![]() | Cryptographic Token Interface Standard |
PKCS#11 |
Go to the source code of this file.
Data Structures | |
CK_RSA_PKCS_OAEP_PARAMS | |
CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTRCK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. More... | |
CK_RSA_PKCS_PSS_PARAMS | |
CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTRCK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. More... | |
CK_ECDH1_DERIVE_PARAMS | |
CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTRCK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. More... | |
CK_ECMQV_DERIVE_PARAMS | |
CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTRCK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More... | |
CK_X9_42_DH1_DERIVE_PARAMS | |
CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTRCK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. More... | |
CK_X9_42_DH2_DERIVE_PARAMS | |
CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTRCK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. More... | |
CK_X9_42_MQV_DERIVE_PARAMS | |
CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTRCK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More... | |
CK_AES_CTR_PARAMS | |
CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTRCK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. More... | |
CK_GCM_PARAMS | |
CK_GCM _PARAMS; CK_GCM _PARAMS_PTRCK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. More... | |
CK_CCM_PARAMS | |
CK_CCM _PARAMS; CK_CCM _PARAMS_PTRCK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. More... | |
CK_DES_CBC_ENCRYPT_DATA_PARAMS | |
CK_PBE_PARAMS | |
CK_PBE_PARAMS; CK_PBE_PARAMS_PTRCK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism. More... | |
CK_PKCS5_PBKD2_PARAMS | |
CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTRCK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. More... | |
CK_SSL3_RANDOM_DATA | |
CK_SSL3_RANDOM_DATACK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. More... | |
CK_SSL3_MASTER_KEY_DERIVE_PARAMS | |
CK_SSL3_KEY_MAT_OUT | |
CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTRCK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More... | |
CK_SSL3_KEY_MAT_PARAMS | |
CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTRCK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More... | |
CK_TLS_PRF_PARAMS | |
CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTRCK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism. More... | |
CK_WTLS_RANDOM_DATA | |
CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTRCK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. More... | |
CK_WTLS_MASTER_KEY_DERIVE_PARAMS | |
CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTRCK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. More... | |
CK_WTLS_PRF_PARAMS | |
CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTRCK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. More... | |
CK_WTLS_KEY_MAT_OUT | |
CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTRCK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. More... | |
CK_WTLS_KEY_MAT_PARAMS | |
CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTRCK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. More... | |
CK_KEY_DERIVATION_STRING_DATA | |
CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR. More... | |
CK_CMS_SIG_PARAMS | |
CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTRCK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism. More... | |
CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS | |
Mechanisms:. More... | |
CK_ARIA_CBC_ENCRYPT_DATA_PARAMS | |
Mechanisms:. More... | |
CK_OTP_PARAM | |
CK_OTP_PARAM; CK_OTP_PARAM_PTRCK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter. More... | |
CK_OTP_PARAMS | |
CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. More... | |
CK_OTP_SIGNATURE_INFO | |
CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). More... | |
CK_KIP_PARAMS | |
CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTRCK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. More... | |
CK_GOSTR3410_KEY_WRAP_PARAMS | |
CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. More... | |
CK_GOSTR3410_DERIVE_PARAMS | |
CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. More... | |
Defines | |
#define | CK_INVALID_HANDLE |
An invalid handle. More... | |
#define | CK_TRUE |
CK_BBOOL true. More... | |
#define | CK_FALSE |
CK_BBOOL false. More... | |
#define | CK_UNAVAILABLE_INFORMATION |
Information unavailable. More... | |
#define | CK_EFFECTIVELY_INFINITE |
Effectively infinite. More... | |
#define | CKU_SO |
Security Officer. More... | |
#define | CKU_USER |
User. More... | |
#define | CKU_CONTEXT_SPECIFIC |
Context specific. More... | |
#define | CKS_RO_PUBLIC_SESSION |
Read only public session. More... | |
#define | CKS_RO_USER_FUNCTIONS |
Read only user functions. More... | |
#define | CKS_RW_PUBLIC_SESSION |
Read write public session. More... | |
#define | CKS_RW_USER_FUNCTIONS |
Read write user functions. More... | |
#define | CKS_RW_SO_FUNCTIONS |
Read write security officer functions. More... | |
#define | TRUE |
True. More... | |
#define | FALSE |
False. More... | |
#define | CKA_MODULUS |
Modulus ''n''. More... | |
#define | CKA_MODULUS_BITS |
Length in bits of modulus ''n''. More... | |
#define | CKA_PUBLIC_EXPONENT |
Public exponent ''e''. More... | |
#define | CKA_MODULUS |
Modulus ''n''. More... | |
#define | CKA_PUBLIC_EXPONENT |
Public exponent ''e''. More... | |
#define | CKA_PRIVATE_EXPONENT |
Private exponent ''d''. More... | |
#define | CKA_PRIME_1 |
Prime ''p''. More... | |
#define | CKA_PRIME_2 |
Prime ''q''. More... | |
#define | CKA_EXPONENT_1 |
Private exponent ''d'' modulo ''p''-1. More... | |
#define | CKA_EXPONENT_2 |
Private exponent ''d'' modulo ''q''-1. More... | |
#define | CKA_COEFFICIENT |
CRT coefficient ''q''-1 mod ''p''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_PRIME_BITS |
Length of the prime value. More... | |
#define | CKA_EC_PARAMS |
DER-encoding of an ANSI X9.62 Parameters value. More... | |
#define | CKA_EC_POINT |
DER-encoding of ANSI X9.62 ECPoint value ''Q''. More... | |
#define | CKA_EC_PARAMS |
DER-encoding of an ANSI X9.62 Parameters value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_BITS |
Length in bits of private value ''x''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_PRIME_BITS |
Length of the prime value. More... | |
#define | CKA_PRIME |
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). More... | |
#define | CKA_BASE |
Base ''g''. More... | |
#define | CKA_SUBPRIME |
Subprime ''q'' (160 bits). More... | |
#define | CKA_PRIME_BITS |
