From 74b2912c1370285565b2c3049bee8d035d367b0a Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Wed, 5 Jan 2022 09:50:05 +0000 Subject: [PATCH 01/15] Also allow CK_ constants (#150) Amend const_generate.go to not skip CK_* constants and have them in zconst.go as well. Special case (~0) for CK_UNAVAILABLE_INFORMATION. Fixes #149 Signed-off-by: Miek Gieben --- const_generate.go | 9 ++++-- .../token.object | Bin 320 -> 320 bytes zconst.go | 28 ++++++++++++++++++ 3 files changed, 34 insertions(+), 3 deletions(-) diff --git a/const_generate.go b/const_generate.go index 578f6a7..2b30562 100644 --- a/const_generate.go +++ b/const_generate.go @@ -38,9 +38,6 @@ func main() { if fields[0] != "#define" { continue } - if strings.HasPrefix(fields[1], "CK_") { - continue - } // fields[1] (const name) needs to be 3 chars, starting with CK if !strings.HasPrefix(fields[1], "CK") { continue @@ -50,6 +47,12 @@ func main() { if strings.HasSuffix(value, "UL)") { value = strings.Replace(value, "UL)", ")", 1) } + // CK_UNAVAILABLE_INFORMATION is encoded as (~0) (with UL) removed, this needs to be ^uint(0) in Go. + // Special case that here. + if value == "(~0)" { + value = "^uint(0)" + } + // check for /* deprecated */ comment if len(fields) == 6 && fields[4] == "Deprecated" { fmt.Fprintln(out, fields[1], " = ", value, "// Deprecated") diff --git a/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object b/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object index 9dd65c13e618adde79565890e61f7df8e7567729..c5cc813b4a5491b60dc35803164954d60cc2f093 100644 GIT binary patch delta 17 UcmX@WbbyJ20Rogaa#%0|035Lbq5uE@ delta 17 UcmX@WbbyJ20RqG}a#%0|032`vl>h($ diff --git a/zconst.go b/zconst.go index f86f5a9..41df5cf 100644 --- a/zconst.go +++ b/zconst.go @@ -7,6 +7,11 @@ package pkcs11 const ( + CK_TRUE = 1 + CK_FALSE = 0 + CK_UNAVAILABLE_INFORMATION = ^uint(0) + CK_EFFECTIVELY_INFINITE = 0 + CK_INVALID_HANDLE = 0 CKN_SURRENDER = 0 CKN_OTP_CHANGED = 1 CKF_TOKEN_PRESENT = 0x00000001 @@ -103,11 +108,26 @@ const ( CKK_SHA3_384_HMAC = 0x00000035 CKK_SHA3_512_HMAC = 0x00000036 CKK_VENDOR_DEFINED = 0x80000000 + CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 + CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 + CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 + CK_CERTIFICATE_CATEGORY_OTHER_ENTITY = 3 + CK_SECURITY_DOMAIN_UNSPECIFIED = 0 + CK_SECURITY_DOMAIN_MANUFACTURER = 1 + CK_SECURITY_DOMAIN_OPERATOR = 2 + CK_SECURITY_DOMAIN_THIRD_PARTY = 3 CKC_X_509 = 0x00000000 CKC_X_509_ATTR_CERT = 0x00000001 CKC_WTLS = 0x00000002 CKC_VENDOR_DEFINED = 0x80000000 CKF_ARRAY_ATTRIBUTE = 0x40000000 + CK_OTP_FORMAT_DECIMAL = 0 + CK_OTP_FORMAT_HEXADECIMAL = 1 + CK_OTP_FORMAT_ALPHANUMERIC = 2 + CK_OTP_FORMAT_BINARY = 3 + CK_OTP_PARAM_IGNORED = 0 + CK_OTP_PARAM_OPTIONAL = 1 + CK_OTP_PARAM_MANDATORY = 2 CKA_CLASS = 0x00000000 CKA_TOKEN = 0x00000001 CKA_PRIVATE = 0x00000002 @@ -729,6 +749,14 @@ const ( CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 CKZ_SALT_SPECIFIED = 0x00000001 + CK_OTP_VALUE = 0 + CK_OTP_PIN = 1 + CK_OTP_CHALLENGE = 2 + CK_OTP_TIME = 3 + CK_OTP_COUNTER = 4 + CK_OTP_FLAGS = 5 + CK_OTP_OUTPUT_LENGTH = 6 + CK_OTP_OUTPUT_FORMAT = 7 CKF_NEXT_OTP = 0x00000001 CKF_EXCLUDE_TIME = 0x00000002 CKF_EXCLUDE_COUNTER = 0x00000004 From f3481918a208bd212aa995a41f92d786eb418a7d Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Wed, 5 Jan 2022 10:50:38 +0100 Subject: [PATCH 02/15] Release 1.1.1 --- release.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release.go b/release.go index 5fa50ea..d8b99f1 100644 --- a/release.go +++ b/release.go @@ -6,7 +6,7 @@ package pkcs11 import "fmt" // Release is current version of the pkcs11 library. -var Release = R{1, 1, 0} +var Release = R{1, 1, 1} // R holds the version of this library. type R struct { From 30f14c688bf68c694ad07856e4edd6f66c59094a Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Wed, 5 Jan 2022 14:09:51 +0000 Subject: [PATCH 03/15] More complete parsing of pkcs11t.h (#151) * More complete parsing of pkcs11t.h Add newlines when the prefix (CKR_ -> CKM_) changes and add all comments founds, this includes Deprecated comments and the longer comments that detail what (some of) the constants mean. This change means this now also shows up in go doc. Signed-off-by: Miek Gieben * rerun Signed-off-by: Miek Gieben * newline before comments Signed-off-by: Miek Gieben * more Signed-off-by: Miek Gieben --- const_generate.go | 61 +- pkcs11.go | 2 + vendor.go | 12 +- zconst.go | 1439 +++++++++++++++++++++++++-------------------- 4 files changed, 848 insertions(+), 666 deletions(-) diff --git a/const_generate.go b/const_generate.go index 2b30562..1e7180c 100644 --- a/const_generate.go +++ b/const_generate.go @@ -28,20 +28,48 @@ func main() { scanner := bufio.NewScanner(file) fmt.Fprintln(out, "const (") + comment := "" + prevpre := "" + count := 0 for scanner.Scan() { // Fairly simple parsing, any line starting with '#define' will output - // $2 = $3 and drop any UL (unsigned long) suffixes + // $2 = $3 and drop any UL (unsigned long) suffixes. + // Some care is taken to add any comments and make the outputted file + // have some decent godoc. fields := strings.Fields(scanner.Text()) + if len(fields) < 1 { + continue + } + if fields[0] == "/*" || fields[0] == "*" { + comment += "//" + scanner.Text()[2:] + comment = strings.TrimSuffix(comment, "*/") + comment += "\n" + continue + } + if len(fields) < 3 { continue } + if fields[0] != "#define" { + comment = "" continue } + + if fields[1] == "_PKCS11T_H_" { // clear accumulated comments from the top of the file + comment = "" + } + // fields[1] (const name) needs to be 3 chars, starting with CK if !strings.HasPrefix(fields[1], "CK") { continue } + + if x := fields[1][:3]; x != prevpre { // prefix change, insert a newline + fmt.Fprintln(out) + prevpre = x + } + value := strings.TrimSuffix(fields[2], "UL") // special case for things like: (CKF_ARRAY_ATTRIBUTE|0x00000211UL) if strings.HasSuffix(value, "UL)") { @@ -53,13 +81,21 @@ func main() { value = "^uint(0)" } - // check for /* deprecated */ comment - if len(fields) == 6 && fields[4] == "Deprecated" { - fmt.Fprintln(out, fields[1], " = ", value, "// Deprecated") - continue + if comment != "" { + fmt.Fprintln(out) // newline before comment + fmt.Fprint(out, comment) + comment = "" } - fmt.Fprintln(out, fields[1], " = ", value) + // check for /* ... */ comments + linecomment := "" + if len(fields) >= 6 && fields[3] == "/*" { + linecomment = "// " + strings.Join(fields[4:], " ") + linecomment = strings.TrimSuffix(linecomment, "*/") // there is not always a space before */ so fields might not have all elements + } + + fmt.Fprintln(out, fields[1], " = ", value, linecomment) + count++ } if err := scanner.Err(); err != nil { @@ -77,6 +113,18 @@ func main() { } f.Write(res) + // Used to double check what we generate. This prints (for 2.40 spec): + // + // "2022/01/05 12:50:28 Wrote 756 constants to zconst.go" + // + // A grep confirms this correct: + // + // % grep '^#define CK' pkcs11t.h |wc + // 756 2362 38807 + // + // TODO(miekg): could potentially be put in a test. + log.Printf("Wrote %d constants to zconst.go", count) + } const header = `// Copyright 2013 Miek Gieben. All rights reserved. @@ -85,7 +133,6 @@ const header = `// Copyright 2013 Miek Gieben. All rights reserved. // Code generated by "go run const_generate.go"; DO NOT EDIT. - package pkcs11 ` diff --git a/pkcs11.go b/pkcs11.go index e1b5824..f575b7f 100644 --- a/pkcs11.go +++ b/pkcs11.go @@ -5,6 +5,8 @@ //go:generate go run const_generate.go // Package pkcs11 is a wrapper around the PKCS#11 cryptographic library. +// Latest version of the specification: +// http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/pkcs11-base-v2.40.html package pkcs11 // It is *assumed*, that: diff --git a/vendor.go b/vendor.go index 83188e5..ce7f718 100644 --- a/vendor.go +++ b/vendor.go @@ -10,12 +10,12 @@ const ( // Vendor specific mechanisms for HMAC on Ncipher HSMs where Ncipher does not allow use of generic_secret keys. const ( - CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 /* no params */ - CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 /* no params */ - CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 /* no params */ - CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 /* no params */ - CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 /* no params */ - CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 /* no params */ + CKM_NC_SHA_1_HMAC_KEY_GEN = CKM_NCIPHER + 0x3 // no params + CKM_NC_MD5_HMAC_KEY_GEN = CKM_NCIPHER + 0x6 // no params + CKM_NC_SHA224_HMAC_KEY_GEN = CKM_NCIPHER + 0x24 // no params + CKM_NC_SHA256_HMAC_KEY_GEN = CKM_NCIPHER + 0x25 // no params + CKM_NC_SHA384_HMAC_KEY_GEN = CKM_NCIPHER + 0x26 // no params + CKM_NC_SHA512_HMAC_KEY_GEN = CKM_NCIPHER + 0x27 // no params ) // Vendor specific range for Mozilla NSS. diff --git a/zconst.go b/zconst.go index 41df5cf..f9cf46b 100644 --- a/zconst.go +++ b/zconst.go @@ -7,107 +7,196 @@ package pkcs11 const ( - CK_TRUE = 1 - CK_FALSE = 0 - CK_UNAVAILABLE_INFORMATION = ^uint(0) - CK_EFFECTIVELY_INFINITE = 0 - CK_INVALID_HANDLE = 0 - CKN_SURRENDER = 0 - CKN_OTP_CHANGED = 1 - CKF_TOKEN_PRESENT = 0x00000001 - CKF_REMOVABLE_DEVICE = 0x00000002 - CKF_HW_SLOT = 0x00000004 - CKF_RNG = 0x00000001 - CKF_WRITE_PROTECTED = 0x00000002 - CKF_LOGIN_REQUIRED = 0x00000004 - CKF_USER_PIN_INITIALIZED = 0x00000008 - CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 - CKF_CLOCK_ON_TOKEN = 0x00000040 - CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 - CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 - CKF_TOKEN_INITIALIZED = 0x00000400 - CKF_SECONDARY_AUTHENTICATION = 0x00000800 - CKF_USER_PIN_COUNT_LOW = 0x00010000 - CKF_USER_PIN_FINAL_TRY = 0x00020000 - CKF_USER_PIN_LOCKED = 0x00040000 - CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 - CKF_SO_PIN_COUNT_LOW = 0x00100000 - CKF_SO_PIN_FINAL_TRY = 0x00200000 - CKF_SO_PIN_LOCKED = 0x00400000 - CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 - CKF_ERROR_STATE = 0x01000000 - CKU_SO = 0 - CKU_USER = 1 - CKU_CONTEXT_SPECIFIC = 2 - CKS_RO_PUBLIC_SESSION = 0 - CKS_RO_USER_FUNCTIONS = 1 - CKS_RW_PUBLIC_SESSION = 2 - CKS_RW_USER_FUNCTIONS = 3 - CKS_RW_SO_FUNCTIONS = 4 - CKF_RW_SESSION = 0x00000002 - CKF_SERIAL_SESSION = 0x00000004 - CKO_DATA = 0x00000000 - CKO_CERTIFICATE = 0x00000001 - CKO_PUBLIC_KEY = 0x00000002 - CKO_PRIVATE_KEY = 0x00000003 - CKO_SECRET_KEY = 0x00000004 - CKO_HW_FEATURE = 0x00000005 - CKO_DOMAIN_PARAMETERS = 0x00000006 - CKO_MECHANISM = 0x00000007 - CKO_OTP_KEY = 0x00000008 - CKO_VENDOR_DEFINED = 0x80000000 - CKH_MONOTONIC_COUNTER = 0x00000001 - CKH_CLOCK = 0x00000002 - CKH_USER_INTERFACE = 0x00000003 - CKH_VENDOR_DEFINED = 0x80000000 - CKK_RSA = 0x00000000 - CKK_DSA = 0x00000001 - CKK_DH = 0x00000002 - CKK_ECDSA = 0x00000003 // Deprecated - CKK_EC = 0x00000003 - CKK_X9_42_DH = 0x00000004 - CKK_KEA = 0x00000005 - CKK_GENERIC_SECRET = 0x00000010 - CKK_RC2 = 0x00000011 - CKK_RC4 = 0x00000012 - CKK_DES = 0x00000013 - CKK_DES2 = 0x00000014 - CKK_DES3 = 0x00000015 - CKK_CAST = 0x00000016 - CKK_CAST3 = 0x00000017 - CKK_CAST5 = 0x00000018 // Deprecated - CKK_CAST128 = 0x00000018 - CKK_RC5 = 0x00000019 - CKK_IDEA = 0x0000001A - CKK_SKIPJACK = 0x0000001B - CKK_BATON = 0x0000001C - CKK_JUNIPER = 0x0000001D - CKK_CDMF = 0x0000001E - CKK_AES = 0x0000001F - CKK_BLOWFISH = 0x00000020 - CKK_TWOFISH = 0x00000021 - CKK_SECURID = 0x00000022 - CKK_HOTP = 0x00000023 - CKK_ACTI = 0x00000024 - CKK_CAMELLIA = 0x00000025 - CKK_ARIA = 0x00000026 - CKK_MD5_HMAC = 0x00000027 - CKK_SHA_1_HMAC = 0x00000028 - CKK_RIPEMD128_HMAC = 0x00000029 - CKK_RIPEMD160_HMAC = 0x0000002A - CKK_SHA256_HMAC = 0x0000002B - CKK_SHA384_HMAC = 0x0000002C - CKK_SHA512_HMAC = 0x0000002D - CKK_SHA224_HMAC = 0x0000002E - CKK_SEED = 0x0000002F - CKK_GOSTR3410 = 0x00000030 - CKK_GOSTR3411 = 0x00000031 - CKK_GOST28147 = 0x00000032 - CKK_SHA3_224_HMAC = 0x00000033 - CKK_SHA3_256_HMAC = 0x00000034 - CKK_SHA3_384_HMAC = 0x00000035 - CKK_SHA3_512_HMAC = 0x00000036 - CKK_VENDOR_DEFINED = 0x80000000 + CK_TRUE = 1 + CK_FALSE = 0 + + // some special values for certain CK_ULONG variables + CK_UNAVAILABLE_INFORMATION = ^uint(0) + CK_EFFECTIVELY_INFINITE = 0 + + // The following value is always invalid if used as a session + // handle or object handle + CK_INVALID_HANDLE = 0 + + CKN_SURRENDER = 0 + CKN_OTP_CHANGED = 1 + + // flags: bit flags that provide capabilities of the slot + // Bit Flag Mask Meaning + CKF_TOKEN_PRESENT = 0x00000001 // a token is there + CKF_REMOVABLE_DEVICE = 0x00000002 // removable devices + CKF_HW_SLOT = 0x00000004 // hardware slot + + // The flags parameter is defined as follows: + // Bit Flag Mask Meaning + CKF_RNG = 0x00000001 // has random # generator + CKF_WRITE_PROTECTED = 0x00000002 // token is write-protected + CKF_LOGIN_REQUIRED = 0x00000004 // user must login + CKF_USER_PIN_INITIALIZED = 0x00000008 // normal user's PIN is set + + // CKF_RESTORE_KEY_NOT_NEEDED. If it is set, + // that means that *every* time the state of cryptographic + // operations of a session is successfully saved, all keys + // needed to continue those operations are stored in the state + CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 + + // CKF_CLOCK_ON_TOKEN. If it is set, that means + // that the token has some sort of clock. The time on that + // clock is returned in the token info structure + CKF_CLOCK_ON_TOKEN = 0x00000040 + + // CKF_PROTECTED_AUTHENTICATION_PATH. If it is + // set, that means that there is some way for the user to login + // without sending a PIN through the