3645N/A * Copyright (c) 2003, 2011, Oracle and/or its affiliates. All rights reserved. 0N/A/* Copyright (c) 2002 Graz University of Technology. All rights reserved. 0N/A * Redistribution and use in source and binary forms, with or without 0N/A * modification, are permitted provided that the following conditions are met: 0N/A * 1. Redistributions of source code must retain the above copyright notice, 0N/A * this list of conditions and the following disclaimer. 0N/A * 2. Redistributions in binary form must reproduce the above copyright notice, 0N/A * this list of conditions and the following disclaimer in the documentation 0N/A * and/or other materials provided with the distribution. 0N/A * 3. The end-user documentation included with the redistribution, if any, must 0N/A * include the following acknowledgment: 0N/A * "This product includes software developed by IAIK of Graz University of 0N/A * Alternately, this acknowledgment may appear in the software itself, if 0N/A * and wherever such third-party acknowledgments normally appear. 0N/A * 4. The names "Graz University of Technology" and "IAIK of Graz University of 0N/A * Technology" must not be used to endorse or promote products derived from 0N/A * this software without prior written permission. 0N/A * 5. Products derived from this software may not be called 0N/A * "IAIK PKCS Wrapper", nor may "IAIK" appear in their name, without prior 0N/A * written permission of Graz University of Technology. 0N/A * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED 0N/A * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 0N/A * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 0N/A * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE LICENSOR BE 0N/A * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, 0N/A * OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 0N/A * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, 0N/A * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 0N/A * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 0N/A * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 0N/A * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 0N/A * POSSIBILITY OF SUCH DAMAGE. 0N/A * This interface holds constants of the PKCS#11 v2.11 standard. 0N/A * This is mainly the content of the 'pkcs11t.h' header file. 0N/A * Mapping of primitiv data types to Java types: 0N/A * TRUE .......................................... true 0N/A * FALSE ......................................... false 0N/A * CK_BYTE ....................................... byte 0N/A * CK_CHAR ....................................... char 0N/A * CK_UTF8CHAR ................................... char 0N/A * CK_BBOOL ...................................... boolean 0N/A * CK_ULONG ...................................... long 0N/A * CK_LONG ....................................... long 0N/A * CK_FLAGS ...................................... long 0N/A * CK_NOTIFICATION ............................... long 0N/A * CK_SLOT_ID .................................... long 0N/A * CK_SESSION_HANDLE ............................. long 0N/A * CK_USER_TYPE .................................. long 0N/A * CK_SESSION_HANDLE ............................. long 0N/A * CK_STATE ...................................... long 0N/A * CK_OBJECT_HANDLE .............................. long 0N/A * CK_OBJECT_CLASS ............................... long 0N/A * CK_HW_FEATURE_TYPE ............................ long 0N/A * CK_KEY_TYPE ................................... long 0N/A * CK_CERTIFICATE_TYPE ........................... long 0N/A * CK_ATTRIBUTE_TYPE ............................. long 0N/A * CK_VOID_PTR ................................... Object[] 0N/A * CK_BYTE_PTR ................................... byte[] 0N/A * CK_CHAR_PTR ................................... char[] 0N/A * CK_UTF8CHAR_PTR ............................... char[] 0N/A * CK_MECHANISM_TYPE ............................. long 0N/A * CK_RV ......................................... long 0N/A * CK_RSA_PKCS_OAEP_MGF_TYPE ..................... long 0N/A * CK_RSA_PKCS_OAEP_SOURCE_TYPE .................. long 0N/A * CK_RC2_PARAMS ................................. long 0N/A * CK_MAC_GENERAL_PARAMS ......................... long 0N/A * CK_EXTRACT_PARAMS ............................. long 0N/A * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE .... long 0N/A * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE .............. long 0N/A * CK_EC_KDF_TYPE ................................ long 0N/A * CK_X9_42_DH_KDF_TYPE .......................... long 0N/A * @author <a href="mailto:Karl.Scheibelhofer@iaik.at"> Karl Scheibelhofer </a> 0N/A public static final boolean TRUE =
true;
0N/A public static final boolean FALSE =
false;
