/*
* PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Errata 01
* Committee Specification Draft 01 / Public Review Draft 01
* 09 December 2015
* Copyright (c) OASIS Open 2015. All Rights Reserved.
* Source: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/csprd01/include/pkcs11-v2.40/
* Latest version of the specification: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html
*/
/* See top of pkcs11.h for information about the macros that
* must be defined and the structure-packing conventions that
* must be set before including this file.
*/
#ifndef _PKCS11T_H_
#define CRYPTOKI_VERSION_AMENDMENT 0
#define CK_FALSE 0
#ifndef CK_DISABLE_TRUE_FALSE
#ifndef FALSE
#endif
#ifndef TRUE
#endif
#endif
/* an unsigned 8-bit value */
typedef unsigned char CK_BYTE;
/* an unsigned 8-bit character */
/* an 8-bit UTF-8 character */
/* a BYTE-sized Boolean flag */
/* an unsigned value, at least 32 bits long */
typedef unsigned long int CK_ULONG;
/* a signed value, the same size as a CK_ULONG */
typedef long int CK_LONG;
/* at least 32 bits; each bit is a Boolean flag */
/* some special values for certain CK_ULONG variables */
/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
/* The following value is always invalid if used as a session
* handle or object handle
*/
typedef struct CK_VERSION {
} CK_VERSION;
typedef struct CK_INFO {
} CK_INFO;
/* CK_NOTIFICATION enumerates the types of notifications that
* Cryptoki provides to an application
*/
/* CK_SLOT_INFO provides information about a slot */
typedef struct CK_SLOT_INFO {
} CK_SLOT_INFO;
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
/* CK_TOKEN_INFO provides information about a token */
typedef struct CK_TOKEN_INFO {
/* The flags parameter is defined as follows:
* Bit Flag Mask Meaning
*/
/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
* needed to continue those operations are stored in the state
*/
/* CKF_CLOCK_ON_TOKEN. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure
*/
/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself
*/
/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and
* encrypt; decrypt and digest; sign and encrypt; and decrypt
* and sign)
*/
/* CKF_TOKEN_INITIALIZED. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of PKCS #11.
* Calling C_InitializeToken when this flag is set will cause
* the token to be reinitialized.
*/
/* CKF_SECONDARY_AUTHENTICATION. If it is
* true, the token supports secondary authentication for
* private key objects.
*/
/* CKF_USER_PIN_COUNT_LOW. If it is true, an
* incorrect user login PIN has been entered at least once
* since the last successful authentication.
*/
/* CKF_USER_PIN_FINAL_TRY. If it is true,
* supplying an incorrect user PIN will it to become locked.
*/
/* CKF_USER_PIN_LOCKED. If it is true, the
* user PIN has been locked. User login to the token is not
* possible.
*/
/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,
* the user PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card.
*/
/* CKF_SO_PIN_COUNT_LOW. If it is true, an
* incorrect SO login PIN has been entered at least once since
* the last successful authentication.
*/
/* CKF_SO_PIN_FINAL_TRY. If it is true,
* supplying an incorrect SO PIN will it to become locked.
*/
/* CKF_SO_PIN_LOCKED. If it is true, the SO
* PIN has been locked. SO login to the token is not possible.
*/
/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,
* the SO PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card.
*/
/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
* identifies a session
*/
/* CK_USER_TYPE enumerates the types of Cryptoki users */
/* Security Officer */
/* Normal user */
/* Context specific */
/* CK_STATE enumerates the session states */
/* CK_SESSION_INFO provides information about a session */
typedef struct CK_SESSION_INFO {
/* The flags are defined in the following table:
* Bit Flag Mask Meaning
*/
/* CK_OBJECT_HANDLE is a token-specific identifier for an
* object
*/
/* CK_OBJECT_CLASS is a value that identifies the classes (or
* types) of objects that Cryptoki recognizes. It is defined
* as follows:
*/
/* The following classes of objects are defined: */
/* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type
* of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE.
