1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4/* License to copy and use this software is granted provided that it is
5 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
6 * (Cryptoki)" in all material mentioning or referencing this software.
7
8 * License is also granted to make and use derivative works provided that
9 * such works are identified as "derived from the RSA Security Inc. PKCS #11
10 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
11 * referencing the derived work.
12
13 * RSA Security Inc. makes no representations concerning either the
14 * merchantability of this software or the suitability of this software for
15 * any particular purpose. It is provided "as is" without express or implied
16 * warranty of any kind.
17 */
18
19#ifndef _PKCS11T_H_
20#define _PKCS11T_H_ 1
21
22#define CK_TRUE 1
23#define CK_FALSE 0
24
25#include "prtypes.h"
26
27#define CK_PTR *
28#define CK_NULL_PTR 0
29#define CK_CALLBACK_FUNCTION(rtype, func) rtype(PR_CALLBACK *func)
30#define CK_DECLARE_FUNCTION(rtype, func) extern rtype func
31#define CK_DECLARE_FUNCTION_POINTER(rtype, func) rtype(PR_CALLBACK *func)
32
33#ifdef NSS_PCKS11_2_0_COMPAT
34#define prfHashMechanism prfMechanism
35#endif
36
37#define CRYPTOKI_VERSION_MAJOR 3
38#define CRYPTOKI_VERSION_MINOR 0
39#define CRYPTOKI_VERSION_AMENDMENT 0
40
41/* an unsigned 8-bit value */
42typedef unsigned char CK_BYTE;
43
44/* an unsigned 8-bit character */
45typedef CK_BYTE CK_CHAR;
46
47/* an 8-bit UTF-8 character */
48typedef CK_BYTE CK_UTF8CHAR;
49
50/* a BYTE-sized Boolean flag */
51typedef CK_BYTE CK_BBOOL;
52
53/* an unsigned value, at least 32 bits long */
54typedef unsigned long int CK_ULONG;
55
56/* a signed value, the same size as a CK_ULONG */
57/* CK_LONG is new for v2.0 */
58typedef long int CK_LONG;
59
60/* at least 32 bits; each bit is a Boolean flag */
61typedef CK_ULONG CK_FLAGS;
62
63/* some special values for certain CK_ULONG variables */
64#define CK_UNAVAILABLE_INFORMATION (~0UL)
65#define CK_EFFECTIVELY_INFINITE 0
66
67typedef CK_BYTE CK_PTR CK_BYTE_PTR;
68typedef CK_CHAR CK_PTR CK_CHAR_PTR;
69typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR;
70typedef CK_ULONG CK_PTR CK_ULONG_PTR;
71typedef void CK_PTR CK_VOID_PTR;
72
73/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
74typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR;
75
76/* The following value is always invalid if used as a session */
77/* handle or object handle */
78#define CK_INVALID_HANDLE 0
79
80/* pack */
81#include "pkcs11p.h"
82
83typedef struct CK_VERSION {
84 CK_BYTE major; /* integer portion of version number */
85 CK_BYTE minor; /* 1/100ths portion of version number */
86} CK_VERSION;
87
88typedef CK_VERSION CK_PTR CK_VERSION_PTR;
89
90typedef struct CK_INFO {
91 /* manufacturerID and libraryDecription have been changed from
92 * CK_CHAR to CK_UTF8CHAR for v2.10 */
93 CK_VERSION cryptokiVersion; /* PKCS #11 interface ver */
94 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
95 CK_FLAGS flags; /* must be zero */
96
97 /* libraryDescription and libraryVersion are new for v2.0 */
98 CK_UTF8CHAR libraryDescription[32]; /* blank padded */
99 CK_VERSION libraryVersion; /* version of library */
100} CK_INFO;
101
102typedef CK_INFO CK_PTR CK_INFO_PTR;
103
104/* CK_NOTIFICATION enumerates the types of notifications that
105 * PKCS #11 provides to an application */
106/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
107 * for v2.0 */
108typedef CK_ULONG CK_NOTIFICATION;
109#define CKN_SURRENDER 0
110
111typedef CK_ULONG CK_SLOT_ID;
112
113typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR;
114
115/* CK_SLOT_INFO provides information about a slot */
116typedef struct CK_SLOT_INFO {
117 /* slotDescription and manufacturerID have been changed from
118 * CK_CHAR to CK_UTF8CHAR for v2.10 */
119 CK_UTF8CHAR slotDescription[64]; /* blank padded */
120 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
121 CK_FLAGS flags;
122
123 /* hardwareVersion and firmwareVersion are new for v2.0 */
124 CK_VERSION hardwareVersion; /* version of hardware */
125 CK_VERSION firmwareVersion; /* version of firmware */
126} CK_SLOT_INFO;
127
128/* flags: bit flags that provide capabilities of the slot
129 * Bit Flag Mask Meaning
130 */
131#define CKF_TOKEN_PRESENT 0x00000001UL /* a token is there */
132#define CKF_REMOVABLE_DEVICE 0x00000002UL /* removable devices*/
133#define CKF_HW_SLOT 0x00000004UL /* hardware slot */
134
135typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR;
136
137/* CK_TOKEN_INFO provides information about a token */
138typedef struct CK_TOKEN_INFO {
139 /* label, manufacturerID, and model have been changed from
140 * CK_CHAR to CK_UTF8CHAR for v2.10 */
141 CK_UTF8CHAR label[32]; /* blank padded */
142 CK_UTF8CHAR manufacturerID[32]; /* blank padded */
143 CK_UTF8CHAR model[16]; /* blank padded */
144 CK_CHAR serialNumber[16]; /* blank padded */
145 CK_FLAGS flags; /* see below */
146
147 /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
148 * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
149 * changed from CK_USHORT to CK_ULONG for v2.0 */
150 CK_ULONG ulMaxSessionCount; /* max open sessions */
151 CK_ULONG ulSessionCount; /* sess. now open */
152 CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */
153 CK_ULONG ulRwSessionCount; /* R/W sess. now open */
154 CK_ULONG ulMaxPinLen; /* in bytes */
155 CK_ULONG ulMinPinLen; /* in bytes */
156 CK_ULONG ulTotalPublicMemory; /* in bytes */
157 CK_ULONG ulFreePublicMemory; /* in bytes */
158 CK_ULONG ulTotalPrivateMemory; /* in bytes */
159 CK_ULONG ulFreePrivateMemory; /* in bytes */
160
161 /* hardwareVersion, firmwareVersion, and time are new for
162 * v2.0 */
163 CK_VERSION hardwareVersion; /* version of hardware */
164 CK_VERSION firmwareVersion; /* version of firmware */
165 CK_CHAR utcTime[16]; /* time */
166} CK_TOKEN_INFO;
167
168/* The flags parameter is defined as follows:
169 * Bit Flag Mask Meaning
170 */
171#define CKF_RNG 0x00000001UL /* has random # \
172 * generator */
173#define CKF_WRITE_PROTECTED 0x00000002UL /* token is \
174 * write- \
175 * protected */
176#define CKF_LOGIN_REQUIRED 0x00000004UL /* user must \
177 * login */
178#define CKF_USER_PIN_INITIALIZED 0x00000008UL /* normal user's \
179 * PIN is set */
180
181/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
182 * that means that *every* time the state of cryptographic
183 * operations of a session is successfully saved, all keys
184 * needed to continue those operations are stored in the state */
185#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL
186
187/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
188 * that the token has some sort of clock. The time on that
189 * clock is returned in the token info structure */
190#define CKF_CLOCK_ON_TOKEN 0x00000040UL
191
192/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
193 * set, that means that there is some way for the user to login
194 * without sending a PIN through the PKCS #11 library itself */
195#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL
196
197/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
198 * that means that a single session with the token can perform
199 * dual simultaneous cryptographic operations (digest and
200 * encrypt; decrypt and digest; sign and encrypt; and decrypt
201 * and sign) */
202#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL
203
204/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
205 * token has been initialized using C_InitializeToken or an
206 * equivalent mechanism outside the scope of PKCS #11.
207 * Calling C_InitializeToken when this flag is set will cause
208 * the token to be reinitialized. */
209#define CKF_TOKEN_INITIALIZED 0x00000400UL
210
211/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
212 * true, the token supports secondary authentication for
213 * private key objects. This flag is deprecated in v2.11 and
214 onwards. */
215#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL
216
217/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
218 * incorrect user login PIN has been entered at least once
219 * since the last successful authentication. */
220#define CKF_USER_PIN_COUNT_LOW 0x00010000UL
221
222/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
223 * supplying an incorrect user PIN will it to become locked. */
224#define CKF_USER_PIN_FINAL_TRY 0x00020000UL
225
226/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
227 * user PIN has been locked. User login to the token is not
228 * possible. */
229#define CKF_USER_PIN_LOCKED 0x00040000UL
230
231/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
232 * the user PIN value is the default value set by token
233 * initialization or manufacturing, or the PIN has been
234 * expired by the card. */
235#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL
236
237/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
238 * incorrect SO login PIN has been entered at least once since
239 * the last successful authentication. */
240#define CKF_SO_PIN_COUNT_LOW 0x00100000UL
241
242/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
243 * supplying an incorrect SO PIN will it to become locked. */
244#define CKF_SO_PIN_FINAL_TRY 0x00200000UL
245
246/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
247 * PIN has been locked. SO login to the token is not possible.
248 */
249#define CKF_SO_PIN_LOCKED 0x00400000UL
250
251/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
252 * the SO PIN value is the default value set by token
253 * initialization or manufacturing, or the PIN has been
254 * expired by the card. */
255#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL
256
257#define CKF_ERROR_STATE 0x01000000UL
258
259typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR;
260
261/* CK_SESSION_HANDLE is a PKCS #11-assigned value that
262 * identifies a session */
263typedef CK_ULONG CK_SESSION_HANDLE;
264
265typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR;
266
267/* CK_USER_TYPE enumerates the types of PKCS #11 users */
268/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
269 * v2.0 */
270typedef CK_ULONG CK_USER_TYPE;
271/* Security Officer */
272#define CKU_SO 0
273/* Normal user */
274#define CKU_USER 1
275/* Context specific (added in v2.20) */
276#define CKU_CONTEXT_SPECIFIC 2
277
278/* CK_STATE enumerates the session states */
279/* CK_STATE has been changed from an enum to a CK_ULONG for
280 * v2.0 */
281typedef CK_ULONG CK_STATE;
282#define CKS_RO_PUBLIC_SESSION 0
283#define CKS_RO_USER_FUNCTIONS 1
284#define CKS_RW_PUBLIC_SESSION 2
285#define CKS_RW_USER_FUNCTIONS 3
286#define CKS_RW_SO_FUNCTIONS 4
287
288/* CK_SESSION_INFO provides information about a session */
289typedef struct CK_SESSION_INFO {
290 CK_SLOT_ID slotID;
291 CK_STATE state;
292 CK_FLAGS flags; /* see below */
293
294 /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
295 * v2.0 */
296 CK_ULONG ulDeviceError; /* device-dependent error code */
297} CK_SESSION_INFO;
298
299/* The flags are defined in the following table:
300 * Bit Flag Mask Meaning
301 */
302#define CKF_RW_SESSION 0x00000002UL /* session is r/w */
303#define CKF_SERIAL_SESSION 0x00000004UL /* no parallel */
304
305typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR;
306
307/* CK_OBJECT_HANDLE is a token-specific identifier for an
308 * object */
309typedef CK_ULONG CK_OBJECT_HANDLE;
310
311typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR;
312
313/* CK_OBJECT_CLASS is a value that identifies the classes (or
314 * types) of objects that PKCS #11 recognizes. It is defined
315 * as follows: */
316/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
317 * v2.0 */
318typedef CK_ULONG CK_OBJECT_CLASS;
319
320/* The following classes of objects are defined: */
321/* CKO_HW_FEATURE is new for v2.10 */
322/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
323/* CKO_MECHANISM is new for v2.20 */
324/* CKO_PROFILE is new for v3.00 */
325#define CKO_DATA 0x00000000UL
326#define CKO_CERTIFICATE 0x00000001UL
327#define CKO_PUBLIC_KEY 0x00000002UL
328#define CKO_PRIVATE_KEY 0x00000003UL
329#define CKO_SECRET_KEY 0x00000004UL
330#define CKO_HW_FEATURE 0x00000005UL
331#define CKO_DOMAIN_PARAMETERS 0x00000006UL
332#define CKO_MECHANISM 0x00000007UL
333#define CKO_PROFILE 0x00000009UL
334#define CKO_VENDOR_DEFINED 0x80000000UL
335
336typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
337
338/* CK_PROFILE_ID is new for v3.00. CK_PROFILE_ID is a value that
339 * identifies the profile that the token supports. */
340typedef CK_ULONG CK_PROFILE_ID;
341
342/* Profile ID's */
343#define CKP_INVALID_ID 0x00000000UL
344#define CKP_BASELINE_PROVIDER 0x00000001UL
345#define CKP_EXTENDED_PROVIDER 0x00000002UL
346#define CKP_AUTHENTICATION_TOKEN 0x00000003UL
347#define CKP_PUBLIC_CERTIFICATES_TOKEN 0x00000004UL
348#define CKP_VENDOR_DEFINED 0x80000000UL
