/*
*/
/* Copyright (c) 2002 Graz University of Technology. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
*
* 3. The end-user documentation included with the redistribution, if any, must
* include the following acknowledgment:
*
* "This product includes software developed by IAIK of Graz University of
* Technology."
*
* Alternately, this acknowledgment may appear in the software itself, if
* and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Graz University of Technology" and "IAIK of Graz University of
* Technology" must not be used to endorse or promote products derived from
* this software without prior written permission.
*
* 5. Products derived from this software may not be called
* "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior
* written permission of Graz University of Technology.
*
* THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
* OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* This interface holds constants of the PKCS#11 v2.11 standard.
* This is mainly the content of the 'pkcs11t.h' header file.
*
* Mapping of primitiv data types to Java types:
* <pre>
* TRUE .......................................... true
* FALSE ......................................... false
* CK_BYTE ....................................... byte
* CK_CHAR ....................................... char
* CK_UTF8CHAR ................................... char
* CK_BBOOL ...................................... boolean
* CK_ULONG ...................................... long
* CK_LONG ....................................... long
* CK_FLAGS ...................................... long
* CK_NOTIFICATION ............................... long
* CK_SLOT_ID .................................... long
* CK_SESSION_HANDLE ............................. long
* CK_USER_TYPE .................................. long
* CK_SESSION_HANDLE ............................. long
* CK_STATE ...................................... long
* CK_OBJECT_HANDLE .............................. long
* CK_OBJECT_CLASS ............................... long
* CK_HW_FEATURE_TYPE ............................ long
* CK_KEY_TYPE ................................... long
* CK_CERTIFICATE_TYPE ........................... long
* CK_ATTRIBUTE_TYPE ............................. long
* CK_VOID_PTR ................................... Object[]
* CK_BYTE_PTR ................................... byte[]
* CK_CHAR_PTR ................................... char[]
* CK_UTF8CHAR_PTR ............................... char[]
* CK_MECHANISM_TYPE ............................. long
* CK_RV ......................................... long
* CK_RSA_PKCS_OAEP_MGF_TYPE ..................... long
* CK_RSA_PKCS_OAEP_SOURCE_TYPE .................. long
* CK_RC2_PARAMS ................................. long
* CK_MAC_GENERAL_PARAMS ......................... long
* CK_EXTRACT_PARAMS ............................. long
* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE .... long
* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE .............. long
* CK_EC_KDF_TYPE ................................ long
* CK_X9_42_DH_KDF_TYPE .......................... long
* </pre>
*
* @author <a href="mailto:Karl.Scheibelhofer@iaik.at"> Karl Scheibelhofer </a>
* @invariants
*/
public interface PKCS11Constants {
public static final boolean TRUE = true;
public static final boolean FALSE = false;
/* some special values for certain CK_ULONG variables */
// Cryptoki defines CK_UNAVAILABLE_INFORMATION as (~0UL)
// To avoid these differences on the Java side, the native code treats
// CK_UNAVAILABLE_INFORMATION specially and always returns (long)-1 for it.
// See ckULongSpecialToJLong() in pkcs11wrapper.h
/* The following value is always invalid if used as a session */
/* handle or object handle */
/* CK_NOTIFICATION enumerates the types of notifications that
* Cryptoki provides to an application */
/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
* for v2.0 */
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
/* The flags parameter is defined as follows:
* Bit Flag Mask Meaning
*/
/* has random # generator */
/* token is write-protected */
/* user must login */
/* normal user's PIN is set */
/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
* needed to continue those operations are stored in the state */
/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure */
/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself */
/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and
* encrypt; decrypt and digest; sign and encrypt; and decrypt
* and sign) */
/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of PKCS #11.
* Calling C_InitializeToken when this flag is set will cause
* the token to be reinitialized. */
/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
* true, the token supports secondary authentication for
* private key objects. */
/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect user login PIN has been entered at least once
* since the last successful authentication. */
/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect user PIN will it to become locked. */
/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
* user PIN has been locked. User login to the token is not
* possible. */
/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the user PIN value is the default value set by token
* initialization or manufacturing. */
/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect SO login PIN has been entered at least once since
* the last successful authentication. */
/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect SO PIN will it to become locked. */
/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
* PIN has been locked. SO login to the token is not possible.
