Cryptographic Token Interface Standard

PKCS#11


pkcs11_all.h File Reference

More...

Go to the source code of this file.

Data Structures

 CK_RSA_PKCS_OAEP_PARAMS
 

CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTR

CK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. More...

 CK_RSA_PKCS_PSS_PARAMS
 

CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTR

CK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. More...

 CK_ECDH1_DERIVE_PARAMS
 

CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. More...

 CK_ECMQV_DERIVE_PARAMS
 

CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTR

CK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More...

 CK_X9_42_DH1_DERIVE_PARAMS
 

CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTR

CK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. More...

 CK_X9_42_DH2_DERIVE_PARAMS
 

CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTR

CK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. More...

 CK_X9_42_MQV_DERIVE_PARAMS
 

CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTR

CK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More...

 CK_AES_CTR_PARAMS
 

CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTR

CK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. More...

 CK_GCM_PARAMS
 

CK_GCM _PARAMS; CK_GCM _PARAMS_PTR

CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. More...

 CK_CCM_PARAMS
 

CK_CCM _PARAMS; CK_CCM _PARAMS_PTR

CK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. More...

 CK_DES_CBC_ENCRYPT_DATA_PARAMS
 
. More...

 CK_PBE_PARAMS
 

CK_PBE_PARAMS; CK_PBE_PARAMS_PTR

CK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism. More...

 CK_PKCS5_PBKD2_PARAMS
 

CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTR

CK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. More...

 CK_SSL3_RANDOM_DATA
 

CK_SSL3_RANDOM_DATA

CK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. More...

 CK_SSL3_MASTER_KEY_DERIVE_PARAMS
 CK_SSL3_KEY_MAT_OUT
 

CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTR

CK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More...

 CK_SSL3_KEY_MAT_PARAMS
 

CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTR

CK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More...

 CK_TLS_PRF_PARAMS
 

CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTR

CK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism. More...

 CK_WTLS_RANDOM_DATA
 

CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTR

CK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. More...

 CK_WTLS_MASTER_KEY_DERIVE_PARAMS
 

CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR

CK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. More...

 CK_WTLS_PRF_PARAMS
 

CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTR

CK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. More...

 CK_WTLS_KEY_MAT_OUT
 

CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTR

CK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. More...

 CK_WTLS_KEY_MAT_PARAMS
 

CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTR

CK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. More...

 CK_KEY_DERIVATION_STRING_DATA
 

CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR

. More...

 CK_CMS_SIG_PARAMS
 

CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTR

CK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism. More...

 CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS
 Mechanisms:. More...

 CK_ARIA_CBC_ENCRYPT_DATA_PARAMS
 Mechanisms:. More...

 CK_OTP_PARAM
 

CK_OTP_PARAM; CK_OTP_PARAM_PTR

CK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter. More...

 CK_OTP_PARAMS
 CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. More...

 CK_OTP_SIGNATURE_INFO
 CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). More...

 CK_KIP_PARAMS
 

CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTR

CK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. More...

 CK_GOSTR3410_KEY_WRAP_PARAMS
 CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. More...

 CK_GOSTR3410_DERIVE_PARAMS
 CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. More...


Defines

#define CK_INVALID_HANDLE
 An invalid handle. More...

#define CK_TRUE
 CK_BBOOL true. More...

#define CK_FALSE
 CK_BBOOL false. More...

#define CK_UNAVAILABLE_INFORMATION
 Information unavailable. More...

#define CK_EFFECTIVELY_INFINITE
 Effectively infinite. More...

#define CKU_SO
 Security Officer. More...

#define CKU_USER
 User. More...

#define CKU_CONTEXT_SPECIFIC
 Context specific. More...

#define CKS_RO_PUBLIC_SESSION
 Read only public session. More...

#define CKS_RO_USER_FUNCTIONS
 Read only user functions. More...

#define CKS_RW_PUBLIC_SESSION
 Read write public session. More...

#define CKS_RW_USER_FUNCTIONS
 Read write user functions. More...

#define CKS_RW_SO_FUNCTIONS
 Read write security officer functions. More...

#define TRUE
 True. More...

#define FALSE
 False. More...

#define CKA_MODULUS
 Modulus ''n''. More...

#define CKA_MODULUS_BITS
 Length in bits of modulus ''n''. More...

#define CKA_PUBLIC_EXPONENT
 Public exponent ''e''. More...

#define CKA_MODULUS
 Modulus ''n''. More...

#define CKA_PUBLIC_EXPONENT
 Public exponent ''e''. More...

#define CKA_PRIVATE_EXPONENT
 Private exponent ''d''. More...

#define CKA_PRIME_1
 Prime ''p''. More...

#define CKA_PRIME_2
 Prime ''q''. More...

#define CKA_EXPONENT_1
 Private exponent ''d'' modulo ''p''-1. More...

#define CKA_EXPONENT_2
 Private exponent ''d'' modulo ''q''-1. More...

#define CKA_COEFFICIENT
 CRT coefficient ''q''-1 mod ''p''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_PRIME_BITS
 Length of the prime value. More...

#define CKA_EC_PARAMS
 DER-encoding of an ANSI X9.62 Parameters value. More...

#define CKA_EC_POINT
 DER-encoding of ANSI X9.62 ECPoint value ''Q''. More...

#define CKA_EC_PARAMS
 DER-encoding of an ANSI X9.62 Parameters value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_BITS
 Length in bits of private value ''x''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_PRIME_BITS
 Length of the prime value. More...

#define CKA_PRIME
 Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More...

#define CKA_BASE
 Base ''g''. More...

#define CKA_SUBPRIME
 Subprime ''q'' (160 bits). More...

#define CKA_PRIME_BITS
 Length of the prime value. More...

#define CKA_SUBPRIME_BITS
 Length of the subprime value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_REQUIRED_CMS_ATTRIBUTES
 Attributes the token always will include in the set of CMS signed attributes. More...

#define CKA_DEFAULT_CMS_ATTRIBUTES
 Attributes the token will include in the set of CMS signed attributes in the absence of any attributes specified by the application. More...

#define CKA_SUPPORTED_CMS_ATTRIBUTES
 Attributes the token may include in the set of CMS signed attributes upon request by the application. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_OTP_FORMAT
 Format of OTP values produced with this key: CK_OTP_FORMAT_DECIMAL = Decimal (default) (UTF8-encoded) CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal (UTF8-encoded) CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric (UTF8-encoded) CK_OTP_FORMAT_BINARY = Only binary values. More...

#define CKA_OTP_LENGTH
 Default length of OTP values (in the CKA_OTP_FORMAT) produced with this key. More...

#define CKA_OTP_USER_FRIENDLY_MODE
 Set to CK_TRUE when the token is capable of returning OTPs suitable for human consumption. More...

#define CKA_OTP_CHALLENGE_REQUIREMENT
 Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A challenge must be supplied. More...

#define CKA_OTP_TIME_REQUIREMENT
 Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A time value must be supplied. More...

#define CKA_OTP_COUNTER_REQUIREMENT
 Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A counter value must be supplied. More...

#define CKA_OTP_PIN_REQUIREMENT
 Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A PIN value must be supplied. More...

#define CKA_OTP_COUNTER
 Value of the associated internal counter. More...

#define CKA_OTP_TIME
 Value of the associated internal UTC time in the form YYYYMMDDhhmmss. More...

#define CKA_OTP_USER_IDENTIFIER
 Text string that identifies a user associated with the OTP key (may be used to enhance the user experience). More...

#define CKA_OTP_SERVICE_IDENTIFIER
 Text string that identifies a service that may validate OTPs generated by this key. More...

#define CKA_OTP_SERVICE_LOGO
 Logotype image that identifies a service that may validate OTPs generated by this key. More...

