE_FUNCTION (C_GenerateKey, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ struct ck_attribute *templ, -+ unsigned long count, -+ ck_object_handle_t *key)); -+_CK_DECLARE_FUNCTION (C_GenerateKeyPair, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ struct ck_attribute *public_key_template, -+ unsigned long public_key_attribute_count, -+ struct ck_attribute *private_key_template, -+ unsigned long private_key_attribute_count, -+ ck_object_handle_t *public_key, -+ ck_object_handle_t *private_key)); -+_CK_DECLARE_FUNCTION (C_WrapKey, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t wrapping_key, -+ ck_object_handle_t key, -+ unsigned char *wrapped_key, -+ unsigned long *wrapped_key_len)); -+_CK_DECLARE_FUNCTION (C_UnwrapKey, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t unwrapping_key, -+ unsigned char *wrapped_key, -+ unsigned long wrapped_key_len, -+ struct ck_attribute *templ, -+ unsigned long attribute_count, -+ ck_object_handle_t *key)); -+_CK_DECLARE_FUNCTION (C_DeriveKey, -+ (ck_session_handle_t session, -+ struct ck_mechanism *mechanism, -+ ck_object_handle_t base_key, -+ struct ck_attribute *templ, -+ unsigned long attribute_count, -+ ck_object_handle_t *key)); -+ -+_CK_DECLARE_FUNCTION (C_SeedRandom, -+ (ck_session_handle_t session, unsigned char *seed, -+ unsigned long seed_len)); -+_CK_DECLARE_FUNCTION (C_GenerateRandom, -+ (ck_session_handle_t session, -+ unsigned char *random_data, -+ unsigned long random_len)); -+ -+_CK_DECLARE_FUNCTION (C_GetFunctionStatus, (ck_session_handle_t session)); -+_CK_DECLARE_FUNCTION (C_CancelFunction, (ck_session_handle_t session)); -+ -+ -+struct ck_function_list -+{ -+ struct ck_version version; -+ CK_C_Initialize C_Initialize; -+ CK_C_Finalize C_Finalize; -+ CK_C_GetInfo C_GetInfo; -+ CK_C_GetFunctionList C_GetFunctionList; -+ CK_C_GetSlotList C_GetSlotList; -+ CK_C_GetSlotInfo C_GetSlotInfo; -+ CK_C_GetTokenInfo C_GetTokenInfo; -+ CK_C_GetMechanismList C_GetMechanismList; -+ CK_C_GetMechanismInfo C_GetMechanismInfo; -+ CK_C_InitToken C_InitToken; -+ CK_C_InitPIN C_InitPIN; -+ CK_C_SetPIN C_SetPIN; -+ CK_C_OpenSession C_OpenSession; -+ CK_C_CloseSession C_CloseSession; -+ CK_C_CloseAllSessions C_CloseAllSessions; -+ CK_C_GetSessionInfo C_GetSessionInfo; -+ CK_C_GetOperationState C_GetOperationState; -+ CK_C_SetOperationState C_SetOperationState; -+ CK_C_Login C_Login; -+ CK_C_Logout C_Logout; -+ CK_C_CreateObject C_CreateObject; -+ CK_C_CopyObject C_CopyObject; -+ CK_C_DestroyObject C_DestroyObject; -+ CK_C_GetObjectSize C_GetObjectSize; -+ CK_C_GetAttributeValue C_GetAttributeValue; -+ CK_C_SetAttributeValue C_SetAttributeValue; -+ CK_C_FindObjectsInit C_FindObjectsInit; -+ CK_C_FindObjects C_FindObjects; -+ CK_C_FindObjectsFinal C_FindObjectsFinal; -+ CK_C_EncryptInit C_EncryptInit; -+ CK_C_Encrypt C_Encrypt; -+ CK_C_EncryptUpdate C_EncryptUpdate; -+ CK_C_EncryptFinal C_EncryptFinal; -+ CK_C_DecryptInit C_DecryptInit; -+ CK_C_Decrypt C_Decrypt; -+ CK_C_DecryptUpdate C_DecryptUpdate; -+ CK_C_DecryptFinal C_DecryptFinal; -+ CK_C_DigestInit C_DigestInit; -+ CK_C_Digest C_Digest; -+ CK_C_DigestUpdate C_DigestUpdate; -+ CK_C_DigestKey C_DigestKey; -+ CK_C_DigestFinal C_DigestFinal; -+ CK_C_SignInit C_SignInit; -+ CK_C_Sign C_Sign; -+ CK_C_SignUpdate C_SignUpdate; -+ CK_C_SignFinal C_SignFinal; -+ CK_C_SignRecoverInit C_SignRecoverInit; -+ CK_C_SignRecover C_SignRecover; -+ CK_C_VerifyInit C_VerifyInit; -+ CK_C_Verify C_Verify; -+ CK_C_VerifyUpdate C_VerifyUpdate; -+ CK_C_VerifyFinal C_VerifyFinal; -+ CK_C_VerifyRecoverInit C_VerifyRecoverInit; -+ CK_C_VerifyRecover C_VerifyRecover; -+ CK_C_DigestEncryptUpdate C_DigestEncryptUpdate; -+ CK_C_DecryptDigestUpdate C_DecryptDigestUpdate; -+ CK_C_SignEncryptUpdate C_SignEncryptUpdate; -+ CK_C_DecryptVerifyUpdate C_DecryptVerifyUpdate; -+ CK_C_GenerateKey C_GenerateKey; -+ CK_C_GenerateKeyPair C_GenerateKeyPair; -+ CK_C_WrapKey C_WrapKey; -+ CK_C_UnwrapKey C_UnwrapKey; -+ CK_C_DeriveKey C_DeriveKey; -+ CK_C_SeedRandom C_SeedRandom; -+ CK_C_GenerateRandom C_GenerateRandom; -+ CK_C_GetFunctionStatus C_GetFunctionStatus; -+ CK_C_CancelFunction C_CancelFunction; -+ CK_C_WaitForSlotEvent C_WaitForSlotEvent; -+}; -+ -+ -+typedef ck_rv_t (*ck_createmutex_t) (void **mutex); -+typedef ck_rv_t (*ck_destroymutex_t) (void *mutex); -+typedef ck_rv_t (*ck_lockmutex_t) (void *mutex); -+typedef ck_rv_t (*ck_unlockmutex_t) (void *mutex); -+ -+ -+struct ck_c_initialize_args -+{ -+ ck_createmutex_t create_mutex; -+ ck_destroymutex_t destroy_mutex; -+ ck_lockmutex_t lock_mutex; -+ ck_unlockmutex_t unlock_mutex; -+ ck_flags_t flags; -+ void *reserved; -+}; -+ -+ -+#define CKF_LIBRARY_CANT_CREATE_OS_THREADS (1UL << 0) -+#define CKF_OS_LOCKING_OK (1UL << 1) -+ -+#define CKR_OK (0UL) -+#define CKR_CANCEL (1UL) -+#define CKR_HOST_MEMORY (2UL) -+#define CKR_SLOT_ID_INVALID (3UL) -+#define CKR_GENERAL_ERROR (5UL) -+#define CKR_FUNCTION_FAILED (6UL) -+#define CKR_ARGUMENTS_BAD (7UL) -+#define CKR_NO_EVENT (8UL) -+#define CKR_NEED_TO_CREATE_THREADS (9UL) -+#define CKR_CANT_LOCK (0xaUL) -+#define CKR_ATTRIBUTE_READ_ONLY (0x10UL) -+#define CKR_ATTRIBUTE_SENSITIVE (0x11UL) -+#define CKR_ATTRIBUTE_TYPE_INVALID (0x12UL) -+#define CKR_ATTRIBUTE_VALUE_INVALID (0x13UL) -+#define CKR_ACTION_PROHIBITED (0x1BUL) -+#define CKR_DATA_INVALID (0x20UL) -+#define CKR_DATA_LEN_RANGE (0x21UL) -+#define CKR_DEVICE_ERROR (0x30UL) -+#define CKR_DEVICE_MEMORY (0x31UL) -+#define CKR_DEVICE_REMOVED (0x32UL) -+#define CKR_ENCRYPTED_DATA_INVALID (0x40UL) -+#define CKR_ENCRYPTED_DATA_LEN_RANGE (0x41UL) -+#define CKR_FUNCTION_CANCELED (0x50UL) -+#define CKR_FUNCTION_NOT_PARALLEL (0x51UL) -+#define CKR_FUNCTION_NOT_SUPPORTED (0x54UL) -+#define CKR_KEY_HANDLE_INVALID (0x60UL) -+#define CKR_KEY_SIZE_RANGE (0x62UL) -+#define CKR_KEY_TYPE_INCONSISTENT (0x63UL) -+#define CKR_KEY_NOT_NEEDED (0x64UL) -+#define CKR_KEY_CHANGED (0x65UL) -+#define CKR_KEY_NEEDED (0x66UL) -+#define CKR_KEY_INDIGESTIBLE (0x67UL) -+#define CKR_KEY_FUNCTION_NOT_PERMITTED (0x68UL) -+#define CKR_KEY_NOT_WRAPPABLE (0x69UL) -+#define CKR_KEY_UNEXTRACTABLE (0x6aUL) -+#define CKR_MECHANISM_INVALID (0x70UL) -+#define CKR_MECHANISM_PARAM_INVALID (0x71UL) -+#define CKR_OBJECT_HANDLE_INVALID (0x82UL) -+#define CKR_OPERATION_ACTIVE (0x90UL) -+#define CKR_OPERATION_NOT_INITIALIZED (0x91UL) -+#define CKR_PIN_INCORRECT (0xa0UL) -+#define CKR_PIN_INVALID (0xa1UL) -+#define CKR_PIN_LEN_RANGE (0xa2UL) -+#define CKR_PIN_EXPIRED (0xa3UL) -+#define CKR_PIN_LOCKED (0xa4UL) -+#define CKR_SESSION_CLOSED (0xb0UL) -+#define CKR_SESSION_COUNT (0xb1UL) -+#define CKR_SESSION_HANDLE_INVALID (0xb3UL) -+#define CKR_SESSION_PARALLEL_NOT_SUPPORTED (0xb4UL) -+#define CKR_SESSION_READ_ONLY (0xb5UL) -+#define CKR_SESSION_EXISTS (0xb6UL) -+#define CKR_SESSION_READ_ONLY_EXISTS (0xb7UL) -+#define CKR_SESSION_READ_WRITE_SO_EXISTS (0xb8UL) -+#define CKR_SIGNATURE_INVALID (0xc0UL) -+#define CKR_SIGNATURE_LEN_RANGE (0xc1UL) -+#define CKR_TEMPLATE_INCOMPLETE (0xd0UL) -+#define CKR_TEMPLATE_INCONSISTENT (0xd1UL) -+#define CKR_TOKEN_NOT_PRESENT (0xe0UL) -+#define CKR_TOKEN_NOT_RECOGNIZED (0xe1UL) -+#define CKR_TOKEN_WRITE_PROTECTED (0xe2UL) -+#define CKR_UNWRAPPING_KEY_HANDLE_INVALID (0xf0UL) -+#define CKR_UNWRAPPING_KEY_SIZE_RANGE (0xf1UL) -+#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT (0xf2UL) -+#define CKR_USER_ALREADY_LOGGED_IN (0x100UL) -+#define CKR_USER_NOT_LOGGED_IN (0x101UL) -+#define CKR_USER_PIN_NOT_INITIALIZED (0x102UL) -+#define CKR_USER_TYPE_INVALID (0x103UL) -+#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN (0x104UL) -+#define CKR_USER_TOO_MANY_TYPES (0x105UL) -+#define CKR_WRAPPED_KEY_INVALID (0x110UL) -+#define CKR_WRAPPED_KEY_LEN_RANGE (0x112UL) -+#define CKR_WRAPPING_KEY_HANDLE_INVALID (0x113UL) -+#define CKR_WRAPPING_KEY_SIZE_RANGE (0x114UL) -+#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT (0x115UL) -+#define CKR_RANDOM_SEED_NOT_SUPPORTED (0x120UL) -+#define CKR_RANDOM_NO_RNG (0x121UL) -+#define CKR_DOMAIN_PARAMS_INVALID (0x130UL) -+#define CKR_BUFFER_TOO_SMALL (0x150UL) -+#define CKR_SAVED_STATE_INVALID (0x160UL) -+#define CKR_INFORMATION_SENSITIVE (0x170UL) -+#define CKR_STATE_UNSAVEABLE (0x180UL) -+#define CKR_CRYPTOKI_NOT_INITIALIZED (0x190UL) -+#define CKR_CRYPTOKI_ALREADY_INITIALIZED (0x191UL) -+#define CKR_MUTEX_BAD (0x1a0UL) -+#define CKR_MUTEX_NOT_LOCKED (0x1a1UL) -+#define CKR_NEW_PIN_MODE (0x1b0UL) -+#define CKR_NEXT_OTP (0x1b1UL) -+#define CKR_EXCEEDED_MAX_ITERATIONS (0x1c0UL) -+#define CKR_FIPS_SELF_TEST_FAILED (0x1c1UL) -+#define CKR_LIBRARY_LOAD_FAILED (0x1c2UL) -+#define CKR_PIN_TOO_WEAK (0x1c3UL) -+#define CKR_PUBLIC_KEY_INVALID (0x1c4UL) -+#define CKR_FUNCTION_REJECTED (0x200UL) -+#define CKR_VENDOR_DEFINED ((unsigned long) (1UL << 31)) -+ -+ -+#define CKZ_DATA_SPECIFIED (0x01UL) -+ -+ -+ -+/* Compatibility layer. */ -+ -+#ifdef CRYPTOKI_COMPAT -+ -+#undef CK_DEFINE_FUNCTION -+#define CK_DEFINE_FUNCTION(retval, name) retval CK_SPEC name -+ -+/* For NULL. */ -+#include -+ -+typedef unsigned char CK_BYTE; -+typedef unsigned char CK_CHAR; -+typedef unsigned char CK_UTF8CHAR; -+typedef unsigned char CK_BBOOL; -+typedef unsigned long int CK_ULONG; -+typedef long int CK_LONG; -+typedef CK_BYTE *CK_BYTE_PTR; -+typedef CK_CHAR *CK_CHAR_PTR; -+typedef CK_UTF8CHAR *CK_UTF8CHAR_PTR; -+typedef CK_ULONG *CK_ULONG_PTR; -+typedef void *CK_VOID_PTR; -+typedef void **CK_VOID_PTR_PTR; -+#define CK_FALSE 0 -+#define CK_TRUE 1 -+#ifndef CK_DISABLE_TRUE_FALSE -+#ifndef FALSE -+#define FALSE 0 -+#endif -+#ifndef TRUE -+#define TRUE 1 -+#endif -+#endif -+ -+typedef struct ck_version CK_VERSION; -+typedef struct ck_version *CK_VERSION_PTR; -+ -+typedef struct ck_info CK_INFO; -+typedef struct ck_info *CK_INFO_PTR; -+ -+typedef ck_slot_id_t *CK_SLOT_ID_PTR; -+ -+typedef struct ck_slot_info CK_SLOT_INFO; -+typedef struct ck_slot_info *CK_SLOT_INFO_PTR; -+ -+typedef struct ck_token_info CK_TOKEN_INFO; -+typedef struct ck_token_info *CK_TOKEN_INFO_PTR; -+ -+typedef ck_session_handle_t *CK_SESSION_HANDLE_PTR; -+ -+typedef struct ck_session_info CK_SESSION_INFO; -+typedef struct ck_session_info *CK_SESSION_INFO_PTR; -+ -+typedef ck_object_handle_t *CK_OBJECT_HANDLE_PTR; -+ -+typedef ck_object_class_t *CK_OBJECT_CLASS_PTR; -+ -+typedef struct ck_attribute CK_ATTRIBUTE; -+typedef struct ck_attribute *CK_ATTRIBUTE_PTR; -+ -+typedef struct ck_date CK_DATE; -+typedef struct ck_date *CK_DATE_PTR; -+ -+typedef ck_mechanism_type_t *CK_MECHANISM_TYPE_PTR; -+ -+typedef struct ck_mechanism CK_MECHANISM; -+typedef struct ck_mechanism *CK_MECHANISM_PTR; -+ -+typedef struct ck_mechanism_info CK_MECHANISM_INFO; -+typedef struct ck_mechanism_info *CK_MECHANISM_INFO_PTR; -+ -+typedef struct ck_otp_mechanism_info CK_OTP_MECHANISM_INFO; -+typedef struct ck_otp_mechanism_info *CK_OTP_MECHANISM_INFO_PTR; -+ -+typedef struct ck_function_list CK_FUNCTION_LIST; -+typedef struct ck_function_list *CK_FUNCTION_LIST_PTR; -+typedef struct ck_function_list **CK_FUNCTION_LIST_PTR_PTR; -+ -+typedef struct ck_c_initialize_args CK_C_INITIALIZE_ARGS; -+typedef struct ck_c_initialize_args *CK_C_INITIALIZE_ARGS_PTR; -+ -+typedef struct ck_rsa_pkcs_pss_params CK_RSA_PKCS_PSS_PARAMS; -+typedef struct ck_rsa_pkcs_pss_params *CK_RSA_PKCS_PSS_PARAMS_PTR; -+ -+typedef struct ck_rsa_pkcs_oaep_params CK_RSA_PKCS_OAEP_PARAMS; -+typedef struct ck_rsa_pkcs_oaep_params *CK_RSA_PKCS_OAEP_PARAMS_PTR; -+ -+typedef struct ck_aes_ctr_params CK_AES_CTR_PARAMS; -+typedef struct ck_aes_ctr_params *CK_AES_CTR_PARAMS_PTR; -+ -+typedef struct ck_gcm_params CK_GCM_PARAMS; -+typedef struct ck_gcm_params *CK_GCM_PARAMS_PTR; -+ -+typedef struct ck_ecdh1_derive_params CK_ECDH1_DERIVE_PARAMS; -+typedef struct ck_ecdh1_derive_params *CK_ECDH1_DERIVE_PARAMS_PTR; -+ -+typedef struct ck_key_derivation_string_data CK_KEY_DERIVATION_STRING_DATA; -+typedef struct ck_key_derivation_string_data *CK_KEY_DERIVATION_STRING_DATA_PTR; -+ -+typedef struct ck_des_cbc_encrypt_data_params CK_DES_CBC_ENCRYPT_DATA_PARAMS; -+typedef struct ck_des_cbc_encrypt_data_params *CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; -+ -+typedef struct ck_aes_cbc_encrypt_data_params CK_AES_CBC_ENCRYPT_DATA_PARAMS; -+typedef struct ck_aes_cbc_encrypt_data_params *CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; -+ -+#ifndef NULL_PTR -+#define NULL_PTR NULL - #endif - --#endif /* _PKCS11_H_ */ -+/* Delete the helper macros defined at the top of the file. */ -+#undef ck_flags_t -+#undef ck_version -+ -+#undef ck_info -+#undef cryptoki_version -+#undef manufacturer_id -+#undef library_description -+#undef library_version -+ -+#undef ck_notification_t -+#undef ck_slot_id_t -+ -+#undef ck_slot_info -+#undef slot_description -+#undef hardware_version -+#undef firmware_version -+ -+#undef ck_token_info -+#undef serial_number -+#undef max_session_count -+#undef session_count -+#undef max_rw_session_count -+#undef rw_session_count -+#undef max_pin_len -+#undef min_pin_len -+#undef total_public_memory -+#undef free_public_memory -+#undef total_private_memory -+#undef free_private_memory -+#undef utc_time -+ -+#undef ck_session_handle_t -+#undef ck_user_type_t -+#undef ck_state_t -+ -+#undef ck_session_info -+#undef slot_id -+#undef device_error -+ -+#undef ck_object_handle_t -+#undef ck_object_class_t -+#undef ck_hw_feature_type_t -+#undef ck_key_type_t -+#undef ck_certificate_type_t -+#undef ck_attribute_type_t -+ -+#undef ck_attribute -+#undef value -+#undef value_len -+ -+#undef params -+#undef count -+ -+#undef ck_date -+ -+#undef ck_mechanism_type_t -+ -+#undef ck_mechanism -+#undef parameter -+#undef parameter_len -+ -+#undef ck_mechanism_info -+ -+#undef ck_param_type -+#undef ck_otp_param -+#undef ck_otp_params -+#undef ck_otp_signature_info -+ -+#undef min_key_size -+#undef max_key_size -+ -+#undef ck_rv_t -+#undef ck_notify_t -+ -+#undef ck_function_list -+ -+#undef ck_createmutex_t -+#undef ck_destroymutex_t -+#undef ck_lockmutex_t -+#undef ck_unlockmutex_t -+ -+#undef ck_c_initialize_args -+#undef create_mutex -+#undef destroy_mutex -+#undef lock_mutex -+#undef unlock_mutex -+#undef reserved -+ -+#endif /* CRYPTOKI_COMPAT */ -+ -+ -+/* System dependencies. */ -+#if defined(_WIN32) || defined(CRYPTOKI_FORCE_WIN32) -+#pragma pack(pop, cryptoki) -+#endif -+ -+#if defined(__cplusplus) -+} -+#endif - -+#endif /* PKCS11_H */ -diff --git a/src/lib/pkcs11/pkcs11f.h b/src/lib/pkcs11/pkcs11f.h -deleted file mode 100644 -index ed90aff..0000000 ---- a/src/lib/pkcs11/pkcs11f.h -+++ /dev/null -@@ -1,939 +0,0 @@ --/* Copyright (c) OASIS Open 2016. All Rights Reserved./ -- * /Distributed under the terms of the OASIS IPR Policy, -- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY -- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A -- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. -- */ -- --/* Latest version of the specification: -- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html -- */ -- --/* This header file contains pretty much everything about all the -- * Cryptoki function prototypes. Because this information is -- * used for more than just declaring function prototypes, the -- * order of the functions appearing herein is important, and -- * should not be altered. -- */ -- --/* General-purpose */ -- --/* C_Initialize initializes the Cryptoki library. */ --CK_PKCS11_FUNCTION_INFO(C_Initialize) --#ifdef CK_NEED_ARG_LIST --( -- CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets -- * cast to CK_C_INITIALIZE_ARGS_PTR -- * and dereferenced -- */ --); --#endif -- -- --/* C_Finalize indicates that an application is done with the -- * Cryptoki library. -- */ --CK_PKCS11_FUNCTION_INFO(C_Finalize) --#ifdef CK_NEED_ARG_LIST --( -- CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ --); --#endif -- -- --/* C_GetInfo returns general information about Cryptoki. */ --CK_PKCS11_FUNCTION_INFO(C_GetInfo) --#ifdef CK_NEED_ARG_LIST --( -- CK_INFO_PTR pInfo /* location that receives information */ --); --#endif -- -- --/* C_GetFunctionList returns the function list. */ --CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) --#ifdef CK_NEED_ARG_LIST --( -- CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to -- * function list -- */ --); --#endif -- -- -- --/* Slot and token management */ -- --/* C_GetSlotList obtains a list of slots in the system. */ --CK_PKCS11_FUNCTION_INFO(C_GetSlotList) --#ifdef CK_NEED_ARG_LIST --( -- CK_BBOOL tokenPresent, /* only slots with tokens */ -- CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ -- CK_ULONG_PTR pulCount /* receives number of slots */ --); --#endif -- -- --/* C_GetSlotInfo obtains information about a particular slot in -- * the system. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* the ID of the slot */ -- CK_SLOT_INFO_PTR pInfo /* receives the slot information */ --); --#endif -- -- --/* C_GetTokenInfo obtains information about a particular token -- * in the system. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* ID of the token's slot */ -- CK_TOKEN_INFO_PTR pInfo /* receives the token information */ --); --#endif -- -- --/* C_GetMechanismList obtains a list of mechanism types -- * supported by a token. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* ID of token's slot */ -- CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ -- CK_ULONG_PTR pulCount /* gets # of mechs. */ --); --#endif -- -- --/* C_GetMechanismInfo obtains information about a particular -- * mechanism possibly supported by a token. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* ID of the token's slot */ -- CK_MECHANISM_TYPE type, /* type of mechanism */ -- CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ --); --#endif -- -- --/* C_InitToken initializes a token. */ --CK_PKCS11_FUNCTION_INFO(C_InitToken) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* ID of the token's slot */ -- CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ -- CK_ULONG ulPinLen, /* length in bytes of the PIN */ -- CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ --); --#endif -- -- --/* C_InitPIN initializes the normal user's PIN. */ --CK_PKCS11_FUNCTION_INFO(C_InitPIN) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ -- CK_ULONG ulPinLen /* length in bytes of the PIN */ --); --#endif -- -- --/* C_SetPIN modifies the PIN of the user who is logged in. */ --CK_PKCS11_FUNCTION_INFO(C_SetPIN) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ -- CK_ULONG ulOldLen, /* length of the old PIN */ -- CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ -- CK_ULONG ulNewLen /* length of the new PIN */ --); --#endif -- -- -- --/* Session management */ -- --/* C_OpenSession opens a session between an application and a -- * token. -- */ --CK_PKCS11_FUNCTION_INFO(C_OpenSession) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID, /* the slot's ID */ -- CK_FLAGS flags, /* from CK_SESSION_INFO */ -- CK_VOID_PTR pApplication, /* passed to callback */ -- CK_NOTIFY Notify, /* callback function */ -- CK_SESSION_HANDLE_PTR phSession /* gets session handle */ --); --#endif -- -- --/* C_CloseSession closes a session between an application and a -- * token. -- */ --CK_PKCS11_FUNCTION_INFO(C_CloseSession) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession /* the session's handle */ --); --#endif -- -- --/* C_CloseAllSessions closes all sessions with a token. */ --CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) --#ifdef CK_NEED_ARG_LIST --( -- CK_SLOT_ID slotID /* the token's slot */ --); --#endif -- -- --/* C_GetSessionInfo obtains information about the session. */ --CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_SESSION_INFO_PTR pInfo /* receives session info */ --); --#endif -- -- --/* C_GetOperationState obtains the state of the cryptographic operation -- * in a session. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetOperationState) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pOperationState, /* gets state */ -- CK_ULONG_PTR pulOperationStateLen /* gets state length */ --); --#endif -- -- --/* C_SetOperationState restores the state of the cryptographic -- * operation in a session. -- */ --CK_PKCS11_FUNCTION_INFO(C_SetOperationState) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pOperationState, /* holds state */ -- CK_ULONG ulOperationStateLen, /* holds state length */ -- CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ -- CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ --); --#endif -- -- --/* C_Login logs a user into a token. */ --CK_PKCS11_FUNCTION_INFO(C_Login) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_USER_TYPE userType, /* the user type */ -- CK_UTF8CHAR_PTR pPin, /* the user's PIN */ -- CK_ULONG ulPinLen /* the length of the PIN */ --); --#endif -- -- --/* C_Logout logs a user out from a token. */ --CK_PKCS11_FUNCTION_INFO(C_Logout) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession /* the session's handle */ --); --#endif -- -- -- --/* Object management */ -- --/* C_CreateObject creates a new object. */ --CK_PKCS11_FUNCTION_INFO(C_CreateObject) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ -- CK_ULONG ulCount, /* attributes in template */ -- CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ --); --#endif -- -- --/* C_CopyObject copies an object, creating a new object for the -- * copy. -- */ --CK_PKCS11_FUNCTION_INFO(C_CopyObject) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hObject, /* the object's handle */ -- CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ -- CK_ULONG ulCount, /* attributes in template */ -- CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ --); --#endif -- -- --/* C_DestroyObject destroys an object. */ --CK_PKCS11_FUNCTION_INFO(C_DestroyObject) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hObject /* the object's handle */ --); --#endif -- -- --/* C_GetObjectSize gets the size of an object in bytes. */ --CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hObject, /* the object's handle */ -- CK_ULONG_PTR pulSize /* receives size of object */ --); --#endif -- -- --/* C_GetAttributeValue obtains the value of one or more object -- * attributes. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hObject, /* the object's handle */ -- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ -- CK_ULONG ulCount /* attributes in template */ --); --#endif -- -- --/* C_SetAttributeValue modifies the value of one or more object -- * attributes. -- */ --CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hObject, /* the object's handle */ -- CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ -- CK_ULONG ulCount /* attributes in template */ --); --#endif -- -- --/* C_FindObjectsInit initializes a search for token and session -- * objects that match a template. -- */ --CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ -- CK_ULONG ulCount /* attrs in search template */ --); --#endif -- -- --/* C_FindObjects continues a search for token and session -- * objects that match a template, obtaining additional object -- * handles. -- */ --CK_PKCS11_FUNCTION_INFO(C_FindObjects) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ -- CK_ULONG ulMaxObjectCount, /* max handles to get */ -- CK_ULONG_PTR pulObjectCount /* actual # returned */ --); --#endif -- -- --/* C_FindObjectsFinal finishes a search for token and session -- * objects. -- */ --CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession /* the session's handle */ --); --#endif -- -- -- --/* Encryption and decryption */ -- --/* C_EncryptInit initializes an encryption operation. */ --CK_PKCS11_FUNCTION_INFO(C_EncryptInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ -- CK_OBJECT_HANDLE hKey /* handle of encryption key */ --); --#endif -- -- --/* C_Encrypt encrypts single-part data. */ --CK_PKCS11_FUNCTION_INFO(C_Encrypt) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pData, /* the plaintext data */ -- CK_ULONG ulDataLen, /* bytes of plaintext */ -- CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ -- CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ --); --#endif -- -- --/* C_EncryptUpdate continues a multiple-part encryption -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pPart, /* the plaintext data */ -- CK_ULONG ulPartLen, /* plaintext data len */ -- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ -- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ --); --#endif -- -- --/* C_EncryptFinal finishes a multiple-part encryption -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session handle */ -- CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ -- CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ --); --#endif -- -- --/* C_DecryptInit initializes a decryption operation. */ --CK_PKCS11_FUNCTION_INFO(C_DecryptInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ -- CK_OBJECT_HANDLE hKey /* handle of decryption key */ --); --#endif -- -- --/* C_Decrypt decrypts encrypted data in a single part. */ --CK_PKCS11_FUNCTION_INFO(C_Decrypt) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pEncryptedData, /* ciphertext */ -- CK_ULONG ulEncryptedDataLen, /* ciphertext length */ -- CK_BYTE_PTR pData, /* gets plaintext */ -- CK_ULONG_PTR pulDataLen /* gets p-text size */ --); --#endif -- -- --/* C_DecryptUpdate continues a multiple-part decryption -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pEncryptedPart, /* encrypted data */ -- CK_ULONG ulEncryptedPartLen, /* input length */ -- CK_BYTE_PTR pPart, /* gets plaintext */ -- CK_ULONG_PTR pulPartLen /* p-text size */ --); --#endif -- -- --/* C_DecryptFinal finishes a multiple-part decryption -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pLastPart, /* gets plaintext */ -- CK_ULONG_PTR pulLastPartLen /* p-text size */ --); --#endif -- -- -- --/* Message digesting */ -- --/* C_DigestInit initializes a message-digesting operation. */ --CK_PKCS11_FUNCTION_INFO(C_DigestInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ --); --#endif -- -- --/* C_Digest digests data in a single part. */ --CK_PKCS11_FUNCTION_INFO(C_Digest) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pData, /* data to be digested */ -- CK_ULONG ulDataLen, /* bytes of data to digest */ -- CK_BYTE_PTR pDigest, /* gets the message digest */ -- CK_ULONG_PTR pulDigestLen /* gets digest length */ --); --#endif -- -- --/* C_DigestUpdate continues a multiple-part message-digesting -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pPart, /* data to be digested */ -- CK_ULONG ulPartLen /* bytes of data to be digested */ --); --#endif -- -- --/* C_DigestKey continues a multi-part message-digesting -- * operation, by digesting the value of a secret key as part of -- * the data already digested. -- */ --CK_PKCS11_FUNCTION_INFO(C_DigestKey) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_OBJECT_HANDLE hKey /* secret key to digest */ --); --#endif -- -- --/* C_DigestFinal finishes a multiple-part message-digesting -- * operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DigestFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pDigest, /* gets the message digest */ -- CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ --); --#endif -- -- -- --/* Signing and MACing */ -- --/* C_SignInit initializes a signature (private key encryption) -- * operation, where the signature is (will be) an appendix to -- * the data, and plaintext cannot be recovered from the -- * signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ -- CK_OBJECT_HANDLE hKey /* handle of signature key */ --); --#endif -- -- --/* C_Sign signs (encrypts with private key) data in a single -- * part, where the signature is (will be) an appendix to the -- * data, and plaintext cannot be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_Sign) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pData, /* the data to sign */ -- CK_ULONG ulDataLen, /* count of bytes to sign */ -- CK_BYTE_PTR pSignature, /* gets the signature */ -- CK_ULONG_PTR pulSignatureLen /* gets signature length */ --); --#endif -- -- --/* C_SignUpdate continues a multiple-part signature operation, -- * where the signature is (will be) an appendix to the data, -- * and plaintext cannot be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pPart, /* the data to sign */ -- CK_ULONG ulPartLen /* count of bytes to sign */ --); --#endif -- -- --/* C_SignFinal finishes a multiple-part signature operation, -- * returning the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pSignature, /* gets the signature */ -- CK_ULONG_PTR pulSignatureLen /* gets signature length */ --); --#endif -- -- --/* C_SignRecoverInit initializes a signature operation, where -- * the data can be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ -- CK_OBJECT_HANDLE hKey /* handle of the signature key */ --); --#endif -- -- --/* C_SignRecover signs data in a single operation, where the -- * data can be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignRecover) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pData, /* the data to sign */ -- CK_ULONG ulDataLen, /* count of bytes to sign */ -- CK_BYTE_PTR pSignature, /* gets the signature */ -- CK_ULONG_PTR pulSignatureLen /* gets signature length */ --); --#endif -- -- -- --/* Verifying signatures and MACs */ -- --/* C_VerifyInit initializes a verification operation, where the -- * signature is an appendix to the data, and plaintext cannot -- * cannot be recovered from the signature (e.g. DSA). -- */ --CK_PKCS11_FUNCTION_INFO(C_VerifyInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ -- CK_OBJECT_HANDLE hKey /* verification key */ --); --#endif -- -- --/* C_Verify verifies a signature in a single-part operation, -- * where the signature is an appendix to the data, and plaintext -- * cannot be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_Verify) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pData, /* signed data */ -- CK_ULONG ulDataLen, /* length of signed data */ -- CK_BYTE_PTR pSignature, /* signature */ -- CK_ULONG ulSignatureLen /* signature length*/ --); --#endif -- -- --/* C_VerifyUpdate continues a multiple-part verification -- * operation, where the signature is an appendix to the data, -- * and plaintext cannot be recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pPart, /* signed data */ -- CK_ULONG ulPartLen /* length of signed data */ --); --#endif -- -- --/* C_VerifyFinal finishes a multiple-part verification -- * operation, checking the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pSignature, /* signature to verify */ -- CK_ULONG ulSignatureLen /* signature length */ --); --#endif -- -- --/* C_VerifyRecoverInit initializes a signature verification -- * operation, where the data is recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ -- CK_OBJECT_HANDLE hKey /* verification key */ --); --#endif -- -- --/* C_VerifyRecover verifies a signature in a single-part -- * operation, where the data is recovered from the signature. -- */ --CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pSignature, /* signature to verify */ -- CK_ULONG ulSignatureLen, /* signature length */ -- CK_BYTE_PTR pData, /* gets signed data */ -- CK_ULONG_PTR pulDataLen /* gets signed data len */ --); --#endif -- -- -- --/* Dual-function cryptographic operations */ -- --/* C_DigestEncryptUpdate continues a multiple-part digesting -- * and encryption operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pPart, /* the plaintext data */ -- CK_ULONG ulPartLen, /* plaintext length */ -- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ -- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ --); --#endif -- -- --/* C_DecryptDigestUpdate continues a multiple-part decryption and -- * digesting operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pEncryptedPart, /* ciphertext */ -- CK_ULONG ulEncryptedPartLen, /* ciphertext length */ -- CK_BYTE_PTR pPart, /* gets plaintext */ -- CK_ULONG_PTR pulPartLen /* gets plaintext len */ --); --#endif -- -- --/* C_SignEncryptUpdate continues a multiple-part signing and -- * encryption operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pPart, /* the plaintext data */ -- CK_ULONG ulPartLen, /* plaintext length */ -- CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ -- CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ --); --#endif -- -- --/* C_DecryptVerifyUpdate continues a multiple-part decryption and -- * verify operation. -- */ --CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_BYTE_PTR pEncryptedPart, /* ciphertext */ -- CK_ULONG ulEncryptedPartLen, /* ciphertext length */ -- CK_BYTE_PTR pPart, /* gets plaintext */ -- CK_ULONG_PTR pulPartLen /* gets p-text length */ --); --#endif -- -- -- --/* Key management */ -- --/* C_GenerateKey generates a secret key, creating a new key -- * object. -- */ --CK_PKCS11_FUNCTION_INFO(C_GenerateKey) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* key generation mech. */ -- CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ -- CK_ULONG ulCount, /* # of attrs in template */ -- CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ --); --#endif -- -- --/* C_GenerateKeyPair generates a public-key/private-key pair, -- * creating new key objects. -- */ --CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session handle */ -- CK_MECHANISM_PTR pMechanism, /* key-gen mech. */ -- CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template for pub. key */ -- CK_ULONG ulPublicKeyAttributeCount, /* # pub. attrs. */ -- CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template for priv. key */ -- CK_ULONG ulPrivateKeyAttributeCount, /* # priv. attrs. */ -- CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. key handle */ -- CK_OBJECT_HANDLE_PTR phPrivateKey /* gets priv. key handle */ --); --#endif -- -- --/* C_WrapKey wraps (i.e., encrypts) a key. */ --CK_PKCS11_FUNCTION_INFO(C_WrapKey) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ -- CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ -- CK_OBJECT_HANDLE hKey, /* key to be wrapped */ -- CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ -- CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ --); --#endif -- -- --/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new -- * key object. -- */ --CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ -- CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ -- CK_BYTE_PTR pWrappedKey, /* the wrapped key */ -- CK_ULONG ulWrappedKeyLen, /* wrapped key len */ -- CK_ATTRIBUTE_PTR pTemplate, /* new key template */ -- CK_ULONG ulAttributeCount, /* template length */ -- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ --); --#endif -- -- --/* C_DeriveKey derives a key from a base key, creating a new key -- * object. -- */ --CK_PKCS11_FUNCTION_INFO(C_DeriveKey) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* session's handle */ -- CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ -- CK_OBJECT_HANDLE hBaseKey, /* base key */ -- CK_ATTRIBUTE_PTR pTemplate, /* new key template */ -- CK_ULONG ulAttributeCount, /* template length */ -- CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ --); --#endif -- -- -- --/* Random number generation */ -- --/* C_SeedRandom mixes additional seed material into the token's -- * random number generator. -- */ --CK_PKCS11_FUNCTION_INFO(C_SeedRandom) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR pSeed, /* the seed material */ -- CK_ULONG ulSeedLen /* length of seed material */ --); --#endif -- -- --/* C_GenerateRandom generates random data. */ --CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_BYTE_PTR RandomData, /* receives the random data */ -- CK_ULONG ulRandomLen /* # of bytes to generate */ --); --#endif -- -- -- --/* Parallel function management */ -- --/* C_GetFunctionStatus is a legacy function; it obtains an -- * updated status of a function running in parallel with an -- * application. -- */ --CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession /* the session's handle */ --); --#endif -- -- --/* C_CancelFunction is a legacy function; it cancels a function -- * running in parallel. -- */ --CK_PKCS11_FUNCTION_INFO(C_CancelFunction) --#ifdef CK_NEED_ARG_LIST --( -- CK_SESSION_HANDLE hSession /* the session's handle */ --); --#endif -- -- --/* C_WaitForSlotEvent waits for a slot event (token insertion, -- * removal, etc.) to occur. -- */ --CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) --#ifdef CK_NEED_ARG_LIST --( -- CK_FLAGS flags, /* blocking/nonblocking flag */ -- CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ -- CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ --); --#endif -- -diff --git a/src/lib/pkcs11/pkcs11t.h b/src/lib/pkcs11/pkcs11t.h -deleted file mode 100644 -index 0cf3acc..0000000 ---- a/src/lib/pkcs11/pkcs11t.h -+++ /dev/null -@@ -1,2003 +0,0 @@ --/* Copyright (c) OASIS Open 2016. All Rights Reserved./ -- * /Distributed under the terms of the OASIS IPR Policy, -- * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY -- * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A -- * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. -- */ -- --/* Latest version of the specification: -- * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html -- */ -- --/* See top of pkcs11.h for information about the macros that -- * must be defined and the structure-packing conventions that -- * must be set before including this file. -- */ -- --#ifndef _PKCS11T_H_ --#define _PKCS11T_H_ 1 -- --#define CRYPTOKI_VERSION_MAJOR 2 --#define CRYPTOKI_VERSION_MINOR 40 --#define CRYPTOKI_VERSION_AMENDMENT 0 -- --#define CK_TRUE 1 --#define CK_FALSE 0 -- --#ifndef CK_DISABLE_TRUE_FALSE --#ifndef FALSE --#define FALSE CK_FALSE --#endif --#ifndef TRUE --#define TRUE CK_TRUE --#endif --#endif -- --/* an unsigned 8-bit value */ --typedef unsigned char CK_BYTE; -- --/* an unsigned 8-bit character */ --typedef CK_BYTE CK_CHAR; -- --/* an 8-bit UTF-8 character */ --typedef CK_BYTE CK_UTF8CHAR; -- --/* a BYTE-sized Boolean flag */ --typedef CK_BYTE CK_BBOOL; -- --/* an unsigned value, at least 32 bits long */ --typedef unsigned long int CK_ULONG; -- --/* a signed value, the same size as a CK_ULONG */ --typedef long int CK_LONG; -- --/* at least 32 bits; each bit is a Boolean flag */ --typedef CK_ULONG CK_FLAGS; -- -- --/* some special values for certain CK_ULONG variables */ --#define CK_UNAVAILABLE_INFORMATION (~0UL) --#define CK_EFFECTIVELY_INFINITE 0UL -- -- --typedef CK_BYTE CK_PTR CK_BYTE_PTR; --typedef CK_CHAR CK_PTR CK_CHAR_PTR; --typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; --typedef CK_ULONG CK_PTR CK_ULONG_PTR; --typedef void CK_PTR CK_VOID_PTR; -- --/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ --typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; -- -- --/* The following value is always invalid if used as a session -- * handle or object handle -- */ --#define CK_INVALID_HANDLE 0UL -- -- --typedef struct CK_VERSION { -- CK_BYTE major; /* integer portion of version number */ -- CK_BYTE minor; /* 1/100ths portion of version number */ --} CK_VERSION; -- --typedef CK_VERSION CK_PTR CK_VERSION_PTR; -- -- --typedef struct CK_INFO { -- CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ -- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ -- CK_FLAGS flags; /* must be zero */ -- CK_UTF8CHAR libraryDescription[32]; /* blank padded */ -- CK_VERSION libraryVersion; /* version of library */ --} CK_INFO; -- --typedef CK_INFO CK_PTR CK_INFO_PTR; -- -- --/* CK_NOTIFICATION enumerates the types of notifications that -- * Cryptoki provides to an application -- */ --typedef CK_ULONG CK_NOTIFICATION; --#define CKN_SURRENDER 0UL --#define CKN_OTP_CHANGED 1UL -- --typedef CK_ULONG CK_SLOT_ID; -- --typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; -- -- --/* CK_SLOT_INFO provides information about a slot */ --typedef struct CK_SLOT_INFO { -- CK_UTF8CHAR slotDescription[64]; /* blank padded */ -- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ -- CK_FLAGS flags; -- -- CK_VERSION hardwareVersion; /* version of hardware */ -- CK_VERSION firmwareVersion; /* version of firmware */ --} CK_SLOT_INFO; -- --/* flags: bit flags that provide capabilities of the slot -- * Bit Flag Mask Meaning -- */ --#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */ --#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/ --#define CKF_HW_SLOT 0x00000004UL /* hardware slot */ -- --typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; -- -- --/* CK_TOKEN_INFO provides information about a token */ --typedef struct CK_TOKEN_INFO { -- CK_UTF8CHAR label[32]; /* blank padded */ -- CK_UTF8CHAR manufacturerID[32]; /* blank padded */ -- CK_UTF8CHAR