Cryptoki library itself + CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 + + // CKF_DUAL_CRYPTO_OPERATIONS. If it is true, + // that means that a single session with the token can perform + // dual simultaneous cryptographic operations (digest and + // encrypt; decrypt and digest; sign and encrypt; and decrypt + // and sign) + CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 + + // CKF_TOKEN_INITIALIZED. If it is true, the + // token has been initialized using C_InitializeToken or an + // equivalent mechanism outside the scope of PKCS #11. + // Calling C_InitializeToken when this flag is set will cause + // the token to be reinitialized. + CKF_TOKEN_INITIALIZED = 0x00000400 + + // CKF_SECONDARY_AUTHENTICATION. If it is + // true, the token supports secondary authentication for + // private key objects. + CKF_SECONDARY_AUTHENTICATION = 0x00000800 + + // CKF_USER_PIN_COUNT_LOW. If it is true, an + // incorrect user login PIN has been entered at least once + // since the last successful authentication. + CKF_USER_PIN_COUNT_LOW = 0x00010000 + + // CKF_USER_PIN_FINAL_TRY. If it is true, + // supplying an incorrect user PIN will it to become locked. + CKF_USER_PIN_FINAL_TRY = 0x00020000 + + // CKF_USER_PIN_LOCKED. If it is true, the + // user PIN has been locked. User login to the token is not + // possible. + CKF_USER_PIN_LOCKED = 0x00040000 + + // CKF_USER_PIN_TO_BE_CHANGED. If it is true, + // the user PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 + + // CKF_SO_PIN_COUNT_LOW. If it is true, an + // incorrect SO login PIN has been entered at least once since + // the last successful authentication. + CKF_SO_PIN_COUNT_LOW = 0x00100000 + + // CKF_SO_PIN_FINAL_TRY. If it is true, + // supplying an incorrect SO PIN will it to become locked. + CKF_SO_PIN_FINAL_TRY = 0x00200000 + + // CKF_SO_PIN_LOCKED. If it is true, the SO + // PIN has been locked. SO login to the token is not possible. + CKF_SO_PIN_LOCKED = 0x00400000 + + // CKF_SO_PIN_TO_BE_CHANGED. If it is true, + // the SO PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 + CKF_ERROR_STATE = 0x01000000 + + // Security Officer + CKU_SO = 0 + + // Normal user + CKU_USER = 1 + + // Context specific + CKU_CONTEXT_SPECIFIC = 2 + + CKS_RO_PUBLIC_SESSION = 0 + CKS_RO_USER_FUNCTIONS = 1 + CKS_RW_PUBLIC_SESSION = 2 + CKS_RW_USER_FUNCTIONS = 3 + CKS_RW_SO_FUNCTIONS = 4 + + // The flags are defined in the following table: + // Bit Flag Mask Meaning + CKF_RW_SESSION = 0x00000002 // session is r/w + CKF_SERIAL_SESSION = 0x00000004 // no parallel + + // The following classes of objects are defined: + CKO_DATA = 0x00000000 + CKO_CERTIFICATE = 0x00000001 + CKO_PUBLIC_KEY = 0x00000002 + CKO_PRIVATE_KEY = 0x00000003 + CKO_SECRET_KEY = 0x00000004 + CKO_HW_FEATURE = 0x00000005 + CKO_DOMAIN_PARAMETERS = 0x00000006 + CKO_MECHANISM = 0x00000007 + CKO_OTP_KEY = 0x00000008 + CKO_VENDOR_DEFINED = 0x80000000 + + // The following hardware feature types are defined + CKH_MONOTONIC_COUNTER = 0x00000001 + CKH_CLOCK = 0x00000002 + CKH_USER_INTERFACE = 0x00000003 + CKH_VENDOR_DEFINED = 0x80000000 + + // the following key types are defined: + CKK_RSA = 0x00000000 + CKK_DSA = 0x00000001 + CKK_DH = 0x00000002 + CKK_ECDSA = 0x00000003 // Deprecated + CKK_EC = 0x00000003 + CKK_X9_42_DH = 0x00000004 + CKK_KEA = 0x00000005 + CKK_GENERIC_SECRET = 0x00000010 + CKK_RC2 = 0x00000011 + CKK_RC4 = 0x00000012 + CKK_DES = 0x00000013 + CKK_DES2 = 0x00000014 + CKK_DES3 = 0x00000015 + CKK_CAST = 0x00000016 + CKK_CAST3 = 0x00000017 + CKK_CAST5 = 0x00000018 // Deprecated + CKK_CAST128 = 0x00000018 + CKK_RC5 = 0x00000019 + CKK_IDEA = 0x0000001A + CKK_SKIPJACK = 0x0000001B + CKK_BATON = 0x0000001C + CKK_JUNIPER = 0x0000001D + CKK_CDMF = 0x0000001E + CKK_AES = 0x0000001F + CKK_BLOWFISH = 0x00000020 + CKK_TWOFISH = 0x00000021 + CKK_SECURID = 0x00000022 + CKK_HOTP = 0x00000023 + CKK_ACTI = 0x00000024 + CKK_CAMELLIA = 0x00000025 + CKK_ARIA = 0x00000026 + CKK_MD5_HMAC = 0x00000027 + CKK_SHA_1_HMAC = 0x00000028 + CKK_RIPEMD128_HMAC = 0x00000029 + CKK_RIPEMD160_HMAC = 0x0000002A + CKK_SHA256_HMAC = 0x0000002B + CKK_SHA384_HMAC = 0x0000002C + CKK_SHA512_HMAC = 0x0000002D + CKK_SHA224_HMAC = 0x0000002E + CKK_SEED = 0x0000002F + CKK_GOSTR3410 = 0x00000030 + CKK_GOSTR3411 = 0x00000031 + CKK_GOST28147 = 0x00000032 + CKK_SHA3_224_HMAC = 0x00000033 + CKK_SHA3_256_HMAC = 0x00000034 + CKK_SHA3_384_HMAC = 0x00000035 + CKK_SHA3_512_HMAC = 0x00000036 + CKK_VENDOR_DEFINED = 0x80000000 + CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 @@ -116,513 +205,538 @@ const ( CK_SECURITY_DOMAIN_MANUFACTURER = 1 CK_SECURITY_DOMAIN_OPERATOR = 2 CK_SECURITY_DOMAIN_THIRD_PARTY = 3 - CKC_X_509 = 0x00000000 - CKC_X_509_ATTR_CERT = 0x00000001 - CKC_WTLS = 0x00000002 - CKC_VENDOR_DEFINED = 0x80000000 - CKF_ARRAY_ATTRIBUTE = 0x40000000 - CK_OTP_FORMAT_DECIMAL = 0 - CK_OTP_FORMAT_HEXADECIMAL = 1 - CK_OTP_FORMAT_ALPHANUMERIC = 2 - CK_OTP_FORMAT_BINARY = 3 - CK_OTP_PARAM_IGNORED = 0 - CK_OTP_PARAM_OPTIONAL = 1 - CK_OTP_PARAM_MANDATORY = 2 - CKA_CLASS = 0x00000000 - CKA_TOKEN = 0x00000001 - CKA_PRIVATE = 0x00000002 - CKA_LABEL = 0x00000003 - CKA_APPLICATION = 0x00000010 - CKA_VALUE = 0x00000011 - CKA_OBJECT_ID = 0x00000012 - CKA_CERTIFICATE_TYPE = 0x00000080 - CKA_ISSUER = 0x00000081 - CKA_SERIAL_NUMBER = 0x00000082 - CKA_AC_ISSUER = 0x00000083 - CKA_OWNER = 0x00000084 - CKA_ATTR_TYPES = 0x00000085 - CKA_TRUSTED = 0x00000086 - CKA_CERTIFICATE_CATEGORY = 0x00000087 - CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 - CKA_URL = 0x00000089 - CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A - CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B - CKA_NAME_HASH_ALGORITHM = 0x0000008C - CKA_CHECK_VALUE = 0x00000090 - CKA_KEY_TYPE = 0x00000100 - CKA_SUBJECT = 0x00000101 - CKA_ID = 0x00000102 - CKA_SENSITIVE = 0x00000103 - CKA_ENCRYPT = 0x00000104 - CKA_DECRYPT = 0x00000105 - CKA_WRAP = 0x00000106 - CKA_UNWRAP = 0x00000107 - CKA_SIGN = 0x00000108 - CKA_SIGN_RECOVER = 0x00000109 - CKA_VERIFY = 0x0000010A - CKA_VERIFY_RECOVER = 0x0000010B - CKA_DERIVE = 0x0000010C - CKA_START_DATE = 0x00000110 - CKA_END_DATE = 0x00000111 - CKA_MODULUS = 0x00000120 - CKA_MODULUS_BITS = 0x00000121 - CKA_PUBLIC_EXPONENT = 0x00000122 - CKA_PRIVATE_EXPONENT = 0x00000123 - CKA_PRIME_1 = 0x00000124 - CKA_PRIME_2 = 0x00000125 - CKA_EXPONENT_1 = 0x00000126 - CKA_EXPONENT_2 = 0x00000127 - CKA_COEFFICIENT = 0x00000128 - CKA_PUBLIC_KEY_INFO = 0x00000129 - CKA_PRIME = 0x00000130 - CKA_SUBPRIME = 0x00000131 - CKA_BASE = 0x00000132 - CKA_PRIME_BITS = 0x00000133 - CKA_SUBPRIME_BITS = 0x00000134 - CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS - CKA_VALUE_BITS = 0x00000160 - CKA_VALUE_LEN = 0x00000161 - CKA_EXTRACTABLE = 0x00000162 - CKA_LOCAL = 0x00000163 - CKA_NEVER_EXTRACTABLE = 0x00000164 - CKA_ALWAYS_SENSITIVE = 0x00000165 - CKA_KEY_GEN_MECHANISM = 0x00000166 - CKA_MODIFIABLE = 0x00000170 - CKA_COPYABLE = 0x00000171 - CKA_DESTROYABLE = 0x00000172 - CKA_ECDSA_PARAMS = 0x00000180 // Deprecated - CKA_EC_PARAMS = 0x00000180 - CKA_EC_POINT = 0x00000181 - CKA_SECONDARY_AUTH = 0x00000200 // Deprecated - CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated - CKA_ALWAYS_AUTHENTICATE = 0x00000202 - CKA_WRAP_WITH_TRUSTED = 0x00000210 - CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) - CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) - CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) - CKA_OTP_FORMAT = 0x00000220 - CKA_OTP_LENGTH = 0x00000221 - CKA_OTP_TIME_INTERVAL = 0x00000222 - CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 - CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 - CKA_OTP_TIME_REQUIREMENT = 0x00000225 - CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 - CKA_OTP_PIN_REQUIREMENT = 0x00000227 - CKA_OTP_COUNTER = 0x0000022E - CKA_OTP_TIME = 0x0000022F - CKA_OTP_USER_IDENTIFIER = 0x0000022A - CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B - CKA_OTP_SERVICE_LOGO = 0x0000022C - CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D - CKA_GOSTR3410_PARAMS = 0x00000250 - CKA_GOSTR3411_PARAMS = 0x00000251 - CKA_GOST28147_PARAMS = 0x00000252 - CKA_HW_FEATURE_TYPE = 0x00000300 - CKA_RESET_ON_INIT = 0x00000301 - CKA_HAS_RESET = 0x00000302 - CKA_PIXEL_X = 0x00000400 - CKA_PIXEL_Y = 0x00000401 - CKA_RESOLUTION = 0x00000402 - CKA_CHAR_ROWS = 0x00000403 - CKA_CHAR_COLUMNS = 0x00000404 - CKA_COLOR = 0x00000405 - CKA_BITS_PER_PIXEL = 0x00000406 - CKA_CHAR_SETS = 0x00000480 - CKA_ENCODING_METHODS = 0x00000481 - CKA_MIME_TYPES = 0x00000482 - CKA_MECHANISM_TYPE = 0x00000500 - CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 - CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 - CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 - CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) - CKA_VENDOR_DEFINED = 0x80000000 - CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 - CKM_RSA_PKCS = 0x00000001 - CKM_RSA_9796 = 0x00000002 - CKM_RSA_X_509 = 0x00000003 - CKM_MD2_RSA_PKCS = 0x00000004 - CKM_MD5_RSA_PKCS = 0x00000005 - CKM_SHA1_RSA_PKCS = 0x00000006 - CKM_RIPEMD128_RSA_PKCS = 0x00000007 - CKM_RIPEMD160_RSA_PKCS = 0x00000008 - CKM_RSA_PKCS_OAEP = 0x00000009 - CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A - CKM_RSA_X9_31 = 0x0000000B - CKM_SHA1_RSA_X9_31 = 0x0000000C - CKM_RSA_PKCS_PSS = 0x0000000D - CKM_SHA1_RSA_PKCS_PSS = 0x0000000E - CKM_DSA_KEY_PAIR_GEN = 0x00000010 - CKM_DSA = 0x00000011 - CKM_DSA_SHA1 = 0x00000012 - CKM_DSA_SHA224 = 0x00000013 - CKM_DSA_SHA256 = 0x00000014 - CKM_DSA_SHA384 = 0x00000015 - CKM_DSA_SHA512 = 0x00000016 - CKM_DSA_SHA3_224 = 0x00000018 - CKM_DSA_SHA3_256 = 0x00000019 - CKM_DSA_SHA3_384 = 0x0000001A - CKM_DSA_SHA3_512 = 0x0000001B - CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 - CKM_DH_PKCS_DERIVE = 0x00000021 - CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 - CKM_X9_42_DH_DERIVE = 0x00000031 - CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 - CKM_X9_42_MQV_DERIVE = 0x00000033 - CKM_SHA256_RSA_PKCS = 0x00000040 - CKM_SHA384_RSA_PKCS = 0x00000041 - CKM_SHA512_RSA_PKCS = 0x00000042 - CKM_SHA256_RSA_PKCS_PSS = 0x00000043 - CKM_SHA384_RSA_PKCS_PSS = 0x00000044 - CKM_SHA512_RSA_PKCS_PSS = 0x00000045 - CKM_SHA224_RSA_PKCS = 0x00000046 - CKM_SHA224_RSA_PKCS_PSS = 0x00000047 - CKM_SHA512_224 = 0x00000048 - CKM_SHA512_224_HMAC = 0x00000049 - CKM_SHA512_224_HMAC_GENERAL = 0x0000004A - CKM_SHA512_224_KEY_DERIVATION = 0x0000004B - CKM_SHA512_256 = 0x0000004C - CKM_SHA512_256_HMAC = 0x0000004D - CKM_SHA512_256_HMAC_GENERAL = 0x0000004E - CKM_SHA512_256_KEY_DERIVATION = 0x0000004F - CKM_SHA512_T = 0x00000050 - CKM_SHA512_T_HMAC = 0x00000051 - CKM_SHA512_T_HMAC_GENERAL = 0x00000052 - CKM_SHA512_T_KEY_DERIVATION = 0x00000053 - CKM_SHA3_256_RSA_PKCS = 0x00000060 - CKM_SHA3_384_RSA_PKCS = 0x00000061 - CKM_SHA3_512_RSA_PKCS = 0x00000062 - CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 - CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 - CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 - CKM_SHA3_224_RSA_PKCS = 0x00000066 - CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 - CKM_RC2_KEY_GEN = 0x00000100 - CKM_RC2_ECB = 0x00000101 - CKM_RC2_CBC = 0x00000102 - CKM_RC2_MAC = 0x00000103 - CKM_RC2_MAC_GENERAL = 0x00000104 - CKM_RC2_CBC_PAD = 0x00000105 - CKM_RC4_KEY_GEN = 0x00000110 - CKM_RC4 = 0x00000111 - CKM_DES_KEY_GEN = 0x00000120 - CKM_DES_ECB = 0x00000121 - CKM_DES_CBC = 0x00000122 - CKM_DES_MAC = 0x00000123 - CKM_DES_MAC_GENERAL = 0x00000124 - CKM_DES_CBC_PAD = 0x00000125 - CKM_DES2_KEY_GEN = 0x00000130 - CKM_DES3_KEY_GEN = 0x00000131 - CKM_DES3_ECB = 0x00000132 - CKM_DES3_CBC = 0x00000133 - CKM_DES3_MAC = 0x00000134 - CKM_DES3_MAC_GENERAL = 0x00000135 - CKM_DES3_CBC_PAD = 0x00000136 - CKM_DES3_CMAC_GENERAL = 0x00000137 - CKM_DES3_CMAC = 0x00000138 - CKM_CDMF_KEY_GEN = 0x00000140 - CKM_CDMF_ECB = 0x00000141 - CKM_CDMF_CBC = 0x00000142 - CKM_CDMF_MAC = 0x00000143 - CKM_CDMF_MAC_GENERAL = 0x00000144 - CKM_CDMF_CBC_PAD = 0x00000145 - CKM_DES_OFB64 = 0x00000150 - CKM_DES_OFB8 = 0x00000151 - CKM_DES_CFB64 = 0x00000152 - CKM_DES_CFB8 = 0x00000153 - CKM_MD2 = 0x00000200 - CKM_MD2_HMAC = 0x00000201 - CKM_MD2_HMAC_GENERAL = 0x00000202 - CKM_MD5 = 0x00000210 - CKM_MD5_HMAC = 0x00000211 - CKM_MD5_HMAC_GENERAL = 0x00000212 - CKM_SHA_1 = 0x00000220 - CKM_SHA_1_HMAC = 0x00000221 - CKM_SHA_1_HMAC_GENERAL = 0x00000222 - CKM_RIPEMD128 = 0x00000230 - CKM_RIPEMD128_HMAC = 0x00000231 - CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 - CKM_RIPEMD160 = 0x00000240 - CKM_RIPEMD160_HMAC = 0x00000241 - CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 - CKM_SHA256 = 0x00000250 - CKM_SHA256_HMAC = 0x00000251 - CKM_SHA256_HMAC_GENERAL = 0x00000252 - CKM_SHA224 = 0x00000255 - CKM_SHA224_HMAC = 0x00000256 - CKM_SHA224_HMAC_GENERAL = 0x00000257 - CKM_SHA384 = 0x00000260 - CKM_SHA384_HMAC = 0x00000261 - CKM_SHA384_HMAC_GENERAL = 0x00000262 - CKM_SHA512 = 0x00000270 - CKM_SHA512_HMAC = 0x00000271 - CKM_SHA512_HMAC_GENERAL = 0x00000272 - CKM_SECURID_KEY_GEN = 0x00000280 - CKM_SECURID = 0x00000282 - CKM_HOTP_KEY_GEN = 0x00000290 - CKM_HOTP = 0x00000291 - CKM_ACTI = 0x000002A0 - CKM_ACTI_KEY_GEN = 0x000002A1 - CKM_SHA3_256 = 0x000002B0 - CKM_SHA3_256_HMAC = 0x000002B1 - CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 - CKM_SHA3_256_KEY_GEN = 0x000002B3 - CKM_SHA3_224 = 0x000002B5 - CKM_SHA3_224_HMAC = 0x000002B6 - CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 - CKM_SHA3_224_KEY_GEN = 0x000002B8 - CKM_SHA3_384 = 0x000002C0 - CKM_SHA3_384_HMAC = 0x000002C1 - CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 - CKM_SHA3_384_KEY_GEN = 0x000002C3 - CKM_SHA3_512 = 0x000002D0 - CKM_SHA3_512_HMAC = 0x000002D1 - CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 - CKM_SHA3_512_KEY_GEN = 0x000002D3 - CKM_CAST_KEY_GEN = 0x00000300 - CKM_CAST_ECB = 0x00000301 - CKM_CAST_CBC = 0x00000302 - CKM_CAST_MAC = 0x00000303 - CKM_CAST_MAC_GENERAL = 0x00000304 - CKM_CAST_CBC_PAD = 0x00000305 - CKM_CAST3_KEY_GEN = 0x00000310 - CKM_CAST3_ECB = 0x00000311 - CKM_CAST3_CBC = 0x00000312 - CKM_CAST3_MAC = 0x00000313 - CKM_CAST3_MAC_GENERAL = 0x00000314 - CKM_CAST3_CBC_PAD = 0x00000315 - CKM_CAST5_KEY_GEN = 0x00000320 - CKM_CAST128_KEY_GEN = 0x00000320 - CKM_CAST5_ECB = 0x00000321 - CKM_CAST128_ECB = 0x00000321 - CKM_CAST5_CBC = 0x00000322 // Deprecated - CKM_CAST128_CBC = 0x00000322 - CKM_CAST5_MAC = 0x00000323 // Deprecated - CKM_CAST128_MAC = 0x00000323 - CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated - CKM_CAST128_MAC_GENERAL = 0x00000324 - CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated - CKM_CAST128_CBC_PAD = 0x00000325 - CKM_RC5_KEY_GEN = 0x00000330 - CKM_RC5_ECB = 0x00000331 - CKM_RC5_CBC = 0x00000332 - CKM_RC5_MAC = 0x00000333 - CKM_RC5_MAC_GENERAL = 0x00000334 - CKM_RC5_CBC_PAD = 0x00000335 - CKM_IDEA_KEY_GEN = 0x00000340 - CKM_IDEA_ECB = 0x00000341 - CKM_IDEA_CBC = 0x00000342 - CKM_IDEA_MAC = 0x00000343 - CKM_IDEA_MAC_GENERAL = 0x00000344 - CKM_IDEA_CBC_PAD = 0x00000345 - CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 - CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 - CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 - CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 - CKM_XOR_BASE_AND_DATA = 0x00000364 - CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 - CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 - CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 - CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 - CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 - CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 - CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 - CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 - CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 - CKM_TLS_PRF = 0x00000378 - CKM_SSL3_MD5_MAC = 0x00000380 - CKM_SSL3_SHA1_MAC = 0x00000381 - CKM_MD5_KEY_DERIVATION = 0x00000390 - CKM_MD2_KEY_DERIVATION = 0x00000391 - CKM_SHA1_KEY_DERIVATION = 0x00000392 - CKM_SHA256_KEY_DERIVATION = 0x00000393 - CKM_SHA384_KEY_DERIVATION = 0x00000394 - CKM_SHA512_KEY_DERIVATION = 0x00000395 - CKM_SHA224_KEY_DERIVATION = 0x00000396 - CKM_SHA3_256_KEY_DERIVE = 0x00000397 - CKM_SHA3_224_KEY_DERIVE = 0x00000398 - CKM_SHA3_384_KEY_DERIVE = 0x00000399 - CKM_SHA3_512_KEY_DERIVE = 0x0000039A - CKM_SHAKE_128_KEY_DERIVE = 0x0000039B - CKM_SHAKE_256_KEY_DERIVE = 0x0000039C - CKM_PBE_MD2_DES_CBC = 0x000003A0 - CKM_PBE_MD5_DES_CBC = 0x000003A1 - CKM_PBE_MD5_CAST_CBC = 0x000003A2 - CKM_PBE_MD5_CAST3_CBC = 0x000003A3 - CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated - CKM_PBE_MD5_CAST128_CBC = 0x000003A4 - CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated - CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 - CKM_PBE_SHA1_RC4_128 = 0x000003A6 - CKM_PBE_SHA1_RC4_40 = 0x000003A7 - CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 - CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 - CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA - CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB - CKM_PKCS5_PBKD2 = 0x000003B0 - CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 - CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 - CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 - CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 - CKM_WTLS_PRF = 0x000003D3 - CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 - CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 - CKM_TLS10_MAC_SERVER = 0x000003D6 - CKM_TLS10_MAC_CLIENT = 0x000003D7 - CKM_TLS12_MAC = 0x000003D8 - CKM_TLS12_KDF = 0x000003D9 - CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 - CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 - CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 - CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 - CKM_TLS_MAC = 0x000003E4 - CKM_TLS_KDF = 0x000003E5 - CKM_KEY_WRAP_LYNKS = 0x00000400 - CKM_KEY_WRAP_SET_OAEP = 0x00000401 - CKM_CMS_SIG = 0x00000500 - CKM_KIP_DERIVE = 0x00000510 - CKM_KIP_WRAP = 0x00000511 - CKM_KIP_MAC = 0x00000512 - CKM_CAMELLIA_KEY_GEN = 0x00000550 - CKM_CAMELLIA_ECB = 0x00000551 - CKM_CAMELLIA_CBC = 0x00000552 - CKM_CAMELLIA_MAC = 0x00000553 - CKM_CAMELLIA_MAC_GENERAL = 0x00000554 - CKM_CAMELLIA_CBC_PAD = 0x00000555 - CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 - CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 - CKM_CAMELLIA_CTR = 0x00000558 - CKM_ARIA_KEY_GEN = 0x00000560 - CKM_ARIA_ECB = 0x00000561 - CKM_ARIA_CBC = 0x00000562 - CKM_ARIA_MAC = 0x00000563 - CKM_ARIA_MAC_GENERAL = 0x00000564 - CKM_ARIA_CBC_PAD = 0x00000565 - CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 - CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 - CKM_SEED_KEY_GEN = 0x00000650 - CKM_SEED_ECB = 0x00000651 - CKM_SEED_CBC = 0x00000652 - CKM_SEED_MAC = 0x00000653 - CKM_SEED_MAC_GENERAL = 0x00000654 - CKM_SEED_CBC_PAD = 0x00000655 - CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 - CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 - CKM_SKIPJACK_KEY_GEN = 0x00001000 - CKM_SKIPJACK_ECB64 = 0x00001001 - CKM_SKIPJACK_CBC64 = 0x00001002 - CKM_SKIPJACK_OFB64 = 0x00001003 - CKM_SKIPJACK_CFB64 = 0x00001004 - CKM_SKIPJACK_CFB32 = 0x00001005 - CKM_SKIPJACK_CFB16 = 0x00001006 - CKM_SKIPJACK_CFB8 = 0x00001007 - CKM_SKIPJACK_WRAP = 0x00001008 - CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 - CKM_SKIPJACK_RELAYX = 0x0000100a - CKM_KEA_KEY_PAIR_GEN = 0x00001010 - CKM_KEA_KEY_DERIVE = 0x00001011 - CKM_KEA_DERIVE = 0x00001012 - CKM_FORTEZZA_TIMESTAMP = 0x00001020 - CKM_BATON_KEY_GEN = 0x00001030 - CKM_BATON_ECB128 = 0x00001031 - CKM_BATON_ECB96 = 0x00001032 - CKM_BATON_CBC128 = 0x00001033 - CKM_BATON_COUNTER = 0x00001034 - CKM_BATON_SHUFFLE = 0x00001035 - CKM_BATON_WRAP = 0x00001036 - CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated - CKM_EC_KEY_PAIR_GEN = 0x00001040 - CKM_ECDSA = 0x00001041 - CKM_ECDSA_SHA1 = 0x00001042 - CKM_ECDSA_SHA224 = 0x00001043 - CKM_ECDSA_SHA256 = 0x00001044 - CKM_ECDSA_SHA384 = 0x00001045 - CKM_ECDSA_SHA512 = 0x00001046 - CKM_ECDH1_DERIVE = 0x00001050 - CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 - CKM_ECMQV_DERIVE = 0x00001052 - CKM_ECDH_AES_KEY_WRAP = 0x00001053 - CKM_RSA_AES_KEY_WRAP = 0x00001054 - CKM_JUNIPER_KEY_GEN = 0x00001060 - CKM_JUNIPER_ECB128 = 0x00001061 - CKM_JUNIPER_CBC128 = 0x00001062 - CKM_JUNIPER_COUNTER = 0x00001063 - CKM_JUNIPER_SHUFFLE = 0x00001064 - CKM_JUNIPER_WRAP = 0x00001065 - CKM_FASTHASH = 0x00001070 - CKM_AES_KEY_GEN = 0x00001080 - CKM_AES_ECB = 0x00001081 - CKM_AES_CBC = 0x00001082 - CKM_AES_MAC = 0x00001083 - CKM_AES_MAC_GENERAL = 0x00001084 - CKM_AES_CBC_PAD = 0x00001085 - CKM_AES_CTR = 0x00001086 - CKM_AES_GCM = 0x00001087 - CKM_AES_CCM = 0x00001088 - CKM_AES_CTS = 0x00001089 - CKM_AES_CMAC = 0x0000108A - CKM_AES_CMAC_GENERAL = 0x0000108B - CKM_AES_XCBC_MAC = 0x0000108C - CKM_AES_XCBC_MAC_96 = 0x0000108D - CKM_AES_GMAC = 0x0000108E - CKM_BLOWFISH_KEY_GEN = 0x00001090 - CKM_BLOWFISH_CBC = 0x00001091 - CKM_TWOFISH_KEY_GEN = 0x00001092 - CKM_TWOFISH_CBC = 0x00001093 - CKM_BLOWFISH_CBC_PAD = 0x00001094 - CKM_TWOFISH_CBC_PAD = 0x00001095 - CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 - CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 - CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 - CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 - CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 - CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 - CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 - CKM_GOSTR3410 = 0x00001201 - CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 - CKM_GOSTR3410_KEY_WRAP = 0x00001203 - CKM_GOSTR3410_DERIVE = 0x00001204 - CKM_GOSTR3411 = 0x00001210 - CKM_GOSTR3411_HMAC = 0x00001211 - CKM_GOST28147_KEY_GEN = 0x00001220 - CKM_GOST28147_ECB = 0x00001221 - CKM_GOST28147 = 0x00001222 - CKM_GOST28147_MAC = 0x00001223 - CKM_GOST28147_KEY_WRAP = 0x00001224 - CKM_DSA_PARAMETER_GEN = 0x00002000 - CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 - CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 - CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 - CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 - CKM_AES_OFB = 0x00002104 - CKM_AES_CFB64 = 0x00002105 - CKM_AES_CFB8 = 0x00002106 - CKM_AES_CFB128 = 0x00002107 - CKM_AES_CFB1 = 0x00002108 - CKM_AES_KEY_WRAP = 0x00002109 - CKM_AES_KEY_WRAP_PAD = 0x0000210A - CKM_RSA_PKCS_TPM_1_1 = 0x00004001 - CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 - CKM_VENDOR_DEFINED = 0x80000000 - CKF_HW = 0x00000001 - CKF_ENCRYPT = 0x00000100 - CKF_DECRYPT = 0x00000200 - CKF_DIGEST = 0x00000400 - CKF_SIGN = 0x00000800 - CKF_SIGN_RECOVER = 0x00001000 - CKF_VERIFY = 0x00002000 - CKF_VERIFY_RECOVER = 0x00004000 - CKF_GENERATE = 0x00008000 - CKF_GENERATE_KEY_PAIR = 0x00010000 - CKF_WRAP = 0x00020000 - CKF_UNWRAP = 0x00040000 - CKF_DERIVE = 0x00080000 - CKF_EC_F_P = 0x00100000 - CKF_EC_F_2M = 0x00200000 - CKF_EC_ECPARAMETERS = 0x00400000 - CKF_EC_NAMEDCURVE = 0x00800000 - CKF_EC_UNCOMPRESS = 0x01000000 - CKF_EC_COMPRESS = 0x02000000 - CKF_EXTENSION = 0x80000000 + + // The following certificate types are defined: + CKC_X_509 = 0x00000000 + CKC_X_509_ATTR_CERT = 0x00000001 + CKC_WTLS = 0x00000002 + CKC_VENDOR_DEFINED = 0x80000000 + + // The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + // consists of an array of values. + CKF_ARRAY_ATTRIBUTE = 0x40000000 + + // The following OTP-related defines relate to the CKA_OTP_FORMAT attribute + CK_OTP_FORMAT_DECIMAL = 0 + CK_OTP_FORMAT_HEXADECIMAL = 1 + CK_OTP_FORMAT_ALPHANUMERIC = 2 + CK_OTP_FORMAT_BINARY = 3 + + // The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + // attributes + CK_OTP_PARAM_IGNORED = 0 + CK_OTP_PARAM_OPTIONAL = 1 + CK_OTP_PARAM_MANDATORY = 2 + + // The following attribute types are defined: + CKA_CLASS = 0x00000000 + CKA_TOKEN = 0x00000001 + CKA_PRIVATE = 0x00000002 + CKA_LABEL = 0x00000003 + CKA_APPLICATION = 0x00000010 + CKA_VALUE = 0x00000011 + CKA_OBJECT_ID = 0x00000012 + CKA_CERTIFICATE_TYPE = 0x00000080 + CKA_ISSUER = 0x00000081 + CKA_SERIAL_NUMBER = 0x00000082 + CKA_AC_ISSUER = 0x00000083 + CKA_OWNER = 0x00000084 + CKA_ATTR_TYPES = 0x00000085 + CKA_TRUSTED = 0x00000086 + CKA_CERTIFICATE_CATEGORY = 0x00000087 + CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 + CKA_URL = 0x00000089 + CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008A + CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008B + CKA_NAME_HASH_ALGORITHM = 0x0000008C + CKA_CHECK_VALUE = 0x00000090 + CKA_KEY_TYPE = 0x00000100 + CKA_SUBJECT = 0x00000101 + CKA_ID = 0x00000102 + CKA_SENSITIVE = 0x00000103 + CKA_ENCRYPT = 0x00000104 + CKA_DECRYPT = 0x00000105 + CKA_WRAP = 0x00000106 + CKA_UNWRAP = 0x00000107 + CKA_SIGN = 0x00000108 + CKA_SIGN_RECOVER = 0x00000109 + CKA_VERIFY = 0x0000010A + CKA_VERIFY_RECOVER = 0x0000010B + CKA_DERIVE = 0x0000010C + CKA_START_DATE = 0x00000110 + CKA_END_DATE = 0x00000111 + CKA_MODULUS = 0x00000120 + CKA_MODULUS_BITS = 0x00000121 + CKA_PUBLIC_EXPONENT = 0x00000122 + CKA_PRIVATE_EXPONENT = 0x00000123 + CKA_PRIME_1 = 0x00000124 + CKA_PRIME_2 = 0x00000125 + CKA_EXPONENT_1 = 0x00000126 + CKA_EXPONENT_2 = 0x00000127 + CKA_COEFFICIENT = 0x00000128 + CKA_PUBLIC_KEY_INFO = 0x00000129 + CKA_PRIME = 0x00000130 + CKA_SUBPRIME = 0x00000131 + CKA_BASE = 0x00000132 + CKA_PRIME_BITS = 0x00000133 + CKA_SUBPRIME_BITS = 0x00000134 + CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS + CKA_VALUE_BITS = 0x00000160 + CKA_VALUE_LEN = 0x00000161 + CKA_EXTRACTABLE = 0x00000162 + CKA_LOCAL = 0x00000163 + CKA_NEVER_EXTRACTABLE = 0x00000164 + CKA_ALWAYS_SENSITIVE = 0x00000165 + CKA_KEY_GEN_MECHANISM = 0x00000166 + CKA_MODIFIABLE = 0x00000170 + CKA_COPYABLE = 0x00000171 + CKA_DESTROYABLE = 0x00000172 + CKA_ECDSA_PARAMS = 0x00000180 // Deprecated + CKA_EC_PARAMS = 0x00000180 + CKA_EC_POINT = 0x00000181 + CKA_SECONDARY_AUTH = 0x00000200 // Deprecated + CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated + CKA_ALWAYS_AUTHENTICATE = 0x00000202 + CKA_WRAP_WITH_TRUSTED = 0x00000210 + CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) + CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) + CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) + CKA_OTP_FORMAT = 0x00000220 + CKA_OTP_LENGTH = 0x00000221 + CKA_OTP_TIME_INTERVAL = 0x00000222 + CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 + CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 + CKA_OTP_TIME_REQUIREMENT = 0x00000225 + CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 + CKA_OTP_PIN_REQUIREMENT = 0x00000227 + CKA_OTP_COUNTER = 0x0000022E + CKA_OTP_TIME = 0x0000022F + CKA_OTP_USER_IDENTIFIER = 0x0000022A + CKA_OTP_SERVICE_IDENTIFIER = 0x0000022B + CKA_OTP_SERVICE_LOGO = 0x0000022C + CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022D + CKA_GOSTR3410_PARAMS = 0x00000250 + CKA_GOSTR3411_PARAMS = 0x00000251 + CKA_GOST28147_PARAMS = 0x00000252 + CKA_HW_FEATURE_TYPE = 0x00000300 + CKA_RESET_ON_INIT = 0x00000301 + CKA_HAS_RESET = 0x00000302 + CKA_PIXEL_X = 0x00000400 + CKA_PIXEL_Y = 0x00000401 + CKA_RESOLUTION = 0x00000402 + CKA_CHAR_ROWS = 0x00000403 + CKA_CHAR_COLUMNS = 0x00000404 + CKA_COLOR = 0x00000405 + CKA_BITS_PER_PIXEL = 0x00000406 + CKA_CHAR_SETS = 0x00000480 + CKA_ENCODING_METHODS = 0x00000481 + CKA_MIME_TYPES = 0x00000482 + CKA_MECHANISM_TYPE = 0x00000500 + CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 + CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 + CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 + CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) + CKA_VENDOR_DEFINED = 0x80000000 + + // the following mechanism types are defined: + CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 + CKM_RSA_PKCS = 0x00000001 + CKM_RSA_9796 = 0x00000002 + CKM_RSA_X_509 = 0x00000003 + CKM_MD2_RSA_PKCS = 0x00000004 + CKM_MD5_RSA_PKCS = 0x00000005 + CKM_SHA1_RSA_PKCS = 0x00000006 + CKM_RIPEMD128_RSA_PKCS = 0x00000007 + CKM_RIPEMD160_RSA_PKCS = 0x00000008 + CKM_RSA_PKCS_OAEP = 0x00000009 + CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000A + CKM_RSA_X9_31 = 0x0000000B + CKM_SHA1_RSA_X9_31 = 0x0000000C + CKM_RSA_PKCS_PSS = 0x0000000D + CKM_SHA1_RSA_PKCS_PSS = 0x0000000E + CKM_DSA_KEY_PAIR_GEN = 0x00000010 + CKM_DSA = 0x00000011 + CKM_DSA_SHA1 = 0x00000012 + CKM_DSA_SHA224 = 0x00000013 + CKM_DSA_SHA256 = 0x00000014 + CKM_DSA_SHA384 = 0x00000015 + CKM_DSA_SHA512 = 0x00000016 + CKM_DSA_SHA3_224 = 0x00000018 + CKM_DSA_SHA3_256 = 0x00000019 + CKM_DSA_SHA3_384 = 0x0000001A + CKM_DSA_SHA3_512 = 0x0000001B + CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 + CKM_DH_PKCS_DERIVE = 0x00000021 + CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 + CKM_X9_42_DH_DERIVE = 0x00000031 + CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 + CKM_X9_42_MQV_DERIVE = 0x00000033 + CKM_SHA256_RSA_PKCS = 0x00000040 + CKM_SHA384_RSA_PKCS = 0x00000041 + CKM_SHA512_RSA_PKCS = 0x00000042 + CKM_SHA256_RSA_PKCS_PSS = 0x00000043 + CKM_SHA384_RSA_PKCS_PSS = 0x00000044 + CKM_SHA512_RSA_PKCS_PSS = 0x00000045 + CKM_SHA224_RSA_PKCS = 0x00000046 + CKM_SHA224_RSA_PKCS_PSS = 0x00000047 + CKM_SHA512_224 = 0x00000048 + CKM_SHA512_224_HMAC = 0x00000049 + CKM_SHA512_224_HMAC_GENERAL = 0x0000004A + CKM_SHA512_224_KEY_DERIVATION = 0x0000004B + CKM_SHA512_256 = 0x0000004C + CKM_SHA512_256_HMAC = 0x0000004D + CKM_SHA512_256_HMAC_GENERAL = 0x0000004E + CKM_SHA512_256_KEY_DERIVATION = 0x0000004F + CKM_SHA512_T = 0x00000050 + CKM_SHA512_T_HMAC = 0x00000051 + CKM_SHA512_T_HMAC_GENERAL = 0x00000052 + CKM_SHA512_T_KEY_DERIVATION = 0x00000053 + CKM_SHA3_256_RSA_PKCS = 0x00000060 + CKM_SHA3_384_RSA_PKCS = 0x00000061 + CKM_SHA3_512_RSA_PKCS = 0x00000062 + CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 + CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 + CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 + CKM_SHA3_224_RSA_PKCS = 0x00000066 + CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 + CKM_RC2_KEY_GEN = 0x00000100 + CKM_RC2_ECB = 0x00000101 + CKM_RC2_CBC = 0x00000102 + CKM_RC2_MAC = 0x00000103 + CKM_RC2_MAC_GENERAL = 0x00000104 + CKM_RC2_CBC_PAD = 0x00000105 + CKM_RC4_KEY_GEN = 0x00000110 + CKM_RC4 = 0x00000111 + CKM_DES_KEY_GEN = 0x00000120 + CKM_DES_ECB = 0x00000121 + CKM_DES_CBC = 0x00000122 + CKM_DES_MAC = 0x00000123 + CKM_DES_MAC_GENERAL = 0x00000124 + CKM_DES_CBC_PAD = 0x00000125 + CKM_DES2_KEY_GEN = 0x00000130 + CKM_DES3_KEY_GEN = 0x00000131 + CKM_DES3_ECB = 0x00000132 + CKM_DES3_CBC = 0x00000133 + CKM_DES3_MAC = 0x00000134 + CKM_DES3_MAC_GENERAL = 0x00000135 + CKM_DES3_CBC_PAD = 0x00000136 + CKM_DES3_CMAC_GENERAL = 0x00000137 + CKM_DES3_CMAC = 0x00000138 + CKM_CDMF_KEY_GEN = 0x00000140 + CKM_CDMF_ECB = 0x00000141 + CKM_CDMF_CBC = 0x00000142 + CKM_CDMF_MAC = 0x00000143 + CKM_CDMF_MAC_GENERAL = 0x00000144 + CKM_CDMF_CBC_PAD = 0x00000145 + CKM_DES_OFB64 = 0x00000150 + CKM_DES_OFB8 = 0x00000151 + CKM_DES_CFB64 = 0x00000152 + CKM_DES_CFB8 = 0x00000153 + CKM_MD2 = 0x00000200 + CKM_MD2_HMAC = 0x00000201 + CKM_MD2_HMAC_GENERAL = 0x00000202 + CKM_MD5 = 0x00000210 + CKM_MD5_HMAC = 0x00000211 + CKM_MD5_HMAC_GENERAL = 0x00000212 + CKM_SHA_1 = 0x00000220 + CKM_SHA_1_HMAC = 0x00000221 + CKM_SHA_1_HMAC_GENERAL = 0x00000222 + CKM_RIPEMD128 = 0x00000230 + CKM_RIPEMD128_HMAC = 0x00000231 + CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 + CKM_RIPEMD160 = 0x00000240 + CKM_RIPEMD160_HMAC = 0x00000241 + CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 + CKM_SHA256 = 0x00000250 + CKM_SHA256_HMAC = 0x00000251 + CKM_SHA256_HMAC_GENERAL = 0x00000252 + CKM_SHA224 = 0x00000255 + CKM_SHA224_HMAC = 0x00000256 + CKM_SHA224_HMAC_GENERAL = 0x00000257 + CKM_SHA384 = 0x00000260 + CKM_SHA384_HMAC = 0x00000261 + CKM_SHA384_HMAC_GENERAL = 0x00000262 + CKM_SHA512 = 0x00000270 + CKM_SHA512_HMAC = 0x00000271 + CKM_SHA512_HMAC_GENERAL = 0x00000272 + CKM_SECURID_KEY_GEN = 0x00000280 + CKM_SECURID = 0x00000282 + CKM_HOTP_KEY_GEN = 0x00000290 + CKM_HOTP = 0x00000291 + CKM_ACTI = 0x000002A0 + CKM_ACTI_KEY_GEN = 0x000002A1 + CKM_SHA3_256 = 0x000002B0 + CKM_SHA3_256_HMAC = 0x000002B1 + CKM_SHA3_256_HMAC_GENERAL = 0x000002B2 + CKM_SHA3_256_KEY_GEN = 0x000002B3 + CKM_SHA3_224 = 0x000002B5 + CKM_SHA3_224_HMAC = 0x000002B6 + CKM_SHA3_224_HMAC_GENERAL = 0x000002B7 + CKM_SHA3_224_KEY_GEN = 0x000002B8 + CKM_SHA3_384 = 0x000002C0 + CKM_SHA3_384_HMAC = 0x000002C1 + CKM_SHA3_384_HMAC_GENERAL = 0x000002C2 + CKM_SHA3_384_KEY_GEN = 0x000002C3 + CKM_SHA3_512 = 0x000002D0 + CKM_SHA3_512_HMAC = 0x000002D1 + CKM_SHA3_512_HMAC_GENERAL = 0x000002D2 + CKM_SHA3_512_KEY_GEN = 0x000002D3 + CKM_CAST_KEY_GEN = 0x00000300 + CKM_CAST_ECB = 0x00000301 + CKM_CAST_CBC = 0x00000302 + CKM_CAST_MAC = 0x00000303 + CKM_CAST_MAC_GENERAL = 0x00000304 + CKM_CAST_CBC_PAD = 0x00000305 + CKM_CAST3_KEY_GEN = 0x00000310 + CKM_CAST3_ECB = 0x00000311 + CKM_CAST3_CBC = 0x00000312 + CKM_CAST3_MAC = 0x00000313 + CKM_CAST3_MAC_GENERAL = 0x00000314 + CKM_CAST3_CBC_PAD = 0x00000315 + + // Note that CAST128 and CAST5 are the same algorithm + CKM_CAST5_KEY_GEN = 0x00000320 + CKM_CAST128_KEY_GEN = 0x00000320 + CKM_CAST5_ECB = 0x00000321 + CKM_CAST128_ECB = 0x00000321 + CKM_CAST5_CBC = 0x00000322 // Deprecated + CKM_CAST128_CBC = 0x00000322 + CKM_CAST5_MAC = 0x00000323 // Deprecated + CKM_CAST128_MAC = 0x00000323 + CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated + CKM_CAST128_MAC_GENERAL = 0x00000324 + CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated + CKM_CAST128_CBC_PAD = 0x00000325 + CKM_RC5_KEY_GEN = 0x00000330 + CKM_RC5_ECB = 0x00000331 + CKM_RC5_CBC = 0x00000332 + CKM_RC5_MAC = 0x00000333 + CKM_RC5_MAC_GENERAL = 0x00000334 + CKM_RC5_CBC_PAD = 0x00000335 + CKM_IDEA_KEY_GEN = 0x00000340 + CKM_IDEA_ECB = 0x00000341 + CKM_IDEA_CBC = 0x00000342 + CKM_IDEA_MAC = 0x00000343 + CKM_IDEA_MAC_GENERAL = 0x00000344 + CKM_IDEA_CBC_PAD = 0x00000345 + CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 + CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 + CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 + CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 + CKM_XOR_BASE_AND_DATA = 0x00000364 + CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 + CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 + CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 + CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 + CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 + CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 + CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 + CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 + CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 + CKM_TLS_PRF = 0x00000378 + CKM_SSL3_MD5_MAC = 0x00000380 + CKM_SSL3_SHA1_MAC = 0x00000381 + CKM_MD5_KEY_DERIVATION = 0x00000390 + CKM_MD2_KEY_DERIVATION = 0x00000391 + CKM_SHA1_KEY_DERIVATION = 0x00000392 + CKM_SHA256_KEY_DERIVATION = 0x00000393 + CKM_SHA384_KEY_DERIVATION = 0x00000394 + CKM_SHA512_KEY_DERIVATION = 0x00000395 + CKM_SHA224_KEY_DERIVATION = 0x00000396 + CKM_SHA3_256_KEY_DERIVE = 0x00000397 + CKM_SHA3_224_KEY_DERIVE = 0x00000398 + CKM_SHA3_384_KEY_DERIVE = 0x00000399 + CKM_SHA3_512_KEY_DERIVE = 0x0000039A + CKM_SHAKE_128_KEY_DERIVE = 0x0000039B + CKM_SHAKE_256_KEY_DERIVE = 0x0000039C + CKM_PBE_MD2_DES_CBC = 0x000003A0 + CKM_PBE_MD5_DES_CBC = 0x000003A1 + CKM_PBE_MD5_CAST_CBC = 0x000003A2 + CKM_PBE_MD5_CAST3_CBC = 0x000003A3 + CKM_PBE_MD5_CAST5_CBC = 0x000003A4 // Deprecated + CKM_PBE_MD5_CAST128_CBC = 0x000003A4 + CKM_PBE_SHA1_CAST5_CBC = 0x000003A5 // Deprecated + CKM_PBE_SHA1_CAST128_CBC = 0x000003A5 + CKM_PBE_SHA1_RC4_128 = 0x000003A6 + CKM_PBE_SHA1_RC4_40 = 0x000003A7 + CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003A8 + CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003A9 + CKM_PBE_SHA1_RC2_128_CBC = 0x000003AA + CKM_PBE_SHA1_RC2_40_CBC = 0x000003AB + CKM_PKCS5_PBKD2 = 0x000003B0 + CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003C0 + CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003D0 + CKM_WTLS_MASTER_KEY_DERIVE = 0x000003D1 + CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003D2 + CKM_WTLS_PRF = 0x000003D3 + CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003D4 + CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003D5 + CKM_TLS10_MAC_SERVER = 0x000003D6 + CKM_TLS10_MAC_CLIENT = 0x000003D7 + CKM_TLS12_MAC = 0x000003D8 + CKM_TLS12_KDF = 0x000003D9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003E0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003E1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003E2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003E3 + CKM_TLS_MAC = 0x000003E4 + CKM_TLS_KDF = 0x000003E5 + CKM_KEY_WRAP_LYNKS = 0x00000400 + CKM_KEY_WRAP_SET_OAEP = 0x00000401 + CKM_CMS_SIG = 0x00000500 + CKM_KIP_DERIVE = 0x00000510 + CKM_KIP_WRAP = 0x00000511 + CKM_KIP_MAC = 0x00000512 + CKM_CAMELLIA_KEY_GEN = 0x00000550 + CKM_CAMELLIA_ECB = 0x00000551 + CKM_CAMELLIA_CBC = 0x00000552 + CKM_CAMELLIA_MAC = 0x00000553 + CKM_CAMELLIA_MAC_GENERAL = 0x00000554 + CKM_CAMELLIA_CBC_PAD = 0x00000555 + CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 + CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 + CKM_CAMELLIA_CTR = 0x00000558 + CKM_ARIA_KEY_GEN = 0x00000560 + CKM_ARIA_ECB = 0x00000561 + CKM_ARIA_CBC = 0x00000562 + CKM_ARIA_MAC = 0x00000563 + CKM_ARIA_MAC_GENERAL = 0x00000564 + CKM_ARIA_CBC_PAD = 0x00000565 + CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 + CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 + CKM_SEED_KEY_GEN = 0x00000650 + CKM_SEED_ECB = 0x00000651 + CKM_SEED_CBC = 0x00000652 + CKM_SEED_MAC = 0x00000653 + CKM_SEED_MAC_GENERAL = 0x00000654 + CKM_SEED_CBC_PAD = 0x00000655 + CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 + CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 + CKM_SKIPJACK_KEY_GEN = 0x00001000 + CKM_SKIPJACK_ECB64 = 0x00001001 + CKM_SKIPJACK_CBC64 = 0x00001002 + CKM_SKIPJACK_OFB64 = 0x00001003 + CKM_SKIPJACK_CFB64 = 0x00001004 + CKM_SKIPJACK_CFB32 = 0x00001005 + CKM_SKIPJACK_CFB16 = 0x00001006 + CKM_SKIPJACK_CFB8 = 0x00001007 + CKM_SKIPJACK_WRAP = 0x00001008 + CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 + CKM_SKIPJACK_RELAYX = 0x0000100a + CKM_KEA_KEY_PAIR_GEN = 0x00001010 + CKM_KEA_KEY_DERIVE = 0x00001011 + CKM_KEA_DERIVE = 0x00001012 + CKM_FORTEZZA_TIMESTAMP = 0x00001020 + CKM_BATON_KEY_GEN = 0x00001030 + CKM_BATON_ECB128 = 0x00001031 + CKM_BATON_ECB96 = 0x00001032 + CKM_BATON_CBC128 = 0x00001033 + CKM_BATON_COUNTER = 0x00001034 + CKM_BATON_SHUFFLE = 0x00001035 + CKM_BATON_WRAP = 0x00001036 + CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated + CKM_EC_KEY_PAIR_GEN = 0x00001040 + CKM_ECDSA = 0x00001041 + CKM_ECDSA_SHA1 = 0x00001042 + CKM_ECDSA_SHA224 = 0x00001043 + CKM_ECDSA_SHA256 = 0x00001044 + CKM_ECDSA_SHA384 = 0x00001045 + CKM_ECDSA_SHA512 = 0x00001046 + CKM_ECDH1_DERIVE = 0x00001050 + CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 + CKM_ECMQV_DERIVE = 0x00001052 + CKM_ECDH_AES_KEY_WRAP = 0x00001053 + CKM_RSA_AES_KEY_WRAP = 0x00001054 + CKM_JUNIPER_KEY_GEN = 0x00001060 + CKM_JUNIPER_ECB128 = 0x00001061 + CKM_JUNIPER_CBC128 = 0x00001062 + CKM_JUNIPER_COUNTER = 0x00001063 + CKM_JUNIPER_SHUFFLE = 0x00001064 + CKM_JUNIPER_WRAP = 0x00001065 + CKM_FASTHASH = 0x00001070 + CKM_AES_KEY_GEN = 0x00001080 + CKM_AES_ECB = 0x00001081 + CKM_AES_CBC = 0x00001082 + CKM_AES_MAC = 0x00001083 + CKM_AES_MAC_GENERAL = 0x00001084 + CKM_AES_CBC_PAD = 0x00001085 + CKM_AES_CTR = 0x00001086 + CKM_AES_GCM = 0x00001087 + CKM_AES_CCM = 0x00001088 + CKM_AES_CTS = 0x00001089 + CKM_AES_CMAC = 0x0000108A + CKM_AES_CMAC_GENERAL = 0x0000108B + CKM_AES_XCBC_MAC = 0x0000108C + CKM_AES_XCBC_MAC_96 = 0x0000108D + CKM_AES_GMAC = 0x0000108E + CKM_BLOWFISH_KEY_GEN = 0x00001090 + CKM_BLOWFISH_CBC = 0x00001091 + CKM_TWOFISH_KEY_GEN = 0x00001092 + CKM_TWOFISH_CBC = 0x00001093 + CKM_BLOWFISH_CBC_PAD = 0x00001094 + CKM_TWOFISH_CBC_PAD = 0x00001095 + CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 + CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 + CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 + CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 + CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 + CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 + CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 + CKM_GOSTR3410 = 0x00001201 + CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 + CKM_GOSTR3410_KEY_WRAP = 0x00001203 + CKM_GOSTR3410_DERIVE = 0x00001204 + CKM_GOSTR3411 = 0x00001210 + CKM_GOSTR3411_HMAC = 0x00001211 + CKM_GOST28147_KEY_GEN = 0x00001220 + CKM_GOST28147_ECB = 0x00001221 + CKM_GOST28147 = 0x00001222 + CKM_GOST28147_MAC = 0x00001223 + CKM_GOST28147_KEY_WRAP = 0x00001224 + CKM_DSA_PARAMETER_GEN = 0x00002000 + CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 + CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_AES_OFB = 0x00002104 + CKM_AES_CFB64 = 0x00002105 + CKM_AES_CFB8 = 0x00002106 + CKM_AES_CFB128 = 0x00002107 + CKM_AES_CFB1 = 0x00002108 + CKM_AES_KEY_WRAP = 0x00002109 // WAS: 0x00001090 + CKM_AES_KEY_WRAP_PAD = 0x0000210A // WAS: 0x00001091 + CKM_RSA_PKCS_TPM_1_1 = 0x00004001 + CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 + CKM_VENDOR_DEFINED = 0x80000000 + + // The flags are defined as follows: + // Bit Flag Mask Meaning + CKF_HW = 0x00000001 // performed by HW + + // Specify whether or not a mechanism can be used for a particular task + CKF_ENCRYPT = 0x00000100 + CKF_DECRYPT = 0x00000200 + CKF_DIGEST = 0x00000400 + CKF_SIGN = 0x00000800 + CKF_SIGN_RECOVER = 0x00001000 + CKF_VERIFY = 0x00002000 + CKF_VERIFY_RECOVER = 0x00004000 + CKF_GENERATE = 0x00008000 + CKF_GENERATE_KEY_PAIR = 0x00010000 + CKF_WRAP = 0x00020000 + CKF_UNWRAP = 0x00040000 + CKF_DERIVE = 0x00080000 + + // Describe a token's EC capabilities not available in mechanism + // information. + CKF_EC_F_P = 0x00100000 + CKF_EC_F_2M = 0x00200000 + CKF_EC_ECPARAMETERS = 0x00400000 + CKF_EC_NAMEDCURVE = 0x00800000 + CKF_EC_UNCOMPRESS = 0x01000000 + CKF_EC_COMPRESS = 0x02000000 + CKF_EXTENSION = 0x80000000 + CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 CKR_HOST_MEMORY = 0x00000002 @@ -718,49 +832,68 @@ const ( CKR_PUBLIC_KEY_INVALID = 0x000001B9 CKR_FUNCTION_REJECTED = 0x00000200 CKR_VENDOR_DEFINED = 0x80000000 - CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 - CKF_OS_LOCKING_OK = 0x00000002 - CKF_DONT_BLOCK = 1 - CKG_MGF1_SHA1 = 0x00000001 - CKG_MGF1_SHA256 = 0x00000002 - CKG_MGF1_SHA384 = 0x00000003 - CKG_MGF1_SHA512 = 0x00000004 - CKG_MGF1_SHA224 = 0x00000005 - CKZ_DATA_SPECIFIED = 0x00000001 - CKD_NULL = 0x00000001 - CKD_SHA1_KDF = 0x00000002 - CKD_SHA1_KDF_ASN1 = 0x00000003 - CKD_SHA1_KDF_CONCATENATE = 0x00000004 - CKD_SHA224_KDF = 0x00000005 - CKD_SHA256_KDF = 0x00000006 - CKD_SHA384_KDF = 0x00000007 - CKD_SHA512_KDF = 0x00000008 - CKD_CPDIVERSIFY_KDF = 0x00000009 - CKD_SHA3_224_KDF = 0x0000000A - CKD_SHA3_256_KDF = 0x0000000B - CKD_SHA3_384_KDF = 0x0000000C - CKD_SHA3_512_KDF = 0x0000000D - CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 - CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 - CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 - CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 - CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 - CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 - CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 - CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 - CKZ_SALT_SPECIFIED = 0x00000001 - CK_OTP_VALUE = 0 - CK_OTP_PIN = 1 - CK_OTP_CHALLENGE = 2 - CK_OTP_TIME = 3 - CK_OTP_COUNTER = 4 - CK_OTP_FLAGS = 5 - CK_OTP_OUTPUT_LENGTH = 6 - CK_OTP_OUTPUT_FORMAT = 7 - CKF_NEXT_OTP = 0x00000001 - CKF_EXCLUDE_TIME = 0x00000002 - CKF_EXCLUDE_COUNTER = 0x00000004 - CKF_EXCLUDE_CHALLENGE = 0x00000008 - CKF_EXCLUDE_PIN = 0x00000010 - CKF_USER_FRIENDLY_OTP = 0x00000020 + + // flags: bit flags that provide capabilities of the slot + // Bit Flag Mask Meaning + CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 + CKF_OS_LOCKING_OK = 0x00000002 + + // additional flags for parameters to functions + // CKF_DONT_BLOCK is for the function C_WaitForSlotEvent + CKF_DONT_BLOCK = 1 + + // The following MGFs are defined + CKG_MGF1_SHA1 = 0x00000001 + CKG_MGF1_SHA256 = 0x00000002 + CKG_MGF1_SHA384 = 0x00000003 + CKG_MGF1_SHA512 = 0x00000004 + CKG_MGF1_SHA224 = 0x00000005 + + // The following encoding parameter sources are defined + CKZ_DATA_SPECIFIED = 0x00000001 + + // The following EC Key Derivation Functions are defined + CKD_NULL = 0x00000001 + CKD_SHA1_KDF = 0x00000002 + + // The following X9.42 DH key derivation functions are defined + CKD_SHA1_KDF_ASN1 = 0x00000003 + CKD_SHA1_KDF_CONCATENATE = 0x00000004 + CKD_SHA224_KDF = 0x00000005 + CKD_SHA256_KDF = 0x00000006 + CKD_SHA384_KDF = 0x00000007 + CKD_SHA512_KDF = 0x00000008 + CKD_CPDIVERSIFY_KDF = 0x00000009 + CKD_SHA3_224_KDF = 0x0000000A + CKD_SHA3_256_KDF = 0x0000000B + CKD_SHA3_384_KDF = 0x0000000C + CKD_SHA3_512_KDF = 0x0000000D + + CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 + CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 + CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 + CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 + CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 + CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 + CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 + CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 + + // The following salt value sources are defined in PKCS #5 v2.0. + CKZ_SALT_SPECIFIED = 0x00000001 + + CK_OTP_VALUE = 0 + CK_OTP_PIN = 1 + CK_OTP_CHALLENGE = 2 + CK_OTP_TIME = 3 + CK_OTP_COUNTER = 4 + CK_OTP_FLAGS = 5 + CK_OTP_OUTPUT_LENGTH = 6 + CK_OTP_OUTPUT_FORMAT = 7 + + CKF_NEXT_OTP = 0x00000001 + CKF_EXCLUDE_TIME = 0x00000002 + CKF_EXCLUDE_COUNTER = 0x00000004 + CKF_EXCLUDE_CHALLENGE = 0x00000008 + CKF_EXCLUDE_PIN = 0x00000010 + CKF_USER_FRIENDLY_OTP = 0x00000020 ) From 7d14beb0460061a87700ccea5d67b47a9d97e935 Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Thu, 6 Jan 2022 09:08:58 +0000 Subject: [PATCH 04/15] Test the const generation (#152) Add a test that count the consts and grep pkcs11t.h to see if we have a matching count of defines and constants. Signed-off-by: Miek Gieben --- const_generate.go | 2 +- const_test.go | 43 ++++++++++++++++++ .../token.object | Bin 320 -> 320 bytes 3 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 const_test.go diff --git a/const_generate.go b/const_generate.go index 1e7180c..7bdee91 100644 --- a/const_generate.go +++ b/const_generate.go @@ -122,7 +122,7 @@ func main() { // % grep '^#define CK' pkcs11t.h |wc // 756 2362 38807 // - // TODO(miekg): could potentially be put in a test. + // Also see const_test.go where we test this. log.Printf("Wrote %d constants to zconst.go", count) } diff --git a/const_test.go b/const_test.go new file mode 100644 index 0000000..4d2c820 --- /dev/null +++ b/const_test.go @@ -0,0 +1,43 @@ +package pkcs11 + +import ( + "bytes" + "go/ast" + "go/parser" + "go/token" + "os/exec" + "testing" +) + +func TestConstCouunt(t *testing.T) { + fset := token.NewFileSet() + f, err := parser.ParseFile(fset, "zconst.go", nil, 0) + if err != nil { + t.Fatal(err) + } + + count := 0 + // Range through declarations: + for _, dd := range f.Decls { + if gd, ok := dd.(*ast.GenDecl); ok { + if gd.Tok == token.CONST { + for range gd.Specs { + count++ + } + } + } + } + + // Now to validate, run a shell pipeline to get the number in a different way from pkcs11t.h . + grep := exec.Command("grep", "^#define CK", "pkcs11t.h") + out, err := grep.Output() + if err != nil { + t.Fatal(err) + } + newline := []byte{'\n'} + defines := bytes.Count(out, newline) + + if count != defines { + t.Fatalf("Got %d constants from zconst.go, but %d #defines from pkcs11t.h", count, defines) + } +} diff --git a/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object b/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object index c5cc813b4a5491b60dc35803164954d60cc2f093..b2518882be39f2f5e669c05a3f671d97964836ff 100644 GIT binary patch delta 17 UcmX@WbbyJ20Rjp)a#%0|03J62@Bjb+ delta 17 UcmX@WbbyJ20Rogaa#%0|035Lbq5uE@ From 0d6b531e79ddc221e54323b1c20186d057fafefa Mon Sep 17 00:00:00 2001 From: Sven Anderson Date: Sun, 16 Jan 2022 07:56:27 +0100 Subject: [PATCH 05/15] Remove unnecessary defer from toList() function. (#153) Defer is more expensive than a direct call, and right before a `return` statement is has no effect on the logic. --- types.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types.go b/types.go index 60eadcb..63415f4 100644 --- a/types.go +++ b/types.go @@ -53,7 +53,7 @@ func toList(clist C.CK_ULONG_PTR, size C.CK_ULONG) []uint { for i := 0; i < len(l); i++ { l[i] = uint(C.Index(clist, C.CK_ULONG(i))) } - defer C.free(unsafe.Pointer(clist)) + C.free(unsafe.Pointer(clist)) return l } From ae8b1252b9ce99c7b8dcdac571d45c1f557f2b7a Mon Sep 17 00:00:00 2001 From: "Thomas L. Kula" Date: Tue, 18 Jan 2022 04:18:41 -0500 Subject: [PATCH 06/15] Add the p11 PrivateKey.Derive() function (#128) Useful, for example, for an elliptic curve Diffie-Hellman shared secret derivation. --- p11/crypto.go | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/p11/crypto.go b/p11/crypto.go index 16a0076..7b8e706 100644 --- a/p11/crypto.go +++ b/p11/crypto.go @@ -46,6 +46,37 @@ func (priv PrivateKey) Sign(mechanism pkcs11.Mechanism, message []byte) ([]byte, return out, nil } +func (priv PrivateKey) deriveInner(mechanism pkcs11.Mechanism, attributes []*pkcs11.Attribute) (*Object, error) { + s := priv.session + s.Lock() + defer s.Unlock() + objectHandle, err := s.ctx.DeriveKey(s.handle, []*pkcs11.Mechanism{&mechanism}, priv.objectHandle, attributes) + if err != nil { + return nil, err + } + + obj := Object{ + session: s, + objectHandle: objectHandle, + } + return &obj, nil +} + +// Derive derives a shared secret with a given mechanism. +func (priv PrivateKey) Derive(mechanism pkcs11.Mechanism, attributes []*pkcs11.Attribute) ([]byte, error) { + sharedObj, err := priv.deriveInner(mechanism, attributes) + if err != nil { + return nil, err + } + + sharedSecret, err := sharedObj.Value() + if err != nil { + return nil, err + } + + return sharedSecret, nil +} + // Verify verifies a signature over a message with a given mechanism. func (pub PublicKey) Verify(mechanism pkcs11.Mechanism, message, signature []byte) error { s := pub.session From 9a05b233a04393b430371a1a65383098c9c79f71 Mon Sep 17 00:00:00 2001 From: Sven Anderson Date: Wed, 26 Jan 2022 10:22:09 +0100 Subject: [PATCH 07/15] Remove unnecessary memory copies by C.GoBytes() calls (#154) It is not necessary to copy the memory in order to get a []byte representation of Go allocated memory, because the GC will take care of the lifetime of the underlying memory. This change introduces the memBytes() function, that returns a slice to an arbitrary memory area, and replaces all uses of C.GoBytes with Go allocated memory. This function could even be used for C allocated memory, but then the caller has to make sure that the underlying C memory is not freed during the lifetime of the returned slice. Signed-off-by: Sven Anderson --- params.go | 8 ++++---- types.go | 8 +++++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/params.go b/params.go index 6d9ce96..6dde256 100644 --- a/params.go +++ b/params.go @@ -84,7 +84,7 @@ func cGCMParams(p *GCMParams) []byte { p.Free() p.arena = arena p.params = ¶ms - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))) + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)) } // IV returns a copy of the actual IV used for the operation. @@ -121,7 +121,7 @@ func NewPSSParams(hashAlg, mgf, saltLength uint) []byte { mgf: C.CK_RSA_PKCS_MGF_TYPE(mgf), sLen: C.CK_ULONG(saltLength), } - return C.GoBytes(unsafe.Pointer(&p), C.int(unsafe.Sizeof(p))) + return memBytes(unsafe.Pointer(&p), unsafe.Sizeof(p)) } // OAEPParams can be passed to NewMechanism to implement CKM_RSA_PKCS_OAEP. @@ -153,7 +153,7 @@ func cOAEPParams(p *OAEPParams, arena arena) ([]byte, arena) { // field is unaligned on windows so this has to call into C C.putOAEPParams(¶ms, buf, len) } - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } // ECDH1DeriveParams can be passed to NewMechanism to implement CK_ECDH1_DERIVE_PARAMS. @@ -186,5 +186,5 @@ func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) { publicKeyData, publicKeyDataLen := arena.Allocate(p.PublicKeyData) C.putECDH1PublicParams(¶ms, publicKeyData, publicKeyDataLen) - return C.GoBytes(unsafe.Pointer(¶ms), C.int(unsafe.Sizeof(params))), arena + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } diff --git a/types.go b/types.go index 63415f4..700dd96 100644 --- a/types.go +++ b/types.go @@ -65,9 +65,15 @@ func cBBool(x bool) C.CK_BBOOL { return C.CK_BBOOL(C.CK_FALSE) } +// memBytes returns a byte slice that references an arbitrary memory area +func memBytes(p unsafe.Pointer, len uintptr) []byte { + const maxIndex int32 = (1 << 31) - 1 + return (*([maxIndex]byte))(p)[:len:len] +} + func uintToBytes(x uint64) []byte { ul := C.CK_ULONG(x) - return C.GoBytes(unsafe.Pointer(&ul), C.int(unsafe.Sizeof(ul))) + return memBytes(unsafe.Pointer(&ul), unsafe.Sizeof(ul)) } // Error represents an PKCS#11 error. From 8bb176f4d2f74fc42354cee62f9678e80f57888c Mon Sep 17 00:00:00 2001 From: JeremyRand <244188+JeremyRand@users.noreply.github.com> Date: Fri, 2 Sep 2022 16:07:59 +0000 Subject: [PATCH 08/15] p11: Add Mechanism.Type() and Mechanism.Parameter() (#160) Fixes https://github.com/miekg/pkcs11/issues/158 Co-authored-by: Jeremy Rand --- p11/slot.go | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/p11/slot.go b/p11/slot.go index f44bb37..c4175c4 100644 --- a/p11/slot.go +++ b/p11/slot.go @@ -91,6 +91,16 @@ type Mechanism struct { slot Slot } +// Type returns the type of mechanism. +func (m *Mechanism) Type() uint { + return m.mechanism.Mechanism +} + +// Parameter returns any parameters required by the mechanism. +func (m *Mechanism) Parameter() []byte { + return m.mechanism.Parameter +} + // Info returns information about this mechanism. func (m *Mechanism) Info() (pkcs11.MechanismInfo, error) { return m.slot.ctx.GetMechanismInfo(m.slot.id, []*pkcs11.Mechanism{m.mechanism}) From 3e7a4ed852d9ac7c553ee5b5a5fde4a4cb2aee1c Mon Sep 17 00:00:00 2001 From: JeremyRand <244188+JeremyRand@users.noreply.github.com> Date: Sat, 12 Nov 2022 11:40:18 +0000 Subject: [PATCH 09/15] Add NSS vendor attributes from Mozilla Bug 1465613 (#163) Co-authored-by: Jeremy Rand --- vendor.