/* pkcs11t.h include file for PKCS #11. */
/* $Revision: 1.6 $ */
/* License to copy and use this software is granted provided that it is
* identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
* (Cryptoki)" in all material mentioning or referencing this software.
* License is also granted to make and use derivative works provided that
* such works are identified as "derived from the RSA Security Inc. PKCS #11
* Cryptographic Token Interface (Cryptoki)" in all material mentioning or
* referencing the derived work.
* RSA Security Inc. makes no representations concerning either the
* merchantability of this software or the suitability of this software for
* any particular purpose. It is provided "as is" without express or implied
* warranty of any kind.
*/
/* See top of pkcs11.h for information about the macros that
* must be defined and the structure-packing conventions that
* must be set before including this file. */
#ifndef _PKCS11T_H_
#define CK_FALSE 0
#ifndef CK_DISABLE_TRUE_FALSE
#ifndef FALSE
#endif
#ifndef TRUE
#endif
#endif
/* an unsigned 8-bit value */
typedef unsigned char CK_BYTE;
/* an unsigned 8-bit character */
/* an 8-bit UTF-8 character */
/* a BYTE-sized Boolean flag */
/* an unsigned value, at least 32 bits long */
typedef unsigned long int CK_ULONG;
/* a signed value, the same size as a CK_ULONG */
/* CK_LONG is new for v2.0 */
typedef long int CK_LONG;
/* at least 32 bits; each bit is a Boolean flag */
/* some special values for certain CK_ULONG variables */
#define CK_EFFECTIVELY_INFINITE 0
/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */
/* The following value is always invalid if used as a session */
/* handle or object handle */
#define CK_INVALID_HANDLE 0
typedef struct CK_VERSION {
} CK_VERSION;
typedef struct CK_INFO {
/* manufacturerID and libraryDecription have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
/* libraryDescription and libraryVersion are new for v2.0 */
} CK_INFO;
/* CK_NOTIFICATION enumerates the types of notifications that
* Cryptoki provides to an application */
/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
* for v2.0 */
#define CKN_SURRENDER 0
/* CK_SLOT_INFO provides information about a slot */
typedef struct CK_SLOT_INFO {
/* slotDescription and manufacturerID have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
/* hardwareVersion and firmwareVersion are new for v2.0 */
} CK_SLOT_INFO;
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
/* CK_TOKEN_INFO provides information about a token */
typedef struct CK_TOKEN_INFO {
/* label, manufacturerID, and model have been changed from
* CK_CHAR to CK_UTF8CHAR for v2.10 */
/* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
* ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
* changed from CK_USHORT to CK_ULONG for v2.0 */
/* hardwareVersion, firmwareVersion, and time are new for
* v2.0 */
/* The flags parameter is defined as follows:
* Bit Flag Mask Meaning
*/
* generator */
* write-
* protected */
* login */
* PIN is set */
/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
* needed to continue those operations are stored in the state */
/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure */
/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself */
/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and
* encrypt; decrypt and digest; sign and encrypt; and decrypt
* and sign) */
/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of PKCS #11.
* Calling C_InitializeToken when this flag is set will cause
* the token to be reinitialized. */
/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
* true, the token supports secondary authentication for
* private key objects. This flag is deprecated in v2.11 and
onwards. */
/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect user login PIN has been entered at least once
* since the last successful authentication. */
/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect user PIN will it to become locked. */
/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
* user PIN has been locked. User login to the token is not
* possible. */
/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the user PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card. */
/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect SO login PIN has been entered at least once since
* the last successful authentication. */
/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect SO PIN will it to become locked. */
/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO
* PIN has been locked. SO login to the token is not possible.
*/
/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the SO PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
* expired by the card. */
/* CK_SESSION_HANDLE is a Cryptoki-assigned value that
* identifies a session */
/* CK_USER_TYPE enumerates the types of Cryptoki users */
/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
* v2.0 */
/* Security Officer */
#define CKU_SO 0
/* Normal user */
/* Context specific (added in v2.20) */
/* CK_STATE enumerates the session states */
/* CK_STATE has been changed from an enum to a CK_ULONG for
* v2.0 */
#define CKS_RO_PUBLIC_SESSION 0
/* CK_SESSION_INFO provides information about a session */
typedef struct CK_SESSION_INFO {
/* ulDeviceError was changed from CK_USHORT to CK_ULONG for
* v2.0 */
/* The flags are defined in the following table:
* Bit Flag Mask Meaning
*/
/* CK_OBJECT_HANDLE is a token-specific identifier for an
* object */
/* CK_OBJECT_CLASS is a value that identifies the classes (or
* types) of objects that Cryptoki recognizes. It is defined
* as follows: */
/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
* v2.0 */
/* The following classes of objects are defined: */
/* CKO_HW_FEATURE is new for v2.10 */
/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
/* CKO_MECHANISM is new for v2.20 */
/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
* value that identifies the hardware feature type of an object
* with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
/* The following hardware feature types are defined */
/* CKH_USER_INTERFACE is new for v2.20 */
/* CK_KEY_TYPE is a value that identifies a key type */
/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
/* the following key types are defined: */
/* CKK_ECDSA and CKK_KEA are new for v2.0 */
/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
/* all these key types are new for v2.0 */
/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */
/* BlowFish and TwoFish are new for v2.20 */
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
* type */
/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
* for v2.0 */
/* The following certificate types are defined: */
/* CKC_X_509_ATTR_CERT is new for v2.10 */
/* CKC_WTLS is new for v2.20 */
/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
* type */
/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
* v2.0 */
/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
consists of an array of values. */
/* The following attribute types are defined: */
/* CKA_OBJECT_ID is new for v2.10 */
/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
* for v2.10 */
/* CKA_TRUSTED is new for v2.11 */
/* CKA_CERTIFICATE_CATEGORY ...
