[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Inconsistent/missing/unknown definitions in draft headers
I looked over the draft headers [0]. I noticed that at least the following inconsistencies that are present. In the process, I produced a diff of the headers, I noticed that many of the comments in the headers about which version of PKCS#11 introduced which comments were removed. If these were accidentally removed, then the attached diff restores them. Defined but not present in spec: * CKM_CMS_SIG_PARAMS * CKM_ECDSA_SHA224 * CKM_ECDSA_SHA256 * CKM_ECDSA_SHA384 * CKM_ECDSA_SHA512 * CK_DSA_PARAMETER_GEN_PARAMS Missing definitions from spec: * CKA_COPYABLE * CK_CERTIFICATE_CATEGORY * CKM_X9_42_DH_PKCS_PARAMETER_GEN * CK_DSA_PARAMETER_GEN_PARAM * CKM_SHA512_T * CKM_SHA512_T_HMAC * CKM_SHA512_T_HMAC_GENERAL The spec contains different definitions for: * CKK_SHA512_224_HMAC * CKK_SHA512_256_HMAC * CKK_SHA512_T_HMAC * CKM_DSA_SHA224 * CKM_DSA_SHA256 * CKM_DSA_SHA384 * CKM_DSA_SHA512 * CKM_DSA_FIPS_G_GEN * CKM_DSA_PROBABLISTIC_PARAMETER_GEN * CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN * CKM_SHA512_224 * CKM_SHA512_224_HMAC * CKM_SHA512_224_HMAC_GENERAL * CKM_SHA512_256 * CKM_SHA512_256_HMAC * CKM_SHA512_256_HMAC_GENERAL * CKM_SHA512_224_KEY_DERIVATION * CKM_SHA512_256_KEY_DERIVATION * CKM_SHA512_T_KEY_DERIVATION * CKM_TLS10_MAC_SERVER * CKM_TLS10_MAC_CLIENT * CKM_TLS12_MAC * CKM_RSA_AES_KEY_WRAP * CKR_EXCEEDED_MAX_ITERATIONS * CKR_FIPS_SELF_TEST_FAILED * CKR_LIBRARY_LOAD_FAILED * CKR_PIN_TOO_WEAK * CKR_PUBLIC_KEY_INVALID * CKM_AES_CMAC_GENERAL * CKM_AES_CTS Stef [0] https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/54082/pkcs11t.h
--- pkcs11t.v240orig.h 2014-09-15 09:08:54.956521321 +0200 +++ pkcs11t.v240.h 2014-09-15 10:09:42.368890051 +0200 @@ -45,4 +45,5 @@ /* a signed value, the same size as a CK_ULONG */ +/* CK_LONG is new for v2.0 */ typedef long int CK_LONG; @@ -86,4 +87,5 @@ CK_FLAGS flags; /* must be zero */ + /* libraryDescription and libraryVersion are new for v2.0 */ CK_UTF8CHAR libraryDescription[32]; /* blank padded */ CK_VERSION libraryVersion; /* version of library */ @@ -95,6 +97,10 @@ /* CK_NOTIFICATION enumerates the types of notifications that * Cryptoki provides to an application */ +/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG + * for v2.0 */ typedef CK_ULONG CK_NOTIFICATION; #define CKN_SURRENDER 0UL + +/* The following notification is new for PKCS #11 v2.20 amendment 3 */ #define CKN_OTP_CHANGED 1UL @@ -113,4 +119,5 @@ CK_FLAGS flags; + /* hardwareVersion and firmwareVersion are new for v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ @@ -137,4 +144,7 @@ CK_FLAGS flags; /* see below */ + /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, + * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been + * changed from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulMaxSessionCount; /* max open sessions */ CK_ULONG ulSessionCount; /* sess. now open */ @@ -147,4 +157,7 @@ CK_ULONG ulTotalPrivateMemory; /* in bytes */ CK_ULONG ulFreePrivateMemory; /* in bytes */ + + /* hardwareVersion, firmwareVersion, and time are new for + * v2.0 */ CK_VERSION hardwareVersion; /* version of hardware */ CK_VERSION firmwareVersion; /* version of firmware */ @@ -165,5 +178,5 @@ * PIN is set */ -/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set, +/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, * that means that *every* time the state of cryptographic * operations of a session is successfully saved, all keys @@ -171,15 +184,15 @@ #define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL -/* CKF_CLOCK_ON_TOKEN. If it is set, that means +/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means * that the token has some sort of clock. The time on that * clock is returned in the token info structure */ #define CKF_CLOCK_ON_TOKEN 0x00000040UL -/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is +/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is * set, that means that there is some way for the user to login * without sending a PIN through the Cryptoki library itself */ #define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL -/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true, +/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, * that means that a single session with the token can perform * dual simultaneous cryptographic operations (digest and @@ -188,5 +201,5 @@ #define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL -/* CKF_TOKEN_INITIALIZED. If it is true, the +/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the * token has been initialized using C_InitializeToken or an * equivalent mechanism outside the scope of PKCS #11. @@ -195,5 +208,5 @@ #define CKF_TOKEN_INITIALIZED 0x00000400UL -/* CKF_SECONDARY_AUTHENTICATION. If it is +/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is * true, the token supports secondary authentication for * private key objects. This flag is deprecated in v2.11 and @@ -201,19 +214,19 @@ #define CKF_SECONDARY_AUTHENTICATION 0x00000800UL -/* CKF_USER_PIN_COUNT_LOW. If it is true, an +/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an * incorrect user login PIN has been entered at least once * since the last successful authentication. */ #define CKF_USER_PIN_COUNT_LOW 0x00010000UL -/* CKF_USER_PIN_FINAL_TRY. If it is true, +/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, * supplying an incorrect user PIN will it to become locked. */ #define CKF_USER_PIN_FINAL_TRY 0x00020000UL -/* CKF_USER_PIN_LOCKED. If it is true, the +/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the * user PIN has been locked. User login to the token is not * possible. */ #define CKF_USER_PIN_LOCKED 0x00040000UL -/* CKF_USER_PIN_TO_BE_CHANGED. If it is true, +/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, * the user PIN value is the default value set by token * initialization or manufacturing, or the PIN has been @@ -221,10 +234,10 @@ #define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL -/* CKF_SO_PIN_COUNT_LOW. If it is true, an +/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an * incorrect SO login PIN has been entered at least once since * the last successful authentication. */ #define CKF_SO_PIN_COUNT_LOW 0x00100000UL -/* CKF_SO_PIN_FINAL_TRY. If it is true, +/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, * supplying an incorrect SO PIN will it to become locked. */ #define CKF_SO_PIN_FINAL_TRY 0x00200000UL @@ -235,5 +248,5 @@ #define CKF_SO_PIN_LOCKED 0x00400000UL -/* CKF_SO_PIN_TO_BE_CHANGED. If it is true, +/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, * the SO PIN value is the default value set by token * initialization or manufacturing, or the PIN has been @@ -241,4 +254,5 @@ #define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL +/* CKF_ERROR_STATE is new for v2.40 */ #define CKF_ERROR_STATE 0x01000000UL @@ -254,4 +268,6 @@ /* CK_USER_TYPE enumerates the types of Cryptoki users */ +/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for + * v2.0 */ typedef CK_ULONG CK_USER_TYPE; /* Security Officer */ @@ -259,8 +275,10 @@ /* Normal user */ #define CKU_USER 1UL -/* Context specific */ +/* Context specific (added in v2.20) */ #define CKU_CONTEXT_SPECIFIC 2UL /* CK_STATE enumerates the session states */ +/* CK_STATE has been changed from an enum to a CK_ULONG for + * v2.0 */ typedef CK_ULONG CK_STATE; #define CKS_RO_PUBLIC_SESSION 0UL @@ -276,4 +294,7 @@ CK_STATE state; CK_FLAGS flags; /* see below */ + + /* ulDeviceError was changed from CK_USHORT to CK_ULONG for + * v2.0 */ CK_ULONG ulDeviceError; /* device-dependent error code */ } CK_SESSION_INFO; @@ -298,7 +319,12 @@ * types) of objects that Cryptoki recognizes. It is defined * as follows: */ +/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for + * v2.0 */ typedef CK_ULONG CK_OBJECT_CLASS; /* The following classes of objects are defined: */ +/* CKO_HW_FEATURE is new for v2.10 */ +/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ +/* CKO_MECHANISM is new for v2.20 */ #define CKO_DATA 0x00000000UL #define CKO_CERTIFICATE 0x00000001UL @@ -309,4 +335,6 @@ #define CKO_DOMAIN_PARAMETERS 0x00000006UL #define CKO_MECHANISM 0x00000007UL + +/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ #define CKO_OTP_KEY 0x00000008UL @@ -315,5 +343,5 @@ typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; -/* CK_HW_FEATURE_TYPE is a +/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a * value that identifies the hardware feature type of an object * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ @@ -321,4 +349,5 @@ /* The following hardware feature types are defined */ +/* CKH_USER_INTERFACE is new for v2.20 */ #define CKH_MONOTONIC_COUNTER 0x00000001UL #define CKH_CLOCK 0x00000002UL @@ -327,4 +356,5 @@ /* CK_KEY_TYPE is a value that identifies a key type */ +/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_KEY_TYPE; @@ -333,4 +363,6 @@ #define CKK_DSA 0x00000001UL #define CKK_DH 0x00000002UL + +/* CKK_ECDSA and CKK_KEA are new for v2.0 */ /* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ #define CKK_ECDSA 0x00000003UL @@ -338,4 +370,5 @@ #define CKK_X9_42_DH 0x00000004UL #define CKK_KEA 0x00000005UL + #define CKK_GENERIC_SECRET 0x00000010UL #define CKK_RC2 0x00000011UL @@ -344,4 +377,6 @@ #define CKK_DES2 0x00000014UL #define CKK_DES3 0x00000015UL + +/* all these key types are new for v2.0 */ #define CKK_CAST 0x00000016UL #define CKK_CAST3 0x00000017UL @@ -356,10 +391,17 @@ #define CKK_CDMF 0x0000001EUL #define CKK_AES 0x0000001FUL + +/* BlowFish and TwoFish are new for v2.20 */ #define CKK_BLOWFISH 0x00000020UL #define CKK_TWOFISH 0x00000021UL + +/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ #define CKK_SECURID 0x00000022UL #define CKK_HOTP 0x00000023UL #define CKK_ACTI 0x00000024UL + +/* Camellia is new for PKCS #11 v2.20 amendment 3 */ #define CKK_CAMELLIA 0x00000025UL +/* ARIA is new for PKCS #11 v2.20 amendment 3 */ #define CKK_ARIA 0x00000026UL #define CKK_MD5_HMAC 0x00000027UL @@ -386,4 +428,6 @@ /* CK_CERTIFICATE_TYPE is a value that identifies a certificate * type */ +/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG + * for v2.0 */ typedef CK_ULONG CK_CERTIFICATE_TYPE; @@ -402,4 +446,6 @@ /* The following certificate types are defined: */ +/* CKC_X_509_ATTR_CERT is new for v2.10 */ +/* CKC_WTLS is new for v2.20 */ #define CKC_X_509 0x00000000UL #define CKC_X_509_ATTR_CERT 0x00000001UL @@ -410,4 +456,6 @@ /* CK_ATTRIBUTE_TYPE is a value that identifies an attribute * type */ +/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for + * v2.0 */ typedef CK_ULONG CK_ATTRIBUTE_TYPE; @@ -416,5 +464,6 @@ #define CKF_ARRAY_ATTRIBUTE 0x40000000UL -/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */ +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 + and relates to the CKA_OTP_FORMAT attribute */ #define CK_OTP_FORMAT_DECIMAL 0UL #define CK_OTP_FORMAT_HEXADECIMAL 1UL @@ -422,5 +471,6 @@ #define CK_OTP_FORMAT_BINARY 3UL -/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT attributes */ +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 + and relates to the CKA_OTP_..._REQUIREMENT attributes */ #define CK_OTP_PARAM_IGNORED 0UL #define CK_OTP_PARAM_OPTIONAL 1UL @@ -434,12 +484,23 @@ #define CKA_APPLICATION 0x00000010UL #define CKA_VALUE 0x00000011UL + +/* CKA_OBJECT_ID is new for v2.10 */ #define CKA_OBJECT_ID 0x00000012UL + #define CKA_CERTIFICATE_TYPE 0x00000080UL #define CKA_ISSUER 0x00000081UL #define CKA_SERIAL_NUMBER 0x00000082UL + +/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new + * for v2.10 */ #define CKA_AC_ISSUER 0x00000083UL #define CKA_OWNER 0x00000084UL #define CKA_ATTR_TYPES 0x00000085UL + +/* CKA_TRUSTED is new for v2.11 */ #define CKA_TRUSTED 0x00000086UL + +/* CKA_CERTIFICATE_CATEGORY ... + * CKA_CHECK_VALUE are new for v2.20 */ #define CKA_CERTIFICATE_CATEGORY 0x00000087UL #define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL @@ -477,15 +538,22 @@ #define CKA_BASE 0x00000132UL +/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ #define CKA_PRIME_BITS 0x00000133UL #define CKA_SUBPRIME_BITS 0x00000134UL -/* (To retain backwards-compatibility) */ #define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS +/* (To retain backwards-compatibility) */ #define CKA_VALUE_BITS 0x00000160UL #define CKA_VALUE_LEN 