model[16]; /* blank padded */ -- CK_CHAR serialNumber[16]; /* blank padded */ -- CK_FLAGS flags; /* see below */ -- -- CK_ULONG ulMaxSessionCount; /* max open sessions */ -- CK_ULONG ulSessionCount; /* sess. now open */ -- CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ -- CK_ULONG ulRwSessionCount; /* R/W sess. now open */ -- CK_ULONG ulMaxPinLen; /* in bytes */ -- CK_ULONG ulMinPinLen; /* in bytes */ -- CK_ULONG ulTotalPublicMemory; /* in bytes */ -- CK_ULONG ulFreePublicMemory; /* in bytes */ -- CK_ULONG ulTotalPrivateMemory; /* in bytes */ -- CK_ULONG ulFreePrivateMemory; /* in bytes */ -- CK_VERSION hardwareVersion; /* version of hardware */ -- CK_VERSION firmwareVersion; /* version of firmware */ -- CK_CHAR utcTime[16]; /* time */ --} CK_TOKEN_INFO; -- --/* The flags parameter is defined as follows: -- * Bit Flag Mask Meaning -- */ --#define CKF_RNG 0x00000001UL /* has random # generator */ --#define CKF_WRITE_PROTECTED 0x00000002UL /* token is write-protected */ --#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must login */ --#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's PIN is set */ -- --/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, -- * that means that *every* time the state of cryptographic -- * operations of a session is successfully saved, all keys -- * needed to continue those operations are stored in the state -- */ --#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL -- --/* CKF_CLOCK_ON_TOKEN. If it is set, that means -- * that the token has some sort of clock. The time on that -- * clock is returned in the token info structure -- */ --#define CKF_CLOCK_ON_TOKEN 0x00000040UL -- --/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is -- * set, that means that there is some way for the user to login -- * without sending a PIN through the Cryptoki library itself -- */ --#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL -- --/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, -- * that means that a single session with the token can perform -- * dual simultaneous cryptographic operations (digest and -- * encrypt; decrypt and digest; sign and encrypt; and decrypt -- * and sign) -- */ --#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL -- --/* CKF_TOKEN_INITIALIZED. If it is true, the -- * token has been initialized using C_InitializeToken or an -- * equivalent mechanism outside the scope of PKCS #11. -- * Calling C_InitializeToken when this flag is set will cause -- * the token to be reinitialized. -- */ --#define CKF_TOKEN_INITIALIZED 0x00000400UL -- --/* CKF_SECONDARY_AUTHENTICATION. If it is -- * true, the token supports secondary authentication for -- * private key objects. -- */ --#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL -- --/* CKF_USER_PIN_COUNT_LOW. If it is true, an -- * incorrect user login PIN has been entered at least once -- * since the last successful authentication. -- */ --#define CKF_USER_PIN_COUNT_LOW 0x00010000UL -- --/* CKF_USER_PIN_FINAL_TRY. If it is true, -- * supplying an incorrect user PIN will it to become locked. -- */ --#define CKF_USER_PIN_FINAL_TRY 0x00020000UL -- --/* CKF_USER_PIN_LOCKED. If it is true, the -- * user PIN has been locked. User login to the token is not -- * possible. -- */ --#define CKF_USER_PIN_LOCKED 0x00040000UL -- --/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, -- * the user PIN value is the default value set by token -- * initialization or manufacturing, or the PIN has been -- * expired by the card. -- */ --#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL -- --/* CKF_SO_PIN_COUNT_LOW. If it is true, an -- * incorrect SO login PIN has been entered at least once since -- * the last successful authentication. -- */ --#define CKF_SO_PIN_COUNT_LOW 0x00100000UL -- --/* CKF_SO_PIN_FINAL_TRY. If it is true, -- * supplying an incorrect SO PIN will it to become locked. -- */ --#define CKF_SO_PIN_FINAL_TRY 0x00200000UL -- --/* CKF_SO_PIN_LOCKED. If it is true, the SO -- * PIN has been locked. SO login to the token is not possible. -- */ --#define CKF_SO_PIN_LOCKED 0x00400000UL -- --/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, -- * the SO PIN value is the default value set by token -- * initialization or manufacturing, or the PIN has been -- * expired by the card. -- */ --#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL -- --#define CKF_ERROR_STATE 0x01000000UL -- --typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; -- -- --/* CK_SESSION_HANDLE is a Cryptoki-assigned value that -- * identifies a session -- */ --typedef CK_ULONG CK_SESSION_HANDLE; -- --typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; -- -- --/* CK_USER_TYPE enumerates the types of Cryptoki users */ --typedef CK_ULONG CK_USER_TYPE; --/* Security Officer */ --#define CKU_SO 0UL --/* Normal user */ --#define CKU_USER 1UL --/* Context specific */ --#define CKU_CONTEXT_SPECIFIC 2UL -- --/* CK_STATE enumerates the session states */ --typedef CK_ULONG CK_STATE; --#define CKS_RO_PUBLIC_SESSION 0UL --#define CKS_RO_USER_FUNCTIONS 1UL --#define CKS_RW_PUBLIC_SESSION 2UL --#define CKS_RW_USER_FUNCTIONS 3UL --#define CKS_RW_SO_FUNCTIONS 4UL -- --/* CK_SESSION_INFO provides information about a session */ --typedef struct CK_SESSION_INFO { -- CK_SLOT_ID slotID; -- CK_STATE state; -- CK_FLAGS flags; /* see below */ -- CK_ULONG ulDeviceError; /* device-dependent error code */ --} CK_SESSION_INFO; -- --/* The flags are defined in the following table: -- * Bit Flag Mask Meaning -- */ --#define CKF_RW_SESSION 0x00000002UL /* session is r/w */ --#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */ -- --typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; -- -- --/* CK_OBJECT_HANDLE is a token-specific identifier for an -- * object -- */ --typedef CK_ULONG CK_OBJECT_HANDLE; -- --typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; -- -- --/* CK_OBJECT_CLASS is a value that identifies the classes (or -- * types) of objects that Cryptoki recognizes. It is defined -- * as follows: -- */ --typedef CK_ULONG CK_OBJECT_CLASS; -- --/* The following classes of objects are defined: */ --#define CKO_DATA 0x00000000UL --#define CKO_CERTIFICATE 0x00000001UL --#define CKO_PUBLIC_KEY 0x00000002UL --#define CKO_PRIVATE_KEY 0x00000003UL --#define CKO_SECRET_KEY 0x00000004UL --#define CKO_HW_FEATURE 0x00000005UL --#define CKO_DOMAIN_PARAMETERS 0x00000006UL --#define CKO_MECHANISM 0x00000007UL --#define CKO_OTP_KEY 0x00000008UL -- --#define CKO_VENDOR_DEFINED 0x80000000UL -- --typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; -- --/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type -- * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. -- */ --typedef CK_ULONG CK_HW_FEATURE_TYPE; -- --/* The following hardware feature types are defined */ --#define CKH_MONOTONIC_COUNTER 0x00000001UL --#define CKH_CLOCK 0x00000002UL --#define CKH_USER_INTERFACE 0x00000003UL --#define CKH_VENDOR_DEFINED 0x80000000UL -- --/* CK_KEY_TYPE is a value that identifies a key type */ --typedef CK_ULONG CK_KEY_TYPE; -- --/* the following key types are defined: */ --#define CKK_RSA 0x00000000UL --#define CKK_DSA 0x00000001UL --#define CKK_DH 0x00000002UL --#define CKK_ECDSA 0x00000003UL /* Deprecated */ --#define CKK_EC 0x00000003UL --#define CKK_X9_42_DH 0x00000004UL --#define CKK_KEA 0x00000005UL --#define CKK_GENERIC_SECRET 0x00000010UL --#define CKK_RC2 0x00000011UL --#define CKK_RC4 0x00000012UL --#define CKK_DES 0x00000013UL --#define CKK_DES2 0x00000014UL --#define CKK_DES3 0x00000015UL --#define CKK_CAST 0x00000016UL --#define CKK_CAST3 0x00000017UL --#define CKK_CAST5 0x00000018UL /* Deprecated */ --#define CKK_CAST128 0x00000018UL --#define CKK_RC5 0x00000019UL --#define CKK_IDEA 0x0000001AUL --#define CKK_SKIPJACK 0x0000001BUL --#define CKK_BATON 0x0000001CUL --#define CKK_JUNIPER 0x0000001DUL --#define CKK_CDMF 0x0000001EUL --#define CKK_AES 0x0000001FUL --#define CKK_BLOWFISH 0x00000020UL --#define CKK_TWOFISH 0x00000021UL --#define CKK_SECURID 0x00000022UL --#define CKK_HOTP 0x00000023UL --#define CKK_ACTI 0x00000024UL --#define CKK_CAMELLIA 0x00000025UL --#define CKK_ARIA 0x00000026UL -- --#define CKK_MD5_HMAC 0x00000027UL --#define CKK_SHA_1_HMAC 0x00000028UL --#define CKK_RIPEMD128_HMAC 0x00000029UL --#define CKK_RIPEMD160_HMAC 0x0000002AUL --#define CKK_SHA256_HMAC 0x0000002BUL --#define CKK_SHA384_HMAC 0x0000002CUL --#define CKK_SHA512_HMAC 0x0000002DUL --#define CKK_SHA224_HMAC 0x0000002EUL -- --#define CKK_SEED 0x0000002FUL --#define CKK_GOSTR3410 0x00000030UL --#define CKK_GOSTR3411 0x00000031UL --#define CKK_GOST28147 0x00000032UL -- -- -- --#define CKK_VENDOR_DEFINED 0x80000000UL -- -- --/* CK_CERTIFICATE_TYPE is a value that identifies a certificate -- * type -- */ --typedef CK_ULONG CK_CERTIFICATE_TYPE; -- --#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL --#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL --#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL --#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL -- --#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL --#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL --#define CK_SECURITY_DOMAIN_OPERATOR 2UL --#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL -- -- --/* The following certificate types are defined: */ --#define CKC_X_509 0x00000000UL --#define CKC_X_509_ATTR_CERT 0x00000001UL --#define CKC_WTLS 0x00000002UL --#define CKC_VENDOR_DEFINED 0x80000000UL --#define CKC_OPENPGP (CKC_VENDOR_DEFINED|0x00504750) -- --/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute -- * type -- */ --typedef CK_ULONG CK_ATTRIBUTE_TYPE; -- --/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which -- * consists of an array of values. -- */ --#define CKF_ARRAY_ATTRIBUTE 0x40000000UL -- --/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ --#define CK_OTP_FORMAT_DECIMAL 0UL --#define CK_OTP_FORMAT_HEXADECIMAL 1UL --#define CK_OTP_FORMAT_ALPHANUMERIC 2UL --#define CK_OTP_FORMAT_BINARY 3UL -- --/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT -- * attributes -- */ --#define CK_OTP_PARAM_IGNORED 0UL --#define CK_OTP_PARAM_OPTIONAL 1UL --#define CK_OTP_PARAM_MANDATORY 2UL -- --/* The following attribute types are defined: */ --#define CKA_CLASS 0x00000000UL --#define CKA_TOKEN 0x00000001UL --#define CKA_PRIVATE 0x00000002UL --#define CKA_LABEL 0x00000003UL --#define CKA_APPLICATION 0x00000010UL --#define CKA_VALUE 0x00000011UL --#define CKA_OBJECT_ID 0x00000012UL --#define CKA_CERTIFICATE_TYPE 0x00000080UL --#define CKA_ISSUER 0x00000081UL --#define CKA_SERIAL_NUMBER 0x00000082UL --#define CKA_AC_ISSUER 0x00000083UL --#define CKA_OWNER 0x00000084UL --#define CKA_ATTR_TYPES 0x00000085UL --#define CKA_TRUSTED 0x00000086UL --#define CKA_CERTIFICATE_CATEGORY 0x00000087UL --#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL --#define CKA_URL 0x00000089UL --#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL --#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL --#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL --#define CKA_CHECK_VALUE 0x00000090UL -- --#define CKA_KEY_TYPE 0x00000100UL --#define CKA_SUBJECT 0x00000101UL --#define CKA_ID 0x00000102UL --#define CKA_SENSITIVE 0x00000103UL --#define CKA_ENCRYPT 0x00000104UL --#define CKA_DECRYPT 0x00000105UL --#define CKA_WRAP 0x00000106UL --#define CKA_UNWRAP 0x00000107UL --#define CKA_SIGN 0x00000108UL --#define CKA_SIGN_RECOVER 0x00000109UL --#define CKA_VERIFY 0x0000010AUL --#define CKA_VERIFY_RECOVER 0x0000010BUL --#define CKA_DERIVE 0x0000010CUL --#define CKA_START_DATE 0x00000110UL --#define CKA_END_DATE 0x00000111UL --#define CKA_MODULUS 0x00000120UL --#define CKA_MODULUS_BITS 0x00000121UL --#define CKA_PUBLIC_EXPONENT 0x00000122UL --#define CKA_PRIVATE_EXPONENT 0x00000123UL --#define CKA_PRIME_1 0x00000124UL --#define CKA_PRIME_2 0x00000125UL --#define CKA_EXPONENT_1 0x00000126UL --#define CKA_EXPONENT_2 0x00000127UL --#define CKA_COEFFICIENT 0x00000128UL --#define CKA_PUBLIC_KEY_INFO 0x00000129UL --#define CKA_PRIME 0x00000130UL --#define CKA_SUBPRIME 0x00000131UL --#define CKA_BASE 0x00000132UL -- --#define CKA_PRIME_BITS 0x00000133UL --#define CKA_SUBPRIME_BITS 0x00000134UL --#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS -- --#define CKA_VALUE_BITS 0x00000160UL --#define CKA_VALUE_LEN 0x00000161UL --#define CKA_EXTRACTABLE 0x00000162UL --#define CKA_LOCAL 0x00000163UL --#define CKA_NEVER_EXTRACTABLE 0x00000164UL --#define CKA_ALWAYS_SENSITIVE 0x00000165UL --#define CKA_KEY_GEN_MECHANISM 0x00000166UL -- --#define CKA_MODIFIABLE 0x00000170UL --#define CKA_COPYABLE 0x00000171UL -- --#define CKA_DESTROYABLE 0x00000172UL -- --#define CKA_ECDSA_PARAMS 0x00000180UL /* Deprecated */ --#define CKA_EC_PARAMS 0x00000180UL -- --#define CKA_EC_POINT 0x00000181UL -- --#define CKA_SECONDARY_AUTH 0x00000200UL /* Deprecated */ --#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ -- --#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL -- --#define CKA_WRAP_WITH_TRUSTED 0x00000210UL --#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000211UL) --#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000212UL) --#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) -- --#define CKA_OTP_FORMAT 0x00000220UL --#define CKA_OTP_LENGTH 0x00000221UL --#define CKA_OTP_TIME_INTERVAL 0x00000222UL --#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL --#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL --#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL --#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL --#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL --#define CKA_OTP_COUNTER 0x0000022EUL --#define CKA_OTP_TIME 0x0000022FUL --#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL --#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL --#define CKA_OTP_SERVICE_LOGO 0x0000022CUL --#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL -- --#define CKA_GOSTR3410_PARAMS 0x00000250UL --#define CKA_GOSTR3411_PARAMS 0x00000251UL --#define CKA_GOST28147_PARAMS 0x00000252UL -- --#define CKA_HW_FEATURE_TYPE 0x00000300UL --#define CKA_RESET_ON_INIT 0x00000301UL --#define CKA_HAS_RESET 0x00000302UL -- --#define CKA_PIXEL_X 0x00000400UL --#define CKA_PIXEL_Y 0x00000401UL --#define CKA_RESOLUTION 0x00000402UL --#define CKA_CHAR_ROWS 0x00000403UL --#define CKA_CHAR_COLUMNS 0x00000404UL --#define CKA_COLOR 0x00000405UL --#define CKA_BITS_PER_PIXEL 0x00000406UL --#define CKA_CHAR_SETS 0x00000480UL --#define CKA_ENCODING_METHODS 0x00000481UL --#define CKA_MIME_TYPES 0x00000482UL --#define CKA_MECHANISM_TYPE 0x00000500UL --#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL --#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL --#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL --#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) -- --#define CKA_VENDOR_DEFINED 0x80000000UL -- --/* CK_ATTRIBUTE is a structure that includes the type, length -- * and value of an attribute -- */ --typedef struct CK_ATTRIBUTE { -- CK_ATTRIBUTE_TYPE type; -- CK_VOID_PTR pValue; -- CK_ULONG ulValueLen; /* in bytes */ --} CK_ATTRIBUTE; -- --typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; -- --/* CK_DATE is a structure that defines a date */ --typedef struct CK_DATE{ -- CK_CHAR year[4]; /* the year ("1900" - "9999") */ -- CK_CHAR month[2]; /* the month ("01" - "12") */ -- CK_CHAR day[2]; /* the day ("01" - "31") */ --} CK_DATE; -- -- --/* CK_MECHANISM_TYPE is a value that identifies a mechanism -- * type -- */ --typedef CK_ULONG CK_MECHANISM_TYPE; -- --/* the following mechanism types are defined: */ --#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL --#define CKM_RSA_PKCS 0x00000001UL --#define CKM_RSA_9796 0x00000002UL --#define CKM_RSA_X_509 0x00000003UL -- --#define CKM_MD2_RSA_PKCS 0x00000004UL --#define CKM_MD5_RSA_PKCS 0x00000005UL --#define CKM_SHA1_RSA_PKCS 0x00000006UL -- --#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL --#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL --#define CKM_RSA_PKCS_OAEP 0x00000009UL -- --#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL --#define CKM_RSA_X9_31 0x0000000BUL --#define CKM_SHA1_RSA_X9_31 0x0000000CUL --#define CKM_RSA_PKCS_PSS 0x0000000DUL --#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL -- --#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL --#define CKM_DSA 0x00000011UL --#define CKM_DSA_SHA1 0x00000012UL --#define CKM_DSA_SHA224 0x00000013UL --#define CKM_DSA_SHA256 0x00000014UL --#define CKM_DSA_SHA384 0x00000015UL --#define CKM_DSA_SHA512 0x00000016UL -- --#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL --#define CKM_DH_PKCS_DERIVE 0x00000021UL -- --#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL --#define CKM_X9_42_DH_DERIVE 0x00000031UL --#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL --#define CKM_X9_42_MQV_DERIVE 0x00000033UL -- --#define CKM_SHA256_RSA_PKCS 0x00000040UL --#define CKM_SHA384_RSA_PKCS 0x00000041UL --#define CKM_SHA512_RSA_PKCS 0x00000042UL --#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL --#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL --#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL -- --#define CKM_SHA224_RSA_PKCS 0x00000046UL --#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL -- --#define CKM_SHA512_224 0x00000048UL --#define CKM_SHA512_224_HMAC 0x00000049UL --#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL --#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL --#define CKM_SHA512_256 0x0000004CUL --#define CKM_SHA512_256_HMAC 0x0000004DUL --#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL --#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL -- --#define CKM_SHA512_T 0x00000050UL --#define CKM_SHA512_T_HMAC 0x00000051UL --#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL --#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL -- --#define CKM_RC2_KEY_GEN 0x00000100UL --#define CKM_RC2_ECB 0x00000101UL --#define CKM_RC2_CBC 0x00000102UL --#define CKM_RC2_MAC 0x00000103UL -- --#define CKM_RC2_MAC_GENERAL 0x00000104UL --#define CKM_RC2_CBC_PAD 0x00000105UL -- --#define CKM_RC4_KEY_GEN 0x00000110UL --#define CKM_RC4 0x00000111UL --#define CKM_DES_KEY_GEN 0x00000120UL --#define CKM_DES_ECB 0x00000121UL --#define CKM_DES_CBC 0x00000122UL --#define CKM_DES_MAC 0x00000123UL -- --#define CKM_DES_MAC_GENERAL 0x00000124UL --#define CKM_DES_CBC_PAD 0x00000125UL -- --#define CKM_DES2_KEY_GEN 0x00000130UL --#define CKM_DES3_KEY_GEN 0x00000131UL --#define CKM_DES3_ECB 0x00000132UL --#define CKM_DES3_CBC 0x00000133UL --#define CKM_DES3_MAC 0x00000134UL -- --#define CKM_DES3_MAC_GENERAL 0x00000135UL --#define CKM_DES3_CBC_PAD 0x00000136UL --#define CKM_DES3_CMAC_GENERAL 0x00000137UL --#define CKM_DES3_CMAC 0x00000138UL --#define CKM_CDMF_KEY_GEN 0x00000140UL --#define CKM_CDMF_ECB 0x00000141UL --#define CKM_CDMF_CBC 0x00000142UL --#define CKM_CDMF_MAC 0x00000143UL --#define CKM_CDMF_MAC_GENERAL 0x00000144UL --#define CKM_CDMF_CBC_PAD 0x00000145UL -- --#define CKM_DES_OFB64 0x00000150UL --#define CKM_DES_OFB8 0x00000151UL --#define CKM_DES_CFB64 0x00000152UL --#define CKM_DES_CFB8 0x00000153UL -- --#define CKM_MD2 0x00000200UL -- --#define CKM_MD2_HMAC 0x00000201UL --#define CKM_MD2_HMAC_GENERAL 0x00000202UL -- --#define CKM_MD5 0x00000210UL -- --#define CKM_MD5_HMAC 0x00000211UL --#define CKM_MD5_HMAC_GENERAL 0x00000212UL -- --#define CKM_SHA_1 0x00000220UL -- --#define CKM_SHA_1_HMAC 0x00000221UL --#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL -- --#define CKM_RIPEMD128 0x00000230UL --#define CKM_RIPEMD128_HMAC 0x00000231UL --#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL --#define CKM_RIPEMD160 0x00000240UL --#define CKM_RIPEMD160_HMAC 0x00000241UL --#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL -- --#define CKM_SHA256 0x00000250UL --#define CKM_SHA256_HMAC 0x00000251UL --#define CKM_SHA256_HMAC_GENERAL 0x00000252UL --#define CKM_SHA224 0x00000255UL --#define CKM_SHA224_HMAC 0x00000256UL --#define CKM_SHA224_HMAC_GENERAL 0x00000257UL --#define CKM_SHA384 0x00000260UL --#define CKM_SHA384_HMAC 0x00000261UL --#define CKM_SHA384_HMAC_GENERAL 0x00000262UL --#define CKM_SHA512 0x00000270UL --#define CKM_SHA512_HMAC 0x00000271UL --#define CKM_SHA512_HMAC_GENERAL 0x00000272UL --#define CKM_SECURID_KEY_GEN 0x00000280UL --#define CKM_SECURID 0x00000282UL --#define CKM_HOTP_KEY_GEN 0x00000290UL --#define CKM_HOTP 0x00000291UL --#define CKM_ACTI 0x000002A0UL --#define CKM_ACTI_KEY_GEN 0x000002A1UL -- --#define CKM_CAST_KEY_GEN 0x00000300UL --#define CKM_CAST_ECB 0x00000301UL --#define CKM_CAST_CBC 0x00000302UL --#define CKM_CAST_MAC 0x00000303UL --#define CKM_CAST_MAC_GENERAL 0x00000304UL --#define CKM_CAST_CBC_PAD 0x00000305UL --#define CKM_CAST3_KEY_GEN 0x00000310UL --#define CKM_CAST3_ECB 0x00000311UL --#define CKM_CAST3_CBC 0x00000312UL --#define CKM_CAST3_MAC 0x00000313UL --#define CKM_CAST3_MAC_GENERAL 0x00000314UL --#define CKM_CAST3_CBC_PAD 0x00000315UL --/* Note that CAST128 and CAST5 are the same algorithm */ --#define CKM_CAST5_KEY_GEN 0x00000320UL --#define CKM_CAST128_KEY_GEN 0x00000320UL --#define CKM_CAST5_ECB 0x00000321UL --#define CKM_CAST128_ECB 0x00000321UL --#define CKM_CAST5_CBC 0x00000322UL /* Deprecated */ --#define CKM_CAST128_CBC 0x00000322UL --#define CKM_CAST5_MAC 0x00000323UL /* Deprecated */ --#define CKM_CAST128_MAC 0x00000323UL --#define CKM_CAST5_MAC_GENERAL 0x00000324UL /* Deprecated */ --#define CKM_CAST128_MAC_GENERAL 0x00000324UL --#define CKM_CAST5_CBC_PAD 0x00000325UL /* Deprecated */ --#define CKM_CAST128_CBC_PAD 0x00000325UL --#define CKM_RC5_KEY_GEN 0x00000330UL --#define CKM_RC5_ECB 0x00000331UL --#define CKM_RC5_CBC 0x00000332UL --#define CKM_RC5_MAC 0x00000333UL --#define CKM_RC5_MAC_GENERAL 0x00000334UL --#define CKM_RC5_CBC_PAD 0x00000335UL --#define CKM_IDEA_KEY_GEN 0x00000340UL --#define CKM_IDEA_ECB 0x00000341UL --#define CKM_IDEA_CBC 0x00000342UL --#define CKM_IDEA_MAC 0x00000343UL --#define CKM_IDEA_MAC_GENERAL 0x00000344UL --#define CKM_IDEA_CBC_PAD 0x00000345UL --#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL --#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL --#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL --#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL --#define CKM_XOR_BASE_AND_DATA 0x00000364UL --#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL --#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL --#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL --#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL -- --#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL --#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL --#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL --#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL --#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL -- --#define CKM_TLS_PRF 0x00000378UL -- --#define CKM_SSL3_MD5_MAC 0x00000380UL --#define CKM_SSL3_SHA1_MAC 0x00000381UL --#define CKM_MD5_KEY_DERIVATION 0x00000390UL --#define CKM_MD2_KEY_DERIVATION 0x00000391UL --#define CKM_SHA1_KEY_DERIVATION 0x00000392UL -- --#define CKM_SHA256_KEY_DERIVATION 0x00000393UL --#define CKM_SHA384_KEY_DERIVATION 0x00000394UL --#define CKM_SHA512_KEY_DERIVATION 0x00000395UL --#define CKM_SHA224_KEY_DERIVATION 0x00000396UL -- --#define CKM_PBE_MD2_DES_CBC 0x000003A0UL --#define CKM_PBE_MD5_DES_CBC 0x000003A1UL --#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL --#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL --#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ --#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL --#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ --#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL --#define CKM_PBE_SHA1_RC4_128 0x000003A6UL --#define CKM_PBE_SHA1_RC4_40 0x000003A7UL --#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL --#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL --#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL --#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL -- --#define CKM_PKCS5_PBKD2 0x000003B0UL -- --#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL -- --#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL --#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL --#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL --#define CKM_WTLS_PRF 0x000003D3UL --#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL --#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL -- --#define CKM_TLS10_MAC_SERVER 0x000003D6UL --#define CKM_TLS10_MAC_CLIENT 0x000003D7UL --#define CKM_TLS12_MAC 0x000003D8UL --#define CKM_TLS12_KDF 0x000003D9UL --#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL --#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL --#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL --#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL --#define CKM_TLS_MAC 0x000003E4UL --#define CKM_TLS_KDF 0x000003E5UL -- --#define CKM_KEY_WRAP_LYNKS 0x00000400UL --#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL -- --#define CKM_CMS_SIG 0x00000500UL --#define CKM_KIP_DERIVE 0x00000510UL --#define CKM_KIP_WRAP 0x00000511UL --#define CKM_KIP_MAC 0x00000512UL -- --#define CKM_CAMELLIA_KEY_GEN 0x00000550UL --#define CKM_CAMELLIA_ECB 0x00000551UL --#define CKM_CAMELLIA_CBC 0x00000552UL --#define CKM_CAMELLIA_MAC 0x00000553UL --#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL --#define CKM_CAMELLIA_CBC_PAD 0x00000555UL --#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL --#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL --#define CKM_CAMELLIA_CTR 0x00000558UL -- --#define CKM_ARIA_KEY_GEN 0x00000560UL --#define CKM_ARIA_ECB 0x00000561UL --#define CKM_ARIA_CBC 0x00000562UL --#define CKM_ARIA_MAC 0x00000563UL --#define CKM_ARIA_MAC_GENERAL 0x00000564UL --#define CKM_ARIA_CBC_PAD 0x00000565UL --#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL --#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL -- --#define CKM_SEED_KEY_GEN 0x00000650UL --#define CKM_SEED_ECB 0x00000651UL --#define CKM_SEED_CBC 0x00000652UL --#define CKM_SEED_MAC 0x00000653UL --#define CKM_SEED_MAC_GENERAL 0x00000654UL --#define CKM_SEED_CBC_PAD 0x00000655UL --#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL --#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL -- --#define CKM_SKIPJACK_KEY_GEN 0x00001000UL --#define CKM_SKIPJACK_ECB64 0x00001001UL --#define CKM_SKIPJACK_CBC64 0x00001002UL --#define CKM_SKIPJACK_OFB64 0x00001003UL --#define CKM_SKIPJACK_CFB64 0x00001004UL --#define CKM_SKIPJACK_CFB32 0x00001005UL --#define CKM_SKIPJACK_CFB16 0x00001006UL --#define CKM_SKIPJACK_CFB8 0x00001007UL --#define CKM_SKIPJACK_WRAP 0x00001008UL --#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL --#define CKM_SKIPJACK_RELAYX 0x0000100aUL --#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL --#define CKM_KEA_KEY_DERIVE 0x00001011UL --#define CKM_KEA_DERIVE 0x00001012UL --#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL --#define CKM_BATON_KEY_GEN 0x00001030UL --#define CKM_BATON_ECB128 0x00001031UL --#define CKM_BATON_ECB96 0x00001032UL --#define CKM_BATON_CBC128 0x00001033UL --#define CKM_BATON_COUNTER 0x00001034UL --#define CKM_BATON_SHUFFLE 0x00001035UL --#define CKM_BATON_WRAP 0x00001036UL -- --#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL /* Deprecated */ --#define CKM_EC_KEY_PAIR_GEN 0x00001040UL -- --#define CKM_ECDSA 0x00001041UL --#define CKM_ECDSA_SHA1 0x00001042UL --#define CKM_ECDSA_SHA224 0x00001043UL --#define CKM_ECDSA_SHA256 0x00001044UL --#define CKM_ECDSA_SHA384 0x00001045UL --#define CKM_ECDSA_SHA512 0x00001046UL -- --#define CKM_ECDH1_DERIVE 0x00001050UL --#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL --#define CKM_ECMQV_DERIVE 0x00001052UL -- --#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL --#define CKM_RSA_AES_KEY_WRAP 0x00001054UL -- --#define CKM_JUNIPER_KEY_GEN 0x00001060UL --#define CKM_JUNIPER_ECB128 0x00001061UL --#define CKM_JUNIPER_CBC128 0x00001062UL --#define CKM_JUNIPER_COUNTER 0x00001063UL --#define CKM_JUNIPER_SHUFFLE 0x00001064UL --#define CKM_JUNIPER_WRAP 0x00001065UL --#define CKM_FASTHASH 0x00001070UL -- --#define CKM_AES_KEY_GEN 0x00001080UL --#define CKM_AES_ECB 0x00001081UL --#define CKM_AES_CBC 0x00001082UL --#define CKM_AES_MAC 0x00001083UL --#define CKM_AES_MAC_GENERAL 0x00001084UL --#define CKM_AES_CBC_PAD 0x00001085UL --#define CKM_AES_CTR 0x00001086UL --#define CKM_AES_GCM 0x00001087UL --#define CKM_AES_CCM 0x00001088UL --#define CKM_AES_CTS 0x00001089UL --#define CKM_AES_CMAC 0x0000108AUL --#define CKM_AES_CMAC_GENERAL 0x0000108BUL -- --#define CKM_AES_XCBC_MAC 0x0000108CUL --#define CKM_AES_XCBC_MAC_96 0x0000108DUL --#define CKM_AES_GMAC 0x0000108EUL -- --#define CKM_BLOWFISH_KEY_GEN 0x00001090UL --#define CKM_BLOWFISH_CBC 0x00001091UL --#define CKM_TWOFISH_KEY_GEN 0x00001092UL --#define CKM_TWOFISH_CBC 0x00001093UL --#define CKM_BLOWFISH_CBC_PAD 0x00001094UL --#define CKM_TWOFISH_CBC_PAD 0x00001095UL -- --#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL --#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL --#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL --#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL --#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL --#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL -- --#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL --#define CKM_GOSTR3410 0x00001201UL --#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL --#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL --#define CKM_GOSTR3410_DERIVE 0x00001204UL --#define CKM_GOSTR3411 0x00001210UL --#define CKM_GOSTR3411_HMAC 0x00001211UL --#define CKM_GOST28147_KEY_GEN 0x00001220UL --#define CKM_GOST28147_ECB 0x00001221UL --#define CKM_GOST28147 0x00001222UL --#define CKM_GOST28147_MAC 0x00001223UL --#define CKM_GOST28147_KEY_WRAP 0x00001224UL -- --#define CKM_DSA_PARAMETER_GEN 0x00002000UL --#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL --#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL --#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL --#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL -- --#define CKM_AES_OFB 0x00002104UL --#define CKM_AES_CFB64 0x00002105UL --#define CKM_AES_CFB8 0x00002106UL --#define CKM_AES_CFB128 0x00002107UL -- --#define CKM_AES_CFB1 0x00002108UL --#define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ --#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ -- --#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL --#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL -- --#define CKM_VENDOR_DEFINED 0x80000000UL -- --typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; -- -- --/* CK_MECHANISM is a structure that specifies a particular -- * mechanism -- */ --typedef struct CK_MECHANISM { -- CK_MECHANISM_TYPE mechanism; -- CK_VOID_PTR pParameter; -- CK_ULONG ulParameterLen; /* in bytes */ --} CK_MECHANISM; -- --typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; -- -- --/* CK_MECHANISM_INFO provides information about a particular -- * mechanism -- */ --typedef struct CK_MECHANISM_INFO { -- CK_ULONG ulMinKeySize; -- CK_ULONG ulMaxKeySize; -- CK_FLAGS flags; --} CK_MECHANISM_INFO; -- --/* The flags are defined as follows: -- * Bit Flag Mask Meaning */ --#define CKF_HW 0x00000001UL /* performed by HW */ -- --/* Specify whether or not a mechanism can be used for a particular task */ --#define CKF_ENCRYPT 0x00000100UL --#define CKF_DECRYPT 0x00000200UL --#define CKF_DIGEST 0x00000400UL --#define CKF_SIGN 0x00000800UL --#define CKF_SIGN_RECOVER 0x00001000UL --#define CKF_VERIFY 0x00002000UL --#define CKF_VERIFY_RECOVER 0x00004000UL --#define CKF_GENERATE 0x00008000UL --#define CKF_GENERATE_KEY_PAIR 0x00010000UL --#define CKF_WRAP 0x00020000UL --#define CKF_UNWRAP 0x00040000UL --#define CKF_DERIVE 0x00080000UL -- --/* Describe a token's EC capabilities not available in mechanism -- * information. -- */ --#define CKF_EC_F_P 0x00100000UL --#define CKF_EC_F_2M 0x00200000UL --#define CKF_EC_ECPARAMETERS 0x00400000UL --#define CKF_EC_NAMEDCURVE 0x00800000UL --#define CKF_EC_UNCOMPRESS 0x01000000UL --#define CKF_EC_COMPRESS 0x02000000UL -- --#define CKF_EXTENSION 0x80000000UL -- --typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; -- --/* CK_RV is a value that identifies the return value of a -- * Cryptoki function -- */ --typedef CK_ULONG CK_RV; -- --#define CKR_OK 0x00000000UL --#define CKR_CANCEL 0x00000001UL --#define CKR_HOST_MEMORY 0x00000002UL --#define CKR_SLOT_ID_INVALID 0x00000003UL -- --#define CKR_GENERAL_ERROR 0x00000005UL --#define CKR_FUNCTION_FAILED 0x00000006UL -- --#define CKR_ARGUMENTS_BAD 0x00000007UL --#define CKR_NO_EVENT 0x00000008UL --#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL --#define CKR_CANT_LOCK 0x0000000AUL -- --#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL --#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL --#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL --#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL -- --#define CKR_ACTION_PROHIBITED 0x0000001BUL -- --#define CKR_DATA_INVALID 0x00000020UL --#define CKR_DATA_LEN_RANGE 0x00000021UL --#define CKR_DEVICE_ERROR 0x00000030UL --#define CKR_DEVICE_MEMORY 0x00000031UL --#define CKR_DEVICE_REMOVED 0x00000032UL --#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL --#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL --#define CKR_FUNCTION_CANCELED 0x00000050UL --#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL -- --#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL -- --#define CKR_KEY_HANDLE_INVALID 0x00000060UL -- --#define CKR_KEY_SIZE_RANGE 0x00000062UL --#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL -- --#define CKR_KEY_NOT_NEEDED 0x00000064UL --#define CKR_KEY_CHANGED 0x00000065UL --#define CKR_KEY_NEEDED 0x00000066UL --#define CKR_KEY_INDIGESTIBLE 0x00000067UL --#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL --#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL --#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL -- --#define CKR_MECHANISM_INVALID 0x00000070UL --#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL -- --#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL --#define CKR_OPERATION_ACTIVE 0x00000090UL --#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL --#define CKR_PIN_INCORRECT 0x000000A0UL --#define CKR_PIN_INVALID 0x000000A1UL --#define CKR_PIN_LEN_RANGE 0x000000A2UL -- --#define CKR_PIN_EXPIRED 0x000000A3UL --#define CKR_PIN_LOCKED 0x000000A4UL -- --#define CKR_SESSION_CLOSED 0x000000B0UL --#define CKR_SESSION_COUNT 0x000000B1UL --#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL --#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL --#define CKR_SESSION_READ_ONLY 0x000000B5UL --#define CKR_SESSION_EXISTS 0x000000B6UL -- --#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL --#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL -- --#define CKR_SIGNATURE_INVALID 0x000000C0UL --#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL --#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL --#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL --#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL --#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL --#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL --#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL --#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL --#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL --#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL --#define CKR_USER_NOT_LOGGED_IN 0x00000101UL --#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL --#define CKR_USER_TYPE_INVALID 0x00000103UL -- --#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL --#define CKR_USER_TOO_MANY_TYPES 0x00000105UL -- --#define CKR_WRAPPED_KEY_INVALID 0x00000110UL --#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL --#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL --#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL --#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL --#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL -- --#define CKR_RANDOM_NO_RNG 0x00000121UL -- --#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL -- --#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL -- --#define CKR_BUFFER_TOO_SMALL 0x00000150UL --#define CKR_SAVED_STATE_INVALID 0x00000160UL --#define CKR_INFORMATION_SENSITIVE 0x00000170UL --#define CKR_STATE_UNSAVEABLE 0x00000180UL -- --#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL --#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL --#define CKR_MUTEX_BAD 0x000001A0UL --#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL -- --#define CKR_NEW_PIN_MODE 0x000001B0UL --#define CKR_NEXT_OTP 0x000001B1UL -- --#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL --#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL --#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL --#define CKR_PIN_TOO_WEAK 0x000001B8UL --#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL -- --#define CKR_FUNCTION_REJECTED 0x00000200UL -- --#define CKR_VENDOR_DEFINED 0x80000000UL -- -- --/* CK_NOTIFY is an application callback that processes events */ --typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( -- CK_SESSION_HANDLE hSession, /* the session's handle */ -- CK_NOTIFICATION event, -- CK_VOID_PTR pApplication /* passed to C_OpenSession */ --); -- -- --/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec -- * version and pointers of appropriate types to all the -- * Cryptoki functions -- */ --typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; -- --typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; -- --typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; -- -- --/* CK_CREATEMUTEX is an application callback for creating a -- * mutex object -- */ --typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( -- CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ --); -- -- --/* CK_DESTROYMUTEX is an application callback for destroying a -- * mutex object -- */ --typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( -- CK_VOID_PTR pMutex /* pointer to mutex */ --); -- -- --/* CK_LOCKMUTEX is an application callback for locking a mutex */ --typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( -- CK_VOID_PTR pMutex /* pointer to mutex */ --); -- -- --/* CK_UNLOCKMUTEX is an application callback for unlocking a -- * mutex -- */ --typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( -- CK_VOID_PTR pMutex /* pointer to mutex */ --); -- -- --/* CK_C_INITIALIZE_ARGS provides the optional arguments to -- * C_Initialize -- */ --typedef struct CK_C_INITIALIZE_ARGS { -- CK_CREATEMUTEX CreateMutex; -- CK_DESTROYMUTEX DestroyMutex; -- CK_LOCKMUTEX LockMutex; -- CK_UNLOCKMUTEX UnlockMutex; -- CK_FLAGS flags; -- CK_VOID_PTR pReserved; --} CK_C_INITIALIZE_ARGS; -- --/* flags: bit flags that provide capabilities of the slot -- * Bit Flag Mask Meaning -- */ --#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL --#define CKF_OS_LOCKING_OK 0x00000002UL -- --typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; -- -- --/* additional flags for parameters to functions */ -- --/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ --#define CKF_DONT_BLOCK 1 -- --/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message -- * Generation Function (MGF) applied to a message block when -- * formatting a message block for the PKCS #1 OAEP encryption -- * scheme. -- */ --typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; -- --typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; -- --/* The following MGFs are defined */ --#define CKG_MGF1_SHA1 0x00000001UL --#define CKG_MGF1_SHA256 0x00000002UL --#define CKG_MGF1_SHA384 0x00000003UL --#define CKG_MGF1_SHA512 0x00000004UL --#define CKG_MGF1_SHA224 0x00000005UL -- --/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source -- * of the encoding parameter when formatting a message block -- * for the PKCS #1 OAEP encryption scheme. -- */ --typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; -- --typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; -- --/* The following encoding parameter sources are defined */ --#define CKZ_DATA_SPECIFIED 0x00000001UL -- --/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the -- * CKM_RSA_PKCS_OAEP mechanism. -- */ --typedef struct CK_RSA_PKCS_OAEP_PARAMS { -- CK_MECHANISM_TYPE