diff --git a/pkcs11.h b/pkcs11.h index 0d78dd7..925cd13 100644 --- a/pkcs11.h +++ b/pkcs11.h @@ -1,12 +1,12 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +/* Copyright (c) OASIS Open 2016,2019. All Rights Reserved./ * /Distributed under the terms of the OASIS IPR Policy, * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. */ - + /* Latest version of the specification: - * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html + * http://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/pkcs11-base-v3.0.html */ #ifndef _PKCS11_H_ @@ -29,8 +29,7 @@ extern "C" { * convention on packing is that structures should be 1-byte * aligned. * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, this might be done by using the following + * If you're using Windows this might be done by using the following * preprocessor directive before including pkcs11.h or pkcs11t.h: * * #pragma pack(push, cryptoki, 1) @@ -40,13 +39,6 @@ extern "C" { * * #pragma pack(pop, cryptoki) * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, this might be done by using - * the following preprocessor directive before including - * pkcs11.h or pkcs11t.h: - * - * #pragma pack(1) - * * In a UNIX environment, you're on your own for this. You might * not need to do (or be able to do!) anything. * @@ -59,16 +51,10 @@ extern "C" { * * typedef CK_BYTE CK_PTR CK_BYTE_PTR; * - * If you're using Microsoft Developer Studio 5.0 to produce - * Win32 stuff, it might be defined by: + * If you're using Windows, it might be defined by: * * #define CK_PTR * * - * If you're using an earlier version of Microsoft Developer - * Studio to produce Win16 stuff, it might be defined by: - * - * #define CK_PTR far * - * * In a typical UNIX environment, it might be defined by: * * #define CK_PTR * @@ -83,19 +69,12 @@ extern "C" { * CK_VOID_PTR pReserved * ); * - * If you're using Microsoft Developer Studio 5.0 to declare a - * function in a Win32 Cryptoki .dll, it might be defined by: + * If you're using Windows to declare a function in a Win32 Cryptoki .dll, + * it might be defined by: * * #define CK_DECLARE_FUNCTION(returnType, name) \ * returnType __declspec(dllimport) name * - * If you're using an earlier version of Microsoft Developer - * Studio to declare a function in a Win16 Cryptoki .dll, it - * might be defined by: - * - * #define CK_DECLARE_FUNCTION(returnType, name) \ - * returnType __export _far _pascal name - * * In a UNIX environment, it might be defined by: * * #define CK_DECLARE_FUNCTION(returnType, name) \ @@ -120,19 +99,12 @@ extern "C" { * typedef CK_DECLARE_FUNCTION_POINTER(CK_RV, funcPtrType)(args); * funcPtrType funcPtr; * - * If you're using Microsoft Developer Studio 5.0 to access + * If you're using Windows to access * functions in a Win32 Cryptoki .dll, in might be defined by: * * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ * returnType __declspec(dllimport) (* name) * - * If you're using an earlier version of Microsoft Developer - * Studio to access functions in a Win16 Cryptoki .dll, it might - * be defined by: - * - * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ - * returnType __export _far _pascal (* name) - * * In a UNIX environment, it might be defined by: * * #define CK_DECLARE_FUNCTION_POINTER(returnType, name) \ @@ -153,18 +125,11 @@ extern "C" { * typedef CK_CALLBACK_FUNCTION(CK_RV, myCallbackType)(args); * myCallbackType myCallback; * - * If you're using Microsoft Developer Studio 5.0 to do Win32 - * Cryptoki development, it might be defined by: + * If you're using Windows, it might be defined by: * * #define CK_CALLBACK_FUNCTION(returnType, name) \ * returnType (* name) * - * If you're using an earlier version of Microsoft Developer - * Studio to do Win16 development, it might be defined by: - * - * #define CK_CALLBACK_FUNCTION(returnType, name) \ - * returnType _far _pascal (* name) - * * In a UNIX environment, it might be defined by: * * #define CK_CALLBACK_FUNCTION(returnType, name) \ @@ -240,6 +205,22 @@ extern "C" { #define CK_PKCS11_FUNCTION_INFO(name) \ __PASTE(CK_,name) name; +/* Create the 3.0 Function list */ +struct CK_FUNCTION_LIST_3_0 { + + CK_VERSION version; /* Cryptoki version */ + +/* Pile all the function pointers into the CK_FUNCTION_LIST. */ +/* pkcs11f.h has all the information about the Cryptoki + * function prototypes. + */ +#include "pkcs11f.h" + +}; + +#define CK_PKCS11_2_0_ONLY 1 + +/* Continue to define the old CK_FUNCTION_LIST */ struct CK_FUNCTION_LIST { CK_VERSION version; /* Cryptoki version */ @@ -253,6 +234,7 @@ struct CK_FUNCTION_LIST { }; #undef CK_PKCS11_FUNCTION_INFO +#undef CK_PKCS11_2_0_ONLY #undef __PASTE diff --git a/pkcs11f.h b/pkcs11f.h index ed90aff..a475f6d 100644 --- a/pkcs11f.h +++ b/pkcs11f.h @@ -1,10 +1,10 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +/* Copyright (c) OASIS Open 2016, 2019. All Rights Reserved./ * /Distributed under the terms of the OASIS IPR Policy, * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. */ - + /* Latest version of the specification: * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ @@ -937,3 +937,260 @@ CK_PKCS11_FUNCTION_INFO(C_WaitForSlotEvent) ); #endif +#ifndef CK_PKCS11_2_0_ONLY +/* C_GetInterfaceList returns all the interfaces supported by the module*/ +CK_PKCS11_FUNCTION_INFO(C_GetInterfaceList) +#ifdef CK_NEED_ARG_LIST +( + CK_INTERFACE_PTR pInterfacesList, /* returned interfaces */ + CK_ULONG_PTR pulCount /* number of interfaces returned */ +); +#endif + +/* C_GetInterface returns a specific interface from the module. */ +CK_PKCS11_FUNCTION_INFO(C_GetInterface) +#ifdef CK_NEED_ARG_LIST +( + CK_UTF8CHAR_PTR pInterfaceName, /* name of the interface */ + CK_VERSION_PTR pVersion, /* version of the interface */ + CK_INTERFACE_PTR_PTR ppInterface, /* returned interface */ + CK_FLAGS flags /* flags controlling the semantics + * of the interface */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_LoginUser) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_USER_TYPE userType, /* the user type */ + CK_UTF8CHAR_PTR pPin, /* the user's PIN */ + CK_ULONG ulPinLen, /* the length of the PIN */ + CK_UTF8CHAR_PTR pUsername, /* the user's name */ + CK_ULONG ulUsernameLen /*the length of the user's name */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SessionCancel) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_FLAGS flags /* flags control which sessions are cancelled */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageEncryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the encryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of encryption key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen, /* AEAD Associated data length */ + CK_BYTE_PTR pPlaintext, /* plain text */ + CK_ULONG ulPlaintextLen, /* plain text length */ + CK_BYTE_PTR pCiphertext, /* gets cipher text */ + CK_ULONG_PTR pulCiphertextLen /* gets cipher text length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen /* AEAD Associated data length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_EncryptMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pPlaintextPart, /* plain text */ + CK_ULONG ulPlaintextPartLen, /* plain text length */ + CK_BYTE_PTR pCiphertextPart, /* gets cipher text */ + CK_ULONG_PTR pulCiphertextPartLen, /* gets cipher text length */ + CK_FLAGS flags /* multi mode flag */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageEncryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageDecryptInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the decryption mechanism */ + CK_OBJECT_HANDLE hKey /* handle of decryption key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen, /* AEAD Associated data length */ + CK_BYTE_PTR pCiphertext, /* cipher text */ + CK_ULONG ulCiphertextLen, /* cipher text length */ + CK_BYTE_PTR pPlaintext, /* gets plain text */ + CK_ULONG_PTR pulPlaintextLen /* gets plain text length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pAssociatedData, /* AEAD Associated data */ + CK_ULONG ulAssociatedDataLen /* AEAD Associated data length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_DecryptMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pCiphertextPart, /* cipher text */ + CK_ULONG ulCiphertextPartLen, /* cipher text length */ + CK_BYTE_PTR pPlaintextPart, /* gets plain text */ + CK_ULONG_PTR pulPlaintextPartLen, /* gets plain text length */ + CK_FLAGS flags /* multi mode flag */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageDecryptFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageSignInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signing mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signing key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* gets signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen /* length of message specific parameter */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_SignMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* gets signature */ + CK_ULONG_PTR pulSignatureLen /* gets signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageSignFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageVerifyInit) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_MECHANISM_PTR pMechanism, /* the signing mechanism */ + CK_OBJECT_HANDLE hKey /* handle of signing key */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessage) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessageBegin) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen /* length of message specific parameter */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_VerifyMessageNext) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession, /* the session's handle */ + CK_VOID_PTR pParameter, /* message specific parameter */ + CK_ULONG ulParameterLen, /* length of message specific parameter */ + CK_BYTE_PTR pData, /* data to sign */ + CK_ULONG ulDataLen, /* data to sign length */ + CK_BYTE_PTR pSignature, /* signature */ + CK_ULONG ulSignatureLen /* signature length */ +); +#endif + +CK_PKCS11_FUNCTION_INFO(C_MessageVerifyFinal) +#ifdef CK_NEED_ARG_LIST +( + CK_SESSION_HANDLE hSession /* the session's handle */ +); +#endif + +#endif /* CK_PKCS11_2_0_ONLY */ diff --git a/pkcs11t.h b/pkcs11t.h index 321c307..61f7e73 100644 --- a/pkcs11t.h +++ b/pkcs11t.h @@ -1,10 +1,10 @@ -/* Copyright (c) OASIS Open 2016. All Rights Reserved./ +/* Copyright (c) OASIS Open 2016, 2019. All Rights Reserved./ * /Distributed under the terms of the OASIS IPR Policy, * [http://www.oasis-open.org/policies-guidelines/ipr], AS-IS, WITHOUT ANY * IMPLIED OR EXPRESS WARRANTY; there is no warranty of MERCHANTABILITY, FITNESS FOR A * PARTICULAR PURPOSE or NONINFRINGEMENT of the rights of others. */ - + /* Latest version of the specification: * http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html */ @@ -17,8 +17,8 @@ #ifndef _PKCS11T_H_ #define _PKCS11T_H_ 1 -#define CRYPTOKI_VERSION_MAJOR 2 -#define CRYPTOKI_VERSION_MINOR 40 +#define CRYPTOKI_VERSION_MAJOR 3 +#define CRYPTOKI_VERSION_MINOR 1 #define CRYPTOKI_VERSION_AMENDMENT 0 #define CK_TRUE 1 @@ -317,11 +317,23 @@ typedef CK_ULONG CK_OBJECT_CLASS; #define CKO_DOMAIN_PARAMETERS 0x00000006UL #define CKO_MECHANISM 0x00000007UL #define CKO_OTP_KEY 0x00000008UL +#define CKO_PROFILE 0x00000009UL #define CKO_VENDOR_DEFINED 0x80000000UL typedef CK_OBJECT_CLASS CK_PTR CK_OBJECT_CLASS_PTR; +/* Profile ID's */ +#define CKP_INVALID_ID 0x00000000UL +#define CKP_BASELINE_PROVIDER 0x00000001UL +#define CKP_EXTENDED_PROVIDER 0x00000002UL +#define CKP_AUTHENTICATION_TOKEN 0x00000003UL +#define CKP_PUBLIC_CERTIFICATES_TOKEN 0x00000004UL +#define CKP_COMPLETE_PROVIDER 0x00000005UL +#define CKP_HKDF_TLS_TOKEN 0x00000006UL +#define CKP_VENDOR_DEFINED 0x80000000UL + + /* CK_HW_FEATURE_TYPE is a value that identifies the hardware feature type * of an object with CK_OBJECT_CLASS equal to CKO_HW_FEATURE. */ @@ -369,6 +381,8 @@ typedef CK_ULONG CK_KEY_TYPE; #define CKK_CAMELLIA 0x00000025UL #define CKK_ARIA 0x00000026UL +/* the following definitions were added in the 2.30 header file, + * but never defined in the spec. */ #define CKK_MD5_HMAC 0x00000027UL #define CKK_SHA_1_HMAC 0x00000028UL #define CKK_RIPEMD128_HMAC 0x00000029UL @@ -382,13 +396,27 @@ typedef CK_ULONG CK_KEY_TYPE; #define CKK_GOSTR3410 0x00000030UL #define CKK_GOSTR3411 0x00000031UL #define CKK_GOST28147 0x00000032UL - -#define CKK_SHA3_224_HMAC 0x00000033UL -#define CKK_SHA3_256_HMAC 0x00000034UL -#define CKK_SHA3_384_HMAC 0x00000035UL -#define CKK_SHA3_512_HMAC 0x00000036UL - - +#define CKK_CHACHA20 0x00000033UL +#define CKK_POLY1305 0x00000034UL +#define CKK_AES_XTS 0x00000035UL +#define CKK_SHA3_224_HMAC 0x00000036UL +#define CKK_SHA3_256_HMAC 0x00000037UL +#define CKK_SHA3_384_HMAC 0x00000038UL +#define CKK_SHA3_512_HMAC 0x00000039UL +#define CKK_BLAKE2B_160_HMAC 0x0000003aUL +#define CKK_BLAKE2B_256_HMAC 0x0000003bUL +#define CKK_BLAKE2B_384_HMAC 0x0000003cUL +#define CKK_BLAKE2B_512_HMAC 0x0000003dUL +#define CKK_SALSA20 0x0000003eUL +#define CKK_X2RATCHET 0x0000003fUL +#define CKK_EC_EDWARDS 0x00000040UL +#define CKK_EC_MONTGOMERY 0x00000041UL +#define CKK_HKDF 0x00000042UL + +#define CKK_SHA512_224_HMAC 0x00000043UL +#define CKK_SHA512_256_HMAC 0x00000044UL +#define CKK_SHA512_T_HMAC 0x00000045UL +#define CKK_HSS 0x00000046UL #define CKK_VENDOR_DEFINED 0x80000000UL @@ -444,6 +472,7 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_TOKEN 0x00000001UL #define CKA_PRIVATE 0x00000002UL #define CKA_LABEL 0x00000003UL +#define CKA_UNIQUE_ID 0x00000004UL #define CKA_APPLICATION 0x00000010UL #define CKA_VALUE 0x00000011UL #define CKA_OBJECT_ID 0x00000012UL @@ -457,9 +486,9 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_CERTIFICATE_CATEGORY 0x00000087UL #define CKA_JAVA_MIDP_SECURITY_DOMAIN 0x00000088UL #define CKA_URL 0x00000089UL -#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008AUL -#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008BUL -#define CKA_NAME_HASH_ALGORITHM 0x0000008CUL +#define CKA_HASH_OF_SUBJECT_PUBLIC_KEY 0x0000008aUL +#define CKA_HASH_OF_ISSUER_PUBLIC_KEY 0x0000008bUL +#define CKA_NAME_HASH_ALGORITHM 0x0000008cUL #define CKA_CHECK_VALUE 0x00000090UL #define CKA_KEY_TYPE 0x00000100UL @@ -472,9 +501,9 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_UNWRAP 0x00000107UL #define CKA_SIGN 0x00000108UL #define CKA_SIGN_RECOVER 0x00000109UL -#define CKA_VERIFY 0x0000010AUL -#define CKA_VERIFY_RECOVER 0x0000010BUL -#define CKA_DERIVE 0x0000010CUL +#define CKA_VERIFY 0x0000010aUL +#define CKA_VERIFY_RECOVER 0x0000010bUL +#define CKA_DERIVE 0x0000010cUL #define CKA_START_DATE 0x00000110UL #define CKA_END_DATE 0x00000111UL #define CKA_MODULUS 0x00000120UL @@ -531,12 +560,12 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_OTP_TIME_REQUIREMENT 0x00000225UL #define CKA_OTP_COUNTER_REQUIREMENT 0x00000226UL #define CKA_OTP_PIN_REQUIREMENT 0x00000227UL -#define CKA_OTP_COUNTER 0x0000022EUL -#define CKA_OTP_TIME 0x0000022FUL -#define CKA_OTP_USER_IDENTIFIER 0x0000022AUL -#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022BUL -#define CKA_OTP_SERVICE_LOGO 0x0000022CUL -#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022DUL +#define CKA_OTP_COUNTER 0x0000022eUL +#define CKA_OTP_TIME 0x0000022fUL +#define CKA_OTP_USER_IDENTIFIER 0x0000022aUL +#define CKA_OTP_SERVICE_IDENTIFIER 0x0000022bUL +#define CKA_OTP_SERVICE_LOGO 0x0000022cUL +#define CKA_OTP_SERVICE_LOGO_TYPE 0x0000022dUL #define CKA_GOSTR3410_PARAMS 0x00000250UL #define CKA_GOSTR3411_PARAMS 0x00000251UL @@ -561,6 +590,32 @@ typedef CK_ULONG CK_ATTRIBUTE_TYPE; #define CKA_DEFAULT_CMS_ATTRIBUTES 