0x00000161UL + +/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, + * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, + * and CKA_EC_POINT are new for v2.0 */ #define CKA_EXTRACTABLE 0x00000162UL #define CKA_LOCAL 0x00000163UL #define CKA_NEVER_EXTRACTABLE 0x00000164UL #define CKA_ALWAYS_SENSITIVE 0x00000165UL + +/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ #define CKA_KEY_GEN_MECHANISM 0x00000166UL @@ -508,4 +576,6 @@ #define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */ +/* CKA_ALWAYS_AUTHENTICATE ... + * CKA_UNWRAP_TEMPLATE are new for v2.20 */ #define CKA_ALWAYS_AUTHENTICATE 0x00000202UL @@ -515,4 +585,5 @@ #define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL) +/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ #define CKA_OTP_FORMAT 0x00000220UL #define CKA_OTP_LENGTH 0x00000221UL @@ -534,8 +605,11 @@ #define CKA_GOST28147_PARAMS 0x00000252UL +/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET + * are new for v2.10 */ #define CKA_HW_FEATURE_TYPE 0x00000300UL #define CKA_RESET_ON_INIT 0x00000301UL #define CKA_HAS_RESET 0x00000302UL +/* The following attributes are new for v2.20 */ #define CKA_PIXEL_X 0x00000400UL #define CKA_PIXEL_Y 0x00000401UL @@ -561,4 +635,6 @@ CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; + + /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ CK_ULONG ulValueLen; /* in bytes */ } CK_ATTRIBUTE; @@ -577,4 +653,6 @@ /* CK_MECHANISM_TYPE is a value that identifies a mechanism * type */ +/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for + * v2.0 */ typedef CK_ULONG CK_MECHANISM_TYPE; @@ -585,12 +663,18 @@ #define CKM_RSA_X_509 0x00000003UL +/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS + * are new for v2.0. They are mechanisms which hash and sign */ #define CKM_MD2_RSA_PKCS 0x00000004UL #define CKM_MD5_RSA_PKCS 0x00000005UL #define CKM_SHA1_RSA_PKCS 0x00000006UL +/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and + * CKM_RSA_PKCS_OAEP are new for v2.10 */ #define CKM_RIPEMD128_RSA_PKCS 0x00000007UL #define CKM_RIPEMD160_RSA_PKCS 0x00000008UL #define CKM_RSA_PKCS_OAEP 0x00000009UL +/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, + * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ #define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL #define CKM_RSA_X9_31 0x0000000BUL @@ -618,4 +702,7 @@ #define CKM_DH_PKCS_DERIVE 0x00000021UL +/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, + * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for + * v2.11 */ #define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL #define CKM_X9_42_DH_DERIVE 0x00000031UL @@ -623,4 +710,5 @@ #define CKM_X9_42_MQV_DERIVE 0x00000033UL +/* CKM_SHA256/384/512 are new for v2.20 */ #define CKM_SHA256_RSA_PKCS 0x00000040UL #define CKM_SHA384_RSA_PKCS 0x00000041UL @@ -630,4 +718,5 @@ #define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224_RSA_PKCS 0x00000046UL #define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL @@ -638,4 +727,5 @@ #define CKM_RC2_MAC 0x00000103UL +/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ #define CKM_RC2_MAC_GENERAL 0x00000104UL #define CKM_RC2_CBC_PAD 0x00000105UL @@ -648,4 +738,5 @@ #define CKM_DES_MAC 0x00000123UL +/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ #define CKM_DES_MAC_GENERAL 0x00000124UL #define CKM_DES_CBC_PAD 0x00000125UL @@ -657,4 +748,7 @@ #define CKM_DES3_MAC 0x00000134UL +/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, + * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, + * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ #define CKM_DES3_MAC_GENERAL 0x00000135UL #define CKM_DES3_CBC_PAD 0x00000136UL @@ -668,4 +762,5 @@ #define CKM_CDMF_CBC_PAD 0x00000145UL +/* the following four DES mechanisms are new for v2.20 */ #define CKM_DES_OFB64 0x00000150UL #define CKM_DES_OFB8 0x00000151UL @@ -675,4 +770,5 @@ #define CKM_MD2 0x00000200UL +/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ #define CKM_MD2_HMAC 0x00000201UL #define CKM_MD2_HMAC_GENERAL 0x00000202UL @@ -680,4 +776,5 @@ #define CKM_MD5 0x00000210UL +/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ #define CKM_MD5_HMAC 0x00000211UL #define CKM_MD5_HMAC_GENERAL 0x00000212UL @@ -685,7 +782,11 @@ #define CKM_SHA_1 0x00000220UL +/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ #define CKM_SHA_1_HMAC 0x00000221UL #define CKM_SHA_1_HMAC_GENERAL 0x00000222UL +/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, + * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, + * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ #define CKM_RIPEMD128 0x00000230UL #define CKM_RIPEMD128_HMAC 0x00000231UL @@ -695,10 +796,14 @@ #define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL +/* CKM_SHA256/384/512 are new for v2.20 */ #define CKM_SHA256 0x00000250UL #define CKM_SHA256_HMAC 0x00000251UL #define CKM_SHA256_HMAC_GENERAL 0x00000252UL + +/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224 0x00000255UL #define CKM_SHA224_HMAC 0x00000256UL #define CKM_SHA224_HMAC_GENERAL 0x00000257UL + #define CKM_SHA384 0x00000260UL #define CKM_SHA384_HMAC 0x00000261UL @@ -707,8 +812,14 @@ #define CKM_SHA512_HMAC 0x00000271UL #define CKM_SHA512_HMAC_GENERAL 0x00000272UL + +/* SecurID is new for PKCS #11 v2.20 amendment 1 */ #define CKM_SECURID_KEY_GEN 0x00000280UL #define CKM_SECURID 0x00000282UL + +/* HOTP is new for PKCS #11 v2.20 amendment 1 */ #define CKM_HOTP_KEY_GEN 0x00000290UL #define CKM_HOTP 0x00000291UL + +/* ACTI is new for PKCS #11 v2.20 amendment 1 */ #define CKM_ACTI 0x000002A0UL #define CKM_ACTI_KEY_GEN 0x000002A1UL @@ -722,4 +833,6 @@ #define CKM_SHA512_256_HMAC_GENERAL 0x000002C2UL +/* All of the following mechanisms are new for v2.0 */ +/* Note that CAST128 and CAST5 are the same algorithm */ #define CKM_CAST_KEY_GEN 0x00000300UL #define CKM_CAST_ECB 0x00000301UL @@ -734,5 +847,4 @@ #define CKM_CAST3_MAC_GENERAL 0x00000314UL #define CKM_CAST3_CBC_PAD 0x00000315UL -/* Note that CAST128 and CAST5 are the same algorithm */ #define CKM_CAST5_KEY_GEN 0x00000320UL #define CKM_CAST128_KEY_GEN 0x00000320UL @@ -769,4 +881,7 @@ #define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL +/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, + * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and + * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ #define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL #define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL @@ -775,4 +890,6 @@ #define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL + +/* CKM_TLS_PRF is new for v2.20 */ #define CKM_TLS_PRF 0x00000378UL @@ -783,7 +900,10 @@ #define CKM_SHA1_KEY_DERIVATION 0x00000392UL +/* CKM_SHA256/384/512 are new for v2.20 */ #define CKM_SHA256_KEY_DERIVATION 0x00000393UL #define CKM_SHA384_KEY_DERIVATION 0x00000394UL #define CKM_SHA512_KEY_DERIVATION 0x00000395UL + +/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ #define CKM_SHA224_KEY_DERIVATION 0x00000396UL @@ -808,8 +928,10 @@ #define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL +/* CKM_PKCS5_PBKD2 is new for v2.10 */ #define CKM_PKCS5_PBKD2 0x000003B0UL #define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL +/* WTLS mechanisms are new for v2.20 */ #define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL #define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL @@ -832,12 +954,16 @@ #define CKM_KEY_WRAP_SET_OAEP 0x00000401UL +/* CKM_CMS_SIG is new for v2.20 */ #define CKM_CMS_SIG 0x00000500UL + /* new for v2.40 */ #define CKM_CMS_SIG_PARAMS 0x00000501UL +/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ #define CKM_KIP_DERIVE 0x00000510UL #define CKM_KIP_WRAP 0x00000511UL #define CKM_KIP_MAC 0x00000512UL +/* Camellia is new for PKCS #11 v2.20 amendment 3 */ #define CKM_CAMELLIA_KEY_GEN 0x00000550UL #define CKM_CAMELLIA_ECB 0x00000551UL @@ -850,4 +976,5 @@ #define CKM_CAMELLIA_CTR 0x00000558UL +/* ARIA is new for PKCS #11 v2.20 amendment 3 */ #define CKM_ARIA_KEY_GEN 0x00000560UL #define CKM_ARIA_ECB 0x00000561UL @@ -868,4 +995,5 @@ #define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL +/* Fortezza mechanisms */ #define CKM_SKIPJACK_KEY_GEN 0x00001000UL #define CKM_SKIPJACK_ECB64 0x00001001UL @@ -898,4 +1026,5 @@ #define CKM_ECDSA 