#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# This file is in part derived from a file "pkcs11f.h" made available
# by RSA Security at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/pkcs11f.h
# Fields
# FUNCTION introduces a Cryptoki function
# CK_type specifies and introduces an argument
#
# General-purpose
# C_Initialize initializes the Cryptoki library.
FUNCTION C_Initialize
CK_VOID_PTR pInitArgs # if this is not NULL_PTR, it gets
# cast to CK_C_INITIALIZE_ARGS_PTR
# and dereferenced
# C_Finalize indicates that an application is done with the
# Cryptoki library.
FUNCTION C_Finalize
CK_VOID_PTR pReserved # reserved. Should be NULL_PTR
# C_GetInfo returns general information about Cryptoki.
FUNCTION C_GetInfo
CK_INFO_PTR pInfo # location that receives information
# C_GetFunctionList returns the function list.
FUNCTION C_GetFunctionList
CK_FUNCTION_LIST_PTR_PTR ppFunctionList # receives pointer to function
# list
# Slot and token management
# C_GetSlotList obtains a list of slots in the system.
FUNCTION C_GetSlotList
CK_BBOOL tokenPresent # only slots with tokens?
CK_SLOT_ID_PTR pSlotList # receives array of slot IDs
CK_ULONG_PTR pulCount # receives number of slots
# C_GetSlotInfo obtains information about a particular slot in the
# system.
FUNCTION C_GetSlotInfo
CK_SLOT_ID slotID # the ID of the slot
CK_SLOT_INFO_PTR pInfo # receives the slot information
# C_GetTokenInfo obtains information about a particular token in the
# system.
FUNCTION C_GetTokenInfo
CK_SLOT_ID slotID # ID of the token's slot
CK_TOKEN_INFO_PTR pInfo # receives the token information
# C_GetMechanismList obtains a list of mechanism types supported by a
# token.
FUNCTION C_GetMechanismList
CK_SLOT_ID slotID # ID of token's slot
CK_MECHANISM_TYPE_PTR pMechanismList # gets mech. array
CK_ULONG_PTR pulCount # gets # of mechs.
# C_GetMechanismInfo obtains information about a particular mechanism
# possibly supported by a token.
FUNCTION C_GetMechanismInfo
CK_SLOT_ID slotID # ID of the token's slot
CK_MECHANISM_TYPE type # type of mechanism
CK_MECHANISM_INFO_PTR pInfo # receives mechanism info
# C_InitToken initializes a token.
FUNCTION C_InitToken
CK_SLOT_ID slotID # ID of the token's slot
CK_CHAR_PTR pPin # the SO's initial PIN
CK_ULONG ulPinLen # length in bytes of the PIN
CK_CHAR_PTR pLabel # 32-byte token label (blank padded)
