[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Inconsistent/missing/unknown definitions in draft headers
I looked over the draft headers [0]. I noticed that at least the following inconsistencies that are present. In the process, I produced a diff of the headers, I noticed that many of the comments in the headers about which version of PKCS#11 introduced which comments were removed. If these were accidentally removed, then the attached diff restores them. Defined but not present in spec: * CKM_CMS_SIG_PARAMS * CKM_ECDSA_SHA224 * CKM_ECDSA_SHA256 * CKM_ECDSA_SHA384 * CKM_ECDSA_SHA512 * CK_DSA_PARAMETER_GEN_PARAMS Missing definitions from spec: * CKA_COPYABLE * CK_CERTIFICATE_CATEGORY * CKM_X9_42_DH_PKCS_PARAMETER_GEN * CK_DSA_PARAMETER_GEN_PARAM * CKM_SHA512_T * CKM_SHA512_T_HMAC * CKM_SHA512_T_HMAC_GENERAL The spec contains different definitions for: * CKK_SHA512_224_HMAC * CKK_SHA512_256_HMAC * CKK_SHA512_T_HMAC * CKM_DSA_SHA224 * CKM_DSA_SHA256 * CKM_DSA_SHA384 * CKM_DSA_SHA512 * CKM_DSA_FIPS_G_GEN * CKM_DSA_PROBABLISTIC_PARAMETER_GEN * CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN * CKM_SHA512_224 * CKM_SHA512_224_HMAC * CKM_SHA512_224_HMAC_GENERAL * CKM_SHA512_256 * CKM_SHA512_256_HMAC * CKM_SHA512_256_HMAC_GENERAL * CKM_SHA512_224_KEY_DERIVATION * CKM_SHA512_256_KEY_DERIVATION * CKM_SHA512_T_KEY_DERIVATION * CKM_TLS10_MAC_SERVER * CKM_TLS10_MAC_CLIENT * CKM_TLS12_MAC * CKM_RSA_AES_KEY_WRAP * CKR_EXCEEDED_MAX_ITERATIONS * CKR_FIPS_SELF_TEST_FAILED * CKR_LIBRARY_LOAD_FAILED * CKR_PIN_TOO_WEAK * CKR_PUBLIC_KEY_INVALID * CKM_AES_CMAC_GENERAL * CKM_AES_CTS Stef [0] https://www.oasis-open.org/apps/org/workgroup/pkcs11/download.php/54082/pkcs11t.h
--- pkcs11t.v240orig.h 2014-09-15 09:08:54.956521321 +0200
+++ pkcs11t.v240.h 2014-09-15 10:09:42.368890051 +0200
@@ -45,4 +45,5 @@
/* a signed value, the same size as a CK_ULONG */
+/* CK_LONG is new for v2.0 */
typedef long int CK_LONG;
@@ -86,4 +87,5 @@
CK_FLAGS flags; /* must be zero */
+ /* libraryDescription and libraryVersion are new for v2.0 */
CK_UTF8CHAR libraryDescription[32]; /* blank padded */
CK_VERSION libraryVersion; /* version of library */
@@ -95,6 +97,10 @@
/* CK_NOTIFICATION enumerates the types of notifications that
* Cryptoki provides to an application */
+/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG
+ * for v2.0 */
typedef CK_ULONG CK_NOTIFICATION;
#define CKN_SURRENDER 0UL
+
+/* The following notification is new for PKCS #11 v2.20 amendment 3 */
#define CKN_OTP_CHANGED 1UL
@@ -113,4 +119,5 @@
CK_FLAGS flags;
+ /* hardwareVersion and firmwareVersion are new for v2.0 */
CK_VERSION hardwareVersion; /* version of hardware */
CK_VERSION firmwareVersion; /* version of firmware */
@@ -137,4 +144,7 @@
CK_FLAGS flags; /* see below */
+ /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount,
+ * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been
+ * changed from CK_USHORT to CK_ULONG for v2.0 */
CK_ULONG ulMaxSessionCount; /* max open sessions */
CK_ULONG ulSessionCount; /* sess. now open */
@@ -147,4 +157,7 @@
CK_ULONG ulTotalPrivateMemory; /* in bytes */
CK_ULONG ulFreePrivateMemory; /* in bytes */
+
+ /* hardwareVersion, firmwareVersion, and time are new for
+ * v2.0 */
CK_VERSION hardwareVersion; /* version of hardware */
CK_VERSION firmwareVersion; /* version of firmware */
@@ -165,5 +178,5 @@
* PIN is set */
-/* CKF_RESTORE_KEY_NOT_NEEDED. If it is set,
+/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set,
* that means that *every* time the state of cryptographic
* operations of a session is successfully saved, all keys
@@ -171,15 +184,15 @@
#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020UL
-/* CKF_CLOCK_ON_TOKEN. If it is set, that means
+/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means
* that the token has some sort of clock. The time on that
* clock is returned in the token info structure */
#define CKF_CLOCK_ON_TOKEN 0x00000040UL
-/* CKF_PROTECTED_AUTHENTICATION_PATH. If it is
+/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is
* set, that means that there is some way for the user to login
* without sending a PIN through the Cryptoki library itself */
#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100UL
-/* CKF_DUAL_CRYPTO_OPERATIONS. If it is true,
+/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true,
* that means that a single session with the token can perform
* dual simultaneous cryptographic operations (digest and
@@ -188,5 +201,5 @@
#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200UL
-/* CKF_TOKEN_INITIALIZED. If it is true, the
+/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the
* token has been initialized using C_InitializeToken or an
* equivalent mechanism outside the scope of PKCS #11.