0x00001041UL #define CKM_ECDSA_SHA1 0x00001042UL + #define CKM_ECDSA_SHA224 0x00001043UL #define CKM_ECDSA_SHA256 0x00001044UL @@ -903,4 +1032,6 @@ #define CKM_ECDSA_SHA512 0x00001046UL +/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE + * are new for v2.11 */ #define CKM_ECDH1_DERIVE 0x00001050UL #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL @@ -918,4 +1049,8 @@ #define CKM_FASTHASH 0x00001070UL +/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, + * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, + * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are + * new for v2.11 */ #define CKM_AES_KEY_GEN 0x00001080UL #define CKM_AES_ECB 0x00001081UL @@ -924,4 +1059,6 @@ #define CKM_AES_MAC_GENERAL 0x00001084UL #define CKM_AES_CBC_PAD 0x00001085UL + +/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ #define CKM_AES_CTR 0x00001086UL #define CKM_AES_GCM 0x00001087UL @@ -935,4 +1072,5 @@ #define CKM_AES_XCBC_MAC_96 0x0000108DUL +/* BlowFish and TwoFish are new for v2.20 */ #define CKM_BLOWFISH_KEY_GEN 0x00001090UL #define CKM_BLOWFISH_CBC 0x00001091UL @@ -942,4 +1080,5 @@ #define CKM_TWOFISH_CBC_PAD 0x00001095UL +/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ #define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL #define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL @@ -989,4 +1128,7 @@ CK_MECHANISM_TYPE mechanism; CK_VOID_PTR pParameter; + + /* ulParameterLen was changed from CK_USHORT to CK_ULONG for + * v2.0 */ CK_ULONG ulParameterLen; /* in bytes */ } CK_MECHANISM; @@ -1007,5 +1149,9 @@ #define CKF_HW 0x00000001UL /* performed by HW */ -/* Specify whether or not a mechanism can be used for a particular task */ +/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, + * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, + * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, + * and CKF_DERIVE are new for v2.0. They specify whether or not + * a mechanism can be used for a particular task */ #define CKF_ENCRYPT 0x00000100UL #define CKF_DECRYPT 0x00000200UL @@ -1021,5 +1167,7 @@ #define CKF_DERIVE 0x00080000UL -/* Describe a token's EC capabilities not available in mechanism +/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, + * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They + * describe a token's EC capabilities not available in mechanism * information. */ #define CKF_EC_F_P 0x00100000UL @@ -1037,4 +1185,5 @@ /* CK_RV is a value that identifies the return value of a * Cryptoki function */ +/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ typedef CK_ULONG CK_RV; @@ -1046,7 +1195,10 @@ /* CKR_FLAGS_INVALID was removed for v2.0 */ +/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ #define CKR_GENERAL_ERROR 0x00000005UL #define CKR_FUNCTION_FAILED 0x00000006UL +/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, + * and CKR_CANT_LOCK are new for v2.01 */ #define CKR_ARGUMENTS_BAD 0x00000007UL #define CKR_NO_EVENT 0x00000008UL @@ -1072,4 +1224,5 @@ #define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL +/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ #define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL @@ -1081,4 +1234,8 @@ #define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL +/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, + * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, + * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for + * v2.0 */ #define CKR_KEY_NOT_NEEDED 0x00000064UL #define CKR_KEY_CHANGED 0x00000065UL @@ -1101,4 +1258,5 @@ #define CKR_PIN_LEN_RANGE 0x000000A2UL +/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ #define CKR_PIN_EXPIRED 0x000000A3UL #define CKR_PIN_LOCKED 0x000000A4UL @@ -1111,4 +1269,6 @@ #define CKR_SESSION_EXISTS 0x000000B6UL +/* CKR_SESSION_READ_ONLY_EXISTS and + * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ #define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL #define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL @@ -1129,4 +1289,6 @@ #define CKR_USER_TYPE_INVALID 0x00000103UL +/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES + * are new to v2.01 */ #define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL #define CKR_USER_TOO_MANY_TYPES 0x00000105UL @@ -1139,6 +1301,8 @@ #define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL +/* These are new to v2.0 */ #define CKR_RANDOM_NO_RNG 0x00000121UL +/* These are new to v2.11 */ #define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL @@ -1146,4 +1310,5 @@ #define CKR_CURVE_NOT_SUPPORTED 0x00000140UL +/* These are new to v2.0 */ #define CKR_BUFFER_TOO_SMALL 0x00000150UL #define CKR_SAVED_STATE_INVALID 0x00000160UL @@ -1151,4 +1316,5 @@ #define CKR_STATE_UNSAVEABLE 0x00000180UL +/* These are new to v2.01 */ #define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL #define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL @@ -1156,4 +1322,5 @@ #define CKR_MUTEX_NOT_LOCKED 0x000001A1UL +/* The following return values are new for PKCS #11 v2.20 amendment 3 */ #define CKR_NEW_PIN_MODE 0x000001B0UL #define CKR_NEXT_OTP 0x000001B1UL @@ -1164,4 +1331,5 @@ #define CKR_PUBLIC_KEY_INVALID 0x000001B9UL +/* This is new to v2.20 */ #define CKR_FUNCTION_REJECTED 0x00000200UL @@ -1180,4 +1348,5 @@ * version and pointers of appropriate types to all the * Cryptoki functions */ +/* CK_FUNCTION_LIST is new for v2.0 */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; @@ -1239,5 +1408,5 @@ #define CKF_DONT_BLOCK 1 -/* +/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message * Generation Function (MGF) applied to a message block when @@ -1249,11 +1418,14 @@ /* The following MGFs are defined */ +/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 + * are new for v2.20 */ #define CKG_MGF1_SHA1 0x00000001UL #define CKG_MGF1_SHA256 0x00000002UL #define CKG_MGF1_SHA384 0x00000003UL #define CKG_MGF1_SHA512 0x00000004UL +/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ #define CKG_MGF1_SHA224 0x00000005UL -/* +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block @@ -1266,5 +1438,5 @@ #define CKZ_DATA_SPECIFIED 0x00000001UL -/* +/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the * CKM_RSA_PKCS_OAEP mechanism. */ @@ -1279,5 +1451,5 @@ typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; -/* +/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the * CKM_RSA_PKCS_PSS mechanism(s). */ @@ -1290,4 +1462,5 @@ typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; +/* CK_EC_KDF_TYPE is new for v2.11. */ typedef CK_ULONG CK_EC_KDF_TYPE; @@ -1304,6 +1477,5 @@ #define CKD_CPDIVERSIFY_KDF 0x00000009UL - -/* +/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. * CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, @@ -1321,5 +1493,5 @@ -/* +/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. * CK_ECDH2_DERIVE_PARAMS provides the parameters to the * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ @@ -1354,9 +1526,9 @@ /* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the - * CKM_X9_42_DH_PARAMETER_GEN mechanisms */ + * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; -/* +/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party @@ -1372,5 +1544,5 @@ typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; -/* +/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation @@ -1407,4 +1579,5 @@ /* CK_KEA_DERIVE_PARAMS provides the parameters to the * CKM_KEA_DERIVE mechanism */ +/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ typedef struct CK_KEA_DERIVE_PARAMS { CK_BBOOL isSender; @@ -1430,4 +1603,6 @@ * mechanism */ typedef struct CK_RC2_CBC_PARAMS { + /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for + * v2.0 */ CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ @@ -1440,4 +1615,5 @@ /* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the * CKM_RC2_MAC_GENERAL mechanism */ +/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ typedef struct CK_RC2_MAC_GENERAL_PARAMS { CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ @@ -1451,4 +1627,5 @@ /* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and * CKM_RC5_MAC mechanisms */ +/* CK_RC5_PARAMS is new for v2.0 */ typedef struct CK_RC5_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ @@ -1461,4 +1638,5 @@ /* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC * mechanism */ +/* CK_RC5_CBC_PARAMS is new for v2.0 */ typedef struct CK_RC5_CBC_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ @@ -1473,4 +1651,5 @@ /* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the * CKM_RC5_MAC_GENERAL mechanism */ +/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ typedef struct CK_RC5_MAC_GENERAL_PARAMS { CK_ULONG ulWordsize; /* wordsize in bits */ @@ -1486,8 +1665,10 @@ * ciphers' MAC_GENERAL mechanisms. Its value is the length of * the MAC */ +/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ typedef CK_ULONG CK_MAC_GENERAL_PARAMS; typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; +/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[8]; @@ -1508,4 +1689,5 @@ /* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ +/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { CK_ULONG ulPasswordLen; @@ -1528,4 +1710,5 @@ /* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the * CKM_SKIPJACK_RELAYX mechanism */ +/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ typedef struct CK_SKIPJACK_RELAYX_PARAMS { CK_ULONG ulOldWrappedXLen; @@ -1563,4 +1746,5 @@ /* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the * CKM_KEY_WRAP_SET_OAEP mechanism */ +/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { CK_BYTE bBC; /* block contents byte */ @@ -1613,4 +1797,5 @@ typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; +/* CK_TLS_PRF_PARAMS is new for version 2.20 */ typedef struct CK_TLS_PRF_PARAMS { CK_BYTE_PTR pSeed; @@ -1624,4 +1809,5 @@ typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; +/* WTLS is new for version 2.20 */ typedef struct CK_WTLS_RANDOM_DATA { CK_BYTE_PTR pClientRandom; @@ -1675,4 +1861,5 @@ typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; +/* CMS is new for version 2.20 */ typedef struct CK_CMS_SIG_PARAMS { CK_OBJECT_HANDLE certificateHandle; @@ -1701,9 +1888,10 @@ * of the base key should be used as the first bit of the * derived key */ +/* CK_EXTRACT_PARAMS is new for v2.0 */ typedef CK_ULONG CK_EXTRACT_PARAMS; typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; -/* +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to * indicate the Pseudo-Random Function (PRF) used to generate @@ -1713,4 +1901,5 @@ typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; +/* The following PRFs are defined in PKCS #5 v2.0. */ #define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL /* new for v2.40 */ @@ -1722,5 +1911,7 @@ #define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL -/* + + +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the * source of the salt value when deriving a key using PKCS #5 @@ -1767,4 +1958,5 @@ typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR; +/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */ typedef CK_ULONG CK_OTP_PARAM_TYPE; typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */ @@ -1792,4 +1984,5 @@ typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ #define CK_OTP_VALUE 0UL #define CK_OTP_PIN 1UL @@ -1801,4 +1994,5 @@ #define CK_OTP_OUTPUT_FORMAT 7UL +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ #define CKF_NEXT_OTP 0x00000001UL #define CKF_EXCLUDE_TIME 0x00000002UL @@ -1808,4 +2002,5 @@ #define CKF_USER_FRIENDLY_OTP 0x00000020UL +/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */ typedef struct CK_KIP_PARAMS { CK_MECHANISM_PTR pMechanism; @@ -1817,4 +2012,5 @@ typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; +/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_AES_CTR_PARAMS { CK_ULONG ulCounterBits; @@ -1846,4 +2042,5 @@ typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; +/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_CAMELLIA_CTR_PARAMS { CK_ULONG ulCounterBits; @@ -1853,4 +2050,5 @@ typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; +/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[16]; @@ -1861,4 +2059,5 @@ typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; +/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { CK_BYTE iv[16];
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]