#define CKA_OTP_SERVICE_LOGO_TYPE
 MIME type of the CKA_OTP_SERVICE_LOGO attribute value. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_VALUE_LEN
 Length in bytes of key value. More...

#define CK_OTP_PIN
 A UTF8 string containing a PIN for use when computing or verifying PIN-based OTP values. More...

#define CK_OTP_CHALLENGE
 Challenge to use when computing or verifying challenge-based OTP values. More...

#define CK_OTP_TIME
 UTC time value in the form YYYYMMDDhhmmss to use when computing or verifying time-based OTP values. More...

#define CK_OTP_COUNTER
 Counter value to use when computing or verifying counter-based OTP values. More...

#define CK_OTP_FLAGS
 Bit flags indicating the characteristics of the sought OTP as defined below. More...

#define CK_OTP_OUTPUT_LENGTH
 Desired output length (overrides any default value). More...

#define CK_OTP_FORMAT
 Returned OTP format (allowed values are the same as for CKA_OTP_FORMAT). More...

#define CK_OTP_VALUE
 An actual OTP value. More...

#define CKF_NEXT_OTP
 True (i.e. More...

#define CKF_EXCLUDE_TIME
 True (i.e. More...

#define CKF_EXCLUDE_COUNTER
 True (i.e. More...

#define CKF_EXCLUDE_CHALLENGE
 True (i.e. More...

#define CKF_EXCLUDE_PIN
 True (i.e. More...

#define CKF_USER_FRIENDLY_OTP
 True (i.e. More...

#define CKA_OTP_TIME_INTERVAL
 Interval between OTP values produced with this key, in seconds. More...

#define CKR_NEW_PIN_MODE
 The supplied OTP was not accepted and the library requests a new OTP computed using a new PIN. More...

#define CKR_NEXT_OTP
 The supplied OTP was correct but indicated a larger than normal drift in the token's internal state (e.g. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_GOST28147_PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_OBJECT_ID
 DER-encoding of the object identifier indicating the domain parameters. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_OBJECT_ID
 DER-encoding of the object identifier indicating the domain parameters. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_GOSTR3410PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. More...

#define CKA_GOSTR3411PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. More...

#define CKA_GOST28147_PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_GOSTR3410PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. More...

#define CKA_GOSTR3411PARAMS
 DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. More...

#define CKA_GOST28147_PARAMS4
 DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More...

#define CKA_VALUE
 Public value ''y''. More...

#define CKA_OBJECT_ID
 DER-encoding of the object identifier indicating the domain parameters. More...


Typedefs

typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE
 

CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTR

CK_RSA_PKCS_MGF_TYPE is used to indicate the Message Generation Function (MGF) applied to a message block when formatting a message block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme. More...

typedef CK_RSA_PKCS_MGF_TYPE
CK_PTR 
CK_RSA_PKCS_MGF_TYPE_PTR
 Pointer to a CK_RSA_PKCS_MGF_TYPE. More...

typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE
 

CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR

CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source of the encoding parameter when formatting a message block for the PKCS #1 OAEP encryption scheme. More...

typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE
CK_PTR 
CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR
 Pointer to a CK_RSA_PKCS_OAEP_SOURCE_TYPE. More...

typedef struct CK_RSA_PKCS_OAEP_PARAMS
 

CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTR

CK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. More...

typedef CK_RSA_PKCS_OAEP_PARAMS
CK_PTR 
CK_RSA_PKCS_OAEP_PARAMS_PTR
 Pointer to a CK_RSA_PKCS_OAEP_PARAMS. More...

typedef struct CK_RSA_PKCS_PSS_PARAMS
 

CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTR

CK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. More...

typedef CK_RSA_PKCS_PSS_PARAMS
CK_PTR 
CK_RSA_PKCS_PSS_PARAMS_PTR
 Pointer to a CK_RSA_PKCS_PSS_PARAMS. More...

typedef CK_ULONG CK_EC_KDF_TYPE
 

CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTR

CK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. More...

typedef CK_EC_KDF_TYPE CK_PTR CK_EC_KDF_TYPE_PTR
 Pointer to a CK_EC_KDF_TYPE. More...

typedef struct CK_ECDH1_DERIVE_PARAMS
 

CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. More...

typedef CK_ECDH1_DERIVE_PARAMS
CK_PTR 
CK_ECDH1_DERIVE_PARAMS_PTR
 Pointer to a CK_ECDH1_DERIVE_PARAMS. More...

typedef struct CK_ECMQV_DERIVE_PARAMS
 

CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTR

CK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More...

typedef CK_ECMQV_DERIVE_PARAMS
CK_PTR 
CK_ECMQV_DERIVE_PARAMS_PTR
 Pointer to a CK_ECMQV_DERIVE_PARAMS. More...

typedef CK_ULONG CK_X9_42_DH_KDF_TYPE
 

CK_X9_42_DH_KDF_TYPE, CK_X9_42_DH_KDF_TYPE_PTR

CK_X9_42_DH_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. More...

typedef CK_X9_42_DH_KDF_TYPE
CK_PTR 
CK_X9_42_DH_KDF_TYPE_PTR
 Pointer to a CK_X9_42_DH_KDF_TYPE. More...

typedef struct CK_X9_42_DH1_DERIVE_PARAMS
 

CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTR

CK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. More...

typedef CK_X9_42_DH1_DERIVE_PARAMS
CK_PTR 
CK_X9_42_DH1_DERIVE_PARAMS_PTR
 Pointer to a CK_X9_42_DH1_DERIVE_PARAMS. More...

typedef struct CK_X9_42_DH2_DERIVE_PARAMS
 

CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTR

CK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. More...

typedef CK_X9_42_DH2_DERIVE_PARAMS
CK_PTR 
CK_X9_42_DH2_DERIVE_PARAMS_PTR
 Pointer to a CK_X9_42_DH2_DERIVE_PARAMS. More...

typedef struct CK_X9_42_MQV_DERIVE_PARAMS
 

CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTR

CK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More...

typedef CK_X9_42_MQV_DERIVE_PARAMS
CK_PTR 
CK_X9_42_MQV_DERIVE_PARAMS_PTR
 Pointer to a CK_X9_42_MQV_DERIVE_PARAMS. More...

typedef struct CK_AES_CTR_PARAMS
 

CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTR

CK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. More...

typedef struct CK_GCM_PARAMS
 

CK_GCM _PARAMS; CK_GCM _PARAMS_PTR

CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. More...

typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR
 Pointer to a CK_GCM_PARAMS. More...

typedef struct CK_CCM_PARAMS
 

CK_CCM _PARAMS; CK_CCM _PARAMS_PTR

CK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. More...

typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR
 Pointer to a CK_CCM_PARAMS. More...

typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS
 
. More...

typedef CK_DES_CBC_ENCRYPT_DATA_PARAMSCK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR
typedef struct CK_AES_CBC_ENCRYPT_DATA_PARAMS
typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS
CK_PTR 
CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR
typedef struct CK_PBE_PARAMS
 

CK_PBE_PARAMS; CK_PBE_PARAMS_PTR

CK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism. More...

typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR
 Pointer to a CK_PBE_PARAMS. More...

typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
 

CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR

CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to indicate the Pseudo-Random Function (PRF) used to generate key bits using PKCS #5 PBKDF2. More...

typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
CK_PTR 
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR
 Pointer to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE. More...

typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE
 

CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR

CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the source of the salt value when deriving a key using PKCS #5 PBKDF2. More...

typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE
CK_PTR 
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR
 Pointer to a CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE. More...

typedef struct CK_PKCS5_PBKD2_PARAMS
 

CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTR

CK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. More...

typedef CK_PKCS5_PBKD2_PARAMS
CK_PTR 
CK_PKCS5_PBKD2_PARAMS_PTR
 Pointer to a CK_PKCS5_PBKD2_PARAMS. More...