@@ -195,5 +208,5 @@
#define CKF_TOKEN_INITIALIZED 0x00000400UL
-/* CKF_SECONDARY_AUTHENTICATION. If it is
+/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is
* true, the token supports secondary authentication for
* private key objects. This flag is deprecated in v2.11 and
@@ -201,19 +214,19 @@
#define CKF_SECONDARY_AUTHENTICATION 0x00000800UL
-/* CKF_USER_PIN_COUNT_LOW. If it is true, an
+/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect user login PIN has been entered at least once
* since the last successful authentication. */
#define CKF_USER_PIN_COUNT_LOW 0x00010000UL
-/* CKF_USER_PIN_FINAL_TRY. If it is true,
+/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect user PIN will it to become locked. */
#define CKF_USER_PIN_FINAL_TRY 0x00020000UL
-/* CKF_USER_PIN_LOCKED. If it is true, the
+/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the
* user PIN has been locked. User login to the token is not
* possible. */
#define CKF_USER_PIN_LOCKED 0x00040000UL
-/* CKF_USER_PIN_TO_BE_CHANGED. If it is true,
+/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the user PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
@@ -221,10 +234,10 @@
#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000UL
-/* CKF_SO_PIN_COUNT_LOW. If it is true, an
+/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an
* incorrect SO login PIN has been entered at least once since
* the last successful authentication. */
#define CKF_SO_PIN_COUNT_LOW 0x00100000UL
-/* CKF_SO_PIN_FINAL_TRY. If it is true,
+/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true,
* supplying an incorrect SO PIN will it to become locked. */
#define CKF_SO_PIN_FINAL_TRY 0x00200000UL
@@ -235,5 +248,5 @@
#define CKF_SO_PIN_LOCKED 0x00400000UL
-/* CKF_SO_PIN_TO_BE_CHANGED. If it is true,
+/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true,
* the SO PIN value is the default value set by token
* initialization or manufacturing, or the PIN has been
@@ -241,4 +254,5 @@
#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000UL
+/* CKF_ERROR_STATE is new for v2.40 */
#define CKF_ERROR_STATE 0x01000000UL
@@ -254,4 +268,6 @@
/* CK_USER_TYPE enumerates the types of Cryptoki users */
+/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
typedef CK_ULONG CK_USER_TYPE;
/* Security Officer */
@@ -259,8 +275,10 @@
/* Normal user */
#define CKU_USER 1UL
-/* Context specific */
+/* Context specific (added in v2.20) */
#define CKU_CONTEXT_SPECIFIC 2UL
/* CK_STATE enumerates the session states */
+/* CK_STATE has been changed from an enum to a CK_ULONG for
+ * v2.0 */
typedef CK_ULONG CK_STATE;
#define CKS_RO_PUBLIC_SESSION 0UL
@@ -276,4 +294,7 @@
CK_STATE state;
CK_FLAGS flags; /* see below */
+
+ /* ulDeviceError was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
CK_ULONG ulDeviceError; /* device-dependent error code */
} CK_SESSION_INFO;
@@ -298,7 +319,12 @@
* types) of objects that Cryptoki recognizes. It is defined
* as follows: */
+/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
typedef CK_ULONG CK_OBJECT_CLASS;
/* The following classes of objects are defined: */
+/* CKO_HW_FEATURE is new for v2.10 */
+/* CKO_DOMAIN_PARAMETERS is new for v2.11 */
+/* CKO_MECHANISM is new for v2.20 */
#define CKO_DATA 0x00000000UL
#define CKO_CERTIFICATE 0x00000001UL
@@ -309,4 +335,6 @@
#define CKO_DOMAIN_PARAMETERS 0x00000006UL
#define CKO_MECHANISM 0x00000007UL
+
+/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */
#define CKO_OTP_KEY 0x00000008UL
@@ -315,5 +343,5 @@
typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR;
-/* CK_HW_FEATURE_TYPE is a
+/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a
* value that identifies the hardware feature type of an object
* with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */
@@ -321,4 +349,5 @@
/* The following hardware feature types are defined */
+/* CKH_USER_INTERFACE is new for v2.20 */
#define CKH_MONOTONIC_COUNTER 0x00000001UL
#define CKH_CLOCK 0x00000002UL
@@ -327,4 +356,5 @@
/* CK_KEY_TYPE is a value that identifies a key type */
+/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */
typedef CK_ULONG CK_KEY_TYPE;
@@ -333,4 +363,6 @@
#define CKK_DSA 0x00000001UL
#define CKK_DH 0x00000002UL
+
+/* CKK_ECDSA and CKK_KEA are new for v2.0 */
/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */
#define CKK_ECDSA 0x00000003UL
@@ -338,4 +370,5 @@
#define CKK_X9_42_DH 0x00000004UL
#define CKK_KEA 0x00000005UL
+
#define CKK_GENERIC_SECRET 0x00000010UL
#define CKK_RC2 0x00000011UL
@@ -344,4 +377,6 @@
#define CKK_DES2 0x00000014UL
#define CKK_DES3 0x00000015UL
+
+/* all these key types are new for v2.0 */
#define CKK_CAST 0x00000016UL
#define CKK_CAST3 0x00000017UL
@@ -356,10 +391,17 @@
#define CKK_CDMF 0x0000001EUL
#define CKK_AES 0x0000001FUL
+
+/* BlowFish and TwoFish are new for v2.20 */
#define CKK_BLOWFISH 0x00000020UL
#define CKK_TWOFISH 0x00000021UL
+
+/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */
#define CKK_SECURID 0x00000022UL
#define CKK_HOTP 0x00000023UL
#define CKK_ACTI 0x00000024UL
+
+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
#define CKK_CAMELLIA 0x00000025UL
+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
#define CKK_ARIA 0x00000026UL
#define CKK_MD5_HMAC 0x00000027UL
@@ -386,4 +428,6 @@
/* CK_CERTIFICATE_TYPE is a value that identifies a certificate
* type */
+/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG
+ * for v2.0 */
typedef CK_ULONG CK_CERTIFICATE_TYPE;
@@ -402,4 +446,6 @@
/* The following certificate types are defined: */
+/* CKC_X_509_ATTR_CERT is new for v2.10 */
+/* CKC_WTLS is new for v2.20 */
#define CKC_X_509 0x00000000UL
#define CKC_X_509_ATTR_CERT 0x00000001UL
@@ -410,4 +456,6 @@
/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute
* type */
+/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
typedef CK_ULONG CK_ATTRIBUTE_TYPE;
@@ -416,5 +464,6 @@
#define CKF_ARRAY_ATTRIBUTE 0x40000000UL
-/* The following OTP-related defines relate to the CKA_OTP_FORMAT attribute */
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
+ and relates to the CKA_OTP_FORMAT attribute */
#define CK_OTP_FORMAT_DECIMAL 0UL
#define CK_OTP_FORMAT_HEXADECIMAL 1UL
@@ -422,5 +471,6 @@
#define CK_OTP_FORMAT_BINARY 3UL
-/* The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT attributes */
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1
+ and relates to the CKA_OTP_..._REQUIREMENT attributes */
#define CK_OTP_PARAM_IGNORED 0UL
#define CK_OTP_PARAM_OPTIONAL 1UL
@@ -434,12 +484,23 @@
#define CKA_APPLICATION 0x00000010UL
#define CKA_VALUE 0x00000011UL
+
+/* CKA_OBJECT_ID is new for v2.10 */
#define CKA_OBJECT_ID 0x00000012UL
+
#define CKA_CERTIFICATE_TYPE 0x00000080UL
#define CKA_ISSUER 0x00000081UL
#define CKA_SERIAL_NUMBER 0x00000082UL
+
+/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new
+ * for v2.10 */
#define CKA_AC_ISSUER 0x00000083UL
#define CKA_OWNER 0x00000084UL
#define CKA_ATTR_TYPES 0x00000085UL
+
+/* CKA_TRUSTED is new for v2.11 */
#define CKA_TRUSTED 0x00000086UL
+
+/* CKA_CERTIFICATE_CATEGORY ...
