From 2493766e7302616b701176243a3cbb82705ce735 Mon Sep 17 00:00:00 2001 From: Alexandru Placinta Date: Sat, 28 Feb 2026 21:54:22 +0100 Subject: [PATCH] Add sfnt thales extensions --- .../aarch64-apple-darwin.rs | 1888 +++++++++++++++++ cryptoki-sys/vendor/pkcs11.h | 4 + .../vendor/thales-safenet/cryptoki_v2.h | 1040 +++++++++ cryptoki-sys/vendor/thales-safenet/pkcs11.h | 291 +++ cryptoki-sys/vendor/thales-safenet/pkcs11f.h | 765 +++++++ cryptoki-sys/vendor/thales-safenet/pkcs11t.h | 1846 ++++++++++++++++ .../vendor/thales-safenet/sfnt_extensions.h | 1563 ++++++++++++++ 7 files changed, 7397 insertions(+) create mode 100644 cryptoki-sys/src/thales-safenet-extension/aarch64-apple-darwin.rs create mode 100644 cryptoki-sys/vendor/thales-safenet/cryptoki_v2.h create mode 100644 cryptoki-sys/vendor/thales-safenet/pkcs11.h create mode 100644 cryptoki-sys/vendor/thales-safenet/pkcs11f.h create mode 100644 cryptoki-sys/vendor/thales-safenet/pkcs11t.h create mode 100644 cryptoki-sys/vendor/thales-safenet/sfnt_extensions.h diff --git a/cryptoki-sys/src/thales-safenet-extension/aarch64-apple-darwin.rs b/cryptoki-sys/src/thales-safenet-extension/aarch64-apple-darwin.rs new file mode 100644 index 00000000..61d9e2fd --- /dev/null +++ b/cryptoki-sys/src/thales-safenet-extension/aarch64-apple-darwin.rs @@ -0,0 +1,1888 @@ +/* automatically generated by rust-bindgen 0.72.1 */ + +pub type CK_BYTE = ::std::os::raw::c_uchar; +pub type CK_CHAR = CK_BYTE; +pub type CK_BBOOL = CK_BYTE; +pub type CK_ULONG = ::std::os::raw::c_ulong; +pub type CK_FLAGS = CK_ULONG; +pub type CK_BYTE_PTR = *mut CK_BYTE; +pub type CK_CHAR_PTR = *mut CK_CHAR; +pub type CK_ULONG_PTR = *mut CK_ULONG; +pub type CK_VOID_PTR = *mut ::std::os::raw::c_void; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_VERSION { + pub major: CK_BYTE, + pub minor: CK_BYTE, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_VERSION"][::std::mem::size_of::() - 2usize]; + ["Alignment of CK_VERSION"][::std::mem::align_of::() - 1usize]; + ["Offset of field: CK_VERSION::major"][::std::mem::offset_of!(CK_VERSION, major) - 0usize]; + ["Offset of field: CK_VERSION::minor"][::std::mem::offset_of!(CK_VERSION, minor) - 1usize]; +}; +pub type CK_NOTIFICATION = CK_ULONG; +pub type CK_SLOT_ID = CK_ULONG; +pub type CK_SLOT_ID_PTR = *mut CK_SLOT_ID; +pub type CK_SESSION_HANDLE = CK_ULONG; +pub type CK_SESSION_HANDLE_PTR = *mut CK_SESSION_HANDLE; +pub type CK_USER_TYPE = CK_ULONG; +pub type CK_OBJECT_HANDLE = CK_ULONG; +pub type CK_OBJECT_HANDLE_PTR = *mut CK_OBJECT_HANDLE; +pub type CK_ATTRIBUTE_TYPE = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_ATTRIBUTE { + pub type_: CK_ATTRIBUTE_TYPE, + pub pValue: CK_VOID_PTR, + pub usValueLen: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_ATTRIBUTE"][::std::mem::size_of::() - 24usize]; + ["Alignment of CK_ATTRIBUTE"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_ATTRIBUTE::type_"][::std::mem::offset_of!(CK_ATTRIBUTE, type_) - 0usize]; + ["Offset of field: CK_ATTRIBUTE::pValue"] + [::std::mem::offset_of!(CK_ATTRIBUTE, pValue) - 8usize]; + ["Offset of field: CK_ATTRIBUTE::usValueLen"] + [::std::mem::offset_of!(CK_ATTRIBUTE, usValueLen) - 16usize]; +}; +pub type CK_ATTRIBUTE_PTR = *mut CK_ATTRIBUTE; +pub type CK_MECHANISM_TYPE = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_MECHANISM { + pub mechanism: CK_MECHANISM_TYPE, + pub pParameter: CK_VOID_PTR, + pub usParameterLen: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_MECHANISM"][::std::mem::size_of::() - 24usize]; + ["Alignment of CK_MECHANISM"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_MECHANISM::mechanism"] + [::std::mem::offset_of!(CK_MECHANISM, mechanism) - 0usize]; + ["Offset of field: CK_MECHANISM::pParameter"] + [::std::mem::offset_of!(CK_MECHANISM, pParameter) - 8usize]; + ["Offset of field: CK_MECHANISM::usParameterLen"] + [::std::mem::offset_of!(CK_MECHANISM, usParameterLen) - 16usize]; +}; +pub type CK_MECHANISM_PTR = *mut CK_MECHANISM; +pub type CK_RV = CK_ULONG; +pub type CK_NOTIFY = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + event: CK_NOTIFICATION, + pApplication: CK_VOID_PTR, + ) -> CK_RV, +>; +#[doc = "\\\n\n M of N\n\n\\"] +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CA_MOFN_GENERATION { + pub ulWeight: CK_ULONG, + pub pVector: CK_BYTE_PTR, + pub ulVectorLen: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CA_MOFN_GENERATION"][::std::mem::size_of::() - 24usize]; + ["Alignment of CA_MOFN_GENERATION"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CA_MOFN_GENERATION::ulWeight"] + [::std::mem::offset_of!(CA_MOFN_GENERATION, ulWeight) - 0usize]; + ["Offset of field: CA_MOFN_GENERATION::pVector"] + [::std::mem::offset_of!(CA_MOFN_GENERATION, pVector) - 8usize]; + ["Offset of field: CA_MOFN_GENERATION::ulVectorLen"] + [::std::mem::offset_of!(CA_MOFN_GENERATION, ulVectorLen) - 16usize]; +}; +pub type CA_MOFN_GENERATION_PTR = *mut CA_MOFN_GENERATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CA_MOFN_ACTIVATION { + pub pVector: CK_BYTE_PTR, + pub ulVectorLen: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CA_MOFN_ACTIVATION"][::std::mem::size_of::() - 16usize]; + ["Alignment of CA_MOFN_ACTIVATION"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CA_MOFN_ACTIVATION::pVector"] + [::std::mem::offset_of!(CA_MOFN_ACTIVATION, pVector) - 0usize]; + ["Offset of field: CA_MOFN_ACTIVATION::ulVectorLen"] + [::std::mem::offset_of!(CA_MOFN_ACTIVATION, ulVectorLen) - 8usize]; +}; +pub type CA_MOFN_ACTIVATION_PTR = *mut CA_MOFN_ACTIVATION; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CA_M_OF_N_STATUS { + pub ulID: CK_ULONG, + pub ulM: CK_ULONG, + pub ulN: CK_ULONG, + pub ulSecretSize: CK_ULONG, + pub ulFlag: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CA_M_OF_N_STATUS"][::std::mem::size_of::() - 40usize]; + ["Alignment of CA_M_OF_N_STATUS"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CA_M_OF_N_STATUS::ulID"] + [::std::mem::offset_of!(CA_M_OF_N_STATUS, ulID) - 0usize]; + ["Offset of field: CA_M_OF_N_STATUS::ulM"] + [::std::mem::offset_of!(CA_M_OF_N_STATUS, ulM) - 8usize]; + ["Offset of field: CA_M_OF_N_STATUS::ulN"] + [::std::mem::offset_of!(CA_M_OF_N_STATUS, ulN) - 16usize]; + ["Offset of field: CA_M_OF_N_STATUS::ulSecretSize"] + [::std::mem::offset_of!(CA_M_OF_N_STATUS, ulSecretSize) - 24usize]; + ["Offset of field: CA_M_OF_N_STATUS::ulFlag"] + [::std::mem::offset_of!(CA_M_OF_N_STATUS, ulFlag) - 32usize]; +}; +pub type CA_MOFN_STATUS = CA_M_OF_N_STATUS; +pub type CA_MOFN_STATUS_PTR = *mut CA_MOFN_STATUS; +#[doc = "\\\n\n Custom module loading and management\n\n\\"] +pub type CKCA_MODULE_ID = CK_ULONG; +pub type CKCA_MODULE_ID_PTR = *mut CKCA_MODULE_ID; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CKCA_MODULE_INFO { + pub ulModuleSize: CK_ULONG, + pub developerName: [CK_CHAR; 32usize], + pub moduleDescription: [CK_CHAR; 32usize], + pub moduleVersion: CK_VERSION, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CKCA_MODULE_INFO"][::std::mem::size_of::() - 80usize]; + ["Alignment of CKCA_MODULE_INFO"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CKCA_MODULE_INFO::ulModuleSize"] + [::std::mem::offset_of!(CKCA_MODULE_INFO, ulModuleSize) - 0usize]; + ["Offset of field: CKCA_MODULE_INFO::developerName"] + [::std::mem::offset_of!(CKCA_MODULE_INFO, developerName) - 8usize]; + ["Offset of field: CKCA_MODULE_INFO::moduleDescription"] + [::std::mem::offset_of!(CKCA_MODULE_INFO, moduleDescription) - 40usize]; + ["Offset of field: CKCA_MODULE_INFO::moduleVersion"] + [::std::mem::offset_of!(CKCA_MODULE_INFO, moduleVersion) - 72usize]; +}; +pub type CKCA_MODULE_INFO_PTR = *mut CKCA_MODULE_INFO; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_HA_MEMBER { + pub memberSerial: CK_ULONG, + pub memberStatus: CK_RV, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_HA_MEMBER"][::std::mem::size_of::() - 16usize]; + ["Alignment of CK_HA_MEMBER"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_HA_MEMBER::memberSerial"] + [::std::mem::offset_of!(CK_HA_MEMBER, memberSerial) - 0usize]; + ["Offset of field: CK_HA_MEMBER::memberStatus"] + [::std::mem::offset_of!(CK_HA_MEMBER, memberStatus) - 8usize]; +}; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_HA_STATUS { + pub groupSerial: CK_ULONG, + pub memberList: [CK_HA_MEMBER; 32usize], + pub listSize: CK_ULONG, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_HA_STATUS"][::std::mem::size_of::() - 528usize]; + ["Alignment of CK_HA_STATUS"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_HA_STATUS::groupSerial"] + [::std::mem::offset_of!(CK_HA_STATUS, groupSerial) - 0usize]; + ["Offset of field: CK_HA_STATUS::memberList"] + [::std::mem::offset_of!(CK_HA_STATUS, memberList) - 8usize]; + ["Offset of field: CK_HA_STATUS::listSize"] + [::std::mem::offset_of!(CK_HA_STATUS, listSize) - 520usize]; +}; +pub type CK_HA_STATE_PTR = *mut CK_HA_STATUS; +pub type CKA_SIM_AUTH_FORM = CK_ULONG; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_CLUSTER_STATE { + pub bMembers: [[CK_BYTE; 32usize]; 8usize], + pub ulMemberStatus: [CK_ULONG; 8usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_CLUSTER_STATE"][::std::mem::size_of::() - 320usize]; + ["Alignment of CK_CLUSTER_STATE"][::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_CLUSTER_STATE::bMembers"] + [::std::mem::offset_of!(CK_CLUSTER_STATE, bMembers) - 0usize]; + ["Offset of field: CK_CLUSTER_STATE::ulMemberStatus"] + [::std::mem::offset_of!(CK_CLUSTER_STATE, ulMemberStatus) - 256usize]; +}; +pub type CK_CLUSTER_STATE_PTR = *mut CK_CLUSTER_STATE; +#[repr(C)] +#[derive(Debug, Copy, Clone)] +pub struct CK_LKM_TOKEN_ID_S { + pub id: [CK_BYTE; 20usize], +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_LKM_TOKEN_ID_S"][::std::mem::size_of::() - 20usize]; + ["Alignment of CK_LKM_TOKEN_ID_S"][::std::mem::align_of::() - 1usize]; + ["Offset of field: CK_LKM_TOKEN_ID_S::id"] + [::std::mem::offset_of!(CK_LKM_TOKEN_ID_S, id) - 0usize]; +}; +pub type CK_LKM_TOKEN_ID = CK_LKM_TOKEN_ID_S; +pub type CK_LKM_TOKEN_ID_PTR = *mut CK_LKM_TOKEN_ID; +pub type CK_SFNT_CA_FUNCTION_LIST_PTR = *mut CK_SFNT_CA_FUNCTION_LIST; +pub type CK_SFNT_CA_FUNCTION_LIST_PTR_PTR = *mut CK_SFNT_CA_FUNCTION_LIST_PTR; +pub type CK_CA_GetFunctionList = ::std::option::Option< + unsafe extern "C" fn(ppSfntFunctionList: CK_SFNT_CA_FUNCTION_LIST_PTR_PTR) -> CK_RV, +>; +pub type CK_CA_WaitForSlotEvent = ::std::option::Option< + unsafe extern "C" fn( + flags: CK_FLAGS, + history: *mut CK_ULONG, + pSlot: CK_SLOT_ID_PTR, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_InitIndirectToken = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pPin: CK_CHAR_PTR, + usPinLen: CK_ULONG, + pLabel: CK_CHAR_PTR, + hPrimarySession: CK_SESSION_HANDLE, + ) -> CK_RV, +>; +pub type CK_CA_InitIndirectPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPin: CK_CHAR_PTR, + usPinLen: CK_ULONG, + hPrimarySession: CK_SESSION_HANDLE, + ) -> CK_RV, +>; +pub type CK_CA_ResetPIN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pPin: CK_CHAR_PTR, + usPinLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_CreateLoginChallenge = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + ulChallengeDataSize: CK_ULONG, + pChallengeData: CK_CHAR_PTR, + ulOutputDataSize: CK_ULONG_PTR, + pOutputData: CK_CHAR_PTR, + ) -> CK_RV, +>; +pub type CK_CA_Deactivate = ::std::option::Option< + unsafe extern "C" fn(slotId: CK_SLOT_ID, userType: CK_USER_TYPE) -> CK_RV, +>; +pub type CK_CA_OpenSession = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + flags: CK_FLAGS, + pApplication: CK_VOID_PTR, + Notify: CK_NOTIFY, + phSession: CK_SESSION_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_IndirectLogin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + hPrimarySession: CK_SESSION_HANDLE, + ) -> CK_RV, +>; +pub type CK_CA_InitializeRemotePEDVector = + ::std::option::Option CK_RV>; +pub type CK_CA_LogVerify = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTextMsgs: CK_BYTE_PTR, + ulMsgCount: CK_ULONG, + bChainToHSM: CK_ULONG, + pulNumVerified: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LogVerifyFile = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pFileName: CK_CHAR_PTR, + ulNumVerified: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LogExternal = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + hSession: CK_SESSION_HANDLE, + pStr: CK_CHAR_PTR, + ulLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_LogImportSecret = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pStr: CK_BYTE_PTR) -> CK_RV, +>; +pub type CK_CA_LogExportSecret = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pStr: CK_BYTE_PTR) -> CK_RV, +>; +pub type CK_CA_DeleteRemotePEDVector = + ::std::option::Option CK_RV>; +pub type CK_CA_ConfigureRemotePED = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pHostName: CK_CHAR_PTR, + ulPort: CK_ULONG, + pulPedId: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_DismantleRemotePED = + ::std::option::Option CK_RV>; +pub type CK_CA_LogSetConfig = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + mask: CK_ULONG, + logRotateOffset: CK_ULONG, + logRotateInterval: CK_ULONG, + maxLogSize: CK_ULONG, + pLogPath: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LogGetconfig = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + mask: *mut CK_ULONG, + logRotateOffset: *mut CK_ULONG, + logRotateInterval: *mut CK_ULONG, + maxLogSize: *mut CK_ULONG, + pLogPath: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LogEraseAll = + ::std::option::Option CK_RV>; +pub type CK_CA_LogGetStatus = ::std::option::Option< + unsafe extern "C" fn( + slotId: CK_SLOT_ID, + auditInitStatus: *mut CK_ULONG, + lastPollResult: *mut CK_ULONG, + lastSetConfigResult: *mut CK_ULONG, + isConfigInParamArea: *mut CK_ULONG, + numRecordsInFlash: *mut CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_GetRemotePEDVectorStatus = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pulStatus: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_Restart = ::std::option::Option CK_RV>; +pub type CK_CA_RestartForContainer = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, ulContainerNumber: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_CloseApplicationID = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, ulHigh: CK_ULONG, ulLow: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_CloseApplicationIDForContainer = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulHigh: CK_ULONG, + ulLow: CK_ULONG, + ulContainerNumber: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_OpenApplicationID = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, ulHigh: CK_ULONG, ulLow: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_OpenApplicationIDForContainer = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulHigh: CK_ULONG, + ulLow: CK_ULONG, + ulContainerNumber: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetApplicationID = + ::std::option::Option CK_RV>; +pub type CK_CA_ManualKCV = + ::std::option::Option CK_RV>; +pub type CK_CA_SetLKCV = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pLegacyCloningDomainString: CK_BYTE_PTR, + ulLegacyCloningDomainStringLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetKCV = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pCloningDomainString: CK_BYTE_PTR, + ulCloningDomainStringLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetCloningDomain = ::std::option::Option< + unsafe extern "C" fn( + pCloningDomainString: CK_BYTE_PTR, + ulCloningDomainStringLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_ClonePrivateKey = ::std::option::Option< + unsafe extern "C" fn( + hTargetSession: CK_SESSION_HANDLE, + hSourceSession: CK_SESSION_HANDLE, + hObjectToCloneHandle: CK_OBJECT_HANDLE, + phClonedKey: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneObject = ::std::option::Option< + unsafe extern "C" fn( + hTargetSession: CK_SESSION_HANDLE, + hSourceSession: CK_SESSION_HANDLE, + ulObjectType: CK_ULONG, + hObjectHandle: CK_OBJECT_HANDLE, + phClonedObject: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GenerateCloningKEV = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pKEV: CK_BYTE_PTR, + pulKEVSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneAsTargetInit = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTWC: CK_BYTE_PTR, + ulTWCSize: CK_ULONG, + pKEV: CK_BYTE_PTR, + ulKEVSize: CK_ULONG, + bReplicate: CK_BBOOL, + pPart1: CK_BYTE_PTR, + pulPart1Size: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneAsSource = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hType: CK_ULONG, + hHandle: CK_ULONG, + pPart1: CK_BYTE_PTR, + ulPart1Size: CK_ULONG, + bReplicate: CK_BBOOL, + pPart2: CK_BYTE_PTR, + pulPart2Size: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneAsTarget = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pKEV: CK_BYTE_PTR, + ulKEVSize: CK_ULONG, + pPart2: CK_BYTE_PTR, + ulPart2Size: CK_ULONG, + hType: CK_ULONG, + hHandle: CK_ULONG, + bReplicate: CK_BBOOL, + phClonedHandle: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetMofN = ::std::option::Option CK_RV>; +pub type CK_CA_GenerateMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulM: CK_ULONG, + pVectors: CA_MOFN_GENERATION_PTR, + ulVectorCount: CK_ULONG, + isSecurePortUsed: CK_ULONG, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GenerateCloneableMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulM: CK_ULONG, + pVectors: CA_MOFN_GENERATION_PTR, + ulVectorCount: CK_ULONG, + isSecurePortUsed: CK_ULONG, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_ModifyMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulM: CK_ULONG, + pVectors: CA_MOFN_GENERATION_PTR, + ulVectorCount: CK_ULONG, + isSecurePortUsed: CK_ULONG, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hPrimarySession: CK_SESSION_HANDLE, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_CloneModifyMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hPrimarySession: CK_SESSION_HANDLE, + pReserved: CK_VOID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_ActivateMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pVectors: CA_MOFN_ACTIVATION_PTR, + ulVectorCount: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_DeactivateMofN = + ::std::option::Option CK_RV>; +pub type CK_CA_GetMofNStatus = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pMofNStatus: CA_MOFN_STATUS_PTR) -> CK_RV, +>; +pub type CK_CA_DuplicateMofN = + ::std::option::Option CK_RV>; +pub type CK_CA_IsMofNEnabled = + ::std::option::Option CK_RV>; +pub type CK_CA_IsMofNRequired = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, required: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_GenerateTokenKeys = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pTemplate: CK_ATTRIBUTE_PTR, + usTemplateLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_GetTokenCertificateInfo = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulAccessLevel: CK_ULONG, + pCertificate: CK_BYTE_PTR, + pulCertificateLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetTokenCertificateSignature = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulAccessLevel: CK_ULONG, + ulCustomerId: CK_ULONG, + pPublicTemplate: CK_ATTRIBUTE_PTR, + usPublicTemplateLen: CK_ULONG, + pSignature: CK_BYTE_PTR, + ulSignatureLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_GetModuleList = ::std::option::Option< + unsafe extern "C" fn( + slotId: CK_SLOT_ID, + pList: CKCA_MODULE_ID_PTR, + ulListLen: CK_ULONG, + pulReturnedSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetModuleInfo = ::std::option::Option< + unsafe extern "C" fn( + slotId: CK_SLOT_ID, + moduleId: CKCA_MODULE_ID, + pInfo: CKCA_MODULE_INFO_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LoadModule = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pModuleCode: CK_BYTE_PTR, + ulModuleCodeSize: CK_ULONG, + pModuleSignature: CK_BYTE_PTR, + ulModuleSignatureSize: CK_ULONG, + pCertificate: CK_BYTE_PTR, + ulCertificateSize: CK_ULONG, + pControlData: CK_BYTE_PTR, + ulControlDataSize: CK_ULONG, + pModuleId: CKCA_MODULE_ID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LoadEncryptedModule = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hKey: CK_OBJECT_HANDLE, + pIv: CK_BYTE_PTR, + ulIvLen: CK_ULONG, + pModuleCode: CK_BYTE_PTR, + ulModuleCodeSize: CK_ULONG, + pModuleSignature: CK_BYTE_PTR, + ulModuleSignatureSize: CK_ULONG, + pCertificate: CK_BYTE_PTR, + ulCertificateSize: CK_ULONG, + pModuleId: CKCA_MODULE_ID_PTR, + ) -> CK_RV, +>; +pub type CK_CA_UnloadModule = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, moduleId: CKCA_MODULE_ID) -> CK_RV, +>; +pub type CK_CA_PerformModuleCall = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + moduleId: CKCA_MODULE_ID, + pRequest: CK_BYTE_PTR, + ulRequestSize: CK_ULONG, + pAnswer: CK_BYTE_PTR, + ulAnswerSize: CK_ULONG, + pulAnswerAvailable: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_C_PerformSelfTest = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + typeOfTest: CK_ULONG, + inputData: CK_BYTE_PTR, + sizeOfInputData: CK_ULONG, + outputData: CK_BYTE_PTR, + sizeOfOutputData: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_FirmwareUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulTargetHardwarePlatform: CK_ULONG, + ulAuthCodeLen: CK_ULONG, + pAuthCode: CK_BYTE_PTR, + ulManifestLen: CK_ULONG, + pManifest: CK_BYTE_PTR, + ulFirmwareLen: CK_ULONG, + pFirmware: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_FirmwareRollback = + ::std::option::Option CK_RV>; +pub type CK_CA_CapabilityUpdate = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulManifestLen: CK_ULONG, + pManifest: CK_BYTE_PTR, + ulAuthcodeLen: CK_ULONG, + pAuthcode: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetUserContainerNumber = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pulContainerNumber: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_GetUserContainerName = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pName: CK_BYTE_PTR, pulNameLen: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_SetUserContainerName = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pName: CK_BYTE_PTR, ulNameLen: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_GetTokenInsertionCount = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pulCount: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_GetRollbackFirmwareVersion = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pulVersion: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_GetFPV = + ::std::option::Option CK_RV>; +pub type CK_CA_GetTPV = + ::std::option::Option CK_RV>; +pub type CK_CA_GetExtendedTPV = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pulTpv: CK_ULONG_PTR, + pulTpvExt: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetConfigurationElementDescription = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulIsContainerElement: CK_ULONG, + ulIsCapabilityElement: CK_ULONG, + ulElementId: CK_ULONG, + pulElementBitLength: CK_ULONG_PTR, + pulElementDestructive: CK_ULONG_PTR, + pulElementWriteRestricted: CK_ULONG_PTR, + pDescription: CK_CHAR_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetHSMCapabilitySet = ::std::option::Option< + unsafe extern "C" fn( + uPhysicalSlot: CK_SLOT_ID, + pulCapIdArray: CK_ULONG_PTR, + pulCapIdSize: CK_ULONG_PTR, + pulCapValArray: CK_ULONG_PTR, + pulCapValSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetHSMCapabilitySetting = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulPolicyId: CK_ULONG, + pulPolicyValue: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetHSMPolicySet = ::std::option::Option< + unsafe extern "C" fn( + uPhysicalSlot: CK_SLOT_ID, + pulPolicyIdArray: CK_ULONG_PTR, + pulPolicyIdSize: CK_ULONG_PTR, + pulPolicyValArray: CK_ULONG_PTR, + pulPolicyValSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetHSMPolicySetting = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulPolicyId: CK_ULONG, + pulPolicyValue: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerCapabilitySet = ::std::option::Option< + unsafe extern "C" fn( + uPhysicalSlot: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + pulCapIdArray: CK_ULONG_PTR, + pulCapIdSize: CK_ULONG_PTR, + pulCapValArray: CK_ULONG_PTR, + pulCapValSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerCapabilitySetting = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + ulPolicyId: CK_ULONG, + pulPolicyValue: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerPolicySet = ::std::option::Option< + unsafe extern "C" fn( + uPhysicalSlot: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + pulPolicyIdArray: CK_ULONG_PTR, + pulPolicyIdSize: CK_ULONG_PTR, + pulPolicyValArray: CK_ULONG_PTR, + pulPolicyValSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerPolicySetting = ::std::option::Option< + unsafe extern "C" fn( + uPhysicalSlot: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + ulPolicyId: CK_ULONG, + pulPolicyValue: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetTPV = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, ulTpv: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_SetExtendedTPV = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, ulTpv: CK_ULONG, ulTpvExt: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_SetHSMPolicy = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPolicyId: CK_ULONG, + ulPolicyValue: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetHSMPolicies = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPolicyCount: CK_ULONG, + pulPolicyIdArray: CK_ULONG_PTR, + pulPolicyValueArray: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetDestructiveHSMPolicy = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPolicyId: CK_ULONG, + ulPolicyValue: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetDestructiveHSMPolicies = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPolicyCount: CK_ULONG, + pulPolicyIdArray: CK_ULONG_PTR, + pulPolicyValueArray: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetContainerPolicy = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulContainer: CK_ULONG, + ulPolicyId: CK_ULONG, + ulPolicyValue: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_SetContainerPolicies = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulContainer: CK_ULONG, + ulPolicyCount: CK_ULONG, + pulPolicyIdArray: CK_ULONG_PTR, + pulPolicyValueArray: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_RetrieveLicenseList = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pulidArraySize: CK_ULONG_PTR, + pulidArray: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_QueryLicense = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + licenseIdLow: CK_ULONG, + licenseIdHigh: CK_ULONG, + pulLicenseType: CK_ULONG_PTR, + pulDescVersion: CK_ULONG_PTR, + pulDescSize: CK_ULONG_PTR, + pbDescBuffer: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerStatus = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + pulContainerStatusFlags: CK_ULONG_PTR, + pulFailedSOLogins: CK_ULONG_PTR, + pulFailedUserLogins: CK_ULONG_PTR, + pulFailedLimitedUserLogins: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetSessionInfo = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pulAidHigh: CK_ULONG_PTR, + pulAidLow: CK_ULONG_PTR, + pulContainerNumber: CK_ULONG_PTR, + pulAuthenticationLevel: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_ReadCommonStore = ::std::option::Option< + unsafe extern "C" fn( + index: CK_ULONG, + pBuffer: CK_BYTE_PTR, + pulBufferSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_WriteCommonStore = ::std::option::Option< + unsafe extern "C" fn(index: CK_ULONG, pBuffer: CK_BYTE_PTR, ulBufferSize: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_GetPrimarySlot = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, slotId_p: CK_SLOT_ID_PTR) -> CK_RV, +>; +pub type CK_CA_GetSecondarySlot = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, slotId_p: CK_SLOT_ID_PTR) -> CK_RV, +>; +pub type CK_CA_SwitchSecondarySlot = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + slotID: CK_SLOT_ID, + slotInstance: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_CloseSecondarySession = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + slotID: CK_SLOT_ID, + slotInstance: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_CloseAllSecondarySessions = + ::std::option::Option CK_RV>; +pub type CK_CA_ChoosePrimarySlot = + ::std::option::Option CK_RV>; +pub type CK_CA_ChooseSecondarySlot = + ::std::option::Option CK_RV>; +pub type CK_CA_CloneObjectToAllSessions = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hObject: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_CA_CloneAllObjectsToSession = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, slotId: CK_SLOT_ID) -> CK_RV, +>; +pub type CK_CA_ResetDevice = + ::std::option::Option CK_RV>; +pub type CK_CA_FactoryReset = + ::std::option::Option CK_RV>; +pub type CK_CA_SetPedId = + ::std::option::Option CK_RV>; +pub type CK_CA_GetPedId = ::std::option::Option< + unsafe extern "C" fn(slotId: CK_SLOT_ID, usPedId: *mut CK_ULONG) -> CK_RV, +>; +pub type CK_CA_SpRawRead = + ::std::option::Option CK_RV>; +pub type CK_CA_SpRawWrite = + ::std::option::Option CK_RV>; +pub type CK_CA_CheckOperationState = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + operation: CK_ULONG, + pactive: *mut CK_BBOOL, + ) -> CK_RV, +>; +pub type CK_CA_DestroyMultipleObjects = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulHandleCount: CK_ULONG, + pHandleList: CK_OBJECT_HANDLE_PTR, + pulIndex: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HAInit = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, hLoginPrivateKey: CK_OBJECT_HANDLE) -> CK_RV, +>; +pub type CK_CA_HAGetMasterPublic = ::std::option::Option< + unsafe extern "C" fn( + slotId: CK_SLOT_ID, + pCertificate: CK_BYTE_PTR, + pulCertificate: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HAGetLoginChallenge = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + userType: CK_USER_TYPE, + pCertificate: CK_BYTE_PTR, + ulCertificateLen: CK_ULONG, + pChallengeBlob: CK_BYTE_PTR, + pulChallengeBlobLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HAAnswerLoginChallenge = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hLoginPrivateKey: CK_OBJECT_HANDLE, + pChallengeBlob: CK_BYTE_PTR, + ulChallengeBlobLen: CK_ULONG, + pEncryptedPin: CK_BYTE_PTR, + pulEncryptedPinLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HALogin = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pEncryptedPin: CK_BYTE_PTR, + ulEncryptedPinLen: CK_ULONG, + pMofNBlob: CK_BYTE_PTR, + pulMofNBlobLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HAAnswerMofNChallenge = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMofNBlob: CK_BYTE_PTR, + ulMofNBlobLen: CK_ULONG, + pMofNSecretBlob: CK_BYTE_PTR, + pulMofNSecretBlobLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_HAActivateMofN = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMofNSecretBlob: CK_BYTE_PTR, + ulMofNSecretBlobLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_GetHAState = ::std::option::Option< + unsafe extern "C" fn(slotId: CK_SLOT_ID, pState: CK_HA_STATE_PTR) -> CK_RV, +>; +pub type CK_CA_GetTokenCertificates = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulCertType: CK_ULONG, + pCertificate: CK_BYTE_PTR, + pulCertificateLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_ExtractMaskedObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulObjectHandle: CK_ULONG, + pMaskedKey: CK_BYTE_PTR, + pusMaskedKeyLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_InsertMaskedObject = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pulObjectHandle: CK_ULONG_PTR, + pMaskedKey: CK_BYTE_PTR, + usMaskedKeyLen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_MultisignValue = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + ulMaskedKeyLen: CK_ULONG, + pMaskedKey: CK_BYTE_PTR, + pulBlobCount: CK_ULONG_PTR, + pulBlobLens: CK_ULONG_PTR, + ppBlobs: *mut CK_BYTE_PTR, + pulSignatureLens: CK_ULONG_PTR, + ppSignatures: *mut CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SIMExtract = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulHandleCount: CK_ULONG, + pHandleList: CK_OBJECT_HANDLE_PTR, + ulAuthSecretCount: CK_ULONG, + ulAuthSubsetCount: CK_ULONG, + authForm: CKA_SIM_AUTH_FORM, + pulAuthSecretSizes: CK_ULONG_PTR, + ppbAuthSecretList: *mut CK_BYTE_PTR, + deleteAfterExtract: CK_BBOOL, + pulBlobSize: CK_ULONG_PTR, + pBlob: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SIMInsert = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulAuthSecretCount: CK_ULONG, + authForm: CKA_SIM_AUTH_FORM, + pulAuthSecretSizes: CK_ULONG_PTR, + ppbAuthSecretList: *mut CK_BYTE_PTR, + ulBlobSize: CK_ULONG, + pBlob: CK_BYTE_PTR, + pulHandleCount: CK_ULONG_PTR, + pHandleList: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SIMMultiSign = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pMechanism: CK_MECHANISM_PTR, + ulAuthSecretCount: CK_ULONG, + authForm: CKA_SIM_AUTH_FORM, + pulAuthSecretSizes: CK_ULONG_PTR, + ppbAuthSecretList: *mut CK_BYTE_PTR, + ulBlobSize: CK_ULONG, + pBlob: CK_BYTE_PTR, + ulInputDataCount: CK_ULONG, + pulInputDataLengths: CK_ULONG_PTR, + ppbInputDataList: *mut CK_BYTE_PTR, + pulSignatureLengths: CK_ULONG_PTR, + ppbSignatureList: *mut CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_Extract = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV, +>; +pub type CK_CA_Insert = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pMechanism: CK_MECHANISM_PTR) -> CK_RV, +>; +pub type CK_CA_GetObjectUID = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNum: CK_ULONG, + ulObjectType: CK_ULONG, + ulObjectHandle: CK_ULONG, + ouid: *mut CK_BYTE, + ) -> CK_RV, +>; +pub type CK_CA_GetObjectHandle = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNum: CK_ULONG, + ouid: *mut CK_BYTE, + pulObjectType: CK_ULONG_PTR, + pulObjectHandle: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_DeleteContainer = + ::std::option::Option CK_RV>; +pub type CK_CA_MTKSetStorage = ::std::option::Option< + unsafe extern "C" fn(ulSessionNumber: CK_SESSION_HANDLE, ulStorageSetting: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_MTKRestore = + ::std::option::Option CK_RV>; +pub type CK_CA_MTKResplit = + ::std::option::Option CK_RV>; +pub type CK_CA_MTKZeroize = + ::std::option::Option CK_RV>; +pub type CK_CA_MTKGetState = + ::std::option::Option CK_RV>; +pub type CK_CA_GetTSV = + ::std::option::Option CK_RV>; +pub type CK_CA_InvokeServiceInit = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, ulPortNumber: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_InvokeService = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pBufferIn: CK_BYTE_PTR, + ulBufferInLength: CK_ULONG, + pulBufferOutLength: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_InvokeServiceFinal = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pBufferOut: CK_BYTE_PTR, + pulBufferOutLength: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_InvokeServiceAsynch = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPortNumber: CK_ULONG, + pBufferIn: CK_BYTE_PTR, + ulBufferInLength: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_InvokeServiceSinglePart = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulPortNumber: CK_ULONG, + pBufferIn: CK_BYTE_PTR, + ulBufferInLength: CK_ULONG, + pBufferOut: CK_BYTE_PTR, + pulBufferOutLength: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_EncodeECPrimeParams = ::std::option::Option< + unsafe extern "C" fn( + DerECParams: CK_BYTE_PTR, + DerECParamsLen: CK_ULONG_PTR, + prime: CK_BYTE_PTR, + primelen: CK_ULONG, + a: CK_BYTE_PTR, + alen: CK_ULONG, + b: CK_BYTE_PTR, + blen: CK_ULONG, + seed: CK_BYTE_PTR, + seedlen: CK_ULONG, + x: CK_BYTE_PTR, + xlen: CK_ULONG, + y: CK_BYTE_PTR, + ylen: CK_ULONG, + order: CK_BYTE_PTR, + orderlen: CK_ULONG, + cofactor: CK_BYTE_PTR, + cofactorlen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_EncodeECChar2Params = ::std::option::Option< + unsafe extern "C" fn( + DerECParams: CK_BYTE_PTR, + DerECParamsLen: CK_ULONG_PTR, + m: CK_ULONG, + k1: CK_ULONG, + k2: CK_ULONG, + k3: CK_ULONG, + a: CK_BYTE_PTR, + alen: CK_ULONG, + b: CK_BYTE_PTR, + blen: CK_ULONG, + seed: CK_BYTE_PTR, + seedlen: CK_ULONG, + x: CK_BYTE_PTR, + xlen: CK_ULONG, + y: CK_BYTE_PTR, + ylen: CK_ULONG, + order: CK_BYTE_PTR, + orderlen: CK_ULONG, + cofactor: CK_BYTE_PTR, + cofactorlen: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_EncodeECParamsFromFile = ::std::option::Option< + unsafe extern "C" fn( + DerECParams: CK_BYTE_PTR, + DerECParamsLen: CK_ULONG_PTR, + paramsFile: CK_BYTE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetHSMStorageInformation = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pulContainerOverhead: CK_ULONG_PTR, + pulTotal: CK_ULONG_PTR, + pulUsed: CK_ULONG_PTR, + pulFree: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerStorageInformation = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerNumber: CK_ULONG, + pulContainerOverhead: CK_ULONG_PTR, + pulTotal: CK_ULONG_PTR, + pulUsed: CK_ULONG_PTR, + pulFree: CK_ULONG_PTR, + pulObjectCount: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_SetContainerSize = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulContainerNumber: CK_ULONG, + ulSize: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_CreateContainer = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + ulUSV: CK_ULONG, + pContainerName: CK_CHAR_PTR, + usContainerNameLen: CK_ULONG, + pPin: CK_CHAR_PTR, + usPinLen: CK_ULONG, + ulIDHigh: CK_ULONG, + ulIDLow: CK_ULONG, + ulOwnerHandle: CK_ULONG, + ulStorageFlags: CK_ULONG, + ulContainerSize: CK_ULONG, + pulContainerNumber: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_DeleteContainerWithHandle = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, ulContainerNumber: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_GetContainerList = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulGroupHandle: CK_ULONG, + ulContainerType: CK_ULONG, + pulContainerHandles: CK_ULONG_PTR, + pulNumberOfHandles: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetContainerName = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + ulContainerHandle: CK_ULONG, + pContainerName: CK_BYTE_PTR, + pulContainerNameLen: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_GetNumberOfAllowedContainers = ::std::option::Option< + unsafe extern "C" fn(slot: CK_SLOT_ID, pulAllowedContainers: CK_ULONG_PTR) -> CK_RV, +>; +pub type CK_CA_GetTunnelSlotNumber = ::std::option::Option< + unsafe extern "C" fn(slotID: CK_SLOT_ID, pTunnelSlotID: CK_SLOT_ID_PTR) -> CK_RV, +>; +pub type CK_CA_GetClusterState = ::std::option::Option< + unsafe extern "C" fn(slotId: CK_SLOT_ID, pState: CK_CLUSTER_STATE_PTR) -> CK_RV, +>; +pub type CK_CA_LockClusteredSlot = + ::std::option::Option CK_RV>; +pub type CK_CA_UnlockClusteredSlot = + ::std::option::Option CK_RV>; +pub type CK_CA_LKMInitiatorChallenge = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hAKObjectHandle: CK_OBJECT_HANDLE, + hDKObjectHandle: CK_OBJECT_HANDLE, + ulHashMech: CK_ULONG, + pInitiatorID: CK_LKM_TOKEN_ID_PTR, + pReceiverID: CK_LKM_TOKEN_ID_PTR, + pChallengeBuf: CK_CHAR_PTR, + pulChallengeBufSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LKMReceiverResponse = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hAKObjectHandle: CK_OBJECT_HANDLE, + hDKObjectHandle: CK_OBJECT_HANDLE, + ulHashMech: CK_ULONG, + pReceiverID: CK_LKM_TOKEN_ID_PTR, + pChallengeBuf: CK_CHAR_PTR, + ulChallengeBufSize: CK_ULONG, + pResponseBuf: CK_CHAR_PTR, + pulResponseBufSize: CK_ULONG_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LKMInitiatorComplete = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pResponseBuf: CK_CHAR_PTR, + ulResponseBufSize: CK_ULONG, + pSCKTemplate: CK_ATTRIBUTE_PTR, + usSCKAttributeCount: CK_ULONG, + pSAKTemplate: CK_ATTRIBUTE_PTR, + usSAKAttributeCount: CK_ULONG, + pCompleteBuf: CK_CHAR_PTR, + pulCompleteBufSize: CK_ULONG_PTR, + phSCKObjectHandle: CK_OBJECT_HANDLE_PTR, + phSAKObjectHandle: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_LKMReceiverComplete = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + pCompleteBuf: CK_CHAR_PTR, + ulCompleteBufSize: CK_ULONG, + pSCKTemplate: CK_ATTRIBUTE_PTR, + usSCKAttributeCount: CK_ULONG, + pSAKTemplate: CK_ATTRIBUTE_PTR, + usSAKAttributeCount: CK_ULONG, + phSCKObjectHandle: CK_OBJECT_HANDLE_PTR, + phSAKObjectHandle: CK_OBJECT_HANDLE_PTR, + ) -> CK_RV, +>; +pub type CK_CA_ModifyUsageCount = ::std::option::Option< + unsafe extern "C" fn( + hSession: CK_SESSION_HANDLE, + hObject: CK_OBJECT_HANDLE, + ulCommandType: CK_ULONG, + ulValue: CK_ULONG, + ) -> CK_RV, +>; +pub type CK_CA_InitAudit = ::std::option::Option< + unsafe extern "C" fn( + slotID: CK_SLOT_ID, + pPin: CK_CHAR_PTR, + usPinLen: CK_ULONG, + pLabel: CK_CHAR_PTR, + ) -> CK_RV, +>; +pub type CK_CA_TimeSync = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, ulTime: CK_ULONG) -> CK_RV, +>; +pub type CK_CA_GetTime = ::std::option::Option< + unsafe extern "C" fn(hSession: CK_SESSION_HANDLE, pulTime: CK_ULONG_PTR) -> CK_RV, +>; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct CK_SFNT_CA_FUNCTION_LIST { + pub version: CK_VERSION, + pub CA_GetFunctionList: CK_CA_GetFunctionList, + pub CA_WaitForSlotEvent: CK_CA_WaitForSlotEvent, + pub CA_InitIndirectToken: CK_CA_InitIndirectToken, + pub CA_InitIndirectPIN: CK_CA_InitIndirectPIN, + pub CA_ResetPIN: CK_CA_ResetPIN, + pub CA_CreateLoginChallenge: CK_CA_CreateLoginChallenge, + pub CA_Deactivate: CK_CA_Deactivate, + pub CA_OpenSession: CK_CA_OpenSession, + pub CA_IndirectLogin: CK_CA_IndirectLogin, + pub CA_InitializeRemotePEDVector: CK_CA_InitializeRemotePEDVector, + pub CA_DeleteRemotePEDVector: CK_CA_DeleteRemotePEDVector, + pub CA_GetRemotePEDVectorStatus: CK_CA_GetRemotePEDVectorStatus, + pub CA_ConfigureRemotePED: CK_CA_ConfigureRemotePED, + pub CA_DismantleRemotePED: CK_CA_DismantleRemotePED, + pub CA_Restart: CK_CA_Restart, + pub CA_RestartForContainer: CK_CA_RestartForContainer, + pub CA_CloseApplicationID: CK_CA_CloseApplicationID, + pub CA_CloseApplicationIDForContainer: CK_CA_CloseApplicationIDForContainer, + pub CA_OpenApplicationID: CK_CA_OpenApplicationID, + pub CA_OpenApplicationIDForContainer: CK_CA_OpenApplicationIDForContainer, + pub CA_SetApplicationID: CK_CA_SetApplicationID, + pub CA_ManualKCV: CK_CA_ManualKCV, + pub CA_SetLKCV: CK_CA_SetLKCV, + pub CA_SetKCV: CK_CA_SetKCV, + pub CA_SetCloningDomain: CK_CA_SetCloningDomain, + pub CA_ClonePrivateKey: CK_CA_ClonePrivateKey, + pub CA_CloneObject: CK_CA_CloneObject, + pub CA_GenerateCloningKEV: CK_CA_GenerateCloningKEV, + pub CA_CloneAsTargetInit: CK_CA_CloneAsTargetInit, + pub CA_CloneAsSource: CK_CA_CloneAsSource, + pub CA_CloneAsTarget: CK_CA_CloneAsTarget, + pub CA_SetMofN: CK_CA_SetMofN, + pub CA_GenerateMofN: CK_CA_GenerateMofN, + pub CA_GenerateCloneableMofN: CK_CA_GenerateCloneableMofN, + pub CA_ModifyMofN: CK_CA_ModifyMofN, + pub CA_CloneMofN: CK_CA_CloneMofN, + pub CA_CloneModifyMofN: CK_CA_CloneModifyMofN, + pub CA_ActivateMofN: CK_CA_ActivateMofN, + pub CA_DeactivateMofN: CK_CA_DeactivateMofN, + pub CA_GetMofNStatus: CK_CA_GetMofNStatus, + pub CA_DuplicateMofN: CK_CA_DuplicateMofN, + pub CA_IsMofNEnabled: CK_CA_IsMofNEnabled, + pub CA_IsMofNRequired: CK_CA_IsMofNRequired, + pub CA_GenerateTokenKeys: CK_CA_GenerateTokenKeys, + pub CA_GetTokenCertificateInfo: CK_CA_GetTokenCertificateInfo, + pub CA_SetTokenCertificateSignature: CK_CA_SetTokenCertificateSignature, + pub CA_GetModuleList: CK_CA_GetModuleList, + pub CA_GetModuleInfo: CK_CA_GetModuleInfo, + pub CA_LoadModule: CK_CA_LoadModule, + pub CA_LoadEncryptedModule: CK_CA_LoadEncryptedModule, + pub CA_UnloadModule: CK_CA_UnloadModule, + pub CA_PerformModuleCall: CK_CA_PerformModuleCall, + pub C_PerformSelfTest: CK_C_PerformSelfTest, + pub CA_FirmwareUpdate: CK_CA_FirmwareUpdate, + pub CA_FirmwareRollback: CK_CA_FirmwareRollback, + pub CA_CapabilityUpdate: CK_CA_CapabilityUpdate, + pub CA_GetUserContainerNumber: CK_CA_GetUserContainerNumber, + pub CA_GetUserContainerName: CK_CA_GetUserContainerName, + pub CA_SetUserContainerName: CK_CA_SetUserContainerName, + pub CA_GetTokenInsertionCount: CK_CA_GetTokenInsertionCount, + pub CA_GetRollbackFirmwareVersion: CK_CA_GetRollbackFirmwareVersion, + pub CA_GetFPV: CK_CA_GetFPV, + pub CA_GetTPV: CK_CA_GetTPV, + pub CA_GetExtendedTPV: CK_CA_GetExtendedTPV, + pub CA_GetConfigurationElementDescription: CK_CA_GetConfigurationElementDescription, + pub CA_GetHSMCapabilitySet: CK_CA_GetHSMCapabilitySet, + pub CA_GetHSMCapabilitySetting: CK_CA_GetHSMCapabilitySetting, + pub CA_GetHSMPolicySet: CK_CA_GetHSMPolicySet, + pub CA_GetHSMPolicySetting: CK_CA_GetHSMPolicySetting, + pub CA_GetContainerCapabilitySet: CK_CA_GetContainerCapabilitySet, + pub CA_GetContainerCapabilitySetting: CK_CA_GetContainerCapabilitySetting, + pub CA_GetContainerPolicySet: CK_CA_GetContainerPolicySet, + pub CA_GetContainerPolicySetting: CK_CA_GetContainerPolicySetting, + pub CA_SetTPV: CK_CA_SetTPV, + pub CA_SetExtendedTPV: CK_CA_SetExtendedTPV, + pub CA_SetHSMPolicy: CK_CA_SetHSMPolicy, + pub CA_SetHSMPolicies: CK_CA_SetHSMPolicies, + pub CA_SetDestructiveHSMPolicy: CK_CA_SetDestructiveHSMPolicy, + pub CA_SetDestructiveHSMPolicies: CK_CA_SetDestructiveHSMPolicies, + pub CA_SetContainerPolicy: CK_CA_SetContainerPolicy, + pub CA_SetContainerPolicies: CK_CA_SetContainerPolicies, + pub CA_RetrieveLicenseList: CK_CA_RetrieveLicenseList, + pub CA_QueryLicense: CK_CA_QueryLicense, + pub CA_GetContainerStatus: CK_CA_GetContainerStatus, + pub CA_GetSessionInfo: CK_CA_GetSessionInfo, + pub CA_ReadCommonStore: CK_CA_ReadCommonStore, + pub CA_WriteCommonStore: CK_CA_WriteCommonStore, + pub CA_GetPrimarySlot: CK_CA_GetPrimarySlot, + pub CA_GetSecondarySlot: CK_CA_GetSecondarySlot, + pub CA_SwitchSecondarySlot: CK_CA_SwitchSecondarySlot, + pub CA_CloseSecondarySession: CK_CA_CloseSecondarySession, + pub CA_CloseAllSecondarySessions: CK_CA_CloseAllSecondarySessions, + pub CA_ChoosePrimarySlot: CK_CA_ChoosePrimarySlot, + pub CA_ChooseSecondarySlot: CK_CA_ChooseSecondarySlot, + pub CA_CloneObjectToAllSessions: CK_CA_CloneObjectToAllSessions, + pub CA_CloneAllObjectsToSession: CK_CA_CloneAllObjectsToSession, + pub CA_ResetDevice: CK_CA_ResetDevice, + pub CA_FactoryReset: CK_CA_FactoryReset, + pub CA_SetPedId: CK_CA_SetPedId, + pub CA_GetPedId: CK_CA_GetPedId, + pub CA_SpRawRead: CK_CA_SpRawRead, + pub CA_SpRawWrite: CK_CA_SpRawWrite, + pub CA_CheckOperationState: CK_CA_CheckOperationState, + pub CA_DestroyMultipleObjects: CK_CA_DestroyMultipleObjects, + pub CA_HAInit: CK_CA_HAInit, + pub CA_HAGetMasterPublic: CK_CA_HAGetMasterPublic, + pub CA_HAGetLoginChallenge: CK_CA_HAGetLoginChallenge, + pub CA_HAAnswerLoginChallenge: CK_CA_HAAnswerLoginChallenge, + pub CA_HALogin: CK_CA_HALogin, + pub CA_HAAnswerMofNChallenge: CK_CA_HAAnswerMofNChallenge, + pub CA_HAActivateMofN: CK_CA_HAActivateMofN, + pub CA_GetHAState: CK_CA_GetHAState, + pub CA_GetTokenCertificates: CK_CA_GetTokenCertificates, + pub CA_ExtractMaskedObject: CK_CA_ExtractMaskedObject, + pub CA_InsertMaskedObject: CK_CA_InsertMaskedObject, + pub CA_MultisignValue: CK_CA_MultisignValue, + pub CA_SIMExtract: CK_CA_SIMExtract, + pub CA_SIMInsert: CK_CA_SIMInsert, + pub CA_SIMMultiSign: CK_CA_SIMMultiSign, + pub CA_Extract: CK_CA_Extract, + pub CA_Insert: CK_CA_Insert, + pub CA_GetObjectUID: CK_CA_GetObjectUID, + pub CA_GetObjectHandle: CK_CA_GetObjectHandle, + pub CA_DeleteContainer: CK_CA_DeleteContainer, + pub CA_MTKSetStorage: CK_CA_MTKSetStorage, + pub CA_MTKRestore: CK_CA_MTKRestore, + pub CA_MTKResplit: CK_CA_MTKResplit, + pub CA_MTKZeroize: CK_CA_MTKZeroize, + pub CA_MTKGetState: CK_CA_MTKGetState, + pub CA_GetTSV: CK_CA_GetTSV, + pub CA_InvokeServiceInit: CK_CA_InvokeServiceInit, + pub CA_InvokeService: CK_CA_InvokeService, + pub CA_InvokeServiceFinal: CK_CA_InvokeServiceFinal, + pub CA_InvokeServiceAsynch: CK_CA_InvokeServiceAsynch, + pub CA_InvokeServiceSinglePart: CK_CA_InvokeServiceSinglePart, + pub CA_EncodeECPrimeParams: CK_CA_EncodeECPrimeParams, + pub CA_EncodeECChar2Params: CK_CA_EncodeECChar2Params, + pub CA_EncodeECParamsFromFile: CK_CA_EncodeECParamsFromFile, + pub CA_GetHSMStorageInformation: CK_CA_GetHSMStorageInformation, + pub CA_GetContainerStorageInformation: CK_CA_GetContainerStorageInformation, + pub CA_SetContainerSize: CK_CA_SetContainerSize, + pub CA_CreateContainer: CK_CA_CreateContainer, + pub CA_DeleteContainerWithHandle: CK_CA_DeleteContainerWithHandle, + pub CA_GetContainerList: CK_CA_GetContainerList, + pub CA_GetContainerName: CK_CA_GetContainerName, + pub CA_GetNumberOfAllowedContainers: CK_CA_GetNumberOfAllowedContainers, + pub CA_GetTunnelSlotNumber: CK_CA_GetTunnelSlotNumber, + pub CA_GetClusterState: CK_CA_GetClusterState, + pub CA_LockClusteredSlot: CK_CA_LockClusteredSlot, + pub CA_UnlockClusteredSlot: CK_CA_UnlockClusteredSlot, + pub CA_LKMInitiatorChallenge: CK_CA_LKMInitiatorChallenge, + pub CA_LKMReceiverResponse: CK_CA_LKMReceiverResponse, + pub CA_LKMInitiatorComplete: CK_CA_LKMInitiatorComplete, + pub CA_LKMReceiverComplete: CK_CA_LKMReceiverComplete, + pub CA_ModifyUsageCount: CK_CA_ModifyUsageCount, + pub CA_LogVerify: CK_CA_LogVerify, + pub CA_LogVerifyFile: CK_CA_LogVerifyFile, + pub CA_LogExternal: CK_CA_LogExternal, + pub CA_LogImportSecret: CK_CA_LogImportSecret, + pub CA_LogExportSecret: CK_CA_LogExportSecret, + pub CA_LogSetConfig: CK_CA_LogSetConfig, + pub CA_LogGetConfig: CK_CA_LogGetconfig, + pub CA_LogEraseAll: CK_CA_LogEraseAll, + pub CA_LogGetStatus: CK_CA_LogGetStatus, + pub CA_InitAudit: CK_CA_InitAudit, + pub CA_GetTime: CK_CA_GetTime, + pub CA_TimeSync: CK_CA_TimeSync, +} +#[allow(clippy::unnecessary_operation, clippy::identity_op)] +const _: () = { + ["Size of CK_SFNT_CA_FUNCTION_LIST"] + [::std::mem::size_of::() - 1344usize]; + ["Alignment of CK_SFNT_CA_FUNCTION_LIST"] + [::std::mem::align_of::() - 8usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::version"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, version) - 0usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetFunctionList"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetFunctionList) - 8usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_WaitForSlotEvent"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_WaitForSlotEvent) - 16usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InitIndirectToken"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InitIndirectToken) - 24usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InitIndirectPIN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InitIndirectPIN) - 32usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ResetPIN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ResetPIN) - 40usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CreateLoginChallenge"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CreateLoginChallenge) - 48usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_Deactivate"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_Deactivate) - 56usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_OpenSession"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_OpenSession) - 64usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_IndirectLogin"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_IndirectLogin) - 72usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InitializeRemotePEDVector"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InitializeRemotePEDVector) - 80usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DeleteRemotePEDVector"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DeleteRemotePEDVector) - 88usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetRemotePEDVectorStatus"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetRemotePEDVectorStatus) - 96usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ConfigureRemotePED"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ConfigureRemotePED) - 104usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DismantleRemotePED"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DismantleRemotePED) - 112usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_Restart"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_Restart) - 120usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_RestartForContainer"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_RestartForContainer) - 128usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloseApplicationID"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloseApplicationID) - 136usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloseApplicationIDForContainer"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_CloseApplicationIDForContainer + ) - 144usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_OpenApplicationID"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_OpenApplicationID) - 152usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_OpenApplicationIDForContainer"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_OpenApplicationIDForContainer + ) - 160usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetApplicationID"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetApplicationID) - 168usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ManualKCV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ManualKCV) - 176usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetLKCV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetLKCV) - 184usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetKCV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetKCV) - 192usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetCloningDomain"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetCloningDomain) - 200usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ClonePrivateKey"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ClonePrivateKey) - 208usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneObject"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneObject) - 216usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GenerateCloningKEV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GenerateCloningKEV) - 224usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneAsTargetInit"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneAsTargetInit) - 232usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneAsSource"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneAsSource) - 240usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneAsTarget"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneAsTarget) - 248usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetMofN) - 256usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GenerateMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GenerateMofN) - 264usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GenerateCloneableMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GenerateCloneableMofN) - 272usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ModifyMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ModifyMofN) - 280usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneMofN) - 288usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneModifyMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneModifyMofN) - 296usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ActivateMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ActivateMofN) - 304usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DeactivateMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DeactivateMofN) - 312usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetMofNStatus"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetMofNStatus) - 320usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DuplicateMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DuplicateMofN) - 328usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_IsMofNEnabled"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_IsMofNEnabled) - 336usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_IsMofNRequired"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_IsMofNRequired) - 344usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GenerateTokenKeys"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GenerateTokenKeys) - 352usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTokenCertificateInfo"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTokenCertificateInfo) - 360usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetTokenCertificateSignature"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_SetTokenCertificateSignature + ) - 368usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetModuleList"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetModuleList) - 376usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetModuleInfo"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetModuleInfo) - 384usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LoadModule"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LoadModule) - 392usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LoadEncryptedModule"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LoadEncryptedModule) - 400usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_UnloadModule"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_UnloadModule) - 408usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_PerformModuleCall"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_PerformModuleCall) - 416usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::C_PerformSelfTest"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, C_PerformSelfTest) - 424usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_FirmwareUpdate"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_FirmwareUpdate) - 432usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_FirmwareRollback"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_FirmwareRollback) - 440usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CapabilityUpdate"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CapabilityUpdate) - 448usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetUserContainerNumber"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetUserContainerNumber) - 456usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetUserContainerName"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetUserContainerName) - 464usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetUserContainerName"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetUserContainerName) - 472usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTokenInsertionCount"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTokenInsertionCount) - 480usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetRollbackFirmwareVersion"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_GetRollbackFirmwareVersion + ) - 488usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetFPV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetFPV) - 496usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTPV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTPV) - 504usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetExtendedTPV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetExtendedTPV) - 512usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetConfigurationElementDescription"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_GetConfigurationElementDescription + ) + - 520usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHSMCapabilitySet"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHSMCapabilitySet) - 528usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHSMCapabilitySetting"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHSMCapabilitySetting) - 536usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHSMPolicySet"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHSMPolicySet) - 544usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHSMPolicySetting"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHSMPolicySetting) - 552usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerCapabilitySet"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerCapabilitySet) - 560usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerCapabilitySetting"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_GetContainerCapabilitySetting + ) - 568usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerPolicySet"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerPolicySet) - 576usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerPolicySetting"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerPolicySetting) - 584usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetTPV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetTPV) - 592usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetExtendedTPV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetExtendedTPV) - 600usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetHSMPolicy"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetHSMPolicy) - 608usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetHSMPolicies"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetHSMPolicies) - 616usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetDestructiveHSMPolicy"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetDestructiveHSMPolicy) - 624usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetDestructiveHSMPolicies"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetDestructiveHSMPolicies) - 632usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetContainerPolicy"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetContainerPolicy) - 640usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetContainerPolicies"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetContainerPolicies) - 648usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_RetrieveLicenseList"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_RetrieveLicenseList) - 656usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_QueryLicense"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_QueryLicense) - 664usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerStatus"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerStatus) - 672usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetSessionInfo"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetSessionInfo) - 680usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ReadCommonStore"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ReadCommonStore) - 688usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_WriteCommonStore"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_WriteCommonStore) - 696usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetPrimarySlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetPrimarySlot) - 704usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetSecondarySlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetSecondarySlot) - 712usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SwitchSecondarySlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SwitchSecondarySlot) - 720usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloseSecondarySession"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloseSecondarySession) - 728usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloseAllSecondarySessions"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloseAllSecondarySessions) - 736usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ChoosePrimarySlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ChoosePrimarySlot) - 744usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ChooseSecondarySlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ChooseSecondarySlot) - 752usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneObjectToAllSessions"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneObjectToAllSessions) - 760usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CloneAllObjectsToSession"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CloneAllObjectsToSession) - 768usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ResetDevice"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ResetDevice) - 776usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_FactoryReset"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_FactoryReset) - 784usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetPedId"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetPedId) - 792usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetPedId"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetPedId) - 800usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SpRawRead"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SpRawRead) - 808usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SpRawWrite"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SpRawWrite) - 816usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CheckOperationState"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CheckOperationState) - 824usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DestroyMultipleObjects"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DestroyMultipleObjects) - 832usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAInit"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAInit) - 840usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAGetMasterPublic"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAGetMasterPublic) - 848usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAGetLoginChallenge"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAGetLoginChallenge) - 856usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAAnswerLoginChallenge"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAAnswerLoginChallenge) - 864usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HALogin"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HALogin) - 872usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAAnswerMofNChallenge"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAAnswerMofNChallenge) - 880usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_HAActivateMofN"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_HAActivateMofN) - 888usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHAState"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHAState) - 896usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTokenCertificates"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTokenCertificates) - 904usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ExtractMaskedObject"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ExtractMaskedObject) - 912usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InsertMaskedObject"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InsertMaskedObject) - 920usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MultisignValue"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MultisignValue) - 928usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SIMExtract"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SIMExtract) - 936usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SIMInsert"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SIMInsert) - 944usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SIMMultiSign"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SIMMultiSign) - 952usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_Extract"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_Extract) - 960usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_Insert"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_Insert) - 968usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetObjectUID"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetObjectUID) - 976usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetObjectHandle"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetObjectHandle) - 984usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DeleteContainer"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_DeleteContainer) - 992usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MTKSetStorage"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MTKSetStorage) - 1000usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MTKRestore"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MTKRestore) - 1008usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MTKResplit"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MTKResplit) - 1016usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MTKZeroize"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MTKZeroize) - 1024usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_MTKGetState"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_MTKGetState) - 1032usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTSV"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTSV) - 1040usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InvokeServiceInit"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InvokeServiceInit) - 1048usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InvokeService"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InvokeService) - 1056usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InvokeServiceFinal"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InvokeServiceFinal) - 1064usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InvokeServiceAsynch"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InvokeServiceAsynch) - 1072usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InvokeServiceSinglePart"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InvokeServiceSinglePart) - 1080usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_EncodeECPrimeParams"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_EncodeECPrimeParams) - 1088usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_EncodeECChar2Params"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_EncodeECChar2Params) - 1096usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_EncodeECParamsFromFile"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_EncodeECParamsFromFile) - 1104usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetHSMStorageInformation"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetHSMStorageInformation) - 1112usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerStorageInformation"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_GetContainerStorageInformation + ) - 1120usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_SetContainerSize"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_SetContainerSize) - 1128usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_CreateContainer"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_CreateContainer) - 1136usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_DeleteContainerWithHandle"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_DeleteContainerWithHandle + ) - 1144usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerList"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerList) - 1152usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetContainerName"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetContainerName) - 1160usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetNumberOfAllowedContainers"][::std::mem::offset_of!