Length of the prime value. More... | |
#define | CKA_SUBPRIME_BITS |
Length of the subprime value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_REQUIRED_CMS_ATTRIBUTES |
Attributes the token always will include in the set of CMS signed attributes. More... | |
#define | CKA_DEFAULT_CMS_ATTRIBUTES |
Attributes the token will include in the set of CMS signed attributes in the absence of any attributes specified by the application. More... | |
#define | CKA_SUPPORTED_CMS_ATTRIBUTES |
Attributes the token may include in the set of CMS signed attributes upon request by the application. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_OTP_FORMAT |
Format of OTP values produced with this key: CK_OTP_FORMAT_DECIMAL = Decimal (default) (UTF8-encoded) CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal (UTF8-encoded) CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric (UTF8-encoded) CK_OTP_FORMAT_BINARY = Only binary values. More... | |
#define | CKA_OTP_LENGTH |
Default length of OTP values (in the CKA_OTP_FORMAT) produced with this key. More... | |
#define | CKA_OTP_USER_FRIENDLY_MODE |
Set to CK_TRUE when the token is capable of returning OTPs suitable for human consumption. More... | |
#define | CKA_OTP_CHALLENGE_REQUIREMENT |
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A challenge must be supplied. More... | |
#define | CKA_OTP_TIME_REQUIREMENT |
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A time value must be supplied. More... | |
#define | CKA_OTP_COUNTER_REQUIREMENT |
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A counter value must be supplied. More... | |
#define | CKA_OTP_PIN_REQUIREMENT |
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A PIN value must be supplied. More... | |
#define | CKA_OTP_COUNTER |
Value of the associated internal counter. More... | |
#define | CKA_OTP_TIME |
Value of the associated internal UTC time in the form YYYYMMDDhhmmss. More... | |
#define | CKA_OTP_USER_IDENTIFIER |
Text string that identifies a user associated with the OTP key (may be used to enhance the user experience). More... | |
#define | CKA_OTP_SERVICE_IDENTIFIER |
Text string that identifies a service that may validate OTPs generated by this key. More... | |
#define | CKA_OTP_SERVICE_LOGO |
Logotype image that identifies a service that may validate OTPs generated by this key. More... | |
#define | CKA_OTP_SERVICE_LOGO_TYPE |
MIME type of the CKA_OTP_SERVICE_LOGO attribute value. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_VALUE_LEN |
Length in bytes of key value. More... | |
#define | CK_OTP_PIN |
A UTF8 string containing a PIN for use when computing or verifying PIN-based OTP values. More... | |
#define | CK_OTP_CHALLENGE |
Challenge to use when computing or verifying challenge-based OTP values. More... | |
#define | CK_OTP_TIME |
UTC time value in the form YYYYMMDDhhmmss to use when computing or verifying time-based OTP values. More... | |
#define | CK_OTP_COUNTER |
Counter value to use when computing or verifying counter-based OTP values. More... | |
#define | CK_OTP_FLAGS |
Bit flags indicating the characteristics of the sought OTP as defined below. More... | |
#define | CK_OTP_OUTPUT_LENGTH |
Desired output length (overrides any default value). More... | |
#define | CK_OTP_FORMAT |
Returned OTP format (allowed values are the same as for CKA_OTP_FORMAT). More... | |
#define | CK_OTP_VALUE |
An actual OTP value. More... | |
#define | CKF_NEXT_OTP |
True (i.e. More... | |
#define | CKF_EXCLUDE_TIME |
True (i.e. More... | |
#define | CKF_EXCLUDE_COUNTER |
True (i.e. More... | |
#define | CKF_EXCLUDE_CHALLENGE |
True (i.e. More... | |
#define | CKF_EXCLUDE_PIN |
True (i.e. More... | |
#define | CKF_USER_FRIENDLY_OTP |
True (i.e. More... | |
#define | CKA_OTP_TIME_INTERVAL |
Interval between OTP values produced with this key, in seconds. More... | |
#define | CKR_NEW_PIN_MODE |
The supplied OTP was not accepted and the library requests a new OTP computed using a new PIN. More... | |
#define | CKR_NEXT_OTP |
The supplied OTP was correct but indicated a larger than normal drift in the token's internal state (e.g. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_GOST28147_PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_OBJECT_ID |
DER-encoding of the object identifier indicating the domain parameters. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_OBJECT_ID |
DER-encoding of the object identifier indicating the domain parameters. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_GOSTR3410PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. More... | |
#define | CKA_GOSTR3411PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. More... | |
#define | CKA_GOST28147_PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_GOSTR3410PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. More... | |
#define | CKA_GOSTR3411PARAMS |
DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. More... | |
#define | CKA_GOST28147_PARAMS4 |
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. More... | |
#define | CKA_VALUE |
Public value ''y''. More... | |
#define | CKA_OBJECT_ID |
DER-encoding of the object identifier indicating the domain parameters. More... | |
Typedefs | |
typedef CK_ULONG | CK_RSA_PKCS_MGF_TYPE |
CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTRCK_RSA_PKCS_MGF_TYPE is used to indicate the Message Generation Function (MGF) applied to a message block when formatting a message block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme. More... | |
typedef CK_RSA_PKCS_MGF_TYPE CK_PTR | CK_RSA_PKCS_MGF_TYPE_PTR |
Pointer to a CK_RSA_PKCS_MGF_TYPE. More... | |
typedef CK_ULONG | CK_RSA_PKCS_OAEP_SOURCE_TYPE |
CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTRCK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source of the encoding parameter when formatting a message block for the PKCS #1 OAEP encryption scheme. More... | |
typedef CK_RSA_PKCS_OAEP_SOURCE_TYPE CK_PTR | CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR |
Pointer to a CK_RSA_PKCS_OAEP_SOURCE_TYPE. More... | |
typedef struct | CK_RSA_PKCS_OAEP_PARAMS |
CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTRCK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. More... | |
typedef CK_RSA_PKCS_OAEP_PARAMS CK_PTR | CK_RSA_PKCS_OAEP_PARAMS_PTR |
Pointer to a CK_RSA_PKCS_OAEP_PARAMS. More... | |
typedef struct | CK_RSA_PKCS_PSS_PARAMS |
CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTRCK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. More... | |
typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR | CK_RSA_PKCS_PSS_PARAMS_PTR |
Pointer to a CK_RSA_PKCS_PSS_PARAMS. More... | |
