#[non_exhaustive]pub enum Mechanism<'a> {
Show 67 variants
AesKeyGen,
AesCbc([u8; 16]),
AesCbcPad([u8; 16]),
AesEcb,
AesKeyWrap,
AesKeyWrapPad,
AesGcm(GcmParams<'a>),
AesGcmMessage(GcmMessageParams<'a>),
AesCbcEncryptData(AesCbcDeriveParams<'a>),
AesCMac,
RsaPkcsKeyPairGen,
RsaPkcs,
RsaPkcsPss(PkcsPssParams),
RsaPkcsOaep(PkcsOaepParams<'a>),
RsaX509,
DesKeyGen,
Des2KeyGen,
Des3KeyGen,
DesCbc([u8; 8]),
Des3Cbc([u8; 8]),
DesCbcPad([u8; 8]),
Des3CbcPad([u8; 8]),
DesEcb,
Des3Ecb,
EccKeyPairGen,
EccEdwardsKeyPairGen,
EccMontgomeryKeyPairGen,
Ecdh1Derive(Ecdh1DeriveParams<'a>),
Ecdsa,
EcdsaSha1,
EcdsaSha224,
EcdsaSha256,
EcdsaSha384,
EcdsaSha512,
Eddsa(EddsaParams<'a>),
Sha1,
Sha224,
Sha256,
Sha384,
Sha512,
Sha1RsaPkcs,
Sha224RsaPkcs,
Sha256RsaPkcs,
Sha384RsaPkcs,
Sha512RsaPkcs,
Sha1RsaPkcsPss(PkcsPssParams),
Sha256RsaPkcsPss(PkcsPssParams),
Sha384RsaPkcsPss(PkcsPssParams),
Sha512RsaPkcsPss(PkcsPssParams),
Sha1Hmac,
Sha224Hmac,
Sha256Hmac,
Sha384Hmac,
Sha512Hmac,
Sha1KeyGen,
Sha224KeyGen,
Sha256KeyGen,
Sha384KeyGen,
Sha512KeyGen,
GenericSecretKeyGen,
HkdfKeyGen,
HkdfDerive(HkdfParams<'a>),
HkdfData(HkdfParams<'a>),
KbkdfCounter(KbkdfParams<'a>),
KbkdfFeedback(KbkdfFeedbackParams<'a>),
KbkdfDoublePipeline(KbkdfParams<'a>),
VendorDefined(VendorDefinedMechanism<'a>),
}Expand description
Type defining a specific mechanism and its parameters
Variants (Non-exhaustive)§
This enum is marked as non-exhaustive
AesKeyGen
AES key gen mechanism
AesCbc([u8; 16])
AES-CBC mechanism
The parameter to this mechanism is the initialization vector.
For encryption, the message length must be a multiple of the block size. For wrapping, the mechanism encrypts the value of the key, padded on the trailing end with up to block size minus one null bytes. For unwrapping, the result is truncated according to the key type and the length provided by the template.
AesCbcPad([u8; 16])
AES-CBC with PKCS#7 padding mechanism
The parameter to this mechanism is the initialization vector.
The plaintext may be any size. The PKCS#7 padding allows the length of the plaintext to be recovered from the ciphertext. Therefore no length should be provided when unwrapping keys with this mechanism.
AesEcb
AES in ECB mode
AesKeyWrap
AES key wrap
AesKeyWrapPad
AES key wrap with padding block
AesGcm(GcmParams<'a>)
AES-GCM mechanism
AesGcmMessage(GcmMessageParams<'a>)
AES-GCM mechanism with message based API and parameters
AesCbcEncryptData(AesCbcDeriveParams<'a>)
AES-CBC-ENCRYPT-DATA mechanism
The parameter to this mechanism is the initialization vector and the message to encrypt. These mechanisms allow derivation of keys using the result of an encryption operation as the key value.
For derivation, the message length must be a multiple of the block size. See https://www.cryptsoft.com/pkcs11doc/v220/.
AesCMac
AES CMAC (RFC 4493)
RsaPkcsKeyPairGen
PKCS #1 RSA key pair generation mechanism
RsaPkcs
Multi-purpose mechanism based on the RSA public-key cryptosystem and the block formats initially defined in PKCS #1 v1.5
RsaPkcsPss(PkcsPssParams)
Mechanism based on the RSA public-key cryptosystem and the PSS block format defined in PKCS #1
RsaPkcsOaep(PkcsOaepParams<'a>)
Multi-purpose mechanism based on the RSA public-key cryptosystem and the OAEP block format defined in PKCS #1
RsaX509
Multi-purpose mechanism based on the RSA public-key cryptosystem. This is so-called “raw” RSA, as assumed in X.509.
DesKeyGen
DES
Des2KeyGen
DES2
Des3KeyGen
DES3
DesCbc([u8; 8])
DES-CBC mechanism
The parameter to this mechanism is the initialization vector.