( + CK_SFNT_CA_FUNCTION_LIST, + CA_GetNumberOfAllowedContainers + ) - 1168usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTunnelSlotNumber"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTunnelSlotNumber) - 1176usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetClusterState"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetClusterState) - 1184usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LockClusteredSlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LockClusteredSlot) - 1192usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_UnlockClusteredSlot"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_UnlockClusteredSlot) - 1200usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LKMInitiatorChallenge"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LKMInitiatorChallenge) - 1208usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LKMReceiverResponse"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LKMReceiverResponse) - 1216usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LKMInitiatorComplete"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LKMInitiatorComplete) - 1224usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LKMReceiverComplete"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LKMReceiverComplete) - 1232usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_ModifyUsageCount"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_ModifyUsageCount) - 1240usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogVerify"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogVerify) - 1248usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogVerifyFile"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogVerifyFile) - 1256usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogExternal"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogExternal) - 1264usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogImportSecret"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogImportSecret) - 1272usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogExportSecret"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogExportSecret) - 1280usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogSetConfig"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogSetConfig) - 1288usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogGetConfig"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogGetConfig) - 1296usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogEraseAll"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogEraseAll) - 1304usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_LogGetStatus"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_LogGetStatus) - 1312usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_InitAudit"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_InitAudit) - 1320usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_GetTime"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_GetTime) - 1328usize]; + ["Offset of field: CK_SFNT_CA_FUNCTION_LIST::CA_TimeSync"] + [::std::mem::offset_of!(CK_SFNT_CA_FUNCTION_LIST, CA_TimeSync) - 1336usize]; +}; diff --git a/cryptoki-sys/vendor/pkcs11.h b/cryptoki-sys/vendor/pkcs11.h index 2a51a9ba..e30a2949 100644 --- a/cryptoki-sys/vendor/pkcs11.h +++ b/cryptoki-sys/vendor/pkcs11.h @@ -2775,4 +2775,8 @@ struct CK_FUNCTION_LIST { #pragma pack(pop, cryptoki) #endif +#if defined(THALES_LUNA) +#include "thales-luna/cr" +#endif + #endif diff --git a/cryptoki-sys/vendor/thales-safenet/cryptoki_v2.h b/cryptoki-sys/vendor/thales-safenet/cryptoki_v2.h new file mode 100644 index 00000000..e9423e8d --- /dev/null +++ b/cryptoki-sys/vendor/thales-safenet/cryptoki_v2.h @@ -0,0 +1,1040 @@ +/*************************************************************************** + * + * Filename: cryptoki_v2.h + * + * Description: Function prototypes, typedefs, etc. for PKCS #11 API. + * + * This file is protected by laws protecting trade secrets and confidential + * information, as well as copyright laws and international treaties. + * Copyright (c) 2004 SafeNet, Inc. All rights reserved. + * + * This file contains confidential and proprietary information of + * SafeNet, Inc. and its licensors and may not be + * copied (in any manner), distributed (by any means) or transferred + * without prior written consent from SafeNet, Inc. + ********************VERY IMPORTANT****************************************** + * DO NOT ADD ANY NEW SAFENET EXTENSIONS TO ./cryptoki/cryptoki.h + * ADD ALL NEW TYPE DEFINITION EXTENSIONS TO /cryptoki/cryptoki_v2.h + * ADD ALL CA_ FUNCTION EXTENSIONS TO /cryptoki/sfnt_extensions.h + ****************************************************************************/ + +#ifndef _CRYPTOKI_H_ +#define _CRYPTOKI_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/****************************************************************************\ +* * +* Operating System/Platform linking constructs * +* * +\****************************************************************************/ +#if defined(VXD) +#define CK_ENTRY +#define CK_POINTER * +#pragma pack(push, 1) +#elif defined(OS_WIN32) +#define CK_ENTRY __declspec(dllexport) +#define CK_POINTER * + +#define CK_DEFINE_FUNCTION(returnType, name) \ + returnType __declspec(dllexport) name + +#define CK_DECLARE_FUNCTION(returnType, name) \ + returnType __declspec(dllexport) name + +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + returnType __declspec(dllexport) (*name) + +#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name) + +#pragma pack(push, cryptoki, 1) + +#elif defined(OS_UNIX) || defined(OS_LINUX) +#define CK_ENTRY +#define CK_POINTER * + +#define CK_DEFINE_FUNCTION(returnType, name) returnType name + +#define CK_DECLARE_FUNCTION(returnType, name) returnType name + +#define CK_DECLARE_FUNCTION_POINTER(returnType, name) returnType(*name) + +#define CK_CALLBACK_FUNCTION(returnType, name) returnType(*name) + +// #pragma pack(1) +#else +#error "Unknown platform!" +#endif + +#define ulMaxSessionCount usMaxSessionCount +#define ulSessionCount usSessionCount +#define ulMaxRwSessionCount usMaxRwSessionCount +#define ulRwSessionCount usRwSessionCount +#define ulMaxPinLen usMaxPinLen +#define ulMinPinLen usMinPinLen +#define ulDeviceError usDeviceError +#define ulValueLen usValueLen +#define ulParameterLen usParameterLen +#define ulEffectiveBits usEffectiveBits +#define ulPasswordLen usPasswordLen +#define sLen ulSaltLen +#define ulSaltLen usSaltLen +#define ulIteration usIteration + +#define NULL_PTR 0 + +#define CK_PTR * + +#include "pkcs11.h" + +// Define same as ulong +typedef unsigned long int CK_USHORT; +typedef CK_USHORT CK_PTR CK_USHORT_PTR; + +#ifndef CK_MAKE_C_VERSION +#define CK_MAKE_C_VERSION(_major, _minor) (((_major) << 8) + (_minor)) +#endif + +#define C_VERSION \ + CK_MAKE_C_VERSION(CRYPTOKI_VERSION_MAJOR, \ + CRYPTOKI_VERSION_MINOR) /* v2.20 decimal */ +#define C_LIBRARY_VERSION 0x510 /* v5.10 decimal */ + +/* some special values for certain CK_ULONG variables */ +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0 + +#define CKU_CRYPTO_OFFICER CKU_USER +#define CKU_LIMITED_USER 0x80000001 +#define CKU_LIMITED_USER_OLD 0x8000001 +#define CKU_CRYPTO_USER CKU_LIMITED_USER +#define CKU_AUDIT 0x80000002 + +#define CKF_EXCLUSIVE_SESSION 0x0001 +#define CKF_EXCLUSIVE_EXISTS 0x0010 +#define CKF_SO_SESSION 0x8000 +#define CKF_AUDIT_SESSION 0x10000 + +#define CKA_START_DATE_OLD_XXX \ + 0x0083 // Kept temporarily for backward compatibility with Beta version. Use + // CKA_START_DATE +#define CKA_END_DATE_OLD_XXX \ + 0x0084 // Kept temporarily for backward compatibility with Beta version. Use + // CKA_END_DATE + +#define CKD_SHA224_KDF 0x00000005 +#define CKD_SHA224_KDF_OLD 0x80000003 +#define CKD_SHA256_KDF 0x00000006 +#define CKD_SHA256_KDF_OLD 0x80000004 +#define CKD_SHA384_KDF 0x00000007 +#define CKD_SHA384_KDF_OLD 0x80000005 +#define CKD_SHA512_KDF 0x00000008 +#define CKD_SHA512_KDF_OLD 0x80000006 +#define CKD_RIPEMD160_KDF 0x80000007 + +#define CKD_SHA1_NIST_KDF 0x00000012 +#define CKD_SHA224_NIST_KDF 0x80000013 +#define CKD_SHA256_NIST_KDF 0x80000014 +#define CKD_SHA384_NIST_KDF 0x80000015 +#define CKD_SHA512_NIST_KDF 0x80000016 +#define CKD_RIPEMD160_NIST_KDF 0x80000017 + +#define CKD_SHA1_SES_KDF 0x82000000 +#define CKD_SHA224_SES_KDF 0x83000000 +#define CKD_SHA256_SES_KDF 0x84000000 +#define CKD_SHA384_SES_KDF 0x85000000 +#define CKD_SHA512_SES_KDF 0x86000000 +#define CKD_RIPEMD160_SES_KDF 0x87000000 +#define CKD_SES_ENC_CTR 0x00000001 +#define CKD_SES_AUTH_CTR 0x00000002 +#define CKD_SES_ALT_ENC_CTR 0x00000003 +#define CKD_SES_ALT_AUTH_CTR 0x00000004 + +/* X9.42 Diffie-Hellman Key Derivation Functions */ +#define CKD_SHA1_KDF_ASN1 0x00000003 // not supported +#define CKD_SHA1_KDF_CONCATENATE 0x00000004 + +#define CKD_SHA1_KDF_CONCATENATE_X9_42 CKD_SHA1_KDF_CONCATENATE +#define CKD_SHA1_KDF_CONCATENATE_NIST 0x80000001 + +#define CKD_SHA1_KDF_ASN1_X9_42 CKD_SHA1_KDF_ASN1 // not supported +#define CKD_SHA1_KDF_ASN1_NIST 0x80000002 // not supported + +/* AES GCM */ +typedef struct CK_AES_GCM_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvBits; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; + CK_ULONG ulTagBits; +} CK_AES_GCM_PARAMS; + +typedef CK_AES_GCM_PARAMS CK_AES_GCM_PARAMS_PTR; + +// XOR data with KDF of base key and shared data encryption mechanism parameters +typedef struct CK_XOR_BASE_DATA_KDF_PARAMS { + CK_EC_KDF_TYPE kdf; // KDF to use + CK_ULONG ulSharedDataLen; // optional shared data to add to base key data + CK_BYTE_PTR pSharedData; +} CK_XOR_BASE_DATA_KDF_PARAMS; + +typedef CK_XOR_BASE_DATA_KDF_PARAMS CK_PTR CK_XOR_BASE_DATA_KDF_PARAMS_PTR; + +// CKK_VENDOR_DEFINED +#define CKK_KCDSA CKK_VENDOR_DEFINED + 0x10 +#define CKK_SEED CKK_VENDOR_DEFINED + 0x11 + +// CKA_VENDOR_DEFINED +#define CKA_CCM_PRIVATE (CKA_VENDOR_DEFINED | 0x0001) +#define CKA_FINGERPRINT_SHA1 (CKA_VENDOR_DEFINED | 0x0002) +#define CKA_PKC_TCTRUST (CKA_VENDOR_DEFINED | 0x0003) +#define CKA_PKC_CITS (CKA_VENDOR_DEFINED | 0x0004) +#define CKA_OUID (CKA_VENDOR_DEFINED | 0x0005) +#define CKA_X9_31_GENERATED (CKA_VENDOR_DEFINED | 0x0006) +#define CKA_PKC_ECC (CKA_VENDOR_DEFINED | 0x0007) +#define CKA_EKM_UID (CKA_VENDOR_DEFINED | 0x0008) +// These two match the ones already defined for PTK +#define CKA_USAGE_COUNT (CKA_VENDOR_DEFINED + 0x0101) +#define CKA_USAGE_LIMIT (CKA_VENDOR_DEFINED + 0x0200) +#define CKA_GENERIC_1 (CKA_VENDOR_DEFINED + 0x1000) +#define CKA_GENERIC_2 (CKA_VENDOR_DEFINED + 0x1001) +#define CKA_GENERIC_3 (CKA_VENDOR_DEFINED + 0x1002) + +// CKM_VENDOR_DEFINED + +#define CKM_VENDOR_DEFINED_OLD_XXX 0x00008000 +#define CKM_CAST_KEY_GEN_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 0 // Entrust added capabilities +#define CKM_CAST_ECB_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 1 // Entrust added capabilities +#define CKM_CAST_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 2 // Entrust added capabilities +#define CKM_CAST_MAC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 3 // Entrust added capabilities +#define CKM_CAST3_KEY_GEN_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 4 // Entrust added capabilities +#define CKM_CAST3_ECB_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 5 // Entrust added capabilities +#define CKM_CAST3_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 6 // Entrust added capabilities +#define CKM_CAST3_MAC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 7 // Entrust added capabilities +#define CKM_PBE_MD2_DES_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 8 // Password based encryption +#define CKM_PBE_MD5_DES_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 9 // Password based encryption +#define CKM_PBE_MD5_CAST_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 10 // Password based encryption +#define CKM_PBE_MD5_CAST3_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 11 // Password based encryption +#define CKM_CONCATENATE_BASE_AND_KEY_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 12 // SPKM & SLL added capabilities +#define CKM_CONCATENATE_KEY_AND_BASE_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 13 // SPKM & SLL added capabilities +#define CKM_CONCATENATE_BASE_AND_DATA_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 14 // SPKM & SLL added capabilities +#define CKM_CONCATENATE_DATA_AND_BASE_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 15 // SPKM & SLL added capabilities +#define CKM_XOR_BASE_AND_DATA_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 16 // SPKM & SLL added capabilities +#define CKM_EXTRACT_KEY_FROM_KEY_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 17 // SPKM & SLL added capabilities +#define CKM_MD5_KEY_DERIVATION_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 18 // SPKM & SLL added capabilities +#define CKM_MD2_KEY_DERIVATION_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 19 // SPKM & SLL added capabilities +#define CKM_SHA1_KEY_DERIVATION_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 20 // SPKM & SLL added capabilities +#define CKM_GENERIC_SECRET_KEY_GEN_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 21 // Generation of secret keys +#define CKM_CAST5_KEY_GEN_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 22 // Entrust added capabilities +#define CKM_CAST5_ECB_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 23 // Entrust added capabilities +#define CKM_CAST5_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 24 // Entrust added capabilities +#define CKM_CAST5_MAC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 25 // Entrust added capabilities +#define CKM_PBE_SHA1_CAST5_CBC_OLD_XXX \ + CKM_VENDOR_DEFINED_OLD_XXX + 26 // Entrust added capabilities +#define CKM_KEY_TRANSLATION \ + CKM_VENDOR_DEFINED_OLD_XXX + 27 // Entrust added capabilities +#define CKM_XOR_BASE_AND_KEY CKM_VENDOR_DEFINED + 27 + +#define CKM_2DES_KEY_DERIVATION \ + CKM_VENDOR_DEFINED_OLD_XXX + 28 // Custom Gemplus Capabilities + +#define CKM_INDIRECT_LOGIN_REENCRYPT \ + CKM_VENDOR_DEFINED_OLD_XXX + 29 // Used for indirect login + +// Old DES PBE Mechanism +#define CKM_PBE_SHA1_DES3_EDE_CBC_OLD CKM_VENDOR_DEFINED_OLD_XXX + 30 +#define CKM_PBE_SHA1_DES2_EDE_CBC_OLD CKM_VENDOR_DEFINED_OLD_XXX + 31 + +// Korean algorithms +#define CKM_HAS160 (CKM_VENDOR_DEFINED + 0x100) +#define CKM_KCDSA_KEY_PAIR_GEN (CKM_VENDOR_DEFINED + 0x101) +#define CKM_KCDSA_HAS160 (CKM_VENDOR_DEFINED + 0x102) +#define CKM_SEED_KEY_GEN (CKM_VENDOR_DEFINED + 0x103) +#define CKM_SEED_ECB (CKM_VENDOR_DEFINED + 0x104) +#define CKM_SEED_CBC (CKM_VENDOR_DEFINED + 0x105) +#define CKM_SEED_CBC_PAD (CKM_VENDOR_DEFINED + 0x106) +#define CKM_SEED_MAC (CKM_VENDOR_DEFINED + 0x107) +#define CKM_SEED_MAC_GENERAL (CKM_VENDOR_DEFINED + 0x108) +#define CKM_KCDSA_SHA1 (CKM_VENDOR_DEFINED + 0x109) +#define CKM_KCDSA_SHA224 (CKM_VENDOR_DEFINED + 0x10A) +#define CKM_KCDSA_SHA256 (CKM_VENDOR_DEFINED + 0x10B) +#define CKM_KCDSA_SHA384 (CKM_VENDOR_DEFINED + 0x10C) +#define CKM_KCDSA_SHA512 (CKM_VENDOR_DEFINED + 0x10D) +#define CKM_KCDSA_PARAMETER_GEN (CKM_VENDOR_DEFINED + 0x10F) + +// Defined prior PKCS#11. Must be redefined when PKCS#11 is updated +// Defined prior PKCS#11 and renamed to CKM_SHA224_xxx_OLD after PKCS#11 was +// updated +#define CKM_SHA224_RSA_PKCS_OLD (CKM_VENDOR_DEFINED + 0x110) +#define CKM_SHA224_RSA_PKCS_PSS_OLD (CKM_VENDOR_DEFINED + 0x111) +#define CKM_SHA224_OLD (CKM_VENDOR_DEFINED + 0x112) +#define CKM_SHA224_HMAC_OLD (CKM_VENDOR_DEFINED + 0x113) +#define CKM_SHA224_HMAC_GENERAL_OLD (CKM_VENDOR_DEFINED + 0x114) +#define CKM_SHA224_KEY_DERIVATION_OLD (CKM_VENDOR_DEFINED + 0x115) + +#define CKM_DES3_CTR (CKM_VENDOR_DEFINED + 0x116) +#define CKM_AES_CFB8 (CKM_VENDOR_DEFINED + 0x118) +#define CKM_AES_CFB128 (CKM_VENDOR_DEFINED + 0x119) +#define CKM_AES_OFB (CKM_VENDOR_DEFINED + 0x11a) +#define CKM_AES_GCM (CKM_VENDOR_DEFINED + 0x11c) +#define CKM_ARIA_CFB8 (CKM_VENDOR_DEFINED + 0x11d) +#define CKM_ARIA_CFB128 (CKM_VENDOR_DEFINED + 0x11e) +#define CKM_ARIA_OFB (CKM_VENDOR_DEFINED + 0x11f) +#define CKM_ARIA_CTR (CKM_VENDOR_DEFINED + 0x120) +#define CKM_ARIA_GCM (CKM_VENDOR_DEFINED + 0x121) + +#define CKM_ECDSA_SHA224 (CKM_VENDOR_DEFINED + 0x122) +#define CKM_ECDSA_SHA256 (CKM_VENDOR_DEFINED + 0x123) +#define CKM_ECDSA_SHA384 (CKM_VENDOR_DEFINED + 0x124) +#define CKM_ECDSA_SHA512 (CKM_VENDOR_DEFINED + 0x125) +#define CKM_AES_GMAC (CKM_VENDOR_DEFINED + 0x126) + +#define CKM_ARIA_CMAC (CKM_VENDOR_DEFINED + 0x128) +#define CKM_ARIA_CMAC_GENERAL (CKM_VENDOR_DEFINED + 0x129) +#define CKM_SEED_CMAC (CKM_VENDOR_DEFINED + 0x12c) +#define CKM_SEED_CMAC_GENERAL (CKM_VENDOR_DEFINED + 0x12d) + +#define CKM_DES3_CBC_PAD_IPSEC_OLD 0x00000137 +#define CKM_DES3_CBC_PAD_IPSEC (CKM_VENDOR_DEFINED + 0x12e) +#define CKM_AES_CBC_PAD_IPSEC_OLD 0x00001089 +#define CKM_AES_CBC_PAD_IPSEC (CKM_VENDOR_DEFINED + 0x12f) + +#define CKM_ARIA_L_ECB (CKM_VENDOR_DEFINED + 0x130) +#define CKM_ARIA_L_CBC (CKM_VENDOR_DEFINED + 0x131) +#define CKM_ARIA_L_CBC_PAD (CKM_VENDOR_DEFINED + 0x132) +#define CKM_ARIA_L_MAC (CKM_VENDOR_DEFINED + 0x133) +#define CKM_ARIA_L_MAC_GENERAL (CKM_VENDOR_DEFINED + 0x134) + +#define CKM_SHA224_RSA_X9_31 (CKM_VENDOR_DEFINED + 0x135) +#define CKM_SHA256_RSA_X9_31 (CKM_VENDOR_DEFINED + 0x136) +#define CKM_SHA384_RSA_X9_31 (CKM_VENDOR_DEFINED + 0x137) +#define CKM_SHA512_RSA_X9_31 (CKM_VENDOR_DEFINED + 0x138) + +#define CKM_SHA1_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x139) +#define CKM_SHA224_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x13a) +#define CKM_SHA256_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x13b) +#define CKM_SHA384_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x13c) +#define CKM_SHA512_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x13d) +#define CKM_RSA_X9_31_NON_FIPS (CKM_VENDOR_DEFINED + 0x13e) + +#define CKM_DSA_SHA224 \ + (CKM_VENDOR_DEFINED + 0x140) // DH -moved here to keep ECDSA SHA 2 same as FW4 +#define CKM_DSA_SHA256 (CKM_VENDOR_DEFINED + 0x141) + +#define CKM_RSA_FIPS_186_3_AUX_PRIME_KEY_PAIR_GEN (CKM_VENDOR_DEFINED + 0x142) +#define CKM_RSA_FIPS_186_3_PRIME_KEY_PAIR_GEN (CKM_VENDOR_DEFINED + 0x143) +#define CKM_SEED_CTR (CKM_VENDOR_DEFINED + 0x144) + +// SIM3 mechanisms +#define CKM_AES_CBC_PAD_EXTRACT (CKM_VENDOR_DEFINED + 0x200) +#define CKM_AES_CBC_PAD_INSERT (CKM_VENDOR_DEFINED + 0x201) +#define CKM_AES_CBC_PAD_EXTRACT_FLATTENED (CKM_VENDOR_DEFINED + 0x202) +#define CKM_AES_CBC_PAD_INSERT_FLATTENED (CKM_VENDOR_DEFINED + 0x203) + +// defined as CKM_DES3_DERIVE_ECB in Eracom PTKC +#define CKM_PLACE_HOLDER_FOR_ERACOME_DEF_IN_SHIM (CKM_VENDOR_DEFINED + 0x502) + +/*** EC IES mechanism (X9.63) */ +#define CKM_ECIES (CKM_VENDOR_DEFINED + 0xA00) +#define CKM_XOR_BASE_AND_DATA_W_KDF (CKM_VENDOR_DEFINED + 0xA01) + +#define CKM_NIST_PRF_KDF (CKM_VENDOR_DEFINED + 0xA02) +#define CKM_PRF_KDF (CKM_VENDOR_DEFINED + 0xA03) + +/** + * Mechanism parameters for CKM_ECIES. + */ +/** EC Diffie-Hellman (DH) primitive to use for shared secret derivation */ +typedef CK_ULONG CK_EC_DH_PRIMITIVE; + +/** EC DH primitives */ +#define CKDHP_STANDARD 0x00000001 +#define CKDHP_ECDH1_COFACTOR 0x00000001 +#define CKDHP_MODIFIED 0x00000002 /* Not implemented */ +#define CKDHP_ECDH1 0x00000003 + +/** Inner encryption scheme to use for ECIES */ +typedef CK_ULONG CK_EC_ENC_SCHEME; + +/** Inner encryption schemes */ +#define CKES_XOR 0x00000001 +#define CKES_DES3_CBC_PAD 0x00000002 +#define CKES_AES_CBC_PAD 0x00000003 +#define CKES_DES3_CBC 0x00000004 +#define CKES_AES_CBC 0x00000005 + +/** Message Authentication Code (MAC) scheme to use for ECIES */ +typedef CK_ULONG CK_EC_MAC_SCHEME; + +/** MAC schemes */ +#define CKMS_HMAC_SHA1 0x00000001 +#define CKMS_SHA1 0x00000002 +#define CKMS_HMAC_SHA224 0x00000003 +#define CKMS_SHA224 0x00000004 +#define CKMS_HMAC_SHA256 0x00000005 +#define CKMS_SHA256 0x00000006 +#define CKMS_HMAC_SHA384 0x00000007 +#define CKMS_SHA384 0x00000008 +#define CKMS_HMAC_SHA512 0x00000009 +#define CKMS_SHA512 0x0000000a +#define CKMS_HMAC_RIPEMD160 0x0000000b +#define CKMS_RIPEMD160 0x0000000c + +/** Mechanism parameter structure for ECIES */ +typedef struct CK_ECIES_PARAMS { + /** Diffie-Hellman primitive used to derive the shared secret value */ + CK_EC_DH_PRIMITIVE dhPrimitive; + + /** key derivation function used on the shared secret value */ + CK_EC_KDF_TYPE kdf; + + /** the length in bytes of the key derivation shared data */ + CK_ULONG ulSharedDataLen1; + + /** the key derivation padding data shared between the two parties */ + CK_BYTE_PTR pSharedData1; + + /** the encryption scheme used to transform the input data */ + CK_EC_ENC_SCHEME encScheme; + + /** the bit length of the key to use for the encryption scheme */ + CK_ULONG ulEncKeyLenInBits; + + /** the MAC scheme used for MAC generation or validation */ + CK_EC_MAC_SCHEME macScheme; + + /** the bit length of the key to use for the MAC scheme */ + CK_ULONG ulMacKeyLenInBits; + + /** the bit length of the MAC scheme output */ + CK_ULONG ulMacLenInBits; + + /** the length in bytes of the MAC shared data */ + CK_ULONG ulSharedDataLen2; + + /** the MAC padding data shared between the two parties */ + CK_BYTE_PTR pSharedData2; +} CK_ECIES_PARAMS; + +typedef CK_ECIES_PARAMS CK_PTR CK_ECIES_PARAMS_PTR; + +/* Parameter and values used with CKM_PRF_KDF and + * CKM_NIST_PRF_KDF. */ + +typedef CK_ULONG CK_KDF_PRF_TYPE; +typedef CK_ULONG CK_KDF_PRF_ENCODING_SCHEME; + +/** PRF KDF schemes */ +#define CK_NIST_PRF_KDF_DES3_CMAC 0x00000001 +#define CK_NIST_PRF_KDF_AES_CMAC 0x00000002 +#define CK_PRF_KDF_ARIA_CMAC 0x00000003 +#define CK_PRF_KDF_SEED_CMAC 0x00000004 + +#define LUNA_PRF_KDF_ENCODING_SCHEME_1 0x00000000 +#define LUNA_PRF_KDF_ENCODING_SCHEME_2 0x00000001 + +typedef struct CK_KDF_PRF_PARAMS { + CK_KDF_PRF_TYPE prfType; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLen; + CK_BYTE_PTR pContext; + CK_ULONG ulContextLen; + CK_ULONG ulCounter; + CK_KDF_PRF_ENCODING_SCHEME ulEncodingScheme; +} CK_PRF_KDF_PARAMS; + +typedef CK_PRF_KDF_PARAMS CK_PTR CK_KDF_PRF_PARAMS_PTR; + +/* +Additional CTR parameter structures based on CK_AES_CTR_PARAMS +PKCS has not defined these yet. +*/ +#ifndef CK_SEED_CTR_PARAMS +typedef CK_AES_CTR_PARAMS CK_SEED_CTR_PARAMS; +typedef CK_SEED_CTR_PARAMS CK_PTR CK_SEED_CTR_PARAMS_PTR; +#endif + +#ifndef CK_SEED_CTR_PARAMS +typedef CK_AES_CTR_PARAMS CK_ARIA_CTR_PARAMS; +typedef CK_ARIA_CTR_PARAMS CK_PTR CK_ARIA_CTR_PARAMS_PTR; +#endif + +#ifndef CK_DES_CTR_PARAMS +typedef struct CK_DES_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[8]; +} CK_DES_CTR_PARAMS; +typedef CK_DES_CTR_PARAMS CK_PTR CK_DES_CTR_PARAMS_PTR; +#endif + +/* +Additional GMAC parameter structures based on CK_AES_GCM_PARAMS +PKCS has not defined these yet. +*/ +#ifndef CK_AES_GMAC_PARAMS +typedef CK_AES_GCM_PARAMS CK_AES_GMAC_PARAMS; +typedef CK_AES_GMAC_PARAMS CK_PTR CK_AES_GMAC_PARAMS_PTR; +#endif + +#define CKR_INSERTION_CALLBACK_NOT_SUPPORTED 0x00000141 +#define CKR_FUNCTION_PARALLEL 0x0052 +#define CKR_SESSION_EXCLUSIVE_EXISTS 0x00B2 + +#define CKR_RC_ERROR (CKR_VENDOR_DEFINED + 0x04) +#define CKR_CONTAINER_HANDLE_INVALID (CKR_VENDOR_DEFINED + 0x05) +#define CKR_TOO_MANY_CONTAINERS (CKR_VENDOR_DEFINED + 0x06) +#define CKR_USER_LOCKED_OUT (CKR_VENDOR_DEFINED + 0x07) +#define CKR_CLONING_PARAMETER_ALREADY_EXISTS (CKR_VENDOR_DEFINED + 0x08) +#define CKR_CLONING_PARAMETER_MISSING (CKR_VENDOR_DEFINED + 0x09) +#define CKR_CERTIFICATE_DATA_MISSING (CKR_VENDOR_DEFINED + 0x0a) +#define CKR_CERTIFICATE_DATA_INVALID (CKR_VENDOR_DEFINED + 0x0b) +#define CKR_ACCEL_DEVICE_ERROR (CKR_VENDOR_DEFINED + 0x0c) +#define CKR_WRAPPING_ERROR (CKR_VENDOR_DEFINED + 0x0d) +#define CKR_UNWRAPPING_ERROR (CKR_VENDOR_DEFINED + 0x0e) +#define CKR_MAC_MISSING (CKR_VENDOR_DEFINED + 0x0f) +#define CKR_DAC_POLICY_PID_MISMATCH (CKR_VENDOR_DEFINED + 0x10) +#define CKR_DAC_MISSING (CKR_VENDOR_DEFINED + 0x11) +#define CKR_BAD_DAC (CKR_VENDOR_DEFINED + 0x12) +#define CKR_SSK_MISSING (CKR_VENDOR_DEFINED + 0x13) +#define CKR_BAD_MAC (CKR_VENDOR_DEFINED + 0x14) +#define CKR_DAK_MISSING (CKR_VENDOR_DEFINED + 0x15) +#define CKR_BAD_DAK (CKR_VENDOR_DEFINED + 0x16) +#define CKR_SIM_AUTHORIZATION_FAILED (CKR_VENDOR_DEFINED + 0x17) +#define CKR_SIM_VERSION_UNSUPPORTED (CKR_VENDOR_DEFINED + 0x18) +#define CKR_SIM_CORRUPT_DATA (CKR_VENDOR_DEFINED + 0x19) +#define CKR_USER_NOT_AUTHORIZED (CKR_VENDOR_DEFINED + 0x1a) +#define CKR_MAX_OBJECT_COUNT_EXCEEDED (CKR_VENDOR_DEFINED + 0x1b) +#define CKR_SO_LOGIN_FAILURE_THRESHOLD (CKR_VENDOR_DEFINED + 0x1c) +#define CKR_SIM_AUTHFORM_INVALID (CKR_VENDOR_DEFINED + 0x1d) +#define CKR_CITS_DAK_MISSING (CKR_VENDOR_DEFINED + 0x1e) +#define CKR_UNABLE_TO_CONNECT (CKR_VENDOR_DEFINED + 0x1f) +#define CKR_PARTITION_DISABLED (CKR_VENDOR_DEFINED + 0x20) +#define CKR_CALLBACK_ERROR (CKR_VENDOR_DEFINED + 0x21) +#define CKR_SECURITY_PARAMETER_MISSING (CKR_VENDOR_DEFINED + 0x22) +#define CKR_SP_TIMEOUT (CKR_VENDOR_DEFINED + 0x23) +#define CKR_TIMEOUT (CKR_VENDOR_DEFINED + 0x24) +#define CKR_ECC_UNKNOWN_CURVE (CKR_VENDOR_DEFINED + 0x25) +#define CKR_MTK_ZEROIZED (CKR_VENDOR_DEFINED + 0x26) +#define CKR_MTK_STATE_INVALID (CKR_VENDOR_DEFINED + 0x27) +#define CKR_INVALID_ENTRY_TYPE (CKR_VENDOR_DEFINED + 0x28) +#define CKR_MTK_SPLIT_INVALID (CKR_VENDOR_DEFINED + 0x29) +#define CKR_HSM_STORAGE_FULL (CKR_VENDOR_DEFINED + 0x2a) +#define CKR_DEVICE_TIMEOUT (CKR_VENDOR_DEFINED + 0x2b) +#define CKR_CONTAINER_OBJECT_STORAGE_FULL (CKR_VENDOR_DEFINED + 0x2C) +#define CKR_PED_CLIENT_NOT_RUNNING (CKR_VENDOR_DEFINED + 0x2D) +#define CKR_PED_UNPLUGGED (CKR_VENDOR_DEFINED + 0x2E) +#define CKR_ECC_POINT_INVALID (CKR_VENDOR_DEFINED + 0x2F) +#define CKR_OPERATION_NOT_ALLOWED (CKR_VENDOR_DEFINED + 0x30) +#define CKR_LICENSE_CAPACITY_EXCEEDED (CKR_VENDOR_DEFINED + 0x31) +#define CKR_LOG_FILE_NOT_OPEN (CKR_VENDOR_DEFINED + 0x32) +#define CKR_LOG_FILE_WRITE_ERROR (CKR_VENDOR_DEFINED + 0x33) +#define CKR_LOG_BAD_FILE_NAME (CKR_VENDOR_DEFINED + 0x34) +#define CKR_LOG_FULL (CKR_VENDOR_DEFINED + 0x35) +#define CKR_LOG_NO_KCV (CKR_VENDOR_DEFINED + 0x36) +#define CKR_LOG_BAD_RECORD_HMAC (CKR_VENDOR_DEFINED + 0x37) +#define CKR_LOG_BAD_TIME (CKR_VENDOR_DEFINED + 0x38) +#define CKR_LOG_AUDIT_NOT_INITIALIZED (CKR_VENDOR_DEFINED + 0x39) +#define CKR_LOG_RESYNC_NEEDED (CKR_VENDOR_DEFINED + 0x3A) +#define CKR_AUDIT_LOGIN_TIMEOUT_IN_PROGRESS (CKR_VENDOR_DEFINED + 0x3B) +#define CKR_AUDIT_LOGIN_FAILURE_THRESHOLD (CKR_VENDOR_DEFINED + 0x3C) +#define CKR_INVALID_FUF_TARGET (CKR_VENDOR_DEFINED + 0x3D) +#define CKR_INVALID_FUF_HEADER (CKR_VENDOR_DEFINED + 0x3E) +#define CKR_INVALID_FUF_VERSION (CKR_VENDOR_DEFINED + 0x3F) +#define CKR_ECC_ECC_RESULT_AT_INF (CKR_VENDOR_DEFINED + 0x40) + +// This matches the one already defined for the PTK +#define CKR_KEY_NOT_ACTIVE (CKR_VENDOR_DEFINED + 0x136) + +/****************************************************************************\ +* +* M of N +* +\****************************************************************************/ +typedef struct { + CK_ULONG ulWeight; + CK_BYTE_PTR pVector; + CK_ULONG ulVectorLen; +} CA_MOFN_GENERATION; +typedef CA_MOFN_GENERATION *CA_MOFN_GENERATION_PTR; + +typedef struct { + CK_BYTE_PTR pVector; + CK_ULONG ulVectorLen; +} CA_MOFN_ACTIVATION; +typedef CA_MOFN_ACTIVATION *CA_MOFN_ACTIVATION_PTR; + +typedef struct CA_M_OF_N_STATUS { + CK_ULONG ulID; + CK_ULONG ulM; + CK_ULONG ulN; + CK_ULONG ulSecretSize; + CK_ULONG ulFlag; // contains 3 bits: bActive, bGenerated, and bRequired, + // bMofNCloneable +} CA_MOFN_STATUS; +typedef CA_MOFN_STATUS *CA_MOFN_STATUS_PTR; + +#define CAF_M_OF_N_REQUIRED 0x00000001 +#define CAF_M_OF_N_ACTIVATED 0x00000002 +#define CAF_M_OF_N_GENERATED 0x00000004 +#define CAF_M_OF_N_CLONEABLE 0x00000008 + +/****************************************************************************\ +* +* Custom module loading and management +* +\****************************************************************************/ +typedef CK_ULONG CKCA_MODULE_ID; +typedef CKCA_MODULE_ID CK_POINTER CKCA_MODULE_ID_PTR; + +typedef struct CKCA_MODULE_INFO { + CK_ULONG ulModuleSize; + CK_CHAR developerName[32]; + CK_CHAR moduleDescription[32]; + CK_VERSION moduleVersion; +} CKCA_MODULE_INFO; +typedef CKCA_MODULE_INFO CK_POINTER CKCA_MODULE_INFO_PTR; + +#define CKCAO_Encrypt 0 +#define CKCAO_Decrypt 1 +#define CKCAO_Sign 2 +#define CKCAO_Verify 3 +#define CKCAO_Digest 4 + +/****************************************************************************\ +* +* SafeNet High Availability Status function +* +\****************************************************************************/ +// assume a client doesn't look at more than 32 Vipers +#define CK_HA_MAX_MEMBERS 32 + +typedef struct CK_HA_MEMBER { + CK_ULONG memberSerial; + CK_RV memberStatus; +} CK_HA_MEMBER; + +typedef struct CK_HA_STATUS { + CK_ULONG groupSerial; + CK_HA_MEMBER memberList[CK_HA_MAX_MEMBERS]; + CK_ULONG listSize; +} CK_HA_STATUS; + +typedef CK_HA_MEMBER CK_POINTER CK_HA_MEMBER_PTR; + +typedef CK_HA_STATUS CK_POINTER CK_HA_STATE_PTR; + +/****************************************************************************\ +* +* SafeNet Hardware Secured Certificate functions +* +\****************************************************************************/ + +#define CKHSC_CERT_TYPE_TCTRUST_MAC 0x00000001 +#define CKHSC_CERT_TYPE_TCTRUST_DAC 0x00000002 +#define CKHSC_CERT_TYPE_CITS_ROOT 0x00000003 +#define CKHSC_CERT_TYPE_CITS_MICHOC 0x00000004 +#define CKHSC_CERT_TYPE_CITS_DAC 0x00000005 + +#define CKHSC_CERT_TYPE_ECC_MIC 0x00000006 +#define CKHSC_CERT_TYPE_ECC_HOC 0x00000007 +#define CKHSC_CERT_TYPE_ECC_DAC 0x00000008 + +#define CKHSC_CERT_TYPE_TWC 0x00000009 +#define CKHSC_CERT_TYPE_TWC2 0x0000000A +#define CKHSC_CERT_TYPE_TWC3 0x0000000B + +typedef CK_ULONG CKA_SIM_AUTH_FORM; + +#define CKA_SIM_NO_AUTHORIZATION 0 // no authorization needed +#define CKA_SIM_PASSWORD 1 // plain-text passwords +#define CKA_SIM_CHALLENGE 2 // challenge secrets emitted through the secure port +#define CKA_SIM_SECURE_PORT 3 // PED keys + +// Portable SIM +#define CKA_SIM_PORTABLE_NO_AUTHORIZATION 4 // no authorization needed, portable +#define CKA_SIM_PORTABLE_PASSWORD 5 // plain-text passwords, portable +#define CKA_SIM_PORTABLE_CHALLENGE \ + 6 // challenge secrets emitted through the secure port, portable +#define CKA_SIM_PORTABLE_SECURE_PORT 7 // PED keys, portable + +////////////////////////////////////////////////////////////////////// +// SIM3 Mechanisms +// +// Note: These are defined in the standard cryptoki mechanism list, +// elsewhere in this file, they're copied here to ease their use +//////////////////////////////////////////////////////////////////////. + +// CKM_AES_CBC_PAD_EXTRACT (CKM_VENDOR_DEFINED + 0x200) +// CKM_AES_CBC_PAD_INSERT (CKM_VENDOR_DEFINED + 0x201) +// CKM_AES_CBC_PAD_EXTRACT_FLATTENED (CKM_VENDOR_DEFINED + 0x202) +// CKM_AES_CBC_PAD_INSERT_FLATTENED (CKM_VENDOR_DEFINED + 0x203) + +////////////////////////////////////////////////////////////////////// +// SIM3 Element types +////////////////////////////////////////////////////////////////////// + +#define CK_NULL_ELEMENT (-1) +#define CK_CRYPTOKI_ELEMENT 0x00000000 +#define CK_PARAM_ELEMENT 0x00000001 +#define CK_CONTAINER_ACTIVATION_ELEMENT 0x00000002 +#define CK_MOFN_ACTIVATION_ELEMENT 0x00000003 +#define CK_CONTAINER_ELEMENT 0x00000004 + +////////////////////////////////////////////////////////////////////// +// Various Cloning size definitions +////////////////////////////////////////////////////////////////////// +#define CK_CLONING_PART1_OVERHEAD 8192 +#define CK_CLONING_PART2_OVERHEAD 76 +#define CK_FLATTENED_OBJECT_OVERHEAD 3264 + +////////////////////////////////////////////////////////////////////// +// SIM3 Mechanism parameters +////////////////////////////////////////////////////////////////////// + +typedef struct CK_AES_CBC_PAD_EXTRACT_PARAMS { + CK_ULONG ulType; // in + CK_ULONG ulHandle; // in + CK_ULONG ulDeleteAfterExtract; // in + CK_BYTE_PTR pBuffer; // out + CK_ULONG_PTR pulBufferLen; // out + // Additional PED CF related parameters: + CK_ULONG ulStorage; // in: place of HSM object storage: HSM_T, HSM_PED_T, etc. + // See luna2if.h . + CK_ULONG pedId; // in: PED ID: 0 (local), 1, 2,... + CK_BYTE_PTR + pbFileName; // in: name of the file at ulStorage, where the object stored. +} CK_AES_CBC_PAD_EXTRACT_PARAMS; + +typedef CK_AES_CBC_PAD_EXTRACT_PARAMS CK_POINTER + CK_AES_CBC_PAD_EXTRACT_PARAMS_PTR; + +typedef struct CK_AES_CBC_PAD_INSERT_PARAMS { + CK_ULONG ulStorageType; // in + CK_ULONG ulContainerState; // in + CK_BYTE_PTR pBuffer; // in + CK_ULONG ulBufferLen; // in + CK_ULONG_PTR pulType; // out + CK_ULONG_PTR pulHandle; // out + // Additional PED CF related parameters: + CK_ULONG ulStorage; // in: place of HSM object storage: HSM_T, HSM_PED_T, etc. + // See luna2if.h . + CK_ULONG pedId; // in: PED ID: 0 (local), 1, 2,... + CK_BYTE_PTR + pbFileName; // in: name of the file at ulStorage, where the object stored. +} CK_AES_CBC_PAD_INSERT_PARAMS; + +typedef CK_AES_CBC_PAD_INSERT_PARAMS CK_POINTER + CK_AES_CBC_PAD_INSERT_PARAMS_PTR; + +////////////////////////////////////////////////////////////////////////////// +// SIM3: +// List of available storage location (tokens) for keeping extracted objects. +////////////////////////////////////////////////////////////////////////////// +#define CK_STORAGE_HOST 0x00000000 +#define CK_STORAGE_PED_USB_MEMORY 0x00000001 +#define CK_STORAGE_HSM_USB_MEMORY 0x00000002 + +/****************************************************************************\ +* * +* MTK management * +* * +\****************************************************************************/ +#define CK_MTK_STATE_FLAG_RESPLIT_ABORTED 0x00000001 +#define CK_MTK_STATE_FLAG_HARD_ZEROIZE 0x00000002 +#define CK_MTK_STATE_FLAG_SOFT_ZEROIZE 0x00000004 +#define CK_MTK_STATE_FLAG_LOCKED 0x00000008 + +/****************************************************************************************/ + +/****************************************************************************\ +* +* SafeNet Cluster functions +* +\****************************************************************************/ +#ifndef CK_MAX_CLUSTER_MEMBERS +#define CK_MAX_CLUSTER_MEMBERS 8 + +typedef struct CK_CLUSTER_STATE { + CK_BYTE bMembers[CK_MAX_CLUSTER_MEMBERS][32]; + CK_ULONG ulMemberStatus[CK_MAX_CLUSTER_MEMBERS]; +} CK_CLUSTER_STATE; + +typedef CK_CLUSTER_STATE CK_POINTER CK_CLUSTER_STATE_PTR; + +#endif + +/****************************************************************************\ +* +* SafeNet LKM definitions and functions +* +\****************************************************************************/ +#define AKEP2_XDH_SIZE 128 // size of LKM public key + +/* Maximum size of digest generated by AKEP2's hash algorithms */ +#define AKEP2_MAX_DIGEST_SIZE 32 + +/* Node ID size */ +#define AKEP2_NID_SIZE 20 + +typedef struct CK_LKM_TOKEN_ID_S { + CK_BYTE id[AKEP2_NID_SIZE]; +} CK_LKM_TOKEN_ID; + +typedef CK_LKM_TOKEN_ID CK_POINTER CK_LKM_TOKEN_ID_PTR; + +/****************************************************************************\ +* +* SafeNet PED ID constants +* +\****************************************************************************/ +#define CK_PED_ID_LOCAL 0x0000 + +#define CK_PED_ID_MAX 0xFFFE + +/****************************************************************************\ +* +* SafeNet Usage Counter definitions and functions +* +\****************************************************************************/ +#define CK_MODIFY_USAGE_COUNT_COMMAND_TYPE_INCREMENT 0x00000001 +#define CK_MODIFY_USAGE_COUNT_COMMAND_TYPE_SET 0x00000002 + +/****************************************************************************\ +* +* SafeNet function list for CA_ function pointers +* +\****************************************************************************/ + +/* CK_SFNT_CA_FUNCTION_LIST is a structure holding a Cryptoki spec + * version and pointers of appropriate types to all the + * Cryptoki functions */ +typedef struct CK_SFNT_CA_FUNCTION_LIST CK_SFNT_CA_FUNCTION_LIST; + +typedef CK_SFNT_CA_FUNCTION_LIST CK_PTR CK_SFNT_CA_FUNCTION_LIST_PTR; + +typedef CK_SFNT_CA_FUNCTION_LIST_PTR CK_PTR CK_SFNT_CA_FUNCTION_LIST_PTR_PTR; + +#include "sfnt_extensions.h" + +struct CK_SFNT_CA_FUNCTION_LIST { + + CK_VERSION version; /* Cryptoki version */ + + CK_CA_GetFunctionList CA_GetFunctionList; + CK_CA_WaitForSlotEvent CA_WaitForSlotEvent; + CK_CA_InitIndirectToken CA_InitIndirectToken; + CK_CA_InitIndirectPIN CA_InitIndirectPIN; + CK_CA_ResetPIN CA_ResetPIN; + CK_CA_CreateLoginChallenge CA_CreateLoginChallenge; + CK_CA_Deactivate CA_Deactivate; + CK_CA_OpenSession CA_OpenSession; + CK_CA_IndirectLogin CA_IndirectLogin; + CK_CA_InitializeRemotePEDVector CA_InitializeRemotePEDVector; + CK_CA_DeleteRemotePEDVector CA_DeleteRemotePEDVector; + CK_CA_GetRemotePEDVectorStatus CA_GetRemotePEDVectorStatus; + CK_CA_ConfigureRemotePED CA_ConfigureRemotePED; + CK_CA_DismantleRemotePED CA_DismantleRemotePED; + CK_CA_Restart CA_Restart; + CK_CA_RestartForContainer CA_RestartForContainer; + CK_CA_CloseApplicationID CA_CloseApplicationID; + CK_CA_CloseApplicationIDForContainer CA_CloseApplicationIDForContainer; + CK_CA_OpenApplicationID CA_OpenApplicationID; + CK_CA_OpenApplicationIDForContainer CA_OpenApplicationIDForContainer; + CK_CA_SetApplicationID CA_SetApplicationID; + CK_CA_ManualKCV CA_ManualKCV; + CK_CA_SetLKCV CA_SetLKCV; + CK_CA_SetKCV CA_SetKCV; + CK_CA_SetCloningDomain CA_SetCloningDomain; + CK_CA_ClonePrivateKey CA_ClonePrivateKey; + CK_CA_CloneObject CA_CloneObject; + CK_CA_GenerateCloningKEV CA_GenerateCloningKEV; + CK_CA_CloneAsTargetInit CA_CloneAsTargetInit; + CK_CA_CloneAsSource CA_CloneAsSource; + CK_CA_CloneAsTarget CA_CloneAsTarget; + CK_CA_SetMofN CA_SetMofN; + CK_CA_GenerateMofN CA_GenerateMofN; + CK_CA_GenerateCloneableMofN CA_GenerateCloneableMofN; + CK_CA_ModifyMofN CA_ModifyMofN; + CK_CA_CloneMofN CA_CloneMofN; + CK_CA_CloneModifyMofN CA_CloneModifyMofN; + CK_CA_ActivateMofN CA_ActivateMofN; + CK_CA_DeactivateMofN CA_DeactivateMofN; + CK_CA_GetMofNStatus CA_GetMofNStatus; + CK_CA_DuplicateMofN CA_DuplicateMofN; + CK_CA_IsMofNEnabled CA_IsMofNEnabled; + CK_CA_IsMofNRequired CA_IsMofNRequired; + CK_CA_GenerateTokenKeys CA_GenerateTokenKeys; + CK_CA_GetTokenCertificateInfo CA_GetTokenCertificateInfo; + CK_CA_SetTokenCertificateSignature CA_SetTokenCertificateSignature; + CK_CA_GetModuleList CA_GetModuleList; + CK_CA_GetModuleInfo CA_GetModuleInfo; + CK_CA_LoadModule CA_LoadModule; + CK_CA_LoadEncryptedModule CA_LoadEncryptedModule; + CK_CA_UnloadModule CA_UnloadModule; + CK_CA_PerformModuleCall CA_PerformModuleCall; + CK_C_PerformSelfTest C_PerformSelfTest; + CK_CA_FirmwareUpdate CA_FirmwareUpdate; + CK_CA_FirmwareRollback CA_FirmwareRollback; + CK_CA_CapabilityUpdate CA_CapabilityUpdate; + CK_CA_GetUserContainerNumber CA_GetUserContainerNumber; + CK_CA_GetUserContainerName CA_GetUserContainerName; + CK_CA_SetUserContainerName CA_SetUserContainerName; + CK_CA_GetTokenInsertionCount CA_GetTokenInsertionCount; + CK_CA_GetRollbackFirmwareVersion CA_GetRollbackFirmwareVersion; + CK_CA_GetFPV CA_GetFPV; + CK_CA_GetTPV CA_GetTPV; + CK_CA_GetExtendedTPV CA_GetExtendedTPV; + CK_CA_GetConfigurationElementDescription + CA_GetConfigurationElementDescription; + CK_CA_GetHSMCapabilitySet CA_GetHSMCapabilitySet; + CK_CA_GetHSMCapabilitySetting CA_GetHSMCapabilitySetting; + CK_CA_GetHSMPolicySet CA_GetHSMPolicySet; + CK_CA_GetHSMPolicySetting CA_GetHSMPolicySetting; + CK_CA_GetContainerCapabilitySet CA_GetContainerCapabilitySet; + CK_CA_GetContainerCapabilitySetting CA_GetContainerCapabilitySetting; + CK_CA_GetContainerPolicySet CA_GetContainerPolicySet; + CK_CA_GetContainerPolicySetting CA_GetContainerPolicySetting; + CK_CA_SetTPV CA_SetTPV; + CK_CA_SetExtendedTPV CA_SetExtendedTPV; + CK_CA_SetHSMPolicy CA_SetHSMPolicy; + CK_CA_SetHSMPolicies CA_SetHSMPolicies; + CK_CA_SetDestructiveHSMPolicy CA_SetDestructiveHSMPolicy; + CK_CA_SetDestructiveHSMPolicies CA_SetDestructiveHSMPolicies; + CK_CA_SetContainerPolicy CA_SetContainerPolicy; + CK_CA_SetContainerPolicies CA_SetContainerPolicies; + CK_CA_RetrieveLicenseList CA_RetrieveLicenseList; + CK_CA_QueryLicense CA_QueryLicense; + CK_CA_GetContainerStatus CA_GetContainerStatus; + CK_CA_GetSessionInfo CA_GetSessionInfo; + CK_CA_ReadCommonStore CA_ReadCommonStore; + CK_CA_WriteCommonStore CA_WriteCommonStore; + CK_CA_GetPrimarySlot CA_GetPrimarySlot; + CK_CA_GetSecondarySlot CA_GetSecondarySlot; + CK_CA_SwitchSecondarySlot CA_SwitchSecondarySlot; + CK_CA_CloseSecondarySession CA_CloseSecondarySession; + CK_CA_CloseAllSecondarySessions CA_CloseAllSecondarySessions; + CK_CA_ChoosePrimarySlot CA_ChoosePrimarySlot; + CK_CA_ChooseSecondarySlot CA_ChooseSecondarySlot; + CK_CA_CloneObjectToAllSessions CA_CloneObjectToAllSessions; + CK_CA_CloneAllObjectsToSession CA_CloneAllObjectsToSession; + CK_CA_ResetDevice CA_ResetDevice; + CK_CA_FactoryReset CA_FactoryReset; + CK_CA_SetPedId CA_SetPedId; + CK_CA_GetPedId CA_GetPedId; + CK_CA_SpRawRead CA_SpRawRead; + CK_CA_SpRawWrite CA_SpRawWrite; + CK_CA_CheckOperationState CA_CheckOperationState; + CK_CA_DestroyMultipleObjects CA_DestroyMultipleObjects; + CK_CA_HAInit CA_HAInit; + CK_CA_HAGetMasterPublic CA_HAGetMasterPublic; + CK_CA_HAGetLoginChallenge CA_HAGetLoginChallenge; + CK_CA_HAAnswerLoginChallenge CA_HAAnswerLoginChallenge; + CK_CA_HALogin CA_HALogin; + CK_CA_HAAnswerMofNChallenge CA_HAAnswerMofNChallenge; + CK_CA_HAActivateMofN CA_HAActivateMofN; + CK_CA_GetHAState CA_GetHAState; + CK_CA_GetTokenCertificates CA_GetTokenCertificates; + CK_CA_ExtractMaskedObject CA_ExtractMaskedObject; + CK_CA_InsertMaskedObject CA_InsertMaskedObject; + CK_CA_MultisignValue CA_MultisignValue; + CK_CA_SIMExtract CA_SIMExtract; + CK_CA_SIMInsert CA_SIMInsert; + CK_CA_SIMMultiSign CA_SIMMultiSign; + CK_CA_Extract CA_Extract; + CK_CA_Insert CA_Insert; + CK_CA_GetObjectUID CA_GetObjectUID; + CK_CA_GetObjectHandle CA_GetObjectHandle; + CK_CA_DeleteContainer CA_DeleteContainer; + CK_CA_MTKSetStorage CA_MTKSetStorage; + CK_CA_MTKRestore CA_MTKRestore; + CK_CA_MTKResplit CA_MTKResplit; + CK_CA_MTKZeroize CA_MTKZeroize; + CK_CA_MTKGetState CA_MTKGetState; + CK_CA_GetTSV CA_GetTSV; + CK_CA_InvokeServiceInit CA_InvokeServiceInit; + CK_CA_InvokeService CA_InvokeService; + CK_CA_InvokeServiceFinal CA_InvokeServiceFinal; + CK_CA_InvokeServiceAsynch CA_InvokeServiceAsynch; + CK_CA_InvokeServiceSinglePart CA_InvokeServiceSinglePart; + CK_CA_EncodeECPrimeParams CA_EncodeECPrimeParams; + CK_CA_EncodeECChar2Params CA_EncodeECChar2Params; + CK_CA_EncodeECParamsFromFile CA_EncodeECParamsFromFile; + CK_CA_GetHSMStorageInformation CA_GetHSMStorageInformation; + CK_CA_GetContainerStorageInformation CA_GetContainerStorageInformation; + CK_CA_SetContainerSize CA_SetContainerSize; + CK_CA_CreateContainer CA_CreateContainer; + CK_CA_DeleteContainerWithHandle CA_DeleteContainerWithHandle; + CK_CA_GetContainerList CA_GetContainerList; + CK_CA_GetContainerName CA_GetContainerName; + CK_CA_GetNumberOfAllowedContainers CA_GetNumberOfAllowedContainers; + CK_CA_GetTunnelSlotNumber CA_GetTunnelSlotNumber; + CK_CA_GetClusterState CA_GetClusterState; + CK_CA_LockClusteredSlot CA_LockClusteredSlot; + CK_CA_UnlockClusteredSlot CA_UnlockClusteredSlot; + CK_CA_LKMInitiatorChallenge CA_LKMInitiatorChallenge; + CK_CA_LKMReceiverResponse CA_LKMReceiverResponse; + CK_CA_LKMInitiatorComplete CA_LKMInitiatorComplete; + CK_CA_LKMReceiverComplete CA_LKMReceiverComplete; + CK_CA_ModifyUsageCount CA_ModifyUsageCount; + CK_CA_LogVerify CA_LogVerify; + CK_CA_LogVerifyFile CA_LogVerifyFile; + CK_CA_LogExternal CA_LogExternal; + CK_CA_LogImportSecret CA_LogImportSecret; + CK_CA_LogExportSecret CA_LogExportSecret; + CK_CA_LogSetConfig CA_LogSetConfig; + CK_CA_LogGetconfig CA_LogGetConfig; + CK_CA_LogEraseAll CA_LogEraseAll; + CK_CA_LogGetStatus CA_LogGetStatus; + CK_CA_InitAudit CA_InitAudit; + CK_CA_GetTime CA_GetTime; + CK_CA_TimeSync CA_TimeSync; +}; + +#if defined(VXD) +#pragma pack(pop) +#elif defined(OS_WIN32) +#pragma pack(pop, cryptoki) +#elif defined(OS_UNIX) || defined(OS_LINUX) +// #pragma pack +#else +#error "Unknown platform!" +#endif + +#ifdef __cplusplus +} +#endif + +#ifndef OS_HPUX +#pragma deprecated(CK_USHORT, CK_USHORT_PTR) +#endif // OS_HPUX + +#endif /* CRYPTOKI_H_ */ diff --git a/cryptoki-sys/vendor/thales-safenet/pkcs11.h b/cryptoki-sys/vendor/thales-safenet/pkcs11.h new file mode 100644 index 00000000..a2ef89d3 --- /dev/null +++ b/cryptoki-sys/vendor/thales-safenet/pkcs11.h @@ -0,0 +1,291 @@ +/* pkcs11.h include file for PKCS #11. */ +/* $Revision: 1.2 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface + * (Cryptoki)" in all material mentioning or referencing this software. + + * License is also granted to make and use derivative works provided that + * such works are identified as "derived from the RSA Security Inc. PKCS #11 + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * referencing the derived work. + + * RSA Security Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + */ + +#ifndef _PKCS11_H_ +#define _PKCS11_H_ 1 + +#ifdef __cplusplus +extern "C" { +#endif + +/* Before including this file (pkcs11.h) (or pkcs11t.h by + * itself), 6 platform-specific macros must be defined. These + * macros are described below, and typical definitions for them + * are also given. Be advised that these definitions can depend + * on both the platform and the compiler used (and possibly also + * on whether a Cryptoki library is linked statically or + * dynamically). + * + * In addition to defining these 6 macros, the packing convention + * for Cryptoki structures should be set. The Cryptoki + * convention on packing is that structures should be 1-byte + * aligned. + * + * If you're using Microsoft Developer Studio 5.0 to produce + * Win32 stuff, this might be done by using the following + * preprocessor directive before including pkcs11.h or pkcs11t.h: + * + * #pragma pack(push, cryptoki, 1) + * + * and using the following preprocessor directive after including + * pkcs11.h or pkcs11t.h: + * + * #pragma pack(pop, cryptoki) + * + * If you're using an earlier version of Microsoft Developer + * Studio to produce Win16 stuff, this might be done by using + * the following preprocessor directive before including + * pkcs11.h or pkcs11t.h: + * + * #pragma pack(1) + * + * In a UNIX environment, you're on your own for this. You might + * not need to do (or be able to do!) anything. + * + * + * Now for the macros: + * + * + * 1. CK_PTR: The indirection string for making a pointer to an + * object. It can be used like this: + * + * typedef CK_BYTE CK_PTR CK_BYTE_PTR; + * + * If you're using Microsoft Developer Studio 5.0 to produce + * Win32 stuff, it might be defined by: + * + * #define CK_PTR * + * + * If you're using an earlier version of Microsoft Developer + * Studio to produce Win16 stuff, it might be defined by: + * + * #define CK_PTR far * + * + * In a typical UNIX environment, it might be defined by: + * + * #define CK_PTR * + * + * + * 2. CK_DEFINE_FUNCTION(returnType, name): A macro which makes + * an exportable Cryptoki library function definition out of a + * return type and a function name. It should be used in the + * following fashion to define the exposed Cryptoki functions in + * a Cryptoki library: + * + * CK_DEFINE_FUNCTION(CK_RV, C_Initialize)( + * CK_VOID_PTR pReserved + * ) + * { + * ... + * } + * + * If you're using Microsoft Developer Studio 5.0 to define a + * function in a Win32 Cryptoki .dll, it might be defined by: + * + * #define CK_DEFINE_FUNCTION(returnType, name) \ + * returnType __declspec(dllexport) name + * + * If you're using an earlier version of Microsoft Developer + * Studio to define a function in a Win16 Cryptoki .dll, it + * might be defined by: + * + * #define CK_DEFINE_FUNCTION(returnType, name) \ + * returnType __export _far _pascal name + * + * In a UNIX environment, it might be defined by: + * + * #define CK_DEFINE_FUNCTION(returnType, name) \ + * returnType name + * + * + * 3. CK_DECLARE_FUNCTION(returnType, name): A macro which makes + * an importable Cryptoki library function declaration out of a + * return type and a function name. It should be used in the + * following fashion: + * + * extern CK_DECLARE_FUNCTION(CK_RV, C_Initialize)( + * CK_VOID_PTR pReserved + * ); + * + * If you're using Microsoft Developer Studio 5.0 to declare a + * function in a Win32 Cryptoki .dll, it might be defined by: + * + * #define CK_DECLARE_FUNCTION(returnType, name) \ + * returnType __declspec(dllimport) name + * + * If you're using an earlier version of Microsoft Developer + * Studio to declare a function in a Win16 Cryptoki .dll, it + * might be defined by: + * + * #define CK_DECLARE_FUNCTION(returnType, name) \ + * returnType __export _far _pascal name + * + * In a UNIX environment, it might be defined by: + * + * #define CK_DECLARE_FUNCTION(returnType, name) \ + * returnType name + * + * + * 4. CK_DECLARE_FUNCTION_POINTER(returnType, name): A macro + * which makes a Cryptoki API function pointer declaration or + * function pointer type declaration out of a return type and a + * function name. It should be used in the following fashion: + * + * // Define funcPtr to be a pointer to a Cryptoki API function + * // taking arguments args and returning CK_RV. + * CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtr)(args); + * + * or + * + * // Define funcPtrType to be the type of a pointer to a + * // Cryptoki API function taking arguments args and returning + * // CK_RV, and then define funcPtr to be a variable of type + * // funcPtrType. + * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); + * funcPtrType funcPtr; + * + * If you're using Microsoft Developer Studio 5.0 to access + * functions in a Win32 Cryptoki .dll, in might be defined by: + * + * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + * returnType __declspec(dllimport) (* name) + * + * If you're using an earlier version of Microsoft Developer + * Studio to access functions in a Win16 Cryptoki .dll, it might + * be defined by: + * + * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + * returnType __export _far _pascal (* name) + * + * In a UNIX environment, it might be defined by: + * + * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ + * returnType (* name) + * + * + * 5. CK_CALLBACK_FUNCTION(returnType, name): A macro which makes + * a function pointer type for an application callback out of + * a return type for the callback and a name for the callback. + * It should be used in the following fashion: + * + * CK_CALLBACK_FUNCTION(CK_RV, myCallback)(args); + * + * to declare a function pointer, myCallback, to a callback + * which takes arguments args and returns a CK_RV. It can also + * be used like this: + * + * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); + * myCallbackType myCallback; + * + * If you're using Microsoft Developer Studio 5.0 to do Win32 + * Cryptoki development, it might be defined by: + * + * #define CK_CALLBACK_FUNCTION(returnType, name) \ + * returnType (* name) + * + * If you're using an earlier version of Microsoft Developer + * Studio to do Win16 development, it might be defined by: + * + * #define CK_CALLBACK_FUNCTION(returnType, name) \ + * returnType _far _pascal (* name) + * + * In a UNIX environment, it might be defined by: + * + * #define CK_CALLBACK_FUNCTION(returnType, name) \ + * returnType (* name) + * + * + * 6. NULL_PTR: This macro is the value of a NULL pointer. + * + * In any ANSI/ISO C environment (and in many others as well), + * this should best be defined by + * + * #ifndef NULL_PTR + * #define NULL_PTR 0 + * #endif + */ + +/* All the various Cryptoki types and #define'd values are in the + * file pkcs11t.h. */ +#include "pkcs11t.h" + +#define __PASTE(x, y) x##y + +/* ============================================================== + * Define the "extern" form of all the entry points. + * ============================================================== + */ + +#define CK_NEED_ARG_LIST 1 +#define CK_PKCS11_FUNCTION_INFO(name) extern CK_DECLARE_FUNCTION(CK_RV, name) + +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. */ +#include "pkcs11f.h" + +#undef CK_NEED_ARG_LIST +#undef CK_PKCS11_FUNCTION_INFO + +/* ============================================================== + * Define the typedef form of all the entry points. That is, for + * each Cryptoki function C_XXX, define a type CK_C_XXX which is + * a pointer to that kind of function. + * ============================================================== + */ + +#define CK_NEED_ARG_LIST 1 +#define CK_PKCS11_FUNCTION_INFO(name) \ + typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, __PASTE(CK_, name)) + +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. */ +#include "pkcs11f.h" + +#undef CK_NEED_ARG_LIST +#undef CK_PKCS11_FUNCTION_INFO + +/* ============================================================== + * Define structed vector of entry points. A CK_FUNCTION_LIST + * contains a CK_VERSION indicating a library's Cryptoki version + * and then a whole slew of function pointers to the routines in + * the library. This type was declared, but not defined, in + * pkcs11t.h. + * ============================================================== + */ + +#define CK_PKCS11_FUNCTION_INFO(name) __PASTE(CK_, name) name; + +struct CK_FUNCTION_LIST { + + CK_VERSION version; /* Cryptoki version */ + +/* Pile all the function pointers into the CK_FUNCTION_LIST. */ +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. */ +#include "pkcs11f.h" +}; + +#undef CK_PKCS11_FUNCTION_INFO + +#undef __PASTE + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/cryptoki-sys/vendor/thales-safenet/pkcs11f.h b/cryptoki-sys/vendor/thales-safenet/pkcs11f.h new file mode 100644 index 00000000..46d2fb4a --- /dev/null +++ b/cryptoki-sys/vendor/thales-safenet/pkcs11f.h @@ -0,0 +1,765 @@ +/* pkcs11f.h include file for PKCS #11. */ +/* $Revision: 1.1 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface + * (Cryptoki)" in all material mentioning or referencing this software. + + * License is also granted to make and use derivative works provided that + * such works are identified as "derived from the RSA Security Inc. PKCS #11 + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * referencing the derived work. + + * RSA Security Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + */ + +/* This header file contains pretty much everything about all the */ +/* Cryptoki function prototypes. Because this information is */ +/* used for more than just declaring function prototypes, the */ +/* order of the functions appearing herein is important, and */ +/* should not be altered. */ + +/* General-purpose */ + +/* C_Initialize initializes the Cryptoki library. */ +CK_PKCS11_FUNCTION_INFO(C_Initialize) +#ifdef CK_NEED_ARG_LIST +(CK_VOID_PTR pInitArgs /* if this is not NULL_PTR, it gets + * cast to CK_C_INITIALIZE_ARGS_PTR + * and dereferenced */ +); +#endif + +/* C_Finalize indicates that an application is done with the + * Cryptoki library. */ +CK_PKCS11_FUNCTION_INFO(C_Finalize) +#ifdef CK_NEED_ARG_LIST +(CK_VOID_PTR pReserved /* reserved. Should be NULL_PTR */ +); +#endif + +/* C_GetInfo returns general information about Cryptoki. */ +CK_PKCS11_FUNCTION_INFO(C_GetInfo) +#ifdef CK_NEED_ARG_LIST +(CK_INFO_PTR pInfo /* location that receives information */ +); +#endif + +/* C_GetFunctionList returns the function list. */ +CK_PKCS11_FUNCTION_INFO(C_GetFunctionList) +#ifdef CK_NEED_ARG_LIST +(CK_FUNCTION_LIST_PTR_PTR ppFunctionList /* receives pointer to + * function list */ +); +#endif + +/* Slot and token management */ + +/* C_GetSlotList obtains a list of slots in the system. */ +CK_PKCS11_FUNCTION_INFO(C_GetSlotList) +#ifdef CK_NEED_ARG_LIST +(CK_BBOOL tokenPresent, /* only slots with tokens? */ + CK_SLOT_ID_PTR pSlotList, /* receives array of slot IDs */ + CK_ULONG_PTR pulCount /* receives number of slots */ +); +#endif + +/* C_GetSlotInfo obtains information about a particular slot in + * the system. */ +CK_PKCS11_FUNCTION_INFO(C_GetSlotInfo) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID, /* the ID of the slot */ + CK_SLOT_INFO_PTR pInfo /* receives the slot information */ +); +#endif + +/* C_GetTokenInfo obtains information about a particular token + * in the system. */ +CK_PKCS11_FUNCTION_INFO(C_GetTokenInfo) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_TOKEN_INFO_PTR pInfo /* receives the token information */ +); +#endif + +/* C_GetMechanismList obtains a list of mechanism types + * supported by a token. */ +CK_PKCS11_FUNCTION_INFO(C_GetMechanismList) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID, /* ID of token's slot */ + CK_MECHANISM_TYPE_PTR pMechanismList, /* gets mech. array */ + CK_ULONG_PTR pulCount /* gets # of mechs. */ +); +#endif + +/* C_GetMechanismInfo obtains information about a particular + * mechanism possibly supported by a token. */ +CK_PKCS11_FUNCTION_INFO(C_GetMechanismInfo) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_MECHANISM_TYPE type, /* type of mechanism */ + CK_MECHANISM_INFO_PTR pInfo /* receives mechanism info */ +); +#endif + +/* C_InitToken initializes a token. */ +CK_PKCS11_FUNCTION_INFO(C_InitToken) +#ifdef CK_NEED_ARG_LIST +/* pLabel changed from CK_CHAR_PTR to CK_UTF8CHAR_PTR for v2.10 */ +(CK_SLOT_ID slotID, /* ID of the token's slot */ + CK_UTF8CHAR_PTR pPin, /* the SO's initial PIN */ + CK_ULONG ulPinLen, /* length in bytes of the PIN */ + CK_UTF8CHAR_PTR pLabel /* 32-byte token label (blank padded) */ +); +#endif + +/* C_InitPIN initializes the normal user's PIN. */ +CK_PKCS11_FUNCTION_INFO(C_InitPIN) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_UTF8CHAR_PTR pPin, /* the normal user's PIN */ + CK_ULONG ulPinLen /* length in bytes of the PIN */ +); +#endif + +/* C_SetPIN modifies the PIN of the user who is logged in. */ +CK_PKCS11_FUNCTION_INFO(C_SetPIN) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_UTF8CHAR_PTR pOldPin, /* the old PIN */ + CK_ULONG ulOldLen, /* length of the old PIN */ + CK_UTF8CHAR_PTR pNewPin, /* the new PIN */ + CK_ULONG ulNewLen /* length of the new PIN */ +); +#endif + +/* Session management */ + +/* C_OpenSession opens a session between an application and a + * token. */ +CK_PKCS11_FUNCTION_INFO(C_OpenSession) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID, /* the slot's ID */ + CK_FLAGS flags, /* from CK_SESSION_INFO */ + CK_VOID_PTR pApplication, /* passed to callback */ + CK_NOTIFY Notify, /* callback function */ + CK_SESSION_HANDLE_PTR phSession /* gets session handle */ +); +#endif + +/* C_CloseSession closes a session between an application and a + * token. */ +CK_PKCS11_FUNCTION_INFO(C_CloseSession) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +/* C_CloseAllSessions closes all sessions with a token. */ +CK_PKCS11_FUNCTION_INFO(C_CloseAllSessions) +#ifdef CK_NEED_ARG_LIST +(CK_SLOT_ID slotID /* the token's slot */ +); +#endif + +/* C_GetSessionInfo obtains information about the session. */ +CK_PKCS11_FUNCTION_INFO(C_GetSessionInfo) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_SESSION_INFO_PTR pInfo /* receives session info */ +); +#endif + +/* C_GetOperationState obtains the state of the cryptographic operation + * in a session. */ +CK_PKCS11_FUNCTION_INFO(C_GetOperationState) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pOperationState, /* gets state */ + CK_ULONG_PTR pulOperationStateLen /* gets state length */ +); +#endif + +/* C_SetOperationState restores the state of the cryptographic + * operation in a session. */ +CK_PKCS11_FUNCTION_INFO(C_SetOperationState) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pOperationState, /* holds state */ + CK_ULONG ulOperationStateLen, /* holds state length */ + CK_OBJECT_HANDLE hEncryptionKey, /* en/decryption key */ + CK_OBJECT_HANDLE hAuthenticationKey /* sign/verify key */ +); +#endif + +/* C_Login logs a user into a token. */ +CK_PKCS11_FUNCTION_INFO(C_Login) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_USER_TYPE userType, /* the user type */ + CK_UTF8CHAR_PTR pPin, /* the user's PIN */ + CK_ULONG ulPinLen /* the length of the PIN */ +); +#endif + +/* C_Logout logs a user out from a token. */ +CK_PKCS11_FUNCTION_INFO(C_Logout) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +/* Object management */ + +/* C_CreateObject creates a new object. */ +CK_PKCS11_FUNCTION_INFO(C_CreateObject) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* the object's template */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phObject /* gets new object's handle. */ +); +#endif + +/* C_CopyObject copies an object, creating a new object for the + * copy. */ +CK_PKCS11_FUNCTION_INFO(C_CopyObject) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* template for new object */ + CK_ULONG ulCount, /* attributes in template */ + CK_OBJECT_HANDLE_PTR phNewObject /* receives handle of copy */ +); +#endif + +/* C_DestroyObject destroys an object. */ +CK_PKCS11_FUNCTION_INFO(C_DestroyObject) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject /* the object's handle */ +); +#endif + +/* C_GetObjectSize gets the size of an object in bytes. */ +CK_PKCS11_FUNCTION_INFO(C_GetObjectSize) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ULONG_PTR pulSize /* receives size of object */ +); +#endif + +/* C_GetAttributeValue obtains the value of one or more object + * attributes. */ +CK_PKCS11_FUNCTION_INFO(C_GetAttributeValue) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs; gets vals */ + CK_ULONG ulCount /* attributes in template */ +); +#endif + +/* C_SetAttributeValue modifies the value of one or more object + * attributes */ +CK_PKCS11_FUNCTION_INFO(C_SetAttributeValue) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hObject, /* the object's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* specifies attrs and values */ + CK_ULONG ulCount /* attributes in template */ +); +#endif + +/* C_FindObjectsInit initializes a search for token and session + * objects that match a template. */ +CK_PKCS11_FUNCTION_INFO(C_FindObjectsInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_ATTRIBUTE_PTR pTemplate, /* attribute values to match */ + CK_ULONG ulCount /* attrs in search template */ +); +#endif + +/* C_FindObjects continues a search for token and session + * objects that match a template, obtaining additional object + * handles. */ +CK_PKCS11_FUNCTION_INFO(C_FindObjects) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_OBJECT_HANDLE_PTR phObject, /* gets obj. handles */ + CK_ULONG ulMaxObjectCount, /* max handles to get */ + CK_ULONG_PTR pulObjectCount /* actual # returned */ +); +#endif + +/* C_FindObjectsFinal finishes a search for token and session + * objects. */ +CK_PKCS11_FUNCTION_INFO(C_FindObjectsFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +/* Encryption and decryption */ + +/* C_EncryptInit initializes an encryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_EncryptInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of encryption key */ +); +#endif + +/* C_Encrypt encrypts single-part data. */ +CK_PKCS11_FUNCTION_INFO(C_Encrypt) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pData, /* the plaintext data */ + CK_ULONG ulDataLen, /* bytes of plaintext */ + CK_BYTE_PTR pEncryptedData, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedDataLen /* gets c-text size */ +); +#endif + +/* C_EncryptUpdate continues a multiple-part encryption + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_EncryptUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext data len */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text size */ +); +#endif + +/* C_EncryptFinal finishes a multiple-part encryption + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_EncryptFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session handle */ + CK_BYTE_PTR pLastEncryptedPart, /* last c-text */ + CK_ULONG_PTR pulLastEncryptedPartLen /* gets last size */ +); +#endif + +/* C_DecryptInit initializes a decryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of decryption key */ +); +#endif + +/* C_Decrypt decrypts encrypted data in a single part. */ +CK_PKCS11_FUNCTION_INFO(C_Decrypt) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedData, /* ciphertext */ + CK_ULONG ulEncryptedDataLen, /* ciphertext length */ + CK_BYTE_PTR pData, /* gets plaintext */ + CK_ULONG_PTR pulDataLen /* gets p-text size */ +); +#endif + +/* C_DecryptUpdate continues a multiple-part decryption + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* encrypted data */ + CK_ULONG ulEncryptedPartLen, /* input length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* p-text size */ +); +#endif + +/* C_DecryptFinal finishes a multiple-part decryption + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pLastPart, /* gets plaintext */ + CK_ULONG_PTR pulLastPartLen /* p-text size */ +); +#endif + +/* Message digesting */ + +/* C_DigestInit initializes a message-digesting operation. */ +CK_PKCS11_FUNCTION_INFO(C_DigestInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism /* the digesting mechanism */ +); +#endif + +/* C_Digest digests data in a single part. */ +CK_PKCS11_FUNCTION_INFO(C_Digest) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* data to be digested */ + CK_ULONG ulDataLen, /* bytes of data to digest */ + CK_BYTE_PTR pDigest, /* gets the message digest */ + CK_ULONG_PTR pulDigestLen /* gets digest length */ +); +#endif + +/* C_DigestUpdate continues a multiple-part message-digesting + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_DigestUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* data to be digested */ + CK_ULONG ulPartLen /* bytes of data to be digested */ +); +#endif + +/* C_DigestKey continues a multi-part message-digesting + * operation, by digesting the value of a secret key as part of + * the data already digested. */ +CK_PKCS11_FUNCTION_INFO(C_DigestKey) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_OBJECT_HANDLE hKey /* secret key to digest */ +); +#endif + +/* C_DigestFinal finishes a multiple-part message-digesting + * operation. */ +CK_PKCS11_FUNCTION_INFO(C_DigestFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pDigest, /* gets the message digest */ + CK_ULONG_PTR pulDigestLen /* gets byte count of digest */ +); +#endif + +/* Signing and MACing */ + +/* C_SignInit initializes a signature (private key encryption) + * operation, where the signature is (will be) an appendix to + * the data, and plaintext cannot be recovered from the + *signature. */ +CK_PKCS11_FUNCTION_INFO(C_SignInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signature key */ +); +#endif + +/* C_Sign signs (encrypts with private key) data in a single + * part, where the signature is (will be) an appendix to the + * data, and plaintext cannot be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_Sign) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data to sign */ + CK_ULONG ulDataLen, /* count of bytes to sign */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +/* C_SignUpdate continues a multiple-part signature operation, + * where the signature is (will be) an appendix to the data, + * and plaintext cannot be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_SignUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* the data to sign */ + CK_ULONG ulPartLen /* count of bytes to sign */ +); +#endif + +/* C_SignFinal finishes a multiple-part signature operation, + * returning the signature. */ +CK_PKCS11_FUNCTION_INFO(C_SignFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +/* C_SignRecoverInit initializes a signature operation, where + * the data can be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_SignRecoverInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signature mechanism */ + CK_OBJECT_HANDLE hKey /* handle of the signature key */ +); +#endif + +/* C_SignRecover signs data in a single operation, where the + * data can be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_SignRecover) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* the data to sign */ + CK_ULONG ulDataLen, /* count of bytes to sign */ + CK_BYTE_PTR pSignature, /* gets the signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +/* Verifying signatures and MACs */ + +/* C_VerifyInit initializes a verification operation, where the + * signature is an appendix to the data, and plaintext cannot + * cannot be recovered from the signature (e.g. DSA). */ +CK_PKCS11_FUNCTION_INFO(C_VerifyInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey /* verification key */ +); +#endif + +/* C_Verify verifies a signature in a single-part operation, + * where the signature is an appendix to the data, and plaintext + * cannot be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_Verify) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pData, /* signed data */ + CK_ULONG ulDataLen, /* length of signed data */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length*/ +); +#endif + +/* C_VerifyUpdate continues a multiple-part verification + * operation, where the signature is an appendix to the data, + * and plaintext cannot be recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_VerifyUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pPart, /* signed data */ + CK_ULONG ulPartLen /* length of signed data */ +); +#endif + +/* C_VerifyFinal finishes a multiple-part verification + * operation, checking the signature. */ +CK_PKCS11_FUNCTION_INFO(C_VerifyFinal) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* signature to verify */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + +/* C_VerifyRecoverInit initializes a signature verification + * operation, where the data is recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_VerifyRecoverInit) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the verification mechanism */ + CK_OBJECT_HANDLE hKey /* verification key */ +); +#endif + +/* C_VerifyRecover verifies a signature in a single-part + * operation, where the data is recovered from the signature. */ +CK_PKCS11_FUNCTION_INFO(C_VerifyRecover) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSignature, /* signature to verify */ + CK_ULONG ulSignatureLen, /* signature length */ + CK_BYTE_PTR pData, /* gets signed data */ + CK_ULONG_PTR pulDataLen /* gets signed data len */ +); +#endif + +/* Dual-function cryptographic operations */ + +/* C_DigestEncryptUpdate continues a multiple-part digesting + * and encryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_DigestEncryptUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext length */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +); +#endif + +/* C_DecryptDigestUpdate continues a multiple-part decryption and + * digesting operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptDigestUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* ciphertext */ + CK_ULONG ulEncryptedPartLen, /* ciphertext length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* gets plaintext len */ +); +#endif + +/* C_SignEncryptUpdate continues a multiple-part signing and + * encryption operation. */ +CK_PKCS11_FUNCTION_INFO(C_SignEncryptUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pPart, /* the plaintext data */ + CK_ULONG ulPartLen, /* plaintext length */ + CK_BYTE_PTR pEncryptedPart, /* gets ciphertext */ + CK_ULONG_PTR pulEncryptedPartLen /* gets c-text length */ +); +#endif + +/* C_DecryptVerifyUpdate continues a multiple-part decryption and + * verify operation. */ +CK_PKCS11_FUNCTION_INFO(C_DecryptVerifyUpdate) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_BYTE_PTR pEncryptedPart, /* ciphertext */ + CK_ULONG ulEncryptedPartLen, /* ciphertext length */ + CK_BYTE_PTR pPart, /* gets plaintext */ + CK_ULONG_PTR pulPartLen /* gets p-text length */ +); +#endif + +/* Key management */ + +/* C_GenerateKey generates a secret key, creating a new key + * object. */ +CK_PKCS11_FUNCTION_INFO(C_GenerateKey) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* key generation mech. */ + CK_ATTRIBUTE_PTR pTemplate, /* template for new key */ + CK_ULONG ulCount, /* # of attrs in template */ + CK_OBJECT_HANDLE_PTR phKey /* gets handle of new key */ +); +#endif + +/* C_GenerateKeyPair generates a public-key/private-key pair, + * creating new key objects. */ +CK_PKCS11_FUNCTION_INFO(C_GenerateKeyPair) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session + * handle */ + CK_MECHANISM_PTR pMechanism, /* key-gen + * mech. */ + CK_ATTRIBUTE_PTR pPublicKeyTemplate, /* template + * for pub. + * key */ + CK_ULONG ulPublicKeyAttributeCount, /* # pub. + * attrs. */ + CK_ATTRIBUTE_PTR pPrivateKeyTemplate, /* template + * for priv. + * key */ + CK_ULONG ulPrivateKeyAttributeCount, /* # priv. + * attrs. */ + CK_OBJECT_HANDLE_PTR phPublicKey, /* gets pub. + * key + * handle */ + CK_OBJECT_HANDLE_PTR phPrivateKey /* gets + * priv. key + * handle */ +); +#endif + +/* C_WrapKey wraps (i.e., encrypts) a key. */ +CK_PKCS11_FUNCTION_INFO(C_WrapKey) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the wrapping mechanism */ + CK_OBJECT_HANDLE hWrappingKey, /* wrapping key */ + CK_OBJECT_HANDLE hKey, /* key to be wrapped */ + CK_BYTE_PTR pWrappedKey, /* gets wrapped key */ + CK_ULONG_PTR pulWrappedKeyLen /* gets wrapped key size */ +); +#endif + +/* C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new + * key object. */ +CK_PKCS11_FUNCTION_INFO(C_UnwrapKey) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_MECHANISM_PTR pMechanism, /* unwrapping mech. */ + CK_OBJECT_HANDLE hUnwrappingKey, /* unwrapping key */ + CK_BYTE_PTR pWrappedKey, /* the wrapped key */ + CK_ULONG ulWrappedKeyLen, /* wrapped key len */ + CK_ATTRIBUTE_PTR pTemplate, /* new key template */ + CK_ULONG ulAttributeCount, /* template length */ + CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +); +#endif + +/* C_DeriveKey derives a key from a base key, creating a new key + * object. */ +CK_PKCS11_FUNCTION_INFO(C_DeriveKey) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* session's handle */ + CK_MECHANISM_PTR pMechanism, /* key deriv. mech. */ + CK_OBJECT_HANDLE hBaseKey, /* base key */ + CK_ATTRIBUTE_PTR pTemplate, /* new key template */ + CK_ULONG ulAttributeCount, /* template length */ + CK_OBJECT_HANDLE_PTR phKey /* gets new handle */ +); +#endif + +/* Random number generation */ + +/* C_SeedRandom mixes additional seed material into the token's + * random number generator. */ +CK_PKCS11_FUNCTION_INFO(C_SeedRandom) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR pSeed, /* the seed material */ + CK_ULONG ulSeedLen /* length of seed material */ +); +#endif + +/* C_GenerateRandom generates random data. */ +CK_PKCS11_FUNCTION_INFO(C_GenerateRandom) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_BYTE_PTR RandomData, /* receives the random data */ + CK_ULONG ulRandomLen /* # of bytes to generate */ +); +#endif + +/* Parallel function management */ + +/* C_GetFunctionStatus is a legacy function; it obtains an + * updated status of a function running in parallel with an + * application. */ +CK_PKCS11_FUNCTION_INFO(C_GetFunctionStatus) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +/* C_CancelFunction is a legacy function; it cancels a function + * running in parallel. */ +CK_PKCS11_FUNCTION_INFO(C_CancelFunction) +#ifdef CK_NEED_ARG_LIST +(CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +/* Functions added in for Cryptoki Version 2.01 or later */ + +/* C_WaitForSlotEvent waits for a slot event (token insertion, + * removal, etc.) to occur. */ +CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) +#ifdef CK_NEED_ARG_LIST +(CK_FLAGS flags, /* blocking/nonblocking flag */ + CK_SLOT_ID_PTR pSlot, /* location that receives the slot ID */ + CK_VOID_PTR pRserved /* reserved. Should be NULL_PTR */ +); +#endif diff --git a/cryptoki-sys/vendor/thales-safenet/pkcs11t.h b/cryptoki-sys/vendor/thales-safenet/pkcs11t.h new file mode 100644 index 00000000..c629aaba --- /dev/null +++ b/cryptoki-sys/vendor/thales-safenet/pkcs11t.h @@ -0,0 +1,1846 @@ +/* pkcs11t.h include file for PKCS #11. */ +/* $Revision: 1.3 $ */ + +/* License to copy and use this software is granted provided that it is + * identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface + * (Cryptoki)" in all material mentioning or referencing this software. + + * License is also granted to make and use derivative works provided that + * such works are identified as "derived from the RSA Security Inc. PKCS #11 + * Cryptographic Token Interface (Cryptoki)" in all material mentioning or + * referencing the derived work. + + * RSA Security Inc. makes no representations concerning either the + * merchantability of this software or the suitability of this software for + * any particular purpose. It is provided "as is" without express or implied + * warranty of any kind. + */ + +/* See top of pkcs11.h for information about the macros that + * must be defined and the structure-packing conventions that + * must be set before including this file. */ + +#ifndef _PKCS11T_H_ +#define _PKCS11T_H_ 1 + +#define CRYPTOKI_VERSION_MAJOR 2 +#define CRYPTOKI_VERSION_MINOR 20 +#define CRYPTOKI_VERSION_AMENDMENT 3 + +#define CK_TRUE 1 +#define CK_FALSE 0 + +#ifndef CK_DISABLE_TRUE_FALSE +#ifndef FALSE +#define FALSE CK_FALSE +#endif + +#ifndef TRUE +#define TRUE CK_TRUE +#endif +#endif + +/* an unsigned 8-bit value */ +typedef unsigned char CK_BYTE; + +/* an unsigned 8-bit character */ +typedef CK_BYTE CK_CHAR; + +/* an 8-bit UTF-8 character */ +typedef CK_BYTE CK_UTF8CHAR; + +/* a BYTE-sized Boolean flag */ +typedef CK_BYTE CK_BBOOL; + +/* an unsigned value, at least 32 bits long */ +typedef unsigned long int CK_ULONG; + +/* a signed value, the same size as a CK_ULONG */ +/* CK_LONG is new for v2.0 */ +typedef long int CK_LONG; + +/* at least 32 bits; each bit is a Boolean flag */ +typedef CK_ULONG CK_FLAGS; + +/* some special values for certain CK_ULONG variables */ +#define CK_UNAVAILABLE_INFORMATION (~0UL) +#define CK_EFFECTIVELY_INFINITE 0 + +typedef CK_BYTE CK_PTR CK_BYTE_PTR; +typedef CK_CHAR CK_PTR CK_CHAR_PTR; +typedef CK_UTF8CHAR CK_PTR CK_UTF8CHAR_PTR; +typedef CK_ULONG CK_PTR CK_ULONG_PTR; +typedef void CK_PTR CK_VOID_PTR; + +/* Pointer to a CK_VOID_PTR-- i.e., pointer to pointer to void */ +typedef CK_VOID_PTR CK_PTR CK_VOID_PTR_PTR; + +/* The following value is always invalid if used as a session */ +/* handle or object handle */ +#define CK_INVALID_HANDLE 0 + +typedef struct CK_VERSION { + CK_BYTE major; /* integer portion of version number */ + CK_BYTE minor; /* 1/100ths portion of version number */ +} CK_VERSION; + +typedef CK_VERSION CK_PTR CK_VERSION_PTR; + +typedef struct CK_INFO { + /* manufacturerID and libraryDecription have been changed from + * CK_CHAR to CK_UTF8CHAR for v2.10 */ + CK_VERSION cryptokiVersion; /* Cryptoki interface ver */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_FLAGS flags; /* must be zero */ + + /* libraryDescription and libraryVersion are new for v2.0 */ + CK_UTF8CHAR libraryDescription[32]; /* blank padded */ + CK_VERSION libraryVersion; /* version of library */ +} CK_INFO; + +typedef CK_INFO CK_PTR CK_INFO_PTR; + +/* CK_NOTIFICATION enumerates the types of notifications that + * Cryptoki provides to an application */ +/* CK_NOTIFICATION has been changed from an enum to a CK_ULONG + * for v2.0 */ +typedef CK_ULONG CK_NOTIFICATION; +#define CKN_SURRENDER 0 + +/* The following notification is new for PKCS #11 v2.20 amendment 3 */ +#define CKN_OTP_CHANGED 1 + +typedef CK_ULONG CK_SLOT_ID; + +typedef CK_SLOT_ID CK_PTR CK_SLOT_ID_PTR; + +/* CK_SLOT_INFO provides information about a slot */ +typedef struct CK_SLOT_INFO { + /* slotDescription and manufacturerID have been changed from + * CK_CHAR to CK_UTF8CHAR for v2.10 */ + CK_UTF8CHAR slotDescription[64]; /* blank padded */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_FLAGS flags; + + /* hardwareVersion and firmwareVersion are new for v2.0 */ + CK_VERSION hardwareVersion; /* version of hardware */ + CK_VERSION firmwareVersion; /* version of firmware */ +} CK_SLOT_INFO; + +/* flags: bit flags that provide capabilities of the slot + * Bit Flag Mask Meaning + */ +#define CKF_TOKEN_PRESENT 0x00000001 /* a token is there */ +#define CKF_REMOVABLE_DEVICE 0x00000002 /* removable devices*/ +#define CKF_HW_SLOT 0x00000004 /* hardware slot */ + +typedef CK_SLOT_INFO CK_PTR CK_SLOT_INFO_PTR; + +/* CK_TOKEN_INFO provides information about a token */ +typedef struct CK_TOKEN_INFO { + /* label, manufacturerID, and model have been changed from + * CK_CHAR to CK_UTF8CHAR for v2.10 */ + CK_UTF8CHAR label[32]; /* blank padded */ + CK_UTF8CHAR manufacturerID[32]; /* blank padded */ + CK_UTF8CHAR model[16]; /* blank padded */ + CK_CHAR serialNumber[16]; /* blank padded */ + CK_FLAGS flags; /* see below */ + + /* ulMaxSessionCount, ulSessionCount, ulMaxRwSessionCount, + * ulRwSessionCount, ulMaxPinLen, and ulMinPinLen have all been + * changed from CK_USHORT to CK_ULONG for v2.0 */ + CK_ULONG ulMaxSessionCount; /* max open sessions */ + CK_ULONG ulSessionCount; /* sess. now open */ + CK_ULONG ulMaxRwSessionCount; /* max R/W sessions */ + CK_ULONG ulRwSessionCount; /* R/W sess. now open */ + CK_ULONG ulMaxPinLen; /* in bytes */ + CK_ULONG ulMinPinLen; /* in bytes */ + CK_ULONG ulTotalPublicMemory; /* in bytes */ + CK_ULONG ulFreePublicMemory; /* in bytes */ + CK_ULONG ulTotalPrivateMemory; /* in bytes */ + CK_ULONG ulFreePrivateMemory; /* in bytes */ + + /* hardwareVersion, firmwareVersion, and time are new for + * v2.0 */ + CK_VERSION hardwareVersion; /* version of hardware */ + CK_VERSION firmwareVersion; /* version of firmware */ + CK_CHAR utcTime[16]; /* time */ +} CK_TOKEN_INFO; + +/* The flags parameter is defined as follows: + * Bit Flag Mask Meaning + */ +#define CKF_RNG \ + 0x00000001 /* has random # \ + * generator */ +#define CKF_WRITE_PROTECTED \ + 0x00000002 /* token is \ + * write- \ + * protected */ +#define CKF_LOGIN_REQUIRED \ + 0x00000004 /* user must \ + * login */ +#define CKF_USER_PIN_INITIALIZED \ + 0x00000008 /* normal user's \ + * PIN is set */ + +/* CKF_RESTORE_KEY_NOT_NEEDED is new for v2.0. If it is set, + * that means that *every* time the state of cryptographic + * operations of a session is successfully saved, all keys + * needed to continue those operations are stored in the state */ +#define CKF_RESTORE_KEY_NOT_NEEDED 0x00000020 + +/* CKF_CLOCK_ON_TOKEN is new for v2.0. If it is set, that means + * that the token has some sort of clock. The time on that + * clock is returned in the token info structure */ +#define CKF_CLOCK_ON_TOKEN 0x00000040 + +/* CKF_PROTECTED_AUTHENTICATION_PATH is new for v2.0. If it is + * set, that means that there is some way for the user to login + * without sending a PIN through the Cryptoki library itself */ +#define CKF_PROTECTED_AUTHENTICATION_PATH 0x00000100 + +/* CKF_DUAL_CRYPTO_OPERATIONS is new for v2.0. If it is true, + * that means that a single session with the token can perform + * dual simultaneous cryptographic operations (digest and + * encrypt; decrypt and digest; sign and encrypt; and decrypt + * and sign) */ +#define CKF_DUAL_CRYPTO_OPERATIONS 0x00000200 + +/* CKF_TOKEN_INITIALIZED if new for v2.10. If it is true, the + * token has been initialized using C_InitializeToken or an + * equivalent mechanism outside the scope of PKCS #11. + * Calling C_InitializeToken when this flag is set will cause + * the token to be reinitialized. */ +#define CKF_TOKEN_INITIALIZED 0x00000400 + +/* CKF_SECONDARY_AUTHENTICATION if new for v2.10. If it is + * true, the token supports secondary authentication for + * private key objects. This flag is deprecated in v2.11 and + onwards. */ +#define CKF_SECONDARY_AUTHENTICATION 0x00000800 + +/* CKF_USER_PIN_COUNT_LOW if new for v2.10. If it is true, an + * incorrect user login PIN has been entered at least once + * since the last successful authentication. */ +#define CKF_USER_PIN_COUNT_LOW 0x00010000 + +/* CKF_USER_PIN_FINAL_TRY if new for v2.10. If it is true, + * supplying an incorrect user PIN will it to become locked. */ +#define CKF_USER_PIN_FINAL_TRY 0x00020000 + +/* CKF_USER_PIN_LOCKED if new for v2.10. If it is true, the + * user PIN has been locked. User login to the token is not + * possible. */ +#define CKF_USER_PIN_LOCKED 0x00040000 + +/* CKF_USER_PIN_TO_BE_CHANGED if new for v2.10. If it is true, + * the user PIN value is the default value set by token + * initialization or manufacturing, or the PIN has been + * expired by the card. */ +#define CKF_USER_PIN_TO_BE_CHANGED 0x00080000 + +/* CKF_SO_PIN_COUNT_LOW if new for v2.10. If it is true, an + * incorrect SO login PIN has been entered at least once since + * the last successful authentication. */ +#define CKF_SO_PIN_COUNT_LOW 0x00100000 + +/* CKF_SO_PIN_FINAL_TRY if new for v2.10. If it is true, + * supplying an incorrect SO PIN will it to become locked. */ +#define CKF_SO_PIN_FINAL_TRY 0x00200000 + +/* CKF_SO_PIN_LOCKED if new for v2.10. If it is true, the SO + * PIN has been locked. SO login to the token is not possible. + */ +#define CKF_SO_PIN_LOCKED 0x00400000 + +/* CKF_SO_PIN_TO_BE_CHANGED if new for v2.10. If it is true, + * the SO PIN value is the default value set by token + * initialization or manufacturing, or the PIN has been + * expired by the card. */ +#define CKF_SO_PIN_TO_BE_CHANGED 0x00800000 + +typedef CK_TOKEN_INFO CK_PTR CK_TOKEN_INFO_PTR; + +/* CK_SESSION_HANDLE is a Cryptoki-assigned value that + * identifies a session */ +typedef CK_ULONG CK_SESSION_HANDLE; + +typedef CK_SESSION_HANDLE CK_PTR CK_SESSION_HANDLE_PTR; + +/* CK_USER_TYPE enumerates the types of Cryptoki users */ +/* CK_USER_TYPE has been changed from an enum to a CK_ULONG for + * v2.0 */ +typedef CK_ULONG CK_USER_TYPE; +/* Security Officer */ +#define CKU_SO 0 +/* Normal user */ +#define CKU_USER 1 +/* Context specific (added in v2.20) */ +#define CKU_CONTEXT_SPECIFIC 2 + +/* CK_STATE enumerates the session states */ +/* CK_STATE has been changed from an enum to a CK_ULONG for + * v2.0 */ +typedef CK_ULONG CK_STATE; +#define CKS_RO_PUBLIC_SESSION 0 +#define CKS_RO_USER_FUNCTIONS 1 +#define CKS_RW_PUBLIC_SESSION 2 +#define CKS_RW_USER_FUNCTIONS 3 +#define CKS_RW_SO_FUNCTIONS 4 +#define CKS_RW_AUDIT_FUNCTIONS CKS_RW_SO_FUNCTIONS + +/* CK_SESSION_INFO provides information about a session */ +typedef struct CK_SESSION_INFO { + CK_SLOT_ID slotID; + CK_STATE state; + CK_FLAGS flags; /* see below */ + + /* ulDeviceError was changed from CK_USHORT to CK_ULONG for + * v2.0 */ + CK_ULONG ulDeviceError; /* device-dependent error code */ +} CK_SESSION_INFO; + +/* The flags are defined in the following table: + * Bit Flag Mask Meaning + */ +#define CKF_RW_SESSION 0x00000002 /* session is r/w */ +#define CKF_SERIAL_SESSION 0x00000004 /* no parallel */ + +typedef CK_SESSION_INFO CK_PTR CK_SESSION_INFO_PTR; + +/* CK_OBJECT_HANDLE is a token-specific identifier for an + * object */ +typedef CK_ULONG CK_OBJECT_HANDLE; + +typedef CK_OBJECT_HANDLE CK_PTR CK_OBJECT_HANDLE_PTR; + +/* CK_OBJECT_CLASS is a value that identifies the classes (or + * types) of objects that Cryptoki recognizes. It is defined + * as follows: */ +/* CK_OBJECT_CLASS was changed from CK_USHORT to CK_ULONG for + * v2.0 */ +typedef CK_ULONG CK_OBJECT_CLASS; + +/* The following classes of objects are defined: */ +/* CKO_HW_FEATURE is new for v2.10 */ +/* CKO_DOMAIN_PARAMETERS is new for v2.11 */ +/* CKO_MECHANISM is new for v2.20 */ +#define CKO_DATA 0x00000000 +#define CKO_CERTIFICATE 0x00000001 +#define CKO_PUBLIC_KEY 0x00000002 +#define CKO_PRIVATE_KEY 0x00000003 +#define CKO_SECRET_KEY 0x00000004 +#define CKO_HW_FEATURE 0x00000005 +#define CKO_DOMAIN_PARAMETERS 0x00000006 +#define CKO_MECHANISM 0x00000007 + +/* CKO_OTP_KEY is new for PKCS #11 v2.20 amendment 1 */ +#define CKO_OTP_KEY 0x00000008 + +#define CKO_VENDOR_DEFINED 0x80000000 + +typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; + +/* CK_HW_FEATURE_TYPE is new for v2.10. CK_HW_FEATURE_TYPE is a + * value that identifies the hardware feature type of an object + * with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ +typedef CK_ULONG CK_HW_FEATURE_TYPE; + +/* The following hardware feature types are defined */ +/* CKH_USER_INTERFACE is new for v2.20 */ +#define CKH_MONOTONIC_COUNTER 0x00000001 +#define CKH_CLOCK 0x00000002 +#define CKH_USER_INTERFACE 0x00000003 +#define CKH_VENDOR_DEFINED 0x80000000 + +/* CK_KEY_TYPE is a value that identifies a key type */ +/* CK_KEY_TYPE was changed from CK_USHORT to CK_ULONG for v2.0 */ +typedef CK_ULONG CK_KEY_TYPE; + +/* the following key types are defined: */ +#define CKK_RSA 0x00000000 +#define CKK_DSA 0x00000001 +#define CKK_DH 0x00000002 + +/* CKK_ECDSA and CKK_KEA are new for v2.0 */ +/* CKK_ECDSA is deprecated in v2.11, CKK_EC is preferred. */ +#define CKK_ECDSA 0x00000003 +#define CKK_EC 0x00000003 +#define CKK_X9_42_DH 0x00000004 +#define CKK_KEA 0x00000005 + +#define CKK_GENERIC_SECRET 0x00000010 +#define CKK_RC2 0x00000011 +#define CKK_RC4 0x00000012 +#define CKK_DES 0x00000013 +#define CKK_DES2 0x00000014 +#define CKK_DES3 0x00000015 + +/* all these key types are new for v2.0 */ +#define CKK_CAST 0x00000016 +#define CKK_CAST3 0x00000017 +/* CKK_CAST5 is deprecated in v2.11, CKK_CAST128 is preferred. */ +#define CKK_CAST5 0x00000018 +#define CKK_CAST128 0x00000018 +#define CKK_RC5 0x00000019 +#define CKK_IDEA 0x0000001A +#define CKK_SKIPJACK 0x0000001B +#define CKK_BATON 0x0000001C +#define CKK_JUNIPER 0x0000001D +#define CKK_CDMF 0x0000001E +#define CKK_AES 0x0000001F + +/* BlowFish and TwoFish are new for v2.20 */ +#define CKK_BLOWFISH 0x00000020 +#define CKK_TWOFISH 0x00000021 + +/* SecurID, HOTP, and ACTI are new for PKCS #11 v2.20 amendment 1 */ +#define CKK_SECURID 0x00000022 +#define CKK_HOTP 0x00000023 +#define CKK_ACTI 0x00000024 + +/* Camellia is new for PKCS #11 v2.20 amendment 3 */ +#define CKK_CAMELLIA 0x00000025 +/* ARIA is new for PKCS #11 v2.20 amendment 3 */ +#define CKK_ARIA 0x00000026 + +#define CKK_VENDOR_DEFINED 0x80000000 + +/* CK_CERTIFICATE_TYPE is a value that identifies a certificate + * type */ +/* CK_CERTIFICATE_TYPE was changed from CK_USHORT to CK_ULONG + * for v2.0 */ +typedef CK_ULONG CK_CERTIFICATE_TYPE; + +/* The following certificate types are defined: */ +/* CKC_X_509_ATTR_CERT is new for v2.10 */ +/* CKC_WTLS is new for v2.20 */ +#define CKC_X_509 0x00000000 +#define CKC_X_509_ATTR_CERT 0x00000001 +#define CKC_WTLS 0x00000002 +#define CKC_VENDOR_DEFINED 0x80000000 + +/* CK_ATTRIBUTE_TYPE is a value that identifies an attribute + * type */ +/* CK_ATTRIBUTE_TYPE was changed from CK_USHORT to CK_ULONG for + * v2.0 */ +typedef CK_ULONG CK_ATTRIBUTE_TYPE; + +/* The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + consists of an array of values. */ +#define CKF_ARRAY_ATTRIBUTE 0x40000000 + +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 + and relates to the CKA_OTP_FORMAT attribute */ +#define CK_OTP_FORMAT_DECIMAL 0 +#define CK_OTP_FORMAT_HEXADECIMAL 1 +#define CK_OTP_FORMAT_ALPHANUMERIC 2 +#define CK_OTP_FORMAT_BINARY 3 + +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 + and relates to the CKA_OTP_..._REQUIREMENT attributes */ +#define CK_OTP_PARAM_IGNORED 0 +#define CK_OTP_PARAM_OPTIONAL 1 +#define CK_OTP_PARAM_MANDATORY 2 + +/* The following attribute types are defined: */ +#define CKA_CLASS 0x00000000 +#define CKA_TOKEN 0x00000001 +#define CKA_PRIVATE 0x00000002 +#define CKA_LABEL 0x00000003 +#define CKA_APPLICATION 0x00000010 +#define CKA_VALUE 0x00000011 + +/* CKA_OBJECT_ID is new for v2.10 */ +#define CKA_OBJECT_ID 0x00000012 + +#define CKA_CERTIFICATE_TYPE 0x00000080 +#define CKA_ISSUER 0x00000081 +#define CKA_SERIAL_NUMBER 0x00000082 + +/* CKA_AC_ISSUER, CKA_OWNER, and CKA_ATTR_TYPES are new + * for v2.10 */ +#define CKA_AC_ISSUER 0x00000083 +#define CKA_OWNER 0x00000084 +#define CKA_ATTR_TYPES 0x00000085 + +/* CKA_TRUSTED is new for v2.11 */ +#define CKA_TRUSTED 0x00000086 + +/* CKA_CERTIFICATE_CATEGORY ... + * CKA_CHECK_VALUE are new for v2.20 */ +#define CKA_CERTIFICATE_CATEGORY 0x00000087 +#define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088 +#define CKA_URL 0x00000089 +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008A +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008B +#define CKA_CHECK_VALUE 0x00000090 + +#define CKA_KEY_TYPE 0x00000100 +#define CKA_SUBJECT 0x00000101 +#define CKA_ID 0x00000102 +#define CKA_SENSITIVE 0x00000103 +#define CKA_ENCRYPT 0x00000104 +#define CKA_DECRYPT 0x00000105 +#define CKA_WRAP 0x00000106 +#define CKA_UNWRAP 0x00000107 +#define CKA_SIGN 0x00000108 +#define CKA_SIGN_RECOVER 0x00000109 +#define CKA_VERIFY 0x0000010A +#define CKA_VERIFY_RECOVER 0x0000010B +#define CKA_DERIVE 0x0000010C +#define CKA_START_DATE 0x00000110 +#define CKA_END_DATE 0x00000111 +#define CKA_MODULUS 0x00000120 +#define CKA_MODULUS_BITS 0x00000121 +#define CKA_PUBLIC_EXPONENT 0x00000122 +#define CKA_PRIVATE_EXPONENT 0x00000123 +#define CKA_PRIME_1 0x00000124 +#define CKA_PRIME_2 0x00000125 +#define CKA_EXPONENT_1 0x00000126 +#define CKA_EXPONENT_2 0x00000127 +#define CKA_COEFFICIENT 0x00000128 +#define CKA_PRIME 0x00000130 +#define CKA_SUBPRIME 0x00000131 +#define CKA_BASE 0x00000132 + +/* CKA_PRIME_BITS and CKA_SUB_PRIME_BITS are new for v2.11 */ +#define CKA_PRIME_BITS 0x00000133 +#define CKA_SUBPRIME_BITS 0x00000134 +#define CKA_SUB_PRIME_BITS CKA_SUBPRIME_BITS +/* (To retain backwards-compatibility) */ + +#define CKA_VALUE_BITS 0x00000160 +#define CKA_VALUE_LEN 0x00000161 + +/* CKA_EXTRACTABLE, CKA_LOCAL, CKA_NEVER_EXTRACTABLE, + * CKA_ALWAYS_SENSITIVE, CKA_MODIFIABLE, CKA_ECDSA_PARAMS, + * and CKA_EC_POINT are new for v2.0 */ +#define CKA_EXTRACTABLE 0x00000162 +#define CKA_LOCAL 0x00000163 +#define CKA_NEVER_EXTRACTABLE 0x00000164 +#define CKA_ALWAYS_SENSITIVE 0x00000165 + +/* CKA_KEY_GEN_MECHANISM is new for v2.11 */ +#define CKA_KEY_GEN_MECHANISM 0x00000166 + +#define CKA_MODIFIABLE 0x00000170 + +/* CKA_ECDSA_PARAMS is deprecated in v2.11, + * CKA_EC_PARAMS is preferred. */ +#define CKA_ECDSA_PARAMS 0x00000180 +#define CKA_EC_PARAMS 0x00000180 + +#define CKA_EC_POINT 0x00000181 + +/* CKA_SECONDARY_AUTH, CKA_AUTH_PIN_FLAGS, + * are new for v2.10. Deprecated in v2.11 and onwards. */ +#define CKA_SECONDARY_AUTH 0x00000200 +#define CKA_AUTH_PIN_FLAGS 0x00000201 + +/* CKA_ALWAYS_AUTHENTICATE ... + * CKA_UNWRAP_TEMPLATE are new for v2.20 */ +#define CKA_ALWAYS_AUTHENTICATE 0x00000202 + +#define CKA_WRAP_WITH_TRUSTED 0x00000210 +#define CKA_WRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000211) +#define CKA_UNWRAP_TEMPLATE (CKF_ARRAY_ATTRIBUTE | 0x00000212) + +/* CKA_OTP... atttributes are new for PKCS #11 v2.20 amendment 3. */ +#define CKA_OTP_FORMAT 0x00000220 +#define CKA_OTP_LENGTH 0x00000221 +#define CKA_OTP_TIME_INTERVAL 0x00000222 +#define CKA_OTP_USER_FRIENDLY_MODE 0x00000223 +#define CKA_OTP_CHALLENGE_REQUIREMENT 0x00000224 +#define CKA_OTP_TIME_REQUIREMENT 0x00000225 +#define CKA_OTP_COUNTER_REQUIREMENT 0x00000226 +#define CKA_OTP_PIN_REQUIREMENT 0x00000227 +#define CKA_OTP_COUNTER 0x0000022E +#define CKA_OTP_TIME 0x0000022F +#define CKA_OTP_USER_IDENTIFIER 0x0000022A +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022B +#define CKA_OTP_SERVICE_LOGO 0x0000022C +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022D + +/* CKA_HW_FEATURE_TYPE, CKA_RESET_ON_INIT, and CKA_HAS_RESET + * are new for v2.10 */ +#define CKA_HW_FEATURE_TYPE 0x00000300 +#define CKA_RESET_ON_INIT 0x00000301 +#define CKA_HAS_RESET 0x00000302 + +/* The following attributes are new for v2.20 */ +#define CKA_PIXEL_X 0x00000400 +#define CKA_PIXEL_Y 0x00000401 +#define CKA_RESOLUTION 0x00000402 +#define CKA_CHAR_ROWS 0x00000403 +#define CKA_CHAR_COLUMNS 0x00000404 +#define CKA_COLOR 0x00000405 +#define CKA_BITS_PER_PIXEL 0x00000406 +#define CKA_CHAR_SETS 0x00000480 +#define CKA_ENCODING_METHODS 0x00000481 +#define CKA_MIME_TYPES 0x00000482 +#define CKA_MECHANISM_TYPE 0x00000500 +#define CKA_REQUIRED_CMS_ATTRIBUTES 0x00000501 +#define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502 +#define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503 +#define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE | 0x00000600) + +#define CKA_VENDOR_DEFINED 0x80000000 + +/* CK_ATTRIBUTE is a structure that includes the type, length + * and value of an attribute */ +typedef struct CK_ATTRIBUTE { + CK_ATTRIBUTE_TYPE type; + CK_VOID_PTR pValue; + + /* ulValueLen went from CK_USHORT to CK_ULONG for v2.0 */ + CK_ULONG ulValueLen; /* in bytes */ +} CK_ATTRIBUTE; + +typedef CK_ATTRIBUTE CK_PTR CK_ATTRIBUTE_PTR; + +/* CK_DATE is a structure that defines a date */ +typedef struct CK_DATE { + CK_CHAR year[4]; /* the year ("1900" - "9999") */ + CK_CHAR month[2]; /* the month ("01" - "12") */ + CK_CHAR day[2]; /* the day ("01" - "31") */ +} CK_DATE; + +/* CK_MECHANISM_TYPE is a value that identifies a mechanism + * type */ +/* CK_MECHANISM_TYPE was changed from CK_USHORT to CK_ULONG for + * v2.0 */ +typedef CK_ULONG CK_MECHANISM_TYPE; + +/* the following mechanism types are defined: */ +#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 +#define CKM_RSA_PKCS 0x00000001 +#define CKM_RSA_9796 0x00000002 +#define CKM_RSA_X_509 0x00000003 + +/* CKM_MD2_RSA_PKCS, CKM_MD5_RSA_PKCS, and CKM_SHA1_RSA_PKCS + * are new for v2.0. They are mechanisms which hash and sign */ +#define CKM_MD2_RSA_PKCS 0x00000004 +#define CKM_MD5_RSA_PKCS 0x00000005 +#define CKM_SHA1_RSA_PKCS 0x00000006 + +/* CKM_RIPEMD128_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, and + * CKM_RSA_PKCS_OAEP are new for v2.10 */ +#define CKM_RIPEMD128_RSA_PKCS 0x00000007 +#define CKM_RIPEMD160_RSA_PKCS 0x00000008 +#define CKM_RSA_PKCS_OAEP 0x00000009 + +/* CKM_RSA_X9_31_KEY_PAIR_GEN, CKM_RSA_X9_31, CKM_SHA1_RSA_X9_31, + * CKM_RSA_PKCS_PSS, and CKM_SHA1_RSA_PKCS_PSS are new for v2.11 */ +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000A +#define CKM_RSA_X9_31 0x0000000B +#define CKM_SHA1_RSA_X9_31 0x0000000C +#define CKM_RSA_PKCS_PSS 0x0000000D +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E + +#define CKM_DSA_KEY_PAIR_GEN 0x00000010 +#define CKM_DSA 0x00000011 +#define CKM_DSA_SHA1 0x00000012 +#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 +#define CKM_DH_PKCS_DERIVE 0x00000021 + +/* CKM_X9_42_DH_KEY_PAIR_GEN, CKM_X9_42_DH_DERIVE, + * CKM_X9_42_DH_HYBRID_DERIVE, and CKM_X9_42_MQV_DERIVE are new for + * v2.11 */ +#define CKM_X9_42_DH_KEY_PAIR_GEN 0x00000030 +#define CKM_X9_42_DH_DERIVE 0x00000031 +#define CKM_X9_42_DH_HYBRID_DERIVE 0x00000032 +#define CKM_X9_42_MQV_DERIVE 0x00000033 + +/* CKM_SHA256/384/512 are new for v2.20 */ +#define CKM_SHA256_RSA_PKCS 0x00000040 +#define CKM_SHA384_RSA_PKCS 0x00000041 +#define CKM_SHA512_RSA_PKCS 0x00000042 +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 + +/* SHA-224 RSA mechanisms are new for PKCS #11 v2.20 amendment 3 */ +#define CKM_SHA224_RSA_PKCS 0x00000046 +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 + +#define CKM_RC2_KEY_GEN 0x00000100 +#define CKM_RC2_ECB 0x00000101 +#define CKM_RC2_CBC 0x00000102 +#define CKM_RC2_MAC 0x00000103 + +/* CKM_RC2_MAC_GENERAL and CKM_RC2_CBC_PAD are new for v2.0 */ +#define CKM_RC2_MAC_GENERAL 0x00000104 +#define CKM_RC2_CBC_PAD 0x00000105 + +#define CKM_RC4_KEY_GEN 0x00000110 +#define CKM_RC4 0x00000111 +#define CKM_DES_KEY_GEN 0x00000120 +#define CKM_DES_ECB 0x00000121 +#define CKM_DES_CBC 0x00000122 +#define CKM_DES_MAC 0x00000123 + +/* CKM_DES_MAC_GENERAL and CKM_DES_CBC_PAD are new for v2.0 */ +#define CKM_DES_MAC_GENERAL 0x00000124 +#define CKM_DES_CBC_PAD 0x00000125 + +#define CKM_DES2_KEY_GEN 0x00000130 +#define CKM_DES3_KEY_GEN 0x00000131 +#define CKM_DES3_ECB 0x00000132 +#define CKM_DES3_CBC 0x00000133 +#define CKM_DES3_MAC 0x00000134 + +/* CKM_DES3_MAC_GENERAL, CKM_DES3_CBC_PAD, CKM_CDMF_KEY_GEN, + * CKM_CDMF_ECB, CKM_CDMF_CBC, CKM_CDMF_MAC, + * CKM_CDMF_MAC_GENERAL, and