# C_InitPIN initializes the normal user's PIN.
FUNCTION C_InitPIN
CK_SESSION_HANDLE hSession # the session's handle
CK_CHAR_PTR pPin # the normal user's PIN
CK_ULONG ulPinLen # length in bytes of the PIN
# C_SetPIN modifies the PIN of the user who is logged in.
FUNCTION C_SetPIN
CK_SESSION_HANDLE hSession # the session's handle
CK_CHAR_PTR pOldPin # the old PIN
CK_ULONG ulOldLen # length of the old PIN
CK_CHAR_PTR pNewPin # the new PIN
CK_ULONG ulNewLen # length of the new PIN
# Session management
# C_OpenSession opens a session between an application and a token.
FUNCTION C_OpenSession
CK_SLOT_ID slotID # the slot's ID
CK_FLAGS flags # from CK_SESSION_INFO
CK_VOID_PTR pApplication # passed to callback
CK_NOTIFY Notify # callback function
CK_SESSION_HANDLE_PTR phSession # gets session handle
# C_CloseSession closes a session between an application and a token.
FUNCTION C_CloseSession
CK_SESSION_HANDLE hSession # the session's handle
# C_CloseAllSessions closes all sessions with a token.
FUNCTION C_CloseAllSessions
CK_SLOT_ID slotID # the token's slot
# C_GetSessionInfo obtains information about the session.
FUNCTION C_GetSessionInfo
CK_SESSION_HANDLE hSession # the session's handle
CK_SESSION_INFO_PTR pInfo # receives session info
# C_GetOperationState obtains the state of the cryptographic
# operation in a session.
FUNCTION C_GetOperationState
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pOperationState # gets state
CK_ULONG_PTR pulOperationStateLen # gets state length
# C_SetOperationState restores the state of the cryptographic
# operation in a session.
FUNCTION C_SetOperationState
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pOperationState # holds state
CK_ULONG ulOperationStateLen # holds state length
CK_OBJECT_HANDLE hEncryptionKey # en/decryption key
CK_OBJECT_HANDLE hAuthenticationKey # sign/verify key
# C_Login logs a user into a token.
FUNCTION C_Login
CK_SESSION_HANDLE hSession # the session's handle
CK_USER_TYPE userType # the user type
CK_CHAR_PTR pPin # the user's PIN
CK_ULONG ulPinLen # the length of the PIN
# C_Logout logs a user out from a token.
FUNCTION C_Logout
CK_SESSION_HANDLE hSession # the session's handle
# Object management
# C_CreateObject creates a new object.
FUNCTION C_CreateObject
CK_SESSION_HANDLE hSession # the session's handle
CK_ATTRIBUTE_PTR pTemplate # the object's template
CK_ULONG ulCount # attributes in template
CK_OBJECT_HANDLE_PTR phObject # gets new object's handle.
# C_CopyObject copies an object, creating a new object for the copy.
FUNCTION C_CopyObject
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hObject # the object's handle
CK_ATTRIBUTE_PTR pTemplate # template for new object
CK_ULONG ulCount # attributes in template
CK_OBJECT_HANDLE_PTR phNewObject # receives handle of copy
# C_DestroyObject destroys an object.
FUNCTION C_DestroyObject
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hObject # the object's handle
# C_GetObjectSize gets the size of an object in bytes.
FUNCTION C_GetObjectSize
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hObject # the object's handle
CK_ULONG_PTR pulSize # receives size of object
# C_GetAttributeValue obtains the value of one or more object
# attributes.
FUNCTION C_GetAttributeValue
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hObject # the object's handle
CK_ATTRIBUTE_PTR pTemplate # specifies attrs; gets vals
CK_ULONG ulCount # attributes in template
# C_SetAttributeValue modifies the value of one or more object
# attributes
FUNCTION C_SetAttributeValue
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hObject # the object's handle
CK_ATTRIBUTE_PTR pTemplate # specifies attrs and values
CK_ULONG ulCount # attributes in template
# C_FindObjectsInit initializes a search for token and session
# objects that match a template.
FUNCTION C_FindObjectsInit
CK_SESSION_HANDLE hSession # the session's handle
CK_ATTRIBUTE_PTR pTemplate # attribute values to match
CK_ULONG ulCount # attrs in search template
# C_FindObjects continues a search for token and session objects that
# match a template, obtaining additional object handles.
FUNCTION C_FindObjects
CK_SESSION_HANDLE hSession # session's handle
CK_OBJECT_HANDLE_PTR phObject # gets obj. handles
CK_ULONG ulMaxObjectCount # max handles to get
CK_ULONG_PTR pulObjectCount # actual # returned
# C_FindObjectsFinal finishes a search for token and session objects.
FUNCTION C_FindObjectsFinal
CK_SESSION_HANDLE hSession # the session's handle
# Encryption and decryption
# C_EncryptInit initializes an encryption operation.
FUNCTION C_EncryptInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the encryption mechanism