0x00000502UL #define CKA_SUPPORTED_CMS_ATTRIBUTES 0x00000503UL #define CKA_ALLOWED_MECHANISMS (CKF_ARRAY_ATTRIBUTE|0x00000600UL) +#define CKA_PROFILE_ID 0x00000601UL + +#define CKA_X2RATCHET_BAG 0x00000602UL +#define CKA_X2RATCHET_BAGSIZE 0x00000603UL +#define CKA_X2RATCHET_BOBS1STMSG 0x00000604UL +#define CKA_X2RATCHET_CKR 0x00000605UL +#define CKA_X2RATCHET_CKS 0x00000606UL +#define CKA_X2RATCHET_DHP 0x00000607UL +#define CKA_X2RATCHET_DHR 0x00000608UL +#define CKA_X2RATCHET_DHS 0x00000609UL +#define CKA_X2RATCHET_HKR 0x0000060aUL +#define CKA_X2RATCHET_HKS 0x0000060bUL +#define CKA_X2RATCHET_ISALICE 0x0000060cUL +#define CKA_X2RATCHET_NHKR 0x0000060dUL +#define CKA_X2RATCHET_NHKS 0x0000060eUL +#define CKA_X2RATCHET_NR 0x0000060fUL +#define CKA_X2RATCHET_NS 0x00000610UL +#define CKA_X2RATCHET_PNS 0x00000611UL +#define CKA_X2RATCHET_RK 0x00000612UL +/* HSS */ +#define CKA_HSS_LEVELS 0x00000617UL +#define CKA_HSS_LMS_TYPE 0x00000618UL +#define CKA_HSS_LMOTS_TYPE 0x00000619UL +#define CKA_HSS_LMS_TYPES 0x0000061aUL +#define CKA_HSS_LMOTS_TYPES 0x0000061bUL +#define CKA_HSS_KEYS_REMAINING 0x0000061cUL #define CKA_VENDOR_DEFINED 0x80000000UL @@ -602,11 +657,11 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_RIPEMD160_RSA_PKCS 0x00000008UL #define CKM_RSA_PKCS_OAEP 0x00000009UL -#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000AUL -#define CKM_RSA_X9_31 0x0000000BUL -#define CKM_SHA1_RSA_X9_31 0x0000000CUL -#define CKM_RSA_PKCS_PSS 0x0000000DUL -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +#define CKM_RSA_X9_31_KEY_PAIR_GEN 0x0000000aUL +#define CKM_RSA_X9_31 0x0000000bUL +#define CKM_SHA1_RSA_X9_31 0x0000000cUL +#define CKM_RSA_PKCS_PSS 0x0000000dUL +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000eUL #define CKM_DSA_KEY_PAIR_GEN 0x00000010UL #define CKM_DSA 0x00000011UL @@ -617,8 +672,8 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_DSA_SHA512 0x00000016UL #define CKM_DSA_SHA3_224 0x00000018UL #define CKM_DSA_SHA3_256 0x00000019UL -#define CKM_DSA_SHA3_384 0x0000001AUL -#define CKM_DSA_SHA3_512 0x0000001BUL +#define CKM_DSA_SHA3_384 0x0000001aUL +#define CKM_DSA_SHA3_512 0x0000001bUL #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL #define CKM_DH_PKCS_DERIVE 0x00000021UL @@ -640,12 +695,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_SHA512_224 0x00000048UL #define CKM_SHA512_224_HMAC 0x00000049UL -#define CKM_SHA512_224_HMAC_GENERAL 0x0000004AUL -#define CKM_SHA512_224_KEY_DERIVATION 0x0000004BUL -#define CKM_SHA512_256 0x0000004CUL -#define CKM_SHA512_256_HMAC 0x0000004DUL -#define CKM_SHA512_256_HMAC_GENERAL 0x0000004EUL -#define CKM_SHA512_256_KEY_DERIVATION 0x0000004FUL +#define CKM_SHA512_224_HMAC_GENERAL 0x0000004aUL +#define CKM_SHA512_224_KEY_DERIVATION 0x0000004bUL +#define CKM_SHA512_256 0x0000004cUL +#define CKM_SHA512_256_HMAC 0x0000004dUL +#define CKM_SHA512_256_HMAC_GENERAL 0x0000004eUL +#define CKM_SHA512_256_KEY_DERIVATION 0x0000004fUL #define CKM_SHA512_T 0x00000050UL #define CKM_SHA512_T_HMAC 0x00000051UL @@ -739,25 +794,26 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_SECURID 0x00000282UL #define CKM_HOTP_KEY_GEN 0x00000290UL #define CKM_HOTP 0x00000291UL -#define CKM_ACTI 0x000002A0UL -#define CKM_ACTI_KEY_GEN 0x000002A1UL - -#define CKM_SHA3_256 0x000002B0UL -#define CKM_SHA3_256_HMAC 0x000002B1UL -#define CKM_SHA3_256_HMAC_GENERAL 0x000002B2UL -#define CKM_SHA3_256_KEY_GEN 0x000002B3UL -#define CKM_SHA3_224 0x000002B5UL -#define CKM_SHA3_224_HMAC 0x000002B6UL -#define CKM_SHA3_224_HMAC_GENERAL 0x000002B7UL -#define CKM_SHA3_224_KEY_GEN 0x000002B8UL -#define CKM_SHA3_384 0x000002C0UL -#define CKM_SHA3_384_HMAC 0x000002C1UL -#define CKM_SHA3_384_HMAC_GENERAL 0x000002C2UL -#define CKM_SHA3_384_KEY_GEN 0x000002C3UL -#define CKM_SHA3_512 0x000002D0UL -#define CKM_SHA3_512_HMAC 0x000002D1UL -#define CKM_SHA3_512_HMAC_GENERAL 0x000002D2UL -#define CKM_SHA3_512_KEY_GEN 0x000002D3UL +#define CKM_ACTI 0x000002a0UL +#define CKM_ACTI_KEY_GEN 0x000002a1UL + +#define CKM_SHA3_256 0x000002b0UL +#define CKM_SHA3_256_HMAC 0x000002b1UL +#define CKM_SHA3_256_HMAC_GENERAL 0x000002b2UL +#define CKM_SHA3_256_KEY_GEN 0x000002b3UL +#define CKM_SHA3_224 0x000002b5UL +#define CKM_SHA3_224_HMAC 0x000002b6UL +#define CKM_SHA3_224_HMAC_GENERAL 0x000002b7UL +#define CKM_SHA3_224_KEY_GEN 0x000002b8UL +#define CKM_SHA3_384 0x000002c0UL +#define CKM_SHA3_384_HMAC 0x000002c1UL +#define CKM_SHA3_384_HMAC_GENERAL 0x000002c2UL +#define CKM_SHA3_384_KEY_GEN 0x000002c3UL +#define CKM_SHA3_512 0x000002d0UL +#define CKM_SHA3_512_HMAC 0x000002d1UL +#define CKM_SHA3_512_HMAC_GENERAL 0x000002d2UL +#define CKM_SHA3_512_KEY_GEN 0x000002d3UL + #define CKM_CAST_KEY_GEN 0x00000300UL #define CKM_CAST_ECB 0x00000301UL @@ -824,49 +880,55 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_SHA384_KEY_DERIVATION 0x00000394UL #define CKM_SHA512_KEY_DERIVATION 0x00000395UL #define CKM_SHA224_KEY_DERIVATION 0x00000396UL -#define CKM_SHA3_256_KEY_DERIVE 0x00000397UL -#define CKM_SHA3_224_KEY_DERIVE 0x00000398UL -#define CKM_SHA3_384_KEY_DERIVE 0x00000399UL -#define CKM_SHA3_512_KEY_DERIVE 0x0000039AUL -#define CKM_SHAKE_128_KEY_DERIVE 0x0000039BUL -#define CKM_SHAKE_256_KEY_DERIVE 0x0000039CUL - -#define CKM_PBE_MD2_DES_CBC 0x000003A0UL -#define CKM_PBE_MD5_DES_CBC 0x000003A1UL -#define CKM_PBE_MD5_CAST_CBC 0x000003A2UL -#define CKM_PBE_MD5_CAST3_CBC 0x000003A3UL -#define CKM_PBE_MD5_CAST5_CBC 0x000003A4UL /* Deprecated */ -#define CKM_PBE_MD5_CAST128_CBC 0x000003A4UL -#define CKM_PBE_SHA1_CAST5_CBC 0x000003A5UL /* Deprecated */ -#define CKM_PBE_SHA1_CAST128_CBC 0x000003A5UL -#define CKM_PBE_SHA1_RC4_128 0x000003A6UL -#define CKM_PBE_SHA1_RC4_40 0x000003A7UL -#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003A8UL -#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003A9UL -#define CKM_PBE_SHA1_RC2_128_CBC 0x000003AAUL -#define CKM_PBE_SHA1_RC2_40_CBC 0x000003ABUL - -#define CKM_PKCS5_PBKD2 0x000003B0UL - -#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003C0UL - -#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003D0UL -#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003D1UL -#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003D2UL -#define CKM_WTLS_PRF 0x000003D3UL -#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003D4UL -#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003D5UL - -#define CKM_TLS10_MAC_SERVER 0x000003D6UL -#define CKM_TLS10_MAC_CLIENT 0x000003D7UL -#define CKM_TLS12_MAC 0x000003D8UL -#define CKM_TLS12_KDF 0x000003D9UL -#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003E0UL -#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003E1UL -#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003E2UL -#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003E3UL -#define CKM_TLS_MAC 0x000003E4UL -#define CKM_TLS_KDF 0x000003E5UL +#define CKM_SHA3_256_KEY_DERIVATION 0x00000397UL +#define CKM_SHA3_224_KEY_DERIVATION 0x00000398UL +#define CKM_SHA3_384_KEY_DERIVATION 0x00000399UL +#define CKM_SHA3_512_KEY_DERIVATION 0x0000039aUL +#define CKM_SHAKE_128_KEY_DERIVATION 0x0000039bUL +#define CKM_SHAKE_256_KEY_DERIVATION 0x0000039cUL +#define CKM_SHA3_256_KEY_DERIVE CKM_SHA3_256_KEY_DERIVATION +#define CKM_SHA3_224_KEY_DERIVE CKM_SHA3_224_KEY_DERIVATION +#define CKM_SHA3_384_KEY_DERIVE CKM_SHA3_384_KEY_DERIVATION +#define CKM_SHA3_512_KEY_DERIVE CKM_SHA3_512_KEY_DERIVATION +#define CKM_SHAKE_128_KEY_DERIVE CKM_SHAKE_128_KEY_DERIVATION +#define CKM_SHAKE_256_KEY_DERIVE CKM_SHAKE_256_KEY_DERIVATION + +#define CKM_PBE_MD2_DES_CBC 0x000003a0UL +#define CKM_PBE_MD5_DES_CBC 0x000003a1UL +#define CKM_PBE_MD5_CAST_CBC 0x000003a2UL +#define CKM_PBE_MD5_CAST3_CBC 0x000003a3UL +#define CKM_PBE_MD5_CAST5_CBC 0x000003a4UL /* Deprecated */ +#define CKM_PBE_MD5_CAST128_CBC 0x000003a4UL +#define CKM_PBE_SHA1_CAST5_CBC 0x000003a5UL /* Deprecated */ +#define CKM_PBE_SHA1_CAST128_CBC 0x000003a5UL +#define CKM_PBE_SHA1_RC4_128 0x000003a6UL +#define CKM_PBE_SHA1_RC4_40 0x000003a7UL +#define CKM_PBE_SHA1_DES3_EDE_CBC 0x000003a8UL +#define CKM_PBE_SHA1_DES2_EDE_CBC 0x000003a9UL +#define CKM_PBE_SHA1_RC2_128_CBC 0x000003aaUL +#define CKM_PBE_SHA1_RC2_40_CBC 0x000003abUL + +#define CKM_PKCS5_PBKD2 0x000003b0UL + +#define CKM_PBA_SHA1_WITH_SHA1_HMAC 0x000003c0UL + +#define CKM_WTLS_PRE_MASTER_KEY_GEN 0x000003d0UL +#define CKM_WTLS_MASTER_KEY_DERIVE 0x000003d1UL +#define CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC 0x000003d2UL +#define CKM_WTLS_PRF 0x000003d3UL +#define CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE 0x000003d4UL +#define CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE 0x000003d5UL + +#define CKM_TLS10_MAC_SERVER 0x000003d6UL +#define CKM_TLS10_MAC_CLIENT 0x000003d7UL +#define CKM_TLS12_MAC 0x000003d8UL +#define CKM_TLS12_KDF 0x000003d9UL +#define CKM_TLS12_MASTER_KEY_DERIVE 0x000003e0UL +#define CKM_TLS12_KEY_AND_MAC_DERIVE 0x000003e1UL +#define CKM_TLS12_MASTER_KEY_DERIVE_DH 0x000003e2UL +#define CKM_TLS12_KEY_SAFE_DERIVE 0x000003e3UL +#define CKM_TLS_MAC 0x000003e4UL +#define CKM_TLS_KDF 0x000003e5UL #define CKM_KEY_WRAP_LYNKS 0x00000400UL #define CKM_KEY_WRAP_SET_OAEP 0x00000401UL @@ -936,6 +998,7 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_ECDSA_SHA256 0x00001044UL #define CKM_ECDSA_SHA384 0x00001045UL #define CKM_ECDSA_SHA512 0x00001046UL +#define CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS 0x0000140bUL #define CKM_ECDH1_DERIVE 0x00001050UL #define CKM_ECDH1_COFACTOR_DERIVE 0x00001051UL @@ -952,6 +1015,8 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_JUNIPER_WRAP 0x00001065UL #define CKM_FASTHASH 0x00001070UL +#define CKM_AES_XTS 0x00001071UL +#define CKM_AES_XTS_KEY_GEN 0x00001072UL #define CKM_AES_KEY_GEN 0x00001080UL #define CKM_AES_ECB 0x00001081UL #define CKM_AES_CBC 0x00001082UL @@ -962,12 +1027,12 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_AES_GCM 0x00001087UL #define CKM_AES_CCM 0x00001088UL #define CKM_AES_CTS 0x00001089UL -#define CKM_AES_CMAC 0x0000108AUL -#define CKM_AES_CMAC_GENERAL 0x0000108BUL +#define CKM_AES_CMAC 0x0000108aUL +#define CKM_AES_CMAC_GENERAL 0x0000108bUL -#define CKM_AES_XCBC_MAC 0x0000108CUL -#define CKM_AES_XCBC_MAC_96 0x0000108DUL -#define CKM_AES_GMAC 0x0000108EUL +#define CKM_AES_XCBC_MAC 0x0000108cUL +#define CKM_AES_XCBC_MAC_96 0x0000108dUL +#define CKM_AES_GMAC 0x0000108eUL #define CKM_BLOWFISH_KEY_GEN 0x00001090UL #define CKM_BLOWFISH_CBC 0x00001091UL @@ -995,12 +1060,17 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_GOST28147 0x00001222UL #define CKM_GOST28147_MAC 0x00001223UL #define CKM_GOST28147_KEY_WRAP 0x00001224UL - +#define CKM_CHACHA20_KEY_GEN 0x00001225UL +#define CKM_CHACHA20 0x00001226UL +#define CKM_POLY1305_KEY_GEN 0x00001227UL +#define CKM_POLY1305 0x00001228UL #define CKM_DSA_PARAMETER_GEN 0x00002000UL #define CKM_DH_PKCS_PARAMETER_GEN 0x00002001UL #define CKM_X9_42_DH_PARAMETER_GEN 0x00002002UL -#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_PROBABILISTIC_PARAMETER_GEN 0x00002003UL +#define CKM_DSA_PROBABLISTIC_PARAMETER_GEN CKM_DSA_PROBABILISTIC_PARAMETER_GEN #define CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN 0x00002004UL +#define CKM_DSA_FIPS_G_GEN 0x00002005UL #define CKM_AES_OFB 0x00002104UL #define CKM_AES_CFB64 0x00002105UL @@ -1010,10 +1080,75 @@ typedef CK_ULONG CK_MECHANISM_TYPE; #define CKM_AES_CFB1 0x00002108UL #define CKM_AES_KEY_WRAP 0x00002109UL /* WAS: 0x00001090 */ #define CKM_AES_KEY_WRAP_PAD 0x0000210AUL /* WAS: 0x00001091 */ +#define CKM_AES_KEY_WRAP_KWP 0x0000210BUL +#define CKM_AES_KEY_WRAP_PKCS7 0x0000210CUL #define CKM_RSA_PKCS_TPM_1_1 0x00004001UL #define CKM_RSA_PKCS_OAEP_TPM_1_1 0x00004002UL +#define CKM_SHA_1_KEY_GEN 0x00004003UL +#define CKM_SHA224_KEY_GEN 0x00004004UL +#define CKM_SHA256_KEY_GEN 0x00004005UL +#define CKM_SHA384_KEY_GEN 0x00004006UL +#define CKM_SHA512_KEY_GEN 0x00004007UL +#define CKM_SHA512_224_KEY_GEN 0x00004008UL +#define CKM_SHA512_256_KEY_GEN 0x00004009UL +#define CKM_SHA512_T_KEY_GEN 0x0000400aUL +#define CKM_NULL 0x0000400bUL +#define CKM_BLAKE2B_160 0x0000400cUL +#define CKM_BLAKE2B_160_HMAC 0x0000400dUL +#define CKM_BLAKE2B_160_HMAC_GENERAL 0x0000400eUL +#define CKM_BLAKE2B_160_KEY_DERIVE 0x0000400fUL +#define CKM_BLAKE2B_160_KEY_GEN 0x00004010UL +#define CKM_BLAKE2B_256 0x00004011UL +#define CKM_BLAKE2B_256_HMAC 0x00004012UL +#define CKM_BLAKE2B_256_HMAC_GENERAL 0x00004013UL +#define CKM_BLAKE2B_256_KEY_DERIVE 0x00004014UL +#define CKM_BLAKE2B_256_KEY_GEN 0x00004015UL +#define CKM_BLAKE2B_384 0x00004016UL +#define CKM_BLAKE2B_384_HMAC 0x00004017UL +#define CKM_BLAKE2B_384_HMAC_GENERAL 0x00004018UL +#define CKM_BLAKE2B_384_KEY_DERIVE 0x00004019UL +#define CKM_BLAKE2B_384_KEY_GEN 0x0000401aUL +#define CKM_BLAKE2B_512 0x0000401bUL +#define CKM_BLAKE2B_512_HMAC 0x0000401cUL +#define CKM_BLAKE2B_512_HMAC_GENERAL 0x0000401dUL +#define CKM_BLAKE2B_512_KEY_DERIVE 0x0000401eUL +#define CKM_BLAKE2B_512_KEY_GEN 0x0000401fUL +#define CKM_SALSA20 0x00004020UL +#define CKM_CHACHA20_POLY1305 0x00004021UL +#define CKM_SALSA20_POLY1305 0x00004022UL +#define CKM_X3DH_INITIALIZE 0x00004023UL +#define CKM_X3DH_RESPOND 0x00004024UL +#define CKM_X2RATCHET_INITIALIZE 0x00004025UL +#define CKM_X2RATCHET_RESPOND 0x00004026UL +#define CKM_X2RATCHET_ENCRYPT 0x00004027UL +#define CKM_X2RATCHET_DECRYPT 0x00004028UL +#define CKM_XEDDSA 0x00004029UL +#define CKM_HKDF_DERIVE 0x0000402aUL +#define CKM_HKDF_DATA 0x0000402bUL +#define CKM_HKDF_KEY_GEN 0x0000402cUL +#define CKM_SALSA20_KEY_GEN 0x0000402dUL + +#define CKM_ECDSA_SHA3_224 0x00001047UL +#define CKM_ECDSA_SHA3_256 0x00001048UL +#define CKM_ECDSA_SHA3_384 0x00001049UL +#define CKM_ECDSA_SHA3_512 0x0000104aUL +#define CKM_EC_EDWARDS_KEY_PAIR_GEN 0x00001055UL +#define CKM_EC_MONTGOMERY_KEY_PAIR_GEN 0x00001056UL +#define CKM_EDDSA 0x00001057UL +#define CKM_SP800_108_COUNTER_KDF 0x000003acUL +#define CKM_SP800_108_FEEDBACK_KDF 0x000003adUL +#define CKM_SP800_108_DOUBLE_PIPELINE_KDF 0x000003aeUL + +#define CKM_IKE2_PRF_PLUS_DERIVE 0x0000402eUL +#define CKM_IKE_PRF_DERIVE 0x0000402fUL +#define CKM_IKE1_PRF_DERIVE 0x00004030UL +#define CKM_IKE1_EXTENDED_DERIVE 0x00004031UL +#define CKM_HSS_KEY_PAIR_GEN 0x00004032UL +#define CKM_HSS 0x00004033UL + + #define CKM_VENDOR_DEFINED 0x80000000UL typedef CK_MECHANISM_TYPE CK_PTR CK_MECHANISM_TYPE_PTR; @@ -1045,6 +1180,14 @@ typedef struct CK_MECHANISM_INFO { #define CKF_HW 0x00000001UL /* performed by HW */ /* Specify whether or not a mechanism can be used for a particular task */ +#define CKF_MESSAGE_ENCRYPT 0x00000002UL +#define CKF_MESSAGE_DECRYPT 0x00000004UL +#define CKF_MESSAGE_SIGN 0x00000008UL +#define CKF_MESSAGE_VERIFY 0x00000010UL +#define CKF_MULTI_MESSAGE 0x00000020UL +#define CKF_MULTI_MESSGE CKF_MULTI_MESSAGE +#define CKF_FIND_OBJECTS 0x00000040UL + #define CKF_ENCRYPT 0x00000100UL #define CKF_DECRYPT 0x00000200UL #define CKF_DIGEST 0x00000400UL @@ -1064,9 +1207,11 @@ typedef struct CK_MECHANISM_INFO { #define CKF_EC_F_P 0x00100000UL #define CKF_EC_F_2M 0x00200000UL #define CKF_EC_ECPARAMETERS 0x00400000UL -#define CKF_EC_NAMEDCURVE 0x00800000UL +#define CKF_EC_OID 0x00800000UL +#define CKF_EC_NAMEDCURVE CKF_EC_OID /* deprecated since PKCS#11 3.00 */ #define CKF_EC_UNCOMPRESS 0x01000000UL #define CKF_EC_COMPRESS 0x02000000UL +#define CKF_EC_CURVENAME 0x04000000UL #define CKF_EXTENSION 0x80000000UL @@ -1104,6 +1249,7 @@ typedef CK_ULONG CK_RV; #define CKR_DEVICE_REMOVED 0x00000032UL #define CKR_ENCRYPTED_DATA_INVALID 0x00000040UL #define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041UL +#define CKR_AEAD_DECRYPT_FAILED 