349
350/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
351 * value that identifies the hardware feature type of an object
352 * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
353typedef CK_ULONG CK_HW_FEATURE_TYPE;
354
355/* The following hardware feature types are defined */
356/* CKH_USER_INTERFACE is new for v2.20 */
357#define CKH_MONOTONIC_COUNTER 0x00000001UL
358#define CKH_CLOCK 0x00000002UL
359#define CKH_USER_INTERFACE 0x00000003UL
360#define CKH_VENDOR_DEFINED 0x80000000UL
361
362/* CK_KEY_TYPE is a value that identifies a key type */
363/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
364typedef CK_ULONG CK_KEY_TYPE;
365
366/* the following key types are defined: */
367#define CKK_RSA 0x00000000UL
368#define CKK_DSA 0x00000001UL
369#define CKK_DH 0x00000002UL
370
371/* CKK_ECDSA and CKK_KEA are new for v2.0 */
372/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
373#define CKK_ECDSA 0x00000003UL
374#define CKK_EC 0x00000003UL
375#define CKK_X9_42_DH 0x00000004UL
376#define CKK_KEA 0x00000005UL
377
378#define CKK_GENERIC_SECRET 0x00000010UL
379#define CKK_RC2 0x00000011UL
380#define CKK_RC4 0x00000012UL
381#define CKK_DES 0x00000013UL
382#define CKK_DES2 0x00000014UL
383#define CKK_DES3 0x00000015UL
384
385/* all these key types are new for v2.0 */
386#define CKK_CAST 0x00000016UL
387#define CKK_CAST3 0x00000017UL
388/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
389#define CKK_CAST5 0x00000018UL
390#define CKK_CAST128 0x00000018UL
391#define CKK_RC5 0x00000019UL
392#define CKK_IDEA 0x0000001AUL
393#define CKK_SKIPJACK 0x0000001BUL
394#define CKK_BATON 0x0000001CUL
395#define CKK_JUNIPER 0x0000001DUL
396#define CKK_CDMF 0x0000001EUL
397#define CKK_AES 0x0000001FUL
398
399/* BlowFish and TwoFish are new for v2.20 */
400#define CKK_BLOWFISH 0x00000020UL
401#define CKK_TWOFISH 0x00000021UL
402
403/* Camellia is proposed for v2.20 Amendment 3 */
404#define CKK_CAMELLIA 0x00000025UL
405
406#define CKK_SEED 0x0000002FUL /* was 2A */
407
408/* added in v2.30 */
409#define CKK_ARIA 0x00000026UL
410
411/* added in 2.40 */
412#define CKK_MD5_HMAC 0x00000027UL
413#define CKK_SHA_1_HMAC 0x00000028UL
414#define CKK_RIPEMD128_HMAC 0x00000029UL
415#define CKK_RIPEMD160_HMAC 0x0000002AUL
416#define CKK_SHA256_HMAC 0x0000002BUL
417#define CKK_SHA384_HMAC 0x0000002CUL
418#define CKK_SHA512_HMAC 0x0000002DUL
419#define CKK_SHA224_HMAC 0x0000002EUL
420#define CKK_GOSTR3410 0x00000030UL
421#define CKK_GOSTR3411 0x00000031UL
422#define CKK_GOST28147 0x00000032UL
423#define CKK_CHACHA20 0x00000033UL
424#define CKK_POLY1305 0x00000034UL
425#define CKK_AES_XTS 0x00000035UL
426#define CKK_SHA3_224_HMAC 0x00000036UL
427#define CKK_SHA3_256_HMAC 0x00000037UL
428#define CKK_SHA3_384_HMAC 0x00000038UL
429#define CKK_SHA3_512_HMAC 0x00000039UL
430
431/* added in 3.0 */
432#define CKK_BLAKE2B_160_HMAC 0x0000003aUL
433#define CKK_BLAKE2B_256_HMAC 0x0000003bUL
434#define CKK_BLAKE2B_384_HMAC 0x0000003cUL
435#define CKK_BLAKE2B_512_HMAC 0x0000003dUL
436#define CKK_SALSA20 0x0000003eUL
437#define CKK_X2RATCHET 0x0000003fUL
438#define CKK_EC_EDWARDS 0x00000040UL
439#define CKK_EC_MONTGOMERY 0x00000041UL
440#define CKK_HKDF 0x00000042UL
441#define CKK_SHA512_224_HMAC 0x00000043UL
442#define CKK_SHA512_256_HMAC 0x00000044UL
443#define CKK_SHA512_T_HMAC 0x00000045UL
444
445#define CKK_VENDOR_DEFINED 0x80000000UL
446
447/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
448 * type */
449/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
450 * for v2.0 */
451typedef CK_ULONG CK_CERTIFICATE_TYPE;
452
453/* The following certificate types are defined: */
454/* CKC_X_509_ATTR_CERT is new for v2.10 */
455/* CKC_WTLS is new for v2.20 */
456#define CKC_X_509 0x00000000UL
457#define CKC_X_509_ATTR_CERT 0x00000001UL
458#define CKC_WTLS 0x00000002UL
459#define CKC_VENDOR_DEFINED 0x80000000UL
460
461/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
462 * type */
463/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
464 * v2.0 */
465typedef CK_ULONG CK_ATTRIBUTE_TYPE;
466
467/* values for CKA_CERTIFICATE_CATEGORY v2.20 */
468typedef CK_ULONG CK_CERTIFICATE_CATEGORY;
469#define CK_CERTIFICATE_CATEGORY_UNSPECIFIED 0UL
470#define CK_CERTIFICATE_CATEGORY_TOKEN_USER 1UL
471#define CK_CERTIFICATE_CATEGORY_AUTHORITY 2UL
472#define CK_CERTIFICATE_CATEGORY_OTHER_ENTITY 3UL
473
474/* values for CKA_JAVA_MIDP_SECURITY_DOMAIN v2.20 */
475typedef CK_ULONG CK_JAVA_MIDP_SECURITY_DOMAIN;
476#define CK_SECURITY_DOMAIN_UNSPECIFIED 0UL
477#define CK_SECURITY_DOMAIN_MANUFACTURER 1UL
478#define CK_SECURITY_DOMAIN_OPERATOR 2UL
479#define CK_SECURITY_DOMAIN_THIRD_PARTY 3UL
480
481/* values for CKA_OTP_FORMAT */
482#define CK_OTP_FORMAT_DECIMAL 0UL
483#define CK_OTP_FORMAT_HEXADECIMAL 1UL
484#define CK_OTP_FORMAT_ALPHANUMERIC 2UL
485#define CK_OTP_FORMAT_BINARY 3UL
486
487/* values for CKA_OTP_CHALLENGE_REQUIREMENT, CKA_OTP_TIME_REQUIREMENT,
488 * CKA_OTP_COUNTER_REQUIREMENT, CKA_OTP_PIN_REQUIREMENT */
489#define CK_OTP_PARAM_IGNORED 0UL
490#define CK_OTP_PARAM_OPTIONAL 1UL
491#define CK_OTP_PARAM_MANDATORY 2UL
492
493/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
494 consists of an array of values. */
495#define CKF_ARRAY_ATTRIBUTE 0x40000000UL
496
497/* The following attribute types are defined: */
498#define CKA_CLASS 0x00000000UL
499#define CKA_TOKEN 0x00000001UL
500#define CKA_PRIVATE 0x00000002UL
501#define CKA_LABEL 0x00000003UL
502#define CKA_APPLICATION 0x00000010UL
503#define CKA_VALUE 0x00000011UL
504
505/* CKA_OBJECT_ID is new for v2.10 */
506#define CKA_OBJECT_ID 0x00000012UL
507
508#define CKA_CERTIFICATE_TYPE 0x00000080UL
509#define CKA_ISSUER 0x00000081UL
510#define CKA_SERIAL_NUMBER 0x00000082UL
511
512/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
513 * for v2.10 */
514#define CKA_AC_ISSUER 0x00000083UL
515#define CKA_OWNER 0x00000084UL
516#define CKA_ATTR_TYPES 0x00000085UL
517
518/* CKA_TRUSTED is new for v2.11 */
519#define CKA_TRUSTED 0x00000086UL
520
521/* CKA_CERTIFICATE_CATEGORY ...
522 * CKA_CHECK_VALUE are new for v2.20 */
523#define CKA_CERTIFICATE_CATEGORY 0x00000087UL
524#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL
525#define CKA_URL 0x00000089UL
526#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL
527#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL
528#define CKA_CHECK_VALUE 0x00000090UL
529
530#define CKA_KEY_TYPE 0x00000100UL
531#define CKA_SUBJECT 0x00000101UL
532#define CKA_ID 0x00000102UL
533#define CKA_SENSITIVE 0x00000103UL
534#define CKA_ENCRYPT 0x00000104UL
535#define CKA_DECRYPT 0x00000105UL
536#define CKA_WRAP 0x00000106UL
537#define CKA_UNWRAP 0x00000107UL
538#define CKA_SIGN 0x00000108UL
539#define CKA_SIGN_RECOVER 0x00000109UL
540#define CKA_VERIFY 0x0000010AUL
541#define CKA_VERIFY_RECOVER 0x0000010BUL
542#define CKA_DERIVE 0x0000010CUL
543#define CKA_START_DATE 0x00000110UL
544#define CKA_END_DATE 0x00000111UL
545#define CKA_MODULUS 0x00000120UL
546#define CKA_MODULUS_BITS 0x00000121UL
547#define CKA_PUBLIC_EXPONENT 0x00000122UL
548#define CKA_PRIVATE_EXPONENT 0x00000123UL
549#define CKA_PRIME_1 0x00000124UL
550#define CKA_PRIME_2 0x00000125UL
551#define CKA_EXPONENT_1 0x00000126UL
552#define CKA_EXPONENT_2 0x00000127UL
553#define CKA_COEFFICIENT 0x00000128UL
554/* CKA_PUBLIC_KEY_INFO is new for v2.40 */
555#define CKA_PUBLIC_KEY_INFO 0x00000129UL
556#define CKA_PRIME 0x00000130UL
557#define CKA_SUBPRIME 0x00000131UL
558#define CKA_BASE 0x00000132UL
559
560/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
561#define CKA_PRIME_BITS 0x00000133UL
562#define CKA_SUBPRIME_BITS 0x00000134UL
563#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
564/* (To retain backwards-compatibility) */
565
566#define CKA_VALUE_BITS 0x00000160UL
567#define CKA_VALUE_LEN 0x00000161UL
568
569/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
570 * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
571 * and CKA_EC_POINT are new for v2.0 */
572#define CKA_EXTRACTABLE 0x00000162UL
573#define CKA_LOCAL 0x00000163UL
574#define CKA_NEVER_EXTRACTABLE 0x00000164UL
575#define CKA_ALWAYS_SENSITIVE 0x00000165UL
576
577/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
578#define CKA_KEY_GEN_MECHANISM 0x00000166UL
579
580#define CKA_MODIFIABLE 0x00000170UL
581
582/* New for 2.40 */
583#define CKA_COPYABLE 0x00000171UL
584#define CKA_DESTROYABLE 0x00000172UL
585
586/* CKA_ECDSA_PARAMS is deprecated in v2.11,
587 * CKA_EC_PARAMS is preferred. */
588#define CKA_ECDSA_PARAMS 0x00000180UL
589#define CKA_EC_PARAMS 0x00000180UL
590
591#define CKA_EC_POINT 0x00000181UL
592
593/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
594 * are new for v2.10. Deprecated in v2.11 and onwards. */
595#define CKA_SECONDARY_AUTH 0x00000200UL
596#define CKA_AUTH_PIN_FLAGS 0x00000201UL
597
598/* CKA_ALWAYS_AUTHENTICATE ...
599 * CKA_UNWRAP_TEMPLATE are new for v2.20 */
600#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL
601
602#define CKA_WRAP_WITH_TRUSTED 0x00000210UL
603#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211UL)
604#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212UL)
605
606/* new for 2.40 */
607#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000213UL)
608#define CKA_OTP_FORMAT 0x00000220UL
609#define CKA_OTP_LENGTH 0x00000221UL
610#define CKA_OTP_TIME_INTERVAL 0x00000222UL
611#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223UL
612#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224UL
613#define CKA_OTP_TIME_REQUIREMENT 0x00000225UL
614#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL
615#define CKA_OTP_PIN_REQUIREMENT 0x00000227UL
616#define CKA_OTP_COUNTER 0x0000022EUL
617#define CKA_OTP_TIME 0x0000022FUL
618#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL
619#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL
620#define 0x0000022CUL
621#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL
622#define CKA_GOSTR3410_PARAMS 0x00000250UL
623#define CKA_GOSTR3411_PARAMS 0x00000251UL
624#define CKA_GOST28147_PARAMS 0x00000252UL
625
626/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
627 * are new for v2.10 */
628#define CKA_HW_FEATURE_TYPE 0x00000300UL
629#define CKA_RESET_ON_INIT 0x00000301UL
630#define CKA_HAS_RESET 0x00000302UL
631
632/* The following attributes are new for v2.20 */
633#define CKA_PIXEL_X 0x00000400UL
634#define CKA_PIXEL_Y 0x00000401UL
635#define CKA_RESOLUTION 0x00000402UL
636#define CKA_CHAR_ROWS 0x00000403UL
637#define CKA_CHAR_COLUMNS 0x00000404UL
638#define CKA_COLOR 0x00000405UL
639#define CKA_BITS_PER_PIXEL 0x00000406UL
640#define CKA_CHAR_SETS 0x00000480UL
641#define CKA_ENCODING_METHODS 0x00000481UL
642#define CKA_MIME_TYPES 0x00000482UL
643#define CKA_MECHANISM_TYPE 0x00000500UL
644#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501UL
645#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL
646#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL
647#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600UL)
648
649/* new for v3.0 */
650#define CKA_PROFILE_ID 0x00000601UL
651#define CKA_X2RATCHET_BAG 0x00000602UL
652#define CKA_X2RATCHET_BAGSIZE 0x00000603UL
653#define CKA_X2RATCHET_BOBS1STMSG 0x00000604UL
654#define CKA_X2RATCHET_CKR 0x00000605UL
655#define CKA_X2RATCHET_CKS 0x00000606UL
656#define CKA_X2RATCHET_DHP 0x00000607UL
657#define CKA_X2RATCHET_DHR 0x00000608UL
658#define CKA_X2RATCHET_DHS 0x00000609UL
659#define CKA_X2RATCHET_HKR 0x0000060aUL
660#define CKA_X2RATCHET_HKS 0x0000060bUL
661#define CKA_X2RATCHET_ISALICE 0x0000060cUL
662#define CKA_X2RATCHET_NHKR 0x0000060dUL
663#define CKA_X2RATCHET_NHKS 0x0000060eUL
664#define CKA_X2RATCHET_NR 0x0000060fUL
665#define CKA_X2RATCHET_NS 0x00000610UL
666#define CKA_X2RATCHET_PNS 0x00000611UL
667#define CKA_X2RATCHET_RK 0x00000612UL
668
669#define CKA_VENDOR_DEFINED 0x80000000UL
670
671/* CK_ATTRIBUTE is a structure that includes the type, length
672 * and value of an attribute */
673typedef struct CK_ATTRIBUTE {
674 CK_ATTRIBUTE_TYPE type;
675 CK_VOID_PTR pValue;
676
677 /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
678 CK_ULONG ulValueLen; /* in bytes */
679} CK_ATTRIBUTE;
680
681typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR;
682
683/* CK_DATE is a structure that defines a date */
684typedef struct CK_DATE {
685 CK_CHAR year[4]; /* the year ("1900" - "9999") */
686 CK_CHAR month[2]; /* the month ("01" - "12") */
687 CK_CHAR day[2]; /* the day ("01" - "31") */
688} CK_DATE;
689
690/* CK_MECHANISM_TYPE is a value that identifies a mechanism
691 * type */
692/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
693 * v2.0 */
694typedef CK_ULONG CK_MECHANISM_TYPE;
695
696/* the following mechanism types are defined: */
697#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL
698#define CKM_RSA_PKCS 0x00000001UL
699#define CKM_RSA_9796 0x00000002UL
700#define CKM_RSA_X_509 0x00000003UL
701