+ * CKA_CHECK_VALUE are new for v2.20 */
#define CKA_CERTIFICATE_CATEGORY 0x00000087UL
#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL
@@ -477,15 +538,22 @@
#define CKA_BASE 0x00000132UL
+/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */
#define CKA_PRIME_BITS 0x00000133UL
#define CKA_SUBPRIME_BITS 0x00000134UL
-/* (To retain backwards-compatibility) */
#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS
+/* (To retain backwards-compatibility) */
#define CKA_VALUE_BITS 0x00000160UL
#define CKA_VALUE_LEN 0x00000161UL
+
+/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE,
+ * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS,
+ * and CKA_EC_POINT are new for v2.0 */
#define CKA_EXTRACTABLE 0x00000162UL
#define CKA_LOCAL 0x00000163UL
#define CKA_NEVER_EXTRACTABLE 0x00000164UL
#define CKA_ALWAYS_SENSITIVE 0x00000165UL
+
+/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
#define CKA_KEY_GEN_MECHANISM 0x00000166UL
@@ -508,4 +576,6 @@
#define CKA_AUTH_PIN_FLAGS 0x00000201UL /* Deprecated */
+/* CKA_ALWAYS_AUTHENTICATE ...
+ * CKA_UNWRAP_TEMPLATE are new for v2.20 */
#define CKA_ALWAYS_AUTHENTICATE 0x00000202UL
@@ -515,4 +585,5 @@
#define CKA_DERIVE_TEMPLATE (CKF_ARRAY_ATTRIBUTE|0x00000213UL)
+/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */
#define CKA_OTP_FORMAT 0x00000220UL
#define CKA_OTP_LENGTH 0x00000221UL
@@ -534,8 +605,11 @@
#define CKA_GOST28147_PARAMS 0x00000252UL
+/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET
+ * are new for v2.10 */
#define CKA_HW_FEATURE_TYPE 0x00000300UL
#define CKA_RESET_ON_INIT 0x00000301UL
#define CKA_HAS_RESET 0x00000302UL
+/* The following attributes are new for v2.20 */
#define CKA_PIXEL_X 0x00000400UL
#define CKA_PIXEL_Y 0x00000401UL
@@ -561,4 +635,6 @@
CK_ATTRIBUTE_TYPE type;
CK_VOID_PTR pValue;
+
+ /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */
CK_ULONG ulValueLen; /* in bytes */
} CK_ATTRIBUTE;
@@ -577,4 +653,6 @@
/* CK_MECHANISM_TYPE is a value that identifies a mechanism
* type */
+/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
typedef CK_ULONG CK_MECHANISM_TYPE;
@@ -585,12 +663,18 @@
#define CKM_RSA_X_509 0x00000003UL
+/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS
+ * are new for v2.0. They are mechanisms which hash and sign */
#define CKM_MD2_RSA_PKCS 0x00000004UL
#define CKM_MD5_RSA_PKCS 0x00000005UL
#define CKM_SHA1_RSA_PKCS 0x00000006UL
+/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and
+ * CKM_RSA_PKCS_OAEP are new for v2.10 */
#define CKM_RIPEMD128_RSA_PKCS 0x00000007UL
#define CKM_RIPEMD160_RSA_PKCS 0x00000008UL
#define CKM_RSA_PKCS_OAEP 0x00000009UL
+/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31,
+ * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */
#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL
#define CKM_RSA_X9_31 0x0000000BUL
@@ -618,4 +702,7 @@
#define CKM_DH_PKCS_DERIVE 0x00000021UL
+/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE,
+ * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for
+ * v2.11 */
#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030UL
#define CKM_X9_42_DH_DERIVE 0x00000031UL
@@ -623,4 +710,5 @@
#define CKM_X9_42_MQV_DERIVE 0x00000033UL
+/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256_RSA_PKCS 0x00000040UL
#define CKM_SHA384_RSA_PKCS 0x00000041UL
@@ -630,4 +718,5 @@
#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL
+/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224_RSA_PKCS 0x00000046UL
#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL
@@ -638,4 +727,5 @@
#define CKM_RC2_MAC 0x00000103UL
+/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */
#define CKM_RC2_MAC_GENERAL 0x00000104UL
#define CKM_RC2_CBC_PAD 0x00000105UL
@@ -648,4 +738,5 @@
#define CKM_DES_MAC 0x00000123UL
+/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */
#define CKM_DES_MAC_GENERAL 0x00000124UL
#define CKM_DES_CBC_PAD 0x00000125UL
@@ -657,4 +748,7 @@
#define CKM_DES3_MAC 0x00000134UL
+/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN,
+ * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC,
+ * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */
#define CKM_DES3_MAC_GENERAL 0x00000135UL
#define CKM_DES3_CBC_PAD 0x00000136UL
@@ -668,4 +762,5 @@
#define CKM_CDMF_CBC_PAD 0x00000145UL
+/* the following four DES mechanisms are new for v2.20 */
#define CKM_DES_OFB64 0x00000150UL
#define CKM_DES_OFB8 0x00000151UL
@@ -675,4 +770,5 @@
#define CKM_MD2 0x00000200UL
+/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */
#define CKM_MD2_HMAC 0x00000201UL
#define CKM_MD2_HMAC_GENERAL 0x00000202UL
@@ -680,4 +776,5 @@
#define CKM_MD5 0x00000210UL
+/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */
#define CKM_MD5_HMAC 0x00000211UL
#define CKM_MD5_HMAC_GENERAL 0x00000212UL
@@ -685,7 +782,11 @@
#define CKM_SHA_1 0x00000220UL
+/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */
#define CKM_SHA_1_HMAC 0x00000221UL
#define CKM_SHA_1_HMAC_GENERAL 0x00000222UL
+/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC,
+ * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC,
+ * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */
#define CKM_RIPEMD128 0x00000230UL
#define CKM_RIPEMD128_HMAC 0x00000231UL
@@ -695,10 +796,14 @@
#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242UL
+/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256 0x00000250UL
#define CKM_SHA256_HMAC 0x00000251UL
#define CKM_SHA256_HMAC_GENERAL 0x00000252UL
+
+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224 0x00000255UL
#define CKM_SHA224_HMAC 0x00000256UL
#define CKM_SHA224_HMAC_GENERAL 0x00000257UL
+
#define CKM_SHA384 0x00000260UL
#define CKM_SHA384_HMAC 0x00000261UL
@@ -707,8 +812,14 @@
#define CKM_SHA512_HMAC 0x00000271UL
#define CKM_SHA512_HMAC_GENERAL 0x00000272UL
+
+/* SecurID is new for PKCS #11 v2.20 amendment 1 */
#define CKM_SECURID_KEY_GEN 0x00000280UL
#define CKM_SECURID 0x00000282UL
+
+/* HOTP is new for PKCS #11 v2.20 amendment 1 */
#define CKM_HOTP_KEY_GEN 0x00000290UL
#define CKM_HOTP 0x00000291UL
+
+/* ACTI is new for PKCS #11 v2.20 amendment 1 */
#define CKM_ACTI 0x000002A0UL
#define CKM_ACTI_KEY_GEN 0x000002A1UL
@@ -722,4 +833,6 @@
#define CKM_SHA512_256_HMAC_GENERAL 0x000002C2UL
+/* All of the following mechanisms are new for v2.0 */
+/* Note that CAST128 and CAST5 are the same algorithm */
#define CKM_CAST_KEY_GEN 0x00000300UL
#define CKM_CAST_ECB 0x00000301UL
@@ -734,5 +847,4 @@
#define CKM_CAST3_MAC_GENERAL 0x00000314UL
#define CKM_CAST3_CBC_PAD 0x00000315UL
-/* Note that CAST128 and CAST5 are the same algorithm */
#define CKM_CAST5_KEY_GEN 0x00000320UL
#define CKM_CAST128_KEY_GEN 0x00000320UL
@@ -769,4 +881,7 @@
#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372UL
+/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN,
+ * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and
+ * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */
#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373UL
#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374UL
@@ -775,4 +890,6 @@
#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377UL
+
+/* CKM_TLS_PRF is new for v2.20 */
#define CKM_TLS_PRF 0x00000378UL
@@ -783,7 +900,10 @@
#define CKM_SHA1_KEY_DERIVATION 0x00000392UL
+/* CKM_SHA256/384/512 are new for v2.20 */
#define CKM_SHA256_KEY_DERIVATION 0x00000393UL
#define CKM_SHA384_KEY_DERIVATION 0x00000394UL
#define CKM_SHA512_KEY_DERIVATION 0x00000395UL
+
+/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */
#define CKM_SHA224_KEY_DERIVATION 0x00000396UL
@@ -808,8 +928,10 @@
#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL
+/* CKM_PKCS5_PBKD2 is new for v2.10 */
#define CKM_PKCS5_PBKD2 0x000003B0UL
#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL
+/* WTLS mechanisms are new for v2.20 */
#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL
#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL
@@ -832,12 +954,16 @@
#define CKM_KEY_WRAP_SET_OAEP 0x00000401UL
+/* CKM_CMS_SIG is new for v2.20 */
#define CKM_CMS_SIG 0x00000500UL
+
/* new for v2.40 */
#define CKM_CMS_SIG_PARAMS 0x00000501UL
+/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */
#define CKM_KIP_DERIVE 0x00000510UL
#define CKM_KIP_WRAP 0x00000511UL
#define CKM_KIP_MAC 0x00000512UL
