| blob | b36e0dbd26347a7b630044b2724624a679bccff6 |
1 /* $NetBSD$ */
3 /* pkcs11f.h include file for PKCS #11. */
4 /* Revision: 1.2 */
6 /* License to copy and use this software is granted provided that it is
7 * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
8 * (Cryptoki)" in all material mentioning or referencing this software.
10 * License is also granted to make and use derivative works provided that
11 * such works are identified as "derived from the RSA Security Inc. PKCS #11
12 * Cryptographic Token Interface (Cryptoki)" in all material mentioning or
13 * referencing the derived work.
15 * RSA Security Inc. makes no representations concerning either the
16 * merchantability of this software or the suitability of this software for
17 * any particular purpose. It is provided "as is" without express or implied
18 * warranty of any kind.
19 */
21 /* This header file contains pretty much everything about all the */
22 /* Cryptoki function prototypes. Because this information is */
23 /* used for more than just declaring function prototypes, the */
24 /* order of the functions appearing herein is important, and */
25 /* should not be altered. */
27 /* General-purpose */
29 /* C_Initialize initializes the Cryptoki library. */
31 #ifdef CK_NEED_ARG_LIST
32 (
33 CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets
34 * cast to CK_C_INITIALIZE_ARGS_PTR
35 * and dereferenced */
36 );
37 #endif
40 /* C_Finalize indicates that an application is done with the
41 * Cryptoki library. */
43 #ifdef CK_NEED_ARG_LIST
44 (
45 CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */
46 );
47 #endif
50 /* C_GetInfo returns general information about Cryptoki. */
52 #ifdef CK_NEED_ARG_LIST
53 (
54 CK_INFO_PTR pInfo /* location that receives information */
55 );
56 #endif
59 /* C_GetFunctionList returns the function list. */
61 #ifdef CK_NEED_ARG_LIST
62 (
63 CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to
64 * function list */
65 );
66 #endif
70 /* Slot and token management */
72 /* C_GetSlotList obtains a list of slots in the system. */
74 #ifdef CK_NEED_ARG_LIST
75 (
78 CK_ULONG_PTR pulCount /* receives number of slots */
79 );
80 #endif
83 /* C_GetSlotInfo obtains information about a particular slot in
84 * the system. */
86 #ifdef CK_NEED_ARG_LIST
87 (
89 CK_SLOT_INFO_PTR pInfo /* receives the slot information */
90 );
91 #endif
94 /* C_GetTokenInfo obtains information about a particular token
95 * in the system. */
97 #ifdef CK_NEED_ARG_LIST
98 (
100 CK_TOKEN_INFO_PTR pInfo /* receives the token information */
101 );
102 #endif
105 /* C_GetMechanismList obtains a list of mechanism types
106 * supported by a token. */
108 #ifdef CK_NEED_ARG_LIST
109 (
112 CK_ULONG_PTR pulCount /* gets # of mechs. */
113 );
114 #endif
117 /* C_GetMechanismInfo obtains information about a particular
118 * mechanism possibly supported by a token. */
120 #ifdef CK_NEED_ARG_LIST
121 (
124 CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */
125 );
126 #endif
129 /* C_InitToken initializes a token. */
131 #ifdef CK_NEED_ARG_LIST
132 /* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */
133 (
137 CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */
138 );
139 #endif
142 /* C_InitPIN initializes the normal user's PIN. */
144 #ifdef CK_NEED_ARG_LIST
145 (
148 CK_ULONG ulPinLen /* length in bytes of the PIN */
149 );
150 #endif
153 /* C_SetPIN modifies the PIN of the user who is logged in. */
155 #ifdef CK_NEED_ARG_LIST
156 (
161 CK_ULONG ulNewLen /* length of the new PIN */
162 );
163 #endif
167 /* Session management */
169 /* C_OpenSession opens a session between an application and a
170 * token. */
172 #ifdef CK_NEED_ARG_LIST
173 (
178 CK_SESSION_HANDLE_PTR phSession /* gets session handle */
179 );
180 #endif
183 /* C_CloseSession closes a session between an application and a
184 * token. */
186 #ifdef CK_NEED_ARG_LIST
187 (