CKM_CDMF_CBC_PAD are new for v2.0 */ +#define CKM_DES3_MAC_GENERAL 0x00000135 +#define CKM_DES3_CBC_PAD 0x00000136 +#define CKM_DES3_CMAC_GENERAL 0x00000137 +#define CKM_DES3_CMAC 0x00000138 +#define CKM_CDMF_KEY_GEN 0x00000140 +#define CKM_CDMF_ECB 0x00000141 +#define CKM_CDMF_CBC 0x00000142 +#define CKM_CDMF_MAC 0x00000143 +#define CKM_CDMF_MAC_GENERAL 0x00000144 +#define CKM_CDMF_CBC_PAD 0x00000145 + +/* the following four DES mechanisms are new for v2.20 */ +#define CKM_DES_OFB64 0x00000150 +#define CKM_DES_OFB8 0x00000151 +#define CKM_DES_CFB64 0x00000152 +#define CKM_DES_CFB8 0x00000153 + +#define CKM_MD2 0x00000200 + +/* CKM_MD2_HMAC and CKM_MD2_HMAC_GENERAL are new for v2.0 */ +#define CKM_MD2_HMAC 0x00000201 +#define CKM_MD2_HMAC_GENERAL 0x00000202 + +#define CKM_MD5 0x00000210 + +/* CKM_MD5_HMAC and CKM_MD5_HMAC_GENERAL are new for v2.0 */ +#define CKM_MD5_HMAC 0x00000211 +#define CKM_MD5_HMAC_GENERAL 0x00000212 + +#define CKM_SHA_1 0x00000220 + +/* CKM_SHA_1_HMAC and CKM_SHA_1_HMAC_GENERAL are new for v2.0 */ +#define CKM_SHA_1_HMAC 0x00000221 +#define CKM_SHA_1_HMAC_GENERAL 0x00000222 + +/* CKM_RIPEMD128, CKM_RIPEMD128_HMAC, + * CKM_RIPEMD128_HMAC_GENERAL, CKM_RIPEMD160, CKM_RIPEMD160_HMAC, + * and CKM_RIPEMD160_HMAC_GENERAL are new for v2.10 */ +#define CKM_RIPEMD128 0x00000230 +#define CKM_RIPEMD128_HMAC 0x00000231 +#define CKM_RIPEMD128_HMAC_GENERAL 0x00000232 +#define CKM_RIPEMD160 0x00000240 +#define CKM_RIPEMD160_HMAC 0x00000241 +#define CKM_RIPEMD160_HMAC_GENERAL 0x00000242 + +/* CKM_SHA256/384/512 are new for v2.20 */ +#define CKM_SHA256 0x00000250 +#define CKM_SHA256_HMAC 0x00000251 +#define CKM_SHA256_HMAC_GENERAL 0x00000252 + +/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ +#define CKM_SHA224 0x00000255 +#define CKM_SHA224_HMAC 0x00000256 +#define CKM_SHA224_HMAC_GENERAL 0x00000257 + +#define CKM_SHA384 0x00000260 +#define CKM_SHA384_HMAC 0x00000261 +#define CKM_SHA384_HMAC_GENERAL 0x00000262 +#define CKM_SHA512 0x00000270 +#define CKM_SHA512_HMAC 0x00000271 +#define CKM_SHA512_HMAC_GENERAL 0x00000272 + +/* SecurID is new for PKCS #11 v2.20 amendment 1 */ +#define CKM_SECURID_KEY_GEN 0x00000280 +#define CKM_SECURID 0x00000282 + +/* HOTP is new for PKCS #11 v2.20 amendment 1 */ +#define CKM_HOTP_KEY_GEN 0x00000290 +#define CKM_HOTP 0x00000291 + +/* ACTI is new for PKCS #11 v2.20 amendment 1 */ +#define CKM_ACTI 0x000002A0 +#define CKM_ACTI_KEY_GEN 0x000002A1 + +/* All of the following mechanisms are new for v2.0 */ +/* Note that CAST128 and CAST5 are the same algorithm */ +#define CKM_CAST_KEY_GEN 0x00000300 +#define CKM_CAST_ECB 0x00000301 +#define CKM_CAST_CBC 0x00000302 +#define CKM_CAST_MAC 0x00000303 +#define CKM_CAST_MAC_GENERAL 0x00000304 +#define CKM_CAST_CBC_PAD 0x00000305 +#define CKM_CAST3_KEY_GEN 0x00000310 +#define CKM_CAST3_ECB 0x00000311 +#define CKM_CAST3_CBC 0x00000312 +#define CKM_CAST3_MAC 0x00000313 +#define CKM_CAST3_MAC_GENERAL 0x00000314 +#define CKM_CAST3_CBC_PAD 0x00000315 +#define CKM_CAST5_KEY_GEN 0x00000320 +#define CKM_CAST128_KEY_GEN 0x00000320 +#define CKM_CAST5_ECB 0x00000321 +#define CKM_CAST128_ECB 0x00000321 +#define CKM_CAST5_CBC 0x00000322 +#define CKM_CAST128_CBC 0x00000322 +#define CKM_CAST5_MAC 0x00000323 +#define CKM_CAST128_MAC 0x00000323 +#define CKM_CAST5_MAC_GENERAL 0x00000324 +#define CKM_CAST128_MAC_GENERAL 0x00000324 +#define CKM_CAST5_CBC_PAD 0x00000325 +#define CKM_CAST128_CBC_PAD 0x00000325 +#define CKM_RC5_KEY_GEN 0x00000330 +#define CKM_RC5_ECB 0x00000331 +#define CKM_RC5_CBC 0x00000332 +#define CKM_RC5_MAC 0x00000333 +#define CKM_RC5_MAC_GENERAL 0x00000334 +#define CKM_RC5_CBC_PAD 0x00000335 +#define CKM_IDEA_KEY_GEN 0x00000340 +#define CKM_IDEA_ECB 0x00000341 +#define CKM_IDEA_CBC 0x00000342 +#define CKM_IDEA_MAC 0x00000343 +#define CKM_IDEA_MAC_GENERAL 0x00000344 +#define CKM_IDEA_CBC_PAD 0x00000345 +#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 +#define CKM_CONCATENATE_BASE_AND_KEY 0x00000360 +#define CKM_CONCATENATE_BASE_AND_DATA 0x00000362 +#define CKM_CONCATENATE_DATA_AND_BASE 0x00000363 +#define CKM_XOR_BASE_AND_DATA 0x00000364 +#define CKM_EXTRACT_KEY_FROM_KEY 0x00000365 +#define CKM_SSL3_PRE_MASTER_KEY_GEN 0x00000370 +#define CKM_SSL3_MASTER_KEY_DERIVE 0x00000371 +#define CKM_SSL3_KEY_AND_MAC_DERIVE 0x00000372 + +/* CKM_SSL3_MASTER_KEY_DERIVE_DH, CKM_TLS_PRE_MASTER_KEY_GEN, + * CKM_TLS_MASTER_KEY_DERIVE, CKM_TLS_KEY_AND_MAC_DERIVE, and + * CKM_TLS_MASTER_KEY_DERIVE_DH are new for v2.11 */ +#define CKM_SSL3_MASTER_KEY_DERIVE_DH 0x00000373 +#define CKM_TLS_PRE_MASTER_KEY_GEN 0x00000374 +#define CKM_TLS_MASTER_KEY_DERIVE 0x00000375 +#define CKM_TLS_KEY_AND_MAC_DERIVE 0x00000376 +#define CKM_TLS_MASTER_KEY_DERIVE_DH 0x00000377 + +/* CKM_TLS_PRF is new for v2.20 */ +#define CKM_TLS_PRF 0x00000378 + +#define CKM_SSL3_MD5_MAC 0x00000380 +#define CKM_SSL3_SHA1_MAC 0x00000381 +#define CKM_MD5_KEY_DERIVATION 0x00000390 +#define CKM_MD2_KEY_DERIVATION 0x00000391 +#define CKM_SHA1_KEY_DERIVATION 0x00000392 + +/* CKM_SHA256/384/512 are new for v2.20 */ +#define CKM_SHA256_KEY_DERIVATION 0x00000393 +#define CKM_SHA384_KEY_DERIVATION 0x00000394 +#define CKM_SHA512_KEY_DERIVATION 0x00000395 + +/* SHA-224 key derivation is new for PKCS #11 v2.20 amendment 3 */ +#define CKM_SHA224_KEY_DERIVATION 0x00000396 + +#define CKM_PBE_MD2_DES_CBC 0x000003A0 +#define CKM_PBE_MD5_DES_CBC 0x000003A1 +#define CKM_PBE_MD5_CAST_CBC 0x000003A2 +#define CKM_PBE_MD5_CAST3_CBC 0x000003A3 +#define CKM_PBE_MD5_CAST5_CBC 0x000003A4 +#define CKM_PBE_MD5_CAST128_CBC 0x000003A4 +#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5 +#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5 +#define CKM_PBE_SHA1_RC4_128 0x000003A6 +#define CKM_PBE_SHA1_RC4_40 0x000003A7 +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8 +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9 +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AA +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003AB + +/* CKM_PKCS5_PBKD2 is new for v2.10 */ +#define CKM_PKCS5_PBKD2 0x000003B0 + +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0 + +/* WTLS mechanisms are new for v2.20 */ +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0 +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1 +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2 +#define CKM_WTLS_PRF 0x000003D3 +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4 +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5 + +#define CKM_KEY_WRAP_LYNKS 0x00000400 +#define CKM_KEY_WRAP_SET_OAEP 0x00000401 + +/* CKM_CMS_SIG is new for v2.20 */ +#define CKM_CMS_SIG 0x00000500 + +/* CKM_KIP mechanisms are new for PKCS #11 v2.20 amendment 2 */ +#define CKM_KIP_DERIVE 0x00000510 +#define CKM_KIP_WRAP 0x00000511 +#define CKM_KIP_MAC 0x00000512 + +/* Camellia is new for PKCS #11 v2.20 amendment 3 */ +#define CKM_CAMELLIA_KEY_GEN 0x00000550 +#define CKM_CAMELLIA_ECB 0x00000551 +#define CKM_CAMELLIA_CBC 0x00000552 +#define CKM_CAMELLIA_MAC 0x00000553 +#define CKM_CAMELLIA_MAC_GENERAL 0x00000554 +#define CKM_CAMELLIA_CBC_PAD 0x00000555 +#define CKM_CAMELLIA_ECB_ENCRYPT_DATA 0x00000556 +#define CKM_CAMELLIA_CBC_ENCRYPT_DATA 0x00000557 +#define CKM_CAMELLIA_CTR 0x00000558 + +/* ARIA is new for PKCS #11 v2.20 amendment 3 */ +#define CKM_ARIA_KEY_GEN 0x00000560 +#define CKM_ARIA_ECB 0x00000561 +#define CKM_ARIA_CBC 0x00000562 +#define CKM_ARIA_MAC 0x00000563 +#define CKM_ARIA_MAC_GENERAL 0x00000564 +#define CKM_ARIA_CBC_PAD 0x00000565 +#define CKM_ARIA_ECB_ENCRYPT_DATA 0x00000566 +#define CKM_ARIA_CBC_ENCRYPT_DATA 0x00000567 + +/* Fortezza mechanisms */ +#define CKM_SKIPJACK_KEY_GEN 0x00001000 +#define CKM_SKIPJACK_ECB64 0x00001001 +#define CKM_SKIPJACK_CBC64 0x00001002 +#define CKM_SKIPJACK_OFB64 0x00001003 +#define CKM_SKIPJACK_CFB64 0x00001004 +#define CKM_SKIPJACK_CFB32 0x00001005 +#define CKM_SKIPJACK_CFB16 0x00001006 +#define CKM_SKIPJACK_CFB8 0x00001007 +#define CKM_SKIPJACK_WRAP 0x00001008 +#define CKM_SKIPJACK_PRIVATE_WRAP 0x00001009 +#define CKM_SKIPJACK_RELAYX 0x0000100a +#define CKM_KEA_KEY_PAIR_GEN 0x00001010 +#define CKM_KEA_KEY_DERIVE 0x00001011 +#define CKM_FORTEZZA_TIMESTAMP 0x00001020 +#define CKM_BATON_KEY_GEN 0x00001030 +#define CKM_BATON_ECB128 0x00001031 +#define CKM_BATON_ECB96 0x00001032 +#define CKM_BATON_CBC128 0x00001033 +#define CKM_BATON_COUNTER 0x00001034 +#define CKM_BATON_SHUFFLE 0x00001035 +#define CKM_BATON_WRAP 0x00001036 + +/* CKM_ECDSA_KEY_PAIR_GEN is deprecated in v2.11, + * CKM_EC_KEY_PAIR_GEN is preferred */ +#define CKM_ECDSA_KEY_PAIR_GEN 0x00001040 +#define CKM_EC_KEY_PAIR_GEN 0x00001040 + +#define CKM_ECDSA 0x00001041 +#define CKM_ECDSA_SHA1 0x00001042 + +/* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE + * are new for v2.11 */ +#define CKM_ECDH1_DERIVE 0x00001050 +#define CKM_ECDH1_COFACTOR_DERIVE 0x00001051 +#define CKM_ECMQV_DERIVE 0x00001052 + +#define CKM_JUNIPER_KEY_GEN 0x00001060 +#define CKM_JUNIPER_ECB128 0x00001061 +#define CKM_JUNIPER_CBC128 0x00001062 +#define CKM_JUNIPER_COUNTER 0x00001063 +#define CKM_JUNIPER_SHUFFLE 0x00001064 +#define CKM_JUNIPER_WRAP 0x00001065 +#define CKM_FASTHASH 0x00001070 + +/* CKM_AES_KEY_GEN, CKM_AES_ECB, CKM_AES_CBC, CKM_AES_MAC, + * CKM_AES_MAC_GENERAL, CKM_AES_CBC_PAD, CKM_DSA_PARAMETER_GEN, + * CKM_DH_PKCS_PARAMETER_GEN, and CKM_X9_42_DH_PARAMETER_GEN are + * new for v2.11 */ +#define CKM_AES_KEY_GEN 0x00001080 +#define CKM_AES_ECB 0x00001081 +#define CKM_AES_CBC 0x00001082 +#define CKM_AES_MAC 0x00001083 +#define CKM_AES_MAC_GENERAL 0x00001084 +#define CKM_AES_CBC_PAD 0x00001085 + +/* AES counter mode is new for PKCS #11 v2.20 amendment 3 */ +#define CKM_AES_CTR 0x00001086 +#define CKM_AES_CMAC_GENERAL 0x00001089 +#define CKM_AES_CMAC 0x0000108A + +/* BlowFish and TwoFish are new for v2.20 */ +#define CKM_BLOWFISH_KEY_GEN 0x00001090 +#define CKM_BLOWFISH_CBC 0x00001091 +#define CKM_TWOFISH_KEY_GEN 0x00001092 +#define CKM_TWOFISH_CBC 0x00001093 + +/* CKM_xxx_ENCRYPT_DATA mechanisms are new for v2.20 */ +#define CKM_DES_ECB_ENCRYPT_DATA 0x00001100 +#define CKM_DES_CBC_ENCRYPT_DATA 0x00001101 +#define CKM_DES3_ECB_ENCRYPT_DATA 0x00001102 +#define CKM_DES3_CBC_ENCRYPT_DATA 0x00001103 +#define CKM_AES_ECB_ENCRYPT_DATA 0x00001104 +#define CKM_AES_CBC_ENCRYPT_DATA 0x00001105 + +#define CKM_DSA_PARAMETER_GEN 0x00002000 +#define CKM_DH_PKCS_PARAMETER_GEN 0x00002001 +#define CKM_X9_42_DH_PARAMETER_GEN 0x00002002 + +#define CKM_VENDOR_DEFINED 0x80000000 + +typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; + +/* CK_MECHANISM is a structure that specifies a particular + * mechanism */ +typedef struct CK_MECHANISM { + CK_MECHANISM_TYPE mechanism; + CK_VOID_PTR pParameter; + + /* ulParameterLen was changed from CK_USHORT to CK_ULONG for + * v2.0 */ + CK_ULONG ulParameterLen; /* in bytes */ +} CK_MECHANISM; + +typedef CK_MECHANISM CK_PTR CK_MECHANISM_PTR; + +/* CK_MECHANISM_INFO provides information about a particular + * mechanism */ +typedef struct CK_MECHANISM_INFO { + CK_ULONG ulMinKeySize; + CK_ULONG ulMaxKeySize; + CK_FLAGS flags; +} CK_MECHANISM_INFO; + +/* The flags are defined as follows: + * Bit Flag Mask Meaning */ +#define CKF_HW 0x00000001 /* performed by HW */ + +/* The flags CKF_ENCRYPT, CKF_DECRYPT, CKF_DIGEST, CKF_SIGN, + * CKG_SIGN_RECOVER, CKF_VERIFY, CKF_VERIFY_RECOVER, + * CKF_GENERATE, CKF_GENERATE_KEY_PAIR, CKF_WRAP, CKF_UNWRAP, + * and CKF_DERIVE are new for v2.0. They specify whether or not + * a mechanism can be used for a particular task */ +#define CKF_ENCRYPT 0x00000100 +#define CKF_DECRYPT 0x00000200 +#define CKF_DIGEST 0x00000400 +#define CKF_SIGN 0x00000800 +#define CKF_SIGN_RECOVER 0x00001000 +#define CKF_VERIFY 0x00002000 +#define CKF_VERIFY_RECOVER 0x00004000 +#define CKF_GENERATE 0x00008000 +#define CKF_GENERATE_KEY_PAIR 0x00010000 +#define CKF_WRAP 0x00020000 +#define CKF_UNWRAP 0x00040000 +#define CKF_DERIVE 0x00080000 + +/* CKF_EC_F_P, CKF_EC_F_2M, CKF_EC_ECPARAMETERS, CKF_EC_NAMEDCURVE, + * CKF_EC_UNCOMPRESS, and CKF_EC_COMPRESS are new for v2.11. They + * describe a token's EC capabilities not available in mechanism + * information. */ +#define CKF_EC_F_P 0x00100000 +#define CKF_EC_F_2M 0x00200000 +#define CKF_EC_ECPARAMETERS 0x00400000 +#define CKF_EC_NAMEDCURVE 0x00800000 +#define CKF_EC_UNCOMPRESS 0x01000000 +#define CKF_EC_COMPRESS 0x02000000 + +#define CKF_EXTENSION 0x80000000 /* FALSE for this version */ + +typedef CK_MECHANISM_INFO CK_PTR CK_MECHANISM_INFO_PTR; + +/* CK_RV is a value that identifies the return value of a + * Cryptoki function */ +/* CK_RV was changed from CK_USHORT to CK_ULONG for v2.0 */ +typedef CK_ULONG CK_RV; + +#define CKR_OK 0x00000000 +#define CKR_CANCEL 0x00000001 +#define CKR_HOST_MEMORY 0x00000002 +#define CKR_SLOT_ID_INVALID 0x00000003 + +/* CKR_FLAGS_INVALID was removed for v2.0 */ + +/* CKR_GENERAL_ERROR and CKR_FUNCTION_FAILED are new for v2.0 */ +#define CKR_GENERAL_ERROR 0x00000005 +#define CKR_FUNCTION_FAILED 0x00000006 + +/* CKR_ARGUMENTS_BAD, CKR_NO_EVENT, CKR_NEED_TO_CREATE_THREADS, + * and CKR_CANT_LOCK are new for v2.01 */ +#define CKR_ARGUMENTS_BAD 0x00000007 +#define CKR_NO_EVENT 0x00000008 +#define CKR_NEED_TO_CREATE_THREADS 0x00000009 +#define CKR_CANT_LOCK 0x0000000A + +#define CKR_ATTRIBUTE_READ_ONLY 0x00000010 +#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 +#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 +#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 +#define CKR_DATA_INVALID 0x00000020 +#define CKR_DATA_LEN_RANGE 0x00000021 +#define CKR_DEVICE_ERROR 0x00000030 +#define CKR_DEVICE_MEMORY 0x00000031 +#define CKR_DEVICE_REMOVED 0x00000032 +#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 +#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 +#define CKR_FUNCTION_CANCELED 0x00000050 +#define CKR_FUNCTION_NOT_PARALLEL 0x00000051 + +/* CKR_FUNCTION_NOT_SUPPORTED is new for v2.0 */ +#define CKR_FUNCTION_NOT_SUPPORTED 0x00000054 + +#define CKR_KEY_HANDLE_INVALID 0x00000060 + +/* CKR_KEY_SENSITIVE was removed for v2.0 */ + +#define CKR_KEY_SIZE_RANGE 0x00000062 +#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 + +/* CKR_KEY_NOT_NEEDED, CKR_KEY_CHANGED, CKR_KEY_NEEDED, + * CKR_KEY_INDIGESTIBLE, CKR_KEY_FUNCTION_NOT_PERMITTED, + * CKR_KEY_NOT_WRAPPABLE, and CKR_KEY_UNEXTRACTABLE are new for + * v2.0 */ +#define CKR_KEY_NOT_NEEDED 0x00000064 +#define CKR_KEY_CHANGED 0x00000065 +#define CKR_KEY_NEEDED 0x00000066 +#define CKR_KEY_INDIGESTIBLE 0x00000067 +#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 +#define CKR_KEY_NOT_WRAPPABLE 0x00000069 +#define CKR_KEY_UNEXTRACTABLE 0x0000006A + +#define CKR_MECHANISM_INVALID 0x00000070 +#define CKR_MECHANISM_PARAM_INVALID 0x00000071 + +/* CKR_OBJECT_CLASS_INCONSISTENT and CKR_OBJECT_CLASS_INVALID + * were removed for v2.0 */ +#define CKR_OBJECT_HANDLE_INVALID 0x00000082 +#define CKR_OPERATION_ACTIVE 0x00000090 +#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 +#define CKR_PIN_INCORRECT 0x000000A0 +#define CKR_PIN_INVALID 0x000000A1 +#define CKR_PIN_LEN_RANGE 0x000000A2 + +/* CKR_PIN_EXPIRED and CKR_PIN_LOCKED are new for v2.0 */ +#define CKR_PIN_EXPIRED 0x000000A3 +#define CKR_PIN_LOCKED 0x000000A4 + +#define CKR_SESSION_CLOSED 0x000000B0 +#define CKR_SESSION_COUNT 0x000000B1 +#define CKR_SESSION_HANDLE_INVALID 0x000000B3 +#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 +#define CKR_SESSION_READ_ONLY 0x000000B5 +#define CKR_SESSION_EXISTS 0x000000B6 + +/* CKR_SESSION_READ_ONLY_EXISTS and + * CKR_SESSION_READ_WRITE_SO_EXISTS are new for v2.0 */ +#define CKR_SESSION_READ_ONLY_EXISTS 0x000000B7 +#define CKR_SESSION_READ_WRITE_SO_EXISTS 0x000000B8 + +#define CKR_SIGNATURE_INVALID 0x000000C0 +#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 +#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 +#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 +#define CKR_TOKEN_NOT_PRESENT 0x000000E0 +#define CKR_TOKEN_NOT_RECOGNIZED 0x000000E1 +#define CKR_TOKEN_WRITE_PROTECTED 0x000000E2 +#define CKR_UNWRAPPING_KEY_HANDLE_INVALID 0x000000F0 +#define CKR_UNWRAPPING_KEY_SIZE_RANGE 0x000000F1 +#define CKR_UNWRAPPING_KEY_TYPE_INCONSISTENT 0x000000F2 +#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 +#define CKR_USER_NOT_LOGGED_IN 0x00000101 +#define CKR_USER_PIN_NOT_INITIALIZED 0x00000102 +#define CKR_USER_TYPE_INVALID 0x00000103 + +/* CKR_USER_ANOTHER_ALREADY_LOGGED_IN and CKR_USER_TOO_MANY_TYPES + * are new to v2.01 */ +#define CKR_USER_ANOTHER_ALREADY_LOGGED_IN 0x00000104 +#define CKR_USER_TOO_MANY_TYPES 0x00000105 + +#define CKR_WRAPPED_KEY_INVALID 0x00000110 +#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 +#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 +#define CKR_WRAPPING_KEY_SIZE_RANGE 0x00000114 +#define CKR_WRAPPING_KEY_TYPE_INCONSISTENT 0x00000115 +#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 + +/* These are new to v2.0 */ +#define CKR_RANDOM_NO_RNG 0x00000121 + +/* These are new to v2.11 */ +#define CKR_DOMAIN_PARAMS_INVALID 0x00000130 + +/* These are new to v2.0 */ +#define CKR_BUFFER_TOO_SMALL 0x00000150 +#define CKR_SAVED_STATE_INVALID 0x00000160 +#define CKR_INFORMATION_SENSITIVE 0x00000170 +#define CKR_STATE_UNSAVEABLE 0x00000180 + +/* These are new to v2.01 */ +#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 +#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 +#define CKR_MUTEX_BAD 0x000001A0 +#define CKR_MUTEX_NOT_LOCKED 0x000001A1 + +/* The following return values are new for PKCS #11 v2.20 amendment 3 */ +#define CKR_NEW_PIN_MODE 0x000001B0 +#define CKR_NEXT_OTP 0x000001B1 + +/* This is new to v2.20 */ +#define CKR_FUNCTION_REJECTED 0x00000200 + +#define CKR_VENDOR_DEFINED 0x80000000 + +/* CK_NOTIFY is an application callback that processes events */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_NOTIFICATION event, + CK_VOID_PTR pApplication /* passed to C_OpenSession */ +); + +/* CK_FUNCTION_LIST is a structure holding a Cryptoki spec + * version and pointers of appropriate types to all the + * Cryptoki functions */ +/* CK_FUNCTION_LIST is new for v2.0 */ +typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; + +typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; + +typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; + +/* CK_CREATEMUTEX is an application callback for creating a + * mutex object */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_CREATEMUTEX)( + CK_VOID_PTR_PTR ppMutex /* location to receive ptr to mutex */ +); + +/* CK_DESTROYMUTEX is an application callback for destroying a + * mutex object */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_DESTROYMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + +/* CK_LOCKMUTEX is an application callback for locking a mutex */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_LOCKMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + +/* CK_UNLOCKMUTEX is an application callback for unlocking a + * mutex */ +typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( + CK_VOID_PTR pMutex /* pointer to mutex */ +); + +/* CK_C_INITIALIZE_ARGS provides the optional arguments to + * C_Initialize */ +typedef struct CK_C_INITIALIZE_ARGS { + CK_CREATEMUTEX CreateMutex; + CK_DESTROYMUTEX DestroyMutex; + CK_LOCKMUTEX LockMutex; + CK_UNLOCKMUTEX UnlockMutex; + CK_FLAGS flags; + CK_VOID_PTR pReserved; +} CK_C_INITIALIZE_ARGS; + +/* flags: bit flags that provide capabilities of the slot + * Bit Flag Mask Meaning + */ +#define CKF_LIBRARY_CANT_CREATE_OS_THREADS 0x00000001 +#define CKF_OS_LOCKING_OK 0x00000002 + +typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; + +/* additional flags for parameters to functions */ + +/* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ +#define CKF_DONT_BLOCK 1 + +/* CK_RSA_PKCS_OAEP_MGF_TYPE is new for v2.10. + * CK_RSA_PKCS_OAEP_MGF_TYPE is used to indicate the Message + * Generation Function (MGF) applied to a message block when + * formatting a message block for the PKCS #1 OAEP encryption + * scheme. */ +typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; + +typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; + +/* The following MGFs are defined */ +/* CKG_MGF1_SHA256, CKG_MGF1_SHA384, and CKG_MGF1_SHA512 + * are new for v2.20 */ +#define CKG_MGF1_SHA1 0x00000001 +#define CKG_MGF1_SHA256 0x00000002 +#define CKG_MGF1_SHA384 0x00000003 +#define CKG_MGF1_SHA512 0x00000004 +/* SHA-224 is new for PKCS #11 v2.20 amendment 3 */ +#define CKG_MGF1_SHA224 0x00000005 + +/* CK_RSA_PKCS_OAEP_SOURCE_TYPE is new for v2.10. + * CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source + * of the encoding parameter when formatting a message block + * for the PKCS #1 OAEP encryption scheme. */ +typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; + +typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; + +/* The following encoding parameter sources are defined */ +#define CKZ_DATA_SPECIFIED 0x00000001 + +/* CK_RSA_PKCS_OAEP_PARAMS is new for v2.10. + * CK_RSA_PKCS_OAEP_PARAMS provides the parameters to the + * CKM_RSA_PKCS_OAEP mechanism. */ +typedef struct CK_RSA_PKCS_OAEP_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_OAEP_SOURCE_TYPE source; + CK_VOID_PTR pSourceData; + CK_ULONG ulSourceDataLen; +} CK_RSA_PKCS_OAEP_PARAMS; + +typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR; + +/* CK_RSA_PKCS_PSS_PARAMS is new for v2.11. + * CK_RSA_PKCS_PSS_PARAMS provides the parameters to the + * CKM_RSA_PKCS_PSS mechanism(s). */ +typedef struct CK_RSA_PKCS_PSS_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_ULONG sLen; +} CK_RSA_PKCS_PSS_PARAMS; + +typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; + +/* CK_EC_KDF_TYPE is new for v2.11. */ +typedef CK_ULONG CK_EC_KDF_TYPE; + +/* The following EC Key Derivation Functions are defined */ +#define CKD_NULL 0x00000001 +#define CKD_SHA1_KDF 0x00000002 + +/* CK_ECDH1_DERIVE_PARAMS is new for v2.11. + * CK_ECDH1_DERIVE_PARAMS provides the parameters to the + * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, + * where each party contributes one key pair. + */ +typedef struct CK_ECDH1_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_ECDH1_DERIVE_PARAMS; + +typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR; + +/* CK_ECDH2_DERIVE_PARAMS is new for v2.11. + * CK_ECDH2_DERIVE_PARAMS provides the parameters to the + * CKM_ECMQV_DERIVE mechanism, where each party contributes two key pairs. */ +typedef struct CK_ECDH2_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; +} CK_ECDH2_DERIVE_PARAMS; + +typedef CK_ECDH2_DERIVE_PARAMS CK_PTR CK_ECDH2_DERIVE_PARAMS_PTR; + +typedef struct CK_ECMQV_DERIVE_PARAMS { + CK_EC_KDF_TYPE kdf; + CK_ULONG ulSharedDataLen; + CK_BYTE_PTR pSharedData; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; + CK_OBJECT_HANDLE publicKey; +} CK_ECMQV_DERIVE_PARAMS; + +typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR; + +/* Typedefs and defines for the CKM_X9_42_DH_KEY_PAIR_GEN and the + * CKM_X9_42_DH_PARAMETER_GEN mechanisms (new for PKCS #11 v2.11) */ +typedef CK_ULONG CK_X9_42_DH_KDF_TYPE; +typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR; + +/* The following X9.42 DH key derivation functions are defined + (besides CKD_NULL already defined : */ +#define CKD_SHA1_KDF_ASN1 0x00000003 +#define CKD_SHA1_KDF_CONCATENATE 0x00000004 + +/* CK_X9_42_DH1_DERIVE_PARAMS is new for v2.11. + * CK_X9_42_DH1_DERIVE_PARAMS provides the parameters to the + * CKM_X9_42_DH_DERIVE key derivation mechanism, where each party + * contributes one key pair */ +typedef struct CK_X9_42_DH1_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_X9_42_DH1_DERIVE_PARAMS; + +typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR; + +/* CK_X9_42_DH2_DERIVE_PARAMS is new for v2.11. + * CK_X9_42_DH2_DERIVE_PARAMS provides the parameters to the + * CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation + * mechanisms, where each party contributes two key pairs */ +typedef struct CK_X9_42_DH2_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; +} CK_X9_42_DH2_DERIVE_PARAMS; + +typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR; + +typedef struct CK_X9_42_MQV_DERIVE_PARAMS { + CK_X9_42_DH_KDF_TYPE kdf; + CK_ULONG ulOtherInfoLen; + CK_BYTE_PTR pOtherInfo; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPrivateDataLen; + CK_OBJECT_HANDLE hPrivateData; + CK_ULONG ulPublicDataLen2; + CK_BYTE_PTR pPublicData2; + CK_OBJECT_HANDLE publicKey; +} CK_X9_42_MQV_DERIVE_PARAMS; + +typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR; + +/* CK_KEA_DERIVE_PARAMS provides the parameters to the + * CKM_KEA_DERIVE mechanism */ +/* CK_KEA_DERIVE_PARAMS is new for v2.0 */ +typedef struct CK_KEA_DERIVE_PARAMS { + CK_BBOOL isSender; + CK_ULONG ulRandomLen; + CK_BYTE_PTR pRandomA; + CK_BYTE_PTR pRandomB; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; +} CK_KEA_DERIVE_PARAMS; + +typedef CK_KEA_DERIVE_PARAMS CK_PTR CK_KEA_DERIVE_PARAMS_PTR; + +/* CK_RC2_PARAMS provides the parameters to the CKM_RC2_ECB and + * CKM_RC2_MAC mechanisms. An instance of CK_RC2_PARAMS just + * holds the effective keysize */ +typedef CK_ULONG CK_RC2_PARAMS; + +typedef CK_RC2_PARAMS CK_PTR CK_RC2_PARAMS_PTR; + +/* CK_RC2_CBC_PARAMS provides the parameters to the CKM_RC2_CBC + * mechanism */ +typedef struct CK_RC2_CBC_PARAMS { + /* ulEffectiveBits was changed from CK_USHORT to CK_ULONG for + * v2.0 */ + CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ + + CK_BYTE iv[8]; /* IV for CBC mode */ +} CK_RC2_CBC_PARAMS; + +typedef CK_RC2_CBC_PARAMS CK_PTR CK_RC2_CBC_PARAMS_PTR; + +/* CK_RC2_MAC_GENERAL_PARAMS provides the parameters for the + * CKM_RC2_MAC_GENERAL mechanism */ +/* CK_RC2_MAC_GENERAL_PARAMS is new for v2.0 */ +typedef struct CK_RC2_MAC_GENERAL_PARAMS { + CK_ULONG ulEffectiveBits; /* effective bits (1-1024) */ + CK_ULONG ulMacLength; /* Length of MAC in bytes */ +} CK_RC2_MAC_GENERAL_PARAMS; + +typedef CK_RC2_MAC_GENERAL_PARAMS CK_PTR CK_RC2_MAC_GENERAL_PARAMS_PTR; + +/* CK_RC5_PARAMS provides the parameters to the CKM_RC5_ECB and + * CKM_RC5_MAC mechanisms */ +/* CK_RC5_PARAMS is new for v2.0 */ +typedef struct CK_RC5_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ +} CK_RC5_PARAMS; + +typedef CK_RC5_PARAMS CK_PTR CK_RC5_PARAMS_PTR; + +/* CK_RC5_CBC_PARAMS provides the parameters to the CKM_RC5_CBC + * mechanism */ +/* CK_RC5_CBC_PARAMS is new for v2.0 */ +typedef struct CK_RC5_CBC_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ + CK_BYTE_PTR pIv; /* pointer to IV */ + CK_ULONG ulIvLen; /* length of IV in bytes */ +} CK_RC5_CBC_PARAMS; + +typedef CK_RC5_CBC_PARAMS CK_PTR CK_RC5_CBC_PARAMS_PTR; + +/* CK_RC5_MAC_GENERAL_PARAMS provides the parameters for the + * CKM_RC5_MAC_GENERAL mechanism */ +/* CK_RC5_MAC_GENERAL_PARAMS is new for v2.0 */ +typedef struct CK_RC5_MAC_GENERAL_PARAMS { + CK_ULONG ulWordsize; /* wordsize in bits */ + CK_ULONG ulRounds; /* number of rounds */ + CK_ULONG ulMacLength; /* Length of MAC in bytes */ +} CK_RC5_MAC_GENERAL_PARAMS; + +typedef CK_RC5_MAC_GENERAL_PARAMS CK_PTR CK_RC5_MAC_GENERAL_PARAMS_PTR; + +/* CK_MAC_GENERAL_PARAMS provides the parameters to most block + * ciphers' MAC_GENERAL mechanisms. Its value is the length of + * the MAC */ +/* CK_MAC_GENERAL_PARAMS is new for v2.0 */ +typedef CK_ULONG CK_MAC_GENERAL_PARAMS; + +typedef CK_MAC_GENERAL_PARAMS CK_PTR CK_MAC_GENERAL_PARAMS_PTR; + +/* CK_DES/AES_ECB/CBC_ENCRYPT_DATA_PARAMS are new for v2.20 */ +typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[8]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_DES_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_PTR + CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_AES_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR + CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR; + +/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS provides the parameters to the + * CKM_SKIPJACK_PRIVATE_WRAP mechanism */ +/* CK_SKIPJACK_PRIVATE_WRAP_PARAMS is new for v2.0 */ +typedef struct CK_SKIPJACK_PRIVATE_WRAP_PARAMS { + CK_ULONG ulPasswordLen; + CK_BYTE_PTR pPassword; + CK_ULONG ulPublicDataLen; + CK_BYTE_PTR pPublicData; + CK_ULONG ulPAndGLen; + CK_ULONG ulQLen; + CK_ULONG ulRandomLen; + CK_BYTE_PTR pRandomA; + CK_BYTE_PTR pPrimeP; + CK_BYTE_PTR pBaseG; + CK_BYTE_PTR pSubprimeQ; +} CK_SKIPJACK_PRIVATE_WRAP_PARAMS; + +typedef CK_SKIPJACK_PRIVATE_WRAP_PARAMS CK_PTR CK_SKIPJACK_PRIVATE_WRAP_PTR; + +/* CK_SKIPJACK_RELAYX_PARAMS provides the parameters to the + * CKM_SKIPJACK_RELAYX mechanism */ +/* CK_SKIPJACK_RELAYX_PARAMS is new for v2.0 */ +typedef struct CK_SKIPJACK_RELAYX_PARAMS { + CK_ULONG ulOldWrappedXLen; + CK_BYTE_PTR pOldWrappedX; + CK_ULONG ulOldPasswordLen; + CK_BYTE_PTR pOldPassword; + CK_ULONG ulOldPublicDataLen; + CK_BYTE_PTR pOldPublicData; + CK_ULONG ulOldRandomLen; + CK_BYTE_PTR pOldRandomA; + CK_ULONG ulNewPasswordLen; + CK_BYTE_PTR pNewPassword; + CK_ULONG ulNewPublicDataLen; + CK_BYTE_PTR pNewPublicData; + CK_ULONG ulNewRandomLen; + CK_BYTE_PTR pNewRandomA; +} CK_SKIPJACK_RELAYX_PARAMS; + +typedef CK_SKIPJACK_RELAYX_PARAMS CK_PTR CK_SKIPJACK_RELAYX_PARAMS_PTR; + +typedef struct CK_PBE_PARAMS { + CK_BYTE_PTR pInitVector; + CK_UTF8CHAR_PTR pPassword; + CK_ULONG ulPasswordLen; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_ULONG ulIteration; +} CK_PBE_PARAMS; + +typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR; + +/* CK_KEY_WRAP_SET_OAEP_PARAMS provides the parameters to the + * CKM_KEY_WRAP_SET_OAEP mechanism */ +/* CK_KEY_WRAP_SET_OAEP_PARAMS is new for v2.0 */ +typedef struct CK_KEY_WRAP_SET_OAEP_PARAMS { + CK_BYTE bBC; /* block contents byte */ + CK_BYTE_PTR pX; /* extra data */ + CK_ULONG ulXLen; /* length of extra data in bytes */ +} CK_KEY_WRAP_SET_OAEP_PARAMS; + +typedef CK_KEY_WRAP_SET_OAEP_PARAMS CK_PTR CK_KEY_WRAP_SET_OAEP_PARAMS_PTR; + +typedef struct CK_SSL3_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE_PTR pServerRandom; + CK_ULONG ulServerRandomLen; +} CK_SSL3_RANDOM_DATA; + +typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS { + CK_SSL3_RANDOM_DATA RandomInfo; + CK_VERSION_PTR pVersion; +} CK_SSL3_MASTER_KEY_DERIVE_PARAMS; + +typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR + CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_SSL3_KEY_MAT_OUT { + CK_OBJECT_HANDLE hClientMacSecret; + CK_OBJECT_HANDLE hServerMacSecret; + CK_OBJECT_HANDLE hClientKey; + CK_OBJECT_HANDLE hServerKey; + CK_BYTE_PTR pIVClient; + CK_BYTE_PTR pIVServer; +} CK_SSL3_KEY_MAT_OUT; + +typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR; + +typedef struct CK_SSL3_KEY_MAT_PARAMS { + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_BBOOL bIsExport; + CK_SSL3_RANDOM_DATA RandomInfo; + CK_SSL3_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +} CK_SSL3_KEY_MAT_PARAMS; + +typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR; + +/* CK_TLS_PRF_PARAMS is new for version 2.20 */ +typedef struct CK_TLS_PRF_PARAMS { + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLen; + CK_BYTE_PTR pOutput; + CK_ULONG_PTR pulOutputLen; +} CK_TLS_PRF_PARAMS; + +typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR; + +/* WTLS is new for version 2.20 */ +typedef struct CK_WTLS_RANDOM_DATA { + CK_BYTE_PTR pClientRandom; + CK_ULONG ulClientRandomLen; + CK_BYTE_PTR pServerRandom; + CK_ULONG ulServerRandomLen; +} CK_WTLS_RANDOM_DATA; + +typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR; + +typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_BYTE_PTR pVersion; +} CK_WTLS_MASTER_KEY_DERIVE_PARAMS; + +typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR + CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR; + +typedef struct CK_WTLS_PRF_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; + CK_BYTE_PTR pLabel; + CK_ULONG ulLabelLen; + CK_BYTE_PTR pOutput; + CK_ULONG_PTR pulOutputLen; +} CK_WTLS_PRF_PARAMS; + +typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR; + +typedef struct CK_WTLS_KEY_MAT_OUT { + CK_OBJECT_HANDLE hMacSecret; + CK_OBJECT_HANDLE hKey; + CK_BYTE_PTR pIV; +} CK_WTLS_KEY_MAT_OUT; + +typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR; + +typedef struct CK_WTLS_KEY_MAT_PARAMS { + CK_MECHANISM_TYPE DigestMechanism; + CK_ULONG ulMacSizeInBits; + CK_ULONG ulKeySizeInBits; + CK_ULONG ulIVSizeInBits; + CK_ULONG ulSequenceNumber; + CK_BBOOL bIsExport; + CK_WTLS_RANDOM_DATA RandomInfo; + CK_WTLS_KEY_MAT_OUT_PTR pReturnedKeyMaterial; +} CK_WTLS_KEY_MAT_PARAMS; + +typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR; + +/* CMS is new for version 2.20 */ +typedef struct CK_CMS_SIG_PARAMS { + CK_OBJECT_HANDLE certificateHandle; + CK_MECHANISM_PTR pSigningMechanism; + CK_MECHANISM_PTR pDigestMechanism; + CK_UTF8CHAR_PTR pContentType; + CK_BYTE_PTR pRequestedAttributes; + CK_ULONG ulRequestedAttributesLen; + CK_BYTE_PTR pRequiredAttributes; + CK_ULONG ulRequiredAttributesLen; +} CK_CMS_SIG_PARAMS; + +typedef CK_CMS_SIG_PARAMS CK_PTR CK_CMS_SIG_PARAMS_PTR; + +typedef struct CK_KEY_DERIVATION_STRING_DATA { + CK_BYTE_PTR pData; + CK_ULONG ulLen; +} CK_KEY_DERIVATION_STRING_DATA; + +typedef CK_KEY_DERIVATION_STRING_DATA CK_PTR CK_KEY_DERIVATION_STRING_DATA_PTR; + +/* The CK_EXTRACT_PARAMS is used for the + * CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit + * of the base key should be used as the first bit of the + * derived key */ +/* CK_EXTRACT_PARAMS is new for v2.0 */ +typedef CK_ULONG CK_EXTRACT_PARAMS; + +typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR; + +/* CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is new for v2.10. + * CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to + * indicate the Pseudo-Random Function (PRF) used to generate + * key bits using PKCS #5 PBKDF2. */ +typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; + +typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR; + +/* The following PRFs are defined in PKCS #5 v2.0. */ +#define CKP_PKCS5_PBKD2_HMAC_SHA1 0x00000001 + +/* CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is new for v2.10. + * CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the + * source of the salt value when deriving a key using PKCS #5 + * PBKDF2. */ +typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; + +typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR; + +/* The following salt