+/* Camellia is new for PKCS #11 v2.20 amendment 3 */
#define CKM_CAMELLIA_KEY_GEN 0x00000550UL
#define CKM_CAMELLIA_ECB 0x00000551UL
@@ -850,4 +976,5 @@
#define CKM_CAMELLIA_CTR 0x00000558UL
+/* ARIA is new for PKCS #11 v2.20 amendment 3 */
#define CKM_ARIA_KEY_GEN 0x00000560UL
#define CKM_ARIA_ECB 0x00000561UL
@@ -868,4 +995,5 @@
#define CKM_SEED_CBC_ENCRYPT_DATA 0x00000657UL
+/* Fortezza mechanisms */
#define CKM_SKIPJACK_KEY_GEN 0x00001000UL
#define CKM_SKIPJACK_ECB64 0x00001001UL
@@ -898,4 +1026,5 @@
#define CKM_ECDSA 0x00001041UL
#define CKM_ECDSA_SHA1 0x00001042UL
+
#define CKM_ECDSA_SHA224 0x00001043UL
#define CKM_ECDSA_SHA256 0x00001044UL
@@ -903,4 +1032,6 @@
#define CKM_ECDSA_SHA512 0x00001046UL
+/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE
+ * are new for v2.11 */
#define CKM_ECDH1_DERIVE 0x00001050UL
#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL
@@ -918,4 +1049,8 @@
#define CKM_FASTHASH 0x00001070UL
+/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC,
+ * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN,
+ * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are
+ * new for v2.11 */
#define CKM_AES_KEY_GEN 0x00001080UL
#define CKM_AES_ECB 0x00001081UL
@@ -924,4 +1059,6 @@
#define CKM_AES_MAC_GENERAL 0x00001084UL
#define CKM_AES_CBC_PAD 0x00001085UL
+
+/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */
#define CKM_AES_CTR 0x00001086UL
#define CKM_AES_GCM 0x00001087UL
@@ -935,4 +1072,5 @@
#define CKM_AES_XCBC_MAC_96 0x0000108DUL
+/* BlowFish and TwoFish are new for v2.20 */
#define CKM_BLOWFISH_KEY_GEN 0x00001090UL
#define CKM_BLOWFISH_CBC 0x00001091UL
@@ -942,4 +1080,5 @@
#define CKM_TWOFISH_CBC_PAD 0x00001095UL
+/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */
#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100UL
#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101UL
@@ -989,4 +1128,7 @@
CK_MECHANISM_TYPE mechanism;
CK_VOID_PTR pParameter;
+
+ /* ulParameterLen was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
CK_ULONG ulParameterLen; /* in bytes */
} CK_MECHANISM;
@@ -1007,5 +1149,9 @@
#define CKF_HW 0x00000001UL /* performed by HW */
-/* Specify whether or not a mechanism can be used for a particular task */
+/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN,
+ * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER,
+ * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP,
+ * and CKF_DERIVE are new for v2.0. They specify whether or not
+ * a mechanism can be used for a particular task */
#define CKF_ENCRYPT 0x00000100UL
#define CKF_DECRYPT 0x00000200UL
@@ -1021,5 +1167,7 @@
#define CKF_DERIVE 0x00080000UL
-/* Describe a token's EC capabilities not available in mechanism
+/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE,
+ * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They
+ * describe a token's EC capabilities not available in mechanism
* information. */
#define CKF_EC_F_P 0x00100000UL
@@ -1037,4 +1185,5 @@
/* CK_RV is a value that identifies the return value of a
* Cryptoki function */
+/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */
typedef CK_ULONG CK_RV;
@@ -1046,7 +1195,10 @@
/* CKR_FLAGS_INVALID was removed for v2.0 */
+/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */
#define CKR_GENERAL_ERROR 0x00000005UL
#define CKR_FUNCTION_FAILED 0x00000006UL
+/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS,
+ * and CKR_CANT_LOCK are new for v2.01 */
#define CKR_ARGUMENTS_BAD 0x00000007UL
#define CKR_NO_EVENT 0x00000008UL
@@ -1072,4 +1224,5 @@
#define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL
+/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */
#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054UL
@@ -1081,4 +1234,8 @@
#define CKR_KEY_TYPE_INCONSISTENT 0x00000063UL
+/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED,
+ * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED,
+ * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for
+ * v2.0 */
#define CKR_KEY_NOT_NEEDED 0x00000064UL
#define CKR_KEY_CHANGED 0x00000065UL
@@ -1101,4 +1258,5 @@
#define CKR_PIN_LEN_RANGE 0x000000A2UL