*/
/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the SO PIN value is the default value set by token
* initialization or manufacturing. */
/* CK_USER_TYPE enumerates the types of Cryptoki users */
/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
* v2.0 */
/* Security Officer */
/* Normal user */
/* CK_STATE enumerates the session states */
/* CK_STATE has been changed from an enum to a CK_ULONG for
* v2.0 */
/* The flags are defined in the following table:
* Bit Flag Mask Meaning
*/
/* session is r/w */
/* no parallel */
/* The following classes of objects are defined: */
/* CKO_HW_FEATURE is new for v2.10 */
/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
// pseudo object class ANY (for template manager)
/* The following hardware feature types are defined */
/* the following key types are defined: */
/* CKK_ECDSA and CKK_KEA are new for v2.0 */
/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
/* all these key types are new for v2.0 */
/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
/* CAST128=CAST5 */
// v2.20
// new for v2.20 amendment 3
//public static final long CKK_CAMELLIA = 0x00000025L;
//public static final long CKK_ARIA = 0x00000026L;
// pseudo key type ANY (for template manager)
/* The following certificate types are defined: */
/* CKC_X_509_ATTR_CERT is new for v2.10 */
/* The following attribute types are defined: */
/* CKA_OBJECT_ID is new for v2.10 */
/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new L;
* for v2.10 */
/* CKA_TRUSTED is new for v2.11 */
/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
* CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
* and CKA_EC_POINT are new for v2.0 */
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
/* CKA_ECDSA_PARAMS is deprecated in v2.11,
* CKA_EC_PARAMS is preferred. */
/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
* are new for v2.10 */
/* the following mechanism types are defined: */
/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
* are new for v2.0. They are mechanisms which hash and sign */
/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
* CKM_RSA_PKCS_OAEP are new for v2.10 */
/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
* CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
* CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
* v2.11 */
// v2.20
/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
* CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
* CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
* CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
* and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
// v2.20
/* All of the following mechanisms are new for v2.0 */
/* Note that CAST128 and CAST5 are the same algorithm */
/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
* CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
* CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
// v2.20
/* CKM_PKCS5_PBKD2 is new for v2.10 */
/* Fortezza mechanisms */
/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
* CKM_EC_KEY_PAIR_GEN is preferred */
/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
* are new for v2.11 */
/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
* CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
* CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
* new for v2.11 */
// v2.20
// new for v2.20 amendment 3
/*
public static final long CKM_CAMELLIA_KEY_GEN = 0x00000550L;
public static final long CKM_CAMELLIA_ECB = 0x00000551L;
public static final long CKM_CAMELLIA_CBC = 0x00000552L;
public static final long CKM_CAMELLIA_MAC = 0x00000553L;
public static final long CKM_CAMELLIA_MAC_GENERAL = 0x00000554L;
public static final long CKM_CAMELLIA_CBC_PAD = 0x00000555L;
public static final long CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556L;
public static final long CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557L;
public static final long CKM_CAMELLIA_CTR = 0x00000558L;
public static final long CKM_ARIA_KEY_GEN = 0x00000560L;
public static final long CKM_ARIA_ECB = 0x00000561L;
public static final long CKM_ARIA_CBC = 0x00000562L;
public static final long CKM_ARIA_MAC = 0x00000563L;
public static final long CKM_ARIA_MAC_GENERAL = 0x00000564L;
public static final long CKM_ARIA_CBC_PAD = 0x00000565L;
public static final long CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566L;
public static final long CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567L;
*/
// NSS private
// ids for our pseudo mechanisms SecureRandom and KeyStore
/* The flags are defined as follows:
* Bit Flag Mask Meaning */
/* performed by HW */
/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
* CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
* CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
* and CKF_DERIVE are new for v2.0. They specify whether or not
* a mechanism can be used for a particular task */
/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
* CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
* describe a token's EC capabilities not available in mechanism
* information. */
/* FALSE for 2.01 */
/* CK_RV is a value that identifies the return value of a
* Cryptoki function */
/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
/* CKR_FLAGS_INVALID was removed for v2.0 */
/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
* and CKR_CANT_LOCK are new for v2.01 */
/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
/* CKR_KEY_SENSITIVE was removed for v2.0 */
/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
* CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
* CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
* v2.0 */
/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
* were removed for v2.0 */
/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
/* CKR_SESSION_READ_ONLY_EXISTS and
* CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
* are new to v2.01 */
/* These are new to v2.0 */
/* These are new to v2.11 */
/* These are new to v2.0 */
/* These are new to v2.01 */
/* flags: bit flags that provide capabilities of the slot
* Bit Flag = Mask
*/
/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
/* The following MGFs are defined */
// new for v2.20 amendment 3
/* The following encoding parameter sources are defined */
/* The following PRFs are defined in PKCS #5 v2.0. */
/* The following salt value sources are defined in PKCS #5 v2.0. */
/* the following EC Key Derivation Functions are defined */
/* the following X9.42 Diffie-Hellman Key Derivation Functions are defined */
// private NSS attribute (for DSA and DH private keys)
// base number of NSS private attributes
// object type for NSS trust
// base number for NSS trust attributes
// attributes for NSS trust
// trust values for each of the NSS trust attributes
}