typedef struct CK_SSL3_RANDOM_DATA
 

CK_SSL3_RANDOM_DATA

CK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. More...

typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS
typedef CK_SSL3_MASTER_KEY_DERIVE_PARAMS
CK_PTR 
CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR
 Pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS. More...

typedef struct CK_SSL3_KEY_MAT_OUT
 

CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTR

CK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More...

typedef CK_SSL3_KEY_MAT_OUT
CK_PTR 
CK_SSL3_KEY_MAT_OUT_PTR
 Pointer to a CK_SSL3_KEY_MAT_OUT. More...

typedef struct CK_SSL3_KEY_MAT_PARAMS
 

CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTR

CK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More...

typedef CK_SSL3_KEY_MAT_PARAMS
CK_PTR 
CK_SSL3_KEY_MAT_PARAMS_PTR
 Pointer to a CK_SSL3_KEY_MAT_PARAMS. More...

typedef struct CK_TLS_PRF_PARAMS
 

CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTR

CK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism. More...

typedef CK_TLS_PRF_PARAMS
CK_PTR 
CK_TLS_PRF_PARAMS_PTR
 Pointer to a CK_TLS_PRF_PARAMS. More...

typedef struct CK_WTLS_RANDOM_DATA
 

CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTR

CK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. More...

typedef CK_WTLS_RANDOM_DATA
CK_PTR 
CK_WTLS_RANDOM_DATA_PTR
 Pointer to a CK_WTLS_RANDOM_DATA. More...

typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS
 

CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR

CK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. More...

typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS
CK_PTR 
CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR
 Pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS. More...

typedef struct CK_WTLS_PRF_PARAMS
 

CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTR

CK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. More...

typedef CK_WTLS_PRF_PARAMS
CK_PTR 
CK_WTLS_PRF_PARAMS_PTR
 Pointer to a CK_WTLS_PRF_PARAMS. More...

typedef struct CK_WTLS_KEY_MAT_OUT
 

CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTR

CK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. More...

typedef CK_WTLS_KEY_MAT_OUT
CK_PTR 
CK_WTLS_KEY_MAT_OUT_PTR
 Pointer to a CK_WTLS_KEY_MAT_OUT. More...

typedef struct CK_WTLS_KEY_MAT_PARAMS
 

CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTR

CK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. More...

typedef CK_WTLS_KEY_MAT_PARAMS
CK_PTR 
CK_WTLS_KEY_MAT_PARAMS_PTR
 Pointer to a CK_WTLS_KEY_MAT_PARAMS. More...

typedef struct CK_KEY_DERIVATION_STRING_DATA
 

CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR

. More...

typedef CK_ULONG CK_EXTRACT_PARAMS
 

CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTR

CK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. More...

typedef CK_EXTRACT_PARAMS
CK_PTR 
CK_EXTRACT_PARAMS_PTR
 Pointer to a CK_EXTRACT_PARAMS. More...

typedef struct CK_CMS_SIG_PARAMS
 

CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTR

CK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism. More...

typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS
 Mechanisms:. More...

typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS
CK_PTR 
CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR
typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS
 Mechanisms:. More...

typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS
CK_PTR 
CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR
typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_CBC_ENCRYPT_DATA_PARAMS
 Mechanisms:. More...

typedef CK_CBC_ENCRYPT_DATA_PARAMS
CK_PTR 
CK_CBC_ENCRYPT_DATA_PARAMS_PTR
typedef CK_ULONG CK_PARAM_TYPE
 

CK_PARAM_TYPE

CK_PARAM_TYPE is a value that identifies an OTP parameter type. More...

typedef struct CK_OTP_PARAM
 

CK_OTP_PARAM; CK_OTP_PARAM_PTR

CK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter. More...

typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR
 Pointer to a CK_OTP_PARAM. More...

typedef struct CK_OTP_PARAMS
 CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. More...

typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR
 Pointer to a CK_OTP_PARAMS. More...

typedef struct CK_OTP_SIGNATURE_INFO
 CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). More...

typedef struct CK_KIP_PARAMS
 

CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTR

CK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. More...

typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS
 CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. More...

typedef struct CK_GOSTR3410_DERIVE_PARAMS
 CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. More...


Detailed Description

Definition in file pkcs11_all.h.


Define Documentation

#define CK_INVALID_HANDLE
 

An invalid handle.

#define CK_TRUE
 

CK_BBOOL true.

#define CK_FALSE
 

CK_BBOOL false.

#define CK_UNAVAILABLE_INFORMATION
 

Information unavailable.

#define CK_EFFECTIVELY_INFINITE
 

Effectively infinite.

#define CKU_SO
 

Security Officer.

#define CKU_USER
 

User.

#define CKU_CONTEXT_SPECIFIC
 

Context specific.

#define CKS_RO_PUBLIC_SESSION
 

Read only public session.

#define CKS_RO_USER_FUNCTIONS
 

Read only user functions.

#define CKS_RW_PUBLIC_SESSION
 

Read write public session.

#define CKS_RW_USER_FUNCTIONS
 

Read write user functions.

#define CKS_RW_SO_FUNCTIONS
 

Read write security officer functions.

#define TRUE
 

True.

#define FALSE
 

False.

#define CKA_MODULUS
 

Modulus ''n''.

#define CKA_MODULUS_BITS
 

Length in bits of modulus ''n''.

#define CKA_PUBLIC_EXPONENT
 

Public exponent ''e''.

#define CKA_MODULUS
 

Modulus ''n''.

#define CKA_PUBLIC_EXPONENT
 

Public exponent ''e''.

#define CKA_PRIVATE_EXPONENT
 

Private exponent ''d''.

#define CKA_PRIME_1
 

Prime ''p''.

#define CKA_PRIME_2
 

Prime ''q''.

#define CKA_EXPONENT_1
 

Private exponent ''d'' modulo ''p''-1.

#define CKA_EXPONENT_2
 

Private exponent ''d'' modulo ''q''-1.

#define CKA_COEFFICIENT
 

CRT coefficient ''q''-1 mod ''p''.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_PRIME_BITS
 

Length of the prime value.

#define CKA_EC_PARAMS
 

DER-encoding of an ANSI X9.62 Parameters value.

#define CKA_EC_POINT
 

DER-encoding of ANSI X9.62 ECPoint value ''Q''.

#define CKA_EC_PARAMS
 

DER-encoding of an ANSI X9.62 Parameters value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_BITS
 

Length in bits of private value ''x''.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_PRIME_BITS
 

Length of the prime value.

#define CKA_PRIME
 

Prime ''p'' (512 to 1024 bits, in steps of 64 bits).

#define CKA_BASE
 

Base ''g''.

#define CKA_SUBPRIME
 

Subprime ''q'' (160 bits).

#define CKA_PRIME_BITS
 

Length of the prime value.

#define CKA_SUBPRIME_BITS
 

Length of the subprime value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_REQUIRED_CMS_ATTRIBUTES
 

Attributes the token always will include in the set of CMS signed attributes.

#define CKA_DEFAULT_CMS_ATTRIBUTES
 

Attributes the token will include in the set of CMS signed attributes in the absence of any attributes specified by the application.

#define CKA_SUPPORTED_CMS_ATTRIBUTES
 

Attributes the token may include in the set of CMS signed attributes upon request by the application.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_OTP_FORMAT
 

Format of OTP values produced with this key: CK_OTP_FORMAT_DECIMAL = Decimal (default) (UTF8-encoded) CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal (UTF8-encoded) CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric (UTF8-encoded) CK_OTP_FORMAT_BINARY = Only binary values.

#define CKA_OTP_LENGTH
 

Default length of OTP values (in the CKA_OTP_FORMAT) produced with this key.