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor.go b/vendor.go index ce7f718..5132dc4 100644 --- a/vendor.go +++ b/vendor.go @@ -67,6 +67,8 @@ const ( CKA_NSS_JPAKE_X2 = CKA_NSS + 32 CKA_NSS_JPAKE_X2S = CKA_NSS + 33 CKA_NSS_MOZILLA_CA_POLICY = CKA_NSS + 34 + CKA_NSS_SERVER_DISTRUST_AFTER = CKA_NSS + 35 + CKA_NSS_EMAIL_DISTRUST_AFTER = CKA_NSS + 36 CKA_TRUST_DIGITAL_SIGNATURE = CKA_TRUST + 1 CKA_TRUST_NON_REPUDIATION = CKA_TRUST + 2 CKA_TRUST_KEY_ENCIPHERMENT = CKA_TRUST + 3 From 869c407d6625437302d20602b155609a452133c9 Mon Sep 17 00:00:00 2001 From: Peter Tanski Date: Mon, 14 Nov 2022 17:34:11 -0500 Subject: [PATCH 10/15] add KeyDerivationStringDataParams handling for Symmetric key derivation --- params.go | 25 +++++++++++++++++ params_test.go | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++ types.go | 6 ++-- 3 files changed, 105 insertions(+), 2 deletions(-) diff --git a/params.go b/params.go index 6dde256..d497f0d 100644 --- a/params.go +++ b/params.go @@ -26,6 +26,12 @@ static inline void putECDH1PublicParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VO params->pPublicData = pPublicData; params->ulPublicDataLen = ulPublicDataLen; } + +static inline void putKeyDerivationStringDataParams(CK_KEY_DERIVATION_STRING_DATA_PTR params, CK_BYTE_PTR pData, CK_ULONG ulLen) +{ + params->pData = pData; + params->ulLen = ulLen; +} */ import "C" import "unsafe" @@ -188,3 +194,22 @@ func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) { return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } + +type KeyDerivationStringDataParams struct { + pData []byte +} + +func NewKeyDerivationStringDataParams(data []byte) *KeyDerivationStringDataParams { + return &KeyDerivationStringDataParams{ + pData: data, + } +} + +func cKeyDerivationStringDataParams(p *KeyDerivationStringDataParams, arena arena) ([]byte, arena) { + params := C.CK_KEY_DERIVATION_STRING_DATA{} + + pData, ulLen := arena.Allocate(p.pData) + C.putKeyDerivationStringDataParams(¶ms, C.CK_BYTE_PTR(pData), ulLen) + + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena +} diff --git a/params_test.go b/params_test.go index 98d5185..856192f 100644 --- a/params_test.go +++ b/params_test.go @@ -156,3 +156,79 @@ func TestGCMParams(t *testing.T) { } params.Free() } + +func TestKeyDerivationStringDataParams(t *testing.T) { + p := setenv(t) + sh := getSession(p, t) + defer finishSession(p, sh) + needMech(t, p, sh, CKM_AES_ECB_ENCRYPT_DATA) + + if info, err := p.GetInfo(); err != nil { + t.Errorf("GetInfo: %v", err) + return + } else if info.ManufacturerID == "SoftHSM" && info.LibraryVersion.Major < 2 { + t.Skipf("AES not implemented on SoftHSM") + } + tokenLabel := "TestGenerateKey" + keyTemplate := []*Attribute{ + NewAttribute(CKA_KEY_TYPE, CKK_AES), + NewAttribute(CKA_CLASS, CKO_SECRET_KEY), + NewAttribute(CKA_TOKEN, true), + NewAttribute(CKA_ENCRYPT, true), + NewAttribute(CKA_DECRYPT, true), + NewAttribute(CKA_LABEL, tokenLabel), + NewAttribute(CKA_SENSITIVE, true), + NewAttribute(CKA_EXTRACTABLE, false), + NewAttribute(CKA_DERIVE, true), + NewAttribute(CKA_VALUE_LEN, 32), + } + key, err := p.GenerateKey(sh, + []*Mechanism{NewMechanism(CKM_AES_KEY_GEN, nil)}, + keyTemplate) + if err != nil { + t.Fatalf("failed to generate key: %s\n", err) + } + + data := []byte("1234567890abcdef1234567890abcdef") + mech := []*Mechanism{ + NewMechanism(CKM_AES_ECB_ENCRYPT_DATA, NewKeyDerivationStringDataParams(data)), + } + + derivTokenLabel := "TestDerivedKey" + derivKeyTemplate := []*Attribute{ + NewAttribute(CKA_KEY_TYPE, CKK_AES), + NewAttribute(CKA_CLASS, CKO_SECRET_KEY), + NewAttribute(CKA_TOKEN, true), + NewAttribute(CKA_ENCRYPT, true), + NewAttribute(CKA_DECRYPT, true), + NewAttribute(CKA_LABEL, derivTokenLabel), + NewAttribute(CKA_SENSITIVE, true), + NewAttribute(CKA_EXTRACTABLE, false), + NewAttribute(CKA_DERIVE, true), + NewAttribute(CKA_VALUE_LEN, 32), + } + derivKey, err := p.DeriveKey(sh, mech, key, derivKeyTemplate) + if err != nil { + t.Fatalf("failed to derive key: %s\n", err) + } + + var mv uint = CKM_AES_ECB + plaintext := make([]byte, 32) + if err = p.EncryptInit(sh, []*Mechanism{NewMechanism(mv, nil)}, derivKey); err != nil { + t.Fatalf("EncryptInit: %s\n", err) + } + var ciphertext []byte + if ciphertext, err = p.Encrypt(sh, plaintext); err != nil { + t.Fatalf("Encrypt: %s\n", err) + } + if err = p.DecryptInit(sh, []*Mechanism{NewMechanism(mv, nil)}, derivKey); err != nil { + t.Fatalf("DecryptInit: %s\n", err) + } + var decrypted []byte + if decrypted, err = p.Decrypt(sh, ciphertext); err != nil { + t.Fatalf("Decrypt: %s\n", err) + } + if !bytes.Equal(plaintext, decrypted) { + t.Fatalf("Plaintext mismatch") + } +} diff --git a/types.go b/types.go index 700dd96..083fa02 100644 --- a/types.go +++ b/types.go @@ -261,13 +261,13 @@ func NewMechanism(mech uint, x interface{}) *Mechanism { } switch p := x.(type) { - case *GCMParams, *OAEPParams, *ECDH1DeriveParams: + case *GCMParams, *OAEPParams, *ECDH1DeriveParams, *KeyDerivationStringDataParams: // contains pointers; defer serialization until cMechanism m.generator = p case []byte: m.Parameter = p default: - panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams") + panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams, *KeyDerivationStringDataParams") } return m @@ -290,6 +290,8 @@ func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) { param, arena = cOAEPParams(p, arena) case *ECDH1DeriveParams: param, arena = cECDH1DeriveParams(p, arena) + case *KeyDerivationStringDataParams: + param, arena = cKeyDerivationStringDataParams(p, arena) } if len(param) != 0 { buf, len := arena.Allocate(param) From 54342472734aa46d354f5e891c71c86d4dba84ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96rjan=20Fors?= Date: Tue, 15 Nov 2022 10:46:47 +0100 Subject: [PATCH 11/15] Call Finalize on Module destroy (#164) * Return error from Destroy * Remove destroyed modules * Revert back to not change the API of Destroy --- p11/module.go | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/p11/module.go b/p11/module.go index 7d838e8..bf67a0a 100644 --- a/p11/module.go +++ b/p11/module.go @@ -71,11 +71,11 @@ var modulesMu sync.Mutex // OpenModule loads a PKCS#11 module (a .so file or dynamically loaded library). // It's an error to load a PKCS#11 module multiple times, so this package // will return a previously loaded Module for the same path if possible. -// Note that there is no facility to unload a module ("finalize" in PKCS#11 -// parlance). In general, modules will be unloaded at the end of the process. -// The only place where you are likely to need to explicitly unload a module is -// if you fork your process. If you need to fork, you may want to use the -// lower-level `pkcs11` package. +// +// In general, modules will be unloaded at the end of the process. The only +// place where you are likely to need to explicitly unload a module is if you +// fork your process. If you need to fork, you may want to use the lower-level +// `pkcs11` package. func OpenModule(path string) (Module, error) { modulesMu.Lock() defer modulesMu.Unlock() @@ -125,6 +125,24 @@ func (m Module) Slots() ([]Slot, error) { } // Destroy unloads the module/library. +// +// Once called, any code which uses this module might crash the application. func (m Module) Destroy() { + modulesMu.Lock() + defer modulesMu.Unlock() + + // Find initialized module based on ctx + var path string + for k, v := range modules { + if v.ctx == m.ctx { + path = k + break + } + } + if path != "" { + delete(modules, path) + } + + _ = m.ctx.Finalize() m.ctx.Destroy() } From e93055c24cd44e2a23b12f2cd27fe771ec2e37d5 Mon Sep 17 00:00:00 2001 From: Valerii Chubar Date: Fri, 3 Feb 2023 14:02:15 +0200 Subject: [PATCH 12/15] Add RSA AES key wrap mechanism parameters (#166) pkcs11-spec-v3.1-cs01 6.1.23 RSA AES KEY WRAP The RSA AES key wrap mechanism based on the RSA public-key cryptosystem and the AES key wrap mechanism. It supports single-part key wrapping and key unwrapping. How to use: params := &pkcs11.RSAAESKeyWrapParams{ AESKeyBits: 256, OAEPParams: pkcs11.OAEPParams{ HashAlg: pkcs11.CKM_SHA256, MGF: pkcs11.CKG_MGF1_SHA256, SourceType: pkcs11.CKZ_DATA_SPECIFIED, }, } mechanism := []*pkcs11.Mechanism { pkcs11.NewMechanism(pkcs11.CKM_RSA_AES_KEY_WRAP, params) } unwrappedKey, err := ctx.UnwrapKey(session, mechanism, wrappingKeyObj, wrappedKey, unwrappedKeyAttributes) Signed-off-by: Valerii Chubar Co-authored-by: Valerii Chubar --- params.go | 25 +++++++++++++++++++++++++ types.go | 7 +++++-- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/params.go b/params.go index 6dde256..f111086 100644 --- a/params.go +++ b/params.go @@ -26,6 +26,11 @@ static inline void putECDH1PublicParams(CK_ECDH1_DERIVE_PARAMS_PTR params, CK_VO params->pPublicData = pPublicData; params->ulPublicDataLen = ulPublicDataLen; } + +static inline void putRSAAESKeyWrapParams(CK_RSA_AES_KEY_WRAP_PARAMS_PTR params, CK_VOID_PTR pOAEPParams) +{ + params->pOAEPParams = pOAEPParams; +} */ import "C" import "unsafe" @@ -188,3 +193,23 @@ func cECDH1DeriveParams(p *ECDH1DeriveParams, arena arena) ([]byte, arena) { return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena } + +type RSAAESKeyWrapParams struct { + AESKeyBits uint + OAEPParams OAEPParams +} + +func cRSAAESKeyWrapParams(p *RSAAESKeyWrapParams, arena arena) ([]byte, arena) { + var param []byte + params := C.CK_RSA_AES_KEY_WRAP_PARAMS { + ulAESKeyBits: C.CK_MECHANISM_TYPE(p.AESKeyBits), + } + + param, arena = cOAEPParams(&p.OAEPParams, arena) + if len(param) != 0 { + buf, _ := arena.Allocate(param) + C.putRSAAESKeyWrapParams(¶ms, buf) + } + return memBytes(unsafe.Pointer(¶ms), unsafe.Sizeof(params)), arena +} + diff --git a/types.go b/types.go index 700dd96..d3bfce8 100644 --- a/types.go +++ b/types.go @@ -261,13 +261,14 @@ func NewMechanism(mech uint, x interface{}) *Mechanism { } switch p := x.(type) { - case *GCMParams, *OAEPParams, *ECDH1DeriveParams: + case *GCMParams, *OAEPParams, *ECDH1DeriveParams, *RSAAESKeyWrapParams: // contains pointers; defer serialization until cMechanism m.generator = p case []byte: m.Parameter = p default: - panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams") + panic("parameter must be one of type: []byte, *GCMParams, *OAEPParams, *ECDH1DeriveParams," + + " *RSAAESKeyWrapParams") } return m @@ -290,6 +291,8 @@ func cMechanism(mechList []*Mechanism) (arena, *C.CK_MECHANISM) { param, arena = cOAEPParams(p, arena) case *ECDH1DeriveParams: param, arena = cECDH1DeriveParams(p, arena) + case *RSAAESKeyWrapParams: + param, arena = cRSAAESKeyWrapParams(p, arena) } if len(param) != 0 { buf, len := arena.Allocate(param) From e678cf59e528fbe282ec77c9211fcf7d73a52f3e Mon Sep 17 00:00:00 2001 From: Miek Gieben Date: Wed, 21 Jun 2023 15:33:35 +0200 Subject: [PATCH 13/15] update to newer Go versions in workflow (#167) Signed-off-by: Miek Gieben --- .github/workflows/go.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index d9ed53f..5e4b0ce 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -7,7 +7,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - go: [ 1.16.x, 1.17.x ] + go: [ 1.19.x, 1.20.x ] steps: - name: Set up Go From 9078ad6b9d4b17a548e56959b10e8949afab10ec Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stanislav=20L=C3=A1zni=C4=8Dka?= Date: Wed, 15 Nov 2023 11:28:56 +0100 Subject: [PATCH 14/15] const_generate: hardcode CK_TRUE/CK_FALSE to golang bool values (#176) * const_generate: hardcode CK_TRUE/CK_FALSE values The PKCS11 constants are most useful when creating attributes with `NewAttribute()` in all kinds of different PKCS11 calls. The function is using generic type handling to decide attribute length. The CK_TRUE/CK_FALSE constants should evaluate to direct Golang bool values in order for these to be handled properly by the `NewAttribute()` calls, which interprets bool values as []byte{0}, []byte{1} for false, true respectively. If these stay integers, `NewAttribtue()` considers them 8-byte long byte slices. Some PKCS11 module implementations actually validate constant-length arguments size. https://github.com/opendnssec/SoftHSMv2/ is an example of a commonly used PKCS11-testing module that does that. Without this change, the module fails to perform certain actions as it errors out on unexpected attribute size. * regenerate zconst --- const_generate.go | 26 +++++++++++++++++--------- zconst.go | 19 ++++++++++++------- 2 files changed, 29 insertions(+), 16 deletions(-) diff --git a/const_generate.go b/const_generate.go index 7bdee91..d868b62 100644 --- a/const_generate.go +++ b/const_generate.go @@ -70,15 +70,23 @@ func main() { prevpre = x } - value := strings.TrimSuffix(fields[2], "UL") - // special case for things like: (CKF_ARRAY_ATTRIBUTE|0x00000211UL) - if strings.HasSuffix(value, "UL)") { - value = strings.Replace(value, "UL)", ")", 1) - } - // CK_UNAVAILABLE_INFORMATION is encoded as (~0) (with UL) removed, this needs to be ^uint(0) in Go. - // Special case that here. - if value == "(~0)" { - value = "^uint(0)" + var value string + switch fields[1] { + case "CK_TRUE": + value = "true" + case "CK_FALSE": + value = "false" + default: + value = strings.TrimSuffix(fields[2], "UL") + // special case for things like: (CKF_ARRAY_ATTRIBUTE|0x00000211UL) + if strings.HasSuffix(value, "UL)") { + value = strings.Replace(value, "UL)", ")", 1) + } + // CK_UNAVAILABLE_INFORMATION is encoded as (~0) (with UL) removed, this needs to be ^uint(0) in Go. + // Special case that here. + if value == "(~0)" { + value = "^uint(0)" + } } if comment != "" { diff --git a/zconst.go b/zconst.go index f9cf46b..164054d 100644 --- a/zconst.go +++ b/zconst.go @@ -7,8 +7,8 @@ package pkcs11 const ( - CK_TRUE = 1 - CK_FALSE = 0 + CK_TRUE = true + CK_FALSE = false // some special values for