188 CK_SESSION_HANDLE hSession /* the session's handle */
189 );
190 #endif
193 /* C_CloseAllSessions closes all sessions with a token. */
195 #ifdef CK_NEED_ARG_LIST
196 (
197 CK_SLOT_ID slotID /* the token's slot */
198 );
199 #endif
202 /* C_GetSessionInfo obtains information about the session. */
204 #ifdef CK_NEED_ARG_LIST
205 (
207 CK_SESSION_INFO_PTR pInfo /* receives session info */
208 );
209 #endif
212 /* C_GetOperationState obtains the state of the cryptographic operation
213 * in a session. */
215 #ifdef CK_NEED_ARG_LIST
216 (
219 CK_ULONG_PTR pulOperationStateLen /* gets state length */
220 );
221 #endif
224 /* C_SetOperationState restores the state of the cryptographic
225 * operation in a session. */
227 #ifdef CK_NEED_ARG_LIST
228 (
233 CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */
234 );
235 #endif
238 /* C_Login logs a user into a token. */
240 #ifdef CK_NEED_ARG_LIST
241 (
245 CK_ULONG ulPinLen /* the length of the PIN */
246 );
247 #endif
250 /* C_Logout logs a user out from a token. */
252 #ifdef CK_NEED_ARG_LIST
253 (
254 CK_SESSION_HANDLE hSession /* the session's handle */
255 );
256 #endif
260 /* Object management */
262 /* C_CreateObject creates a new object. */
264 #ifdef CK_NEED_ARG_LIST
265 (
269 CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */
270 );
271 #endif
274 /* C_CopyObject copies an object, creating a new object for the
275 * copy. */
277 #ifdef CK_NEED_ARG_LIST
278 (
283 CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */
284 );
285 #endif
288 /* C_DestroyObject destroys an object. */
290 #ifdef CK_NEED_ARG_LIST
291 (
293 CK_OBJECT_HANDLE hObject /* the object's handle */
294 );
295 #endif
298 /* C_GetObjectSize gets the size of an object in bytes. */
300 #ifdef CK_NEED_ARG_LIST
301 (
304 CK_ULONG_PTR pulSize /* receives size of object */
305 );
306 #endif
309 /* C_GetAttributeValue obtains the value of one or more object
310 * attributes. */
312 #ifdef CK_NEED_ARG_LIST
313 (
317 CK_ULONG ulCount /* attributes in template */
318 );
319 #endif
322 /* C_SetAttributeValue modifies the value of one or more object
323 * attributes */
325 #ifdef CK_NEED_ARG_LIST
326 (
330 CK_ULONG ulCount /* attributes in template */
331 );
332 #endif
335 /* C_FindObjectsInit initializes a search for token and session
336 * objects that match a template. */
338 #ifdef CK_NEED_ARG_LIST
339 (
342 CK_ULONG ulCount /* attrs in search template */
343 );
344 #endif
347 /* C_FindObjects continues a search for token and session
348 * objects that match a template, obtaining additional object
349 * handles. */
351 #ifdef CK_NEED_ARG_LIST
352 (
356 CK_ULONG_PTR pulObjectCount /* actual # returned */
357 );
358 #endif
361 /* C_FindObjectsFinal finishes a search for token and session
362 * objects. */
364 #ifdef CK_NEED_ARG_LIST
365 (
366 CK_SESSION_HANDLE hSession /* the session's handle */
367 );
368 #endif
372 /* Encryption and decryption */
374 /* C_EncryptInit initializes an encryption operation. */
376 #ifdef CK_NEED_ARG_LIST
377 (
380 CK_OBJECT_HANDLE hKey /* handle of encryption key */
381 );
382 #endif
385 /* C_Encrypt encrypts single-part data. */
387 #ifdef CK_NEED_ARG_LIST
388 (
393 CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */
394 );
395 #endif
398 /* C_EncryptUpdate continues a multiple-part encryption
399 * operation. */
401 #ifdef CK_NEED_ARG_LIST
402 (
407 CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */
408 );
409 #endif
412 /* C_EncryptFinal finishes a multiple-part encryption
413 * operation. */
415 #ifdef CK_NEED_ARG_LIST
416 (
419 CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */
420 );
421 #endif
424 /* C_DecryptInit initializes a decryption operation. */
426 #ifdef CK_NEED_ARG_LIST
427 (
430 CK_OBJECT_HANDLE hKey /* handle of decryption key */
431 );
432 #endif
435 /* C_Decrypt decrypts encrypted data in a single part. */
437 #ifdef CK_NEED_ARG_LIST
438 (
443 CK_ULONG_PTR pulDataLen /* gets p-text size */