typedef CK_ULONG | CK_EC_KDF_TYPE |
CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTRCK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. More... | |
typedef CK_EC_KDF_TYPE CK_PTR | CK_EC_KDF_TYPE_PTR |
Pointer to a CK_EC_KDF_TYPE. More... | |
typedef struct | CK_ECDH1_DERIVE_PARAMS |
CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTRCK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. More... | |
typedef CK_ECDH1_DERIVE_PARAMS CK_PTR | CK_ECDH1_DERIVE_PARAMS_PTR |
Pointer to a CK_ECDH1_DERIVE_PARAMS. More... | |
typedef struct | CK_ECMQV_DERIVE_PARAMS |
CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTRCK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More... | |
typedef CK_ECMQV_DERIVE_PARAMS CK_PTR | CK_ECMQV_DERIVE_PARAMS_PTR |
Pointer to a CK_ECMQV_DERIVE_PARAMS. More... | |
typedef CK_ULONG | CK_X9_42_DH_KDF_TYPE |
CK_X9_42_DH_KDF_TYPE, CK_X9_42_DH_KDF_TYPE_PTRCK_X9_42_DH_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. More... | |
typedef CK_X9_42_DH_KDF_TYPE CK_PTR | CK_X9_42_DH_KDF_TYPE_PTR |
Pointer to a CK_X9_42_DH_KDF_TYPE. More... | |
typedef struct | CK_X9_42_DH1_DERIVE_PARAMS |
CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTRCK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. More... | |
typedef CK_X9_42_DH1_DERIVE_PARAMS CK_PTR | CK_X9_42_DH1_DERIVE_PARAMS_PTR |
Pointer to a CK_X9_42_DH1_DERIVE_PARAMS. More... | |
typedef struct | CK_X9_42_DH2_DERIVE_PARAMS |
CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTRCK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. More... | |
typedef CK_X9_42_DH2_DERIVE_PARAMS CK_PTR | CK_X9_42_DH2_DERIVE_PARAMS_PTR |
Pointer to a CK_X9_42_DH2_DERIVE_PARAMS. More... | |
typedef struct | CK_X9_42_MQV_DERIVE_PARAMS |
CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTRCK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. More... | |
typedef CK_X9_42_MQV_DERIVE_PARAMS CK_PTR | CK_X9_42_MQV_DERIVE_PARAMS_PTR |
Pointer to a CK_X9_42_MQV_DERIVE_PARAMS. More... | |
typedef struct | CK_AES_CTR_PARAMS |
CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTRCK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. More... | |
typedef struct | CK_GCM_PARAMS |
CK_GCM _PARAMS; CK_GCM _PARAMS_PTRCK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism. More... | |
typedef CK_GCM_PARAMS CK_PTR | CK_GCM_PARAMS_PTR |
Pointer to a CK_GCM_PARAMS. More... | |
typedef struct | CK_CCM_PARAMS |
CK_CCM _PARAMS; CK_CCM _PARAMS_PTRCK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. More... | |
typedef CK_CCM_PARAMS CK_PTR | CK_CCM_PARAMS_PTR |
Pointer to a CK_CCM_PARAMS. More... | |
typedef struct | CK_DES_CBC_ENCRYPT_DATA_PARAMS |
typedef CK_DES_CBC_ENCRYPT_DATA_PARAMS* | CK_DES_CBC_ENCRYPT_DATA_PARAMS_PTR |
typedef struct | CK_AES_CBC_ENCRYPT_DATA_PARAMS |
typedef CK_AES_CBC_ENCRYPT_DATA_PARAMS CK_PTR | CK_AES_CBC_ENCRYPT_DATA_PARAMS_PTR |
typedef struct | CK_PBE_PARAMS |
CK_PBE_PARAMS; CK_PBE_PARAMS_PTRCK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism. More... | |
typedef CK_PBE_PARAMS CK_PTR | CK_PBE_PARAMS_PTR |
Pointer to a CK_PBE_PARAMS. More... | |
typedef CK_ULONG | CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE |
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTRCK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to indicate the Pseudo-Random Function (PRF) used to generate key bits using PKCS #5 PBKDF2. More... | |
typedef CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE CK_PTR | CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR |
Pointer to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE. More... | |
typedef CK_ULONG | CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE |
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTRCK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the source of the salt value when deriving a key using PKCS #5 PBKDF2. More... | |
typedef CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE CK_PTR | CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR |
Pointer to a CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE. More... | |
typedef struct | CK_PKCS5_PBKD2_PARAMS |
CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTRCK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. More... | |
typedef CK_PKCS5_PBKD2_PARAMS CK_PTR | CK_PKCS5_PBKD2_PARAMS_PTR |
Pointer to a CK_PKCS5_PBKD2_PARAMS. More... | |
typedef struct | CK_SSL3_RANDOM_DATA |
CK_SSL3_RANDOM_DATACK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. More... | |
typedef struct | CK_SSL3_MASTER_KEY_DERIVE_PARAMS |
typedef CK_SSL3_MASTER_KEY_DERIVE_PARAMS CK_PTR | CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR |
Pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS. More... | |
typedef struct | CK_SSL3_KEY_MAT_OUT |
CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTRCK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More... | |
typedef CK_SSL3_KEY_MAT_OUT CK_PTR | CK_SSL3_KEY_MAT_OUT_PTR |
Pointer to a CK_SSL3_KEY_MAT_OUT. More... | |
typedef struct | CK_SSL3_KEY_MAT_PARAMS |
CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTRCK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. More... | |
typedef CK_SSL3_KEY_MAT_PARAMS CK_PTR | CK_SSL3_KEY_MAT_PARAMS_PTR |
Pointer to a CK_SSL3_KEY_MAT_PARAMS. More... | |
typedef struct | CK_TLS_PRF_PARAMS |
CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTRCK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism. More... | |
typedef CK_TLS_PRF_PARAMS CK_PTR | CK_TLS_PRF_PARAMS_PTR |
Pointer to a CK_TLS_PRF_PARAMS. More... | |
typedef struct | CK_WTLS_RANDOM_DATA |
CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTRCK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. More... | |
typedef CK_WTLS_RANDOM_DATA CK_PTR | CK_WTLS_RANDOM_DATA_PTR |
Pointer to a CK_WTLS_RANDOM_DATA. More... | |
typedef struct | CK_WTLS_MASTER_KEY_DERIVE_PARAMS |
CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTRCK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. More... | |
typedef CK_WTLS_MASTER_KEY_DERIVE_PARAMS CK_PTR | CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR |
Pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS. More... | |
typedef struct | CK_WTLS_PRF_PARAMS |
CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTRCK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. More... | |
typedef CK_WTLS_PRF_PARAMS CK_PTR | CK_WTLS_PRF_PARAMS_PTR |
Pointer to a CK_WTLS_PRF_PARAMS. More... | |
typedef struct | CK_WTLS_KEY_MAT_OUT |
CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTRCK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. More... | |
typedef CK_WTLS_KEY_MAT_OUT CK_PTR | CK_WTLS_KEY_MAT_OUT_PTR |