702/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
703 * are new for v2.0. They are mechanisms which hash and sign */
704#define CKM_MD2_RSA_PKCS 0x00000004UL
705#define CKM_MD5_RSA_PKCS 0x00000005UL
706#define CKM_SHA1_RSA_PKCS 0x00000006UL
707
708/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
709 * CKM_RSA_PKCS_OAEP are new for v2.10 */
710#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL
711#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL
712#define CKM_RSA_PKCS_OAEP 0x00000009UL
713
714/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
715 * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
716#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL
717#define CKM_RSA_X9_31 0x0000000BUL
718#define CKM_SHA1_RSA_X9_31 0x0000000CUL
719#define CKM_RSA_PKCS_PSS 0x0000000DUL
720#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL
721
722#define CKM_DSA_KEY_PAIR_GEN 0x00000010UL
723#define CKM_DSA 0x00000011UL
724#define CKM_DSA_SHA1 0x00000012UL
725
726/* new for v2.40 */
727#define CKM_DSA_SHA224 0x00000013UL
728#define CKM_DSA_SHA256 0x00000014UL
729#define CKM_DSA_SHA384 0x00000015UL
730#define CKM_DSA_SHA512 0x00000016UL
731#define CKM_DSA_SHA3_224 0x00000018UL
732#define CKM_DSA_SHA3_256 0x00000019UL
733#define CKM_DSA_SHA3_384 0x0000001AUL
734#define CKM_DSA_SHA3_512 0x0000001BUL
735
736#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL
737#define CKM_DH_PKCS_DERIVE 0x00000021UL
738
739/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
740 * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
741 * v2.11 */
742#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL
743#define CKM_X9_42_DH_DERIVE 0x00000031UL
744#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032UL
745#define CKM_X9_42_MQV_DERIVE 0x00000033UL
746
747/* CKM_SHA256/384/512 are new for v2.20 */
748#define CKM_SHA256_RSA_PKCS 0x00000040UL
749#define CKM_SHA384_RSA_PKCS 0x00000041UL
750#define CKM_SHA512_RSA_PKCS 0x00000042UL
751#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL
752#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL
753#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL
754
755/* CKM_SHA224 new for v2.20 amendment 3 */
756#define CKM_SHA224_RSA_PKCS 0x00000046UL
757#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL
758
759/* new for v2.40 */
760#define CKM_SHA512_224 0x00000048UL
761#define CKM_SHA512_224_HMAC 0x00000049UL
762#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL
763#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL
764#define CKM_SHA512_256 0x0000004CUL
765#define CKM_SHA512_256_HMAC 0x0000004DUL
766#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL
767#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL
768#define CKM_SHA512_T 0x00000050UL
769#define CKM_SHA512_T_HMAC 0x00000051UL
770#define CKM_SHA512_T_HMAC_GENERAL 0x00000052UL
771#define CKM_SHA512_T_KEY_DERIVATION 0x00000053UL
772#define CKM_SHA3_256_RSA_PKCS 0x00000060UL
773#define CKM_SHA3_384_RSA_PKCS 0x00000061UL
774#define CKM_SHA3_512_RSA_PKCS 0x00000062UL
775#define CKM_SHA3_256_RSA_PKCS_PSS 0x00000063UL
776#define CKM_SHA3_384_RSA_PKCS_PSS 0x00000064UL
777#define CKM_SHA3_512_RSA_PKCS_PSS 0x00000065UL
778#define CKM_SHA3_224_RSA_PKCS 0x00000066UL
779#define CKM_SHA3_224_RSA_PKCS_PSS 0x00000067UL
780
781#define CKM_RC2_KEY_GEN 0x00000100UL
782#define CKM_RC2_ECB 0x00000101UL
783#define CKM_RC2_CBC 0x00000102UL
784#define CKM_RC2_MAC 0x00000103UL
785
786/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
787#define CKM_RC2_MAC_GENERAL 0x00000104UL
788#define CKM_RC2_CBC_PAD 0x00000105UL
789
790#define CKM_RC4_KEY_GEN 0x00000110UL
791#define CKM_RC4 0x00000111UL
792#define CKM_DES_KEY_GEN 0x00000120UL
793#define CKM_DES_ECB 0x00000121UL
794#define CKM_DES_CBC 0x00000122UL
795#define CKM_DES_MAC 0x00000123UL
796
797/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
798#define CKM_DES_MAC_GENERAL 0x00000124UL
799#define CKM_DES_CBC_PAD 0x00000125UL
800
801#define CKM_DES2_KEY_GEN 0x00000130UL
802#define CKM_DES3_KEY_GEN 0x00000131UL
803#define CKM_DES3_ECB 0x00000132UL
804#define CKM_DES3_CBC 0x00000133UL
805#define CKM_DES3_MAC 0x00000134UL
806
807/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
808 * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
809 * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
810#define CKM_DES3_MAC_GENERAL 0x00000135UL
811#define CKM_DES3_CBC_PAD 0x00000136UL
812#define CKM_CDMF_KEY_GEN 0x00000140UL
813#define CKM_CDMF_ECB 0x00000141UL
814#define CKM_CDMF_CBC 0x00000142UL
815#define CKM_CDMF_MAC 0x00000143UL
816#define CKM_CDMF_MAC_GENERAL 0x00000144UL
817#define CKM_CDMF_CBC_PAD 0x00000145UL
818
819/* the following four DES mechanisms are new for v2.20 */
820#define CKM_DES_OFB64 0x00000150UL
821#define CKM_DES_OFB8 0x00000151UL
822#define CKM_DES_CFB64 0x00000152UL
823#define CKM_DES_CFB8 0x00000153UL
824
825#define CKM_MD2 0x00000200UL
826
827/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
828#define CKM_MD2_HMAC 0x00000201UL
829#define CKM_MD2_HMAC_GENERAL 0x00000202UL
830
831#define CKM_MD5 0x00000210UL
832
833/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
834#define CKM_MD5_HMAC 0x00000211UL
835#define CKM_MD5_HMAC_GENERAL 0x00000212UL
836
837#define CKM_SHA_1 0x00000220UL
838
839/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
840#define CKM_SHA_1_HMAC 0x00000221UL
841#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL
842
843/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
844 * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
845 * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
846#define CKM_RIPEMD128 0x00000230UL
847#define CKM_RIPEMD128_HMAC 0x00000231UL
848#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232UL
849#define CKM_RIPEMD160 0x00000240UL
850#define CKM_RIPEMD160_HMAC 0x00000241UL
851#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL
852
853/* CKM_SHA256/384/512 are new for v2.20 */
854#define CKM_SHA256 0x00000250UL
855#define CKM_SHA256_HMAC 0x00000251UL
856#define CKM_SHA256_HMAC_GENERAL 0x00000252UL
857#define CKM_SHA384 0x00000260UL
858#define CKM_SHA384_HMAC 0x00000261UL
859#define CKM_SHA384_HMAC_GENERAL 0x00000262UL
860#define CKM_SHA512 0x00000270UL
861#define CKM_SHA512_HMAC 0x00000271UL
862#define CKM_SHA512_HMAC_GENERAL 0x00000272UL
863
864/* CKM_SHA224 new for v2.20 amendment 3 */
865#define CKM_SHA224 0x00000255UL
866#define CKM_SHA224_HMAC 0x00000256UL
867#define CKM_SHA224_HMAC_GENERAL 0x00000257UL
868
869/* new for v2.40 */
870#define CKM_SECURID_KEY_GEN 0x00000280UL
871#define CKM_SECURID 0x00000282UL
872#define CKM_HOTP_KEY_GEN 0x00000290UL
873#define CKM_HOTP 0x00000291UL
874#define CKM_ACTI 0x000002A0UL
875#define CKM_ACTI_KEY_GEN 0x000002A1UL
876#define CKM_SHA3_256 0x000002B0UL
877#define CKM_SHA3_256_HMAC 0x000002B1UL
878#define CKM_SHA3_256_HMAC_GENERAL 0x000002B2UL
879#define CKM_SHA3_256_KEY_GEN 0x000002B3UL
880#define CKM_SHA3_224 0x000002B5UL
881#define CKM_SHA3_224_HMAC 0x000002B6UL
882#define CKM_SHA3_224_HMAC_GENERAL 0x000002B7UL
883#define CKM_SHA3_224_KEY_GEN 0x000002B8UL
884#define CKM_SHA3_384 0x000002C0UL
885#define CKM_SHA3_384_HMAC 0x000002C1UL
886#define CKM_SHA3_384_HMAC_GENERAL 0x000002C2UL
887#define CKM_SHA3_384_KEY_GEN 0x000002C3UL
888#define CKM_SHA3_512 0x000002D0UL
889#define CKM_SHA3_512_HMAC 0x000002D1UL
890#define CKM_SHA3_512_HMAC_GENERAL 0x000002D2UL
891#define CKM_SHA3_512_KEY_GEN 0x000002D3UL
892
893/* All of the following mechanisms are new for v2.0 */
894/* Note that CAST128 and CAST5 are the same algorithm */
895#define CKM_CAST_KEY_GEN 0x00000300UL
896#define CKM_CAST_ECB 0x00000301UL
897#define CKM_CAST_CBC 0x00000302UL
898#define CKM_CAST_MAC 0x00000303UL
899#define CKM_CAST_MAC_GENERAL 0x00000304UL
900#define CKM_CAST_CBC_PAD 0x00000305UL
901#define CKM_CAST3_KEY_GEN 0x00000310UL
902#define CKM_CAST3_ECB 0x00000311UL
903#define CKM_CAST3_CBC 0x00000312UL
904#define CKM_CAST3_MAC 0x00000313UL
905#define CKM_CAST3_MAC_GENERAL 0x00000314UL
906#define CKM_CAST3_CBC_PAD 0x00000315UL
907#define CKM_CAST5_KEY_GEN 0x00000320UL
908#define CKM_CAST128_KEY_GEN 0x00000320UL
909#define CKM_CAST5_ECB 0x00000321UL
910#define CKM_CAST128_ECB 0x00000321UL
911#define CKM_CAST5_CBC 0x00000322UL
912#define CKM_CAST128_CBC 0x00000322UL
913#define CKM_CAST5_MAC 0x00000323UL
914#define CKM_CAST128_MAC 0x00000323UL
915#define CKM_CAST5_MAC_GENERAL 0x00000324UL
916#define CKM_CAST128_MAC_GENERAL 0x00000324UL
917#define CKM_CAST5_CBC_PAD 0x00000325UL
918#define CKM_CAST128_CBC_PAD 0x00000325UL
919#define CKM_RC5_KEY_GEN 0x00000330UL
920#define CKM_RC5_ECB 0x00000331UL
921#define CKM_RC5_CBC 0x00000332UL
922#define CKM_RC5_MAC 0x00000333UL
923#define CKM_RC5_MAC_GENERAL 0x00000334UL
924#define CKM_RC5_CBC_PAD 0x00000335UL
925#define CKM_IDEA_KEY_GEN 0x00000340UL
926#define CKM_IDEA_ECB 0x00000341UL
927#define CKM_IDEA_CBC 0x00000342UL
928#define CKM_IDEA_MAC 0x00000343UL
929#define CKM_IDEA_MAC_GENERAL 0x00000344UL
930#define CKM_IDEA_CBC_PAD 0x00000345UL
931#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL
932#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360UL
933#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362UL
934#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363UL
935#define CKM_XOR_BASE_AND_DATA 0x00000364UL
936#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365UL
937#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370UL
938#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371UL
939#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL
940
941/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
942 * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
943 * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
944#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL
945#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL
946#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375UL
947#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376UL
948#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL
949
950/* CKM_TLS_PRF is new for v2.20 */
951#define CKM_TLS_PRF 0x00000378UL
952
953#define CKM_SSL3_MD5_MAC 0x00000380UL
954#define CKM_SSL3_SHA1_MAC 0x00000381UL
955#define CKM_MD5_KEY_DERIVATION 0x00000390UL
956#define CKM_MD2_KEY_DERIVATION 0x00000391UL
957#define CKM_SHA1_KEY_DERIVATION 0x00000392UL
958
959/* CKM_SHA256/384/512 are new for v2.20 */
960#define CKM_SHA256_KEY_DERIVATION 0x00000393UL
961#define CKM_SHA384_KEY_DERIVATION 0x00000394UL
962#define CKM_SHA512_KEY_DERIVATION 0x00000395UL
963
964/* CKM_SHA224 new for v2.20 amendment 3 */
965#define CKM_SHA224_KEY_DERIVATION 0x00000396UL
966
967/* new for v2.40 */
968#define CKM_SHA3_256_KEY_DERIVATION 0x00000397UL
969#define CKM_SHA3_224_KEY_DERIVATION 0x00000398UL
970#define CKM_SHA3_384_KEY_DERIVATION 0x00000399UL
971#define CKM_SHA3_512_KEY_DERIVATION 0x0000039AUL
972#define CKM_SHAKE_128_KEY_DERIVATION 0x0000039BUL
973#define CKM_SHAKE_256_KEY_DERIVATION 0x0000039CUL
974
975#define CKM_PBE_MD2_DES_CBC 0x000003A0UL
976#define CKM_PBE_MD5_DES_CBC 0x000003A1UL
977#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL
978#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL
979#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL
980#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL
981#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL
982#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL
983#define CKM_PBE_SHA1_RC4_128 0x000003A6UL
984#define CKM_PBE_SHA1_RC4_40 0x000003A7UL
985#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL
986#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL
987#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL
988#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL
989
990/* CKM_PKCS5_PBKD2 is new for v2.10 */
991#define CKM_PKCS5_PBKD2 0x000003B0UL
992
993#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL
994
995/* WTLS mechanisms are new for v2.20 */
996#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL
997#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL
998#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL
999#define CKM_WTLS_PRF 0x000003D3UL
1000#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL
1001#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL
1002
1003/* TLS 1.2 mechanisms are new for v2.40 */
1004#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL
1005#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL
1006#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL
1007#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL
1008#define CKM_TLS12_MAC 0x000003D8UL
1009#define CKM_TLS12_KDF 0x000003D9UL
1010#define CKM_TLS_MAC 0x000003E4UL
1011#define CKM_TLS_KDF 0x000003E5UL
1012
1013#define CKM_KEY_WRAP_LYNKS 0x00000400UL
1014#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL
1015
1016/* CKM_CMS_SIG is new for v2.20 */