#define CKA_OTP_USER_FRIENDLY_MODE
 

Set to CK_TRUE when the token is capable of returning OTPs suitable for human consumption. See the description of CKF_USER_FRIENDLY_OTP below.

#define CKA_OTP_CHALLENGE_REQUIREMENT
 

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A challenge must be supplied. CK_OTP_PARAM_OPTIONAL = A challenge may be supplied but need not be. CK_OTP_PARAM_IGNORED = A challenge, if supplied, will be ignored.

#define CKA_OTP_TIME_REQUIREMENT
 

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A time value must be supplied. CK_OTP_PARAM_OPTIONAL = A time value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A time value, if supplied, will be ignored.

#define CKA_OTP_COUNTER_REQUIREMENT
 

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A counter value must be supplied. CK_OTP_PARAM_OPTIONAL = A counter value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A counter value, if supplied, will be ignored.

#define CKA_OTP_PIN_REQUIREMENT
 

Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A PIN value must be supplied. CK_OTP_PARAM_OPTIONAL = A PIN value may be supplied but need not be (if not supplied, then library will be responsible for collecting it) CK_OTP_PARAM_IGNORED = A PIN value, if supplied, will be ignored.

#define CKA_OTP_COUNTER
 

Value of the associated internal counter. Default value is empty (i.e. ''ulValueLen'' = 0).

#define CKA_OTP_TIME
 

Value of the associated internal UTC time in the form YYYYMMDDhhmmss. Default value is empty (i.e. ''ulValueLen''= 0).

#define CKA_OTP_USER_IDENTIFIER
 

Text string that identifies a user associated with the OTP key (may be used to enhance the user experience). Default value is empty (i.e. ''ulValueLen'' = 0).

#define CKA_OTP_SERVICE_IDENTIFIER
 

Text string that identifies a service that may validate OTPs generated by this key. Default value is empty (i.e. ''ulValueLen'' = 0).

#define CKA_OTP_SERVICE_LOGO
 

Logotype image that identifies a service that may validate OTPs generated by this key. Default value is empty (i.e. ''ulValueLen'' = 0).

#define CKA_OTP_SERVICE_LOGO_TYPE
 

MIME type of the CKA_OTP_SERVICE_LOGO attribute value. Default value is empty (i.e. ''ulValueLen'' = 0).

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_VALUE_LEN
 

Length in bytes of key value.

#define CK_OTP_PIN
 

A UTF8 string containing a PIN for use when computing or verifying PIN-based OTP values.

#define CK_OTP_CHALLENGE
 

Challenge to use when computing or verifying challenge-based OTP values.

#define CK_OTP_TIME
 

UTC time value in the form YYYYMMDDhhmmss to use when computing or verifying time-based OTP values.

#define CK_OTP_COUNTER
 

Counter value to use when computing or verifying counter-based OTP values.

#define CK_OTP_FLAGS
 

Bit flags indicating the characteristics of the sought OTP as defined below.

#define CK_OTP_OUTPUT_LENGTH
 

Desired output length (overrides any default value). A Cryptoki library will return CKR_MECHANISM_PARAM_INVALID if a provided length value is not supported.

#define CK_OTP_FORMAT
 

Returned OTP format (allowed values are the same as for CKA_OTP_FORMAT). This parameter is only intended for '''C_Sign''' output, see below. When not present, the returned OTP format will be the same as the value of the CKA_OTP_FORMAT attribute for the key in question.

#define CK_OTP_VALUE
 

An actual OTP value. This parameter type is intended for '''C_Sign''' output, see below.

#define CKF_NEXT_OTP
 

True (i.e. set) if the OTP computation shall be for the next OTP, rather than the current one (current being interpreted in the context of the algorithm, e.g. for the current counter value or current time window). A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if the CKF_NEXT_OTP flag is set and the OTP mechanism in question does not support the concept of "next" OTP or the library is not capable of generating the next OTP

Applications that may need to retrieve the next OTP should be prepared to handle this situation. For example, an application could store the OTP value returned by C_Sign so that, if a next OTP is required, it can compare it to the OTP value returned by subsequent calls to C_Sign should it turn out that the library does not support the CKF_NEXT_OTP flag.

.

#define CKF_EXCLUDE_TIME
 

True (i.e. set) if the OTP computation must not include a time value. Will have an effect only on mechanisms that do include a time value in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.

#define CKF_EXCLUDE_COUNTER
 

True (i.e. set) if the OTP computation must not include a counter value. Will have an effect only on mechanisms that do include a counter value in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.

#define CKF_EXCLUDE_CHALLENGE
 

True (i.e. set) if the OTP computation must not include a challenge. Will have an effect only on mechanisms that do include a challenge in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.

#define CKF_EXCLUDE_PIN
 

True (i.e. set) if the OTP computation must not include a PIN value. Will have an effect only on mechanisms that do include a PIN in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed.

#define CKF_USER_FRIENDLY_OTP
 

True (i.e. set) if the OTP returned shall be in a form suitable for human consumption. If this flag is set, and the call is successful, then the returned CK_OTP_VALUE shall be a UTF8-encoded printable string. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if this flag is set when CKA_OTP_USER_FRIENDLY_MODE for the key in question is CK_FALSE.

#define CKA_OTP_TIME_INTERVAL
 

Interval between OTP values produced with this key, in seconds. Default is 60.

#define CKR_NEW_PIN_MODE
 

The supplied OTP was not accepted and the library requests a new OTP computed using a new PIN. The new PIN is set through means out of scope for this document.

#define CKR_NEXT_OTP
 

The supplied OTP was correct but indicated a larger than normal drift in the token's internal state (e.g. clock, counter). To ensure this was not due to a temporary problem, the application should provide the next one-time password to the library for verification.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_GOST28147_PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_OBJECT_ID
 

DER-encoding of the object identifier indicating the domain parameters.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_OBJECT_ID
 

DER-encoding of the object identifier indicating the domain parameters.

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_GOSTR3410PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. When key is used the domain parameter object of key type CKK_GOSTR3410 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_GOSTR3411PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. When key is used the domain parameter object of key type CKK_GOSTR3411 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_GOST28147_PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_GOSTR3410PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. When key is used the domain parameter object of key type CKK_GOSTR3410 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_GOSTR3411PARAMS
 

DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. When key is used the domain parameter object of key type CKK_GOSTR3411 must be specified with the same attribute CKA_OBJECT_ID

#define CKA_GOST28147_PARAMS4
 

DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID. The attribute value may be omitted

#define CKA_VALUE
 

Public value ''y''. Bit length restricted to an byte array.

#define CKA_OBJECT_ID
 

DER-encoding of the object identifier indicating the domain parameters.


Typedef Documentation

typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE
 

CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTR

CK_RSA_PKCS_MGF_TYPE is used to indicate the Message Generation Function (MGF) applied to a message block when formatting a message block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme.

typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR
 

Pointer to a CK_RSA_PKCS_MGF_TYPE.

typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE
 

CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR

CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source of the encoding parameter when formatting a message block for the PKCS #1 OAEP encryption scheme.

typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR
 

Pointer to a CK_RSA_PKCS_OAEP_SOURCE_TYPE.

typedef struct CK_RSA_PKCS_OAEP_PARAMS CK_RSA_PKCS_OAEP_PARAMS
 

CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTR

CK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. The structure is defined as follows:
hashAlg mechanism ID of the message digest algorithm used to calculate the digest of the encoding parameter
mgf mask generation function to use on the encoded block
source source of the encoding parameter
pSourceData data used as the input for the encoding parameter source
ulSourceDataLen length of the encoding parameter source input

CK_RSA_PKCS_OAEP_PARAMS_PTR is a pointer to a CK_RSA_PKCS_OAEP_PARAMS.

typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR CK_RSA_PKCS_OAEP_PARAMS_PTR
 

Pointer to a CK_RSA_PKCS_OAEP_PARAMS.