*/
/* The following hardware feature types are defined */
/* CK_KEY_TYPE is a value that identifies a key type */
/* the following key types are defined: */
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
* type
*/
/* The following certificate types are defined: */
/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
* type
*/
/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
* consists of an array of values.
*/
/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */
/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT
* attributes
*/
/* The following attribute types are defined: */
/* CK_ATTRIBUTE is a structure that includes the type, length
* and value of an attribute
*/
typedef struct CK_ATTRIBUTE {
} CK_ATTRIBUTE;
/* CK_DATE is a structure that defines a date */
typedef struct CK_DATE{
} CK_DATE;
/* CK_MECHANISM_TYPE is a value that identifies a mechanism
* type
*/
/* the following mechanism types are defined: */
/* Note that CAST128 and CAST5 are the same algorithm */
/* CK_MECHANISM is a structure that specifies a particular
* mechanism
*/
typedef struct CK_MECHANISM {
} CK_MECHANISM;
/* CK_MECHANISM_INFO provides information about a particular
* mechanism
*/
typedef struct CK_MECHANISM_INFO {
/* The flags are defined as follows:
* Bit Flag Mask Meaning */
/* Specify whether or not a mechanism can be used for a particular task */
/* Describe a token's EC capabilities not available in mechanism
* information.
*/
/* CK_RV is a value that identifies the return value of a
* Cryptoki function
*/
/* private extra values */
/* CK_NOTIFY is an application callback that processes events */
);
/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
* version and pointers of appropriate types to all the
* Cryptoki functions
*/
/* CK_CREATEMUTEX is an application callback for creating a
* mutex object
*/
);
/* CK_DESTROYMUTEX is an application callback for destroying a
* mutex object
*/
);
/* CK_LOCKMUTEX is an application callback for locking a mutex */
);
/* CK_UNLOCKMUTEX is an application callback for unlocking a
* mutex
*/
);
/* CK_C_INITIALIZE_ARGS provides the optional arguments to
* C_Initialize
*/
typedef struct CK_C_INITIALIZE_ARGS {
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
/* additional flags for parameters to functions */
/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
/* CK_RSA_PKCS_MGF_TYPE is used to indicate the Message
* Generation Function (MGF) applied to a message block when
* formatting a message block for the PKCS #1 OAEP encryption
* scheme.
*/
/* The following MGFs are defined */
/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
* of the encoding parameter when formatting a message block
* for the PKCS #1 OAEP encryption scheme.
*/
/* The following encoding parameter sources are defined */
/* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
* CKM_RSA_PKCS_OAEP mechanism.
*/
typedef struct CK_RSA_PKCS_OAEP_PARAMS {
/* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
* CKM_RSA_PKCS_PSS mechanism(s).
*/
typedef struct CK_RSA_PKCS_PSS_PARAMS {
/* The following EC Key Derivation Functions are defined */
/* The following X9.42 DH key derivation functions are defined */
/* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
* CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
* where each party contributes one key pair.
*/
typedef struct CK_ECDH1_DERIVE_PARAMS {
/*
* CK_ECDH2_DERIVE_PARAMS provides the parameters to the
* CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs.