CK_OBJECT_HANDLE hKey # handle of encryption key
# C_Encrypt encrypts single-part data.
FUNCTION C_Encrypt
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pData # the plaintext data
CK_ULONG ulDataLen # bytes of plaintext
CK_BYTE_PTR pEncryptedData # gets ciphertext
CK_ULONG_PTR pulEncryptedDataLen # gets c-text size
# C_EncryptUpdate continues a multiple-part encryption operation.
FUNCTION C_EncryptUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pPart # the plaintext data
CK_ULONG ulPartLen # plaintext data len
CK_BYTE_PTR pEncryptedPart # gets ciphertext
CK_ULONG_PTR pulEncryptedPartLen # gets c-text size
# C_EncryptFinal finishes a multiple-part encryption operation.
FUNCTION C_EncryptFinal
CK_SESSION_HANDLE hSession # session handle
CK_BYTE_PTR pLastEncryptedPart # last c-text
CK_ULONG_PTR pulLastEncryptedPartLen # gets last size
# C_DecryptInit initializes a decryption operation.
FUNCTION C_DecryptInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the decryption mechanism
CK_OBJECT_HANDLE hKey # handle of decryption key
# C_Decrypt decrypts encrypted data in a single part.
FUNCTION C_Decrypt
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pEncryptedData # ciphertext
CK_ULONG ulEncryptedDataLen # ciphertext length
CK_BYTE_PTR pData # gets plaintext
CK_ULONG_PTR pulDataLen # gets p-text size
# C_DecryptUpdate continues a multiple-part decryption operation.
FUNCTION C_DecryptUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pEncryptedPart # encrypted data
CK_ULONG ulEncryptedPartLen # input length
CK_BYTE_PTR pPart # gets plaintext
CK_ULONG_PTR pulPartLen # p-text size
# C_DecryptFinal finishes a multiple-part decryption operation.
FUNCTION C_DecryptFinal
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pLastPart # gets plaintext
CK_ULONG_PTR pulLastPartLen # p-text size
# Message digesting
# C_DigestInit initializes a message-digesting operation.
FUNCTION C_DigestInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the digesting mechanism
# C_Digest digests data in a single part.
FUNCTION C_Digest
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pData # data to be digested
CK_ULONG ulDataLen # bytes of data to digest
CK_BYTE_PTR pDigest # gets the message digest
CK_ULONG_PTR pulDigestLen # gets digest length
# C_DigestUpdate continues a multiple-part message-digesting operation.
FUNCTION C_DigestUpdate
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pPart # data to be digested
CK_ULONG ulPartLen # bytes of data to be digested
# C_DigestKey continues a multi-part message-digesting operation, by
# digesting the value of a secret key as part of the data already
# digested.
FUNCTION C_DigestKey
CK_SESSION_HANDLE hSession # the session's handle
CK_OBJECT_HANDLE hKey # secret key to digest
# C_DigestFinal finishes a multiple-part message-digesting operation.
FUNCTION C_DigestFinal
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pDigest # gets the message digest
CK_ULONG_PTR pulDigestLen # gets byte count of digest
# Signing and MACing
# C_SignInit initializes a signature (private key encryption)
# operation, where the signature is (will be) an appendix to the
# data, and plaintext cannot be recovered from the signature.
FUNCTION C_SignInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the signature mechanism