444 );
445 #endif
448 /* C_DecryptUpdate continues a multiple-part decryption
449 * operation. */
451 #ifdef CK_NEED_ARG_LIST
452 (
457 CK_ULONG_PTR pulPartLen /* p-text size */
458 );
459 #endif
462 /* C_DecryptFinal finishes a multiple-part decryption
463 * operation. */
465 #ifdef CK_NEED_ARG_LIST
466 (
469 CK_ULONG_PTR pulLastPartLen /* p-text size */
470 );
471 #endif
475 /* Message digesting */
477 /* C_DigestInit initializes a message-digesting operation. */
479 #ifdef CK_NEED_ARG_LIST
480 (
482 CK_MECHANISM_PTR pMechanism /* the digesting mechanism */
483 );
484 #endif
487 /* C_Digest digests data in a single part. */
489 #ifdef CK_NEED_ARG_LIST
490 (
495 CK_ULONG_PTR pulDigestLen /* gets digest length */
496 );
497 #endif
500 /* C_DigestUpdate continues a multiple-part message-digesting
501 * operation. */
503 #ifdef CK_NEED_ARG_LIST
504 (
507 CK_ULONG ulPartLen /* bytes of data to be digested */
508 );
509 #endif
512 /* C_DigestKey continues a multi-part message-digesting
513 * operation, by digesting the value of a secret key as part of
514 * the data already digested. */
516 #ifdef CK_NEED_ARG_LIST
517 (
519 CK_OBJECT_HANDLE hKey /* secret key to digest */
520 );
521 #endif
524 /* C_DigestFinal finishes a multiple-part message-digesting
525 * operation. */
527 #ifdef CK_NEED_ARG_LIST
528 (
531 CK_ULONG_PTR pulDigestLen /* gets byte count of digest */
532 );
533 #endif
537 /* Signing and MACing */
539 /* C_SignInit initializes a signature (private key encryption)
540 * operation, where the signature is (will be) an appendix to
541 * the data, and plaintext cannot be recovered from the
542 *signature. */
544 #ifdef CK_NEED_ARG_LIST
545 (
548 CK_OBJECT_HANDLE hKey /* handle of signature key */
549 );
550 #endif
553 /* C_Sign signs (encrypts with private key) data in a single
554 * part, where the signature is (will be) an appendix to the
555 * data, and plaintext cannot be recovered from the signature. */
557 #ifdef CK_NEED_ARG_LIST
558 (
563 CK_ULONG_PTR pulSignatureLen /* gets signature length */
564 );
565 #endif
568 /* C_SignUpdate continues a multiple-part signature operation,
569 * where the signature is (will be) an appendix to the data,
570 * and plaintext cannot be recovered from the signature. */
572 #ifdef CK_NEED_ARG_LIST
573 (
576 CK_ULONG ulPartLen /* count of bytes to sign */
577 );
578 #endif
581 /* C_SignFinal finishes a multiple-part signature operation,
582 * returning the signature. */
584 #ifdef CK_NEED_ARG_LIST
585 (
588 CK_ULONG_PTR pulSignatureLen /* gets signature length */
589 );
590 #endif
593 /* C_SignRecoverInit initializes a signature operation, where
594 * the data can be recovered from the signature. */
596 #ifdef CK_NEED_ARG_LIST
597 (
600 CK_OBJECT_HANDLE hKey /* handle of the signature key */
601 );
602 #endif
605 /* C_SignRecover signs data in a single operation, where the
606 * data can be recovered from the signature. */
608 #ifdef CK_NEED_ARG_LIST
609 (
614 CK_ULONG_PTR pulSignatureLen /* gets signature length */
615 );
616 #endif
620 /* Verifying signatures and MACs */
622 /* C_VerifyInit initializes a verification operation, where the
623 * signature is an appendix to the data, and plaintext cannot
624 * cannot be recovered from the signature (e.g. DSA). */
626 #ifdef CK_NEED_ARG_LIST
627 (
630 CK_OBJECT_HANDLE hKey /* verification key */
631 );
632 #endif
635 /* C_Verify verifies a signature in a single-part operation,
636 * where the signature is an appendix to the data, and plaintext
637 * cannot be recovered from the signature. */
639 #ifdef CK_NEED_ARG_LIST
640 (
645 CK_ULONG ulSignatureLen /* signature length*/
646 );
647 #endif
650 /* C_VerifyUpdate continues a multiple-part verification
651 * operation, where the signature is an appendix to the data,
652 * and plaintext cannot be recovered from the signature. */
654 #ifdef CK_NEED_ARG_LIST
655 (
658 CK_ULONG ulPartLen /* length of signed data */