0N/A /* some special values for certain CK_ULONG variables */ 0N/A // Cryptoki defines CK_UNAVAILABLE_INFORMATION as (~0UL) 0N/A // This means it is 0xffffffff in ILP32/LLP64 but 0xffffffffffffffff in LP64. 0N/A // To avoid these differences on the Java side, the native code treats 0N/A // CK_UNAVAILABLE_INFORMATION specially and always returns (long)-1 for it. 0N/A // See ckULongSpecialToJLong() in pkcs11wrapper.h 0N/A /* The following value is always invalid if used as a session */ 0N/A /* handle or object handle */ 0N/A /* CK_NOTIFICATION enumerates the types of notifications that 0N/A * Cryptoki provides to an application */ 0N/A /* CK_NOTIFICATION has been changed from an enum to a CK_ULONG 0N/A /* flags: bit flags that provide capabilities of the slot 0N/A * Bit Flag Mask Meaning 0N/A /* The flags parameter is defined as follows: 0N/A * Bit Flag Mask Meaning 0N/A /* has random # generator */ 0N/A /* token is write-protected */ 0N/A /* user must login */ 0N/A /* normal user's PIN is set */ 0N/A /* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, 0N/A * that means that *every* time the state of cryptographic 0N/A * operations of a session is successfully saved, all keys 0N/A * needed to continue those operations are stored in the state */ 0N/A /* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means 0N/A * that the token has some sort of clock. The time on that 0N/A * clock is returned in the token info structure */ 0N/A /* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is 0N/A * set, that means that there is some way for the user to login 0N/A * without sending a PIN through the Cryptoki library itself */ 0N/A /* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, 0N/A * that means that a single session with the token can perform 0N/A * dual simultaneous cryptographic operations (digest and 0N/A * encrypt; decrypt and digest; sign and encrypt; and decrypt 0N/A /* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the 0N/A * token has been initialized using C_InitializeToken or an 0N/A * equivalent mechanism outside the scope of PKCS #11. 0N/A * Calling C_InitializeToken when this flag is set will cause 0N/A * the token to be reinitialized. */ 0N/A /* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is 0N/A * true, the token supports secondary authentication for 0N/A * private key objects. */ 0N/A /* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an 0N/A * incorrect user login PIN has been entered at least once 0N/A * since the last successful authentication. */ 0N/A /* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, 0N/A * supplying an incorrect user PIN will it to become locked. */ 0N/A /* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the 0N/A * user PIN has been locked. User login to the token is not 0N/A /* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 0N/A * the user PIN value is the default value set by token 0N/A * initialization or manufacturing. */ 0N/A /* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an 0N/A * incorrect SO login PIN has been entered at least once since 0N/A * the last successful authentication. */ 0N/A /* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, 0N/A * supplying an incorrect SO PIN will it to become locked. */ 0N/A /* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO 0N/A * PIN has been locked. SO login to the token is not possible. 0N/A /* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, 0N/A * the SO PIN value is the default value set by token 0N/A * initialization or manufacturing. */ 0N/A /* CK_USER_TYPE enumerates the types of Cryptoki users */ 0N/A /* CK_USER_TYPE has been changed from an enum to a CK_ULONG for 0N/A /* Security Officer */ 0N/A /* CK_STATE enumerates the session states */ 0N/A /* CK_STATE has been changed from an enum to a CK_ULONG for 0N/A /* The flags are defined in the following table: 0N/A * Bit Flag Mask Meaning 0N/A /* session is r/w */ 0N/A /* The following classes of objects are defined: */ 0N/A /* CKO_HW_FEATURE is new for v2.10 */ 0N/A /* CKO_DOMAIN_PARAMETERS is new for v2.11 */ 0N/A // pseudo object class ANY (for template manager) 0N/A /* The following hardware feature types are defined */ 0N/A /* the following key types are defined: */ 0N/A public static final long CKK_DH =
0x00000002L;
0N/A /* CKK_ECDSA and CKK_KEA are new for v2.0 */ 0N/A /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ 0N/A public static final long CKK_EC =
0x00000003L;
0N/A /* all these key types are new for v2.0 */ 0N/A /* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ 3645N/A // new for v2.20 amendment 3 3645N/A //public static final long CKK_CAMELLIA = 0x00000025L; 3645N/A //public static final long CKK_ARIA = 0x00000026L; 0N/A // pseudo key type ANY (for template manager) 0N/A /* The following certificate types are defined: */ 0N/A /* CKC_X_509_ATTR_CERT is new for v2.10 */ 0N/A /* The following attribute types are defined: */ 0N/A /* CKA_OBJECT_ID is new for v2.10 */ 0N/A /* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new L; 0N/A /* CKA_TRUSTED is new for v2.11 */ 0N/A public static final long CKA_ID =
0x00000102L;
0N/A /* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ 0N/A /* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, 0N/A * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, 0N/A * and CKA_EC_POINT are new for v2.0 */ 0N/A /* CKA_KEY_GEN_MECHANISM is new for v2.11 */ 0N/A /* CKA_ECDSA_PARAMS is deprecated in v2.11, 0N/A * CKA_EC_PARAMS is preferred. */ 0N/A /* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, 0N/A * CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET 0N/A * are new for v2.10 */ 0N/A /* the following mechanism types are defined: */ 0N/A /* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS 0N/A * are new for v2.0. They are mechanisms which hash and sign */ 0N/A /* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and 0N/A * CKM_RSA_PKCS_OAEP are new for v2.10 */ 0N/A /* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, 0N/A * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ 0N/A /* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, 0N/A * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for 