CK_OBJECT_HANDLE hKey # handle of signature key
# C_Sign signs (encrypts with private key) data in a single part,
# where the signature is (will be) an appendix to the data, and
# plaintext cannot be recovered from the signature.
FUNCTION C_Sign
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pData # the data to sign
CK_ULONG ulDataLen # count of bytes to sign
CK_BYTE_PTR pSignature # gets the signature
CK_ULONG_PTR pulSignatureLen # gets signature length
# C_SignUpdate continues a multiple-part signature operation, where
# the signature is (will be) an appendix to the data, and plaintext
# cannot be recovered from the signature.
FUNCTION C_SignUpdate
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pPart # the data to sign
CK_ULONG ulPartLen # count of bytes to sign
# C_SignFinal finishes a multiple-part signature operation, returning
# the signature.
FUNCTION C_SignFinal
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pSignature # gets the signature
CK_ULONG_PTR pulSignatureLen # gets signature length
# C_SignRecoverInit initializes a signature operation, where the data
# can be recovered from the signature.
FUNCTION C_SignRecoverInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the signature mechanism
CK_OBJECT_HANDLE hKey # handle of the signature key
# C_SignRecover signs data in a single operation, where the data can
# be recovered from the signature.
FUNCTION C_SignRecover
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pData # the data to sign
CK_ULONG ulDataLen # count of bytes to sign
CK_BYTE_PTR pSignature # gets the signature
CK_ULONG_PTR pulSignatureLen # gets signature length
# Verifying signatures and MACs
# C_VerifyInit initializes a verification operation, where the
# signature is an appendix to the data, and plaintext cannot cannot
# be recovered from the signature (e.g. DSA).
FUNCTION C_VerifyInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the verification mechanism
CK_OBJECT_HANDLE hKey # verification key
# C_Verify verifies a signature in a single-part operation, where the
# signature is an appendix to the data, and plaintext cannot be
# recovered from the signature.
FUNCTION C_Verify
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pData # signed data
CK_ULONG ulDataLen # length of signed data
CK_BYTE_PTR pSignature # signature
CK_ULONG ulSignatureLen # signature length
# C_VerifyUpdate continues a multiple-part verification operation,
# where the signature is an appendix to the data, and plaintext cannot be
# recovered from the signature.
FUNCTION C_VerifyUpdate
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pPart # signed data
CK_ULONG ulPartLen # length of signed data
# C_VerifyFinal finishes a multiple-part verification operation,
# checking the signature.
FUNCTION C_VerifyFinal
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pSignature # signature to verify
CK_ULONG ulSignatureLen # signature length
# C_VerifyRecoverInit initializes a signature verification operation,
# where the data is recovered from the signature.
FUNCTION C_VerifyRecoverInit
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the verification mechanism
CK_OBJECT_HANDLE hKey # verification key
# C_VerifyRecover verifies a signature in a single-part operation,
# where the data is recovered from the signature.
FUNCTION C_VerifyRecover
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pSignature # signature to verify
CK_ULONG ulSignatureLen # signature length
CK_BYTE_PTR pData # gets signed data
CK_ULONG_PTR pulDataLen # gets signed data len
# Dual-function cryptographic operations
# C_DigestEncryptUpdate continues a multiple-part digesting and
# encryption operation.
FUNCTION C_DigestEncryptUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pPart # the plaintext data
CK_ULONG ulPartLen # plaintext length
CK_BYTE_PTR pEncryptedPart # gets ciphertext
CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
# C_DecryptDigestUpdate continues a multiple-part decryption and
# digesting operation.
FUNCTION C_DecryptDigestUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pEncryptedPart # ciphertext
CK_ULONG ulEncryptedPartLen # ciphertext length
CK_BYTE_PTR pPart # gets plaintext
CK_ULONG_PTR pulPartLen # gets plaintext len
# C_SignEncryptUpdate continues a multiple-part signing and
# encryption operation.
FUNCTION C_SignEncryptUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pPart # the plaintext data
CK_ULONG ulPartLen # plaintext length
CK_BYTE_PTR pEncryptedPart # gets ciphertext
CK_ULONG_PTR pulEncryptedPartLen # gets c-text length
# C_DecryptVerifyUpdate continues a multiple-part decryption and
# verify operation.
FUNCTION C_DecryptVerifyUpdate
CK_SESSION_HANDLE hSession # session's handle
CK_BYTE_PTR pEncryptedPart # ciphertext
CK_ULONG ulEncryptedPartLen # ciphertext length
CK_BYTE_PTR pPart # gets plaintext
CK_ULONG_PTR pulPartLen # gets p-text length
# Key management
# C_GenerateKey generates a secret key, creating a new key object.
FUNCTION C_GenerateKey
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # key generation mech.