typedef struct CK_RSA_PKCS_PSS_PARAMS CK_RSA_PKCS_PSS_PARAMS
 

CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTR

CK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. The structure is defined as follows:
hashAlg hash algorithm used in the PSS encoding; if the signature mechanism does not include message hashing, then this value must be the mechanism used by the application to generate the message hash; if the signature mechanism includes hashing, then this value must match the hash algorithm indicated by the signature mechanism
mgf mask generation function to use on the encoded block
sLen length, in bytes, of the salt value used in the PSS encoding; typical values are the length of the message hash and zero

CK_RSA_PKCS_PSS_PARAMS_PTR is a pointer to a CK_RSA_PKCS_PSS_PARAMS.

typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR
 

Pointer to a CK_RSA_PKCS_PSS_PARAMS.

typedef CK_ULONG CK_EC_KDF_TYPE
 

CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTR

CK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. The key derivation function will be used by the EC key agreement schemes. It is defined as follows:

typedef CK_EC_KDF_TYPE CK_PTR CK_EC_KDF_TYPE_PTR
 

Pointer to a CK_EC_KDF_TYPE.

typedef struct CK_ECDH1_DERIVE_PARAMS CK_ECDH1_DERIVE_PARAMS
 

CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTR

CK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulSharedDataLen the length in bytes of the shared info
pSharedData some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's EC public key
pPublicData

''The encoding in V2.20 was not specified and resulted in different implementations choosing different encodings. Applications relying only on a V2.20 encoding (e.g. the DER variant) other than the one specified now (raw) may not work with all V2.30 compliant tokens.''

pointer to other party's EC public key value. A token MUST be able to accept this value encoded as a raw octet string (as per section A.5.2 of [ANSI X9.62]). A token MAY, in addition, support accepting this value as a DER-encoded ECPoint (as per section E.6 of [ANSI X9.62]) i.e. the same as a CKA_EC_POINT encoding. The calling application is responsible for converting the offered public key to the compressed or uncompressed forms of these encodings if the token does not support the offered form.'' ''

With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero.

CK_ECDH1_DERIVE_PARAMS_PTR is a pointer to a CK_ECDH1_DERIVE_PARAMS.

CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTR

CK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:

typedef CK_ECDH1_DERIVE_PARAMS CK_PTR CK_ECDH1_DERIVE_PARAMS_PTR
 

Pointer to a CK_ECDH1_DERIVE_PARAMS.

typedef struct CK_ECMQV_DERIVE_PARAMS CK_ECMQV_DERIVE_PARAMS
 

CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTR

CK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulSharedDataLen the length in bytes of the shared info
pSharedData some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's first EC public key
pPublicData pointer to other party's first EC public key value. Encoding rules are as per ''pPublicData'' of CK_ECDH1_DERIVE_PARAMS
ulPrivateDataLen the length in bytes of the second EC private key
hPrivateData key handle for second EC private key value
ulPublicDataLen2 the length in bytes of the other party's second EC public key
pPublicData2 pointer to other party's second EC public key value. Encoding rules are as per ''pPublicData'' of CK_ECDH1_DERIVE_PARAMS
publicKey Handle to the first party's ephemeral public key

With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero.

CK_ECMQV_DERIVE_PARAMS_PTR is a pointer to a CK_ECMQV_DERIVE_PARAMS.

typedef CK_ECMQV_DERIVE_PARAMS CK_PTR CK_ECMQV_DERIVE_PARAMS_PTR
 

Pointer to a CK_ECMQV_DERIVE_PARAMS.

typedef CK_ULONG CK_X9_42_DH_KDF_TYPE
 

CK_X9_42_DH_KDF_TYPE, CK_X9_42_DH_KDF_TYPE_PTR

CK_X9_42_DH_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. The key derivation function will be used by the X9.42 Diffie-Hellman key agreement schemes.

typedef CK_X9_42_DH_KDF_TYPE CK_PTR CK_X9_42_DH_KDF_TYPE_PTR
 

Pointer to a CK_X9_42_DH_KDF_TYPE.

typedef struct CK_X9_42_DH1_DERIVE_PARAMS CK_X9_42_DH1_DERIVE_PARAMS
 

CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTR

CK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulOtherInfoLen the length in bytes of the other info
pOtherInfo some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's X9.42 Diffie-Hellman public key
pPublicData pointer to other party's X9.42 Diffie-Hellman public key value

With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.

CK_X9_42_DH1_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH1_DERIVE_PARAMS.

CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTR

CK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. The structure is defined as follows:

typedef CK_X9_42_DH1_DERIVE_PARAMS CK_PTR CK_X9_42_DH1_DERIVE_PARAMS_PTR
 

Pointer to a CK_X9_42_DH1_DERIVE_PARAMS.

typedef struct CK_X9_42_DH2_DERIVE_PARAMS CK_X9_42_DH2_DERIVE_PARAMS
 

CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTR

CK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulOtherInfoLen the length in bytes of the other info
pOtherInfo some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's first X9.42 Diffie-Hellman public key
pPublicData pointer to other party's first X9.42 Diffie-Hellman public key value
ulPrivateDataLen the length in bytes of the second X9.42 Diffie-Hellman private key
hPrivateData key handle for second X9.42 Diffie-Hellman private key value
ulPublicDataLen2 the length in bytes of the other party's second X9.42 Diffie-Hellman public key
pPublicData2 pointer to other party's second X9.42 Diffie-Hellman public key value

With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.

CK_X9_42_DH2_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH2_DERIVE_PARAMS.

CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTR

CK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:

typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR CK_X9_42_DH2_DERIVE_PARAMS_PTR
 

Pointer to a CK_X9_42_DH2_DERIVE_PARAMS.

typedef struct CK_X9_42_MQV_DERIVE_PARAMS CK_X9_42_MQV_DERIVE_PARAMS
 

CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTR

CK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
kdf key derivation function used on the shared secret value
ulOtherInfoLen the length in bytes of the other info
pOtherInfo some data shared between the two parties
ulPublicDataLen the length in bytes of the other party's first X9.42 Diffie-Hellman public key
pPublicData pointer to other party's first X9.42 Diffie-Hellman public key value
ulPrivateDataLen the length in bytes of the second X9.42 Diffie-Hellman private key
hPrivateData key handle for second X9.42 Diffie-Hellman private key value
ulPublicDataLen2 the length in bytes of the other party's second X9.42 Diffie-Hellman public key
pPublicData2 pointer to other party's second X9.42 Diffie-Hellman public key value
publicKey Handle to the first party's ephemeral public key

With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero.

CK_X9_42_MQV_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_MQV_DERIVE_PARAMS.

typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR CK_X9_42_MQV_DERIVE_PARAMS_PTR
 

Pointer to a CK_X9_42_MQV_DERIVE_PARAMS.

typedef struct CK_AES_CTR_PARAMS CK_AES_CTR_PARAMS
 

CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTR

CK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. It's up to the caller to initialize all of the bits in the counter block including the counter bits. The counter bits are the least significant bits of the counter block (cb). They are a big-endian value usually starting with 1. The rest of 'cb' is for the nonce, and maybe an optional IV.

E.g. as defined in [RFC 3686]:

0 1 2 3

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Nonce |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Initialization Vector (IV) |

|

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Block Counter |

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

This construction permits each packet to consist of up to 232-1 blocks = 4,294,967,295 blocks = 68,719,476,720 octets.

CK_AES_CTR _PARAMS_PTR is a pointer to a CK_AES_CTR _PARAMS.

typedef struct CK_GCM_PARAMS CK_GCM_PARAMS
 

CK_GCM _PARAMS; CK_GCM _PARAMS_PTR

CK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism.
pIv pointer to initialization vector
ulIvLen length of initialization vector in bytes. The length of the initialization vector can be any number between 1 and 256. 96-bit (12 byte) IV values can be processed more efficiently, so that length is recommended for situations in which efficiency is critical.
pAAD pointer to additional authentication data. This data is authenticated but not encrypted''.''
ulAADLen length of ''pAAD'' in bytes.
ulTagBits length of authentication tag (output following cipher text) in bits. Can be any value between 0 and 128.