1017#define CKM_CMS_SIG 0x00000500UL
1018
1019/* new for 2.40 */
1020#define CKM_KIP_DERIVE 0x00000510UL
1021#define CKM_KIP_WRAP 0x00000511UL
1022#define CKM_KIP_MAC 0x00000512UL
1023
1024/* Fortezza mechanisms */
1025#define CKM_SKIPJACK_KEY_GEN 0x00001000UL
1026#define CKM_SKIPJACK_ECB64 0x00001001UL
1027#define CKM_SKIPJACK_CBC64 0x00001002UL
1028#define CKM_SKIPJACK_OFB64 0x00001003UL
1029#define CKM_SKIPJACK_CFB64 0x00001004UL
1030#define CKM_SKIPJACK_CFB32 0x00001005UL
1031#define CKM_SKIPJACK_CFB16 0x00001006UL
1032#define CKM_SKIPJACK_CFB8 0x00001007UL
1033#define CKM_SKIPJACK_WRAP 0x00001008UL
1034#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009UL
1035#define CKM_SKIPJACK_RELAYX 0x0000100aUL
1036#define CKM_KEA_KEY_PAIR_GEN 0x00001010UL
1037#define CKM_KEA_KEY_DERIVE 0x00001011UL
1038#define CKM_FORTEZZA_TIMESTAMP 0x00001020UL
1039#define CKM_BATON_KEY_GEN 0x00001030UL
1040#define CKM_BATON_ECB128 0x00001031UL
1041#define CKM_BATON_ECB96 0x00001032UL
1042#define CKM_BATON_CBC128 0x00001033UL
1043#define CKM_BATON_COUNTER 0x00001034UL
1044#define CKM_BATON_SHUFFLE 0x00001035UL
1045#define CKM_BATON_WRAP 0x00001036UL
1046
1047/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
1048 * CKM_EC_KEY_PAIR_GEN is preferred */
1049#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040UL
1050#define CKM_EC_KEY_PAIR_GEN 0x00001040UL
1051
1052#define CKM_ECDSA 0x00001041UL
1053#define CKM_ECDSA_SHA1 0x00001042UL
1054
1055/* new for v2.40 */
1056#define CKM_ECDSA_SHA224 0x00001043UL
1057#define CKM_ECDSA_SHA256 0x00001044UL
1058#define CKM_ECDSA_SHA384 0x00001045UL
1059#define CKM_ECDSA_SHA512 0x00001046UL
1060#define CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS 0x0000140BUL
1061
1062/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
1063 * are new for v2.11 */
1064#define CKM_ECDH1_DERIVE 0x00001050UL
1065#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL
1066#define CKM_ECMQV_DERIVE 0x00001052UL
1067
1068/* new for v2.40 */
1069#define CKM_ECDH_AES_KEY_WRAP 0x00001053UL
1070#define CKM_RSA_AES_KEY_WRAP 0x00001054UL
1071
1072#define CKM_JUNIPER_KEY_GEN 0x00001060UL
1073#define CKM_JUNIPER_ECB128 0x00001061UL
1074#define CKM_JUNIPER_CBC128 0x00001062UL
1075#define CKM_JUNIPER_COUNTER 0x00001063UL
1076#define CKM_JUNIPER_SHUFFLE 0x00001064UL
1077#define CKM_JUNIPER_WRAP 0x00001065UL
1078#define CKM_FASTHASH 0x00001070UL
1079
1080/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
1081 * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
1082 * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
1083 * new for v2.11 */
1084#define CKM_AES_KEY_GEN 0x00001080UL
1085#define CKM_AES_ECB 0x00001081UL
1086#define CKM_AES_CBC 0x00001082UL
1087#define CKM_AES_MAC 0x00001083UL
1088#define CKM_AES_MAC_GENERAL 0x00001084UL
1089#define CKM_AES_CBC_PAD 0x00001085UL
1090/* new for v2.20 amendment 3 */
1091#define CKM_AES_CTR 0x00001086UL
1092/* new for v2.30 */
1093#define CKM_AES_GCM 0x00001087UL
1094#define CKM_AES_CCM 0x00001088UL
1095#define CKM_AES_CTS 0x00001089UL
1096/* AES-CMAC values copied from v2.40 errata 1 header file */
1097#define CKM_AES_CMAC 0x0000108AUL
1098#define CKM_AES_CMAC_GENERAL 0x0000108BUL
1099#define CKM_AES_XCBC_MAC 0x0000108CUL
1100#define CKM_AES_XCBC_MAC_96 0x0000108DUL
1101
1102/* BlowFish and TwoFish are new for v2.20 */
1103#define CKM_BLOWFISH_KEY_GEN 0x00001090UL
1104#define CKM_BLOWFISH_CBC 0x00001091UL
1105#define CKM_TWOFISH_KEY_GEN 0x00001092UL
1106#define CKM_TWOFISH_CBC 0x00001093UL
1107
1108/* new for v2.40 */
1109#define CKM_BLOWFISH_CBC_PAD 0x00001094UL
1110#define CKM_TWOFISH_CBC_PAD 0x00001095UL
1111
1112/* Camellia is proposed for v2.20 Amendment 3 */
1113#define CKM_CAMELLIA_KEY_GEN 0x00000550UL
1114#define CKM_CAMELLIA_ECB 0x00000551UL
1115#define CKM_CAMELLIA_CBC 0x00000552UL
1116#define CKM_CAMELLIA_MAC 0x00000553UL
1117#define CKM_CAMELLIA_MAC_GENERAL 0x00000554UL
1118#define CKM_CAMELLIA_CBC_PAD 0x00000555UL
1119#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556UL
1120#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557UL
1121
1122/* new for v2.40 */
1123#define CKM_ARIA_KEY_GEN 0x00000560UL
1124#define CKM_ARIA_ECB 0x00000561UL
1125#define CKM_ARIA_CBC 0x00000562UL
1126#define CKM_ARIA_MAC 0x00000563UL
1127#define CKM_ARIA_MAC_GENERAL 0x00000564UL
1128#define CKM_ARIA_CBC_PAD 0x00000565UL
1129#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566UL
1130#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567UL
1131
1132#define CKM_SEED_KEY_GEN 0x00000650UL
1133#define CKM_SEED_ECB 0x00000651UL
1134#define CKM_SEED_CBC 0x00000652UL
1135#define CKM_SEED_MAC 0x00000653UL
1136#define CKM_SEED_MAC_GENERAL 0x00000654UL
1137#define CKM_SEED_CBC_PAD 0x00000655UL
1138#define CKM_SEED_ECB_ENCRYPT_DATA 0x00000656UL
1139#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL
1140
1141/* new for v2.40 */
1142#define CKM_ECDSA_SHA3_224 0x00001047UL
1143#define CKM_ECDSA_SHA3_256 0x00001048UL
1144#define CKM_ECDSA_SHA3_384 0x00001049UL
1145#define CKM_ECDSA_SHA3_512 0x0000104aUL
1146#define CKM_EC_EDWARDS_KEY_PAIR_GEN 0x00001055UL
1147#define CKM_EC_MONTGOMERY_KEY_PAIR_GEN 0x00001056UL
1148#define CKM_EDDSA 0x00001057UL
1149
1150/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
1151#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL
1152#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL
1153#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102UL
1154#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103UL
1155#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104UL
1156#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105UL
1157
1158#define CKM_GOSTR3410_KEY_PAIR_GEN 0x00001200UL
1159#define CKM_GOSTR3410 0x00001201UL
1160#define CKM_GOSTR3410_WITH_GOSTR3411 0x00001202UL
1161#define CKM_GOSTR3410_KEY_WRAP 0x00001203UL
1162#define CKM_GOSTR3410_DERIVE 0x00001204UL
1163#define CKM_GOSTR3411 0x00001210UL
1164#define CKM_GOSTR3411_HMAC 0x00001211UL
1165#define CKM_GOST28147_KEY_GEN 0x00001220UL
1166#define CKM_GOST28147_ECB 0x00001221UL
1167#define CKM_GOST28147 0x00001222UL
1168#define CKM_GOST28147_MAC 0x00001223UL
1169#define CKM_GOST28147_KEY_WRAP 0x00001224UL
1170
1171/* new for v2.40 */
1172#define CKM_CHACHA20_KEY_GEN 0x00001225UL
1173#define CKM_CHACHA20 0x00001226UL
1174#define CKM_POLY1305_KEY_GEN 0x00001227UL
1175#define CKM_POLY1305 0x00001228UL
1176
1177#define CKM_DSA_PARAMETER_GEN 0x00002000UL
1178#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL
1179#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL
1180
1181/* new for v2.40 */
1182#define CKM_DSA_PROBABILISTIC_PARAMETER_GEN 0x00002003UL
1183#define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL
1184#define CKM_DSA_FIPS_G_GEN 0x00002005UL
1185#define CKM_AES_CFB1 0x00002108UL
1186#define CKM_AES_KEY_WRAP 0x00002109UL
1187#define CKM_AES_KEY_WRAP_PAD 0x0000210AUL
1188#define CKM_AES_KEY_WRAP_KWP 0x0000210BUL
1189
1190/* CKM_SP800_108_xxx_KDF are new for v3.0 */
1191#define CKM_SP800_108_COUNTER_KDF 0x000003acUL
1192#define CKM_SP800_108_FEEDBACK_KDF 0x000003adUL
1193#define CKM_SP800_108_DOUBLE_PIPELINE_KDF 0x000003aeUL
1194
1195/* new for v2.4 */
1196#define CKM_RSA_PKCS_TPM_1_1 0x00004001UL
1197#define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL
1198#define CKM_SHA_1_KEY_GEN 0x00004003UL
1199#define CKM_SHA224_KEY_GEN 0x00004004UL
1200#define CKM_SHA256_KEY_GEN 0x00004005UL
1201#define CKM_SHA384_KEY_GEN 0x00004006UL
1202#define CKM_SHA512_KEY_GEN 0x00004007UL
1203#define CKM_SHA512_224_KEY_GEN 0x00004008UL
1204#define CKM_SHA512_256_KEY_GEN 0x00004009UL
1205#define CKM_SHA512_T_KEY_GEN 0x0000400aUL
1206
1207/* new for v3.0 */
1208#define CKM_NULL 0x0000400bUL
1209#define CKM_BLAKE2B_160 0x0000400cUL
1210#define CKM_BLAKE2B_160_HMAC 0x0000400dUL
1211#define CKM_BLAKE2B_160_HMAC_GENERAL 0x0000400eUL
1212#define CKM_BLAKE2B_160_KEY_DERIVE 0x0000400fUL
1213#define CKM_BLAKE2B_160_KEY_GEN 0x00004010UL
1214#define CKM_BLAKE2B_256 0x00004011UL
1215#define CKM_BLAKE2B_256_HMAC 0x00004012UL
1216#define CKM_BLAKE2B_256_HMAC_GENERAL 0x00004013UL
1217#define CKM_BLAKE2B_256_KEY_DERIVE 0x00004014UL
1218#define CKM_BLAKE2B_256_KEY_GEN 0x00004015UL
1219#define CKM_BLAKE2B_384 0x00004016UL
1220#define CKM_BLAKE2B_384_HMAC 0x00004017UL
1221#define CKM_BLAKE2B_384_HMAC_GENERAL 0x00004018UL
1222#define CKM_BLAKE2B_384_KEY_DERIVE 0x00004019UL
1223#define CKM_BLAKE2B_384_KEY_GEN 0x0000401aUL
1224#define CKM_BLAKE2B_512 0x0000401bUL
1225#define CKM_BLAKE2B_512_HMAC 0x0000401cUL
1226#define CKM_BLAKE2B_512_HMAC_GENERAL 0x0000401dUL
1227#define CKM_BLAKE2B_512_KEY_DERIVE 0x0000401eUL
1228#define CKM_BLAKE2B_512_KEY_GEN 0x0000401fUL
1229#define CKM_SALSA20 0x00004020UL
1230#define CKM_CHACHA20_POLY1305 0x00004021UL
1231#define CKM_SALSA20_POLY1305 0x00004022UL
1232#define CKM_X3DH_INITIALIZE 0x00004023UL
1233#define CKM_X3DH_RESPOND 0x00004024UL
1234#define CKM_X2RATCHET_INITIALIZE 0x00004025UL
1235#define CKM_X2RATCHET_RESPOND 0x00004026UL
1236#define CKM_X2RATCHET_ENCRYPT 0x00004027UL
1237#define CKM_X2RATCHET_DECRYPT 0x00004028UL
1238#define CKM_XEDDSA 0x00004029UL
1239#define CKM_HKDF_DERIVE 0x0000402aUL
1240#define CKM_HKDF_DATA 0x0000402bUL
1241#define CKM_HKDF_KEY_GEN 0x0000402cUL
1242#define CKM_SALSA20_KEY_GEN 0x0000402dUL
1243
1244#define CKM_VENDOR_DEFINED 0x80000000UL
1245
1246typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR;
1247
1248/* CK_MECHANISM is a structure that specifies a particular
1249 * mechanism */
1250typedef struct CK_MECHANISM {
1251 CK_MECHANISM_TYPE mechanism;
1252 CK_VOID_PTR pParameter;
1253
1254 /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
1255 * v2.0 */
1256 CK_ULONG ulParameterLen; /* in bytes */
1257} CK_MECHANISM;
1258
1259typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR;
1260
1261/* CK_MECHANISM_INFO provides information about a particular
1262 * mechanism */
1263typedef struct CK_MECHANISM_INFO {
1264 CK_ULONG ulMinKeySize;
1265 CK_ULONG ulMaxKeySize;
1266 CK_FLAGS flags;
1267} CK_MECHANISM_INFO;
1268
1269/* The flags are defined as follows:
1270 * Bit Flag Mask Meaning */
1271#define CKF_HW 0x00000001UL /* performed by HW */
1272
1273/* Message interface Flags, new for v3.0 */
1274#define CKF_MESSAGE_ENCRYPT 0x00000002UL
1275#define CKF_MESSAGE_DECRYPT 0x00000004UL
1276#define CKF_MESSAGE_SIGN 0x00000008UL
1277#define CKF_MESSAGE_VERIFY 0x00000010UL
1278#define CKF_MULTI_MESSAGE 0x00000020UL
1279
1280/* FindObjects (not for CK_MECHANISM_INFO, but for C_CancelSession) v3.0 */
1281#define CKF_FIND_OBJECTS 0x00000040UL
1282
1283/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
1284 * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
1285 * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
1286 * and CKF_DERIVE are new for v2.0. They specify whether or not
1287 * a mechanism can be used for a particular task */
1288#define CKF_ENCRYPT 0x00000100UL
1289#define CKF_DECRYPT 0x00000200UL
1290#define CKF_DIGEST 0x00000400UL
1291#define CKF_SIGN 0x00000800UL
1292#define CKF_SIGN_RECOVER 0x00001000UL
1293#define CKF_VERIFY 0x00002000
1294#define CKF_VERIFY_RECOVER 0x00004000UL
1295#define CKF_GENERATE 0x00008000UL
1296#define CKF_GENERATE_KEY_PAIR 0x00010000UL
1297#define CKF_WRAP 0x00020000UL
1298#define CKF_UNWRAP 0x00040000UL
1299#define CKF_DERIVE 0x00080000UL
1300
1301/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
1302 * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
1303 * describe a token's EC capabilities not available in mechanism
1304 * information. */
1305#define CKF_EC_F_P 0x00100000UL
1306#define CKF_EC_F_2M 0x00200000UL
1307#define CKF_EC_ECPARAMETERS 0x00400000UL
1308#define CKF_EC_OID 0x00800000UL
1309#define CKF_EC_NAMEDCURVE CKF_EC_OID /* renamed in v3.0 */
1310#define CKF_EC_UNCOMPRESS 0x01000000UL
1311#define CKF_EC_COMPRESS 0x02000000UL
1312
1313#define CKF_EXTENSION 0x80000000UL /* FALSE for this version */
1314
1315typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR;
1316
1317/* CK_RV is a value that identifies the return value of a
1318 * PKCS #11 function */
1319/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
1320typedef CK_ULONG CK_RV;
1321
1322#define CKR_OK 0x00000000UL
1323#define CKR_CANCEL 0x00000001UL
1324#define CKR_HOST_MEMORY 0x00000002UL
1325#define CKR_SLOT_ID_INVALID 0x00000003UL
1326
1327/* CKR_FLAGS_INVALID was removed for v2.0 */
1328
1329/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
1330#define CKR_GENERAL_ERROR 0x00000005UL
1331#define CKR_FUNCTION_FAILED 0x00000006UL
1332
1333/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
1334 * and CKR_CANT_LOCK are new for v2.01 */
1335#define CKR_ARGUMENTS_BAD 0x00000007UL
1336#define CKR_NO_EVENT 0x00000008UL
1337#define CKR_NEED_TO_CREATE_THREADS 0x00000009UL
1338#define CKR_CANT_LOCK 0x0000000AUL
1339
1340#define CKR_ATTRIBUTE_READ_ONLY 0x00000010UL
1341#define CKR_ATTRIBUTE_SENSITIVE 0x00000011UL