hashAlg; -- CK_RSA_PKCS_MGF_TYPE mgf; -- CK_RSA_PKCS_OAEP_SOURCE_TYPE source; -- CK_VOID_PTR pSourceData; -- CK_ULONG ulSourceDataLen; --} CK_RSA_PKCS_OAEP_PARAMS; -- --typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; -- --/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the -- * CKM_RSA_PKCS_PSS mechanism(s). -- */ --typedef struct CK_RSA_PKCS_PSS_PARAMS { -- CK_MECHANISM_TYPE hashAlg; -- CK_RSA_PKCS_MGF_TYPE mgf; -- CK_ULONG sLen; --} CK_RSA_PKCS_PSS_PARAMS; -- --typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; -- --typedef CK_ULONG CK_EC_KDF_TYPE; -- --/* The following EC Key Derivation Functions are defined */ --#define CKD_NULL 0x00000001UL --#define CKD_SHA1_KDF 0x00000002UL -- --/* The following X9.42 DH key derivation functions are defined */ --#define CKD_SHA1_KDF_ASN1 0x00000003UL --#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL --#define CKD_SHA224_KDF 0x00000005UL --#define CKD_SHA256_KDF 0x00000006UL --#define CKD_SHA384_KDF 0x00000007UL --#define CKD_SHA512_KDF 0x00000008UL --#define CKD_CPDIVERSIFY_KDF 0x00000009UL -- -- --/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the -- * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, -- * where each party contributes one key pair. -- */ --typedef struct CK_ECDH1_DERIVE_PARAMS { -- CK_EC_KDF_TYPE kdf; -- CK_ULONG ulSharedDataLen; -- CK_BYTE_PTR pSharedData; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; --} CK_ECDH1_DERIVE_PARAMS; -- --typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; -- --/* -- * CK_ECDH2_DERIVE_PARAMS provides the parameters to the -- * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. -- */ --typedef struct CK_ECDH2_DERIVE_PARAMS { -- CK_EC_KDF_TYPE kdf; -- CK_ULONG ulSharedDataLen; -- CK_BYTE_PTR pSharedData; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPrivateDataLen; -- CK_OBJECT_HANDLE hPrivateData; -- CK_ULONG ulPublicDataLen2; -- CK_BYTE_PTR pPublicData2; --} CK_ECDH2_DERIVE_PARAMS; -- --typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; -- --typedef struct CK_ECMQV_DERIVE_PARAMS { -- CK_EC_KDF_TYPE kdf; -- CK_ULONG ulSharedDataLen; -- CK_BYTE_PTR pSharedData; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPrivateDataLen; -- CK_OBJECT_HANDLE hPrivateData; -- CK_ULONG ulPublicDataLen2; -- CK_BYTE_PTR pPublicData2; -- CK_OBJECT_HANDLE publicKey; --} CK_ECMQV_DERIVE_PARAMS; -- --typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; -- --/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the -- * CKM_X9_42_DH_PARAMETER_GEN mechanisms -- */ --typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; --typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; -- --/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the -- * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party -- * contributes one key pair -- */ --typedef struct CK_X9_42_DH1_DERIVE_PARAMS { -- CK_X9_42_DH_KDF_TYPE kdf; -- CK_ULONG ulOtherInfoLen; -- CK_BYTE_PTR pOtherInfo; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; --} CK_X9_42_DH1_DERIVE_PARAMS; -- --typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; -- --/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the -- * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation -- * mechanisms, where each party contributes two key pairs -- */ --typedef struct CK_X9_42_DH2_DERIVE_PARAMS { -- CK_X9_42_DH_KDF_TYPE kdf; -- CK_ULONG ulOtherInfoLen; -- CK_BYTE_PTR pOtherInfo; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPrivateDataLen; -- CK_OBJECT_HANDLE hPrivateData; -- CK_ULONG ulPublicDataLen2; -- CK_BYTE_PTR pPublicData2; --} CK_X9_42_DH2_DERIVE_PARAMS; -- --typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; -- --typedef struct CK_X9_42_MQV_DERIVE_PARAMS { -- CK_X9_42_DH_KDF_TYPE kdf; -- CK_ULONG ulOtherInfoLen; -- CK_BYTE_PTR pOtherInfo; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPrivateDataLen; -- CK_OBJECT_HANDLE hPrivateData; -- CK_ULONG ulPublicDataLen2; -- CK_BYTE_PTR pPublicData2; -- CK_OBJECT_HANDLE publicKey; --} CK_X9_42_MQV_DERIVE_PARAMS; -- --typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; -- --/* CK_KEA_DERIVE_PARAMS provides the parameters to the -- * CKM_KEA_DERIVE mechanism -- */ --typedef struct CK_KEA_DERIVE_PARAMS { -- CK_BBOOL isSender; -- CK_ULONG ulRandomLen; -- CK_BYTE_PTR pRandomA; -- CK_BYTE_PTR pRandomB; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; --} CK_KEA_DERIVE_PARAMS; -- --typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; -- -- --/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and -- * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just -- * holds the effective keysize -- */ --typedef CK_ULONG CK_RC2_PARAMS; -- --typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; -- -- --/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC -- * mechanism -- */ --typedef struct CK_RC2_CBC_PARAMS { -- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ -- CK_BYTE iv[8]; /* IV for CBC mode */ --} CK_RC2_CBC_PARAMS; -- --typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; -- -- --/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the -- * CKM_RC2_MAC_GENERAL mechanism -- */ --typedef struct CK_RC2_MAC_GENERAL_PARAMS { -- CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ -- CK_ULONG ulMacLength; /* Length of MAC in bytes */ --} CK_RC2_MAC_GENERAL_PARAMS; -- --typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \ -- CK_RC2_MAC_GENERAL_PARAMS_PTR; -- -- --/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and -- * CKM_RC5_MAC mechanisms -- */ --typedef struct CK_RC5_PARAMS { -- CK_ULONG ulWordsize; /* wordsize in bits */ -- CK_ULONG ulRounds; /* number of rounds */ --} CK_RC5_PARAMS; -- --typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; -- -- --/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC -- * mechanism -- */ --typedef struct CK_RC5_CBC_PARAMS { -- CK_ULONG ulWordsize; /* wordsize in bits */ -- CK_ULONG ulRounds; /* number of rounds */ -- CK_BYTE_PTR pIv; /* pointer to IV */ -- CK_ULONG ulIvLen; /* length of IV in bytes */ --} CK_RC5_CBC_PARAMS; -- --typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; -- -- --/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the -- * CKM_RC5_MAC_GENERAL mechanism -- */ --typedef struct CK_RC5_MAC_GENERAL_PARAMS { -- CK_ULONG ulWordsize; /* wordsize in bits */ -- CK_ULONG ulRounds; /* number of rounds */ -- CK_ULONG ulMacLength; /* Length of MAC in bytes */ --} CK_RC5_MAC_GENERAL_PARAMS; -- --typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \ -- CK_RC5_MAC_GENERAL_PARAMS_PTR; -- --/* CK_MAC_GENERAL_PARAMS provides the parameters to most block -- * ciphers' MAC_GENERAL mechanisms. Its value is the length of -- * the MAC -- */ --typedef CK_ULONG CK_MAC_GENERAL_PARAMS; -- --typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; -- --typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { -- CK_BYTE iv[8]; -- CK_BYTE_PTR pData; -- CK_ULONG length; --} CK_DES_CBC_ENCRYPT_DATA_PARAMS; -- --typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; -- --typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { -- CK_BYTE iv[16]; -- CK_BYTE_PTR pData; -- CK_ULONG length; --} CK_AES_CBC_ENCRYPT_DATA_PARAMS; -- --typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; -- --/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the -- * CKM_SKIPJACK_PRIVATE_WRAP mechanism -- */ --typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { -- CK_ULONG ulPasswordLen; -- CK_BYTE_PTR pPassword; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPAndGLen; -- CK_ULONG ulQLen; -- CK_ULONG ulRandomLen; -- CK_BYTE_PTR pRandomA; -- CK_BYTE_PTR pPrimeP; -- CK_BYTE_PTR pBaseG; -- CK_BYTE_PTR pSubprimeQ; --} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; -- --typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \ -- CK_SKIPJACK_PRIVATE_WRAP_PARAMS_PTR; -- -- --/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the -- * CKM_SKIPJACK_RELAYX mechanism -- */ --typedef struct CK_SKIPJACK_RELAYX_PARAMS { -- CK_ULONG ulOldWrappedXLen; -- CK_BYTE_PTR pOldWrappedX; -- CK_ULONG ulOldPasswordLen; -- CK_BYTE_PTR pOldPassword; -- CK_ULONG ulOldPublicDataLen; -- CK_BYTE_PTR pOldPublicData; -- CK_ULONG ulOldRandomLen; -- CK_BYTE_PTR pOldRandomA; -- CK_ULONG ulNewPasswordLen; -- CK_BYTE_PTR pNewPassword; -- CK_ULONG ulNewPublicDataLen; -- CK_BYTE_PTR pNewPublicData; -- CK_ULONG ulNewRandomLen; -- CK_BYTE_PTR pNewRandomA; --} CK_SKIPJACK_RELAYX_PARAMS; -- --typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \ -- CK_SKIPJACK_RELAYX_PARAMS_PTR; -- -- --typedef struct CK_PBE_PARAMS { -- CK_BYTE_PTR pInitVector; -- CK_UTF8CHAR_PTR pPassword; -- CK_ULONG ulPasswordLen; -- CK_BYTE_PTR pSalt; -- CK_ULONG ulSaltLen; -- CK_ULONG ulIteration; --} CK_PBE_PARAMS; -- --typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; -- -- --/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the -- * CKM_KEY_WRAP_SET_OAEP mechanism -- */ --typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { -- CK_BYTE bBC; /* block contents byte */ -- CK_BYTE_PTR pX; /* extra data */ -- CK_ULONG ulXLen; /* length of extra data in bytes */ --} CK_KEY_WRAP_SET_OAEP_PARAMS; -- --typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; -- --typedef struct CK_SSL3_RANDOM_DATA { -- CK_BYTE_PTR pClientRandom; -- CK_ULONG ulClientRandomLen; -- CK_BYTE_PTR pServerRandom; -- CK_ULONG ulServerRandomLen; --} CK_SSL3_RANDOM_DATA; -- -- --typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { -- CK_SSL3_RANDOM_DATA RandomInfo; -- CK_VERSION_PTR pVersion; --} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; -- --typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \ -- CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; -- --typedef struct CK_SSL3_KEY_MAT_OUT { -- CK_OBJECT_HANDLE hClientMacSecret; -- CK_OBJECT_HANDLE hServerMacSecret; -- CK_OBJECT_HANDLE hClientKey; -- CK_OBJECT_HANDLE hServerKey; -- CK_BYTE_PTR pIVClient; -- CK_BYTE_PTR pIVServer; --} CK_SSL3_KEY_MAT_OUT; -- --typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; -- -- --typedef struct CK_SSL3_KEY_MAT_PARAMS { -- CK_ULONG ulMacSizeInBits; -- CK_ULONG ulKeySizeInBits; -- CK_ULONG ulIVSizeInBits; -- CK_BBOOL bIsExport; -- CK_SSL3_RANDOM_DATA RandomInfo; -- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; --} CK_SSL3_KEY_MAT_PARAMS; -- --typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; -- --typedef struct CK_TLS_PRF_PARAMS { -- CK_BYTE_PTR pSeed; -- CK_ULONG ulSeedLen; -- CK_BYTE_PTR pLabel; -- CK_ULONG ulLabelLen; -- CK_BYTE_PTR pOutput; -- CK_ULONG_PTR pulOutputLen; --} CK_TLS_PRF_PARAMS; -- --typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; -- --typedef struct CK_WTLS_RANDOM_DATA { -- CK_BYTE_PTR pClientRandom; -- CK_ULONG ulClientRandomLen; -- CK_BYTE_PTR pServerRandom; -- CK_ULONG ulServerRandomLen; --} CK_WTLS_RANDOM_DATA; -- --typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; -- --typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { -- CK_MECHANISM_TYPE DigestMechanism; -- CK_WTLS_RANDOM_DATA RandomInfo; -- CK_BYTE_PTR pVersion; --} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; -- --typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \ -- CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; -- --typedef struct CK_WTLS_PRF_PARAMS { -- CK_MECHANISM_TYPE DigestMechanism; -- CK_BYTE_PTR pSeed; -- CK_ULONG ulSeedLen; -- CK_BYTE_PTR pLabel; -- CK_ULONG ulLabelLen; -- CK_BYTE_PTR pOutput; -- CK_ULONG_PTR pulOutputLen; --} CK_WTLS_PRF_PARAMS; -- --typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; -- --typedef struct CK_WTLS_KEY_MAT_OUT { -- CK_OBJECT_HANDLE hMacSecret; -- CK_OBJECT_HANDLE hKey; -- CK_BYTE_PTR pIV; --} CK_WTLS_KEY_MAT_OUT; -- --typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; -- --typedef struct CK_WTLS_KEY_MAT_PARAMS { -- CK_MECHANISM_TYPE DigestMechanism; -- CK_ULONG ulMacSizeInBits; -- CK_ULONG ulKeySizeInBits; -- CK_ULONG ulIVSizeInBits; -- CK_ULONG ulSequenceNumber; -- CK_BBOOL bIsExport; -- CK_WTLS_RANDOM_DATA RandomInfo; -- CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; --} CK_WTLS_KEY_MAT_PARAMS; -- --typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; -- --typedef struct CK_CMS_SIG_PARAMS { -- CK_OBJECT_HANDLE certificateHandle; -- CK_MECHANISM_PTR pSigningMechanism; -- CK_MECHANISM_PTR pDigestMechanism; -- CK_UTF8CHAR_PTR pContentType; -- CK_BYTE_PTR pRequestedAttributes; -- CK_ULONG ulRequestedAttributesLen; -- CK_BYTE_PTR pRequiredAttributes; -- CK_ULONG ulRequiredAttributesLen; --} CK_CMS_SIG_PARAMS; -- --typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; -- --typedef struct CK_KEY_DERIVATION_STRING_DATA { -- CK_BYTE_PTR pData; -- CK_ULONG ulLen; --} CK_KEY_DERIVATION_STRING_DATA; -- --typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \ -- CK_KEY_DERIVATION_STRING_DATA_PTR; -- -- --/* The CK_EXTRACT_PARAMS is used for the -- * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit -- * of the base key should be used as the first bit of the -- * derived key -- */ --typedef CK_ULONG CK_EXTRACT_PARAMS; -- --typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; -- --/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to -- * indicate the Pseudo-Random Function (PRF) used to generate -- * key bits using PKCS #5 PBKDF2. -- */ --typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; -- --typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR \ -- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; -- --#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL --#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL --#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL --#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL --#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL --#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL --#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL --#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL -- --/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the -- * source of the salt value when deriving a key using PKCS #5 -- * PBKDF2. -- */ --typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; -- --typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \ -- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; -- --/* The following salt value sources are defined in PKCS #5 v2.0. */ --#define CKZ_SALT_SPECIFIED 0x00000001UL -- --/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the -- * parameters to the CKM_PKCS5_PBKD2 mechanism. -- */ --typedef struct CK_PKCS5_PBKD2_PARAMS { -- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; -- CK_VOID_PTR pSaltSourceData; -- CK_ULONG ulSaltSourceDataLen; -- CK_ULONG iterations; -- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; -- CK_VOID_PTR pPrfData; -- CK_ULONG ulPrfDataLen; -- CK_UTF8CHAR_PTR pPassword; -- CK_ULONG_PTR ulPasswordLen; --} CK_PKCS5_PBKD2_PARAMS; -- --typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; -- --/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS -- * structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism -- * noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR. -- */ --typedef struct CK_PKCS5_PBKD2_PARAMS2 { -- CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; -- CK_VOID_PTR pSaltSourceData; -- CK_ULONG ulSaltSourceDataLen; -- CK_ULONG iterations; -- CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; -- CK_VOID_PTR pPrfData; -- CK_ULONG ulPrfDataLen; -- CK_UTF8CHAR_PTR pPassword; -- CK_ULONG ulPasswordLen; --} CK_PKCS5_PBKD2_PARAMS2; -- --typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; -- --typedef CK_ULONG CK_OTP_PARAM_TYPE; --typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* backward compatibility */ -- --typedef struct CK_OTP_PARAM { -- CK_OTP_PARAM_TYPE type; -- CK_VOID_PTR pValue; -- CK_ULONG ulValueLen; --} CK_OTP_PARAM; -- --typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; -- --typedef struct CK_OTP_PARAMS { -- CK_OTP_PARAM_PTR pParams; -- CK_ULONG ulCount; --} CK_OTP_PARAMS; -- --typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; -- --typedef struct CK_OTP_SIGNATURE_INFO { -- CK_OTP_PARAM_PTR pParams; -- CK_ULONG ulCount; --} CK_OTP_SIGNATURE_INFO; -- --typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; -- --#define CK_OTP_VALUE 0UL --#define CK_OTP_PIN 1UL --#define CK_OTP_CHALLENGE 2UL --#define CK_OTP_TIME 3UL --#define CK_OTP_COUNTER 4UL --#define CK_OTP_FLAGS 5UL --#define CK_OTP_OUTPUT_LENGTH 6UL --#define CK_OTP_OUTPUT_FORMAT 7UL -- --#define CKF_NEXT_OTP 0x00000001UL --#define CKF_EXCLUDE_TIME 0x00000002UL --#define CKF_EXCLUDE_COUNTER 0x00000004UL --#define CKF_EXCLUDE_CHALLENGE 0x00000008UL --#define CKF_EXCLUDE_PIN 0x00000010UL --#define CKF_USER_FRIENDLY_OTP 0x00000020UL -- --typedef struct CK_KIP_PARAMS { -- CK_MECHANISM_PTR pMechanism; -- CK_OBJECT_HANDLE hKey; -- CK_BYTE_PTR pSeed; -- CK_ULONG ulSeedLen; --} CK_KIP_PARAMS; -- --typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; -- --typedef struct CK_AES_CTR_PARAMS { -- CK_ULONG ulCounterBits; -- CK_BYTE cb[16]; --} CK_AES_CTR_PARAMS; -- --typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; -- --typedef struct CK_GCM_PARAMS { -- CK_BYTE_PTR pIv; -- CK_ULONG ulIvLen; -- CK_ULONG ulIvBits; -- CK_BYTE_PTR pAAD; -- CK_ULONG ulAADLen; -- CK_ULONG ulTagBits; --} CK_GCM_PARAMS; -- --typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; -- --typedef struct CK_CCM_PARAMS { -- CK_ULONG ulDataLen; -- CK_BYTE_PTR pNonce; -- CK_ULONG ulNonceLen; -- CK_BYTE_PTR pAAD; -- CK_ULONG ulAADLen; -- CK_ULONG ulMACLen; --} CK_CCM_PARAMS; -- --typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; -- --/* Deprecated. Use CK_GCM_PARAMS */ --typedef struct CK_AES_GCM_PARAMS { -- CK_BYTE_PTR pIv; -- CK_ULONG ulIvLen; -- CK_ULONG ulIvBits; -- CK_BYTE_PTR pAAD; -- CK_ULONG ulAADLen; -- CK_ULONG ulTagBits; --} CK_AES_GCM_PARAMS; -- --typedef CK_AES_GCM_PARAMS CK_PTR CK_AES_GCM_PARAMS_PTR; -- --/* Deprecated. Use CK_CCM_PARAMS */ --typedef struct CK_AES_CCM_PARAMS { -- CK_ULONG ulDataLen; -- CK_BYTE_PTR pNonce; -- CK_ULONG ulNonceLen; -- CK_BYTE_PTR pAAD; -- CK_ULONG ulAADLen; -- CK_ULONG ulMACLen; --} CK_AES_CCM_PARAMS; -- --typedef CK_AES_CCM_PARAMS CK_PTR CK_AES_CCM_PARAMS_PTR; -- --typedef struct CK_CAMELLIA_CTR_PARAMS { -- CK_ULONG ulCounterBits; -- CK_BYTE cb[16]; --} CK_CAMELLIA_CTR_PARAMS; -- --typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; -- --typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { -- CK_BYTE iv[16]; -- CK_BYTE_PTR pData; -- CK_ULONG length; --} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; -- --typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ -- CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; -- --typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { -- CK_BYTE iv[16]; -- CK_BYTE_PTR pData; -- CK_ULONG length; --} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; -- --typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ -- CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; -- --typedef struct CK_DSA_PARAMETER_GEN_PARAM { -- CK_MECHANISM_TYPE hash; -- CK_BYTE_PTR pSeed; -- CK_ULONG ulSeedLen; -- CK_ULONG ulIndex; --} CK_DSA_PARAMETER_GEN_PARAM; -- --typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR; -- --typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS { -- CK_ULONG ulAESKeyBits; -- CK_EC_KDF_TYPE kdf; -- CK_ULONG ulSharedDataLen; -- CK_BYTE_PTR pSharedData; --} CK_ECDH_AES_KEY_WRAP_PARAMS; -- --typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR; -- --typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN; -- --typedef CK_ULONG CK_CERTIFICATE_CATEGORY; -- --typedef struct CK_RSA_AES_KEY_WRAP_PARAMS { -- CK_ULONG ulAESKeyBits; -- CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams; --} CK_RSA_AES_KEY_WRAP_PARAMS; -- --typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR; -- --typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS { -- CK_SSL3_RANDOM_DATA RandomInfo; -- CK_VERSION_PTR pVersion; -- CK_MECHANISM_TYPE prfHashMechanism; --} CK_TLS12_MASTER_KEY_DERIVE_PARAMS; -- --typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \ -- CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR; -- --typedef struct CK_TLS12_KEY_MAT_PARAMS { -- CK_ULONG ulMacSizeInBits; -- CK_ULONG ulKeySizeInBits; -- CK_ULONG ulIVSizeInBits; -- CK_BBOOL bIsExport; -- CK_SSL3_RANDOM_DATA RandomInfo; -- CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; -- CK_MECHANISM_TYPE prfHashMechanism; --} CK_TLS12_KEY_MAT_PARAMS; -- --typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR; -- --typedef struct CK_TLS_KDF_PARAMS { -- CK_MECHANISM_TYPE prfMechanism; -- CK_BYTE_PTR pLabel; -- CK_ULONG ulLabelLength; -- CK_SSL3_RANDOM_DATA RandomInfo; -- CK_BYTE_PTR pContextData; -- CK_ULONG ulContextDataLength; --} CK_TLS_KDF_PARAMS; -- --typedef CK_TLS_KDF_PARAMS CK_PTR CK_TLS_KDF_PARAMS_PTR; -- --typedef struct CK_TLS_MAC_PARAMS { -- CK_MECHANISM_TYPE prfHashMechanism; -- CK_ULONG ulMacLength; -- CK_ULONG ulServerOrClient; --} CK_TLS_MAC_PARAMS; -- --typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR; -- --typedef struct CK_GOSTR3410_DERIVE_PARAMS { -- CK_EC_KDF_TYPE kdf; -- CK_BYTE_PTR pPublicData; -- CK_ULONG ulPublicDataLen; -- CK_BYTE_PTR pUKM; -- CK_ULONG ulUKMLen; --} CK_GOSTR3410_DERIVE_PARAMS; -- --typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR; -- --typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS { -- CK_BYTE_PTR pWrapOID; -- CK_ULONG ulWrapOIDLen; -- CK_BYTE_PTR pUKM; -- CK_ULONG ulUKMLen; -- CK_OBJECT_HANDLE hKey; --} CK_GOSTR3410_KEY_WRAP_PARAMS; -- --typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR; -- --typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { -- CK_BYTE iv[16]; -- CK_BYTE_PTR pData; -- CK_ULONG length; --} CK_SEED_CBC_ENCRYPT_DATA_PARAMS; -- --typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ -- CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; -- --#endif /* _PKCS11T_H_ */ -- --- -2.17.1 - diff --git a/SOURCES/softhsm-2.4.0.tar.gz.sig b/SOURCES/softhsm-2.4.0.tar.gz.sig deleted file mode 100644 index 341ad2c..0000000 Binary files a/SOURCES/softhsm-2.4.0.tar.gz.sig and /dev/null differ diff --git a/SOURCES/softhsm-2.6.0.tar.gz.sig b/SOURCES/softhsm-2.6.0.tar.gz.sig new file mode 100644 index 0000000..6dab45d Binary files /dev/null and b/SOURCES/softhsm-2.6.0.tar.gz.sig differ diff --git a/SOURCES/softhsm-2.6.1-rh1834909-exit.patch b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch new file mode 100644 index 0000000..9ce241c --- /dev/null +++ b/SOURCES/softhsm-2.6.1-rh1834909-exit.patch @@ -0,0 +1,72 @@ +diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp +index 32daca2..ace4bcb 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.cpp ++++ b/src/lib/crypto/OSSLCryptoFactory.cpp +@@ -226,31 +226,49 @@ err: + // Destructor + OSSLCryptoFactory::~OSSLCryptoFactory() + { +-#ifdef WITH_GOST +- // Finish the GOST engine +- if (eg != NULL) ++ bool ossl_shutdown = false; ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) ++ // OpenSSL 1.1.0+ will register an atexit() handler to run ++ // OPENSSL_cleanup(). If that has already happened we must ++ // not attempt to free any ENGINEs because they'll already ++ // have been destroyed and the use-after-free would cause ++ // a deadlock or crash. ++ // ++ // Detect that situation because reinitialisation will fail ++ // after OPENSSL_cleanup() has run. ++ (void)ERR_set_mark(); ++ ossl_shutdown = !OPENSSL_init_crypto(OPENSSL_INIT_ENGINE_RDRAND, NULL); ++ (void)ERR_pop_to_mark(); ++#endif ++ if (!ossl_shutdown) + { +- ENGINE_finish(eg); +- ENGINE_free(eg); +- eg = NULL; +- } ++#ifdef WITH_GOST ++ // Finish the GOST engine ++ if (eg != NULL) ++ { ++ ENGINE_finish(eg); ++ ENGINE_free(eg); ++ eg = NULL; ++ } + #endif + +- // Finish the rd_rand engine +- ENGINE_finish(rdrand_engine); +- ENGINE_free(rdrand_engine); +- rdrand_engine = NULL; ++ // Finish the rd_rand engine ++ ENGINE_finish(rdrand_engine); ++ ENGINE_free(rdrand_engine); ++ rdrand_engine = NULL; + ++ // Recycle locks ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ++ if (setLockingCallback) ++ { ++ CRYPTO_set_locking_callback(NULL); ++ } ++#endif ++ } + // Destroy the one-and-only RNG + delete rng; + +- // Recycle locks +-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) +- if (setLockingCallback) +- { +- CRYPTO_set_locking_callback(NULL); +- } +-#endif + for (unsigned i = 0; i < nlocks; i++) + { + MutexFactory::i()->recycleMutex(locks[i]); diff --git a/SPECS/softhsm.spec b/SPECS/softhsm.spec index fcdb948..4994c92 100644 --- a/SPECS/softhsm.spec +++ b/SPECS/softhsm.spec @@ -2,15 +2,14 @@ Summary: Software version of a PKCS#11 Hardware Security Module Name: softhsm -Version: 2.4.0 -Release: %{?prever:0.}2%{?prever:.%{prever}}%{?dist} +Version: 2.6.0 +Release: %{?prever:0.}3%{?prever:.%{prever}}%{?dist} License: BSD Url: http://www.opendnssec.org/ Source: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz Source1: http://dist.opendnssec.org/source/%{?prever:testing/}%{name}-%{version}.tar.gz.sig -Patch1: softhsm-2.3.0-reset-mutex-callbacks.patch -Patch2: softhsm-2.4.0-use-p11-kit-headers.patch +Patch1: softhsm-2.6.1-rh1834909-exit.patch Group: Applications/System BuildRequires: openssl-devel >= 1.0.1k-6, sqlite-devel >= 3.4.2, cppunit-devel @@ -43,13 +42,7 @@ The devel package contains the libsofthsm include files %prep %setup -q -n %{name}-%{version}%{?prever} - %patch1 -p1 -%patch2 -p1 - -%if 0%{?prever:1} -autoreconf -fiv -%endif # remove softhsm/ subdir auto-added to --libdir sed -i "s:full_libdir/softhsm:full_libdir:g" configure @@ -58,6 +51,16 @@ sed -i 's:^full_libdir=":#full_libdir=":g' configure.ac %endif sed -i "s:libdir)/@PACKAGE@:libdir):" Makefile.in +sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure + +%if 0%{?prever:1} +sed -i 's:$full_libdir/libsofthsm2\.so:libsofthsm2\.so:g' configure.ac +%endif + +%if 0%{?prever:1} +autoreconf -fiv +%endif + %build %configure --libdir=%{_libdir}/pkcs11 --with-openssl=%{_prefix} --enable-ecc --disable-gost \ --with-migrate --enable-visibility --with-p11-kit=%{_datadir}/p11-kit/modules/ @@ -118,6 +121,25 @@ if [ -f /var/softhsm/slot0.db ]; then fi %changelog +* Thu Jun 04 2020 Alexander Bokovoy - 2.6.0-3 +- Fixes: rhbz#1834909 - softhsm use-after-free on process exit +- Synchronize the final fix with Fedora + +* Thu May 14 2020 Paul Wouters - 2.6.0-2 +- Fixes: rhbz#1834909 - softhsm use-after-free on process exit + +* Wed Apr 01 2020 Alexander Bokovoy - 2.6.0-1 +- Fixes: rhbz#1818877 - rebase to softhsm 2.6.0+ +- Fixes: rhbz#1701233 - support setting supported signature methods on the token + +* Mon Feb 17 2020 Alexander Bokovoy - 2.4.0-4 +- Provide specific version libsofthsm2.so for p11-kit +- Fixes: rhbz#1727065 + +* Tue Feb 11 2020 Alexander Bokovoy - 2.4.0-3 +- Remove architecture-specific path from softhsm2.module definition +- Fixes: rhbz#1727065 + * Fri Aug 17 2018 Alexander Bokovoy - 2.4.0-2 - Replace PKCS11 headers by a more liberal version from p11-kit - Fixes: rhbz#1615766