CK_GCM_PARAMS_PTR is a pointer to a CK_GCM_PARAMS.

CK_CCM _PARAMS; CK_CCM _PARAMS_PTR

CK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. It is defined as follows:

typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR
 

Pointer to a CK_GCM_PARAMS.

typedef struct CK_CCM_PARAMS CK_CCM_PARAMS
 

CK_CCM _PARAMS; CK_CCM _PARAMS_PTR

CK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism.
ulDataLen length of the data where 0 <= ''ulDataLen'' < 28L.
pNonce the nonce.
ulNonceLen length of ''pNonce'' (<= 15-L) in bytes.
pAAD Additional authentication data. This data is authenticated but not encrypted.
ulAADLen length of ''pAuthData'' in bytes.
ulMACLen length of the MAC (output following cipher text) in bytes. Valid values are 4, 6, 8, 10, 12, 14, and 16.

CK_CCM_PARAMS_PTR is a pointer to a CK_CCM_PARAMS.

typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR
 

Pointer to a CK_CCM_PARAMS.

typedef struct CK_DES_CBC_ENCRYPT_DATA_PARAMS CK_DES_CBC_ENCRYPT_DATA_PARAMS
 

.
 
Functions
           
Mechanism
Encrypt
&
Decrypt
Sign
&
Verify
SR
&
VR1
Digest
Gen.
Key/
Key
Pair
Wrap
&
Unwrap
Derive
CKM_DES_ECB_ENCRYPT_DATA            
X
CKM_DES_CBC_ENCRYPT_DATA            
X
CKM_DES3_ECB_ENCRYPT_DATA            
X
CKM_DES3_CBC_ENCRYPT_DATA            
X
CKM_AES_ECB_ENCRYPT_DATA            
X
CKM_AES_CBC_ENCRYPT_DATA            
X

Mechanisms:

typedef struct CK_PBE_PARAMS CK_PBE_PARAMS
 

CK_PBE_PARAMS; CK_PBE_PARAMS_PTR

CK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism.
pInitVector pointer to the location that receives the 8-byte initialization vector (IV), if an IV is required;
pPassword points to the password to be used in the PBE key generation;
ulPasswordLen length in bytes of the password information;
pSalt points to the salt to be used in the PBE key generation;
ulSaltLen length in bytes of the salt information;
ulIteration number of iterations required for the generation.

CK_PBE_PARAMS_PTR is a pointer to a CK_PBE_PARAMS.

typedef CK_PBE_PARAMS CK_PTR CK_PBE_PARAMS_PTR
 

Pointer to a CK_PBE_PARAMS.

typedef CK_ULONG CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE
 

CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR

CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to indicate the Pseudo-Random Function (PRF) used to generate key bits using PKCS #5 PBKDF2.

typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR
 

Pointer to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE.

typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE
 

CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR

CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the source of the salt value when deriving a key using PKCS #5 PBKDF2. It is defined as follows:

typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR
 

Pointer to a CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE.

typedef struct CK_PKCS5_PBKD2_PARAMS CK_PKCS5_PBKD2_PARAMS
 

CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTR

CK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. The structure is defined as follows:
saltSource source of the salt value
pSaltSourceData data used as the input for the salt source
ulSaltSourceDataLen length of the salt source input
iterations number of iterations to perform when generating each block of random data
prf pseudo-random function to used to generate the key
pPrfData data used as the input for PRF in addition to the salt value
ulPrfDataLen length of the input data for the PRF
pPassword points to the password to be used in the PBE key generation
ulPasswordLen length in bytes of the password information

CK_PKCS5_PBKD2_PARAMS_PTR is a pointer to a CK_PKCS5_PBKD2_PARAMS.

typedef CK_PKCS5_PBKD2_PARAMS CK_PTR CK_PKCS5_PBKD2_PARAMS_PTR
 

Pointer to a CK_PKCS5_PBKD2_PARAMS.

typedef struct CK_SSL3_RANDOM_DATA CK_SSL3_RANDOM_DATA
 

CK_SSL3_RANDOM_DATA

CK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. This structure is used by both the CKM_SSL3_MASTER_KEY_DERIVE and the CKM_SSL3_KEY_AND_MAC_DERIVE mechanisms.
pClientRandom pointer to the client's random data
ulClientRandomLen length in bytes of the client's random data
pServerRandom pointer to the server's random data
ulServerRandomLen length in bytes of the server's random data

CK_SSL3_MASTER_KEY_DERIVE_PARAMS; CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR

CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a structure that provides the parameters to the CKM_SSL3_MASTER_KEY_DERIVE mechanism. It is defined as follows:

typedef struct CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_SSL3_MASTER_KEY_DERIVE_PARAMS
 

pClientRandom pointer to the client's random data
ulClientRandomLen length in bytes of the client's random data
pServerRandom pointer to the server's random data
ulServerRandomLen length in bytes of the server's random data

CK_SSL3_MASTER_KEY_DERIVE_PARAMS; CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR

CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a structure that provides the parameters to the CKM_SSL3_MASTER_KEY_DERIVE mechanism. It is defined as follows:
RandomInfo client's and server's random data information.
pVersion pointer to a '''CK_VERSION '''structure which receives the SSL protocol version information

CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS.

CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTR

CK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

typedef CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR
 

Pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS.

typedef struct CK_SSL3_KEY_MAT_OUT CK_SSL3_KEY_MAT_OUT
 

CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTR

CK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
hClientMacSecret key handle for the resulting Client MAC Secret key
hServerMacSecret key handle for the resulting Server MAC Secret key
hClientKey key handle for the resulting Client Secret key
hServerKey key handle for the resulting Server Secret key
pIVClient pointer to a location which receives the initialization vector (IV) created for the client (if any)
pIVServer pointer to a location which receives the initialization vector (IV) created for the server (if any)

CK_SSL3_KEY_MAT_OUT_PTR is a pointer to a CK_SSL3_KEY_MAT_OUT.

CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTR

CK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

typedef CK_SSL3_KEY_MAT_OUT CK_PTR CK_SSL3_KEY_MAT_OUT_PTR
 

Pointer to a CK_SSL3_KEY_MAT_OUT.

typedef struct CK_SSL3_KEY_MAT_PARAMS CK_SSL3_KEY_MAT_PARAMS
 

CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTR

CK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
ulMacSizeInBits the length (in bits) of the MACing keys agreed upon during the protocol handshake phase
ulKeySizeInBits the length (in bits) of the secret keys agreed upon during the protocol handshake phase
ulIVSizeInBits the length (in bits) of the IV agreed upon during the protocol handshake phase. If no IV is required, the length should be set to 0
bIsExport a Boolean value which indicates whether the keys have to be derived for an export version of the protocol
RandomInfo client's and server's random data information.
pReturnedKeyMaterial points to a '''CK_SSL3_KEY_MAT_OUT''' structures which receives the handles for the keys generated and the IVs

CK_SSL3_KEY_MAT_PARAMS_PTR is a pointer to a CK_SSL3_KEY_MAT_PARAMS.

typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR CK_SSL3_KEY_MAT_PARAMS_PTR
 

Pointer to a CK_SSL3_KEY_MAT_PARAMS.

typedef struct CK_TLS_PRF_PARAMS CK_TLS_PRF_PARAMS
 

CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTR

CK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism.

pSeed pointer to the input seed
ulSeedLen length in bytes of the input seed
pLabel pointer to the identifying label
ulLabelLen length in bytes of the identifying label
pOutput pointer receiving the output of the operation
pulOutputLen pointer to the length in bytes that the output to be created shall have, has to hold the desired length as input and will receive the calculated length as output

CK_TLS_PRF_PARAMS_PTR is a pointer to a CK_TLS_PRF_PARAMS.

typedef CK_TLS_PRF_PARAMS CK_PTR CK_TLS_PRF_PARAMS_PTR
 

Pointer to a CK_TLS_PRF_PARAMS.

typedef struct CK_WTLS_RANDOM_DATA CK_WTLS_RANDOM_DATA
 

CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTR

CK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. This structure is used by the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:

pClientRandom pointer to the client's random data
ulClientRandomLen length in bytes of the client's random data
pServerRandom pointer to the server's random data
ulServerRandomLen length in bytes of the server's random data

CK_WTLS_RANDOM_DATA_PTR is a pointer to a CK_WTLS_RANDOM_DATA.

CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR

CK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:

typedef CK_WTLS_RANDOM_DATA CK_PTR CK_WTLS_RANDOM_DATA_PTR
 

Pointer to a CK_WTLS_RANDOM_DATA.

typedef struct CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_WTLS_MASTER_KEY_DERIVE_PARAMS
 

CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR

CK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:

DigestMechanism the mechanism type of the digest mechanism to be used (possible types can be found in [WTLS])
RandomInfo Client's and server's random data information
pVersion pointer to a CK_BYTE which receives the WTLS protocol version information

CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS.

CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTR

CK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. It is defined as follows:

typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR
 

Pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS.

typedef struct CK_WTLS_PRF_PARAMS CK_WTLS_PRF_PARAMS
 

CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTR

CK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism.

DigestMechanism the mechanism type of the digest mechanism to be used (possible types can be found in [WTLS])
pSeed pointer to the input seed
ulSeedLen length in bytes of the input seed
pLabel pointer to the identifying label
ulLabelLen length in bytes of the identifying label
pOutput pointer receiving the output of the operation
pulOutputLen pointer to the length in bytes that the output to be created shall have, has to hold the desired length as input and will receive the calculated length as output

CK_WTLS_PRF_PARAMS_PTR is a pointer to a CK_WTLS_PRF_PARAMS.

CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTR

CK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

typedef CK_WTLS_PRF_PARAMS CK_PTR CK_WTLS_PRF_PARAMS_PTR
 

Pointer to a CK_WTLS_PRF_PARAMS.

typedef struct CK_WTLS_KEY_MAT_OUT CK_WTLS_KEY_MAT_OUT
 

CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTR

CK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:

hMacSecret Key handle for the resulting MAC secret key
hKey Key handle for the resulting secret key
pIV Pointer to a location which receives the initialization vector (IV) created (if any)

CK_WTLS_KEY_MAT_OUT_PTR is a pointer to a CK_WTLS_KEY_MAT_OUT.

CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTR

CK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. It is defined as follows:

typedef CK_WTLS_KEY_MAT_OUT CK_PTR CK_WTLS_KEY_MAT_OUT_PTR
 

Pointer to a CK_WTLS_KEY_MAT_OUT.

typedef struct CK_WTLS_KEY_MAT_PARAMS CK_WTLS_KEY_MAT_PARAMS
 

CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTR

CK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. It is defined as follows:

DigestMechanism the mechanism type of the digest mechanism to be used (possible types can be found in [WTLS])
ulMacSizeInBits the length (in bits) of the MACing key agreed upon during the protocol handshake phase
ulKeySizeInBits the length (in bits) of the secret key agreed upon during the handshake phase
ulIVSizeInBits the length (in bits) of the IV agreed upon during the handshake phase. If no IV is required, the length should be set to 0.
ulSequenceNumber The current sequence number used for records sent by the client and server respectively
bIsExport a boolean value which indicates whether the keys have to be derived for an export version of the protocol. If this value is true (i.e. the keys are exportable) then ulKeySizeInBits is the length of the key in bits before expansion. The length of the key after expansion is determined by the information found in the template sent along with this mechanism during a C_DeriveKey function call (either the CKA_KEY_TYPE or the CKA_VALUE_LEN attribute).
RandomInfo client's and server's random data information
pReturnedKeyMaterial points to a CK_WTLS_KEY_MAT_OUT structure which receives the handles for the keys generated and the IV

CK_WTLS_KEY_MAT_PARAMS_PTR is a pointer to a CK_WTLS_KEY_MAT_PARAMS.

typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR CK_WTLS_KEY_MAT_PARAMS_PTR
 

Pointer to a CK_WTLS_KEY_MAT_PARAMS.

typedef struct CK_KEY_DERIVATION_STRING_DATA CK_KEY_DERIVATION_STRING_DATA
 

CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR

.
pData pointer to the byte string
ulLen length of the byte string

CK_KEY_DERIVATION_STRING_DATA_PTR is a pointer to a CK_KEY_DERIVATION_STRING_DATA.

CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTR

CK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit of the base key should be used as the first bit of the derived key. It is defined as follows:

typedef CK_ULONG CK_EXTRACT_PARAMS;

CK_EXTRACT_PARAMS_PTR is a pointer to a CK_EXTRACT_PARAMS.

typedef CK_ULONG CK_EXTRACT_PARAMS
 

CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTR

CK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit of the base key should be used as the first bit of the derived key. It is defined as follows:

typedef CK_EXTRACT_PARAMS CK_PTR CK_EXTRACT_PARAMS_PTR
 

Pointer to a CK_EXTRACT_PARAMS.

typedef struct CK_CMS_SIG_PARAMS CK_CMS_SIG_PARAMS
 

CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTR

CK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism.
certificateHandle Object handle for a certificate associated with the signing key. The token may use information from this certificate to identify the signer in the '''SignerInfo''' result value. ''CertificateHandle'' may be NULL_PTR if the certificate is not available as a PKCS #11 object or if the calling application leaves the choice of certificate completely to the token.
pSigningMechanism Mechanism to use when signing a constructed CMS '''SignedAttributes''' value. E.g. ''' CKM_SHA1_RSA_PKCS'''.
pDigestMechanism Mechanism to use when digesting the data. Value shall be NULL_PTR when the digest mechanism to use follows from the ''pSigningMechanism'' parameter.
pContentType NULL-terminated string indicating complete MIME Content-type of message to be signed; or the value NULL_PTR if the message is a MIME object (which the token can parse to determine its MIME Content-type if required). Use the value "application/octet-stream" if the MIME type for the message is unknown or undefined. Note that the ''pContentType'' string shall conform to the syntax specified in RFC 2045, i.e. any parameters needed for correct presentation of the content by the token (such as, for example, a non-default "charset") must be present. The token must follow rules and procedures defined in RFC 2045 when presenting the content.
pRequestedAttributes Pointer to DER-encoded list of CMS '''Attributes''' the caller requests to be included in the signed attributes. Token may freely ignore this list or modify any supplied values.
ulRequestedAttributesLen Length in bytes of the value pointed to by ''pRequestedAttributes''
pRequiredAttributes Pointer to DER-encoded list of CMS '''Attributes''' (with accompanying values) required to be included in the resulting signed attributes. Token must not modify any supplied values. If the token does not support one or more of the attributes, or does not accept provided values, the signature operation will fail. The token will use its own default attributes when signing if both the ''pRequestedAttributes'' and ''pRequiredAttributes'' field are set to NULL_PTR.
ulRequiredAttributesLen Length in bytes, of the value pointed to by ''pRequiredAttributes''.

typedef struct CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS
 

Mechanisms:.

typedef struct CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_ARIA_CBC_ENCRYPT_DATA_PARAMS
 

Mechanisms:.

typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_CBC_ENCRYPT_DATA_PARAMS
 

Mechanisms:.

typedef CK_ULONG CK_PARAM_TYPE
 

CK_PARAM_TYPE

CK_PARAM_TYPE is a value that identifies an OTP parameter type. It is defined as follows:

typedef struct CK_OTP_PARAM CK_OTP_PARAM
 

CK_OTP_PARAM; CK_OTP_PARAM_PTR

CK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter.
type the parameter type
pValue pointer to the value of the parameter
ulValueLen length in bytes of the value

If a parameter has no value, then ulValueLen = 0, and the value of pValue is irrelevant. Note that pValue is a "void" pointer, facilitating the passing of arbitrary values. Both the application and the Cryptoki library must ensure that the pointer can be safely cast to the expected type (i.e., without word-alignment errors).

