Cryptographic Token Interface Standard |
PKCS#11 |
Data Fields | |
CK_OTP_PARAM_PTR | pParams |
pointer to an array of OTP parameters. More... | |
CK_ULONG | ulCount |
the number of parameters in the array. More... |
pParams | pointer to an array of OTP parameters |
ulCount | the number of parameters in the array |
CK_OTP_PARAMS_PTR is a pointer to a CK_OTP_PARAMS.
When calling C_SignInit or C_VerifyInit with a mechanism that takes a CK_OTP_PARAMS structure as a parameter, the CK_OTP_PARAMS structure shall be populated in accordance with the 'CKA_OTP_ X_REQUIREMENT ' key attributes for the identified key, where X is PIN, CHALLENGE, TIME, or COUNTER.
For example, if CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_MANDATORY, then the CK_OTP_TIME parameter shall be present. If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_OPTIONAL, then a CK_OTP_TIME parameter may be present. If it is not present, then the library may collect it (during the C_Sign call). If CKA_OTP_TIME_REQUIREMENT = CK_OTP_PARAM_IGNORED, then a provided CK_OTP_TIME parameter will always be ignored. Additionally, a provided CK_OTP_TIME parameter will always be ignored if CKF_EXCLUDE_TIME is set in a CK_OTP_FLAGS parameter. Similarly, if this flag is set, a library will not attempt to collect the value itself, and it will also instruct the token not to make use of any internal value, subject to token policies. It is an error (CKR_MECHANISM_PARAM_INVALID) to set the CKF_EXCLUDE_TIME flag when the CKA_TIME_REQUIREMENT attribute is CK_OTP_PARAM_MANDATORY. The above discussion holds for all CKA_OTP_''X''_REQUIREMENT attributes (''i.e''., CKA_OTP_PIN_REQUIREMENT, CKA_OTP_CHALLENGE_REQURIEMENT, CKA_OTP_COUNTER_REQUIREMENT, CKA_OTP_TIME_REQUIREMENT). A library may set a particular CKA_OTP_''X''_REQUIREMENT attribute to CK_OTP_PARAM_OPTIONAL even if it is required by the mechanism as long as the token (or the library itself) has the capability of providing the value to the computation. One example of this is a token with an on-board clock.
In addition, applications may use the CK_OTP_FLAGS, the CK_OTP_OUTPUT_FORMAT and the CK_OUTPUT_LENGTH parameters to set additional parameters.
CK_OTP_SIGNATURE_INFO, CK_OTP_SIGNATURE_INFO_PTR CK_OTP_SIGNATURE_INFO is a structure that is returned by all OTP mechanisms in successful calls to C_Sign (C_SignFinal). The structure informs applications of actual parameter values used in particular OTP computations in addition to the OTP value itself. It is used by all mechanisms for which the key belongs to the class CKO_OTP_KEY and is defined as follows:
|
pointer to an array of OTP parameters. |
|
the number of parameters in the array. |