1342#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012UL
1343#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013UL
1344
1345/* new for v3.0 */
1346#define CKR_ACTION_PROHIBITED 0x0000001BUL
1347
1348#define CKR_DATA_INVALID 0x00000020UL
1349#define CKR_DATA_LEN_RANGE 0x00000021UL
1350#define CKR_DEVICE_ERROR 0x00000030UL
1351#define CKR_DEVICE_MEMORY 0x00000031UL
1352#define CKR_DEVICE_REMOVED 0x00000032UL
1353#define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL
1354#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL
1355#define CKR_FUNCTION_CANCELED 0x00000050UL
1356#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL
1357
1358/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
1359#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL
1360
1361#define CKR_KEY_HANDLE_INVALID 0x00000060UL
1362
1363/* CKR_KEY_SENSITIVE was removed for v2.0 */
1364
1365#define CKR_KEY_SIZE_RANGE 0x00000062UL
1366#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL
1367
1368/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
1369 * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
1370 * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
1371 * v2.0 */
1372#define CKR_KEY_NOT_NEEDED 0x00000064UL
1373#define CKR_KEY_CHANGED 0x00000065UL
1374#define CKR_KEY_NEEDED 0x00000066UL
1375#define CKR_KEY_INDIGESTIBLE 0x00000067UL
1376#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068UL
1377#define CKR_KEY_NOT_WRAPPABLE 0x00000069UL
1378#define CKR_KEY_UNEXTRACTABLE 0x0000006AUL
1379
1380#define CKR_MECHANISM_INVALID 0x00000070UL
1381#define CKR_MECHANISM_PARAM_INVALID 0x00000071UL
1382
1383/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
1384 * were removed for v2.0 */
1385#define CKR_OBJECT_HANDLE_INVALID 0x00000082UL
1386#define CKR_OPERATION_ACTIVE 0x00000090UL
1387#define CKR_OPERATION_NOT_INITIALIZED 0x00000091UL
1388#define CKR_PIN_INCORRECT 0x000000A0UL
1389#define CKR_PIN_INVALID 0x000000A1UL
1390#define CKR_PIN_LEN_RANGE 0x000000A2UL
1391
1392/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
1393#define CKR_PIN_EXPIRED 0x000000A3UL
1394#define CKR_PIN_LOCKED 0x000000A4UL
1395
1396#define CKR_SESSION_CLOSED 0x000000B0UL
1397#define CKR_SESSION_COUNT 0x000000B1UL
1398#define CKR_SESSION_HANDLE_INVALID 0x000000B3UL
1399#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4UL
1400#define CKR_SESSION_READ_ONLY 0x000000B5UL
1401#define CKR_SESSION_EXISTS 0x000000B6UL
1402
1403/* CKR_SESSION_READ_ONLY_EXISTS and
1404 * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
1405#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL
1406#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL
1407
1408#define CKR_SIGNATURE_INVALID 0x000000C0UL
1409#define CKR_SIGNATURE_LEN_RANGE 0x000000C1UL
1410#define CKR_TEMPLATE_INCOMPLETE 0x000000D0UL
1411#define CKR_TEMPLATE_INCONSISTENT 0x000000D1UL
1412#define CKR_TOKEN_NOT_PRESENT 0x000000E0UL
1413#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1UL
1414#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2UL
1415#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0UL
1416#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1UL
1417#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2UL
1418#define CKR_USER_ALREADY_LOGGED_IN 0x00000100UL
1419#define CKR_USER_NOT_LOGGED_IN 0x00000101UL
1420#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102UL
1421#define CKR_USER_TYPE_INVALID 0x00000103UL
1422
1423/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
1424 * are new to v2.01 */
1425#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL
1426#define CKR_USER_TOO_MANY_TYPES 0x00000105UL
1427
1428#define CKR_WRAPPED_KEY_INVALID 0x00000110UL
1429#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112UL
1430#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113UL
1431#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114UL
1432#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115UL
1433#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL
1434
1435/* This is new to v2.0 */
1436#define CKR_RANDOM_NO_RNG 0x00000121UL
1437
1438/* This is new to v2.11 */
1439#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL
1440
1441/* This is new to v2.40 */
1442#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL
1443
1444/* These are new to v2.0 */
1445#define CKR_BUFFER_TOO_SMALL 0x00000150UL
1446#define CKR_SAVED_STATE_INVALID 0x00000160UL
1447#define CKR_INFORMATION_SENSITIVE 0x00000170UL
1448#define CKR_STATE_UNSAVEABLE 0x00000180UL
1449
1450/* These are new to v2.01 */
1451#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL
1452#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL
1453#define CKR_MUTEX_BAD 0x000001A0UL
1454#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL
1455
1456/* These are new to v2.40 */
1457#define CKR_NEW_PIN_MODE 0x000001B0UL
1458#define CKR_NEXT_OTP 0x000001B1UL
1459#define CKR_EXCEEDED_MAX_ITERATIONS 0x000001B5UL
1460#define CKR_FIPS_SELF_TEST_FAILED 0x000001B6UL
1461#define CKR_LIBRARY_LOAD_FAILED 0x000001B7UL
1462#define CKR_PIN_TOO_WEAK 0x000001B8UL
1463#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL
1464
1465/* This is new to v2.20 */
1466#define CKR_FUNCTION_REJECTED 0x00000200UL
1467
1468/* This is new to v3.0 */
1469#define CKR_TOKEN_RESOURCE_EXCEEDED 0x00000201UL
1470#define CKR_OPERATION_CANCEL_FAILED 0x00000202UL
1471
1472#define CKR_VENDOR_DEFINED 0x80000000UL
1473
1474/* CK_NOTIFY is an application callback that processes events */
1475typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)(
1476 CK_SESSION_HANDLE hSession, /* the session's handle */
1477 CK_NOTIFICATION event,
1478 CK_VOID_PTR pApplication /* passed to C_OpenSession */
1479);
1480
1481/* CK_FUNCTION_LIST is a structure holding a PKCS #11 spec
1482 * version and pointers of appropriate types to all the
1483 * PKCS #11 functions */
1484/* CK_FUNCTION_LIST is new for v2.0 */
1485typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
1486
1487typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR;
1488
1489typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR;
1490
1491/* These are new for v3.0 */
1492typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0;
1493typedef CK_FUNCTION_LIST_3_0 CK_PTR CK_FUNCTION_LIST_3_0_PTR;
1494typedef CK_FUNCTION_LIST_3_0_PTR CK_PTR CK_FUNCTION_LIST_3_0_PTR_PTR;
1495
1496/* Interfaces are new in v3.0 */
1497typedef struct CK_INTERFACE {
1498 CK_CHAR *pInterfaceName;
1499 CK_VOID_PTR pFunctionList;
1500 CK_FLAGS flags;
1501} CK_INTERFACE;
1502
1503typedef CK_INTERFACE CK_PTR CK_INTERFACE_PTR;
1504typedef CK_INTERFACE_PTR CK_PTR CK_INTERFACE_PTR_PTR;
1505
1506#define CKF_END_OF_MESSAGE 0x00000001UL
1507#define CKF_INTERFACE_FORK_SAFE 0x00000001UL
1508
1509/* CK_CREATEMUTEX is an application callback for creating a
1510 * mutex object */
1511typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)(
1512 CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */
1513);
1514
1515/* CK_DESTROYMUTEX is an application callback for destroying a
1516 * mutex object */
1517typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)(
1518 CK_VOID_PTR pMutex /* pointer to mutex */
1519);
1520
1521/* CK_LOCKMUTEX is an application callback for locking a mutex */
1522typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)(
1523 CK_VOID_PTR pMutex /* pointer to mutex */
1524);
1525
1526/* CK_UNLOCKMUTEX is an application callback for unlocking a
1527 * mutex */
1528typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)(
1529 CK_VOID_PTR pMutex /* pointer to mutex */
1530);
1531
1532/* CK_C_INITIALIZE_ARGS provides the optional arguments to
1533 * C_Initialize */
1534typedef struct CK_C_INITIALIZE_ARGS {
1535 CK_CREATEMUTEX CreateMutex;
1536 CK_DESTROYMUTEX DestroyMutex;
1537 CK_LOCKMUTEX LockMutex;
1538 CK_UNLOCKMUTEX UnlockMutex;
1539 CK_FLAGS flags;
1540 /* The official PKCS #11 spec does not have a 'LibraryParameters' field, but
1541 * a reserved field. NSS needs a way to pass instance-specific information
1542 * to the library (like where to find its config files, etc). This
1543 * information is usually provided by the installer and passed uninterpreted
1544 * by NSS to the library, though NSS does know the specifics of the softoken
1545 * version of this parameter. Most compliant PKCS#11 modules expect this
1546 * parameter to be NULL, and will return CKR_ARGUMENTS_BAD from
1547 * C_Initialize if Library parameters is supplied. */
1548 CK_CHAR_PTR *LibraryParameters;
1549 /* This field is only present if the LibraryParameters is not NULL. It must
1550 * be NULL in all cases */
1551 CK_VOID_PTR pReserved;
1552} CK_C_INITIALIZE_ARGS;
1553
1554/* flags: bit flags that provide capabilities of the slot
1555 * Bit Flag Mask Meaning
1556 */
1557#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001UL
1558#define CKF_OS_LOCKING_OK 0x00000002UL
1559
1560typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR;
1561
1562/* additional flags for parameters to functions */
1563
1564/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
1565#define CKF_DONT_BLOCK 1
1566
1567/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
1568 * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
1569 * Generation Function (MGF) applied to a message block when
1570 * formatting a message block for the PKCS #1 OAEP encryption
1571 * scheme. */
1572typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE;
1573
1574typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR;
1575
1576/* The following MGFs are defined */
1577/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
1578 * are new for v2.20 */
1579#define CKG_MGF1_SHA1 0x00000001UL
1580#define CKG_MGF1_SHA256 0x00000002UL
1581#define CKG_MGF1_SHA384 0x00000003UL
1582#define CKG_MGF1_SHA512 0x00000004UL
1583
1584/* v2.20 amendment 3 */
1585#define CKG_MGF1_SHA224 0x00000005UL
1586
1587/* v2.40 */
1588#define CKG_MGF1_SHA3_224 0x00000006UL
1589#define CKG_MGF1_SHA3_256 0x00000007UL
1590#define CKG_MGF1_SHA3_384 0x00000008UL
1591#define CKG_MGF1_SHA3_512 0x00000009UL
1592
1593/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
1594 * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
1595 * of the encoding parameter when formatting a message block
1596 * for the PKCS #1 OAEP encryption scheme. */
1597typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE;
1598
1599typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR;
1600
1601/* The following encoding parameter sources are defined */
1602#define CKZ_DATA_SPECIFIED 0x00000001UL
1603
1604/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
1605 * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
1606 * CKM_RSA_PKCS_OAEP mechanism. */
1607typedef struct CK_RSA_PKCS_OAEP_PARAMS {
1608 CK_MECHANISM_TYPE hashAlg;
1609 CK_RSA_PKCS_MGF_TYPE mgf;
1610 CK_RSA_PKCS_OAEP_SOURCE_TYPE source;
1611 CK_VOID_PTR pSourceData;
1612 CK_ULONG ulSourceDataLen;
1613} CK_RSA_PKCS_OAEP_PARAMS;
1614
1615typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
1616
1617/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
1618 * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
1619 * CKM_RSA_PKCS_PSS mechanism(s). */
1620typedef struct CK_RSA_PKCS_PSS_PARAMS {
1621 CK_MECHANISM_TYPE hashAlg;
1622 CK_RSA_PKCS_MGF_TYPE mgf;
1623 CK_ULONG sLen;
1624} CK_RSA_PKCS_PSS_PARAMS;
1625
1626typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
1627
1628/* CK_EC_KDF_TYPE is new for v2.11. */
1629typedef CK_ULONG CK_EC_KDF_TYPE;
1630
1631/* The following EC Key Derivation Functions are defined */
1632#define CKD_NULL 0x00000001UL
1633#define CKD_SHA1_KDF 0x00000002UL
1634#define CKD_SHA224_KDF 0x00000005UL
1635#define CKD_SHA256_KDF 0x00000006UL
1636#define CKD_SHA384_KDF 0x00000007UL
1637#define CKD_SHA512_KDF 0x00000008UL
1638
1639/* new for v2.40 */
1640#define CKD_CPDIVERSIFY_KDF 0x00000009UL
1641#define CKD_SHA3_224_KDF 0x0000000AUL
1642#define CKD_SHA3_256_KDF 0x0000000BUL
1643#define CKD_SHA3_384_KDF 0x0000000CUL
1644#define CKD_SHA3_512_KDF 0x0000000DUL
1645
1646/* new for v3.0 */
1647#define CKD_SHA1_KDF_SP800 0x0000000EUL
1648#define CKD_SHA224_KDF_SP800 0x0000000FUL
1649#define CKD_SHA256_KDF_SP800 0x00000010UL
1650#define CKD_SHA384_KDF_SP800 0x00000011UL
1651#define CKD_SHA512_KDF_SP800 0x00000012UL
1652#define CKD_SHA3_224_KDF_SP800 0x00000013UL
1653#define CKD_SHA3_256_KDF_SP800 0x00000014UL
1654#define CKD_SHA3_384_KDF_SP800 0x00000015UL
1655#define CKD_SHA3_512_KDF_SP800 0x00000016UL
1656#define CKD_BLAKE2B_160_KDF 0x00000017UL
1657#define CKD_BLAKE2B_256_KDF 0x00000018UL
1658#define CKD_BLAKE2B_384_KDF 0x00000019UL
1659#define CKD_BLAKE2B_512_KDF 0x0000001aUL
1660
1661/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
1662 * CK_ECDH1_DERIVE_PARAMS provides the parameters to the
1663 * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
1664 * where each party contributes one key pair.