0x00000042UL #define CKR_FUNCTION_CANCELED 0x00000050UL #define CKR_FUNCTION_NOT_PARALLEL 0x00000051UL @@ -1196,6 +1342,9 @@ typedef CK_ULONG CK_RV; #define CKR_PUBLIC_KEY_INVALID 0x000001B9UL #define CKR_FUNCTION_REJECTED 0x00000200UL +#define CKR_TOKEN_RESOURCE_EXCEEDED 0x00000201UL +#define CKR_OPERATION_CANCEL_FAILED 0x00000202UL +#define CKR_KEY_EXHAUSTED 0x00000203UL #define CKR_VENDOR_DEFINED 0x80000000UL @@ -1213,10 +1362,24 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_NOTIFY)( * Cryptoki functions */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; +typedef struct CK_FUNCTION_LIST_3_0 CK_FUNCTION_LIST_3_0; typedef CK_FUNCTION_LIST CK_PTR CK_FUNCTION_LIST_PTR; +typedef CK_FUNCTION_LIST_3_0 CK_PTR CK_FUNCTION_LIST_3_0_PTR; typedef CK_FUNCTION_LIST_PTR CK_PTR CK_FUNCTION_LIST_PTR_PTR; +typedef CK_FUNCTION_LIST_3_0_PTR CK_PTR CK_FUNCTION_LIST_3_0_PTR_PTR; + +typedef struct CK_INTERFACE { + CK_CHAR *pInterfaceName; + CK_VOID_PTR pFunctionList; + CK_FLAGS flags; +} CK_INTERFACE; + +typedef CK_INTERFACE CK_PTR CK_INTERFACE_PTR; +typedef CK_INTERFACE_PTR CK_PTR CK_INTERFACE_PTR_PTR; + +#define CKF_END_OF_MESSAGE 0x00000001UL /* CK_CREATEMUTEX is an application callback for creating a @@ -1248,6 +1411,8 @@ typedef CK_CALLBACK_FUNCTION(CK_RV, CK_UNLOCKMUTEX)( CK_VOID_PTR pMutex /* pointer to mutex */ ); +/* Get functionlist flags */ +#define CKF_INTERFACE_FORK_SAFE 0x00000001UL /* CK_C_INITIALIZE_ARGS provides the optional arguments to * C_Initialize @@ -1270,6 +1435,7 @@ typedef struct CK_C_INITIALIZE_ARGS { typedef CK_C_INITIALIZE_ARGS CK_PTR CK_C_INITIALIZE_ARGS_PTR; + /* additional flags for parameters to functions */ /* CKF_DONT_BLOCK is for the function C_WaitForSlotEvent */ @@ -1290,6 +1456,11 @@ typedef CK_RSA_PKCS_MGF_TYPE CK_PTR CK_RSA_PKCS_MGF_TYPE_PTR; #define CKG_MGF1_SHA384 0x00000003UL #define CKG_MGF1_SHA512 0x00000004UL #define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA3_224 0x00000006UL +#define CKG_MGF1_SHA3_256 0x00000007UL +#define CKG_MGF1_SHA3_384 0x00000008UL +#define CKG_MGF1_SHA3_512 0x00000009UL + /* CK_RSA_PKCS_OAEP_SOURCE_TYPE is used to indicate the source * of the encoding parameter when formatting a message block @@ -1327,6 +1498,7 @@ typedef struct CK_RSA_PKCS_PSS_PARAMS { typedef CK_RSA_PKCS_PSS_PARAMS CK_PTR CK_RSA_PKCS_PSS_PARAMS_PTR; typedef CK_ULONG CK_EC_KDF_TYPE; +typedef CK_EC_KDF_TYPE CK_PTR CK_EC_KDF_TYPE_PTR; /* The following EC Key Derivation Functions are defined */ #define CKD_NULL 0x00000001UL @@ -1344,6 +1516,19 @@ typedef CK_ULONG CK_EC_KDF_TYPE; #define CKD_SHA3_256_KDF 0x0000000BUL #define CKD_SHA3_384_KDF 0x0000000CUL #define CKD_SHA3_512_KDF 0x0000000DUL +#define CKD_SHA1_KDF_SP800 0x0000000EUL +#define CKD_SHA224_KDF_SP800 0x0000000FUL +#define CKD_SHA256_KDF_SP800 0x00000010UL +#define CKD_SHA384_KDF_SP800 0x00000011UL +#define CKD_SHA512_KDF_SP800 0x00000012UL +#define CKD_SHA3_224_KDF_SP800 0x00000013UL +#define CKD_SHA3_256_KDF_SP800 0x00000014UL +#define CKD_SHA3_384_KDF_SP800 0x00000015UL +#define CKD_SHA3_512_KDF_SP800 0x00000016UL +#define CKD_BLAKE2B_160_KDF 0x00000017UL +#define CKD_BLAKE2B_256_KDF 0x00000018UL +#define CKD_BLAKE2B_384_KDF 0x00000019UL +#define CKD_BLAKE2B_512_KDF 0x0000001aUL /* CK_ECDH1_DERIVE_PARAMS provides the parameters to the * CKM_ECDH1_DERIVE and CKM_ECDH1_COFACTOR_DERIVE mechanisms, @@ -1885,6 +2070,24 @@ typedef struct CK_GCM_PARAMS { typedef CK_GCM_PARAMS CK_PTR CK_GCM_PARAMS_PTR; +typedef CK_ULONG CK_GENERATOR_FUNCTION; +#define CKG_NO_GENERATE 0x00000000UL +#define CKG_GENERATE 0x00000001UL +#define CKG_GENERATE_COUNTER 0x00000002UL +#define CKG_GENERATE_RANDOM 0x00000003UL +#define CKG_GENERATE_COUNTER_XOR 0x00000004UL + +typedef struct CK_GCM_MESSAGE_PARAMS { + CK_BYTE_PTR pIv; + CK_ULONG ulIvLen; + CK_ULONG ulIvFixedBits; + CK_GENERATOR_FUNCTION ivGenerator; + CK_BYTE_PTR pTag; + CK_ULONG ulTagBits; +} CK_GCM_MESSAGE_PARAMS; + +typedef CK_GCM_MESSAGE_PARAMS CK_PTR CK_GCM_MESSAGE_PARAMS_PTR; + typedef struct CK_CCM_PARAMS { CK_ULONG ulDataLen; CK_BYTE_PTR pNonce; @@ -1896,6 +2099,18 @@ typedef struct CK_CCM_PARAMS { typedef CK_CCM_PARAMS CK_PTR CK_CCM_PARAMS_PTR; +typedef struct CK_CCM_MESSAGE_PARAMS { + CK_ULONG ulDataLen; /*plaintext or ciphertext*/ + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_ULONG ulNonceFixedBits; + CK_GENERATOR_FUNCTION nonceGenerator; + CK_BYTE_PTR pMAC; + CK_ULONG ulMACLen; +} CK_CCM_MESSAGE_PARAMS; + +typedef CK_CCM_MESSAGE_PARAMS CK_PTR CK_CCM_MESSAGE_PARAMS_PTR; + /* Deprecated. Use CK_GCM_PARAMS */ typedef struct CK_AES_GCM_PARAMS { CK_BYTE_PTR pIv; @@ -2043,5 +2258,267 @@ typedef struct CK_SEED_CBC_ENCRYPT_DATA_PARAMS { typedef CK_SEED_CBC_ENCRYPT_DATA_PARAMS CK_PTR \ CK_SEED_CBC_ENCRYPT_DATA_PARAMS_PTR; +/* + * New PKCS 11 v3.0 data structures. + */ + +typedef CK_ULONG CK_PROFILE_ID; +typedef CK_PROFILE_ID CK_PTR CK_PROFILE_ID_PTR; + +/* Typedefs for Flexible KDF */ +typedef CK_ULONG CK_PRF_DATA_TYPE; +typedef CK_MECHANISM_TYPE CK_SP800_108_PRF_TYPE; +#define CK_SP800_108_ITERATION_VARIABLE 0x00000001UL +#define CK_SP800_108_OPTIONAL_COUNTER 0x00000002UL +#define CK_SP800_108_DKM_LENGTH 0x00000003UL +#define CK_SP800_108_BYTE_ARRAY 0x00000004UL +#define CK_SP800_108_COUNTER CK_SP800_108_OPTIONAL_COUNTER + +typedef struct CK_PRF_DATA_PARAM +{ + CK_PRF_DATA_TYPE type; + CK_VOID_PTR pValue; + CK_ULONG ulValueLen; +} CK_PRF_DATA_PARAM; + +typedef CK_PRF_DATA_PARAM CK_PTR CK_PRF_DATA_PARAM_PTR; + + +typedef struct CK_SP800_108_COUNTER_FORMAT +{ + CK_BBOOL bLittleEndian; + CK_ULONG ulWidthInBits; +} CK_SP800_108_COUNTER_FORMAT; + +typedef CK_SP800_108_COUNTER_FORMAT CK_PTR CK_SP800_108_COUNTER_FORMAT_PTR; + +typedef CK_ULONG CK_SP800_108_DKM_LENGTH_METHOD; +#define CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS 0x00000001UL +#define CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS 0x00000002UL + +typedef struct CK_SP800_108_DKM_LENGTH_FORMAT +{ + CK_SP800_108_DKM_LENGTH_METHOD dkmLengthMethod; + CK_BBOOL bLittleEndian; + CK_ULONG ulWidthInBits; +} CK_SP800_108_DKM_LENGTH_FORMAT; + +typedef CK_SP800_108_DKM_LENGTH_FORMAT \ + CK_PTR CK_SP800_108_DKM_LENGTH_FORMAT_PTR; + +typedef struct CK_DERIVED_KEY +{ + CK_ATTRIBUTE_PTR pTemplate; + CK_ULONG ulAttributeCount; + CK_OBJECT_HANDLE_PTR phKey; +} CK_DERIVED_KEY; + +typedef CK_DERIVED_KEY CK_PTR CK_DERIVED_KEY_PTR; + +typedef struct CK_SP800_108_KDF_PARAMS +{ + CK_SP800_108_PRF_TYPE prfType; + CK_ULONG ulNumberOfDataParams; + CK_PRF_DATA_PARAM_PTR pDataParams; + CK_ULONG ulAdditionalDerivedKeys; + CK_DERIVED_KEY_PTR pAdditionalDerivedKeys; +} CK_SP800_108_KDF_PARAMS; + +typedef CK_SP800_108_KDF_PARAMS CK_PTR CK_SP800_108_KDF_PARAMS_PTR; + +typedef struct CK_SP800_108_FEEDBACK_KDF_PARAMS +{ + CK_SP800_108_PRF_TYPE prfType; + CK_ULONG ulNumberOfDataParams; + CK_PRF_DATA_PARAM_PTR pDataParams; + CK_ULONG ulIVLen; + CK_BYTE_PTR pIV; + CK_ULONG ulAdditionalDerivedKeys; + CK_DERIVED_KEY_PTR pAdditionalDerivedKeys; +} CK_SP800_108_FEEDBACK_KDF_PARAMS; + +typedef CK_SP800_108_FEEDBACK_KDF_PARAMS \ + CK_PTR CK_SP800_108_FEEDBACK_KDF_PARAMS_PTR; + +/* EDDSA */ +typedef struct CK_EDDSA_PARAMS { + CK_BBOOL phFlag; + CK_ULONG ulContextDataLen; + CK_BYTE_PTR pContextData; +} CK_EDDSA_PARAMS; + +typedef CK_EDDSA_PARAMS CK_PTR CK_EDDSA_PARAMS_PTR; + +/* Extended ChaCha20/Salsa20 support*/ +typedef struct CK_CHACHA20_PARAMS { + CK_BYTE_PTR pBlockCounter; + CK_ULONG blockCounterBits; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceBits; +} CK_CHACHA20_PARAMS; + +typedef CK_CHACHA20_PARAMS CK_PTR CK_CHACHA20_PARAMS_PTR; + +typedef struct CK_SALSA20_PARAMS { + CK_BYTE_PTR pBlockCounter; + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceBits; +} CK_SALSA20_PARAMS; +typedef CK_SALSA20_PARAMS CK_PTR CK_SALSA20_PARAMS_PTR; + +typedef struct