Pointer to a CK_WTLS_KEY_MAT_OUT. More... | |
typedef struct | CK_WTLS_KEY_MAT_PARAMS |
CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTRCK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. More... | |
typedef CK_WTLS_KEY_MAT_PARAMS CK_PTR | CK_WTLS_KEY_MAT_PARAMS_PTR |
Pointer to a CK_WTLS_KEY_MAT_PARAMS. More... | |
typedef struct | CK_KEY_DERIVATION_STRING_DATA |
CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR. More... | |
typedef CK_ULONG | CK_EXTRACT_PARAMS |
CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTRCK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. More... | |
typedef CK_EXTRACT_PARAMS CK_PTR | CK_EXTRACT_PARAMS_PTR |
Pointer to a CK_EXTRACT_PARAMS. More... | |
typedef struct | CK_CMS_SIG_PARAMS |
CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTRCK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism. More... | |
typedef struct | CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS |
Mechanisms:. More... | |
typedef CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR | CK_CAMELLIA_CBC_ENCRYPT_DATA_PARAMS_PTR |
typedef struct | CK_ARIA_CBC_ENCRYPT_DATA_PARAMS |
Mechanisms:. More... | |
typedef CK_ARIA_CBC_ENCRYPT_DATA_PARAMS CK_PTR | CK_ARIA_CBC_ENCRYPT_DATA_PARAMS_PTR |
typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS | CK_CBC_ENCRYPT_DATA_PARAMS |
Mechanisms:. More... | |
typedef CK_CBC_ENCRYPT_DATA_PARAMS CK_PTR | CK_CBC_ENCRYPT_DATA_PARAMS_PTR |
typedef CK_ULONG | CK_PARAM_TYPE |
CK_PARAM_TYPECK_PARAM_TYPE is a value that identifies an OTP parameter type. More... | |
typedef struct | CK_OTP_PARAM |
CK_OTP_PARAM; CK_OTP_PARAM_PTRCK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter. More... | |
typedef CK_OTP_PARAM CK_PTR | CK_OTP_PARAM_PTR |
Pointer to a CK_OTP_PARAM. More... | |
typedef struct | CK_OTP_PARAMS |
CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. More... | |
typedef CK_OTP_PARAMS CK_PTR | CK_OTP_PARAMS_PTR |
Pointer to a CK_OTP_PARAMS. More... | |
typedef struct | CK_OTP_SIGNATURE_INFO |
CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). More... | |
typedef struct | CK_KIP_PARAMS |
CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTRCK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. More... | |
typedef struct | CK_GOSTR3410_KEY_WRAP_PARAMS |
CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. More... | |
typedef struct | CK_GOSTR3410_DERIVE_PARAMS |
CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. More... |
Definition in file pkcs11_all.h.
|
An invalid handle. |
|
CK_BBOOL true. |
|
CK_BBOOL false. |
|
Information unavailable. |
|
Effectively infinite. |
|
Security Officer. |
|
User. |
|
Context specific. |
|
Read only public session. |
|
Read only user functions. |
|
Read write public session. |
|
Read write user functions. |
|
Read write security officer functions. |
|
True. |
|
False. |
|
Modulus ''n''. |
|
Length in bits of modulus ''n''. |
|
Public exponent ''e''. |
|
Modulus ''n''. |
|
Public exponent ''e''. |
|
Private exponent ''d''. |
|
Prime ''p''. |
|
Prime ''q''. |
|
Private exponent ''d'' modulo ''p''-1. |
|
Private exponent ''d'' modulo ''q''-1. |
|
CRT coefficient ''q''-1 mod ''p''. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Subprime ''q'' (160 bits). |
|
Base ''g''. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Subprime ''q'' (160 bits). |
|
Base ''g''. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Subprime ''q'' (160 bits). |
|
Base ''g''. |
|
Length of the prime value. |
|
DER-encoding of an ANSI X9.62 Parameters value. |
|
DER-encoding of ANSI X9.62 ECPoint value ''Q''. |
|
DER-encoding of an ANSI X9.62 Parameters value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Subprime ''q'' (160 bits). |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bits of private value ''x''. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Subprime ''q'' (160 bits). |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Length of the prime value. |
|
Prime ''p'' (512 to 1024 bits, in steps of 64 bits). |
|
Base ''g''. |
|
Subprime ''q'' (160 bits). |
|
Length of the prime value. |
|
Length of the subprime value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Attributes the token always will include in the set of CMS signed attributes. |
|
Attributes the token will include in the set of CMS signed attributes in the absence of any attributes specified by the application. |
|
Attributes the token may include in the set of CMS signed attributes upon request by the application. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Format of OTP values produced with this key: CK_OTP_FORMAT_DECIMAL = Decimal (default) (UTF8-encoded) CK_OTP_FORMAT_HEXADECIMAL = Hexadecimal (UTF8-encoded) CK_OTP_FORMAT_ALPHANUMERIC = Alphanumeric (UTF8-encoded) CK_OTP_FORMAT_BINARY = Only binary values. |
|
Default length of OTP values (in the CKA_OTP_FORMAT) produced with this key. |
|
Set to CK_TRUE when the token is capable of returning OTPs suitable for human consumption. See the description of CKF_USER_FRIENDLY_OTP below. |
|
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A challenge must be supplied. CK_OTP_PARAM_OPTIONAL = A challenge may be supplied but need not be. CK_OTP_PARAM_IGNORED = A challenge, if supplied, will be ignored. |
|
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A time value must be supplied. CK_OTP_PARAM_OPTIONAL = A time value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A time value, if supplied, will be ignored. |
|
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A counter value must be supplied. CK_OTP_PARAM_OPTIONAL = A counter value may be supplied but need not be. CK_OTP_PARAM_IGNORED = A counter value, if supplied, will be ignored. |
|
Parameter requirements when generating or verifying OTP values with this key: CK_OTP_PARAM_MANDATORY = A PIN value must be supplied. CK_OTP_PARAM_OPTIONAL = A PIN value may be supplied but need not be (if not supplied, then library will be responsible for collecting it) CK_OTP_PARAM_IGNORED = A PIN value, if supplied, will be ignored. |
|
Value of the associated internal counter. Default value is empty (i.e. ''ulValueLen'' = 0). |
|
Value of the associated internal UTC time in the form YYYYMMDDhhmmss. Default value is empty (i.e. ''ulValueLen''= 0). |
|
Text string that identifies a user associated with the OTP key (may be used to enhance the user experience). Default value is empty (i.e. ''ulValueLen'' = 0). |
|
Text string that identifies a service that may validate OTPs generated by this key. Default value is empty (i.e. ''ulValueLen'' = 0). |
|
Logotype image that identifies a service that may validate OTPs generated by this key. Default value is empty (i.e. ''ulValueLen'' = 0). |