* CKA_CHECK_VALUE are new for v2.20 */
/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
/* (To retain backwards-compatibility) */
/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
* CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
* and CKA_EC_POINT are new for v2.0 */
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
/* CKA_ECDSA_PARAMS is deprecated in v2.11,
* CKA_EC_PARAMS is preferred. */
/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS,
* are new for v2.10. Deprecated in v2.11 and onwards. */
/* CKA_ALWAYS_AUTHENTICATE ...
* CKA_UNWRAP_TEMPLATE are new for v2.20 */
/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
* are new for v2.10 */
/* The following attributes are new for v2.20 */
/* CK_ATTRIBUTE is a structure that includes the type, length
* and value of an attribute */
typedef struct CK_ATTRIBUTE {
/* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
} CK_ATTRIBUTE;
/* CK_DATE is a structure that defines a date */
typedef struct CK_DATE{
} CK_DATE;
/* CK_MECHANISM_TYPE is a value that identifies a mechanism
* type */
/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
* v2.0 */
/* the following mechanism types are defined: */
/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
* are new for v2.0. They are mechanisms which hash and sign */
/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
* CKM_RSA_PKCS_OAEP are new for v2.10 */
/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
* CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
* CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
* v2.11 */
/* CKM_SHA256/384/512 are new for v2.20 */
/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
* CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
* CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
/* the following four DES mechanisms are new for v2.20 */
/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
* CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
* and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
/* CKM_SHA256/384/512 are new for v2.20 */
/* All of the following mechanisms are new for v2.0 */
/* Note that CAST128 and CAST5 are the same algorithm */
/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
* CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
* CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
/* CKM_TLS_PRF is new for v2.20 */
/* CKM_SHA256/384/512 are new for v2.20 */
/* CKM_PKCS5_PBKD2 is new for v2.10 */
/* WTLS mechanisms are new for v2.20 */
/* CKM_CMS_SIG is new for v2.20 */
/* Fortezza mechanisms */
/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11,
* CKM_EC_KEY_PAIR_GEN is preferred */
/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
* are new for v2.11 */
/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
* CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
* CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
* new for v2.11 */
/* BlowFish and TwoFish are new for v2.20 */
/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
/* CK_MECHANISM is a structure that specifies a particular
* mechanism */
typedef struct CK_MECHANISM {
/* ulParameterLen was changed from CK_USHORT to CK_ULONG for
* v2.0 */
} CK_MECHANISM;
/* CK_MECHANISM_INFO provides information about a particular
* mechanism */
typedef struct CK_MECHANISM_INFO {
/* The flags are defined as follows:
* Bit Flag Mask Meaning */
/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
* CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
* CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
* and CKF_DERIVE are new for v2.0. They specify whether or not
* a mechanism can be used for a particular task */
/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
* CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
* describe a token's EC capabilities not available in mechanism
* information. */
/* CK_RV is a value that identifies the return value of a
* Cryptoki function */
/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
/* CKR_FLAGS_INVALID was removed for v2.0 */
/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
* and CKR_CANT_LOCK are new for v2.01 */
/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
/* CKR_KEY_SENSITIVE was removed for v2.0 */
/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
* CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
* CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
* v2.0 */
/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID
* were removed for v2.0 */
/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
/* CKR_SESSION_READ_ONLY_EXISTS and
* CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
* are new to v2.01 */
/* These are new to v2.0 */
/* These are new to v2.11 */
/* These are new to v2.0 */
/* These are new to v2.01 */
/* This is new to v2.20 */
/* CK_NOTIFY is an application callback that processes events */
);
/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec
* version and pointers of appropriate types to all the
* Cryptoki functions */
/* CK_FUNCTION_LIST is new for v2.0 */
/* CK_CREATEMUTEX is an application callback for creating a
* mutex object */
);
/* CK_DESTROYMUTEX is an application callback for destroying a
* mutex object */
);
/* CK_LOCKMUTEX is an application callback for locking a mutex */
);
/* CK_UNLOCKMUTEX is an application callback for unlocking a
* mutex */
);
/* CK_C_INITIALIZE_ARGS provides the optional arguments to
* C_Initialize */
typedef struct CK_C_INITIALIZE_ARGS {
/* flags: bit flags that provide capabilities of the slot
* Bit Flag Mask Meaning
*/
/* additional flags for parameters to functions */
/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */
/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
* Generation Function (MGF) applied to a message block when
* formatting a message block for the PKCS #1 OAEP encryption
* scheme. */
/* The following MGFs are defined */
/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
* are new for v2.20 */
/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
* of the encoding parameter when formatting a message block
* for the PKCS #1 OAEP encryption scheme. */
/* The following encoding parameter sources are defined */
/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
* CKM_RSA_PKCS_OAEP mechanism. */
typedef struct CK_RSA_PKCS_OAEP_PARAMS {
/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
* CKM_RSA_PKCS_PSS mechanism(s). */
typedef struct CK_RSA_PKCS_PSS_PARAMS {
/* CK_EC_KDF_TYPE is new for v2.11. */
/* The following EC Key Derivation Functions are defined */
/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
* CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
* where each party contributes one key pair.