*/
typedef struct CK_ECDH2_DERIVE_PARAMS {
typedef struct CK_ECMQV_DERIVE_PARAMS {
/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
* CKM_X9_42_DH_PARAMETER_GEN mechanisms
*/
/* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
* contributes one key pair
*/
typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
/* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
* mechanisms, where each party contributes two key pairs
*/
typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
/* CK_KEA_DERIVE_PARAMS provides the parameters to the
* CKM_KEA_DERIVE mechanism
*/
typedef struct CK_KEA_DERIVE_PARAMS {
/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
* CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
* holds the effective keysize
*/
/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
* mechanism
*/
typedef struct CK_RC2_CBC_PARAMS {
/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC2_MAC_GENERAL mechanism
*/
typedef struct CK_RC2_MAC_GENERAL_PARAMS {
typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
* CKM_RC5_MAC mechanisms
*/
typedef struct CK_RC5_PARAMS {
/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
* mechanism
*/
typedef struct CK_RC5_CBC_PARAMS {
/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC5_MAC_GENERAL mechanism
*/
typedef struct CK_RC5_MAC_GENERAL_PARAMS {
typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
* ciphers' MAC_GENERAL mechanisms. Its value is the length of
* the MAC
*/
typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
* CKM_SKIPJACK_PRIVATE_WRAP mechanism
*/
typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
* CKM_SKIPJACK_RELAYX mechanism
*/
typedef struct CK_SKIPJACK_RELAYX_PARAMS {
typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
typedef struct CK_PBE_PARAMS {
/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
* CKM_KEY_WRAP_SET_OAEP mechanism
*/
typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
typedef struct CK_SSL3_RANDOM_DATA {
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
typedef struct CK_SSL3_KEY_MAT_OUT {
typedef struct CK_SSL3_KEY_MAT_PARAMS {
typedef struct CK_TLS_PRF_PARAMS {
typedef struct CK_WTLS_RANDOM_DATA {
typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
typedef struct CK_WTLS_PRF_PARAMS {
typedef struct CK_WTLS_KEY_MAT_OUT {
typedef struct CK_WTLS_KEY_MAT_PARAMS {
typedef struct CK_CMS_SIG_PARAMS {
typedef struct CK_KEY_DERIVATION_STRING_DATA {
typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
/* The CK_EXTRACT_PARAMS is used for the
* CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
* of the base key should be used as the first bit of the
* derived key
*/
/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
* indicate the Pseudo-Random Function (PRF) used to generate
* key bits using PKCS #5 PBKDF2.
*/
/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
* source of the salt value when deriving a key using PKCS #5
* PBKDF2.
*/
typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR \
/* The following salt value sources are defined in PKCS #5 v2.0. */
/* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
* parameters to the CKM_PKCS5_PBKD2 mechanism.
*/
typedef struct CK_PKCS5_PBKD2_PARAMS {
/* CK_PKCS5_PBKD2_PARAMS2 is a corrected version of the CK_PKCS5_PBKD2_PARAMS
* structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism
* noting that the ulPasswordLen field is a CK_ULONG and not a CK_ULONG_PTR.
*/
typedef struct CK_PKCS5_PBKD2_PARAMS2 {
typedef struct CK_OTP_PARAM {
} CK_OTP_PARAM;
typedef struct CK_OTP_PARAMS {
typedef struct CK_OTP_SIGNATURE_INFO {
typedef struct CK_KIP_PARAMS {
typedef struct CK_AES_CTR_PARAMS {
typedef struct CK_GCM_PARAMS {
typedef struct CK_CCM_PARAMS {
/* Deprecated. Use CK_GCM_PARAMS */
typedef struct CK_AES_GCM_PARAMS {
/* Deprecated. Use CK_CCM_PARAMS */
typedef struct CK_AES_CCM_PARAMS {
typedef struct CK_CAMELLIA_CTR_PARAMS {
typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
typedef struct CK_DSA_PARAMETER_GEN_PARAM {
typedef struct CK_ECDH_AES_KEY_WRAP_PARAMS {
typedef struct CK_RSA_AES_KEY_WRAP_PARAMS {
typedef struct CK_TLS12_MASTER_KEY_DERIVE_PARAMS {
typedef CK_TLS12_MASTER_KEY_DERIVE_PARAMS CK_PTR \
typedef struct CK_TLS12_KEY_MAT_PARAMS {
typedef struct CK_TLS_KDF_PARAMS {
typedef struct CK_TLS_MAC_PARAMS {
typedef struct CK_GOSTR3410_DERIVE_PARAMS {
typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS {
typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS {
typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \
#endif /* _PKCS11T_H_ */