+/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */
#define CKR_PIN_EXPIRED 0x000000A3UL
#define CKR_PIN_LOCKED 0x000000A4UL
@@ -1111,4 +1269,6 @@
#define CKR_SESSION_EXISTS 0x000000B6UL
+/* CKR_SESSION_READ_ONLY_EXISTS and
+ * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */
#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7UL
#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8UL
@@ -1129,4 +1289,6 @@
#define CKR_USER_TYPE_INVALID 0x00000103UL
+/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES
+ * are new to v2.01 */
#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104UL
#define CKR_USER_TOO_MANY_TYPES 0x00000105UL
@@ -1139,6 +1301,8 @@
#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120UL
+/* These are new to v2.0 */
#define CKR_RANDOM_NO_RNG 0x00000121UL
+/* These are new to v2.11 */
#define CKR_DOMAIN_PARAMS_INVALID 0x00000130UL
@@ -1146,4 +1310,5 @@
#define CKR_CURVE_NOT_SUPPORTED 0x00000140UL
+/* These are new to v2.0 */
#define CKR_BUFFER_TOO_SMALL 0x00000150UL
#define CKR_SAVED_STATE_INVALID 0x00000160UL
@@ -1151,4 +1316,5 @@
#define CKR_STATE_UNSAVEABLE 0x00000180UL
+/* These are new to v2.01 */
#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190UL
#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191UL
@@ -1156,4 +1322,5 @@
#define CKR_MUTEX_NOT_LOCKED 0x000001A1UL
+/* The following return values are new for PKCS #11 v2.20 amendment 3 */
#define CKR_NEW_PIN_MODE 0x000001B0UL
#define CKR_NEXT_OTP 0x000001B1UL
@@ -1164,4 +1331,5 @@
#define CKR_PUBLIC_KEY_INVALID 0x000001B9UL
+/* This is new to v2.20 */
#define CKR_FUNCTION_REJECTED 0x00000200UL
@@ -1180,4 +1348,5 @@
* version and pointers of appropriate types to all the
* Cryptoki functions */
+/* CK_FUNCTION_LIST is new for v2.0 */
typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST;
@@ -1239,5 +1408,5 @@
#define CKF_DONT_BLOCK 1
-/*
+/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message
* Generation Function (MGF) applied to a message block when
@@ -1249,11 +1418,14 @@
/* The following MGFs are defined */
+/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512
+ * are new for v2.20 */
#define CKG_MGF1_SHA1 0x00000001UL
#define CKG_MGF1_SHA256 0x00000002UL
#define CKG_MGF1_SHA384 0x00000003UL
#define CKG_MGF1_SHA512 0x00000004UL
+/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */
#define CKG_MGF1_SHA224 0x00000005UL
-/*
+/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10.
* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source
* of the encoding parameter when formatting a message block
@@ -1266,5 +1438,5 @@
#define CKZ_DATA_SPECIFIED 0x00000001UL
-/*
+/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10.
* CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the
* CKM_RSA_PKCS_OAEP mechanism. */
@@ -1279,5 +1451,5 @@
typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR;
-/*
+/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11.
* CK_RSA_PKCS_PSS_PARAMS provides the parameters to the
* CKM_RSA_PKCS_PSS mechanism(s). */
@@ -1290,4 +1462,5 @@
typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR;
+/* CK_EC_KDF_TYPE is new for v2.11. */
typedef CK_ULONG CK_EC_KDF_TYPE;
@@ -1304,6 +1477,5 @@
#define CKD_CPDIVERSIFY_KDF 0x00000009UL
-
-/*
+/* CK_ECDH1_DERIVE_PARAMS is new for v2.11.
* CK_ECDH1_DERIVE_PARAMS provides the parameters to the
* CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms,
@@ -1321,5 +1493,5 @@
-/*
+/* CK_ECDH2_DERIVE_PARAMS is new for v2.11.
* CK_ECDH2_DERIVE_PARAMS provides the parameters to the
* CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */
@@ -1354,9 +1526,9 @@
/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the
- * CKM_X9_42_DH_PARAMETER_GEN mechanisms */
+ * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */
typedef CK_ULONG CK_X9_42_DH_KDF_TYPE;
typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR;
-/*
+/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_DERIVE key derivation mechanism, where each party
@@ -1372,5 +1544,5 @@
typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR;
-/*
+/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11.
* CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the
* CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation
@@ -1407,4 +1579,5 @@
/* CK_KEA_DERIVE_PARAMS provides the parameters to the
* CKM_KEA_DERIVE mechanism */
+/* CK_KEA_DERIVE_PARAMS is new for v2.0 */
typedef struct CK_KEA_DERIVE_PARAMS {
CK_BBOOL isSender;
@@ -1430,4 +1603,6 @@
* mechanism */
typedef struct CK_RC2_CBC_PARAMS {
+ /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for
+ * v2.0 */
CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
@@ -1440,4 +1615,5 @@
/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC2_MAC_GENERAL mechanism */
+/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC2_MAC_GENERAL_PARAMS {
CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */
@@ -1451,4 +1627,5 @@
/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and
* CKM_RC5_MAC mechanisms */
+/* CK_RC5_PARAMS is new for v2.0 */
typedef struct CK_RC5_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
@@ -1461,4 +1638,5 @@
/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC
* mechanism */
+/* CK_RC5_CBC_PARAMS is new for v2.0 */
typedef struct CK_RC5_CBC_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
@@ -1473,4 +1651,5 @@
/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the
* CKM_RC5_MAC_GENERAL mechanism */
+/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */
typedef struct CK_RC5_MAC_GENERAL_PARAMS {
CK_ULONG ulWordsize; /* wordsize in bits */
@@ -1486,8 +1665,10 @@
* ciphers' MAC_GENERAL mechanisms. Its value is the length of
* the MAC */
+/* CK_MAC_GENERAL_PARAMS is new for v2.0 */
typedef CK_ULONG CK_MAC_GENERAL_PARAMS;
typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR;
+/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */
typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[8];
@@ -1508,4 +1689,5 @@
/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the
* CKM_SKIPJACK_PRIVATE_WRAP mechanism */
+/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS {
CK_ULONG ulPasswordLen;
@@ -1528,4 +1710,5 @@
/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the
* CKM_SKIPJACK_RELAYX mechanism */
+/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */
typedef struct CK_SKIPJACK_RELAYX_PARAMS {
CK_ULONG ulOldWrappedXLen;
@@ -1563,4 +1746,5 @@
/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the
* CKM_KEY_WRAP_SET_OAEP mechanism */
+/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */
typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS {
CK_BYTE bBC; /* block contents byte */
@@ -1613,4 +1797,5 @@
typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR;
+/* CK_TLS_PRF_PARAMS is new for version 2.20 */
typedef struct CK_TLS_PRF_PARAMS {
CK_BYTE_PTR pSeed;
@@ -1624,4 +1809,5 @@
typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR;
+/* WTLS is new for version 2.20 */
typedef struct CK_WTLS_RANDOM_DATA {
CK_BYTE_PTR pClientRandom;
@@ -1675,4 +1861,5 @@
typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR;
+/* CMS is new for version 2.20 */
typedef struct CK_CMS_SIG_PARAMS {
CK_OBJECT_HANDLE certificateHandle;
@@ -1701,9 +1888,10 @@
* of the base key should be used as the first bit of the
* derived key */
+/* CK_EXTRACT_PARAMS is new for v2.0 */
typedef CK_ULONG CK_EXTRACT_PARAMS;
typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR;
-/*
+/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10.
* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to
* indicate the Pseudo-Random Function (PRF) used to generate
@@ -1713,4 +1901,5 @@
typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR;
+/* The following PRFs are defined in PKCS #5 v2.0. */
#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001UL
/* new for v2.40 */
@@ -1722,5 +1911,7 @@
#define CKP_PKCS5_PBKD2_HMAC_SHA512_256 0x00000008UL
-/*
+
+
+/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10.
* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the
* source of the salt value when deriving a key using PKCS #5
@@ -1767,4 +1958,5 @@
typedef CK_PKCS5_PBKD2_PARAMS2 CK_PTR CK_PKCS5_PBKD2_PARAMS2_PTR;
+/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */
typedef CK_ULONG CK_OTP_PARAM_TYPE;
typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */
@@ -1792,4 +1984,5 @@
typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR;
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
#define CK_OTP_VALUE 0UL
#define CK_OTP_PIN 1UL
@@ -1801,4 +1994,5 @@
#define CK_OTP_OUTPUT_FORMAT 7UL
+/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */
#define CKF_NEXT_OTP 0x00000001UL
#define CKF_EXCLUDE_TIME 0x00000002UL
@@ -1808,4 +2002,5 @@
#define CKF_USER_FRIENDLY_OTP 0x00000020UL
+/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */
typedef struct CK_KIP_PARAMS {
CK_MECHANISM_PTR pMechanism;
@@ -1817,4 +2012,5 @@
typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR;
+/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_AES_CTR_PARAMS {
CK_ULONG ulCounterBits;
@@ -1846,4 +2042,5 @@
typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR;
+/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_CAMELLIA_CTR_PARAMS {
CK_ULONG ulCounterBits;
@@ -1853,4 +2050,5 @@
typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR;
+/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[16];
@@ -1861,4 +2059,5 @@
typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR;
+/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */
typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS {
CK_BYTE iv[16];
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]