CK_OTP_PARAM_PTR is a pointer to a CK_OTP_PARAM.

CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. It is defined as follows:

typedef CK_OTP_PARAM CK_PTR CK_OTP_PARAM_PTR
 

Pointer to a CK_OTP_PARAM.

typedef struct CK_OTP_PARAMS CK_OTP_PARAMS
 

CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion.
pParams pointer to an array of OTP parameters
ulCount the number of parameters in the array

CK_OTP_PARAMS_PTR is a pointer to a CK_OTP_PARAMS.

When calling C_SignInit or C_VerifyInit with a mechanism that takes a CK_OTP_PARAMS structure as a parameter, the CK_OTP_PARAMS structure shall be populated in accordance with the 'CKA_OTP_ X_REQUIREMENT ' key attributes for the identified key, where X is PIN, CHALLENGE, TIME, or COUNTER.

For example, if CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_MANDATORY, then the CK_OTP_TIME parameter shall be present. If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_OPTIONAL, then a CK_OTP_TIME parameter may be present. If it is not present, then the library may collect it (during the C_Sign call). If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_IGNORED, then a provided CK_OTP_TIME parameter will always be ignored. Additionally, a provided CK_OTP_TIME parameter will always be ignored if CKF_EXCLUDE_TIME is set in a CK_OTP_FLAGS parameter. Similarly, if this flag is set, a library will not attempt to collect the value itself, and it will also instruct the token not to make use of any internal value, subject to token policies. It is an error (CKR_MECHANISM_PARAM_INVALID) to set the CKF_EXCLUDE_TIME flag when the CKA_TIME_REQUIREMENT attribute is CK_OTP_PARAM_MANDATORY.
The above discussion holds for all CKA_OTP_''X''_REQUIREMENT attributes (''i.e''., CKA_OTP_PIN_REQUIREMENT, CKA_OTP_CHALLENGE_REQURIEMENT, CKA_OTP_COUNTER_REQUIREMENT, CKA_OTP_TIME_REQUIREMENT). A library may set a particular CKA_OTP_''X''_REQUIREMENT attribute to CK_OTP_PARAM_OPTIONAL even if it is required by the mechanism as long as the token (or the library itself) has the capability of providing the value to the computation. One example of this is a token with an on-board clock.

In addition, applications may use the CK_OTP_FLAGS, the CK_OTP_OUTPUT_FORMAT and the CK_OUTPUT_LENGTH parameters to set additional parameters.

CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). The structure informs applications of actual parameter values used in particular OTP computations in addition to the OTP value itself. It is used by all mechanisms for which the key belongs to the class CKO_OTP_KEY and is defined as follows:

typedef CK_OTP_PARAMS CK_PTR CK_OTP_PARAMS_PTR
 

Pointer to a CK_OTP_PARAMS.

typedef struct CK_OTP_SIGNATURE_INFO CK_OTP_SIGNATURE_INFO
 

CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). The structure informs applications of actual parameter values used in particular OTP computations in addition to the OTP value itself. It is used by all mechanisms for which the key belongs to the class CKO_OTP_KEY and is defined as follows:
pParams pointer to an array of OTP parameter values
ulCount the number of parameters in the array

After successful calls to C_Sign or C_SignFinal with an OTP mechanism, the pSignature parameter will be set to point to a CK_OTP_SIGNATURE_INFO structure. One of the parameters in this structure will be the OTP value itself, identified with the CK_OTP_VALUE tag. Other parameters may be present for informational purposes, e.g. the actual time used in the OTP calculation. In order to simplify OTP validations, authentication protocols may permit authenticating parties to send some or all of these parameters in addition to OTP values themselves. Applications should therefore check for their presence in returned CK_OTP_SIGNATURE_INFO values whenever such circumstances apply.

Since C_Sign and C_SignFinal follows the convention described in Section 11.2 on producing output, a call to C_Sign (or C_SignFinal) with pSignature set to NULL_PTR will return (in the pulSignatureLen parameter) the required number of bytes to hold the CK_OTP_SIGNATURE_INFO structure as well as all the data in all its CK_OTP_PARAM components. If an application allocates a memory block based on this information, it shall therefore not subsequently de-allocate components of such a received value but rather de-allocate the complete CK_OTP_PARAMS structure itself. A Cryptoki library that is called with a non-NULL pSignature pointer will assume that it points to a contiguous memory block of the size indicated by the pulSignatureLen parameter.

When verifying an OTP value using an OTP mechanism, pSignature shall be set to the OTP value itself, e.g. the value of the CK_OTP_VALUE component of a CK_OTP_PARAMS structure returned by a call to C_Sign. The CK_OTP_PARAMS value supplied in the C_VerifyInit call sets the values to use in the verification operation.

CK_OTP_SIGNATURE_INFO_PTR points to a CK_OTP_SIGNATURE_INFO.

typedef struct CK_KIP_PARAMS CK_KIP_PARAMS
 

CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTR

CK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. The structure is defined as follows:
pMechanism pointer to the underlying cryptographic mechanism (e.g. AES, SHA-256), see further 3, Appendix D
hKey handle to a key that will contribute to the entropy of the derived key ( CKM_KIP_DERIVE) or will be used in the MAC operation ( CKM_KIP_MAC)
pSeed pointer to an input seed
ulSeedLen length in bytes of the input seed

CK_KIP_PARAMS_PTR is a pointer to a CK_KIP_PARAMS structure.

typedef struct CK_GOSTR3410_KEY_WRAP_PARAMS CK_GOSTR3410_KEY_WRAP_PARAMS
 

CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. It is defined as follows:

pWrapOID   pointer to a data with DER-encoding of the object identifier indicating the data object type of GOST 28147-89. If pointer takes NULL_PTR value in C_WrapKey operation then parameters are specified in object identifier of attribute CKA_GOSTR3411PARAMS must be used. For C_UnwrapKey operation the pointer is not used and must take NULL_PTR value anytime
ulWrapOIDLen   length of data with DER-encoding of the object identifier indicating the data object type of GOST 28147-89
pUKM   pointer to a data with UKM. If pointer takes NULL_PTR value in C_WrapKey operation then random value of UKM will be used. If pointer takes non-NULL_PTR value in C_UnwrapKey operation then the pointer value will be compared with UKM value of wrapped key. If these two values do not match the wrapped key will be rejected
ulUKMLen   length of UKM data. If pUKM -pointer is different from NULL_PTR then equal to 8
hKey   key handle. Key handle of a sender for C_WrapKey operation. Key handle of a receiver for C_UnwrapKey operation. When key handle takes CK_INVALID_HANDLE value then an ephemeral (one time) key pair of a sender will be used

*CK_GOSTR3410_DERIVE_PARAMS

CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. It is defined as follows:

typedef struct CK_GOSTR3410_DERIVE_PARAMS CK_GOSTR3410_DERIVE_PARAMS
 

CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. It is defined as follows:

Footnote Meaning
   
ulPublicDataLen  

1 Public key of a receiver is an octet string of 64 bytes long. The public key octets correspond to the concatenation of X and Y coordinates of a point. Any one of them is 32 bytes long and represented in little endian order.


RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v230mechanism1