CK_ATTRIBUTE_PTR pTemplate # template for new key
CK_ULONG ulCount # # of attrs in template
CK_OBJECT_HANDLE_PTR phKey # gets handle of new key
# C_GenerateKeyPair generates a public-key/private-key pair, creating
# new key objects.
FUNCTION C_GenerateKeyPair
CK_SESSION_HANDLE hSession # session handle
CK_MECHANISM_PTR pMechanism # key-gen mech.
CK_ATTRIBUTE_PTR pPublicKeyTemplate # template for pub. key
CK_ULONG ulPublicKeyAttributeCount # # pub. attrs.
CK_ATTRIBUTE_PTR pPrivateKeyTemplate # template for priv. key
CK_ULONG ulPrivateKeyAttributeCount # # priv. attrs.
CK_OBJECT_HANDLE_PTR phPublicKey # gets pub. key handle
CK_OBJECT_HANDLE_PTR phPrivateKey # gets priv. key handle
# C_WrapKey wraps (i.e., encrypts) a key.
FUNCTION C_WrapKey
CK_SESSION_HANDLE hSession # the session's handle
CK_MECHANISM_PTR pMechanism # the wrapping mechanism
CK_OBJECT_HANDLE hWrappingKey # wrapping key
CK_OBJECT_HANDLE hKey # key to be wrapped
CK_BYTE_PTR pWrappedKey # gets wrapped key
CK_ULONG_PTR pulWrappedKeyLen # gets wrapped key size
# C_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key
# object.
FUNCTION C_UnwrapKey
CK_SESSION_HANDLE hSession # session's handle
CK_MECHANISM_PTR pMechanism # unwrapping mech.
CK_OBJECT_HANDLE hUnwrappingKey # unwrapping key
CK_BYTE_PTR pWrappedKey # the wrapped key
CK_ULONG ulWrappedKeyLen # wrapped key len
CK_ATTRIBUTE_PTR pTemplate # new key template
CK_ULONG ulAttributeCount # template length
CK_OBJECT_HANDLE_PTR phKey # gets new handle
# C_DeriveKey derives a key from a base key, creating a new key object.
FUNCTION C_DeriveKey
CK_SESSION_HANDLE hSession # session's handle
CK_MECHANISM_PTR pMechanism # key deriv. mech.
CK_OBJECT_HANDLE hBaseKey # base key
CK_ATTRIBUTE_PTR pTemplate # new key template
CK_ULONG ulAttributeCount # template length
CK_OBJECT_HANDLE_PTR phKey # gets new handle
# Random number generation
# C_SeedRandom mixes additional seed material into the token's random
# number generator.
FUNCTION C_SeedRandom
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR pSeed # the seed material
CK_ULONG ulSeedLen # length of seed material
# C_GenerateRandom generates random data.
FUNCTION C_GenerateRandom
CK_SESSION_HANDLE hSession # the session's handle
CK_BYTE_PTR RandomData # receives the random data
CK_ULONG ulRandomLen # # of bytes to generate
# Parallel function management
# C_GetFunctionStatus is a legacy function; it obtains an updated
# status of a function running in parallel with an application.
FUNCTION C_GetFunctionStatus
CK_SESSION_HANDLE hSession # the session's handle
# C_CancelFunction is a legacy function; it cancels a function running
# in parallel.
FUNCTION C_CancelFunction
CK_SESSION_HANDLE hSession # the session's handle
# Functions added in for Cryptoki Version 2.01 or later
# C_WaitForSlotEvent waits for a slot event (token insertion, removal,
# etc.) to occur.
FUNCTION C_WaitForSlotEvent
CK_FLAGS flags # blocking/nonblocking flag
CK_SLOT_ID_PTR pSlot # location that receives the slot ID
CK_VOID_PTR pRserved # reserved. Should be NULL_PTR
## C_ConfigureSlot passes an installation-specified bytestring to a
## slot.
#FUNCTION C_ConfigureSlot
#CK_SLOT_ID slotID # the slot to configure
#CK_BYTE_PTR pConfig # the configuration string
#CK_ULONG ulConfigLen # length of the config string