659 );
660 #endif
663 /* C_VerifyFinal finishes a multiple-part verification
664 * operation, checking the signature. */
666 #ifdef CK_NEED_ARG_LIST
667 (
670 CK_ULONG ulSignatureLen /* signature length */
671 );
672 #endif
675 /* C_VerifyRecoverInit initializes a signature verification
676 * operation, where the data is recovered from the signature. */
678 #ifdef CK_NEED_ARG_LIST
679 (
682 CK_OBJECT_HANDLE hKey /* verification key */
683 );
684 #endif
687 /* C_VerifyRecover verifies a signature in a single-part
688 * operation, where the data is recovered from the signature. */
690 #ifdef CK_NEED_ARG_LIST
691 (
696 CK_ULONG_PTR pulDataLen /* gets signed data len */
697 );
698 #endif
702 /* Dual-function cryptographic operations */
704 /* C_DigestEncryptUpdate continues a multiple-part digesting
705 * and encryption operation. */
707 #ifdef CK_NEED_ARG_LIST
708 (
713 CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
714 );
715 #endif
718 /* C_DecryptDigestUpdate continues a multiple-part decryption and
719 * digesting operation. */
721 #ifdef CK_NEED_ARG_LIST
722 (
727 CK_ULONG_PTR pulPartLen /* gets plaintext len */
728 );
729 #endif
732 /* C_SignEncryptUpdate continues a multiple-part signing and
733 * encryption operation. */
735 #ifdef CK_NEED_ARG_LIST
736 (
741 CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */
742 );
743 #endif
746 /* C_DecryptVerifyUpdate continues a multiple-part decryption and
747 * verify operation. */
749 #ifdef CK_NEED_ARG_LIST
750 (
755 CK_ULONG_PTR pulPartLen /* gets p-text length */
756 );
757 #endif
761 /* Key management */
763 /* C_GenerateKey generates a secret key, creating a new key
764 * object. */
766 #ifdef CK_NEED_ARG_LIST
767 (
772 CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */
773 );
774 #endif
777 /* C_GenerateKeyPair generates a public-key/private-key pair,
778 * creating new key objects. */
780 #ifdef CK_NEED_ARG_LIST
781 (
783 * handle */
785 * mech. */
787 * for pub.
788 * key */
790 * attrs. */
792 * for priv.
793 * key */
795 * attrs. */
797 * key
798 * handle */
799 CK_OBJECT_HANDLE_PTR phPrivateKey /* gets
800 * priv. key
801 * handle */
802 );
803 #endif
806 /* C_WrapKey wraps (i.e., encrypts) a key. */
808 #ifdef CK_NEED_ARG_LIST
809 (
815 CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */
816 );
817 #endif
820 /* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new
821 * key object. */
823 #ifdef CK_NEED_ARG_LIST
824 (
832 CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
833 );
834 #endif
837 /* C_DeriveKey derives a key from a base key, creating a new key
838 * object. */
840 #ifdef CK_NEED_ARG_LIST
841 (
847 CK_OBJECT_HANDLE_PTR phKey /* gets new handle */
848 );
849 #endif
853 /* Random number generation */
855 /* C_SeedRandom mixes additional seed material into the token's
856 * random number generator. */
858 #ifdef CK_NEED_ARG_LIST
859 (
862 CK_ULONG ulSeedLen /* length of seed material */
863 );
864 #endif
867 /* C_GenerateRandom generates random data. */
869 #ifdef CK_NEED_ARG_LIST
870 (
873 CK_ULONG ulRandomLen /* # of bytes to generate */
874 );
875 #endif
879 /* Parallel function management */
881 /* C_GetFunctionStatus is a legacy function; it obtains an
882 * updated status of a function running in parallel with an
883 * application. */
885 #ifdef CK_NEED_ARG_LIST
886 (
887 CK_SESSION_HANDLE hSession /* the session's handle */
888 );
889 #endif
892 /* C_CancelFunction is a legacy function; it cancels a function
893 * running in parallel. */
895 #ifdef CK_NEED_ARG_LIST
896 (
897 CK_SESSION_HANDLE hSession /* the session's handle */
898 );
899 #endif
903 /* Functions added in for Cryptoki Version 2.01 or later */
905 /* C_WaitForSlotEvent waits for a slot event (token insertion,
906 * removal, etc.) to occur. */
908 #ifdef CK_NEED_ARG_LIST
909 (
912 CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */
913 );
914 #endif