PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
Cryptoki provides the following functions for digesting data:
CK_RV C_DigestInit( CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism);
C_DigestInit initializes a message-digesting operation.
| hSession | is the session's handle; |
| pMechanism | points to the digesting mechanism. |
CK_RV C_Digest( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData, CK_ULONG ulDataLen, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
C_Digest digests data in a single part.
| hSession | is the session's handle, pData points to the data; |
| ulDataLen | is the length of the data; |
| pDigest | points to the location that receives the message digest; |
| pulDigestLen | points to the location that holds the length of the message digest. |
The digest operation must have been initialized with C_DigestInit. A call to C_Digest always terminates the active digest operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the message digest.
C_Digest can not be used to terminate a multi-part operation, and must be called after C_DigestInit without intervening C_DigestUpdate calls.
The input data and digest output can be in the same place, i.e., it is OK if pData and pDigest point to the same location.
C_Digest is equivalent to a sequence of C_DigestUpdate operations followed by C_DigestFinal.
CK_RV C_DigestUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart, CK_ULONG ulPartLen);
C_DigestUpdate continues a multiple-part message-digesting operation, processing another data part.
| hSession | is the session's handle, pPart points to the data part; |
| ulPartLen | is the length of the data part. |
CK_RV C_DigestKey( CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey);
C_DigestKey continues a multiple-part message-digesting operation by digesting the value of a secret key.
| hSession | is the session's handle; |
| hKey | is the handle of the secret key to be digested. |
If the value of the supplied key cannot be digested purely for some reason related to its length, C_DigestKey should return the error code CKR_KEY_SIZE_RANGE.
CK_RV C_DigestFinal( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest, CK_ULONG_PTR pulDigestLen);
C_DigestFinal finishes a multiple-part message-digesting operation, returning the message digest.
| hSession | is the session's handle; |
| pDigest | points to the location that receives the message digest; |
| pulDigestLen | points to the location that holds the length of the message digest. |
The digest operation must have been initialized with C_DigestInit. A call to C_DigestFinal always terminates the active digest operation unless it returns CKR_BUFFER_TOO_SMALL or is a successful call (i.e., one which returns CKR_OK) to determine the length of the buffer needed to hold the message digest.
CK_SESSION_HANDLE hSession; CK_MECHANISM mechanism = { CKM_MD5, NULL_PTR, 0 }; CK_BYTE data[] = {...}; CK_BYTE digest[16]; CK_ULONG ulDigestLen; CK_RV rv; . . . rv = C_DigestInit(hSession, &mechanism); if (rv != CKR_OK) { . . . } rv = C_DigestUpdate(hSession, data, sizeof(data)); if (rv != CKR_OK) { . . . } rv = C_DigestKey(hSession, hKey); if (rv != CKR_OK) { . . . } ulDigestLen = sizeof(digest); rv = C_DigestFinal(hSession, digest, &ulDigestLen); . . .