Expand description
This module is basically a full conversion of the pkcs11t.h
C header file.
Structs
Enums
Constants
The following attribute types are defined:
The following certificate types are defined:
The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which
consists of an array of values.
CKF_CLOCK_ON_TOKEN. If it is set, that means
that the token has some sort of clock. The time on that
clock is returned in the token info structure
CKF_DONT_BLOCK is for the function C_WaitForSlotEvent
CKF_DUAL_CRYPTO_OPERATIONS. If it is true,
that means that a single session with the token can perform
dual simultaneous cryptographic operations (digest and
encrypt; decrypt and digest; sign and encrypt; and decrypt
and sign)
Describe a token’s EC capabilities not available in mechanism
information.
Specify whether or not a mechanism can be used for a particular task
The flags are defined as follows:
hardware slot
user must login
CKF_PROTECTED_AUTHENTICATION_PATH. If it is
set, that means that there is some way for the user to login
without sending a PIN through the Cryptoki library itself
removable devices
CKF_RESTORE_KEY_NOT_NEEDED. If it is set,
that means that every time the state of cryptographic
operations of a session is successfully saved, all keys
needed to continue those operations are stored in the state
has random # generator
session is r/w
CKF_SECONDARY_AUTHENTICATION. If it is
true, the token supports secondary authentication for
private key objects.
no parallel
CKF_SO_PIN_COUNT_LOW. If it is true, an
incorrect SO login PIN has been entered at least once since
the last successful authentication.
CKF_SO_PIN_FINAL_TRY. If it is true,
supplying an incorrect SO PIN will it to become locked.
CKF_SO_PIN_LOCKED. If it is true, the SO
PIN has been locked. SO login to the token is not possible.
CKF_SO_PIN_TO_BE_CHANGED. If it is true,
the SO PIN value is the default value set by token
initialization or manufacturing, or the PIN has been
expired by the card.
CKF_TOKEN_INITIALIZED. If it is true, the
token has been initialized using C_InitializeToken or an
equivalent mechanism outside the scope of PKCS #11.
Calling C_InitializeToken when this flag is set will cause
the token to be reinitialized.
a token is there
CKF_USER_PIN_COUNT_LOW. If it is true, an
incorrect user login PIN has been entered at least once
since the last successful authentication.
CKF_USER_PIN_FINAL_TRY. If it is true,
supplying an incorrect user PIN will it to become locked.
normal user’s PIN is set
CKF_USER_PIN_LOCKED. If it is true, the
user PIN has been locked. User login to the token is not
possible.
CKF_USER_PIN_TO_BE_CHANGED. If it is true,
the user PIN value is the default value set by token
initialization or manufacturing, or the PIN has been
expired by the card.
token is write-protected
The following MGFs are defined
The following hardware feature types are defined
the following key types are defined:
WAS: 0x00001090
WAS: 0x00001091
Note that CAST128 and CAST5 are the same algorithm
the following mechanism types are defined:
The following classes of objects are defined:
Context specific
Security Officer
Normal user
The following encoding parameter sources are defined
The following salt value sources are defined in PKCS #5 v2.0.
The following value is always invalid if used as a session
handle or object handle
The following OTP-related defines relate to the CKA_OTP_FORMAT attribute
The following OTP-related defines relate to the CKA_OTP_…_REQUIREMENT
attributes
Type Definitions
CK_ATTRIBUTE_TYPE is a value that identifies an attribute
type
a BYTE-sized Boolean flag
CK_CERTIFICATE_TYPE is a value that identifies a certificate
type
an unsigned 8-bit character
CK_CREATEMUTEX is an application callback for creating a
mutex object
CK_DESTROYMUTEX is an application callback for destroying a
mutex object
The CK_EXTRACT_PARAMS is used for the
CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit
of the base key should be used as the first bit of the
derived key
at least 32 bits; each bit is a Boolean flag
CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type
of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE.
CK_KEY_TYPE is a value that identifies a key type
CK_LOCKMUTEX is an application callback for locking a mutex
CK_MAC_GENERAL_PARAMS provides the parameters to most block
ciphers’ MAC_GENERAL mechanisms. Its value is the length of
the MAC
CK_MECHANISM_TYPE is a value that identifies a mechanism
type
CK_NOTIFICATION enumerates the types of notifications that
Cryptoki provides to an application
CK_NOTIFY is an application callback that processes events
CK_OBJECT_CLASS is a value that identifies the classes (or
types) of objects that Cryptoki recognizes. It is defined
as follows:
CK_OBJECT_HANDLE is a token-specific identifier for an
object
backward compatibility
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
indicate the Pseudo-Random Function (PRF) used to generate
key bits using PKCS #5 PBKDF2.
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
source of the salt value when deriving a key using PKCS #5
PBKDF2.
CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and
CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just
holds the effective keysize
CK_RSA_PKCS_MGF_TYPE is used to indicate the Message
Generation Function (MGF) applied to a message block when
formatting a message block for the PKCS #1 OAEP encryption
scheme.
CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
of the encoding parameter when formatting a message block
for the PKCS #1 OAEP encryption scheme.
CK_RV is a value that identifies the return value of a
Cryptoki function
CK_SESSION_HANDLE is a Cryptoki-assigned value that
identifies a session
CK_UNLOCKMUTEX is an application callback for unlocking a
mutex
CK_USER_TYPE enumerates the types of Cryptoki users
an 8-bit UTF-8 character
Pointer to a CK_VOID_PTR– i.e., pointer to pointer to void
Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
CKM_X9_42_DH_PARAMETER_GEN mechanisms