|
MIME type of the CKA_OTP_SERVICE_LOGO attribute value. Default value is empty (i.e. ''ulValueLen'' = 0). |
|
Public value ''y''. Bit length restricted to an byte array. |
|
Length in bytes of key value. |
|
A UTF8 string containing a PIN for use when computing or verifying PIN-based OTP values. |
|
Challenge to use when computing or verifying challenge-based OTP values. |
|
UTC time value in the form YYYYMMDDhhmmss to use when computing or verifying time-based OTP values. |
|
Counter value to use when computing or verifying counter-based OTP values. |
|
Bit flags indicating the characteristics of the sought OTP as defined below. |
|
Desired output length (overrides any default value). A Cryptoki library will return CKR_MECHANISM_PARAM_INVALID if a provided length value is not supported. |
|
Returned OTP format (allowed values are the same as for CKA_OTP_FORMAT). This parameter is only intended for '''C_Sign''' output, see below. When not present, the returned OTP format will be the same as the value of the CKA_OTP_FORMAT attribute for the key in question. |
|
An actual OTP value. This parameter type is intended for '''C_Sign''' output, see below. |
|
True (i.e. set) if the OTP computation shall be for the next OTP, rather than the current one (current being interpreted in the context of the algorithm, e.g. for the current counter value or current time window). A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if the CKF_NEXT_OTP flag is set and the OTP mechanism in question does not support the concept of "next" OTP or the library is not capable of generating the next OTP |
|
True (i.e. set) if the OTP computation must not include a time value. Will have an effect only on mechanisms that do include a time value in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed. |
|
True (i.e. set) if the OTP computation must not include a counter value. Will have an effect only on mechanisms that do include a counter value in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed. |
|
True (i.e. set) if the OTP computation must not include a challenge. Will have an effect only on mechanisms that do include a challenge in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed. |
|
True (i.e. set) if the OTP computation must not include a PIN value. Will have an effect only on mechanisms that do include a PIN in the OTP computation and then only if the mechanism (and token) allows exclusion of this value. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if exclusion of the value is not allowed. |
|
True (i.e. set) if the OTP returned shall be in a form suitable for human consumption. If this flag is set, and the call is successful, then the returned CK_OTP_VALUE shall be a UTF8-encoded printable string. A Cryptoki library shall return CKR_MECHANISM_PARAM_INVALID if this flag is set when CKA_OTP_USER_FRIENDLY_MODE for the key in question is CK_FALSE. |
|
Interval between OTP values produced with this key, in seconds. Default is 60. |
|
The supplied OTP was not accepted and the library requests a new OTP computed using a new PIN. The new PIN is set through means out of scope for this document. |
|
The supplied OTP was correct but indicated a larger than normal drift in the token's internal state (e.g. clock, counter). To ensure this was not due to a temporary problem, the application should provide the next one-time password to the library for verification. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the domain parameters. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the domain parameters. |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. When key is used the domain parameter object of key type CKK_GOSTR3410 must be specified with the same attribute CKA_OBJECT_ID |
|
DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. When key is used the domain parameter object of key type CKK_GOSTR3411 must be specified with the same attribute CKA_OBJECT_ID |
|
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the data object type of GOST R 34.10-2001. When key is used the domain parameter object of key type CKK_GOSTR3410 must be specified with the same attribute CKA_OBJECT_ID |
|
DER-encoding of the object identifier indicating the data object type of GOST R 34.11-94. When key is used the domain parameter object of key type CKK_GOSTR3411 must be specified with the same attribute CKA_OBJECT_ID |
|
DER-encoding of the object identifier indicating the data object type of GOST 28147-89. When key is used the domain parameter object of key type CKK_GOST28147 must be specified with the same attribute CKA_OBJECT_ID. The attribute value may be omitted |
|
Public value ''y''. Bit length restricted to an byte array. |
|
DER-encoding of the object identifier indicating the domain parameters. |
|
CK_RSA_PKCS_MGF_TYPE; CK_RSA_PKCS_MGF_TYPE_PTRCK_RSA_PKCS_MGF_TYPE is used to indicate the Message Generation Function (MGF) applied to a message block when formatting a message block for the PKCS #1 OAEP encryption scheme or the PKCS #1 PSS signature scheme. |
|
Pointer to a CK_RSA_PKCS_MGF_TYPE. |
|
CK_RSA_PKCS_OAEP_SOURCE_TYPE; CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTRCK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source of the encoding parameter when formatting a message block for the PKCS #1 OAEP encryption scheme. |
|
Pointer to a CK_RSA_PKCS_OAEP_SOURCE_TYPE. |
|
CK_RSA_PKCS_OAEP_PARAMS; CK_RSA_PKCS_OAEP_PARAMS_PTRCK_RSA_PKCS_OAEP_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_OAEP mechanism. The structure is defined as follows:
CK_RSA_PKCS_OAEP_PARAMS_PTR is a pointer to a CK_RSA_PKCS_OAEP_PARAMS. |
|
Pointer to a CK_RSA_PKCS_OAEP_PARAMS. |
|
CK_RSA_PKCS_PSS_PARAMS; CK_RSA_PKCS_PSS_PARAMS_PTRCK_RSA_PKCS_PSS_PARAMS is a structure that provides the parameters to the CKM_RSA_PKCS_PSS mechanism. The structure is defined as follows:
CK_RSA_PKCS_PSS_PARAMS_PTR is a pointer to a CK_RSA_PKCS_PSS_PARAMS. |
|
Pointer to a CK_RSA_PKCS_PSS_PARAMS. |
|
CK_EC_KDF_TYPE, CK_EC_KDF_TYPE_PTRCK_EC_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. The key derivation function will be used by the EC key agreement schemes. It is defined as follows: |
|
Pointer to a CK_EC_KDF_TYPE. |
|
CK_ECDH1_DERIVE_PARAMS, CK_ECDH1_DERIVE_PARAMS_PTRCK_ECDH1_DERIVE_PARAMS is a structure that provides the parameters for the CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE key derivation mechanisms, where each party contributes one key pair. The structure is defined as follows:
With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero. CK_ECDH1_DERIVE_PARAMS_PTR is a pointer to a CK_ECDH1_DERIVE_PARAMS.
CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTRCK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
|
|
Pointer to a CK_ECDH1_DERIVE_PARAMS. |
|
CK_ ECMQV _DERIVE_PARAMS, CK_ ECMQV _DERIVE_PARAMS_PTRCK_ ECMQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_ECMQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
With the key derivation function CKD_NULL, pSharedData must be NULL and ulSharedDataLen must be zero. With the key derivation function CKD_SHA1_KDF, an optional pSharedData may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pSharedData must be NULL and ulSharedDataLen must be zero. CK_ECMQV_DERIVE_PARAMS_PTR is a pointer to a CK_ECMQV_DERIVE_PARAMS. |
|
Pointer to a CK_ECMQV_DERIVE_PARAMS. |
|
CK_X9_42_DH_KDF_TYPE, CK_X9_42_DH_KDF_TYPE_PTRCK_X9_42_DH_KDF_TYPE is used to indicate the Key Derivation Function (KDF) applied to derive keying data from a shared secret. The key derivation function will be used by the X9.42 Diffie-Hellman key agreement schemes. |
|
Pointer to a CK_X9_42_DH_KDF_TYPE. |
|
CK_X9_42_DH1_DERIVE_PARAMS, CK_X9_42_DH1_DERIVE_PARAMS_PTRCK_X9_42_DH1_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_DERIVE key derivation mechanism, where each party contributes one key pair. The structure is defined as follows:
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero. CK_X9_42_DH1_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH1_DERIVE_PARAMS.
CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTRCK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. The structure is defined as follows:
|
|
Pointer to a CK_X9_42_DH1_DERIVE_PARAMS. |
|
CK_X9_42_DH2_DERIVE_PARAMS, CK_X9_42_DH2_DERIVE_PARAMS_PTRCK_X9_42_DH2_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_DH_HYBRID_DERIVE and CKM_X9_42_MQV_DERIVE key derivation mechanisms, where each party contributes two key pairs. The structure is defined as follows:
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero. CK_X9_42_DH2_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_DH2_DERIVE_PARAMS.
CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTRCK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
|
|
Pointer to a CK_X9_42_DH2_DERIVE_PARAMS. |
|
CK_X9_42_MQV_DERIVE_PARAMS, CK_X9_42_MQV_DERIVE_PARAMS_PTRCK_X9_42_MQV_DERIVE_PARAMS is a structure that provides the parameters to the CKM_X9_42_MQV_DERIVE key derivation mechanism, where each party contributes two key pairs. The structure is defined as follows:
With the key derivation function CKD_NULL, pOtherInfo must be NULL and ulOtherInfoLen must be zero. With the key derivation function CKD_SHA1_KDF_ASN1, pOtherInfo must be supplied, which contains an octet string, specified in ASN.1 DER encoding, consisting of mandatory and optional data shared by the two parties intending to share the shared secret. With the key derivation function CKD_SHA1_KDF_CONCATENATE, an optional pOtherInfo may be supplied, which consists of some data shared by the two parties intending to share the shared secret. Otherwise, pOtherInfo must be NULL and ulOtherInfoLen must be zero. CK_X9_42_MQV_DERIVE_PARAMS_PTR is a pointer to a CK_X9_42_MQV_DERIVE_PARAMS. |
|
Pointer to a CK_X9_42_MQV_DERIVE_PARAMS. |
|
CK_AES_CTR_PARAMS; CK_AES_CTR_PARAMS_PTRCK_AES_CTR_PARAMS is a structure that provides the parameters to the CKM_AES_CTR mechanism. It's up to the caller to initialize all of the bits in the counter block including the counter bits. The counter bits are the least significant bits of the counter block (cb). They are a big-endian value usually starting with 1. The rest of 'cb' is for the nonce, and maybe an optional IV.E.g. as defined in [RFC 3686]: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Nonce | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Initialization Vector (IV) | | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Block Counter | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ This construction permits each packet to consist of up to 232-1 blocks = 4,294,967,295 blocks = 68,719,476,720 octets. CK_AES_CTR _PARAMS_PTR is a pointer to a CK_AES_CTR _PARAMS. |
|
CK_GCM _PARAMS; CK_GCM _PARAMS_PTRCK_GCM_PARAMS is a structure that provides the parameters to the CKM_AES_GCM mechanism.
CK_GCM_PARAMS_PTR is a pointer to a CK_GCM_PARAMS.
CK_CCM _PARAMS; CK_CCM _PARAMS_PTRCK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism. It is defined as follows:
|
|
Pointer to a CK_GCM_PARAMS. |
|
CK_CCM _PARAMS; CK_CCM _PARAMS_PTRCK_CCM_PARAMS is a structure that provides the parameters to the CKM_AES_CCM mechanism.
CK_CCM_PARAMS_PTR is a pointer to a CK_CCM_PARAMS. |
|
Pointer to a CK_CCM_PARAMS. |
|
|
CK_PBE_PARAMS; CK_PBE_PARAMS_PTRCK_PBE_PARAMS is a structure which provides all of the necessary information required by the CKM_PBE mechanisms (see PKCS #5 and PKCS #12 for information on the PBE generation mechanisms) and the CKM_PBA_SHA1_WITH_SHA1_HMAC mechanism.