1665 */
1666typedef struct CK_ECDH1_DERIVE_PARAMS {
1667 CK_EC_KDF_TYPE kdf;
1668 CK_ULONG ulSharedDataLen;
1669 CK_BYTE_PTR pSharedData;
1670 CK_ULONG ulPublicDataLen;
1671 CK_BYTE_PTR pPublicData;
1672} CK_ECDH1_DERIVE_PARAMS;
1673
1674typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR;
1675
1676/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
1677 * CK_ECDH2_DERIVE_PARAMS provides the parameters to the
1678 * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
1679typedef struct CK_ECDH2_DERIVE_PARAMS {
1680 CK_EC_KDF_TYPE kdf;
1681 CK_ULONG ulSharedDataLen;
1682 CK_BYTE_PTR pSharedData;
1683 CK_ULONG ulPublicDataLen;
1684 CK_BYTE_PTR pPublicData;
1685 CK_ULONG ulPrivateDataLen;
1686 CK_OBJECT_HANDLE hPrivateData;
1687 CK_ULONG ulPublicDataLen2;
1688 CK_BYTE_PTR pPublicData2;
1689} CK_ECDH2_DERIVE_PARAMS;
1690
1691typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR;
1692
1693typedef struct CK_ECMQV_DERIVE_PARAMS {
1694 CK_EC_KDF_TYPE kdf;
1695 CK_ULONG ulSharedDataLen;
1696 CK_BYTE_PTR pSharedData;
1697 CK_ULONG ulPublicDataLen;
1698 CK_BYTE_PTR pPublicData;
1699 CK_ULONG ulPrivateDataLen;
1700 CK_OBJECT_HANDLE hPrivateData;
1701 CK_ULONG ulPublicDataLen2;
1702 CK_BYTE_PTR pPublicData2;
1703 CK_OBJECT_HANDLE publicKey;
1704} CK_ECMQV_DERIVE_PARAMS;
1705
1706typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR;
1707
1708/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
1709 * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
1710typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
1711typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
1712
1713/* The following X9.42 DH key derivation functions are defined
1714 (besides CKD_NULL already defined : */
1715#define CKD_SHA1_KDF_ASN1 0x00000003UL
1716#define CKD_SHA1_KDF_CONCATENATE 0x00000004UL
1717
1718/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
1719 * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
1720 * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
1721 * contributes one key pair */
1722typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
1723 CK_X9_42_DH_KDF_TYPE kdf;
1724 CK_ULONG ulOtherInfoLen;
1725 CK_BYTE_PTR pOtherInfo;
1726 CK_ULONG ulPublicDataLen;
1727 CK_BYTE_PTR pPublicData;
1728} CK_X9_42_DH1_DERIVE_PARAMS;
1729
1730typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
1731
1732/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
1733 * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
1734 * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
1735 * mechanisms, where each party contributes two key pairs */
1736typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
1737 CK_X9_42_DH_KDF_TYPE kdf;
1738 CK_ULONG ulOtherInfoLen;
1739 CK_BYTE_PTR pOtherInfo;
1740 CK_ULONG ulPublicDataLen;
1741 CK_BYTE_PTR pPublicData;
1742 CK_ULONG ulPrivateDataLen;
1743 CK_OBJECT_HANDLE hPrivateData;
1744 CK_ULONG ulPublicDataLen2;
1745 CK_BYTE_PTR pPublicData2;
1746} CK_X9_42_DH2_DERIVE_PARAMS;
1747
1748typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR;
1749
1750typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
1751 CK_X9_42_DH_KDF_TYPE kdf;
1752 CK_ULONG ulOtherInfoLen;
1753 CK_BYTE_PTR pOtherInfo;
1754 CK_ULONG ulPublicDataLen;
1755 CK_BYTE_PTR pPublicData;
1756 CK_ULONG ulPrivateDataLen;
1757 CK_OBJECT_HANDLE hPrivateData;
1758 CK_ULONG ulPublicDataLen2;
1759 CK_BYTE_PTR pPublicData2;
1760 CK_OBJECT_HANDLE publicKey;
1761} CK_X9_42_MQV_DERIVE_PARAMS;
1762
1763typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR;
1764
1765/* CK_KEA_DERIVE_PARAMS provides the parameters to the
1766 * CKM_KEA_DERIVE mechanism */
1767/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
1768typedef struct CK_KEA_DERIVE_PARAMS {
1769 CK_BBOOL isSender;
1770 CK_ULONG ulRandomLen;
1771 CK_BYTE_PTR pRandomA;
1772 CK_BYTE_PTR pRandomB;
1773 CK_ULONG ulPublicDataLen;
1774 CK_BYTE_PTR pPublicData;
1775} CK_KEA_DERIVE_PARAMS;
1776
1777typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR;
1778
1779/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
1780 * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
1781 * holds the effective keysize */
1782typedef CK_ULONG CK_RC2_PARAMS;
1783
1784typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR;
1785
1786/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
1787 * mechanism */
1788typedef struct CK_RC2_CBC_PARAMS {
1789 /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
1790 * v2.0 */
1791 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1792
1793 CK_BYTE iv[8]; /* IV for CBC mode */
1794} CK_RC2_CBC_PARAMS;
1795
1796typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR;
1797
1798/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
1799 * CKM_RC2_MAC_GENERAL mechanism */
1800/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
1801typedef struct CK_RC2_MAC_GENERAL_PARAMS {
1802 CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
1803 CK_ULONG ulMacLength; /* Length of MAC in bytes */
1804} CK_RC2_MAC_GENERAL_PARAMS;
1805
1806typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR
1807 CK_RC2_MAC_GENERAL_PARAMS_PTR;
1808
1809/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
1810 * CKM_RC5_MAC mechanisms */
1811/* CK_RC5_PARAMS is new for v2.0 */
1812typedef struct CK_RC5_PARAMS {
1813 CK_ULONG ulWordsize; /* wordsize in bits */
1814 CK_ULONG ulRounds; /* number of rounds */
1815} CK_RC5_PARAMS;
1816
1817typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR;
1818
1819/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
1820 * mechanism */
1821/* CK_RC5_CBC_PARAMS is new for v2.0 */
1822typedef struct CK_RC5_CBC_PARAMS {
1823 CK_ULONG ulWordsize; /* wordsize in bits */
1824 CK_ULONG ulRounds; /* number of rounds */
1825 CK_BYTE_PTR pIv; /* pointer to IV */
1826 CK_ULONG ulIvLen; /* length of IV in bytes */
1827} CK_RC5_CBC_PARAMS;
1828
1829typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR;
1830
1831/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
1832 * CKM_RC5_MAC_GENERAL mechanism */
1833/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
1834typedef struct CK_RC5_MAC_GENERAL_PARAMS {
1835 CK_ULONG ulWordsize; /* wordsize in bits */
1836 CK_ULONG ulRounds; /* number of rounds */
1837 CK_ULONG ulMacLength; /* Length of MAC in bytes */
1838} CK_RC5_MAC_GENERAL_PARAMS;
1839
1840typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR
1841 CK_RC5_MAC_GENERAL_PARAMS_PTR;
1842
1843/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
1844 * ciphers' MAC_GENERAL mechanisms. Its value is the length of
1845 * the MAC */
1846/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
1847typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
1848
1849typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
1850
1851/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
1852typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
1853 CK_BYTE iv[8];
1854 CK_BYTE_PTR pData;
1855 CK_ULONG length;
1856} CK_DES_CBC_ENCRYPT_DATA_PARAMS;
1857
1858typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1859
1860typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
1861 CK_BYTE iv[16];
1862 CK_BYTE_PTR pData;
1863 CK_ULONG length;
1864} CK_AES_CBC_ENCRYPT_DATA_PARAMS;
1865
1866typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR;
1867
1868/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
1869typedef struct CK_AES_CTR_PARAMS {
1870 CK_ULONG ulCounterBits;
1871 CK_BYTE cb[16];
1872} CK_AES_CTR_PARAMS;
1873
1874typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR;
1875
1876/* CK_GCM_PARAMS is new for version 2.30 */
1877/* There was a discrepency between the doc and the headers
1878 * in PKCS #11 v2.40, NSS had the doc version, but the header
1879 * was normative. In V3.0 they were reconsiled as the header
1880 * version. In NSS the header version is called CK_GCM_PARAMS_V3
1881 * and the v2.40 doc version is called CK_NSS_GCM_PARAMS.
1882 * CK_GCM_PARMS is define as CK_NSS_GCM_PARAMS if
1883 * NSS_PCKS11_2_0_COMPAT is defined and CK_GCM_PARAMS_V3 if it's not.
1884 * Softoken accepts either version and internally uses CK_NSS_GCM_PARAMS */
1885typedef struct CK_GCM_PARAMS_V3 {
1886 CK_BYTE_PTR pIv;
1887 CK_ULONG ulIvLen;
1888 CK_ULONG ulIvBits;
1889 CK_BYTE_PTR pAAD;
1890 CK_ULONG ulAADLen;
1891 CK_ULONG ulTagBits;
1892} CK_GCM_PARAMS_V3;
1893
1894typedef CK_GCM_PARAMS_V3 CK_PTR CK_GCM_PARAMS_V3_PTR;
1895
1896/* CK_CCM_PARAMS is new for version 2.30 */
1897typedef struct CK_CCM_PARAMS {
1898 CK_ULONG ulDataLen;
1899 CK_BYTE_PTR pNonce;
1900 CK_ULONG ulNonceLen;
1901 CK_BYTE_PTR pAAD;
1902 CK_ULONG ulAADLen;
1903 CK_ULONG ulMACLen;
1904} CK_CCM_PARAMS;
1905
1906typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
1907
1908/* SALSA20_POLY1305 and CHACHA20_POLY1305 is AEAD is new in v3.0 */
1909typedef struct CK_SALSA20_CHACHA20_POLY1305_PARAMS {
1910 CK_BYTE_PTR pNonce;
1911 CK_ULONG ulNonceLen;
1912 CK_BYTE_PTR pAAD;
1913 CK_ULONG ulAADLen;
1914} CK_SALSA20_CHACHA20_POLY1305_PARAMS;
1915
1916typedef CK_SALSA20_CHACHA20_POLY1305_PARAMS
1917 CK_PTR CK_SALSA20_CHACHA20_POLY1305_PARAMS_PTR;
1918
1919/* MESSAGE params are new for v3.0 */
1920typedef CK_ULONG CK_GENERATOR_FUNCTION;
1921#define CKG_NO_GENERATE 0x00000000UL
1922#define CKG_GENERATE 0x00000001UL
1923#define CKG_GENERATE_COUNTER 0x00000002UL
1924#define CKG_GENERATE_RANDOM 0x00000003UL
1925#define CKG_GENERATE_COUNTER_XOR 0x00000004UL
1926
1927typedef struct CK_GCM_MESSAGE_PARAMS {
1928 CK_BYTE_PTR pIv;
1929 CK_ULONG ulIvLen;
1930 CK_ULONG ulIvFixedBits;
1931 CK_GENERATOR_FUNCTION ivGenerator;
1932 CK_BYTE_PTR pTag;
1933 CK_ULONG ulTagBits;
1934} CK_GCM_MESSAGE_PARAMS;
1935
1936typedef CK_GCM_MESSAGE_PARAMS CK_GCM_MESSAGE_PARAMS_PTR;
1937
1938typedef struct CK_CCM_MESSAGE_PARAMS {
1939 CK_ULONG ulDataLen; /*plaintext or ciphertext*/
1940 CK_BYTE_PTR pNonce;
1941 CK_ULONG ulNonceLen;
1942 CK_ULONG ulNonceFixedBits;
1943 CK_GENERATOR_FUNCTION nonceGenerator;
1944 CK_BYTE_PTR pMAC;
1945 CK_ULONG ulMACLen;
1946} CK_CCM_MESSAGE_PARAMS;
1947
1948typedef CK_CCM_MESSAGE_PARAMS CK_CCM_MESSAGE_PARAMS_PTR;
1949
1950/* SALSA20/CHACHA20 doe not define IV generators */
1951typedef struct CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS {
1952 CK_BYTE_PTR pNonce;
1953 CK_ULONG ulNonceLen;
1954 CK_BYTE_PTR pTag;
1955} CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS;
1956
1957typedef CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS
1958 CK_PTR CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS_PTR;
1959
1960/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
1961 * CKM_SKIPJACK_PRIVATE_WRAP mechanism */
1962/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
1963typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
1964 CK_ULONG ulPasswordLen;
1965 CK_BYTE_PTR pPassword;
1966 CK_ULONG ulPublicDataLen;
1967 CK_BYTE_PTR pPublicData;