0N/A /* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ 0N/A /* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ 0N/A /* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, 0N/A * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, 0N/A * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ 0N/A /* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ 0N/A /* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ 0N/A /* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ 0N/A /* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, 0N/A * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, 0N/A * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ 0N/A /* All of the following mechanisms are new for v2.0 */ 0N/A /* Note that CAST128 and CAST5 are the same algorithm */ 0N/A /* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, 0N/A * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and 0N/A * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ 0N/A /* CKM_PKCS5_PBKD2 is new for v2.10 */ 0N/A /* Fortezza mechanisms */ 0N/A /* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, 0N/A * CKM_EC_KEY_PAIR_GEN is preferred */ 0N/A /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE 0N/A * are new for v2.11 */ 0N/A /* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, 0N/A * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, 0N/A * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are 3645N/A // new for v2.20 amendment 3 3645N/A public static final long CKM_CAMELLIA_KEY_GEN = 0x00000550L; 3645N/A public static final long CKM_CAMELLIA_ECB = 0x00000551L; 3645N/A public static final long CKM_CAMELLIA_CBC = 0x00000552L; 3645N/A public static final long CKM_CAMELLIA_MAC = 0x00000553L; 3645N/A public static final long CKM_CAMELLIA_MAC_GENERAL = 0x00000554L; 3645N/A public static final long CKM_CAMELLIA_CBC_PAD = 0x00000555L; 3645N/A public static final long CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556L; 3645N/A public static final long CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557L; 3645N/A public static final long CKM_CAMELLIA_CTR = 0x00000558L; 3645N/A public static final long CKM_ARIA_KEY_GEN = 0x00000560L; 3645N/A public static final long CKM_ARIA_ECB = 0x00000561L; 3645N/A public static final long CKM_ARIA_CBC = 0x00000562L; 3645N/A public static final long CKM_ARIA_MAC = 0x00000563L; 3645N/A public static final long CKM_ARIA_MAC_GENERAL = 0x00000564L; 3645N/A public static final long CKM_ARIA_CBC_PAD = 0x00000565L; 3645N/A public static final long CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566L; 3645N/A public static final long CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567L; 0N/A // ids for our pseudo mechanisms SecureRandom and KeyStore 0N/A /* The flags are defined as follows: 0N/A * Bit Flag Mask Meaning */ 0N/A /* performed by HW */ 0N/A public static final long CKF_HW =
0x00000001L;
0N/A /* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, 0N/A * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, 0N/A * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, 0N/A * and CKF_DERIVE are new for v2.0. They specify whether or not 0N/A * a mechanism can be used for a particular task */ 0N/A /* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, 0N/A * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They 0N/A * describe a token's EC capabilities not available in mechanism 0N/A /* FALSE for 2.01 */ 0N/A /* CK_RV is a value that identifies the return value of a 0N/A * Cryptoki function */ 0N/A /* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ 0N/A public static final long CKR_OK =
0x00000000L;
0N/A /* CKR_FLAGS_INVALID was removed for v2.0 */ 0N/A /* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ 0N/A /* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, 0N/A * and CKR_CANT_LOCK are new for v2.01 */ 0N/A /* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ 0N/A /* CKR_KEY_SENSITIVE was removed for v2.0 */ 0N/A /* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, 0N/A * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, 0N/A * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for 0N/A /* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID 0N/A * were removed for v2.0 */ 0N/A /* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ 0N/A /* CKR_SESSION_READ_ONLY_EXISTS and 0N/A * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ 0N/A /* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES 0N/A * are new to v2.01 */ 0N/A /* These are new to v2.0 */ 0N/A /* These are new to v2.11 */ 0N/A /* These are new to v2.0 */ 0N/A /* These are new to v2.01 */ 0N/A /* flags: bit flags that provide capabilities of the slot 0N/A /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ 0N/A /* The following MGFs are defined */ 3645N/A // new for v2.20 amendment 3 0N/A /* The following encoding parameter sources are defined */ 0N/A /* The following PRFs are defined in PKCS #5 v2.0. */ 0N/A /* The following salt value sources are defined in PKCS #5 v2.0. */ 0N/A /* the following EC Key Derivation Functions are defined */ 0N/A /* the following X9.42 Diffie-Hellman Key Derivation Functions are defined */ 0N/A // private NSS attribute (for DSA and DH private keys) 0N/A // base number of NSS private attributes 0N/A // object type for NSS trust 0N/A // base number for NSS trust attributes 0N/A // attributes for NSS trust 0N/A // trust values for each of the NSS trust attributes