CK_PBE_PARAMS_PTR is a pointer to a CK_PBE_PARAMS. |
|
Pointer to a CK_PBE_PARAMS. |
|
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTRCK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE is used to indicate the Pseudo-Random Function (PRF) used to generate key bits using PKCS #5 PBKDF2. |
|
Pointer to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE. |
|
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE; CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTRCK_PKCS5_PBKDF2_SALT_SOURCE_TYPE is used to indicate the source of the salt value when deriving a key using PKCS #5 PBKDF2. It is defined as follows: |
|
Pointer to a CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE. |
|
CK_PKCS5_PBKD2_PARAMS; CK_PKCS5_PBKD2_PARAMS_PTRCK_PKCS5_PBKD2_PARAMS is a structure that provides the parameters to the CKM_PKCS5_PBKD2 mechanism. The structure is defined as follows:
CK_PKCS5_PBKD2_PARAMS_PTR is a pointer to a CK_PKCS5_PBKD2_PARAMS. |
|
Pointer to a CK_PKCS5_PBKD2_PARAMS. |
|
CK_SSL3_RANDOM_DATACK_SSL3_RANDOM_DATA is a structure which provides information about the random data of a client and a server in an SSL context. This structure is used by both the CKM_SSL3_MASTER_KEY_DERIVE and the CKM_SSL3_KEY_AND_MAC_DERIVE mechanisms.
CK_SSL3_MASTER_KEY_DERIVE_PARAMS is a structure that provides the parameters to the CKM_SSL3_MASTER_KEY_DERIVE mechanism. It is defined as follows:
|
|
CK_SSL3_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS.
CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTRCK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
|
|
Pointer to a CK_SSL3_MASTER_KEY_DERIVE_PARAMS. |
|
CK_SSL3_KEY_MAT_OUT; CK_SSL3_KEY_MAT_OUT_PTRCK_SSL3_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
CK_SSL3_KEY_MAT_OUT_PTR is a pointer to a CK_SSL3_KEY_MAT_OUT.
CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTRCK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
|
|
Pointer to a CK_SSL3_KEY_MAT_OUT. |
|
CK_SSL3_KEY_MAT_PARAMS; CK_SSL3_KEY_MAT_PARAMS_PTRCK_SSL3_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_SSL3_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
CK_SSL3_KEY_MAT_PARAMS_PTR is a pointer to a CK_SSL3_KEY_MAT_PARAMS. |
|
Pointer to a CK_SSL3_KEY_MAT_PARAMS. |
|
CK_TLS_PRF_PARAMS; CK_TLS_PRF_PARAMS_PTRCK_TLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_TLS_PRF mechanism.
CK_TLS_PRF_PARAMS_PTR is a pointer to a CK_TLS_PRF_PARAMS. |
|
Pointer to a CK_TLS_PRF_PARAMS. |
|
CK_WTLS_RANDOM_DATA; CK_WTLS_RANDOM_DATA_PTRCK_WTLS_RANDOM_DATA is a structure, which provides information about the random data of a client and a server in a WTLS context. This structure is used by the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:
CK_WTLS_RANDOM_DATA_PTR is a pointer to a CK_WTLS_RANDOM_DATA.
CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTRCK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:
|
|
Pointer to a CK_WTLS_RANDOM_DATA. |
|
CK_WTLS_MASTER_KEY_DERIVE_PARAMS; CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTRCK_WTLS_MASTER_KEY_DERIVE_PARAMS is a structure, which provides the parameters to the CKM_WTLS_MASTER_KEY_DERIVE mechanism. It is defined as follows:
CK_WTLS_MASTER_KEY_DERIVE_PARAMS_PTR is a pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS.
CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTRCK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism. It is defined as follows:
|
|
Pointer to a CK_WTLS_MASTER_KEY_DERIVE_PARAMS. |
|
CK_WTLS_PRF_PARAMS; CK_WTLS_PRF_PARAMS_PTRCK_WTLS_PRF_PARAMS is a structure, which provides the parameters to the CKM_WTLS_PRF mechanism.
CK_WTLS_PRF_PARAMS_PTR is a pointer to a CK_WTLS_PRF_PARAMS.
CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTRCK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
|
|
Pointer to a CK_WTLS_PRF_PARAMS. |
|
CK_WTLS_KEY_MAT_OUT; CK_WTLS_KEY_MAT_OUT_PTRCK_WTLS_KEY_MAT_OUT is a structure that contains the resulting key handles and initialization vectors after performing a C_DeriveKey function with the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE or with the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanism. It is defined as follows:
CK_WTLS_KEY_MAT_OUT_PTR is a pointer to a CK_WTLS_KEY_MAT_OUT.
CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTRCK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. It is defined as follows:
|
|
Pointer to a CK_WTLS_KEY_MAT_OUT. |
|
CK_WTLS_KEY_MAT_PARAMS; CK_WTLS_KEY_MAT_PARAMS_PTRCK_WTLS_KEY_MAT_PARAMS is a structure that provides the parameters to the CKM_WTLS_SEVER_KEY_AND_MAC_DERIVE and the CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE mechanisms. It is defined as follows:
CK_WTLS_KEY_MAT_PARAMS_PTR is a pointer to a CK_WTLS_KEY_MAT_PARAMS. |
|
Pointer to a CK_WTLS_KEY_MAT_PARAMS. |
|
CK_KEY_DERIVATION_STRING_DATA; CK_KEY_DERIVATION_STRING_DATA_PTR.
CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTRCK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit of the base key should be used as the first bit of the derived key. It is defined as follows:
typedef CK_ULONG CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTR is a pointer to a CK_EXTRACT_PARAMS. |
|
CK_EXTRACT_PARAMS; CK_EXTRACT_PARAMS_PTRCK_KEY_EXTRACT_PARAMS provides the parameter to the CKM_EXTRACT_KEY_FROM_KEY mechanism. It specifies which bit of the base key should be used as the first bit of the derived key. It is defined as follows: |
|
Pointer to a CK_EXTRACT_PARAMS. |
|
CK_CMS_SIG_PARAMS, CK_CMS_SIG_PARAMS_PTRCK_CMS_SIG_PARAMS is a structure that provides the parameters to the CKM_CMS_SIG mechanism.
|
|
Mechanisms:. |
|
Mechanisms:. |
|
Mechanisms:. |
|
CK_PARAM_TYPECK_PARAM_TYPE is a value that identifies an OTP parameter type. It is defined as follows: |
|
CK_OTP_PARAM; CK_OTP_PARAM_PTRCK_OTP_PARAM is a structure that includes the type, value, and length of an OTP parameter.