1968 CK_ULONG ulPAndGLen;
1969 CK_ULONG ulQLen;
1970 CK_ULONG ulRandomLen;
1971 CK_BYTE_PTR pRandomA;
1972 CK_BYTE_PTR pPrimeP;
1973 CK_BYTE_PTR pBaseG;
1974 CK_BYTE_PTR pSubprimeQ;
1975} CK_SKIPJACK_PRIVATE_WRAP_PARAMS;
1976
1977typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR
1978 CK_SKIPJACK_PRIVATE_WRAP_PTR;
1979
1980/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
1981 * CKM_SKIPJACK_RELAYX mechanism */
1982/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
1983typedef struct CK_SKIPJACK_RELAYX_PARAMS {
1984 CK_ULONG ulOldWrappedXLen;
1985 CK_BYTE_PTR pOldWrappedX;
1986 CK_ULONG ulOldPasswordLen;
1987 CK_BYTE_PTR pOldPassword;
1988 CK_ULONG ulOldPublicDataLen;
1989 CK_BYTE_PTR pOldPublicData;
1990 CK_ULONG ulOldRandomLen;
1991 CK_BYTE_PTR pOldRandomA;
1992 CK_ULONG ulNewPasswordLen;
1993 CK_BYTE_PTR pNewPassword;
1994 CK_ULONG ulNewPublicDataLen;
1995 CK_BYTE_PTR pNewPublicData;
1996 CK_ULONG ulNewRandomLen;
1997 CK_BYTE_PTR pNewRandomA;
1998} CK_SKIPJACK_RELAYX_PARAMS;
1999
2000typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR
2001 CK_SKIPJACK_RELAYX_PARAMS_PTR;
2002
2003/* New for v2.40, CAMELLIA, ARIA, SEED */
2004typedef struct CK_CAMELLIA_CTR_PARAMS {
2005 CK_ULONG ulCounterBits;
2006 CK_BYTE cb[16];
2007} CK_CAMELLIA_CTR_PARAMS;
2008
2009typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
2010
2011typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
2012 CK_BYTE iv[16];
2013 CK_BYTE_PTR pData;
2014 CK_ULONG length;
2015} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS;
2016
2017typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR
2018 CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
2019
2020typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
2021 CK_BYTE iv[16];
2022 CK_BYTE_PTR pData;
2023 CK_ULONG length;
2024} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS;
2025
2026typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR
2027 CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
2028
2029typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {
2030 CK_BYTE iv[16];
2031 CK_BYTE_PTR pData;
2032 CK_ULONG length;
2033} CK_SEED_CBC_ENCRYPT_DATA_PARAMS;
2034
2035typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR
2036 CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR;
2037
2038/* ChaCha20/Salsa20 Counter support is new in v3.0*/
2039typedef struct CK_CHACHA20_PARAMS {
2040 CK_BYTE_PTR pBlockCounter;
2041 CK_ULONG blockCounterBits;
2042 CK_BYTE_PTR pNonce;
2043 CK_ULONG ulNonceBits;
2044} CK_CHACHA20_PARAMS;
2045
2046typedef CK_CHACHA20_PARAMS CK_PTR CK_CHACHA20_PARAMS_PTR;
2047
2048typedef struct CK_SALSA20_PARAMS {
2049 CK_BYTE_PTR pBlockCounter;
2050 CK_BYTE_PTR pNonce;
2051 CK_ULONG ulNonceBits;
2052} CK_SALSA20_PARAMS;
2053typedef CK_SALSA20_PARAMS CK_PTR CK_SALSA20_PARAMS_PTR;
2054
2055typedef struct CK_PBE_PARAMS {
2056 CK_BYTE_PTR pInitVector;
2057 CK_UTF8CHAR_PTR pPassword;
2058 CK_ULONG ulPasswordLen;
2059 CK_BYTE_PTR pSalt;
2060 CK_ULONG ulSaltLen;
2061 CK_ULONG ulIteration;
2062} CK_PBE_PARAMS;
2063
2064typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR;
2065
2066/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
2067 * CKM_KEY_WRAP_SET_OAEP mechanism */
2068/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
2069typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
2070 CK_BYTE bBC; /* block contents byte */
2071 CK_BYTE_PTR pX; /* extra data */
2072 CK_ULONG ulXLen; /* length of extra data in bytes */
2073} CK_KEY_WRAP_SET_OAEP_PARAMS;
2074
2075typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR
2076 CK_KEY_WRAP_SET_OAEP_PARAMS_PTR;
2077
2078typedef struct CK_SSL3_RANDOM_DATA {
2079 CK_BYTE_PTR pClientRandom;
2080 CK_ULONG ulClientRandomLen;
2081 CK_BYTE_PTR pServerRandom;
2082 CK_ULONG ulServerRandomLen;
2083} CK_SSL3_RANDOM_DATA;
2084
2085typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
2086 CK_SSL3_RANDOM_DATA RandomInfo;
2087 CK_VERSION_PTR pVersion;
2088} CK_SSL3_MASTER_KEY_DERIVE_PARAMS;
2089
2090typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR
2091 CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR;
2092
2093typedef struct CK_SSL3_KEY_MAT_OUT {
2094 CK_OBJECT_HANDLE hClientMacSecret;
2095 CK_OBJECT_HANDLE hServerMacSecret;
2096 CK_OBJECT_HANDLE hClientKey;
2097 CK_OBJECT_HANDLE hServerKey;
2098 CK_BYTE_PTR pIVClient;
2099 CK_BYTE_PTR pIVServer;
2100} CK_SSL3_KEY_MAT_OUT;
2101
2102typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR;
2103
2104typedef struct CK_SSL3_KEY_MAT_PARAMS {
2105 CK_ULONG ulMacSizeInBits;
2106 CK_ULONG ulKeySizeInBits;
2107 CK_ULONG ulIVSizeInBits;
2108 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
2109 CK_SSL3_RANDOM_DATA RandomInfo;
2110 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
2111} CK_SSL3_KEY_MAT_PARAMS;
2112
2113typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
2114
2115/* CK_TLS_PRF_PARAMS is new for version 2.20 */
2116typedef struct CK_TLS_PRF_PARAMS {
2117 CK_BYTE_PTR pSeed;
2118 CK_ULONG ulSeedLen;
2119 CK_BYTE_PTR pLabel;
2120 CK_ULONG ulLabelLen;
2121 CK_BYTE_PTR pOutput;
2122 CK_ULONG_PTR pulOutputLen;
2123} CK_TLS_PRF_PARAMS;
2124
2125typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
2126
2127/* TLS 1.2 is new for version 2.40 */
2128typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
2129 CK_SSL3_RANDOM_DATA RandomInfo;
2130 CK_VERSION_PTR pVersion;
2131 CK_MECHANISM_TYPE prfHashMechanism;
2132} CK_TLS12_MASTER_KEY_DERIVE_PARAMS;
2133
2134typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR
2135 CK_TLS12_MASTER_KEY_DERIVE_PARAMS_PTR;
2136
2137typedef struct CK_TLS12_KEY_MAT_PARAMS {
2138 CK_ULONG ulMacSizeInBits;
2139 CK_ULONG ulKeySizeInBits;
2140 CK_ULONG ulIVSizeInBits;
2141 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
2142 CK_SSL3_RANDOM_DATA RandomInfo;
2143 CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
2144 CK_MECHANISM_TYPE prfHashMechanism;
2145} CK_TLS12_KEY_MAT_PARAMS;
2146
2147typedef CK_TLS12_KEY_MAT_PARAMS CK_PTR CK_TLS12_KEY_MAT_PARAMS_PTR;
2148
2149typedef struct CK_TLS_KDF_PARAMS {
2150 CK_MECHANISM_TYPE prfMechanism;
2151 CK_BYTE_PTR pLabel;
2152 CK_ULONG ulLabelLength;
2153 CK_SSL3_RANDOM_DATA RandomInfo;
2154 CK_BYTE_PTR pContextData;
2155 CK_ULONG ulContextDataLength;
2156} CK_TLS_KDF_PARAMS;
2157
2158typedef struct CK_TLS_MAC_PARAMS {
2159 CK_MECHANISM_TYPE prfHashMechanism;
2160 CK_ULONG ulMacLength;
2161 CK_ULONG ulServerOrClient;
2162} CK_TLS_MAC_PARAMS;
2163
2164typedef CK_TLS_MAC_PARAMS CK_PTR CK_TLS_MAC_PARAMS_PTR;
2165
2166/* HKDF is new for v3.0 */
2167typedef struct CK_HKDF_PARAMS {
2168 CK_BBOOL bExtract;
2169 CK_BBOOL bExpand;
2170 CK_MECHANISM_TYPE prfHashMechanism;
2171 CK_ULONG ulSaltType;
2172 CK_BYTE_PTR pSalt;
2173 CK_ULONG ulSaltLen;
2174 CK_OBJECT_HANDLE hSaltKey;
2175 CK_BYTE_PTR pInfo;
2176 CK_ULONG ulInfoLen;
2177} CK_HKDF_PARAMS;
2178typedef CK_HKDF_PARAMS CK_PTR CK_HKDF_PARAMS_PTR;
2179
2180#define CKF_HKDF_SALT_NULL 0x00000001UL
2181#define CKF_HKDF_SALT_DATA 0x00000002UL
2182#define CKF_HKDF_SALT_KEY 0x00000004UL
2183
2184/* WTLS is new for version 2.20 */
2185typedef struct CK_WTLS_RANDOM_DATA {
2186 CK_BYTE_PTR pClientRandom;
2187 CK_ULONG ulClientRandomLen;
2188 CK_BYTE_PTR pServerRandom;
2189 CK_ULONG ulServerRandomLen;
2190} CK_WTLS_RANDOM_DATA;
2191
2192typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR;
2193
2194typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
2195 CK_MECHANISM_TYPE DigestMechanism;
2196 CK_WTLS_RANDOM_DATA RandomInfo;
2197 CK_BYTE_PTR pVersion;
2198} CK_WTLS_MASTER_KEY_DERIVE_PARAMS;
2199
2200typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR
2201 CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR;
2202
2203typedef struct CK_WTLS_PRF_PARAMS {
2204 CK_MECHANISM_TYPE DigestMechanism;
2205 CK_BYTE_PTR pSeed;
2206 CK_ULONG ulSeedLen;
2207 CK_BYTE_PTR pLabel;
2208 CK_ULONG ulLabelLen;
2209 CK_BYTE_PTR pOutput;
2210 CK_ULONG_PTR pulOutputLen;
2211} CK_WTLS_PRF_PARAMS;
2212
2213typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR;
2214
2215typedef struct CK_WTLS_KEY_MAT_OUT {
2216 CK_OBJECT_HANDLE hMacSecret;
2217 CK_OBJECT_HANDLE hKey;
2218 CK_BYTE_PTR pIV;
2219} CK_WTLS_KEY_MAT_OUT;
2220
2221typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR;
2222
2223typedef struct CK_WTLS_KEY_MAT_PARAMS {
2224 CK_MECHANISM_TYPE DigestMechanism;
2225 CK_ULONG ulMacSizeInBits;
2226 CK_ULONG ulKeySizeInBits;
2227 CK_ULONG ulIVSizeInBits;
2228 CK_ULONG ulSequenceNumber;
2229 CK_BBOOL bIsExport; /* Unused. Must be set to CK_FALSE. */
2230 CK_WTLS_RANDOM_DATA RandomInfo;
2231 CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial;
2232} CK_WTLS_KEY_MAT_PARAMS;
2233
2234typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
2235
2236/* The following types for NIST 800-108 KBKDF are defined in PKCS#11 v3.0 */
2237typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE;
2238typedef CK_ULONG CK_PRF_DATA_TYPE;
2239
2240#define CK_SP800_108_ITERATION_VARIABLE 0x00000001UL
2241#define CK_SP800_108_OPTIONAL_COUNTER 0x00000002UL
2242#define CK_SP800_108_DKM_LENGTH 0x00000003UL
2243#define CK_SP800_108_BYTE_ARRAY 0x00000004UL
2244
2245/* ERRATA: PKCS#11 v3.0 Cryptographic Token Interface Current Mechanisms
2246 * specification specifies a CK_SP800_108_COUNTER, while the pkcs11t.h from
2247 * PKCS#11 v3.0 Cryptographic Token Interface Base Specification specifies
2248 * CK_SP800_108_OPTIONAL_COUNTER. */
2249#define CK_SP800_108_COUNTER CK_SP800_108_OPTIONAL_COUNTER
2250
2251typedef struct CK_PRF_DATA_PARAM {
2252 CK_PRF_DATA_TYPE type;
2253 CK_VOID_PTR pValue;
2254 CK_ULONG ulValueLen;
2255} CK_PRF_DATA_PARAM;
2256
2257typedef CK_PRF_DATA_PARAM CK_PTR CK_PRF_DATA_PARAM_PTR;
2258
2259typedef struct CK_SP800_108_COUNTER_FORMAT {
2260 CK_BBOOL bLittleEndian;
2261 CK_ULONG ulWidthInBits;
2262} CK_SP800_108_COUNTER_FORMAT;
2263
2264typedef CK_SP800_108_COUNTER_FORMAT CK_PTR CK_SP800_108_COUNTER_FORMAT_PTR;
2265
2266typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD;
2267
2268/* ERRATA: PKCS#11 v3.0 Cryptographic Token Interface Current Mechanisms
2269 * defines that these constants exist, but doesn't specify values. pkcs11t.h
2270 * from PKCS#11 v3.0 Cryptographic Token Interface Base Specification doesn't
2271 * define these constants either. */
2272#define CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS 0x00000001UL
2273#define CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS 0x00000002UL
2274
2275typedef struct CK_SP800_108_DKM_LENGTH_FORMAT {
2276 CK_SP800_108_DKM_LENGTH_METHOD dkmLengthMethod;
2277 CK_BBOOL bLittleEndian;
2278 CK_ULONG ulWidthInBits;
2279} CK_SP800_108_DKM_LENGTH_FORMAT;
2280
2281typedef CK_SP800_108_DKM_LENGTH_FORMAT CK_PTR CK_SP800_108_DKM_LENGTH_FORMAT_PTR;
2282
2283typedef struct CK_DERIVED_KEY {
2284 CK_ATTRIBUTE_PTR pTemplate;
2285 CK_ULONG ulAttributeCount;