For encryption, the message length must be a multiple of the block size. For wrapping, the mechanism encrypts the value of the key, padded on the trailing end with up to block size minus one null bytes. For unwrapping, the result is truncated according to the key type and the length provided by the template.
Des3Cbc([u8; 8])
DES3-CBC mechanism
The parameter to this mechanism is the initialization vector.
For encryption, the message length must be a multiple of the block size. For wrapping, the mechanism encrypts the value of the key, padded on the trailing end with up to block size minus one null bytes. For unwrapping, the result is truncated according to the key type and the length provided by the template.
DesCbcPad([u8; 8])
DES-CBC with PKCS#7 padding mechanism
The parameter to this mechanism is the initialization vector.
The plaintext may be any size. The PKCS#7 padding allows the length of the plaintext to be recovered from the ciphertext. Therefore no length should be provided when unwrapping keys with this mechanism.
Des3CbcPad([u8; 8])
DES3-CBC with PKCS#7 padding mechanism
The parameter to this mechanism is the initialization vector.
The plaintext may be any size. The PKCS#7 padding allows the length of the plaintext to be recovered from the ciphertext. Therefore no length should be provided when unwrapping keys with this mechanism.
DesEcb
DES ECB
Des3Ecb
DES3 ECB
EccKeyPairGen
EC key pair generation
EccEdwardsKeyPairGen
EC edwards key pair generation
EccMontgomeryKeyPairGen
EC montgomery key pair generation
Ecdh1Derive(Ecdh1DeriveParams<'a>)
ECDH
Ecdsa
ECDSA mechanism
EcdsaSha1
ECDSA with SHA-1 mechanism
EcdsaSha224
ECDSA with SHA-224 mechanism
EcdsaSha256
ECDSA with SHA-256 mechanism
EcdsaSha384
ECDSA with SHA-384 mechanism
EcdsaSha512
ECDSA with SHA-512 mechanism
Eddsa(EddsaParams<'a>)
EDDSA mechanism
This mechanism has an optional parameter, a CK_EDDSA_PARAMS structure. The absence or presence of the parameter as well as its content is used to identify which signature scheme is to be used.
Note: EdDSA is not part of the PKCS#11 v2.40 standard and as such may not be understood by some backends. It is included here because some vendor implementations support it through the v2.40 interface.
Sha1
SHA-1 mechanism
Sha224
SHA-224 mechanism
Sha256
SHA-256 mechanism
Sha384
SHA-384 mechanism
Sha512
SHA-512 mechanism
Sha1RsaPkcs
SHA1-RSA-PKCS mechanism
Sha224RsaPkcs
SHA224-RSA-PKCS mechanism
Sha256RsaPkcs
SHA256-RSA-PKCS mechanism
Sha384RsaPkcs
SHA384-RSA-PKCS mechanism
Sha512RsaPkcs
SHA512-RSA-PKCS mechanism
Sha1RsaPkcsPss(PkcsPssParams)
SHA1-RSA-PKCS-PSS mechanism
Sha256RsaPkcsPss(PkcsPssParams)
SHA256-RSA-PKCS-PSS mechanism
Sha384RsaPkcsPss(PkcsPssParams)
SHA256-RSA-PKCS-PSS mechanism
Sha512RsaPkcsPss(PkcsPssParams)
SHA256-RSA-PKCS-PSS mechanism
Sha1Hmac
SHA1-HMAC mechanism
Sha224Hmac
SHA224-HMAC mechanism
Sha256Hmac
SHA256-HMAC mechanism
Sha384Hmac
SHA384-HMAC mechanism
Sha512Hmac
SHA512-HMAC mechanism
Sha1KeyGen
SHA-1 key generation mechanism
Sha224KeyGen
SHA-224 key generation mechanism
Sha256KeyGen
SHA-256 key generation mechanism
Sha384KeyGen
SHA-384 key generation mechanism
Sha512KeyGen
SHA-512 key generation mechanism
GenericSecretKeyGen
GENERIC-SECRET-KEY-GEN mechanism
HkdfKeyGen
HKDF key gen mechanism
HkdfDerive(HkdfParams<'a>)
HKDF-DERIVE mechanism
HkdfData(HkdfParams<'a>)
HKDF-DATA mechanism
KbkdfCounter(KbkdfParams<'a>)
NIST SP 800-108 KDF (aka KBKDF) mechanism in counter-mode
KbkdfFeedback(KbkdfFeedbackParams<'a>)
NIST SP 800-108 KDF (aka KBKDF) mechanism in feedback-mode
KbkdfDoublePipeline(KbkdfParams<'a>)
NIST SP 800-108 KDF (aka KBKDF) mechanism in double pipeline-mode
VendorDefined(VendorDefinedMechanism<'a>)
Vendor defined mechanism
Implementations§
Source§impl Mechanism<'_>
impl Mechanism<'_>
Sourcepub fn mechanism_type(&self) -> MechanismType
pub fn mechanism_type(&self) -> MechanismType
Get the type of a mechanism