If a parameter has no value, then ulValueLen = 0, and the value of pValue is irrelevant. Note that pValue is a "void" pointer, facilitating the passing of arbitrary values. Both the application and the Cryptoki library must ensure that the pointer can be safely cast to the expected type (i.e., without word-alignment errors). CK_OTP_PARAM_PTR is a pointer to a CK_OTP_PARAM. CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion. It is defined as follows:
|
|
Pointer to a CK_OTP_PARAM. |
|
CK_OTP_PARAMS; CK_OTP_PARAMS_PTR CK_OTP_PARAMS is a structure that is used to provide parameters for OTP mechanisms in a generic fashion.
CK_OTP_PARAMS_PTR is a pointer to a CK_OTP_PARAMS. When calling C_SignInit or C_VerifyInit with a mechanism that takes a CK_OTP_PARAMS structure as a parameter, the CK_OTP_PARAMS structure shall be populated in accordance with the 'CKA_OTP_ X_REQUIREMENT ' key attributes for the identified key, where X is PIN, CHALLENGE, TIME, or COUNTER.
For example, if CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_MANDATORY, then the CK_OTP_TIME parameter shall be present. If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_OPTIONAL, then a CK_OTP_TIME parameter may be present. If it is not present, then the library may collect it (during the C_Sign call). If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_IGNORED, then a provided CK_OTP_TIME parameter will always be ignored. Additionally, a provided CK_OTP_TIME parameter will always be ignored if CKF_EXCLUDE_TIME is set in a CK_OTP_FLAGS parameter. Similarly, if this flag is set, a library will not attempt to collect the value itself, and it will also instruct the token not to make use of any internal value, subject to token policies. It is an error (CKR_MECHANISM_PARAM_INVALID) to set the CKF_EXCLUDE_TIME flag when the CKA_TIME_REQUIREMENT attribute is CK_OTP_PARAM_MANDATORY. The above discussion holds for all CKA_OTP_''X''_REQUIREMENT attributes (''i.e''., CKA_OTP_PIN_REQUIREMENT, CKA_OTP_CHALLENGE_REQURIEMENT, CKA_OTP_COUNTER_REQUIREMENT, CKA_OTP_TIME_REQUIREMENT). A library may set a particular CKA_OTP_''X''_REQUIREMENT attribute to CK_OTP_PARAM_OPTIONAL even if it is required by the mechanism as long as the token (or the library itself) has the capability of providing the value to the computation. One example of this is a token with an on-board clock. In addition, applications may use the CK_OTP_FLAGS, the CK_OTP_OUTPUT_FORMAT and the CK_OUTPUT_LENGTH parameters to set additional parameters. CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). The structure informs applications of actual parameter values used in particular OTP computations in addition to the OTP value itself. It is used by all mechanisms for which the key belongs to the class CKO_OTP_KEY and is defined as follows:
|
|
Pointer to a CK_OTP_PARAMS. |
|
CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). The structure informs applications of actual parameter values used in particular OTP computations in addition to the OTP value itself. It is used by all mechanisms for which the key belongs to the class CKO_OTP_KEY and is defined as follows:
After successful calls to C_Sign or C_SignFinal with an OTP mechanism, the pSignature parameter will be set to point to a CK_OTP_SIGNATURE_INFO structure. One of the parameters in this structure will be the OTP value itself, identified with the CK_OTP_VALUE tag. Other parameters may be present for informational purposes, e.g. the actual time used in the OTP calculation. In order to simplify OTP validations, authentication protocols may permit authenticating parties to send some or all of these parameters in addition to OTP values themselves. Applications should therefore check for their presence in returned CK_OTP_SIGNATURE_INFO values whenever such circumstances apply. Since C_Sign and C_SignFinal follows the convention described in Section 11.2 on producing output, a call to C_Sign (or C_SignFinal) with pSignature set to NULL_PTR will return (in the pulSignatureLen parameter) the required number of bytes to hold the CK_OTP_SIGNATURE_INFO structure as well as all the data in all its CK_OTP_PARAM components. If an application allocates a memory block based on this information, it shall therefore not subsequently de-allocate components of such a received value but rather de-allocate the complete CK_OTP_PARAMS structure itself. A Cryptoki library that is called with a non-NULL pSignature pointer will assume that it points to a contiguous memory block of the size indicated by the pulSignatureLen parameter. When verifying an OTP value using an OTP mechanism, pSignature shall be set to the OTP value itself, e.g. the value of the CK_OTP_VALUE component of a CK_OTP_PARAMS structure returned by a call to C_Sign. The CK_OTP_PARAMS value supplied in the C_VerifyInit call sets the values to use in the verification operation. CK_OTP_SIGNATURE_INFO_PTR points to a CK_OTP_SIGNATURE_INFO. |
|
CK_KIP_ PARAMS; CK_KIP_ PARAMS_PTRCK_KIP_PARAMS is a structure that provides the parameters to all the CT-KIP related mechanisms: The CKM_KIP_DERIVE key derivation mechanism, the CKM_KIP_WRAP key wrap and key unwrap mechanism, and the CKM_KIP_MAC signature mechanism. The structure is defined as follows:
CK_KIP_PARAMS_PTR is a pointer to a CK_KIP_PARAMS structure. |
|
CK_GOSTR3410_KEY_WRAP_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_KEY_WRAP mechanism. It is defined as follows:
CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. It is defined as follows:
|
|
CK_GOSTR3410_DERIVE_PARAMS is a structure that provides the parameters to the CKM_GOSTR3410_DERIVE mechanism. It is defined as follows:
1 Public key of a receiver is an octet string of 64 bytes long. The public key octets correspond to the concatenation of X and Y coordinates of a point. Any one of them is 32 bytes long and represented in little endian order. |