value sources are defined in PKCS #5 v2.0. */ +#define CKZ_SALT_SPECIFIED 0x00000001 + +/* CK_PKCS5_PBKD2_PARAMS is new for v2.10. + * CK_PKCS5_PBKD2_PARAMS is a structure that provides the + * parameters to the CKM_PKCS5_PBKD2 mechanism. */ +typedef struct CK_PKCS5_PBKD2_PARAMS { + CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; + CK_VOID_PTR pSaltSourceData; + CK_ULONG ulSaltSourceDataLen; + CK_ULONG iterations; + CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; + CK_VOID_PTR pPrfData; + CK_ULONG ulPrfDataLen; + CK_UTF8CHAR_PTR pPassword; + // CK_ULONG_PTR ulPasswordLen; + CK_ULONG ulPasswordLen; +} CK_PKCS5_PBKD2_PARAMS; + +typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR; + +/* All CK_OTP structs are new for PKCS #11 v2.20 amendment 3 */ + +typedef CK_ULONG CK_OTP_PARAM_TYPE; +typedef CK_OTP_PARAM_TYPE CK_PARAM_TYPE; /* B/w compatibility */ + +typedef struct CK_OTP_PARAM { + CK_OTP_PARAM_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_OTP_PARAM; + +typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR; + +typedef struct CK_OTP_PARAMS { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_PARAMS; + +typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR; + +typedef struct CK_OTP_SIGNATURE_INFO { + CK_OTP_PARAM_PTR pParams; + CK_ULONG ulCount; +} CK_OTP_SIGNATURE_INFO; + +typedef CK_OTP_SIGNATURE_INFO CK_PTR CK_OTP_SIGNATURE_INFO_PTR; + +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ +#define CK_OTP_VALUE 0 +#define CK_OTP_PIN 1 +#define CK_OTP_CHALLENGE 2 +#define CK_OTP_TIME 3 +#define CK_OTP_COUNTER 4 +#define CK_OTP_FLAGS 5 +#define CK_OTP_OUTPUT_LENGTH 6 +#define CK_OTP_OUTPUT_FORMAT 7 + +/* The following OTP-related defines are new for PKCS #11 v2.20 amendment 1 */ +#define CKF_NEXT_OTP 0x00000001 +#define CKF_EXCLUDE_TIME 0x00000002 +#define CKF_EXCLUDE_COUNTER 0x00000004 +#define CKF_EXCLUDE_CHALLENGE 0x00000008 +#define CKF_EXCLUDE_PIN 0x00000010 +#define CKF_USER_FRIENDLY_OTP 0x00000020 + +/* CK_KIP_PARAMS is new for PKCS #11 v2.20 amendment 2 */ +typedef struct CK_KIP_PARAMS { + CK_MECHANISM_PTR pMechanism; + CK_OBJECT_HANDLE hKey; + CK_BYTE_PTR pSeed; + CK_ULONG ulSeedLen; +} CK_KIP_PARAMS; + +typedef CK_KIP_PARAMS CK_PTR CK_KIP_PARAMS_PTR; + +/* CK_AES_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_AES_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_AES_CTR_PARAMS; + +typedef CK_AES_CTR_PARAMS CK_PTR CK_AES_CTR_PARAMS_PTR; + +/* CK_CAMELLIA_CTR_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_CAMELLIA_CTR_PARAMS { + CK_ULONG ulCounterBits; + CK_BYTE cb[16]; +} CK_CAMELLIA_CTR_PARAMS; + +typedef CK_CAMELLIA_CTR_PARAMS CK_PTR CK_CAMELLIA_CTR_PARAMS_PTR; + +/* CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR + CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +/* CK_ARIA_CBC_ENCRYPT_DATA_PARAMS is new for PKCS #11 v2.20 amendment 3 */ +typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS { + CK_BYTE iv[16]; + CK_BYTE_PTR pData; + CK_ULONG length; +} CK_ARIA_CBC_ENCRYPT_DATA_PARAMS; + +typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR + CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR; + +#endif diff --git a/cryptoki-sys/vendor/thales-safenet/sfnt_extensions.h b/cryptoki-sys/vendor/thales-safenet/sfnt_extensions.h new file mode 100644 index 00000000..748d415a --- /dev/null +++ b/cryptoki-sys/vendor/thales-safenet/sfnt_extensions.h @@ -0,0 +1,1563 @@ +/*************************************************************************** + * + * Filename: sfnt_extensions.h + * + * Description: Function prototypes, typedefs, etc. for PKCS #11 API. + * + * This file is protected by laws protecting trade secrets and confidential + * information, as well as copyright laws and international treaties. + * Copyright (c) 2004 SafeNet, Inc. All rights reserved. + * + * This file contains confidential and proprietary information of + * SafeNet, Inc. and its licensors and may not be + * copied (in any manner), distributed (by any means) or transferred + * without prior written consent from SafeNet, Inc. + ********************VERY IMPORTANT****************************************** + * DO NOT ADD ANY NEW SAFENET EXTENSIONS TO ./cryptoki/cryptoki.h + * ADD ALL NEW TYPE DEFINITION EXTENSIONS TO /cryptoki/cryptoki_v2.h + * ADD ALL CA_ FUNCTION EXTENSIONS TO /cryptoki/sfnt_extensions.h + ****************************************************************************/ +// add all SafeNet CA_ extension functions here + +CK_RV CK_ENTRY +CA_GetFunctionList(CK_SFNT_CA_FUNCTION_LIST_PTR_PTR ppSfntFunctionList); + +CK_RV CK_ENTRY CA_WaitForSlotEvent(CK_FLAGS flags, CK_ULONG history[2], + CK_SLOT_ID_PTR pSlot, CK_VOID_PTR pReserved); + +CK_RV CK_ENTRY CA_InitIndirectToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin, + CK_ULONG usPinLen, CK_CHAR_PTR pLabel, + CK_SESSION_HANDLE hPrimarySession); + +CK_RV CK_ENTRY CA_InitIndirectPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, + CK_ULONG usPinLen, + CK_SESSION_HANDLE hPrimarySession); + +CK_RV CK_ENTRY CA_ResetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pPin, + CK_ULONG usPinLen); + +CK_RV CK_ENTRY CA_CreateLoginChallenge(CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_ULONG ulChallengeDataSize, + CK_CHAR_PTR pChallengeData, + CK_ULONG_PTR ulOutputDataSize, + CK_CHAR_PTR pOutputData); + +CK_RV CK_ENTRY CA_Deactivate(CK_SLOT_ID slotId, CK_USER_TYPE userType); + +/****************************************************************************\ +* * +* Session management * +* * +\****************************************************************************/ + +CK_RV CK_ENTRY CA_OpenSession(CK_SLOT_ID slotID, CK_ULONG ulContainerNumber, + CK_FLAGS flags, CK_VOID_PTR pApplication, + CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + +CK_RV CK_ENTRY CA_IndirectLogin(CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_SESSION_HANDLE hPrimarySession); + +/****************************************************************************\ +* * +* Remote PED * +* * +\****************************************************************************/ +CK_RV CK_ENTRY CA_InitializeRemotePEDVector(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_DeleteRemotePEDVector(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_GetRemotePEDVectorStatus(CK_SLOT_ID slotID, + CK_ULONG_PTR pulStatus); + +CK_RV CK_ENTRY CA_ConfigureRemotePED(CK_SLOT_ID slotId, CK_CHAR_PTR pHostName, + CK_ULONG ulPort, CK_ULONG_PTR pulPedId); + +CK_RV CK_ENTRY CA_DismantleRemotePED(CK_SLOT_ID slotId, CK_ULONG ulPedId); + +/****************************************************************************\ +* * +* Application access management * +* * +\****************************************************************************/ +CK_RV CK_ENTRY CA_Restart(CK_SLOT_ID slotID); +CK_RV CK_ENTRY CA_RestartForContainer(CK_SLOT_ID slotID, + CK_ULONG ulContainerNumber); +CK_RV CK_ENTRY CA_CloseApplicationID(CK_SLOT_ID slotID, CK_ULONG ulHigh, + CK_ULONG ulLow); +CK_RV CK_ENTRY CA_CloseApplicationIDForContainer(CK_SLOT_ID slotID, + CK_ULONG ulHigh, + CK_ULONG ulLow, + CK_ULONG ulContainerNumber); + +CK_RV CK_ENTRY CA_OpenApplicationID(CK_SLOT_ID slotID, CK_ULONG ulHigh, + CK_ULONG ulLow); +CK_RV CK_ENTRY CA_OpenApplicationIDForContainer(CK_SLOT_ID slotID, + CK_ULONG ulHigh, CK_ULONG ulLow, + CK_ULONG ulContainerNumber); + +CK_RV CK_ENTRY CA_SetApplicationID(CK_ULONG ulHigh, CK_ULONG ulLow); + +/****************************************************************************\ +* * +* Callbacks * +* * +\****************************************************************************/ +/*CK_RV CK_ENTRY Notify(CK_SESSION_HANDLE hSession, + CK_NOTIFICATION event, + CK_VOID_PTR pApplication);*/ + +/****************************************************************************\ +* +* Certificate Authority +* +\****************************************************************************/ +CK_RV CK_ENTRY CA_ManualKCV(CK_SESSION_HANDLE hSession); +CK_RV CK_ENTRY CA_SetLKCV(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLegacyCloningDomainString, + CK_ULONG ulLegacyCloningDomainStringLen); +CK_RV CK_ENTRY CA_SetKCV(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pCloningDomainString, + CK_ULONG ulCloningDomainStringLen); +CK_RV CK_ENTRY CA_SetCloningDomain(CK_BYTE_PTR pCloningDomainString, + CK_ULONG ulCloningDomainStringLen); +CK_RV CK_ENTRY CA_ClonePrivateKey(CK_SESSION_HANDLE hTargetSession, + CK_SESSION_HANDLE hSourceSession, + CK_OBJECT_HANDLE hObjectToCloneHandle, + CK_OBJECT_HANDLE_PTR phClonedKey); +CK_RV CK_ENTRY CA_CloneObject(CK_SESSION_HANDLE hTargetSession, + CK_SESSION_HANDLE hSourceSession, + CK_ULONG ulObjectType, + CK_OBJECT_HANDLE hObjectHandle, + CK_OBJECT_HANDLE_PTR phClonedObject); + +CK_RV CK_ENTRY CA_GenerateCloningKEV(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pKEV, CK_ULONG_PTR pulKEVSize); + +CK_RV CK_ENTRY CA_CloneAsTargetInit(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pTWC, CK_ULONG ulTWCSize, + CK_BYTE_PTR pKEV, CK_ULONG ulKEVSize, + CK_BBOOL bReplicate, CK_BYTE_PTR pPart1, + CK_ULONG_PTR pulPart1Size); + +CK_RV CK_ENTRY CA_CloneAsSource(CK_SESSION_HANDLE hSession, CK_ULONG hType, + CK_ULONG hHandle, CK_BYTE_PTR pPart1, + CK_ULONG ulPart1Size, CK_BBOOL bReplicate, + CK_BYTE_PTR pPart2, CK_ULONG_PTR pulPart2Size); + +CK_RV CK_ENTRY CA_CloneAsTarget(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pKEV, + CK_ULONG ulKEVSize, CK_BYTE_PTR pPart2, + CK_ULONG ulPart2Size, CK_ULONG hType, + CK_ULONG hHandle, CK_BBOOL bReplicate, + CK_OBJECT_HANDLE_PTR phClonedHandle); + +CK_RV CK_ENTRY CA_SetMofN(CK_BBOOL bFlag); +CK_RV CK_ENTRY CA_GenerateMofN(CK_SESSION_HANDLE hSession, CK_ULONG ulM, + CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, + CK_ULONG isSecurePortUsed, + CK_VOID_PTR pReserved); +CK_RV CK_ENTRY CA_GenerateCloneableMofN( + CK_SESSION_HANDLE hSession, CK_ULONG ulM, CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, CK_ULONG isSecurePortUsed, CK_VOID_PTR pReserved); +CK_RV CK_ENTRY CA_ModifyMofN(CK_SESSION_HANDLE hSession, CK_ULONG ulM, + CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, CK_ULONG isSecurePortUsed, + CK_VOID_PTR pReserved); +CK_RV CK_ENTRY CA_CloneMofN(CK_SESSION_HANDLE hSession, + CK_SESSION_HANDLE hPrimarySession, + CK_VOID_PTR pReserved); +CK_RV CK_ENTRY CA_CloneModifyMofN(CK_SESSION_HANDLE hSession, + CK_SESSION_HANDLE hPrimarySession, + CK_VOID_PTR pReserved); +CK_RV CK_ENTRY CA_ActivateMofN(CK_SESSION_HANDLE hSession, + CA_MOFN_ACTIVATION_PTR pVectors, + CK_ULONG ulVectorCount); +CK_RV CK_ENTRY CA_DeactivateMofN(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_GetMofNStatus(CK_SLOT_ID slotID, + CA_MOFN_STATUS_PTR pMofNStatus); + +CK_RV CK_ENTRY CA_DuplicateMofN(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_IsMofNEnabled(CK_SLOT_ID slotID, CK_ULONG_PTR enabled); + +CK_RV CK_ENTRY CA_IsMofNRequired(CK_SLOT_ID slotID, CK_ULONG_PTR required); + +/****************************************************************************\ +* +* Token Certificate Management +* +\****************************************************************************/ +CK_RV CK_ENTRY CA_GenerateTokenKeys(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG usTemplateLen); +CK_RV CK_ENTRY CA_GetTokenCertificateInfo(CK_SLOT_ID slotID, + CK_ULONG ulAccessLevel, + CK_BYTE_PTR pCertificate, + CK_ULONG_PTR pulCertificateLen); +CK_RV CK_ENTRY CA_SetTokenCertificateSignature( + CK_SESSION_HANDLE hSession, CK_ULONG ulAccessLevel, CK_ULONG ulCustomerId, + CK_ATTRIBUTE_PTR pPublicTemplate, CK_ULONG usPublicTemplateLen, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + +CK_RV CK_ENTRY CA_GetModuleList(CK_SLOT_ID slotId, CKCA_MODULE_ID_PTR pList, + CK_ULONG ulListLen, + CK_ULONG_PTR pulReturnedSize); + +CK_RV CK_ENTRY CA_GetModuleInfo(CK_SLOT_ID slotId, CKCA_MODULE_ID moduleId, + CKCA_MODULE_INFO_PTR pInfo); + +CK_RV CK_ENTRY +CA_LoadModule(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pModuleCode, + CK_ULONG ulModuleCodeSize, CK_BYTE_PTR pModuleSignature, + CK_ULONG ulModuleSignatureSize, CK_BYTE_PTR pCertificate, + CK_ULONG ulCertificateSize, CK_BYTE_PTR pControlData, + CK_ULONG ulControlDataSize, CKCA_MODULE_ID_PTR pModuleId); + +CK_RV CK_ENTRY CA_LoadEncryptedModule( + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pIv, + CK_ULONG ulIvLen, CK_BYTE_PTR pModuleCode, CK_ULONG ulModuleCodeSize, + CK_BYTE_PTR pModuleSignature, CK_ULONG ulModuleSignatureSize, + CK_BYTE_PTR pCertificate, CK_ULONG ulCertificateSize, + CKCA_MODULE_ID_PTR pModuleId); + +CK_RV CK_ENTRY CA_UnloadModule(CK_SESSION_HANDLE hSession, + CKCA_MODULE_ID moduleId); + +CK_RV CK_ENTRY CA_PerformModuleCall(CK_SESSION_HANDLE hSession, + CKCA_MODULE_ID moduleId, + CK_BYTE_PTR pRequest, + CK_ULONG ulRequestSize, CK_BYTE_PTR pAnswer, + CK_ULONG ulAnswerSize, + CK_ULONG_PTR pulAnswerAvailable); + +CK_RV CK_ENTRY C_PerformSelfTest(CK_SLOT_ID slotID, CK_ULONG typeOfTest, + CK_BYTE_PTR inputData, + CK_ULONG sizeOfInputData, + CK_BYTE_PTR outputData, + CK_ULONG_PTR sizeOfOutputData); + +/****************************************************************************\ +* +* HSM Update +* +\****************************************************************************/ +CK_RV CK_ENTRY CA_FirmwareUpdate(CK_SESSION_HANDLE hSession, + CK_ULONG ulTargetHardwarePlatform, + CK_ULONG ulAuthCodeLen, CK_BYTE_PTR pAuthCode, + CK_ULONG ulManifestLen, CK_BYTE_PTR pManifest, + CK_ULONG ulFirmwareLen, CK_BYTE_PTR pFirmware); + +CK_RV CK_ENTRY CA_FirmwareRollback(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_CapabilityUpdate(CK_SESSION_HANDLE hSession, + CK_ULONG ulManifestLen, + CK_BYTE_PTR pManifest, + CK_ULONG ulAuthcodeLen, + CK_BYTE_PTR pAuthcode); + +/****************************************************************************\ +* +* Policy bit manipulations +* +\****************************************************************************/ + +CK_RV CK_ENTRY CA_GetUserContainerNumber(CK_SLOT_ID slotID, + CK_ULONG_PTR pulContainerNumber); + +CK_RV CK_ENTRY CA_GetUserContainerName(CK_SLOT_ID slotID, CK_BYTE_PTR pName, + CK_ULONG_PTR pulNameLen); + +CK_RV CK_ENTRY CA_SetUserContainerName(CK_SLOT_ID slotID, CK_BYTE_PTR pName, + CK_ULONG ulNameLen); + +CK_RV CK_ENTRY CA_GetTokenInsertionCount(CK_SLOT_ID slotID, + CK_ULONG_PTR pulCount); + +CK_RV CK_ENTRY CA_GetRollbackFirmwareVersion(CK_SLOT_ID slotID, + CK_ULONG_PTR pulVersion); + +CK_RV CK_ENTRY CA_GetFPV(CK_SLOT_ID slotID, CK_ULONG_PTR pulFpv); + +CK_RV CK_ENTRY CA_GetTPV(CK_SLOT_ID slotID, CK_ULONG_PTR pulTpv); + +CK_RV CK_ENTRY CA_GetExtendedTPV(CK_SLOT_ID slotID, CK_ULONG_PTR pulTpv, + CK_ULONG_PTR pulTpvExt); + +CK_RV CK_ENTRY CA_GetConfigurationElementDescription( + CK_SLOT_ID slotID, CK_ULONG ulIsContainerElement, + CK_ULONG ulIsCapabilityElement, CK_ULONG ulElementId, + CK_ULONG_PTR pulElementBitLength, CK_ULONG_PTR pulElementDestructive, + CK_ULONG_PTR pulElementWriteRestricted, CK_CHAR_PTR pDescription); + +CK_RV CK_ENTRY CA_GetHSMCapabilitySet(CK_SLOT_ID uPhysicalSlot, + CK_ULONG_PTR pulCapIdArray, + CK_ULONG_PTR pulCapIdSize, + CK_ULONG_PTR pulCapValArray, + CK_ULONG_PTR pulCapValSize); + +CK_RV CK_ENTRY CA_GetHSMCapabilitySetting(CK_SLOT_ID slotID, + CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +CK_RV CK_ENTRY CA_GetHSMPolicySet(CK_SLOT_ID uPhysicalSlot, + CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyIdSize, + CK_ULONG_PTR pulPolicyValArray, + CK_ULONG_PTR pulPolicyValSize); + +CK_RV CK_ENTRY CA_GetHSMPolicySetting(CK_SLOT_ID slotID, CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +CK_RV CK_ENTRY CA_GetContainerCapabilitySet(CK_SLOT_ID uPhysicalSlot, + CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulCapIdArray, + CK_ULONG_PTR pulCapIdSize, + CK_ULONG_PTR pulCapValArray, + CK_ULONG_PTR pulCapValSize); + +CK_RV CK_ENTRY CA_GetContainerCapabilitySetting(CK_SLOT_ID slotID, + CK_ULONG ulContainerNumber, + CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +CK_RV CK_ENTRY CA_GetContainerPolicySet(CK_SLOT_ID uPhysicalSlot, + CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyIdSize, + CK_ULONG_PTR pulPolicyValArray, + CK_ULONG_PTR pulPolicyValSize); + +CK_RV CK_ENTRY CA_GetContainerPolicySetting(CK_SLOT_ID uPhysicalSlot, + CK_ULONG ulContainerNumber, + CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +CK_RV CK_ENTRY CA_SetTPV(CK_SESSION_HANDLE hSession, CK_ULONG ulTpv); + +CK_RV CK_ENTRY CA_SetExtendedTPV(CK_SESSION_HANDLE hSession, CK_ULONG ulTpv, + CK_ULONG ulTpvExt); + +CK_RV CK_ENTRY CA_SetHSMPolicy(CK_SESSION_HANDLE hSession, CK_ULONG ulPolicyId, + CK_ULONG ulPolicyValue); + +CK_RV CK_ENTRY CA_SetHSMPolicies(CK_SESSION_HANDLE hSession, + CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyValueArray); + +CK_RV CK_ENTRY CA_SetDestructiveHSMPolicy(CK_SESSION_HANDLE hSession, + CK_ULONG ulPolicyId, + CK_ULONG ulPolicyValue); + +CK_RV CK_ENTRY CA_SetDestructiveHSMPolicies(CK_SESSION_HANDLE hSession, + CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyValueArray); + +CK_RV CK_ENTRY CA_SetContainerPolicy(CK_SESSION_HANDLE hSession, + CK_ULONG ulContainer, CK_ULONG ulPolicyId, + CK_ULONG ulPolicyValue); + +CK_RV CK_ENTRY CA_SetContainerPolicies(CK_SESSION_HANDLE hSession, + CK_ULONG ulContainer, + CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyValueArray); + +/****************************************************************************\ +* +* SafeNet functions +* +* These functions are implemented for use by SafeNet, Inc. tools. They +* should not be used by Toolkit customers +* +\****************************************************************************/ +CK_RV CK_ENTRY CA_RetrieveLicenseList(CK_SLOT_ID slotID, + CK_ULONG_PTR pulidArraySize, + CK_ULONG_PTR pulidArray); +CK_RV CK_ENTRY CA_QueryLicense(CK_SLOT_ID slotID, CK_ULONG licenseIdLow, + CK_ULONG licenseIdHigh, + CK_ULONG_PTR pulLicenseType, + CK_ULONG_PTR pulDescVersion, + CK_ULONG_PTR pulDescSize, + CK_BYTE_PTR pbDescBuffer); + +CK_RV CK_ENTRY CA_GetContainerStatus(CK_SLOT_ID slotID, + CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulContainerStatusFlags, + CK_ULONG_PTR pulFailedSOLogins, + CK_ULONG_PTR pulFailedUserLogins, + CK_ULONG_PTR pulFailedLimitedUserLogins); + +CK_RV CK_ENTRY CA_GetSessionInfo(CK_SESSION_HANDLE hSession, + CK_ULONG_PTR pulAidHigh, + CK_ULONG_PTR pulAidLow, + CK_ULONG_PTR pulContainerNumber, + CK_ULONG_PTR pulAuthenticationLevel); + +CK_RV CK_ENTRY CA_ReadCommonStore(CK_ULONG index, CK_BYTE_PTR pBuffer, + CK_ULONG_PTR pulBufferSize); +CK_RV CK_ENTRY CA_WriteCommonStore(CK_ULONG index, CK_BYTE_PTR pBuffer, + CK_ULONG ulBufferSize); + +CK_RV CK_ENTRY CA_GetPrimarySlot(CK_SESSION_HANDLE hSession, + CK_SLOT_ID_PTR slotId_p); +CK_RV CK_ENTRY CA_GetSecondarySlot(CK_SESSION_HANDLE hSession, + CK_SLOT_ID_PTR slotId_p); +CK_RV CK_ENTRY CA_SwitchSecondarySlot(CK_SESSION_HANDLE hSession, + CK_SLOT_ID slotID, CK_ULONG slotInstance); +CK_RV CK_ENTRY CA_CloseSecondarySession(CK_SESSION_HANDLE hSession, + CK_SLOT_ID slotID, + CK_ULONG slotInstance); +CK_RV CK_ENTRY CA_CloseAllSecondarySessions(CK_SESSION_HANDLE hSession); +CK_RV CK_ENTRY CA_ChoosePrimarySlot(CK_SESSION_HANDLE hSession); +CK_RV CK_ENTRY CA_ChooseSecondarySlot(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_CloneObjectToAllSessions(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); +CK_RV CK_ENTRY CA_CloneAllObjectsToSession(CK_SESSION_HANDLE hSession, + CK_SLOT_ID slotId); + +CK_RV CK_ENTRY GetTotalOperations(CK_SLOT_ID slotId, int *operations); +CK_RV CK_ENTRY ResetTotalOperations(CK_SLOT_ID slotId); + +CK_RV CK_ENTRY CA_ResetDevice(CK_SLOT_ID slotId, CK_FLAGS flags); + +CK_RV CK_ENTRY CA_FactoryReset(CK_SLOT_ID slotId, CK_FLAGS flags); + +CK_RV CK_ENTRY CA_SetPedId(CK_SLOT_ID slotId, CK_ULONG usPedId); + +CK_RV CK_ENTRY CA_GetPedId(CK_SLOT_ID slotId, CK_ULONG *usPedId); + +CK_RV CK_ENTRY CA_SpRawRead(CK_SLOT_ID slotId, CK_ULONG_PTR data); + +CK_RV CK_ENTRY CA_SpRawWrite(CK_SLOT_ID slotId, CK_ULONG_PTR data); + +CK_RV CK_ENTRY CA_CheckOperationState(CK_SESSION_HANDLE hSession, + CK_ULONG operation, CK_BBOOL *pactive); + +CK_RV CK_ENTRY CA_SinglePartSign(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pData, + CK_ULONG usDataLen, CK_BYTE_PTR pSignature, + CK_ULONG_PTR pusSignatureLen); + +CK_RV CK_ENTRY CA_SinglePartDecrypt(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, + CK_BYTE_PTR pWrappedKey, + CK_ULONG usWrappedKeyLen, + CK_BYTE_PTR pUnwrappedKey, + CK_ULONG_PTR pusUnwrappedKeyLen); + +CK_RV CK_ENTRY CA_DestroyMultipleObjects(CK_SESSION_HANDLE hSession, + CK_ULONG ulHandleCount, + CK_OBJECT_HANDLE_PTR pHandleList, + CK_ULONG_PTR pulIndex); + +/****************************************************************************\ +* +* SafeNet High Availability Recovery functions +* +\****************************************************************************/ +CK_RV CK_ENTRY CA_HAInit(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hLoginPrivateKey); + +CK_RV CK_ENTRY CA_HAGetMasterPublic(CK_SLOT_ID slotId, CK_BYTE_PTR pCertificate, + CK_ULONG_PTR pulCertificate); + +CK_RV CK_ENTRY CA_HAGetLoginChallenge(CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_BYTE_PTR pCertificate, + CK_ULONG ulCertificateLen, + CK_BYTE_PTR pChallengeBlob, + CK_ULONG_PTR pulChallengeBlobLen); + +CK_RV CK_ENTRY CA_HAAnswerLoginChallenge(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hLoginPrivateKey, + CK_BYTE_PTR pChallengeBlob, + CK_ULONG ulChallengeBlobLen, + CK_BYTE_PTR pEncryptedPin, + CK_ULONG_PTR pulEncryptedPinLen); + +CK_RV CK_ENTRY CA_HALogin(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pEncryptedPin, + CK_ULONG ulEncryptedPinLen, CK_BYTE_PTR pMofNBlob, + CK_ULONG_PTR pulMofNBlobLen); + +CK_RV CK_ENTRY CA_HAAnswerMofNChallenge(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pMofNBlob, + CK_ULONG ulMofNBlobLen, + CK_BYTE_PTR pMofNSecretBlob, + CK_ULONG_PTR pulMofNSecretBlobLen); + +CK_RV CK_ENTRY CA_HAActivateMofN(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pMofNSecretBlob, + CK_ULONG ulMofNSecretBlobLen); + +CK_RV CK_ENTRY CA_GetHAState(CK_SLOT_ID slotId, CK_HA_STATE_PTR pState); + +CK_RV CK_ENTRY CA_GetTokenCertificates(CK_SLOT_ID slotID, CK_ULONG ulCertType, + CK_BYTE_PTR pCertificate, + CK_ULONG_PTR pulCertificateLen); + +/****************************************************************************\ +* +* SafeNet Offboard Key Storage Functions +* +\****************************************************************************/ + +CK_RV CK_ENTRY CA_ExtractMaskedObject(CK_SESSION_HANDLE hSession, + CK_ULONG ulObjectHandle, + CK_BYTE_PTR pMaskedKey, + CK_ULONG_PTR pusMaskedKeyLen); + +CK_RV CK_ENTRY CA_InsertMaskedObject(CK_SESSION_HANDLE hSession, + CK_ULONG_PTR pulObjectHandle, + CK_BYTE_PTR pMaskedKey, + CK_ULONG usMaskedKeyLen); + +CK_RV CK_ENTRY CA_MultisignValue( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ULONG ulMaskedKeyLen, CK_BYTE_PTR pMaskedKey, CK_ULONG_PTR pulBlobCount, + CK_ULONG_PTR pulBlobLens, CK_BYTE_PTR CK_PTR ppBlobs, + CK_ULONG_PTR pulSignatureLens, CK_BYTE_PTR CK_PTR ppSignatures); + +////////////////////////////////////////////////////////////////////// +// +// Function: CA_SIMExtract +// +// Description: Use the SIM functionality to extract a set of objects +// from the HSM. The objects are returned as a "blob". This +// blob may be reinserted later (using CA_SIMInsert) or used with +// the CA_SIMMultiSign function. +// +// Note that this function supports the ability to return the size +// of the blob and the blob itself in two separate calls. If the +// function is invoked with a null pBlob pointer, only the size of +// the blob will be returned. A subsequent call with identical +// parameters will return the blob itself. If the blob is to +// be retrieved, the *pulBlobSize value should be initialized with +// the size of the buffer available to receive the blob. +// +// The blob is protected by authorization data, as specified by +// the parameters. The ulAuthSecretCount specifies how many +// authorization secrets are defined, and the ulAuthSubsetCount +// parameter specifies how many must be presented before the +// blob may be used with CA_SIMInsert or CA_SIMMultiSign. +// +// Any number of objects may be extracted with a single call to +// CA_SIMExtract. The ulHandleCount and pHandleList parameters +// specify a list of handles of the objects to be extracted. +// If a ulHandleCount of zero is given, all objects within the +// HSM are extracted. +// +// The deleteAfterExtract parameter indicates whether or not the +// objects should be left on the HSM after they are extracted. +// If this parameter is given a value of TRUE, all indicated +// objects are deleted after the extract is complete. Note that +// this might be a dangerous use of the function, as the objects +// are deleted before the calling application gets an opportunity +// to store the resulting key blob -- a power failure at this +// point could result in lost data. +// +////////////////////////////////////////////////////////////////////// +CK_RV CK_ENTRY CA_SIMExtract(CK_SESSION_HANDLE hSession, CK_ULONG ulHandleCount, + CK_OBJECT_HANDLE_PTR pHandleList, + CK_ULONG ulAuthSecretCount, // N value + CK_ULONG ulAuthSubsetCount, // M value + CKA_SIM_AUTH_FORM authForm, + CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, + CK_BBOOL deleteAfterExtract, + CK_ULONG_PTR pulBlobSize, CK_BYTE_PTR pBlob); + +////////////////////////////////////////////////////////////////////// +// +// Function: CA_SIMInsert +// +// Description: Insert a set of objects that had previously been extracted +// using the CA_SIMExtract function. +// +// The SIM blob is provided along with authorization data. If the +// authorization data is correct and sufficient, the objects contained +// in the blob are inserted into the HSM. Note that a number of +// authorization secrets equal to the ulAuthSubsetCount of the +// CA_SIMExtract call must be provided. +// +// If the pHandleList parameter is null, only the handle count will +// be returned. The handle list itself may be retrieved on a subsequent +// call. If the handle list is to be retrieved, the *pulHandleCount +// value should be initialized to the size of the pHandleList buffer +// provided. +// +// Object handles in the handle list will be ordered as they were +// in the CA_SIMExtract call. That is, if a particular object was +// specified in the nth place in the handle list given to CA_SIMExtract, +// it will be returned in the nth place in the list when CA_SIMInsert +// returns. +// +////////////////////////////////////////////////////////////////////// +CK_RV CK_ENTRY CA_SIMInsert(CK_SESSION_HANDLE hSession, + CK_ULONG ulAuthSecretCount, // M value + CKA_SIM_AUTH_FORM authForm, + CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, CK_ULONG ulBlobSize, + CK_BYTE_PTR pBlob, CK_ULONG_PTR pulHandleCount, + CK_OBJECT_HANDLE_PTR pHandleList); + +////////////////////////////////////////////////////////////////////// +// +// Function: CA_SIMMultiSign +// +// Description: This function uses a key extracted from the HSM using +// the CA_SIMExtract function to perform signature operations on +// a set of input data. +// +// The input SIM blob may only contain a single object. This +// object must be a key of the appropriate type for the given +// mechanism. +// +// If the authorization data is correct for the given blob, the +// key is used to sign each element of the input data list. The +// resulting signatures are stored in the signature list output +// buffers. +// +// Note that this function does *NOT* support providing null +// pointers for the output signature buffers. The provided +// buffers must be large enough to accept the given signature. +// +////////////////////////////////////////////////////////////////////// +CK_RV CK_ENTRY CA_SIMMultiSign( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ULONG ulAuthSecretCount, // M value + CKA_SIM_AUTH_FORM authForm, CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, CK_ULONG ulBlobSize, CK_BYTE_PTR pBlob, + CK_ULONG ulInputDataCount, CK_ULONG_PTR pulInputDataLengths, + CK_BYTE_PTR *ppbInputDataList, CK_ULONG_PTR pulSignatureLengths, + CK_BYTE_PTR *ppbSignatureList); + +////////////////////////////////////////////////////////////////////// +// SIM3 Functions +////////////////////////////////////////////////////////////////////// +CK_RV CK_ENTRY CA_Extract(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + +CK_RV CK_ENTRY CA_Insert(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + +CK_RV CK_ENTRY CA_GetObjectUID(CK_SLOT_ID slotID, CK_ULONG ulContainerNum, + CK_ULONG ulObjectType, CK_ULONG ulObjectHandle, + CK_BYTE ouid[12]); + +CK_RV CK_ENTRY CA_GetObjectHandle(CK_SLOT_ID slotID, CK_ULONG ulContainerNum, + CK_BYTE ouid[12], CK_ULONG_PTR pulObjectType, + CK_ULONG_PTR pulObjectHandle); + +CK_RV CK_ENTRY CA_DeleteContainer(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_MTKSetStorage(CK_SESSION_HANDLE ulSessionNumber, + CK_ULONG ulStorageSetting); +CK_RV CK_ENTRY CA_MTKRestore(CK_SLOT_ID slotID); +CK_RV CK_ENTRY CA_MTKResplit(CK_SLOT_ID slotID); +CK_RV CK_ENTRY CA_MTKZeroize(CK_SLOT_ID slotID); +CK_RV CK_ENTRY CA_MTKGetState(CK_SLOT_ID slotID, CK_ULONG_PTR state); + +CK_RV CK_ENTRY CA_GetTSV(CK_SLOT_ID slotID, CK_ULONG_PTR pTSV); + +// +/****************************************************************************\ +* +* SafeNet High Availability Recovery functions +* +\****************************************************************************/ + +CK_RV CK_ENTRY CA_InvokeServiceInit(CK_SESSION_HANDLE hSession, + CK_ULONG ulPortNumber); + +CK_RV CK_ENTRY CA_InvokeService(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength, + CK_ULONG_PTR pulBufferOutLength); + +CK_RV CK_ENTRY CA_InvokeServiceFinal(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pBufferOut, + CK_ULONG_PTR pulBufferOutLength); + +CK_RV CK_ENTRY CA_InvokeServiceAsynch(CK_SESSION_HANDLE hSession, + CK_ULONG ulPortNumber, + CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength); + +CK_RV CK_ENTRY CA_InvokeServiceSinglePart(CK_SESSION_HANDLE hSession, + CK_ULONG ulPortNumber, + CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength, + CK_BYTE_PTR pBufferOut, + CK_ULONG_PTR pulBufferOutLength); + +CK_RV CK_ENTRY CA_EncodeECPrimeParams( + CK_BYTE_PTR DerECParams, CK_ULONG_PTR DerECParamsLen, CK_BYTE_PTR prime, + CK_ULONG primelen, CK_BYTE_PTR a, CK_ULONG alen, CK_BYTE_PTR b, + CK_ULONG blen, + CK_BYTE_PTR seed, // Can be NULL + CK_ULONG seedlen, CK_BYTE_PTR x, CK_ULONG xlen, CK_BYTE_PTR y, + CK_ULONG ylen, CK_BYTE_PTR order, CK_ULONG orderlen, + CK_BYTE_PTR cofactor, // Can be NULL + CK_ULONG cofactorlen); +CK_RV CK_ENTRY CA_EncodeECChar2Params( + CK_BYTE_PTR DerECParams, CK_ULONG_PTR DerECParamsLen, CK_ULONG m, + CK_ULONG k1, CK_ULONG k2, CK_ULONG k3, CK_BYTE_PTR a, CK_ULONG alen, + CK_BYTE_PTR b, CK_ULONG blen, + CK_BYTE_PTR seed, // Can be NULL + CK_ULONG seedlen, CK_BYTE_PTR x, CK_ULONG xlen, CK_BYTE_PTR y, + CK_ULONG ylen, CK_BYTE_PTR order, CK_ULONG orderlen, + CK_BYTE_PTR cofactor, // Can be NULL + CK_ULONG cofactorlen); + +CK_RV CK_ENTRY CA_EncodeECParamsFromFile(CK_BYTE_PTR DerECParams, + CK_ULONG_PTR DerECParamsLen, + CK_BYTE_PTR paramsFile); + +CK_RV CK_ENTRY CA_GetHSMStorageInformation(CK_SLOT_ID slotID, + CK_ULONG_PTR pulContainerOverhead, + CK_ULONG_PTR pulTotal, + CK_ULONG_PTR pulUsed, + CK_ULONG_PTR pulFree); + +CK_RV CK_ENTRY CA_GetContainerStorageInformation( + CK_SLOT_ID slotID, CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulContainerOverhead, CK_ULONG_PTR pulTotal, + CK_ULONG_PTR pulUsed, CK_ULONG_PTR pulFree, CK_ULONG_PTR pulObjectCount); + +CK_RV CK_ENTRY CA_SetContainerSize(CK_SESSION_HANDLE hSession, + CK_ULONG ulContainerNumber, CK_ULONG ulSize); + +CK_RV CK_ENTRY CA_CreateContainer(CK_SESSION_HANDLE hSession, CK_ULONG ulUSV, + CK_CHAR_PTR pContainerName, + CK_ULONG usContainerNameLen, CK_CHAR_PTR pPin, + CK_ULONG usPinLen, CK_ULONG ulIDHigh, + CK_ULONG ulIDLow, CK_ULONG ulOwnerHandle, + CK_ULONG ulStorageFlags, + CK_ULONG ulContainerSize, + CK_ULONG_PTR pulContainerNumber); + +CK_RV CK_ENTRY CA_InitAudit(CK_SLOT_ID slotID, CK_CHAR_PTR pPin, + CK_ULONG usPinLen, CK_CHAR_PTR pLabel); + +CK_RV CK_ENTRY CA_LogVerify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLogMsgs, + CK_ULONG ulMsgCount, CK_ULONG bChainToHSM, + CK_ULONG_PTR pulNumVerified); + +CK_RV CK_ENTRY CA_LogVerifyFile(CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pFileName, + CK_ULONG_PTR ulNumVerified); + +CK_RV CK_ENTRY CA_LogExternal(CK_SLOT_ID slotID, CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pStr, CK_ULONG ulLen); + +CK_RV CK_ENTRY CA_LogImportSecret(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pStr); + +CK_RV CK_ENTRY CA_LogExportSecret(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pStr); + +CK_RV CK_ENTRY CA_TimeSync(CK_SESSION_HANDLE hSession, CK_ULONG ulTime); + +CK_RV CK_ENTRY CA_GetTime(CK_SESSION_HANDLE hSession, CK_ULONG_PTR pulTime); + +CK_RV CK_ENTRY CA_LogSetConfig(CK_SESSION_HANDLE hSession, CK_ULONG mask, + CK_ULONG logRotateOffset, + CK_ULONG logRotateInterval, CK_ULONG maxLogSize, + CK_BYTE_PTR pLogPath); + +CK_RV CK_ENTRY CA_LogGetConfig(CK_SESSION_HANDLE hSession, CK_ULONG *mask, + CK_ULONG *logRotateOffset, + CK_ULONG *logRotateInterval, + CK_ULONG *maxLogSize, CK_BYTE_PTR pLogPath); + +CK_RV CK_ENTRY CA_LogEraseAll(CK_SESSION_HANDLE hSession); + +CK_RV CK_ENTRY CA_LogGetStatus(CK_SLOT_ID slotId, CK_ULONG *auditInitStatus, + CK_ULONG *lastPollResult, + CK_ULONG *lastSetConfigResult, + CK_ULONG *isConfigInParamArea, + CK_ULONG *numRecordsInFlash); + +CK_RV CK_ENTRY CA_DeleteContainerWithHandle(CK_SESSION_HANDLE hSession, + CK_ULONG ulContainerNumber); + +CK_RV CK_ENTRY CA_GetContainerList(CK_SLOT_ID slotID, CK_ULONG ulGroupHandle, + CK_ULONG ulContainerType, + CK_ULONG_PTR pulContainerHandles, + CK_ULONG_PTR pulNumberOfHandles); + +CK_RV CK_ENTRY CA_GetContainerName(CK_SLOT_ID slotID, + CK_ULONG ulContainerHandle, + CK_BYTE_PTR pContainerName, + CK_ULONG_PTR pulContainerNameLen); + +CK_RV CK_ENTRY CA_GetNumberOfAllowedContainers( + CK_SLOT_ID slot, CK_ULONG_PTR pulAllowedContainers); + +CK_RV CK_ENTRY CA_GetTunnelSlotNumber(CK_SLOT_ID slotID, + CK_SLOT_ID_PTR