*/
typedef struct CK_ECDH1_DERIVE_PARAMS {
/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
* CK_ECDH2_DERIVE_PARAMS provides the parameters to the
* CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
typedef struct CK_ECDH2_DERIVE_PARAMS {
typedef struct CK_ECMQV_DERIVE_PARAMS {
/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
* CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
/* The following X9.42 DH key derivation functions are defined
(besides CKD_NULL already defined : */
/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
* contributes one key pair */
typedef struct CK_X9_42_DH1_DERIVE_PARAMS {
/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
* mechanisms, where each party contributes two key pairs */
typedef struct CK_X9_42_DH2_DERIVE_PARAMS {
typedef struct CK_X9_42_MQV_DERIVE_PARAMS {
/* CK_KEA_DERIVE_PARAMS provides the parameters to the
* CKM_KEA_DERIVE mechanism */
/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
typedef struct CK_KEA_DERIVE_PARAMS {
/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
* CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
* holds the effective keysize */
/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC
* mechanism */
typedef struct CK_RC2_CBC_PARAMS {
/* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
* v2.0 */
/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC2_MAC_GENERAL mechanism */
/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC2_MAC_GENERAL_PARAMS {
typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR \
/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
* CKM_RC5_MAC mechanisms */
/* CK_RC5_PARAMS is new for v2.0 */
typedef struct CK_RC5_PARAMS {
/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
* mechanism */
/* CK_RC5_CBC_PARAMS is new for v2.0 */
typedef struct CK_RC5_CBC_PARAMS {
/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC5_MAC_GENERAL mechanism */
/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC5_MAC_GENERAL_PARAMS {
typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR \
/* CK_MAC_GENERAL_PARAMS provides the parameters to most block
* ciphers' MAC_GENERAL mechanisms. Its value is the length of
* the MAC */
/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS {
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
* CKM_SKIPJACK_PRIVATE_WRAP mechanism */
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR \
/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
* CKM_SKIPJACK_RELAYX mechanism */
/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_RELAYX_PARAMS {
typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR \
typedef struct CK_PBE_PARAMS {
/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
* CKM_KEY_WRAP_SET_OAEP mechanism */
/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR \
typedef struct CK_SSL3_RANDOM_DATA {
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS {
typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR \
typedef struct CK_SSL3_KEY_MAT_OUT {
typedef struct CK_SSL3_KEY_MAT_PARAMS {
/* CK_TLS_PRF_PARAMS is new for version 2.20 */
typedef struct CK_TLS_PRF_PARAMS {
/* WTLS is new for version 2.20 */
typedef struct CK_WTLS_RANDOM_DATA {
typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS {
typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR \
typedef struct CK_WTLS_PRF_PARAMS {
typedef struct CK_WTLS_KEY_MAT_OUT {
typedef struct CK_WTLS_KEY_MAT_PARAMS {
/* CMS is new for version 2.20 */
typedef struct CK_CMS_SIG_PARAMS {
typedef struct CK_KEY_DERIVATION_STRING_DATA {
typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR \
/* The CK_EXTRACT_PARAMS is used for the
* CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
* of the base key should be used as the first bit of the
* derived key */
/* CK_EXTRACT_PARAMS is new for v2.0 */
/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
* indicate the Pseudo-Random Function (PRF) used to generate
* key bits using PKCS #5 PBKDF2. */
typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
/* The following PRFs are defined in PKCS #5 v2.0. */
/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
* source of the salt value when deriving a key using PKCS #5
* PBKDF2. */
/* The following salt value sources are defined in PKCS #5 v2.0. */
/* CK_PKCS5_PBKD2_PARAMS is new for v2.10.
* CK_PKCS5_PBKD2_PARAMS is a structure that provides the
* parameters to the CKM_PKCS5_PBKD2 mechanism. */
typedef struct CK_PKCS5_PBKD2_PARAMS {
#endif