2286 CK_OBJECT_HANDLE_PTR phKey;
2287} CK_DERIVED_KEY;
2288
2289typedef CK_DERIVED_KEY CK_PTR CK_DERIVED_KEY_PTR;
2290
2291/* UNFIXED ERRATA: NIST SP800-108 specifies that implementer can decide the
2292 * number of bits to take from each PRF invocation. However, all three forms
2293 * of the PKCS#11 v3.0 implementation lack a bitwidth for the PRF and only
2294 * allow the full-width mechanism varieties. Additionally, outside of the
2295 * base key (used as the key to the PRF), there is no way to pass any
2296 * additional, PRF-mechanism specific data. */
2297
2298typedef struct CK_SP800_108_KDF_PARAMS {
2299 CK_SP800_108_PRF_TYPE prfType;
2300 CK_ULONG ulNumberOfDataParams;
2301 CK_PRF_DATA_PARAM_PTR pDataParams;
2302 CK_ULONG ulAdditionalDerivedKeys;
2303 /* ERRATA: in PKCS#11 v3.0, pAdditionalDerivedKeys is typed as
2304 * CK_DERVIED_KEY; it needs to be of type CK_DERIVED_KEY_PTR. */
2305 CK_DERIVED_KEY_PTR pAdditionalDerivedKeys;
2306} CK_SP800_108_KDF_PARAMS;
2307
2308typedef CK_SP800_108_KDF_PARAMS CK_PTR CK_SP800_108_KDF_PARAMS_PTR;
2309
2310typedef struct CK_SP800_108_FEEDBACK_KDF_PARAMS {
2311 CK_SP800_108_PRF_TYPE prfType;
2312 CK_ULONG ulNumberOfDataParams;
2313 CK_PRF_DATA_PARAM_PTR pDataParams;
2314 CK_ULONG ulIVLen;
2315 CK_BYTE_PTR pIV;
2316 CK_ULONG ulAdditionalDerivedKeys;
2317 /* ERRATA: in PKCS#11 v3.0, pAdditionalDerivedKeys is typed as
2318 * CK_DERVIED_KEY; it needs to be of type CK_DERIVED_KEY_PTR. */
2319 CK_DERIVED_KEY_PTR pAdditionalDerivedKeys;
2320} CK_SP800_108_FEEDBACK_KDF_PARAMS;
2321
2322typedef CK_SP800_108_FEEDBACK_KDF_PARAMS CK_PTR CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR;
2323
2324/* CMS is new for version 2.20 */
2325typedef struct CK_CMS_SIG_PARAMS {
2326 CK_OBJECT_HANDLE certificateHandle;
2327 CK_MECHANISM_PTR pSigningMechanism;
2328 CK_MECHANISM_PTR pDigestMechanism;
2329 CK_UTF8CHAR_PTR pContentType;
2330 CK_BYTE_PTR pRequestedAttributes;
2331 CK_ULONG ulRequestedAttributesLen;
2332 CK_BYTE_PTR pRequiredAttributes;
2333 CK_ULONG ulRequiredAttributesLen;
2334} CK_CMS_SIG_PARAMS;
2335
2336typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR;
2337
2338typedef struct CK_KEY_DERIVATION_STRING_DATA {
2339 CK_BYTE_PTR pData;
2340 CK_ULONG ulLen;
2341} CK_KEY_DERIVATION_STRING_DATA;
2342
2343typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR
2344 CK_KEY_DERIVATION_STRING_DATA_PTR;
2345
2346/* The CK_EXTRACT_PARAMS is used for the
2347 * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
2348 * of the base key should be used as the first bit of the
2349 * derived key */
2350/* CK_EXTRACT_PARAMS is new for v2.0 */
2351typedef CK_ULONG CK_EXTRACT_PARAMS;
2352
2353typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
2354
2355/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
2356 * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
2357 * indicate the Pseudo-Random Function (PRF) used to generate
2358 * key bits using PKCS #5 PBKDF2. */
2359typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE;
2360
2361typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
2362
2363/* The following PRFs are defined in PKCS #5 v2.1. */
2364#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL
2365#define CKP_PKCS5_PBKD2_HMAC_GOSTR3411 0x00000002UL
2366#define CKP_PKCS5_PBKD2_HMAC_SHA224 0x00000003UL
2367#define CKP_PKCS5_PBKD2_HMAC_SHA256 0x00000004UL
2368#define CKP_PKCS5_PBKD2_HMAC_SHA384 0x00000005UL
2369#define CKP_PKCS5_PBKD2_HMAC_SHA512 0x00000006UL
2370#define CKP_PKCS5_PBKD2_HMAC_SHA512_224 0x00000007UL
2371#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL
2372
2373/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
2374 * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
2375 * source of the salt value when deriving a key using PKCS #5
2376 * PBKDF2. */
2377typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
2378
2379typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR;
2380
2381/* The following salt value sources are defined in PKCS #5 v2.0. */
2382#define CKZ_SALT_SPECIFIED 0x00000001UL
2383
2384/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
2385 * CK_PKCS5_PBKD2_PARAMS is a structure that provides the
2386 * parameters to the CKM_PKCS5_PBKD2 mechanism. */
2387/* this structure is kept for compatibility. use _PARAMS2. */
2388typedef struct CK_PKCS5_PBKD2_PARAMS {
2389 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
2390 CK_VOID_PTR pSaltSourceData;
2391 CK_ULONG ulSaltSourceDataLen;
2392 CK_ULONG iterations;
2393 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
2394 CK_VOID_PTR pPrfData;
2395 CK_ULONG ulPrfDataLen;
2396 CK_UTF8CHAR_PTR pPassword;
2397 CK_ULONG_PTR ulPasswordLen;
2398} CK_PKCS5_PBKD2_PARAMS;
2399
2400typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR;
2401
2402typedef struct CK_PKCS5_PBKD2_PARAMS2 {
2403 CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource;
2404 CK_VOID_PTR pSaltSourceData;
2405 CK_ULONG ulSaltSourceDataLen;
2406 CK_ULONG iterations;
2407 CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf;
2408 CK_VOID_PTR pPrfData;
2409 CK_ULONG ulPrfDataLen;
2410 CK_UTF8CHAR_PTR pPassword;
2411 CK_ULONG ulPasswordLen;
2412} CK_PKCS5_PBKD2_PARAMS2;
2413
2414typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR;
2415
2416/* OTP is new in v2.40 */
2417typedef CK_ULONG CK_OTP_PARAM_TYPE;
2418#define CK_OTP_VALUE 0UL
2419#define CK_OTP_PIN 1UL
2420#define CK_OTP_CHALLENGE 2UL
2421#define CK_OTP_TIME 3UL
2422#define CK_OTP_COUNTER 4UL
2423#define CK_OTP_FLAGS 5UL
2424#define CK_OTP_OUTPUT_LENGTH 6UL
2425#define CK_OTP_OUTPUT_FORMAT 7UL
2426
2427typedef struct CK_OTP_PARAM {
2428 CK_OTP_PARAM_TYPE type;
2429 CK_VOID_PTR pValue;
2430 CK_ULONG ulValueLen;
2431} CK_OTP_PARAM;
2432
2433typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR;
2434
2435typedef struct CK_OTP_PARAMS {
2436 CK_OTP_PARAM_PTR pParams;
2437 CK_ULONG ulCount;
2438} CK_OTP_PARAMS;
2439
2440typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR;
2441
2442typedef struct CK_OTP_SIGNATURE_INFO {
2443 CK_OTP_PARAM_PTR pParams;
2444 CK_ULONG ulCount;
2445} CK_OTP_SIGNATURE_INFO;
2446
2447typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
2448
2449#define CKF_NEXT_OTP 0x00000001UL
2450#define CKF_EXCLUDE_TIME 0x00000002UL
2451#define CKF_EXCLUDE_COUNTER 0x00000004UL
2452#define CKF_EXCLUDE_CHALLENGE 0x00000008UL
2453#define CKF_EXCLUDE_PIN 0x00000010UL
2454#define CKF_USER_FRIENDLY_OTP 0x00000020UL
2455
2456/* KIP is new in v2.40 */
2457typedef struct CK_KIP_PARAMS {
2458 CK_MECHANISM_PTR pMechanism;
2459 CK_OBJECT_HANDLE hKey;
2460 CK_BYTE_PTR pSeed;
2461 CK_ULONG ulSeedLen;
2462} CK_KIP_PARAMS;
2463
2464typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
2465
2466/* DSA Param Gen is new for v2.40 */
2467typedef struct CK_DSA_PARAMETER_GEN_PARAM {
2468 CK_MECHANISM_TYPE hash;
2469 CK_BYTE_PTR pSeed;
2470 CK_ULONG ulSeedLen;
2471 CK_ULONG ulIndex;
2472} CK_DSA_PARAMETER_GEN_PARAM;
2473
2474typedef CK_DSA_PARAMETER_GEN_PARAM CK_PTR CK_DSA_PARAMETER_GEN_PARAM_PTR;
2475
2476/* XXXX_AES_KEY_WRAP is new for v2.40 */
2477typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {
2478 CK_ULONG ulAESKeyBits;
2479 CK_EC_KDF_TYPE kdf;
2480 CK_ULONG ulSharedDataLen;
2481 CK_BYTE_PTR pSharedData;
2482} CK_ECDH_AES_KEY_WRAP_PARAMS;
2483
2484typedef CK_ECDH_AES_KEY_WRAP_PARAMS CK_PTR CK_ECDH_AES_KEY_WRAP_PARAMS_PTR;
2485
2486typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
2487 CK_ULONG ulAESKeyBits;
2488 CK_RSA_PKCS_OAEP_PARAMS_PTR pOAEPParams;
2489} CK_RSA_AES_KEY_WRAP_PARAMS;
2490
2491typedef CK_RSA_AES_KEY_WRAP_PARAMS CK_PTR CK_RSA_AES_KEY_WRAP_PARAMS_PTR;
2492
2493/* GOSTR3410 is new for v2.40 */
2494typedef struct CK_GOSTR3410_DERIVE_PARAMS {
2495 CK_EC_KDF_TYPE kdf;
2496 CK_BYTE_PTR pPublicData;
2497 CK_ULONG ulPublicDataLen;
2498 CK_BYTE_PTR pUKM;
2499 CK_ULONG ulUKMLen;
2500} CK_GOSTR3410_DERIVE_PARAMS;
2501
2502typedef CK_GOSTR3410_DERIVE_PARAMS CK_PTR CK_GOSTR3410_DERIVE_PARAMS_PTR;
2503
2504typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {
2505 CK_BYTE_PTR pWrapOID;
2506 CK_ULONG ulWrapOIDLen;
2507 CK_BYTE_PTR pUKM;
2508 CK_ULONG ulUKMLen;
2509 CK_OBJECT_HANDLE hKey;
2510} CK_GOSTR3410_KEY_WRAP_PARAMS;
2511
2512typedef CK_GOSTR3410_KEY_WRAP_PARAMS CK_PTR CK_GOSTR3410_KEY_WRAP_PARAMS_PTR;
2513
2514/* EDDSA and XEDDSA are new for v3.0 */
2515typedef struct CK_EDDSA_PARAMS {
2516 CK_BBOOL phFlag;
2517 CK_ULONG ulContextDataLen;
2518 CK_BYTE_PTR pContextData;
2519} CK_EDDSA_PARAMS;
2520typedef CK_ULONG CK_XEDDSA_HASH_TYPE;
2521typedef CK_XEDDSA_HASH_TYPE CK_PTR CK_XEDDSA_HASH_TYPE_PTR;
2522
2523typedef struct CK_XEDDSA_PARAMS {
2524 CK_XEDDSA_HASH_TYPE hash;
2525} CK_XEDDSA_PARAMS;
2526typedef CK_XEDDSA_PARAMS CK_PTR CK_XEDDSA_PARAMS_PTR;
2527
2528/* X3DH and Ratchet are new in v3.0 */
2529typedef CK_ULONG CK_X3DH_KDF_TYPE;
2530typedef CK_X3DH_KDF_TYPE CK_PTR CK_X3DH_KDF_TYPE_PTR;
2531
2532typedef struct CK_X3DH_INITIATE_PARAMS {
2533 CK_X3DH_KDF_TYPE kdf;
2534 CK_OBJECT_HANDLE pPeer_identity;
2535 CK_OBJECT_HANDLE pPeer_prekey;
2536 CK_BYTE_PTR pPrekey_signature;
2537 CK_BYTE_PTR pOnetime_key;
2538 CK_OBJECT_HANDLE pOwn_identity;
2539 CK_OBJECT_HANDLE pOwn_ephemeral;
2540} CK_X3DH_INITIATE_PARAMS;
2541
2542typedef struct CK_X3DH_RESPOND_PARAMS {
2543 CK_X3DH_KDF_TYPE kdf;
2544 CK_BYTE_PTR pIdentity_id;
2545 CK_BYTE_PTR pPrekey_id;
2546 CK_BYTE_PTR pOnetime_id;
2547 CK_OBJECT_HANDLE pInitiator_identity;
2548 CK_BYTE_PTR pInitiator_ephemeral;
2549} CK_X3DH_RESPOND_PARAMS;
2550
2551typedef CK_ULONG CK_X2RATCHET_KDF_TYPE;
2552typedef CK_X2RATCHET_KDF_TYPE CK_PTR CK_X2RATCHET_KDF_TYPE_PTR;
2553
2554typedef struct CK_X2RATCHET_INITIALIZE_PARAMS {
2555 CK_BYTE_PTR sk;
2556 CK_OBJECT_HANDLE peer_public_prekey;
2557 CK_OBJECT_HANDLE peer_public_identity;
2558 CK_OBJECT_HANDLE own_public_identity;
2559 CK_BBOOL bEncryptedHeader;
2560 CK_ULONG eCurve;
2561 CK_MECHANISM_TYPE aeadMechanism;
2562 CK_X2RATCHET_KDF_TYPE kdfMechanism;
2563} CK_X2RATCHET_INITIALIZE_PARAMS;
2564
2565typedef CK_X2RATCHET_INITIALIZE_PARAMS
2566 CK_PTR CK_X2RATCHET_INITIALIZE_PARAMS_PTR;
2567
2568typedef struct CK_X2RATCHET_RESPOND_PARAMS {
2569 CK_BYTE_PTR sk;
2570 CK_OBJECT_HANDLE own_prekey;
2571 CK_OBJECT_HANDLE initiator_identity;
2572 CK_OBJECT_HANDLE own_public_identity;
2573 CK_BBOOL bEncryptedHeader;
2574 CK_ULONG eCurve;
2575 CK_MECHANISM_TYPE aeadMechanism;
2576 CK_X2RATCHET_KDF_TYPE kdfMechanism;
2577} CK_X2RATCHET_RESPOND_PARAMS;
2578typedef CK_X2RATCHET_RESPOND_PARAMS
2579 CK_PTR CK_X2RATCHET_RESPOND_PARAMS_PTR;
2580
2581/* NSS Specific defines */
2582/* stuff that for historic reasons is in this header file but should have
2583 * been in pkcs11n.h */
2584#define CKK_INVALID_KEY_TYPE 0xffffffffUL
2585
2586#include "pkcs11n.h"
2587
2588/* undo packing */
2589#include "pkcs11u.h"
2590
2591#endif
2592

source code of include/nss/pkcs11t.h