pTunnelSlotID); + +CK_RV CK_ENTRY CA_GetClusterState(CK_SLOT_ID slotId, + CK_CLUSTER_STATE_PTR pState); +CK_RV CK_ENTRY CA_LockClusteredSlot(CK_SLOT_ID slotId); +CK_RV CK_ENTRY CA_UnlockClusteredSlot(CK_SLOT_ID slotId); + +CK_RV CK_ENTRY CA_LKMInitiatorChallenge( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hAKObjectHandle, // Authentication key + CK_OBJECT_HANDLE hDKObjectHandle, // Derivation key + CK_ULONG ulHashMech, // Hashing mechanism + CK_LKM_TOKEN_ID_PTR pInitiatorID, // Initiator ID info + CK_LKM_TOKEN_ID_PTR pReceiverID, // Receiver ID info + CK_CHAR_PTR pChallengeBuf, // Returned challenge message + CK_ULONG_PTR + pulChallengeBufSize); // Max. size of challenge buffer & returned size + +CK_RV CK_ENTRY CA_LKMReceiverResponse( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hAKObjectHandle, // Authentication key + CK_OBJECT_HANDLE hDKObjectHandle, // Derivation key + CK_ULONG ulHashMech, // Hashing mechanism + CK_LKM_TOKEN_ID_PTR pReceiverID, // Receiver ID info + CK_CHAR_PTR pChallengeBuf, // Challenge message from Initiator + CK_ULONG ulChallengeBufSize, // Size of challenge buffer + CK_CHAR_PTR pResponseBuf, // Returned response message from Receiver + CK_ULONG_PTR + pulResponseBufSize); // Max. size of response buffer & returned size + +CK_RV CK_ENTRY CA_LKMInitiatorComplete( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pResponseBuf, // Response message from Receiver + CK_ULONG ulResponseBufSize, // Size of response buffer + CK_ATTRIBUTE_PTR pSCKTemplate, // Session Confidentiality Key Template + CK_ULONG usSCKAttributeCount, // no. attributes in key template + CK_ATTRIBUTE_PTR pSAKTemplate, // Session Authentication Key Template + CK_ULONG usSAKAttributeCount, // no. attributes in key template + CK_CHAR_PTR pCompleteBuf, // Returned complete message from Initiator + CK_ULONG_PTR + pulCompleteBufSize, // Max. size of challenge buffer & returned size + CK_OBJECT_HANDLE_PTR phSCKObjectHandle, // Returned handle for SC Key + CK_OBJECT_HANDLE_PTR phSAKObjectHandle); // Returned handle for SA Key + +CK_RV CK_ENTRY CA_LKMReceiverComplete( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pCompleteBuf, // Complete message from Initiator + CK_ULONG ulCompleteBufSize, // Size of complete buffer + CK_ATTRIBUTE_PTR pSCKTemplate, // Session Confidentiality Key Template + CK_ULONG usSCKAttributeCount, // no. attributes in key template + CK_ATTRIBUTE_PTR pSAKTemplate, // Session Authentication Key Template + CK_ULONG usSAKAttributeCount, // no. attributes in key template + CK_OBJECT_HANDLE_PTR phSCKObjectHandle, // Returned handle for SC Key + CK_OBJECT_HANDLE_PTR phSAKObjectHandle); // Returned handle for SA Key + +CK_RV CK_ENTRY CA_ModifyUsageCount(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject, + CK_ULONG ulCommandType, CK_ULONG ulValue); + +// functions we want to part of the function list structure +// +//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +// +// Add all the necessary type defs for the CA extension functions +// +//++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +// +////////////////////////////////////////////////////////////////////// + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetFunctionList)( + CK_SFNT_CA_FUNCTION_LIST_PTR_PTR ppSfntFunctionList); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_WaitForSlotEvent)(CK_FLAGS flags, + CK_ULONG history[2], + CK_SLOT_ID_PTR pSlot, + CK_VOID_PTR pReserved); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_InitIndirectToken)(CK_SLOT_ID slotID, CK_CHAR_PTR pPin, + CK_ULONG usPinLen, CK_CHAR_PTR pLabel, + CK_SESSION_HANDLE hPrimarySession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_InitIndirectPIN)(CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, CK_ULONG usPinLen, + CK_SESSION_HANDLE hPrimarySession); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ResetPIN)(CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pPin, + CK_ULONG usPinLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CreateLoginChallenge)( + CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, + CK_ULONG ulChallengeDataSize, CK_CHAR_PTR pChallengeData, + CK_ULONG_PTR ulOutputDataSize, CK_CHAR_PTR pOutputData); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_Deactivate)(CK_SLOT_ID slotId, + CK_USER_TYPE userType); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_OpenSession)(CK_SLOT_ID slotID, + CK_ULONG ulContainerNumber, CK_FLAGS flags, + CK_VOID_PTR pApplication, CK_NOTIFY Notify, + CK_SESSION_HANDLE_PTR phSession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_IndirectLogin)(CK_SESSION_HANDLE hSession, + CK_USER_TYPE userType, + CK_SESSION_HANDLE hPrimarySession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_InitializeRemotePEDVector)(CK_SESSION_HANDLE hSession); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogVerify)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pTextMsgs, + CK_ULONG ulMsgCount, + CK_ULONG bChainToHSM, + CK_ULONG_PTR pulNumVerified); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogVerifyFile)(CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pFileName, + CK_ULONG_PTR ulNumVerified); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogExternal)(CK_SLOT_ID slotID, + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pStr, + CK_ULONG ulLen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogImportSecret)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pStr); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogExportSecret)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pStr); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_DeleteRemotePEDVector)(CK_SESSION_HANDLE hSession); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ConfigureRemotePED)(CK_SLOT_ID slotID, + CK_CHAR_PTR pHostName, + CK_ULONG ulPort, + CK_ULONG_PTR pulPedId); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_DismantleRemotePED)(CK_SLOT_ID slotID, + CK_ULONG ulPedId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogSetConfig)( + CK_SESSION_HANDLE hSession, CK_ULONG mask, CK_ULONG logRotateOffset, + CK_ULONG logRotateInterval, CK_ULONG maxLogSize, CK_BYTE_PTR pLogPath); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogGetconfig)( + CK_SESSION_HANDLE hSession, CK_ULONG *mask, CK_ULONG *logRotateOffset, + CK_ULONG *logRotateInterval, CK_ULONG *maxLogSize, CK_BYTE_PTR pLogPath); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogEraseAll)(CK_SESSION_HANDLE hSession); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LogGetStatus)(CK_SLOT_ID slotId, + CK_ULONG *auditInitStatus, + CK_ULONG *lastPollResult, + CK_ULONG *lastSetConfigResult, + CK_ULONG *isConfigInParamArea, + CK_ULONG *numRecordsInFlash); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetRemotePEDVectorStatus)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulStatus); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_Restart)(CK_SLOT_ID slotID); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_RestartForContainer)(CK_SLOT_ID slotID, + CK_ULONG ulContainerNumber); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloseApplicationID)(CK_SLOT_ID slotID, + CK_ULONG ulHigh, + CK_ULONG ulLow); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloseApplicationIDForContainer)( + CK_SLOT_ID slotID, CK_ULONG ulHigh, CK_ULONG ulLow, + CK_ULONG ulContainerNumber); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_OpenApplicationID)(CK_SLOT_ID slotID, + CK_ULONG ulHigh, + CK_ULONG ulLow); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_OpenApplicationIDForContainer)( + CK_SLOT_ID slotID, CK_ULONG ulHigh, CK_ULONG ulLow, + CK_ULONG ulContainerNumber); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetApplicationID)(CK_ULONG ulHigh, + CK_ULONG ulLow); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ManualKCV)(CK_SESSION_HANDLE hSession); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_SetLKCV)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pLegacyCloningDomainString, + CK_ULONG ulLegacyCloningDomainStringLen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetKCV)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pCloningDomainString, + CK_ULONG ulCloningDomainStringLen); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_SetCloningDomain)(CK_BYTE_PTR pCloningDomainString, + CK_ULONG ulCloningDomainStringLen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ClonePrivateKey)( + CK_SESSION_HANDLE hTargetSession, CK_SESSION_HANDLE hSourceSession, + CK_OBJECT_HANDLE hObjectToCloneHandle, CK_OBJECT_HANDLE_PTR phClonedKey); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloneObject)( + CK_SESSION_HANDLE hTargetSession, CK_SESSION_HANDLE hSourceSession, + CK_ULONG ulObjectType, CK_OBJECT_HANDLE hObjectHandle, + CK_OBJECT_HANDLE_PTR phClonedObject); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GenerateCloningKEV)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pKEV, CK_ULONG_PTR pulKEVSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloneAsTargetInit)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pTWC, CK_ULONG ulTWCSize, + CK_BYTE_PTR pKEV, CK_ULONG ulKEVSize, CK_BBOOL bReplicate, + CK_BYTE_PTR pPart1, CK_ULONG_PTR pulPart1Size); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloneAsSource)( + CK_SESSION_HANDLE hSession, CK_ULONG hType, CK_ULONG hHandle, + CK_BYTE_PTR pPart1, CK_ULONG ulPart1Size, CK_BBOOL bReplicate, + CK_BYTE_PTR pPart2, CK_ULONG_PTR pulPart2Size); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloneAsTarget)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pKEV, CK_ULONG ulKEVSize, + CK_BYTE_PTR pPart2, CK_ULONG ulPart2Size, CK_ULONG hType, CK_ULONG hHandle, + CK_BBOOL bReplicate, CK_OBJECT_HANDLE_PTR phClonedHandle); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetMofN)(CK_BBOOL bFlag); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GenerateMofN)( + CK_SESSION_HANDLE hSession, CK_ULONG ulM, CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, CK_ULONG isSecurePortUsed, CK_VOID_PTR pReserved); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GenerateCloneableMofN)( + CK_SESSION_HANDLE hSession, CK_ULONG ulM, CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, CK_ULONG isSecurePortUsed, CK_VOID_PTR pReserved); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ModifyMofN)( + CK_SESSION_HANDLE hSession, CK_ULONG ulM, CA_MOFN_GENERATION_PTR pVectors, + CK_ULONG ulVectorCount, CK_ULONG isSecurePortUsed, CK_VOID_PTR pReserved); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_CloneMofN)(CK_SESSION_HANDLE hSession, + CK_SESSION_HANDLE hPrimarySession, + CK_VOID_PTR pReserved); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_CloneModifyMofN)(CK_SESSION_HANDLE hSession, + CK_SESSION_HANDLE hPrimarySession, + CK_VOID_PTR pReserved); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_ActivateMofN)(CK_SESSION_HANDLE hSession, + CA_MOFN_ACTIVATION_PTR pVectors, + CK_ULONG ulVectorCount); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_DeactivateMofN)(CK_SESSION_HANDLE hSession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetMofNStatus)(CK_SLOT_ID slotID, + CA_MOFN_STATUS_PTR pMofNStatus); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_DuplicateMofN)(CK_SESSION_HANDLE hSession); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_IsMofNEnabled)(CK_SLOT_ID slotID, + CK_ULONG_PTR enabled); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_IsMofNRequired)(CK_SLOT_ID slotID, + CK_ULONG_PTR required); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GenerateTokenKeys)(CK_SESSION_HANDLE hSession, + CK_ATTRIBUTE_PTR pTemplate, + CK_ULONG usTemplateLen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetTokenCertificateInfo)( + CK_SLOT_ID slotID, CK_ULONG ulAccessLevel, CK_BYTE_PTR pCertificate, + CK_ULONG_PTR pulCertificateLen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetTokenCertificateSignature)( + CK_SESSION_HANDLE hSession, CK_ULONG ulAccessLevel, CK_ULONG ulCustomerId, + CK_ATTRIBUTE_PTR pPublicTemplate, CK_ULONG usPublicTemplateLen, + CK_BYTE_PTR pSignature, CK_ULONG ulSignatureLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetModuleList)( + CK_SLOT_ID slotId, CKCA_MODULE_ID_PTR pList, CK_ULONG ulListLen, + CK_ULONG_PTR pulReturnedSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetModuleInfo)(CK_SLOT_ID slotId, + CKCA_MODULE_ID moduleId, + CKCA_MODULE_INFO_PTR pInfo); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LoadModule)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pModuleCode, + CK_ULONG ulModuleCodeSize, CK_BYTE_PTR pModuleSignature, + CK_ULONG ulModuleSignatureSize, CK_BYTE_PTR pCertificate, + CK_ULONG ulCertificateSize, CK_BYTE_PTR pControlData, + CK_ULONG ulControlDataSize, CKCA_MODULE_ID_PTR pModuleId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LoadEncryptedModule)( + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pIv, + CK_ULONG ulIvLen, CK_BYTE_PTR pModuleCode, CK_ULONG ulModuleCodeSize, + CK_BYTE_PTR pModuleSignature, CK_ULONG ulModuleSignatureSize, + CK_BYTE_PTR pCertificate, CK_ULONG ulCertificateSize, + CKCA_MODULE_ID_PTR pModuleId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_UnloadModule)(CK_SESSION_HANDLE hSession, + CKCA_MODULE_ID moduleId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_PerformModuleCall)( + CK_SESSION_HANDLE hSession, CKCA_MODULE_ID moduleId, CK_BYTE_PTR pRequest, + CK_ULONG ulRequestSize, CK_BYTE_PTR pAnswer, CK_ULONG ulAnswerSize, + CK_ULONG_PTR pulAnswerAvailable); + +typedef CK_RV CK_ENTRY(CK_PTR CK_C_PerformSelfTest)( + CK_SLOT_ID slotID, CK_ULONG typeOfTest, CK_BYTE_PTR inputData, + CK_ULONG sizeOfInputData, CK_BYTE_PTR outputData, + CK_ULONG_PTR sizeOfOutputData); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_FirmwareUpdate)( + CK_SESSION_HANDLE hSession, CK_ULONG ulTargetHardwarePlatform, + CK_ULONG ulAuthCodeLen, CK_BYTE_PTR pAuthCode, CK_ULONG ulManifestLen, + CK_BYTE_PTR pManifest, CK_ULONG ulFirmwareLen, CK_BYTE_PTR pFirmware); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_FirmwareRollback)(CK_SESSION_HANDLE hSession); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CapabilityUpdate)( + CK_SESSION_HANDLE hSession, CK_ULONG ulManifestLen, CK_BYTE_PTR pManifest, + CK_ULONG ulAuthcodeLen, CK_BYTE_PTR pAuthcode); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetUserContainerNumber)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulContainerNumber); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetUserContainerName)( + CK_SLOT_ID slotID, CK_BYTE_PTR pName, CK_ULONG_PTR pulNameLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetUserContainerName)(CK_SLOT_ID slotID, + CK_BYTE_PTR pName, + CK_ULONG ulNameLen); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetTokenInsertionCount)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulCount); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetRollbackFirmwareVersion)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulVersion); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetFPV)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulFpv); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetTPV)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulTpv); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetExtendedTPV)(CK_SLOT_ID slotID, + CK_ULONG_PTR pulTpv, + CK_ULONG_PTR pulTpvExt); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetConfigurationElementDescription)( + CK_SLOT_ID slotID, CK_ULONG ulIsContainerElement, + CK_ULONG ulIsCapabilityElement, CK_ULONG ulElementId, + CK_ULONG_PTR pulElementBitLength, CK_ULONG_PTR pulElementDestructive, + CK_ULONG_PTR pulElementWriteRestricted, CK_CHAR_PTR pDescription); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHSMCapabilitySet)( + CK_SLOT_ID uPhysicalSlot, CK_ULONG_PTR pulCapIdArray, + CK_ULONG_PTR pulCapIdSize, CK_ULONG_PTR pulCapValArray, + CK_ULONG_PTR pulCapValSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHSMCapabilitySetting)( + CK_SLOT_ID slotID, CK_ULONG ulPolicyId, CK_ULONG_PTR pulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHSMPolicySet)( + CK_SLOT_ID uPhysicalSlot, CK_ULONG_PTR pulPolicyIdArray, + CK_ULONG_PTR pulPolicyIdSize, CK_ULONG_PTR pulPolicyValArray, + CK_ULONG_PTR pulPolicyValSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHSMPolicySetting)( + CK_SLOT_ID slotID, CK_ULONG ulPolicyId, CK_ULONG_PTR pulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerCapabilitySet)( + CK_SLOT_ID uPhysicalSlot, CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulCapIdArray, CK_ULONG_PTR pulCapIdSize, + CK_ULONG_PTR pulCapValArray, CK_ULONG_PTR pulCapValSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerCapabilitySetting)( + CK_SLOT_ID slotID, CK_ULONG ulContainerNumber, CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerPolicySet)( + CK_SLOT_ID uPhysicalSlot, CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulPolicyIdArray, CK_ULONG_PTR pulPolicyIdSize, + CK_ULONG_PTR pulPolicyValArray, CK_ULONG_PTR pulPolicyValSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerPolicySetting)( + CK_SLOT_ID uPhysicalSlot, CK_ULONG ulContainerNumber, CK_ULONG ulPolicyId, + CK_ULONG_PTR pulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetTPV)(CK_SESSION_HANDLE hSession, + CK_ULONG ulTpv); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetExtendedTPV)(CK_SESSION_HANDLE hSession, + CK_ULONG ulTpv, + CK_ULONG ulTpvExt); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetHSMPolicy)(CK_SESSION_HANDLE hSession, + CK_ULONG ulPolicyId, + CK_ULONG ulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetHSMPolicies)( + CK_SESSION_HANDLE hSession, CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, CK_ULONG_PTR pulPolicyValueArray); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetDestructiveHSMPolicy)( + CK_SESSION_HANDLE hSession, CK_ULONG ulPolicyId, CK_ULONG ulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetDestructiveHSMPolicies)( + CK_SESSION_HANDLE hSession, CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, CK_ULONG_PTR pulPolicyValueArray); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetContainerPolicy)( + CK_SESSION_HANDLE hSession, CK_ULONG ulContainer, CK_ULONG ulPolicyId, + CK_ULONG ulPolicyValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetContainerPolicies)( + CK_SESSION_HANDLE hSession, CK_ULONG ulContainer, CK_ULONG ulPolicyCount, + CK_ULONG_PTR pulPolicyIdArray, CK_ULONG_PTR pulPolicyValueArray); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_RetrieveLicenseList)( + CK_SLOT_ID slotID, CK_ULONG_PTR pulidArraySize, CK_ULONG_PTR pulidArray); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_QueryLicense)( + CK_SLOT_ID slotID, CK_ULONG licenseIdLow, CK_ULONG licenseIdHigh, + CK_ULONG_PTR pulLicenseType, CK_ULONG_PTR pulDescVersion, + CK_ULONG_PTR pulDescSize, CK_BYTE_PTR pbDescBuffer); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerStatus)( + CK_SLOT_ID slotID, CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulContainerStatusFlags, CK_ULONG_PTR pulFailedSOLogins, + CK_ULONG_PTR pulFailedUserLogins, CK_ULONG_PTR pulFailedLimitedUserLogins); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetSessionInfo)( + CK_SESSION_HANDLE hSession, CK_ULONG_PTR pulAidHigh, CK_ULONG_PTR pulAidLow, + CK_ULONG_PTR pulContainerNumber, CK_ULONG_PTR pulAuthenticationLevel); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_ReadCommonStore)(CK_ULONG index, CK_BYTE_PTR pBuffer, + CK_ULONG_PTR pulBufferSize); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_WriteCommonStore)(CK_ULONG index, + CK_BYTE_PTR pBuffer, + CK_ULONG ulBufferSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetPrimarySlot)(CK_SESSION_HANDLE hSession, + CK_SLOT_ID_PTR slotId_p); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetSecondarySlot)(CK_SESSION_HANDLE hSession, + CK_SLOT_ID_PTR slotId_p); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SwitchSecondarySlot)( + CK_SESSION_HANDLE hSession, CK_SLOT_ID slotID, CK_ULONG slotInstance); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CloseSecondarySession)( + CK_SESSION_HANDLE hSession, CK_SLOT_ID slotID, CK_ULONG slotInstance); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_CloseAllSecondarySessions)(CK_SESSION_HANDLE hSession); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_ChoosePrimarySlot)(CK_SESSION_HANDLE hSession); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_ChooseSecondarySlot)(CK_SESSION_HANDLE hSession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_CloneObjectToAllSessions)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hObject); +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_CloneAllObjectsToSession)(CK_SESSION_HANDLE hSession, + CK_SLOT_ID slotId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_GetTotalOperations)(CK_SLOT_ID slotId, + int *operations); +typedef CK_RV CK_ENTRY(CK_PTR CK_ResetTotalOperations)(CK_SLOT_ID slotId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ResetDevice)(CK_SLOT_ID slotId, + CK_FLAGS flags); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_FactoryReset)(CK_SLOT_ID slotId, + CK_FLAGS flags); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetPedId)(CK_SLOT_ID slotId, + CK_ULONG usPedId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetPedId)(CK_SLOT_ID slotId, + CK_ULONG *usPedId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SpRawRead)(CK_SLOT_ID slotId, + CK_ULONG_PTR data); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SpRawWrite)(CK_SLOT_ID slotId, + CK_ULONG_PTR data); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CheckOperationState)( + CK_SESSION_HANDLE hSession, CK_ULONG operation, CK_BBOOL *pactive); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SinglePartSign)( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pData, CK_ULONG usDataLen, + CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SinglePartDecrypt)( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_OBJECT_HANDLE hUnwrappingKey, CK_BYTE_PTR pWrappedKey, + CK_ULONG usWrappedKeyLen, CK_BYTE_PTR pUnwrappedKey, + CK_ULONG_PTR pusUnwrappedKeyLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_DestroyMultipleObjects)( + CK_SESSION_HANDLE hSession, CK_ULONG ulHandleCount, + CK_OBJECT_HANDLE_PTR pHandleList, CK_ULONG_PTR pulIndex); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HAInit)(CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hLoginPrivateKey); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HAGetMasterPublic)( + CK_SLOT_ID slotId, CK_BYTE_PTR pCertificate, CK_ULONG_PTR pulCertificate); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HAGetLoginChallenge)( + CK_SESSION_HANDLE hSession, CK_USER_TYPE userType, CK_BYTE_PTR pCertificate, + CK_ULONG ulCertificateLen, CK_BYTE_PTR pChallengeBlob, + CK_ULONG_PTR pulChallengeBlobLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HAAnswerLoginChallenge)( + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hLoginPrivateKey, + CK_BYTE_PTR pChallengeBlob, CK_ULONG ulChallengeBlobLen, + CK_BYTE_PTR pEncryptedPin, CK_ULONG_PTR pulEncryptedPinLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HALogin)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pEncryptedPin, + CK_ULONG ulEncryptedPinLen, + CK_BYTE_PTR pMofNBlob, + CK_ULONG_PTR pulMofNBlobLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_HAAnswerMofNChallenge)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pMofNBlob, CK_ULONG ulMofNBlobLen, + CK_BYTE_PTR pMofNSecretBlob, CK_ULONG_PTR pulMofNSecretBlobLen); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_HAActivateMofN)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pMofNSecretBlob, + CK_ULONG ulMofNSecretBlobLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHAState)(CK_SLOT_ID slotId, + CK_HA_STATE_PTR pState); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetTokenCertificates)( + CK_SLOT_ID slotID, CK_ULONG ulCertType, CK_BYTE_PTR pCertificate, + CK_ULONG_PTR pulCertificateLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ExtractMaskedObject)( + CK_SESSION_HANDLE hSession, CK_ULONG ulObjectHandle, CK_BYTE_PTR pMaskedKey, + CK_ULONG_PTR pusMaskedKeyLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_InsertMaskedObject)( + CK_SESSION_HANDLE hSession, CK_ULONG_PTR pulObjectHandle, + CK_BYTE_PTR pMaskedKey, CK_ULONG usMaskedKeyLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_MultisignValue)( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ULONG ulMaskedKeyLen, CK_BYTE_PTR pMaskedKey, CK_ULONG_PTR pulBlobCount, + CK_ULONG_PTR pulBlobLens, CK_BYTE_PTR CK_PTR ppBlobs, + CK_ULONG_PTR pulSignatureLens, CK_BYTE_PTR CK_PTR ppSignatures); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SIMExtract)( + CK_SESSION_HANDLE hSession, CK_ULONG ulHandleCount, + CK_OBJECT_HANDLE_PTR pHandleList, + CK_ULONG ulAuthSecretCount, // N value + CK_ULONG ulAuthSubsetCount, // M value + CKA_SIM_AUTH_FORM authForm, CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, CK_BBOOL deleteAfterExtract, + CK_ULONG_PTR pulBlobSize, CK_BYTE_PTR pBlob); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SIMInsert)( + CK_SESSION_HANDLE hSession, + CK_ULONG ulAuthSecretCount, // M value + CKA_SIM_AUTH_FORM authForm, CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, CK_ULONG ulBlobSize, CK_BYTE_PTR pBlob, + CK_ULONG_PTR pulHandleCount, CK_OBJECT_HANDLE_PTR pHandleList); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SIMMultiSign)( + CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism, + CK_ULONG ulAuthSecretCount, // M value + CKA_SIM_AUTH_FORM authForm, CK_ULONG_PTR pulAuthSecretSizes, + CK_BYTE_PTR *ppbAuthSecretList, CK_ULONG ulBlobSize, CK_BYTE_PTR pBlob, + CK_ULONG ulInputDataCount, CK_ULONG_PTR pulInputDataLengths, + CK_BYTE_PTR *ppbInputDataList, CK_ULONG_PTR pulSignatureLengths, + CK_BYTE_PTR *ppbSignatureList); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_Extract)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_Insert)(CK_SESSION_HANDLE hSession, + CK_MECHANISM_PTR pMechanism); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetObjectUID)(CK_SLOT_ID slotID, + CK_ULONG ulContainerNum, + CK_ULONG ulObjectType, + CK_ULONG ulObjectHandle, + CK_BYTE ouid[12]); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetObjectHandle)( + CK_SLOT_ID slotID, CK_ULONG ulContainerNum, CK_BYTE ouid[12], + CK_ULONG_PTR pulObjectType, CK_ULONG_PTR pulObjectHandle); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_DeleteContainer)(CK_SESSION_HANDLE hSession); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_MTKSetStorage)(CK_SESSION_HANDLE ulSessionNumber, + CK_ULONG ulStorageSetting); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_MTKRestore)(CK_SLOT_ID slotID); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_MTKResplit)(CK_SLOT_ID slotID); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_MTKZeroize)(CK_SLOT_ID slotID); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_MTKGetState)(CK_SLOT_ID slotID, + CK_ULONG_PTR state); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetTSV)(CK_SLOT_ID slotID, + CK_ULONG_PTR pTSV); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_InvokeServiceInit)(CK_SESSION_HANDLE hSession, + CK_ULONG ulPortNumber); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_InvokeService)( + CK_SESSION_HANDLE hSession, CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength, CK_ULONG_PTR pulBufferOutLength); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_InvokeServiceFinal)(CK_SESSION_HANDLE hSession, + CK_BYTE_PTR pBufferOut, + CK_ULONG_PTR pulBufferOutLength); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_InvokeServiceAsynch)( + CK_SESSION_HANDLE hSession, CK_ULONG ulPortNumber, CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_InvokeServiceSinglePart)( + CK_SESSION_HANDLE hSession, CK_ULONG ulPortNumber, CK_BYTE_PTR pBufferIn, + CK_ULONG ulBufferInLength, CK_BYTE_PTR pBufferOut, + CK_ULONG_PTR pulBufferOutLength); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_EncodeECPrimeParams)( + CK_BYTE_PTR DerECParams, CK_ULONG_PTR DerECParamsLen, CK_BYTE_PTR prime, + CK_ULONG primelen, CK_BYTE_PTR a, CK_ULONG alen, CK_BYTE_PTR b, + CK_ULONG blen, + CK_BYTE_PTR seed, // Can be NULL + CK_ULONG seedlen, CK_BYTE_PTR x, CK_ULONG xlen, CK_BYTE_PTR y, + CK_ULONG ylen, CK_BYTE_PTR order, CK_ULONG orderlen, + CK_BYTE_PTR cofactor, // Can be NULL + CK_ULONG cofactorlen); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_EncodeECChar2Params)( + CK_BYTE_PTR DerECParams, CK_ULONG_PTR DerECParamsLen, CK_ULONG m, + CK_ULONG k1, CK_ULONG k2, CK_ULONG k3, CK_BYTE_PTR a, CK_ULONG alen, + CK_BYTE_PTR b, CK_ULONG blen, + CK_BYTE_PTR seed, // Can be NULL + CK_ULONG seedlen, CK_BYTE_PTR x, CK_ULONG xlen, CK_BYTE_PTR y, + CK_ULONG ylen, CK_BYTE_PTR order, CK_ULONG orderlen, + CK_BYTE_PTR cofactor, // Can be NULL + CK_ULONG cofactorlen); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_EncodeECParamsFromFile)(CK_BYTE_PTR DerECParams, + CK_ULONG_PTR DerECParamsLen, + CK_BYTE_PTR paramsFile); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetHSMStorageInformation)( + CK_SLOT_ID slotID, CK_ULONG_PTR pulContainerOverhead, CK_ULONG_PTR pulTotal, + CK_ULONG_PTR pulUsed, CK_ULONG_PTR pulFree); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerStorageInformation)( + CK_SLOT_ID slotID, CK_ULONG ulContainerNumber, + CK_ULONG_PTR pulContainerOverhead, CK_ULONG_PTR pulTotal, + CK_ULONG_PTR pulUsed, CK_ULONG_PTR pulFree, CK_ULONG_PTR pulObjectCount); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_SetContainerSize)( + CK_SESSION_HANDLE hSession, CK_ULONG ulContainerNumber, CK_ULONG ulSize); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_CreateContainer)( + CK_SESSION_HANDLE hSession, CK_ULONG ulUSV, CK_CHAR_PTR pContainerName, + CK_ULONG usContainerNameLen, CK_CHAR_PTR pPin, CK_ULONG usPinLen, + CK_ULONG ulIDHigh, CK_ULONG ulIDLow, CK_ULONG ulOwnerHandle, + CK_ULONG ulStorageFlags, CK_ULONG ulContainerSize, + CK_ULONG_PTR pulContainerNumber); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_DeleteContainerWithHandle)(CK_SESSION_HANDLE hSession, + CK_ULONG ulContainerNumber); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerList)( + CK_SLOT_ID slotID, CK_ULONG ulGroupHandle, CK_ULONG ulContainerType, + CK_ULONG_PTR pulContainerHandles, CK_ULONG_PTR pulNumberOfHandles); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetContainerName)( + CK_SLOT_ID slotID, CK_ULONG ulContainerHandle, CK_BYTE_PTR pContainerName, + CK_ULONG_PTR pulContainerNameLen); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetNumberOfAllowedContainers)( + CK_SLOT_ID slot, CK_ULONG_PTR pulAllowedContainers); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetTunnelSlotNumber)(CK_SLOT_ID slotID, + CK_SLOT_ID_PTR pTunnelSlotID); + +typedef CK_RV +CK_ENTRY(CK_PTR CK_CA_GetClusterState)(CK_SLOT_ID slotId, + CK_CLUSTER_STATE_PTR pState); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LockClusteredSlot)(CK_SLOT_ID slotId); +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_UnlockClusteredSlot)(CK_SLOT_ID slotId); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LKMInitiatorChallenge)( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hAKObjectHandle, // Authentication key + CK_OBJECT_HANDLE hDKObjectHandle, // Derivation key + CK_ULONG ulHashMech, // Hashing mechanism + CK_LKM_TOKEN_ID_PTR pInitiatorID, // Initiator ID info + CK_LKM_TOKEN_ID_PTR pReceiverID, // Receiver ID info + CK_CHAR_PTR pChallengeBuf, // Returned challenge message + CK_ULONG_PTR + pulChallengeBufSize); // Max. size of challenge buffer & returned size + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LKMReceiverResponse)( + CK_SESSION_HANDLE hSession, + CK_OBJECT_HANDLE hAKObjectHandle, // Authentication key + CK_OBJECT_HANDLE hDKObjectHandle, // Derivation key + CK_ULONG ulHashMech, // Hashing mechanism + CK_LKM_TOKEN_ID_PTR pReceiverID, // Receiver ID info + CK_CHAR_PTR pChallengeBuf, // Challenge message from Initiator + CK_ULONG ulChallengeBufSize, // Size of challenge buffer + CK_CHAR_PTR pResponseBuf, // Returned response message from Receiver + CK_ULONG_PTR + pulResponseBufSize); // Max. size of response buffer & returned size + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LKMInitiatorComplete)( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pResponseBuf, // Response message from Receiver + CK_ULONG ulResponseBufSize, // Size of response buffer + CK_ATTRIBUTE_PTR pSCKTemplate, // Session Confidentiality Key Template + CK_ULONG usSCKAttributeCount, // no. attributes in key template + CK_ATTRIBUTE_PTR pSAKTemplate, // Session Authentication Key Template + CK_ULONG usSAKAttributeCount, // no. attributes in key template + CK_CHAR_PTR pCompleteBuf, // Returned complete message from Initiator + CK_ULONG_PTR + pulCompleteBufSize, // Max. size of challenge buffer & returned size + CK_OBJECT_HANDLE_PTR phSCKObjectHandle, // Returned handle for SC Key + CK_OBJECT_HANDLE_PTR phSAKObjectHandle); // Returned handle for SA Key + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_LKMReceiverComplete)( + CK_SESSION_HANDLE hSession, + CK_CHAR_PTR pCompleteBuf, // Complete message from Initiator + CK_ULONG ulCompleteBufSize, // Size of complete buffer + CK_ATTRIBUTE_PTR pSCKTemplate, // Session Confidentiality Key Template + CK_ULONG usSCKAttributeCount, // no. attributes in key template + CK_ATTRIBUTE_PTR pSAKTemplate, // Session Authentication Key Template + CK_ULONG usSAKAttributeCount, // no. attributes in key template + CK_OBJECT_HANDLE_PTR phSCKObjectHandle, // Returned handle for SC Key + CK_OBJECT_HANDLE_PTR phSAKObjectHandle); // Returned handle for SA Key + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_ModifyUsageCount)( + CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hObject, + CK_ULONG ulCommandType, CK_ULONG ulValue); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_InitAudit)(CK_SLOT_ID slotID, + CK_CHAR_PTR pPin, + CK_ULONG usPinLen, + CK_CHAR_PTR pLabel); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_TimeSync)(CK_SESSION_HANDLE hSession, + CK_ULONG ulTime); + +typedef CK_RV CK_ENTRY(CK_PTR CK_CA_GetTime)(CK_SESSION_HANDLE hSession, + CK_ULONG_PTR pulTime);