CK_SALSA20_CHACHA20_POLY1305_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pAAD; + CK_ULONG ulAADLen; +} CK_SALSA20_CHACHA20_POLY1305_PARAMS; + +typedef CK_SALSA20_CHACHA20_POLY1305_PARAMS \ + CK_PTR CK_SALSA20_CHACHA20_POLY1305_PARAMS_PTR; + +typedef struct CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS { + CK_BYTE_PTR pNonce; + CK_ULONG ulNonceLen; + CK_BYTE_PTR pTag; +} CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS; + +typedef CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS \ + CK_PTR CK_SALSA20_CHACHA20_POLY1305_MSG_PARAMS_PTR; + +typedef CK_ULONG CK_X3DH_KDF_TYPE; +typedef CK_X3DH_KDF_TYPE CK_PTR CK_X3DH_KDF_TYPE_PTR; + +/* X3dh, ratchet */ +typedef struct CK_X3DH_INITIATE_PARAMS { + CK_X3DH_KDF_TYPE kdf; + CK_OBJECT_HANDLE pPeer_identity; + CK_OBJECT_HANDLE pPeer_prekey; + CK_BYTE_PTR pPrekey_signature; + CK_BYTE_PTR pOnetime_key; + CK_OBJECT_HANDLE pOwn_identity; + CK_OBJECT_HANDLE pOwn_ephemeral; +} CK_X3DH_INITIATE_PARAMS; + +typedef struct CK_X3DH_RESPOND_PARAMS { + CK_X3DH_KDF_TYPE kdf; + CK_BYTE_PTR pIdentity_id; + CK_BYTE_PTR pPrekey_id; + CK_BYTE_PTR pOnetime_id; + CK_OBJECT_HANDLE pInitiator_identity; + CK_BYTE_PTR pInitiator_ephemeral; +} CK_X3DH_RESPOND_PARAMS; + +typedef CK_ULONG CK_X2RATCHET_KDF_TYPE; +typedef CK_X2RATCHET_KDF_TYPE CK_PTR CK_X2RATCHET_KDF_TYPE_PTR; + +typedef struct CK_X2RATCHET_INITIALIZE_PARAMS { + CK_BYTE_PTR sk; + CK_OBJECT_HANDLE peer_public_prekey; + CK_OBJECT_HANDLE peer_public_identity; + CK_OBJECT_HANDLE own_public_identity; + CK_BBOOL bEncryptedHeader; + CK_ULONG eCurve; + CK_MECHANISM_TYPE aeadMechanism; + CK_X2RATCHET_KDF_TYPE kdfMechanism; +} CK_X2RATCHET_INITIALIZE_PARAMS; + +typedef CK_X2RATCHET_INITIALIZE_PARAMS \ + CK_PTR CK_X2RATCHET_INITIALIZE_PARAMS_PTR; + +typedef struct CK_X2RATCHET_RESPOND_PARAMS { + CK_BYTE_PTR sk; + CK_OBJECT_HANDLE own_prekey; + CK_OBJECT_HANDLE initiator_identity; + CK_OBJECT_HANDLE own_public_identity; + CK_BBOOL bEncryptedHeader; + CK_ULONG eCurve; + CK_MECHANISM_TYPE aeadMechanism; + CK_X2RATCHET_KDF_TYPE kdfMechanism; +} CK_X2RATCHET_RESPOND_PARAMS; +typedef CK_X2RATCHET_RESPOND_PARAMS \ + CK_PTR CK_X2RATCHET_RESPOND_PARAMS_PTR; + +typedef CK_ULONG CK_XEDDSA_HASH_TYPE; +typedef CK_XEDDSA_HASH_TYPE CK_PTR CK_XEDDSA_HASH_TYPE_PTR; + +/* XEDDSA */ +typedef struct CK_XEDDSA_PARAMS { + CK_XEDDSA_HASH_TYPE hash; +} CK_XEDDSA_PARAMS; +typedef CK_XEDDSA_PARAMS CK_PTR CK_XEDDSA_PARAMS_PTR; + +/* HKDF params */ +typedef struct CK_HKDF_PARAMS { + CK_BBOOL bExtract; + CK_BBOOL bExpand; + CK_MECHANISM_TYPE prfHashMechanism; + CK_ULONG ulSaltType; + CK_BYTE_PTR pSalt; + CK_ULONG ulSaltLen; + CK_OBJECT_HANDLE hSaltKey; + CK_BYTE_PTR pInfo; + CK_ULONG ulInfoLen; +} CK_HKDF_PARAMS; +typedef CK_HKDF_PARAMS CK_PTR CK_HKDF_PARAMS_PTR; + +#define CKF_HKDF_SALT_NULL 0x00000001UL +#define CKF_HKDF_SALT_DATA 0x00000002UL +#define CKF_HKDF_SALT_KEY 0x00000004UL + +/* HSS */ +typedef CK_ULONG CK_HSS_LEVELS; +typedef CK_ULONG CK_LMS_TYPE; +typedef CK_ULONG CK_LMOTS_TYPE; + +typedef struct specifiedParams { + CK_HSS_LEVELS levels; + CK_LMS_TYPE lm_type[8]; + CK_LMOTS_TYPE lm_ots_type[8]; +} specifiedParams; + +/* IKE Params */ +typedef struct CK_IKE2_PRF_PLUS_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasSeedKey; + CK_OBJECT_HANDLE hSeedKey; + CK_BYTE_PTR pSeedData; + CK_ULONG ulSeedDataLen; +} CK_IKE2_PRF_PLUS_DERIVE_PARAMS; +typedef CK_IKE2_PRF_PLUS_DERIVE_PARAMS CK_PTR CK_IKE2_PRF_PLUS_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bDataAsKey; + CK_BBOOL bRekey; + CK_BYTE_PTR pNi; + CK_ULONG ulNiLen; + CK_BYTE_PTR pNr; + CK_ULONG ulNrLen; + CK_OBJECT_HANDLE hNewKey; +} CK_IKE_PRF_DERIVE_PARAMS; +typedef CK_IKE_PRF_DERIVE_PARAMS CK_PTR CK_IKE_PRF_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE1_PRF_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasPrevKey; + CK_OBJECT_HANDLE hKeygxy; + CK_OBJECT_HANDLE hPrevKey; + CK_BYTE_PTR pCKYi; + CK_ULONG ulCKYiLen; + CK_BYTE_PTR pCKYr; + CK_ULONG ulCKYrLen; + CK_BYTE keyNumber; +} CK_IKE1_PRF_DERIVE_PARAMS; +typedef CK_IKE1_PRF_DERIVE_PARAMS CK_PTR CK_IKE1_PRF_DERIVE_PARAMS_PTR; + +typedef struct CK_IKE1_EXTENDED_DERIVE_PARAMS { + CK_MECHANISM_TYPE prfMechanism; + CK_BBOOL bHasKeygxy; + CK_OBJECT_HANDLE hKeygxy; + CK_BYTE_PTR pExtraData; + CK_ULONG ulExtraDataLen; +} CK_IKE1_EXTENDED_DERIVE_PARAMS; +typedef CK_IKE1_EXTENDED_DERIVE_PARAMS CK_PTR CK_IKE1_EXTENDED_DERIVE_PARAMS_PTR; + #endif /* _PKCS11T_H_ */ diff --git a/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object b/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object index 9dd65c1..c5cc813 100644 Binary files a/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object and b/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object differ diff --git a/zconst.go b/zconst.go index f86f5a9..fffd379 100644 --- a/zconst.go +++ b/zconst.go @@ -50,7 +50,16 @@ const ( CKO_DOMAIN_PARAMETERS = 0x00000006 CKO_MECHANISM = 0x00000007 CKO_OTP_KEY = 0x00000008 + CKO_PROFILE = 0x00000009 CKO_VENDOR_DEFINED = 0x80000000 + CKP_INVALID_ID = 0x00000000 + CKP_BASELINE_PROVIDER = 0x00000001 + CKP_EXTENDED_PROVIDER = 0x00000002 + CKP_AUTHENTICATION_TOKEN = 0x00000003 + CKP_PUBLIC_CERTIFICATES_TOKEN = 0x00000004 + CKP_COMPLETE_PROVIDER = 0x00000005 + CKP_HKDF_TLS_TOKEN = 0x00000006 + CKP_VENDOR_DEFINED = 0x80000000 CKH_MONOTONIC_COUNTER = 0x00000001 CKH_CLOCK = 0x00000002 CKH_USER_INTERFACE = 0x00000003 @@ -98,10 +107,26 @@ const ( CKK_GOSTR3410 = 0x00000030 CKK_GOSTR3411 = 0x00000031 CKK_GOST28147 = 0x00000032 - CKK_SHA3_224_HMAC = 0x00000033 - CKK_SHA3_256_HMAC = 0x00000034 - CKK_SHA3_384_HMAC = 0x00000035 - CKK_SHA3_512_HMAC = 0x00000036 + CKK_CHACHA20 = 0x00000033 + CKK_POLY1305 = 0x00000034 + CKK_AES_XTS = 0x00000035 + CKK_SHA3_224_HMAC = 0x00000036 + CKK_SHA3_256_HMAC = 0x00000037 + CKK_SHA3_384_HMAC = 0x00000038 + CKK_SHA3_512_HMAC = 0x00000039 + CKK_BLAKE2B_160_HMAC = 0x0000003a + CKK_BLAKE2B_256_HMAC = 0x0000003b + CKK_BLAKE2B_384_HMAC = 0x0000003c + CKK_BLAKE2B_512_HMAC = 0x0000003d + CKK_SALSA20 = 0x0000003e + CKK_X2RATCHET = 0x0000003f + CKK_EC_EDWARDS = 0x00000040 + CKK_EC_MONTGOMERY = 0x00000041 + CKK_HKDF = 0x00000042 + CKK_SHA512_224_HMAC = 0x00000043 + CKK_SHA512_256_HMAC = 0x00000044 + CKK_SHA512_T_HMAC = 0x00000045 + CKK_HSS = 0x00000046 CKK_VENDOR_DEFINED = 0x80000000 CKC_X_509 = 0x00000000 CKC_X_509_ATTR_CERT = 0x00000001 @@ -112,6 +137,7 @@ const ( CKA_TOKEN = 0x00000001 CKA_PRIVATE = 0x00000002 CKA_LABEL = 0x00000003 + CKA_UNIQUE_ID = 0x00000004 CKA_APPLICATION = 0x00000010 CKA_VALUE = 0x00000011 CKA_OBJECT_ID = 0x00000012 @@ -125,9 +151,9 @@ const ( CKA_CERTIFICATE_CATEGORY = 0x00000087 CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 CKA_URL = 0x00000089 - CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A - CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B - CKA_NAME_HASH_ALGORITHM = 0x0000008C + CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008a + CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008b + CKA_NAME_HASH_ALGORITHM = 0x0000008c CKA_CHECK_VALUE = 0x00000090 CKA_KEY_TYPE = 0x00000100 CKA_SUBJECT = 0x00000101 @@ -139,9 +165,9 @@ const ( CKA_UNWRAP = 0x00000107 CKA_SIGN = 0x00000108 CKA_SIGN_RECOVER = 0x00000109 - CKA_VERIFY = 0x0000010A - CKA_VERIFY_RECOVER = 0x0000010B - CKA_DERIVE = 0x0000010C + CKA_VERIFY = 0x0000010a + CKA_VERIFY_RECOVER = 0x0000010b + CKA_DERIVE = 0x0000010c CKA_START_DATE = 0x00000110 CKA_END_DATE = 0x00000111 CKA_MODULUS = 0x00000120 @@ -188,12 +214,12 @@ const ( CKA_OTP_TIME_REQUIREMENT = 0x00000225 CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 CKA_OTP_PIN_REQUIREMENT = 0x00000227 - CKA_OTP_COUNTER = 0x0000022E - CKA_OTP_TIME = 0x0000022F - CKA_OTP_USER_IDENTIFIER = 0x0000022A - CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B - CKA_OTP_SERVICE_LOGO = 0x0000022C - CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D + CKA_OTP_COUNTER = 0x0000022e + CKA_OTP_TIME = 0x0000022f + CKA_OTP_USER_IDENTIFIER = 0x0000022a + CKA_OTP_SERVICE_IDENTIFIER = 0x0000022b + CKA_OTP_SERVICE_LOGO = 0x0000022c + CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022d CKA_GOSTR3410_PARAMS = 0x00000250 CKA_GOSTR3411_PARAMS = 0x00000251 CKA_GOST28147_PARAMS = 0x00000252 @@ -215,6 +241,30 @@ const ( CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) + CKA_PROFILE_ID = 0x00000601 + CKA_X2RATCHET_BAG = 0x00000602 + CKA_X2RATCHET_BAGSIZE = 0x00000603 + CKA_X2RATCHET_BOBS1STMSG = 0x00000604 + CKA_X2RATCHET_CKR = 0x00000605 + CKA_X2RATCHET_CKS = 0x00000606 + CKA_X2RATCHET_DHP = 0x00000607 + CKA_X2RATCHET_DHR = 0x00000608 + CKA_X2RATCHET_DHS = 0x00000609 + CKA_X2RATCHET_HKR = 0x0000060a + CKA_X2RATCHET_HKS = 0x0000060b + CKA_X2RATCHET_ISALICE = 0x0000060c + CKA_X2RATCHET_NHKR = 0x0000060d + CKA_X2RATCHET_NHKS = 0x0000060e + CKA_X2RATCHET_NR = 0x0000060f + CKA_X2RATCHET_NS = 0x00000610 + CKA_X2RATCHET_PNS = 0x00000611 + CKA_X2RATCHET_RK = 0x00000612 + CKA_HSS_LEVELS = 0x00000617 + CKA_HSS_LMS_TYPE = 0x00000618 + CKA_HSS_LMOTS_TYPE = 0x00000619 + CKA_HSS_LMS_TYPES = 0x0000061a + CKA_HSS_LMOTS_TYPES = 0x0000061b + CKA_HSS_KEYS_REMAINING = 0x0000061c CKA_VENDOR_DEFINED = 0x80000000 CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 CKM_RSA_PKCS = 0x00000001 @@ -226,11 +276,11 @@ const ( CKM_RIPEMD128_RSA_PKCS = 0x00000007 CKM_RIPEMD160_RSA_PKCS = 0x00000008 CKM_RSA_PKCS_OAEP = 0x00000009 - CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A - CKM_RSA_X9_31 = 0x0000000B - CKM_SHA1_RSA_X9_31 = 0x0000000C - CKM_RSA_PKCS_PSS = 0x0000000D - CKM_SHA1_RSA_PKCS_PSS = 0x0000000E + CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000a + CKM_RSA_X9_31 = 0x0000000b + CKM_SHA1_RSA_X9_31 = 0x0000000c + CKM_RSA_PKCS_PSS = 0x0000000d + CKM_SHA1_RSA_PKCS_PSS = 0x0000000e CKM_DSA_KEY_PAIR_GEN = 0x00000010 CKM_DSA = 0x00000011 CKM_DSA_SHA1 = 0x00000012 @@ -240,8 +290,8 @@ const ( CKM_DSA_SHA512 = 0x00000016 CKM_DSA_SHA3_224 = 0x00000018 CKM_DSA_SHA3_256 = 0x00000019 - CKM_DSA_SHA3_384 = 0x0000001A - CKM_DSA_SHA3_512 = 0x0000001B + CKM_DSA_SHA3_384 = 0x0000001a + CKM_DSA_SHA3_512 = 0x0000001b CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 CKM_DH_PKCS_DERIVE = 0x00000021 CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 @@ -258,12 +308,12 @@ const ( CKM_SHA224_RSA_PKCS_PSS = 0x00000047 CKM_SHA512_224 = 0x00000048 CKM_SHA512_224_HMAC = 0x00000049 - CKM_SHA512_224_HMAC_GENERAL = 0x0000004A - CKM_SHA512_224_KEY_DERIVATION = 0x0000004B - CKM_SHA512_256 = 0x0000004C - CKM_SHA512_256_HMAC = 0x0000004D - CKM_SHA512_256_HMAC_GENERAL = 0x0000004E - CKM_SHA512_256_KEY_DERIVATION = 0x0000004F + CKM_SHA512_224_HMAC_GENERAL = 0x0000004a + CKM_SHA512_224_KEY_DERIVATION = 0x0000004b + CKM_SHA512_256 = 0x0000004c + CKM_SHA512_256_HMAC = 0x0000004d + CKM_SHA512_256_HMAC_GENERAL = 0x0000004e + CKM_SHA512_256_KEY_DERIVATION = 0x0000004f CKM_SHA512_T = 0x00000050 CKM_SHA512_T_HMAC = 0x00000051 CKM_SHA512_T_HMAC_GENERAL = 0x00000052 @@ -340,24 +390,24 @@ const ( CKM_SECURID = 0x00000282 CKM_HOTP_KEY_GEN = 0x00000290 CKM_HOTP = 0x00000291 - CKM_ACTI = 0x000002A0 - CKM_ACTI_KEY_GEN = 0x000002A1 - CKM_SHA3_256 = 0x000002B0 - CKM_SHA3_256_HMAC = 0x000002B1 - CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 - CKM_SHA3_256_KEY_GEN = 0x000002B3 - CKM_SHA3_224 = 0x000002B5 - CKM_SHA3_224_HMAC = 0x000002B6 - CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 - CKM_SHA3_224_KEY_GEN = 0x000002B8 - CKM_SHA3_384 = 0x000002C0 - CKM_SHA3_384_HMAC = 0x000002C1 - CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 - CKM_SHA3_384_KEY_GEN = 0x000002C3 - CKM_SHA3_512 = 0x000002D0 - CKM_SHA3_512_HMAC = 0x000002D1 - CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 - CKM_SHA3_512_KEY_GEN = 0x000002D3 + CKM_ACTI = 0x000002a0 + CKM_ACTI_KEY_GEN = 0x000002a1 + CKM_SHA3_256 = 0x000002b0 + CKM_SHA3_256_HMAC = 0x000002b1 + CKM_SHA3_256_HMAC_GENERAL = 0x000002b2 + CKM_SHA3_256_KEY_GEN = 0x000002b3 + CKM_SHA3_224 = 0x000002b5 + CKM_SHA3_224_HMAC = 0x000002b6 + CKM_SHA3_224_HMAC_GENERAL = 0x000002b7 + CKM_SHA3_224_KEY_GEN = 0x000002b8 + CKM_SHA3_384 = 0x000002c0 + CKM_SHA3_384_HMAC = 0x000002c1 + CKM_SHA3_384_HMAC_GENERAL = 0x000002c2 + CKM_SHA3_384_KEY_GEN = 0x000002c3 + CKM_SHA3_512 = 0x000002d0 + CKM_SHA3_512_HMAC = 0x000002d1 + CKM_SHA3_512_HMAC_GENERAL = 0x000002d2 + CKM_SHA3_512_KEY_GEN = 0x000002d3 CKM_CAST_KEY_GEN = 0x00000300 CKM_CAST_ECB = 0x00000301 CKM_CAST_CBC = 0x00000302 @@ -418,44 +468,50 @@ const ( CKM_SHA384_KEY_DERIVATION = 0x00000394 CKM_SHA512_KEY_DERIVATION = 0x00000395 CKM_SHA224_KEY_DERIVATION = 0x00000396 - CKM_SHA3_256_KEY_DERIVE = 0x00000397 - CKM_SHA3_224_KEY_DERIVE = 0x00000398 - CKM_SHA3_384_KEY_DERIVE = 0x00000399 - CKM_SHA3_512_KEY_DERIVE = 0x0000039A - CKM_SHAKE_128_KEY_DERIVE = 0x0000039B - CKM_SHAKE_256_KEY_DERIVE = 0x0000039C - CKM_PBE_MD2_DES_CBC = 0x000003A0 - CKM_PBE_MD5_DES_CBC = 0x000003A1 - CKM_PBE_MD5_CAST_CBC = 0x000003A2 - CKM_PBE_MD5_CAST3_CBC = 0x000003A3 - CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated - CKM_PBE_MD5_CAST128_CBC = 0x000003A4 - CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated - CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 - CKM_PBE_SHA1_RC4_128 = 0x000003A6 - CKM_PBE_SHA1_RC4_40 = 0x000003A7 - CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 - CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 - CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA - CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB - CKM_PKCS5_PBKD2 = 0x000003B0 - CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 - CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 - CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 - CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 - CKM_WTLS_PRF = 0x000003D3 - CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 - CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 - CKM_TLS10_MAC_SERVER = 0x000003D6 - CKM_TLS10_MAC_CLIENT = 0x000003D7 - CKM_TLS12_MAC = 0x000003D8 - CKM_TLS12_KDF = 0x000003D9 - CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 - CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 - CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 - CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 - CKM_TLS_MAC = 0x000003E4 - CKM_TLS_KDF = 0x000003E5 + CKM_SHA3_256_KEY_DERIVATION = 0x00000397 + CKM_SHA3_224_KEY_DERIVATION = 0x00000398 + CKM_SHA3_384_KEY_DERIVATION = 0x00000399 + CKM_SHA3_512_KEY_DERIVATION = 0x0000039a + CKM_SHAKE_128_KEY_DERIVATION = 0x0000039b + CKM_SHAKE_256_KEY_DERIVATION = 0x0000039c + CKM_SHA3_256_KEY_DERIVE = CKM_SHA3_256_KEY_DERIVATION + CKM_SHA3_224_KEY_DERIVE = CKM_SHA3_224_KEY_DERIVATION + CKM_SHA3_384_KEY_DERIVE = CKM_SHA3_384_KEY_DERIVATION + CKM_SHA3_512_KEY_DERIVE = CKM_SHA3_512_KEY_DERIVATION + CKM_SHAKE_128_KEY_DERIVE = CKM_SHAKE_128_KEY_DERIVATION + CKM_SHAKE_256_KEY_DERIVE = CKM_SHAKE_256_KEY_DERIVATION + CKM_PBE_MD2_DES_CBC = 0x000003a0 + CKM_PBE_MD5_DES_CBC = 0x000003a1 + CKM_PBE_MD5_CAST_CBC = 0x000003a2 + CKM_PBE_MD5_CAST3_CBC = 0x000003a3 + CKM_PBE_MD5_CAST5_CBC = 0x000003a4 // Deprecated + CKM_PBE_MD5_CAST128_CBC = 0x000003a4 + CKM_PBE_SHA1_CAST5_CBC = 0x000003a5 // Deprecated + CKM_PBE_SHA1_CAST128_CBC = 0x000003a5 + CKM_PBE_SHA1_RC4_128 = 0x000003a6 + CKM_PBE_SHA1_RC4_40 = 0x000003a7 + CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003a8 + CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003a9 + CKM_PBE_SHA1_RC2_128_CBC = 0x000003aa + CKM_PBE_SHA1_RC2_40_CBC = 0x000003ab + CKM_PKCS5_PBKD2 = 0x000003b0 + CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003c0 + CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003d0 + CKM_WTLS_MASTER_KEY_DERIVE = 0x000003d1 + CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003d2 + CKM_WTLS_PRF = 0x000003d3 + CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003d4 + CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003d5 + CKM_TLS10_MAC_SERVER = 0x000003d6 + CKM_TLS10_MAC_CLIENT = 0x000003d7 + CKM_TLS12_MAC = 0x000003d8 + CKM_TLS12_KDF = 0x000003d9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003e0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003e1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003e2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003e3 + CKM_TLS_MAC = 0x000003e4 + CKM_TLS_KDF = 0x000003e5 CKM_KEY_WRAP_LYNKS = 0x00000400 CKM_KEY_WRAP_SET_OAEP = 0x00000401 CKM_CMS_SIG = 0x00000500 @@ -517,6 +573,7 @@ const ( CKM_ECDSA_SHA256 = 0x00001044 CKM_ECDSA_SHA384 = 0x00001045 CKM_ECDSA_SHA512 = 0x00001046 + CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS = 0x0000140b CKM_ECDH1_DERIVE = 0x00001050 CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 CKM_ECMQV_DERIVE = 0x00001052 @@ -529,6 +586,8 @@ const ( CKM_JUNIPER_SHUFFLE = 0x00001064 CKM_JUNIPER_WRAP = 0x00001065 CKM_FASTHASH = 0x00001070 + CKM_AES_XTS = 0x00001071 + CKM_AES_XTS_KEY_GEN = 0x00001072 CKM_AES_KEY_GEN = 0x00001080 CKM_AES_ECB = 0x00001081 CKM_AES_CBC = 0x00001082 @@ -539,11 +598,11 @@ const ( CKM_AES_GCM = 0x00001087 CKM_AES_CCM = 0x00001088 CKM_AES_CTS = 0x00001089 - CKM_AES_CMAC = 0x0000108A - CKM_AES_CMAC_GENERAL = 0x0000108B - CKM_AES_XCBC_MAC = 0x0000108C - CKM_AES_XCBC_MAC_96 = 0x0000108D - CKM_AES_GMAC = 0x0000108E + CKM_AES_CMAC = 0x0000108a + CKM_AES_CMAC_GENERAL = 0x0000108b + CKM_AES_XCBC_MAC = 0x0000108c + CKM_AES_XCBC_MAC_96 = 0x0000108d + CKM_AES_GMAC = 0x0000108e CKM_BLOWFISH_KEY_GEN = 0x00001090 CKM_BLOWFISH_CBC = 0x00001091 CKM_TWOFISH_KEY_GEN = 0x00001092 @@ -568,11 +627,17 @@ const ( CKM_GOST28147 = 0x00001222 CKM_GOST28147_MAC = 0x00001223 CKM_GOST28147_KEY_WRAP = 0x00001224 + CKM_CHACHA20_KEY_GEN = 0x00001225 + CKM_CHACHA20 = 0x00001226 + CKM_POLY1305_KEY_GEN = 0x00001227 + CKM_POLY1305 = 0x00001228 CKM_DSA_PARAMETER_GEN = 0x00002000 CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 - CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_PROBABILISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = CKM_DSA_PROBABILISTIC_PARAMETER_GEN CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_DSA_FIPS_G_GEN = 0x00002005 CKM_AES_OFB = 0x00002104 CKM_AES_CFB64 = 0x00002105 CKM_AES_CFB8 = 0x00002106 @@ -580,10 +645,78 @@ const ( CKM_AES_CFB1 = 0x00002108 CKM_AES_KEY_WRAP = 0x00002109 CKM_AES_KEY_WRAP_PAD = 0x0000210A + CKM_AES_KEY_WRAP_KWP = 0x0000210B + CKM_AES_KEY_WRAP_PKCS7 = 0x0000210C CKM_RSA_PKCS_TPM_1_1 = 0x00004001 CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 + CKM_SHA_1_KEY_GEN = 0x00004003 + CKM_SHA224_KEY_GEN = 0x00004004 + CKM_SHA256_KEY_GEN = 0x00004005 + CKM_SHA384_KEY_GEN = 0x00004006 + CKM_SHA512_KEY_GEN = 0x00004007 + CKM_SHA512_224_KEY_GEN = 0x00004008 + CKM_SHA512_256_KEY_GEN = 0x00004009 + CKM_SHA512_T_KEY_GEN = 0x0000400a + CKM_NULL = 0x0000400b + CKM_BLAKE2B_160 = 0x0000400c + CKM_BLAKE2B_160_HMAC = 0x0000400d + CKM_BLAKE2B_160_HMAC_GENERAL = 0x0000400e + CKM_BLAKE2B_160_KEY_DERIVE = 0x0000400f + CKM_BLAKE2B_160_KEY_GEN = 0x00004010 + CKM_BLAKE2B_256 = 0x00004011 + CKM_BLAKE2B_256_HMAC = 0x00004012 + CKM_BLAKE2B_256_HMAC_GENERAL = 0x00004013 + CKM_BLAKE2B_256_KEY_DERIVE = 0x00004014 + CKM_BLAKE2B_256_KEY_GEN = 0x00004015 + CKM_BLAKE2B_384 = 0x00004016 + CKM_BLAKE2B_384_HMAC = 0x00004017 + CKM_BLAKE2B_384_HMAC_GENERAL = 0x00004018 + CKM_BLAKE2B_384_KEY_DERIVE = 0x00004019 + CKM_BLAKE2B_384_KEY_GEN = 0x0000401a + CKM_BLAKE2B_512 = 0x0000401b + CKM_BLAKE2B_512_HMAC = 0x0000401c + CKM_BLAKE2B_512_HMAC_GENERAL = 0x0000401d + CKM_BLAKE2B_512_KEY_DERIVE = 0x0000401e + CKM_BLAKE2B_512_KEY_GEN = 0x0000401f + CKM_SALSA20 = 0x00004020 + CKM_CHACHA20_POLY1305 = 0x00004021 + CKM_SALSA20_POLY1305 = 0x00004022 + CKM_X3DH_INITIALIZE = 0x00004023 + CKM_X3DH_RESPOND = 0x00004024 + CKM_X2RATCHET_INITIALIZE = 0x00004025 + CKM_X2RATCHET_RESPOND = 0x00004026 + CKM_X2RATCHET_ENCRYPT = 0x00004027 + CKM_X2RATCHET_DECRYPT = 0x00004028 + CKM_XEDDSA = 0x00004029 + CKM_HKDF_DERIVE = 0x0000402a + CKM_HKDF_DATA = 0x0000402b + CKM_HKDF_KEY_GEN = 0x0000402c + CKM_SALSA20_KEY_GEN = 0x0000402d + CKM_ECDSA_SHA3_224 = 0x00001047 + CKM_ECDSA_SHA3_256 = 0x00001048 + CKM_ECDSA_SHA3_384 = 0x00001049 + CKM_ECDSA_SHA3_512 = 0x0000104a + CKM_EC_EDWARDS_KEY_PAIR_GEN = 0x00001055 + CKM_EC_MONTGOMERY_KEY_PAIR_GEN = 0x00001056 + CKM_EDDSA = 0x00001057 + CKM_SP800_108_COUNTER_KDF = 0x000003ac + CKM_SP800_108_FEEDBACK_KDF = 0x000003ad + CKM_SP800_108_DOUBLE_PIPELINE_KDF = 0x000003ae + CKM_IKE2_PRF_PLUS_DERIVE = 0x0000402e + CKM_IKE_PRF_DERIVE = 0x0000402f + CKM_IKE1_PRF_DERIVE = 0x00004030 + CKM_IKE1_EXTENDED_DERIVE = 0x00004031 + CKM_HSS_KEY_PAIR_GEN = 0x00004032 + CKM_HSS = 0x00004033 CKM_VENDOR_DEFINED = 0x80000000 CKF_HW = 0x00000001 + CKF_MESSAGE_ENCRYPT = 0x00000002 + CKF_MESSAGE_DECRYPT = 0x00000004 + CKF_MESSAGE_SIGN = 0x00000008 + CKF_MESSAGE_VERIFY = 0x00000010 + CKF_MULTI_MESSAGE = 0x00000020 + CKF_MULTI_MESSGE = CKF_MULTI_MESSAGE + CKF_FIND_OBJECTS = 0x00000040 CKF_ENCRYPT = 0x00000100 CKF_DECRYPT = 0x00000200 CKF_DIGEST = 0x00000400 @@ -599,9 +732,11 @@ const ( CKF_EC_F_P = 0x00100000 CKF_EC_F_2M = 0x00200000 CKF_EC_ECPARAMETERS = 0x00400000 - CKF_EC_NAMEDCURVE = 0x00800000 + CKF_EC_OID = 0x00800000 + CKF_EC_NAMEDCURVE = CKF_EC_OID CKF_EC_UNCOMPRESS = 0x01000000 CKF_EC_COMPRESS = 0x02000000 + CKF_EC_CURVENAME = 0x04000000 CKF_EXTENSION = 0x80000000 CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 @@ -625,6 +760,7 @@ const ( CKR_DEVICE_REMOVED = 0x00000032 CKR_ENCRYPTED_DATA_INVALID = 0x00000040 CKR_ENCRYPTED_DATA_LEN_RANGE = 0x00000041 + CKR_AEAD_DECRYPT_FAILED = 0x00000042 CKR_FUNCTION_CANCELED = 0x00000050 CKR_FUNCTION_NOT_PARALLEL = 0x00000051 CKR_FUNCTION_NOT_SUPPORTED = 0x00000054 @@ -697,7 +833,12 @@ const ( CKR_PIN_TOO_WEAK = 0x000001B8 CKR_PUBLIC_KEY_INVALID = 0x000001B9 CKR_FUNCTION_REJECTED = 0x00000200 + CKR_TOKEN_RESOURCE_EXCEEDED = 0x00000201 + CKR_OPERATION_CANCEL_FAILED = 0x00000202 + CKR_KEY_EXHAUSTED = 0x00000203 CKR_VENDOR_DEFINED = 0x80000000 + CKF_END_OF_MESSAGE = 0x00000001 + CKF_INTERFACE_FORK_SAFE = 0x00000001 CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 CKF_OS_LOCKING_OK = 0x00000002 CKF_DONT_BLOCK = 1 @@ -706,6 +847,10 @@ const ( CKG_MGF1_SHA384 = 0x00000003 CKG_MGF1_SHA512 = 0x00000004 CKG_MGF1_SHA224 = 0x00000005 + CKG_MGF1_SHA3_224 = 0x00000006 + CKG_MGF1_SHA3_256 = 0x00000007 + CKG_MGF1_SHA3_384 = 0x00000008 + CKG_MGF1_SHA3_512 = 0x00000009 CKZ_DATA_SPECIFIED = 0x00000001 CKD_NULL = 0x00000001 CKD_SHA1_KDF = 0x00000002 @@ -720,6 +865,19 @@ const ( CKD_SHA3_256_KDF = 0x0000000B CKD_SHA3_384_KDF = 0x0000000C CKD_SHA3_512_KDF = 0x0000000D + CKD_SHA1_KDF_SP800 = 0x0000000E + CKD_SHA224_KDF_SP800 = 0x0000000F + CKD_SHA256_KDF_SP800 = 0x00000010 + CKD_SHA384_KDF_SP800 = 0x00000011 + CKD_SHA512_KDF_SP800 = 0x00000012 + CKD_SHA3_224_KDF_SP800 = 0x00000013 + CKD_SHA3_256_KDF_SP800 = 0x00000014 + CKD_SHA3_384_KDF_SP800 = 0x00000015 + CKD_SHA3_512_KDF_SP800 = 0x00000016 + CKD_BLAKE2B_160_KDF = 0x00000017 + CKD_BLAKE2B_256_KDF = 0x00000018 + CKD_BLAKE2B_384_KDF = 0x00000019 + CKD_BLAKE2B_512_KDF = 0x0000001a CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 @@ -735,4 +893,12 @@ const ( CKF_EXCLUDE_CHALLENGE = 0x00000008 CKF_EXCLUDE_PIN = 0x00000010 CKF_USER_FRIENDLY_OTP = 0x00000020 + CKG_NO_GENERATE = 0x00000000 + CKG_GENERATE = 0x00000001 + CKG_GENERATE_COUNTER = 0x00000002 + CKG_GENERATE_RANDOM = 0x00000003 + CKG_GENERATE_COUNTER_XOR = 0x00000004 + CKF_HKDF_SALT_NULL = 0x00000001 + CKF_HKDF_SALT_DATA = 0x00000002 + CKF_HKDF_SALT_KEY = 0x00000004 )