certain CK_ULONG variables CK_UNAVAILABLE_INFORMATION = ^uint(0) @@ -22,13 +22,15 @@ const ( CKN_OTP_CHANGED = 1 // flags: bit flags that provide capabilities of the slot - // Bit Flag Mask Meaning + // + // Bit Flag Mask Meaning CKF_TOKEN_PRESENT = 0x00000001 // a token is there CKF_REMOVABLE_DEVICE = 0x00000002 // removable devices CKF_HW_SLOT = 0x00000004 // hardware slot // The flags parameter is defined as follows: - // Bit Flag Mask Meaning + // + // Bit Flag Mask Meaning CKF_RNG = 0x00000001 // has random # generator CKF_WRITE_PROTECTED = 0x00000002 // token is write-protected CKF_LOGIN_REQUIRED = 0x00000004 // user must login @@ -125,7 +127,8 @@ const ( CKS_RW_SO_FUNCTIONS = 4 // The flags are defined in the following table: - // Bit Flag Mask Meaning + // + // Bit Flag Mask Meaning CKF_RW_SESSION = 0x00000002 // session is r/w CKF_SERIAL_SESSION = 0x00000004 // no parallel @@ -710,7 +713,8 @@ const ( CKM_VENDOR_DEFINED = 0x80000000 // The flags are defined as follows: - // Bit Flag Mask Meaning + // + // Bit Flag Mask Meaning CKF_HW = 0x00000001 // performed by HW // Specify whether or not a mechanism can be used for a particular task @@ -834,7 +838,8 @@ const ( CKR_VENDOR_DEFINED = 0x80000000 // flags: bit flags that provide capabilities of the slot - // Bit Flag Mask Meaning + // + // Bit Flag Mask Meaning CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 CKF_OS_LOCKING_OK = 0x00000002 From bc123cc1acd09e2f0fe5a10e22102e19a927635b Mon Sep 17 00:00:00 2001 From: Peter Tanski Date: Sat, 6 Apr 2024 18:05:37 -0400 Subject: [PATCH 15/15] fix test failure by regenerating zconst.go; update README.md --- README.md | 20 +- .../token.object | Bin 320 -> 320 bytes zconst.go | 1776 +++++++++-------- 3 files changed, 996 insertions(+), 800 deletions(-) diff --git a/README.md b/README.md index 6b73fea..6670f27 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,12 @@ # PKCS#11 -This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idiom where -it makes sense. It has been tested with SoftHSM. +This is a Go implementation of the PKCS#11 API. It wraps the library closely, but uses Go idioms where +they make sense. It has been tested with SoftHSM. The version used is "PKCS #11 Cryptographic Token Interface Base Specification Version 3.0", see . Note that the header -files listed there are *broken*, the fixed ones live in a [github repo](https://github.com/oasis-tcs/pkcs11/tree/master/working/headers). -From that repo commit 188b0b1024403f1907b6cf5fedc0bc148c2221a2 was pulled into this repository. +files listed there are *broken*, the fixed ones live in a [github repo](https://github.com/oasis-tcs/pkcs11/tree/pkcs11-3.00/published/3-00). +From that repo commit d8d3a0b7c47d7cc129063004f1fce6553bc70839 was pulled into this repository. ## SoftHSM @@ -15,7 +15,7 @@ From that repo commit 188b0b1024403f1907b6cf5fedc0bc148c2221a2 was pulled into t * Then use `softhsm` to init it ~~~ - softhsm --init-token --slot 0 --label test --pin 1234 + softhsm2-util --init-token --slot 0 --label test --pin 1234 ~~~ * Then use `libsofthsm2.so` as the pkcs11 module: @@ -24,6 +24,16 @@ From that repo commit 188b0b1024403f1907b6cf5fedc0bc148c2221a2 was pulled into t p := pkcs11.New("/usr/lib/softhsm/libsofthsm2.so") ~~~ +### Mac OS X + + * If installing `softhsm` via `homebrew`, set the environment variable + `SOFTHSM_LIB` to the location of the homebrew installation: + + ~~~ + export SOFTHSM_LIB=/opt/homebrew/Cellar/softhsm/2.6.1/lib/softhsm/libsofthsm2.so + ~~~ + + ## Examples A skeleton program would look somewhat like this (yes, pkcs#11 is verbose): diff --git a/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object b/test_data/a24d090e-196a-ccd7-5b05-6e9cc42d3142/token.object index c5cc813b4a5491b60dc35803164954d60cc2f093..9adb0fe9dded904881a8b72d65582d190833282a 100644 GIT binary patch delta 17 UcmX@WbbyJ20Rrqda#%0|03AI7z5oCK delta 17 UcmX@WbbyJ20Rogaa#%0|035Lbq5uE@ diff --git a/zconst.go b/zconst.go index fffd379..6b67fa4 100644 --- a/zconst.go +++ b/zconst.go @@ -7,737 +7,882 @@ package pkcs11 const ( - CKN_SURRENDER = 0 - CKN_OTP_CHANGED = 1 - CKF_TOKEN_PRESENT = 0x00000001 - CKF_REMOVABLE_DEVICE = 0x00000002 - CKF_HW_SLOT = 0x00000004 - CKF_RNG = 0x00000001 - CKF_WRITE_PROTECTED = 0x00000002 - CKF_LOGIN_REQUIRED = 0x00000004 - CKF_USER_PIN_INITIALIZED = 0x00000008 - CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 - CKF_CLOCK_ON_TOKEN = 0x00000040 - CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 - CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 - CKF_TOKEN_INITIALIZED = 0x00000400 - CKF_SECONDARY_AUTHENTICATION = 0x00000800 - CKF_USER_PIN_COUNT_LOW = 0x00010000 - CKF_USER_PIN_FINAL_TRY = 0x00020000 - CKF_USER_PIN_LOCKED = 0x00040000 - CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 - CKF_SO_PIN_COUNT_LOW = 0x00100000 - CKF_SO_PIN_FINAL_TRY = 0x00200000 - CKF_SO_PIN_LOCKED = 0x00400000 - CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 - CKF_ERROR_STATE = 0x01000000 - CKU_SO = 0 - CKU_USER = 1 - CKU_CONTEXT_SPECIFIC = 2 - CKS_RO_PUBLIC_SESSION = 0 - CKS_RO_USER_FUNCTIONS = 1 - CKS_RW_PUBLIC_SESSION = 2 - CKS_RW_USER_FUNCTIONS = 3 - CKS_RW_SO_FUNCTIONS = 4 - CKF_RW_SESSION = 0x00000002 - CKF_SERIAL_SESSION = 0x00000004 - CKO_DATA = 0x00000000 - CKO_CERTIFICATE = 0x00000001 - CKO_PUBLIC_KEY = 0x00000002 - CKO_PRIVATE_KEY = 0x00000003 - CKO_SECRET_KEY = 0x00000004 - CKO_HW_FEATURE = 0x00000005 - CKO_DOMAIN_PARAMETERS = 0x00000006 - CKO_MECHANISM = 0x00000007 - CKO_OTP_KEY = 0x00000008 - CKO_PROFILE = 0x00000009 - CKO_VENDOR_DEFINED = 0x80000000 - CKP_INVALID_ID = 0x00000000 - CKP_BASELINE_PROVIDER = 0x00000001 - CKP_EXTENDED_PROVIDER = 0x00000002 - CKP_AUTHENTICATION_TOKEN = 0x00000003 - CKP_PUBLIC_CERTIFICATES_TOKEN = 0x00000004 - CKP_COMPLETE_PROVIDER = 0x00000005 - CKP_HKDF_TLS_TOKEN = 0x00000006 - CKP_VENDOR_DEFINED = 0x80000000 - CKH_MONOTONIC_COUNTER = 0x00000001 - CKH_CLOCK = 0x00000002 - CKH_USER_INTERFACE = 0x00000003 - CKH_VENDOR_DEFINED = 0x80000000 - CKK_RSA = 0x00000000 - CKK_DSA = 0x00000001 - CKK_DH = 0x00000002 - CKK_ECDSA = 0x00000003 // Deprecated - CKK_EC = 0x00000003 - CKK_X9_42_DH = 0x00000004 - CKK_KEA = 0x00000005 - CKK_GENERIC_SECRET = 0x00000010 - CKK_RC2 = 0x00000011 - CKK_RC4 = 0x00000012 - CKK_DES = 0x00000013 - CKK_DES2 = 0x00000014 - CKK_DES3 = 0x00000015 - CKK_CAST = 0x00000016 - CKK_CAST3 = 0x00000017 - CKK_CAST5 = 0x00000018 // Deprecated - CKK_CAST128 = 0x00000018 - CKK_RC5 = 0x00000019 - CKK_IDEA = 0x0000001A - CKK_SKIPJACK = 0x0000001B - CKK_BATON = 0x0000001C - CKK_JUNIPER = 0x0000001D - CKK_CDMF = 0x0000001E - CKK_AES = 0x0000001F - CKK_BLOWFISH = 0x00000020 - CKK_TWOFISH = 0x00000021 - CKK_SECURID = 0x00000022 - CKK_HOTP = 0x00000023 - CKK_ACTI = 0x00000024 - CKK_CAMELLIA = 0x00000025 - CKK_ARIA = 0x00000026 - CKK_MD5_HMAC = 0x00000027 - CKK_SHA_1_HMAC = 0x00000028 - CKK_RIPEMD128_HMAC = 0x00000029 - CKK_RIPEMD160_HMAC = 0x0000002A - CKK_SHA256_HMAC = 0x0000002B - CKK_SHA384_HMAC = 0x0000002C - CKK_SHA512_HMAC = 0x0000002D - CKK_SHA224_HMAC = 0x0000002E - CKK_SEED = 0x0000002F - CKK_GOSTR3410 = 0x00000030 - CKK_GOSTR3411 = 0x00000031 - CKK_GOST28147 = 0x00000032 - CKK_CHACHA20 = 0x00000033 - CKK_POLY1305 = 0x00000034 - CKK_AES_XTS = 0x00000035 - CKK_SHA3_224_HMAC = 0x00000036 - CKK_SHA3_256_HMAC = 0x00000037 - CKK_SHA3_384_HMAC = 0x00000038 - CKK_SHA3_512_HMAC = 0x00000039 - CKK_BLAKE2B_160_HMAC = 0x0000003a - CKK_BLAKE2B_256_HMAC = 0x0000003b - CKK_BLAKE2B_384_HMAC = 0x0000003c - CKK_BLAKE2B_512_HMAC = 0x0000003d - CKK_SALSA20 = 0x0000003e - CKK_X2RATCHET = 0x0000003f - CKK_EC_EDWARDS = 0x00000040 - CKK_EC_MONTGOMERY = 0x00000041 - CKK_HKDF = 0x00000042 - CKK_SHA512_224_HMAC = 0x00000043 - CKK_SHA512_256_HMAC = 0x00000044 - CKK_SHA512_T_HMAC = 0x00000045 - CKK_HSS = 0x00000046 - CKK_VENDOR_DEFINED = 0x80000000 - CKC_X_509 = 0x00000000 - CKC_X_509_ATTR_CERT = 0x00000001 - CKC_WTLS = 0x00000002 - CKC_VENDOR_DEFINED = 0x80000000 - CKF_ARRAY_ATTRIBUTE = 0x40000000 - CKA_CLASS = 0x00000000 - CKA_TOKEN = 0x00000001 - CKA_PRIVATE = 0x00000002 - CKA_LABEL = 0x00000003 - CKA_UNIQUE_ID = 0x00000004 - CKA_APPLICATION = 0x00000010 - CKA_VALUE = 0x00000011 - CKA_OBJECT_ID = 0x00000012 - CKA_CERTIFICATE_TYPE = 0x00000080 - CKA_ISSUER = 0x00000081 - CKA_SERIAL_NUMBER = 0x00000082 - CKA_AC_ISSUER = 0x00000083 - CKA_OWNER = 0x00000084 - CKA_ATTR_TYPES = 0x00000085 - CKA_TRUSTED = 0x00000086 - CKA_CERTIFICATE_CATEGORY = 0x00000087 - CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 - CKA_URL = 0x00000089 - CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008a - CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008b - CKA_NAME_HASH_ALGORITHM = 0x0000008c - CKA_CHECK_VALUE = 0x00000090 - CKA_KEY_TYPE = 0x00000100 - CKA_SUBJECT = 0x00000101 - CKA_ID = 0x00000102 - CKA_SENSITIVE = 0x00000103 - CKA_ENCRYPT = 0x00000104 - CKA_DECRYPT = 0x00000105 - CKA_WRAP = 0x00000106 - CKA_UNWRAP = 0x00000107 - CKA_SIGN = 0x00000108 - CKA_SIGN_RECOVER = 0x00000109 - CKA_VERIFY = 0x0000010a - CKA_VERIFY_RECOVER = 0x0000010b - CKA_DERIVE = 0x0000010c - CKA_START_DATE = 0x00000110 - CKA_END_DATE = 0x00000111 - CKA_MODULUS = 0x00000120 - CKA_MODULUS_BITS = 0x00000121 - CKA_PUBLIC_EXPONENT = 0x00000122 - CKA_PRIVATE_EXPONENT = 0x00000123 - CKA_PRIME_1 = 0x00000124 - CKA_PRIME_2 = 0x00000125 - CKA_EXPONENT_1 = 0x00000126 - CKA_EXPONENT_2 = 0x00000127 - CKA_COEFFICIENT = 0x00000128 - CKA_PUBLIC_KEY_INFO = 0x00000129 - CKA_PRIME = 0x00000130 - CKA_SUBPRIME = 0x00000131 - CKA_BASE = 0x00000132 - CKA_PRIME_BITS = 0x00000133 - CKA_SUBPRIME_BITS = 0x00000134 - CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS - CKA_VALUE_BITS = 0x00000160 - CKA_VALUE_LEN = 0x00000161 - CKA_EXTRACTABLE = 0x00000162 - CKA_LOCAL = 0x00000163 - CKA_NEVER_EXTRACTABLE = 0x00000164 - CKA_ALWAYS_SENSITIVE = 0x00000165 - CKA_KEY_GEN_MECHANISM = 0x00000166 - CKA_MODIFIABLE = 0x00000170 - CKA_COPYABLE = 0x00000171 - CKA_DESTROYABLE = 0x00000172 - CKA_ECDSA_PARAMS = 0x00000180 // Deprecated - CKA_EC_PARAMS = 0x00000180 - CKA_EC_POINT = 0x00000181 - CKA_SECONDARY_AUTH = 0x00000200 // Deprecated - CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated - CKA_ALWAYS_AUTHENTICATE = 0x00000202 - CKA_WRAP_WITH_TRUSTED = 0x00000210 - CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) - CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) - CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) - CKA_OTP_FORMAT = 0x00000220 - CKA_OTP_LENGTH = 0x00000221 - CKA_OTP_TIME_INTERVAL = 0x00000222 - CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 - CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 - CKA_OTP_TIME_REQUIREMENT = 0x00000225 - CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 - CKA_OTP_PIN_REQUIREMENT = 0x00000227 - CKA_OTP_COUNTER = 0x0000022e - CKA_OTP_TIME = 0x0000022f - CKA_OTP_USER_IDENTIFIER = 0x0000022a - CKA_OTP_SERVICE_IDENTIFIER = 0x0000022b - CKA_OTP_SERVICE_LOGO = 0x0000022c - CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022d - CKA_GOSTR3410_PARAMS = 0x00000250 - CKA_GOSTR3411_PARAMS = 0x00000251 - CKA_GOST28147_PARAMS = 0x00000252 - CKA_HW_FEATURE_TYPE = 0x00000300 - CKA_RESET_ON_INIT = 0x00000301 - CKA_HAS_RESET = 0x00000302 - CKA_PIXEL_X = 0x00000400 - CKA_PIXEL_Y = 0x00000401 - CKA_RESOLUTION = 0x00000402 - CKA_CHAR_ROWS = 0x00000403 - CKA_CHAR_COLUMNS = 0x00000404 - CKA_COLOR = 0x00000405 - CKA_BITS_PER_PIXEL = 0x00000406 - CKA_CHAR_SETS = 0x00000480 - CKA_ENCODING_METHODS = 0x00000481 - CKA_MIME_TYPES = 0x00000482 - CKA_MECHANISM_TYPE = 0x00000500 - CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 - CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 - CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 - CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) - CKA_PROFILE_ID = 0x00000601 - CKA_X2RATCHET_BAG = 0x00000602 - CKA_X2RATCHET_BAGSIZE = 0x00000603 - CKA_X2RATCHET_BOBS1STMSG = 0x00000604 - CKA_X2RATCHET_CKR = 0x00000605 - CKA_X2RATCHET_CKS = 0x00000606 - CKA_X2RATCHET_DHP = 0x00000607 - CKA_X2RATCHET_DHR = 0x00000608 - CKA_X2RATCHET_DHS = 0x00000609 - CKA_X2RATCHET_HKR = 0x0000060a - CKA_X2RATCHET_HKS = 0x0000060b - CKA_X2RATCHET_ISALICE = 0x0000060c - CKA_X2RATCHET_NHKR = 0x0000060d - CKA_X2RATCHET_NHKS = 0x0000060e - CKA_X2RATCHET_NR = 0x0000060f - CKA_X2RATCHET_NS = 0x00000610 - CKA_X2RATCHET_PNS = 0x00000611 - CKA_X2RATCHET_RK = 0x00000612 - CKA_HSS_LEVELS = 0x00000617 - CKA_HSS_LMS_TYPE = 0x00000618 - CKA_HSS_LMOTS_TYPE = 0x00000619 - CKA_HSS_LMS_TYPES = 0x0000061a - CKA_HSS_LMOTS_TYPES = 0x0000061b - CKA_HSS_KEYS_REMAINING = 0x0000061c - CKA_VENDOR_DEFINED = 0x80000000 - CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 - CKM_RSA_PKCS = 0x00000001 - CKM_RSA_9796 = 0x00000002 - CKM_RSA_X_509 = 0x00000003 - CKM_MD2_RSA_PKCS = 0x00000004 - CKM_MD5_RSA_PKCS = 0x00000005 - CKM_SHA1_RSA_PKCS = 0x00000006 - CKM_RIPEMD128_RSA_PKCS = 0x00000007 - CKM_RIPEMD160_RSA_PKCS = 0x00000008 - CKM_RSA_PKCS_OAEP = 0x00000009 - CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000a - CKM_RSA_X9_31 = 0x0000000b - CKM_SHA1_RSA_X9_31 = 0x0000000c - CKM_RSA_PKCS_PSS = 0x0000000d - CKM_SHA1_RSA_PKCS_PSS = 0x0000000e - CKM_DSA_KEY_PAIR_GEN = 0x00000010 - CKM_DSA = 0x00000011 - CKM_DSA_SHA1 = 0x00000012 - CKM_DSA_SHA224 = 0x00000013 - CKM_DSA_SHA256 = 0x00000014 - CKM_DSA_SHA384 = 0x00000015 - CKM_DSA_SHA512 = 0x00000016 - CKM_DSA_SHA3_224 = 0x00000018 - CKM_DSA_SHA3_256 = 0x00000019 - CKM_DSA_SHA3_384 = 0x0000001a - CKM_DSA_SHA3_512 = 0x0000001b - CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 - CKM_DH_PKCS_DERIVE = 0x00000021 - CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 - CKM_X9_42_DH_DERIVE = 0x00000031 - CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 - CKM_X9_42_MQV_DERIVE = 0x00000033 - CKM_SHA256_RSA_PKCS = 0x00000040 - CKM_SHA384_RSA_PKCS = 0x00000041 - CKM_SHA512_RSA_PKCS = 0x00000042 - CKM_SHA256_RSA_PKCS_PSS = 0x00000043 - CKM_SHA384_RSA_PKCS_PSS = 0x00000044 - CKM_SHA512_RSA_PKCS_PSS = 0x00000045 - CKM_SHA224_RSA_PKCS = 0x00000046 - CKM_SHA224_RSA_PKCS_PSS = 0x00000047 - CKM_SHA512_224 = 0x00000048 - CKM_SHA512_224_HMAC = 0x00000049 - CKM_SHA512_224_HMAC_GENERAL = 0x0000004a - CKM_SHA512_224_KEY_DERIVATION = 0x0000004b - CKM_SHA512_256 = 0x0000004c - CKM_SHA512_256_HMAC = 0x0000004d - CKM_SHA512_256_HMAC_GENERAL = 0x0000004e - CKM_SHA512_256_KEY_DERIVATION = 0x0000004f - CKM_SHA512_T = 0x00000050 - CKM_SHA512_T_HMAC = 0x00000051 - CKM_SHA512_T_HMAC_GENERAL = 0x00000052 - CKM_SHA512_T_KEY_DERIVATION = 0x00000053 - CKM_SHA3_256_RSA_PKCS = 0x00000060 - CKM_SHA3_384_RSA_PKCS = 0x00000061 - CKM_SHA3_512_RSA_PKCS = 0x00000062 - CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 - CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 - CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 - CKM_SHA3_224_RSA_PKCS = 0x00000066 - CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 - CKM_RC2_KEY_GEN = 0x00000100 - CKM_RC2_ECB = 0x00000101 - CKM_RC2_CBC = 0x00000102 - CKM_RC2_MAC = 0x00000103 - CKM_RC2_MAC_GENERAL = 0x00000104 - CKM_RC2_CBC_PAD = 0x00000105 - CKM_RC4_KEY_GEN = 0x00000110 - CKM_RC4 = 0x00000111 - CKM_DES_KEY_GEN = 0x00000120 - CKM_DES_ECB = 0x00000121 - CKM_DES_CBC = 0x00000122 - CKM_DES_MAC = 0x00000123 - CKM_DES_MAC_GENERAL = 0x00000124 - CKM_DES_CBC_PAD = 0x00000125 - CKM_DES2_KEY_GEN = 0x00000130 - CKM_DES3_KEY_GEN = 0x00000131 - CKM_DES3_ECB = 0x00000132 - CKM_DES3_CBC = 0x00000133 - CKM_DES3_MAC = 0x00000134 - CKM_DES3_MAC_GENERAL = 0x00000135 - CKM_DES3_CBC_PAD = 0x00000136 - CKM_DES3_CMAC_GENERAL = 0x00000137 - CKM_DES3_CMAC = 0x00000138 - CKM_CDMF_KEY_GEN = 0x00000140 - CKM_CDMF_ECB = 0x00000141 - CKM_CDMF_CBC = 0x00000142 - CKM_CDMF_MAC = 0x00000143 - CKM_CDMF_MAC_GENERAL = 0x00000144 - CKM_CDMF_CBC_PAD = 0x00000145 - CKM_DES_OFB64 = 0x00000150 - CKM_DES_OFB8 = 0x00000151 - CKM_DES_CFB64 = 0x00000152 - CKM_DES_CFB8 = 0x00000153 - CKM_MD2 = 0x00000200 - CKM_MD2_HMAC = 0x00000201 - CKM_MD2_HMAC_GENERAL = 0x00000202 - CKM_MD5 = 0x00000210 - CKM_MD5_HMAC = 0x00000211 - CKM_MD5_HMAC_GENERAL = 0x00000212 - CKM_SHA_1 = 0x00000220 - CKM_SHA_1_HMAC = 0x00000221 - CKM_SHA_1_HMAC_GENERAL = 0x00000222 - CKM_RIPEMD128 = 0x00000230 - CKM_RIPEMD128_HMAC = 0x00000231 - CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 - CKM_RIPEMD160 = 0x00000240 - CKM_RIPEMD160_HMAC = 0x00000241 - CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 - CKM_SHA256 = 0x00000250 - CKM_SHA256_HMAC = 0x00000251 - CKM_SHA256_HMAC_GENERAL = 0x00000252 - CKM_SHA224 = 0x00000255 - CKM_SHA224_HMAC = 0x00000256 - CKM_SHA224_HMAC_GENERAL = 0x00000257 - CKM_SHA384 = 0x00000260 - CKM_SHA384_HMAC = 0x00000261 - CKM_SHA384_HMAC_GENERAL = 0x00000262 - CKM_SHA512 = 0x00000270 - CKM_SHA512_HMAC = 0x00000271 - CKM_SHA512_HMAC_GENERAL = 0x00000272 - CKM_SECURID_KEY_GEN = 0x00000280 - CKM_SECURID = 0x00000282 - CKM_HOTP_KEY_GEN = 0x00000290 - CKM_HOTP = 0x00000291 - CKM_ACTI = 0x000002a0 - CKM_ACTI_KEY_GEN = 0x000002a1 - CKM_SHA3_256 = 0x000002b0 - CKM_SHA3_256_HMAC = 0x000002b1 - CKM_SHA3_256_HMAC_GENERAL = 0x000002b2 - CKM_SHA3_256_KEY_GEN = 0x000002b3 - CKM_SHA3_224 = 0x000002b5 - CKM_SHA3_224_HMAC = 0x000002b6 - CKM_SHA3_224_HMAC_GENERAL = 0x000002b7 - CKM_SHA3_224_KEY_GEN = 0x000002b8 - CKM_SHA3_384 = 0x000002c0 - CKM_SHA3_384_HMAC = 0x000002c1 - CKM_SHA3_384_HMAC_GENERAL = 0x000002c2 - CKM_SHA3_384_KEY_GEN = 0x000002c3 - CKM_SHA3_512 = 0x000002d0 - CKM_SHA3_512_HMAC = 0x000002d1 - CKM_SHA3_512_HMAC_GENERAL = 0x000002d2 - CKM_SHA3_512_KEY_GEN = 0x000002d3 - CKM_CAST_KEY_GEN = 0x00000300 - CKM_CAST_ECB = 0x00000301 - CKM_CAST_CBC = 0x00000302 - CKM_CAST_MAC = 0x00000303 - CKM_CAST_MAC_GENERAL = 0x00000304 - CKM_CAST_CBC_PAD = 0x00000305 - CKM_CAST3_KEY_GEN = 0x00000310 - CKM_CAST3_ECB = 0x00000311 - CKM_CAST3_CBC = 0x00000312 - CKM_CAST3_MAC = 0x00000313 - CKM_CAST3_MAC_GENERAL = 0x00000314 - CKM_CAST3_CBC_PAD = 0x00000315 - CKM_CAST5_KEY_GEN = 0x00000320 - CKM_CAST128_KEY_GEN = 0x00000320 - CKM_CAST5_ECB = 0x00000321 - CKM_CAST128_ECB = 0x00000321 - CKM_CAST5_CBC = 0x00000322 // Deprecated - CKM_CAST128_CBC = 0x00000322 - CKM_CAST5_MAC = 0x00000323 // Deprecated - CKM_CAST128_MAC = 0x00000323 - CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated - CKM_CAST128_MAC_GENERAL = 0x00000324 - CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated - CKM_CAST128_CBC_PAD = 0x00000325 - CKM_RC5_KEY_GEN = 0x00000330 - CKM_RC5_ECB = 0x00000331 - CKM_RC5_CBC = 0x00000332 - CKM_RC5_MAC = 0x00000333 - CKM_RC5_MAC_GENERAL = 0x00000334 - CKM_RC5_CBC_PAD = 0x00000335 - CKM_IDEA_KEY_GEN = 0x00000340 - CKM_IDEA_ECB = 0x00000341 - CKM_IDEA_CBC = 0x00000342 - CKM_IDEA_MAC = 0x00000343 - CKM_IDEA_MAC_GENERAL = 0x00000344 - CKM_IDEA_CBC_PAD = 0x00000345 - CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 - CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 - CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 - CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 - CKM_XOR_BASE_AND_DATA = 0x00000364 - CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 - CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 - CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 - CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 - CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 - CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 - CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 - CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 - CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 - CKM_TLS_PRF = 0x00000378 - CKM_SSL3_MD5_MAC = 0x00000380 - CKM_SSL3_SHA1_MAC = 0x00000381 - CKM_MD5_KEY_DERIVATION = 0x00000390 - CKM_MD2_KEY_DERIVATION = 0x00000391 - CKM_SHA1_KEY_DERIVATION = 0x00000392 - CKM_SHA256_KEY_DERIVATION = 0x00000393 - CKM_SHA384_KEY_DERIVATION = 0x00000394 - CKM_SHA512_KEY_DERIVATION = 0x00000395 - CKM_SHA224_KEY_DERIVATION = 0x00000396 - CKM_SHA3_256_KEY_DERIVATION = 0x00000397 - CKM_SHA3_224_KEY_DERIVATION = 0x00000398 - CKM_SHA3_384_KEY_DERIVATION = 0x00000399 - CKM_SHA3_512_KEY_DERIVATION = 0x0000039a - CKM_SHAKE_128_KEY_DERIVATION = 0x0000039b - CKM_SHAKE_256_KEY_DERIVATION = 0x0000039c - CKM_SHA3_256_KEY_DERIVE = CKM_SHA3_256_KEY_DERIVATION - CKM_SHA3_224_KEY_DERIVE = CKM_SHA3_224_KEY_DERIVATION - CKM_SHA3_384_KEY_DERIVE = CKM_SHA3_384_KEY_DERIVATION - CKM_SHA3_512_KEY_DERIVE = CKM_SHA3_512_KEY_DERIVATION - CKM_SHAKE_128_KEY_DERIVE = CKM_SHAKE_128_KEY_DERIVATION - CKM_SHAKE_256_KEY_DERIVE = CKM_SHAKE_256_KEY_DERIVATION - CKM_PBE_MD2_DES_CBC = 0x000003a0 - CKM_PBE_MD5_DES_CBC = 0x000003a1 - CKM_PBE_MD5_CAST_CBC = 0x000003a2 - CKM_PBE_MD5_CAST3_CBC = 0x000003a3 - CKM_PBE_MD5_CAST5_CBC = 0x000003a4 // Deprecated - CKM_PBE_MD5_CAST128_CBC = 0x000003a4 - CKM_PBE_SHA1_CAST5_CBC = 0x000003a5 // Deprecated - CKM_PBE_SHA1_CAST128_CBC = 0x000003a5 - CKM_PBE_SHA1_RC4_128 = 0x000003a6 - CKM_PBE_SHA1_RC4_40 = 0x000003a7 - CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003a8 - CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003a9 - CKM_PBE_SHA1_RC2_128_CBC = 0x000003aa - CKM_PBE_SHA1_RC2_40_CBC = 0x000003ab - CKM_PKCS5_PBKD2 = 0x000003b0 - CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003c0 - CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003d0 - CKM_WTLS_MASTER_KEY_DERIVE = 0x000003d1 - CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003d2 - CKM_WTLS_PRF = 0x000003d3 - CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003d4 - CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003d5 - CKM_TLS10_MAC_SERVER = 0x000003d6 - CKM_TLS10_MAC_CLIENT = 0x000003d7 - CKM_TLS12_MAC = 0x000003d8 - CKM_TLS12_KDF = 0x000003d9 - CKM_TLS12_MASTER_KEY_DERIVE = 0x000003e0 - CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003e1 - CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003e2 - CKM_TLS12_KEY_SAFE_DERIVE = 0x000003e3 - CKM_TLS_MAC = 0x000003e4 - CKM_TLS_KDF = 0x000003e5 - CKM_KEY_WRAP_LYNKS = 0x00000400 - CKM_KEY_WRAP_SET_OAEP = 0x00000401 - CKM_CMS_SIG = 0x00000500 - CKM_KIP_DERIVE = 0x00000510 - CKM_KIP_WRAP = 0x00000511 - CKM_KIP_MAC = 0x00000512 - CKM_CAMELLIA_KEY_GEN = 0x00000550 - CKM_CAMELLIA_ECB = 0x00000551 - CKM_CAMELLIA_CBC = 0x00000552 - CKM_CAMELLIA_MAC = 0x00000553 - CKM_CAMELLIA_MAC_GENERAL = 0x00000554 - CKM_CAMELLIA_CBC_PAD = 0x00000555 - CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 - CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 - CKM_CAMELLIA_CTR = 0x00000558 - CKM_ARIA_KEY_GEN = 0x00000560 - CKM_ARIA_ECB = 0x00000561 - CKM_ARIA_CBC = 0x00000562 - CKM_ARIA_MAC = 0x00000563 - CKM_ARIA_MAC_GENERAL = 0x00000564 - CKM_ARIA_CBC_PAD = 0x00000565 - CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 - CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 - CKM_SEED_KEY_GEN = 0x00000650 - CKM_SEED_ECB = 0x00000651 - CKM_SEED_CBC = 0x00000652 - CKM_SEED_MAC = 0x00000653 - CKM_SEED_MAC_GENERAL = 0x00000654 - CKM_SEED_CBC_PAD = 0x00000655 - CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 - CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 - CKM_SKIPJACK_KEY_GEN = 0x00001000 - CKM_SKIPJACK_ECB64 = 0x00001001 - CKM_SKIPJACK_CBC64 = 0x00001002 - CKM_SKIPJACK_OFB64 = 0x00001003 - CKM_SKIPJACK_CFB64 = 0x00001004 - CKM_SKIPJACK_CFB32 = 0x00001005 - CKM_SKIPJACK_CFB16 = 0x00001006 - CKM_SKIPJACK_CFB8 = 0x00001007 - CKM_SKIPJACK_WRAP = 0x00001008 - CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 - CKM_SKIPJACK_RELAYX = 0x0000100a - CKM_KEA_KEY_PAIR_GEN = 0x00001010 - CKM_KEA_KEY_DERIVE = 0x00001011 - CKM_KEA_DERIVE = 0x00001012 - CKM_FORTEZZA_TIMESTAMP = 0x00001020 - CKM_BATON_KEY_GEN = 0x00001030 - CKM_BATON_ECB128 = 0x00001031 - CKM_BATON_ECB96 = 0x00001032 - CKM_BATON_CBC128 = 0x00001033 - CKM_BATON_COUNTER = 0x00001034 - CKM_BATON_SHUFFLE = 0x00001035 - CKM_BATON_WRAP = 0x00001036 - CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated - CKM_EC_KEY_PAIR_GEN = 0x00001040 - CKM_ECDSA = 0x00001041 - CKM_ECDSA_SHA1 = 0x00001042 - CKM_ECDSA_SHA224 = 0x00001043 - CKM_ECDSA_SHA256 = 0x00001044 - CKM_ECDSA_SHA384 = 0x00001045 - CKM_ECDSA_SHA512 = 0x00001046 - CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS = 0x0000140b - CKM_ECDH1_DERIVE = 0x00001050 - CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 - CKM_ECMQV_DERIVE = 0x00001052 - CKM_ECDH_AES_KEY_WRAP = 0x00001053 - CKM_RSA_AES_KEY_WRAP = 0x00001054 - CKM_JUNIPER_KEY_GEN = 0x00001060 - CKM_JUNIPER_ECB128 = 0x00001061 - CKM_JUNIPER_CBC128 = 0x00001062 - CKM_JUNIPER_COUNTER = 0x00001063 - CKM_JUNIPER_SHUFFLE = 0x00001064 - CKM_JUNIPER_WRAP = 0x00001065 - CKM_FASTHASH = 0x00001070 - CKM_AES_XTS = 0x00001071 - CKM_AES_XTS_KEY_GEN = 0x00001072 - CKM_AES_KEY_GEN = 0x00001080 - CKM_AES_ECB = 0x00001081 - CKM_AES_CBC = 0x00001082 - CKM_AES_MAC = 0x00001083 - CKM_AES_MAC_GENERAL = 0x00001084 - CKM_AES_CBC_PAD = 0x00001085 - CKM_AES_CTR = 0x00001086 - CKM_AES_GCM = 0x00001087 - CKM_AES_CCM = 0x00001088 - CKM_AES_CTS = 0x00001089 - CKM_AES_CMAC = 0x0000108a - CKM_AES_CMAC_GENERAL = 0x0000108b - CKM_AES_XCBC_MAC = 0x0000108c - CKM_AES_XCBC_MAC_96 = 0x0000108d - CKM_AES_GMAC = 0x0000108e - CKM_BLOWFISH_KEY_GEN = 0x00001090 - CKM_BLOWFISH_CBC = 0x00001091 - CKM_TWOFISH_KEY_GEN = 0x00001092 - CKM_TWOFISH_CBC = 0x00001093 - CKM_BLOWFISH_CBC_PAD = 0x00001094 - CKM_TWOFISH_CBC_PAD = 0x00001095 - CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 - CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 - CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 - CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 - CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 - CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 - CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 - CKM_GOSTR3410 = 0x00001201 - CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 - CKM_GOSTR3410_KEY_WRAP = 0x00001203 - CKM_GOSTR3410_DERIVE = 0x00001204 - CKM_GOSTR3411 = 0x00001210 - CKM_GOSTR3411_HMAC = 0x00001211 - CKM_GOST28147_KEY_GEN = 0x00001220 - CKM_GOST28147_ECB = 0x00001221 - CKM_GOST28147 = 0x00001222 - CKM_GOST28147_MAC = 0x00001223 - CKM_GOST28147_KEY_WRAP = 0x00001224 - CKM_CHACHA20_KEY_GEN = 0x00001225 - CKM_CHACHA20 = 0x00001226 - CKM_POLY1305_KEY_GEN = 0x00001227 - CKM_POLY1305 = 0x00001228 - CKM_DSA_PARAMETER_GEN = 0x00002000 - CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 - CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 - CKM_DSA_PROBABILISTIC_PARAMETER_GEN = 0x00002003 - CKM_DSA_PROBABLISTIC_PARAMETER_GEN = CKM_DSA_PROBABILISTIC_PARAMETER_GEN - CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 - CKM_DSA_FIPS_G_GEN = 0x00002005 - CKM_AES_OFB = 0x00002104 - CKM_AES_CFB64 = 0x00002105 - CKM_AES_CFB8 = 0x00002106 - CKM_AES_CFB128 = 0x00002107 - CKM_AES_CFB1 = 0x00002108 - CKM_AES_KEY_WRAP = 0x00002109 - CKM_AES_KEY_WRAP_PAD = 0x0000210A - CKM_AES_KEY_WRAP_KWP = 0x0000210B - CKM_AES_KEY_WRAP_PKCS7 = 0x0000210C - CKM_RSA_PKCS_TPM_1_1 = 0x00004001 - CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 - CKM_SHA_1_KEY_GEN = 0x00004003 - CKM_SHA224_KEY_GEN = 0x00004004 - CKM_SHA256_KEY_GEN = 0x00004005 - CKM_SHA384_KEY_GEN = 0x00004006 - CKM_SHA512_KEY_GEN = 0x00004007 - CKM_SHA512_224_KEY_GEN = 0x00004008 - CKM_SHA512_256_KEY_GEN = 0x00004009 - CKM_SHA512_T_KEY_GEN = 0x0000400a - CKM_NULL = 0x0000400b - CKM_BLAKE2B_160 = 0x0000400c - CKM_BLAKE2B_160_HMAC = 0x0000400d - CKM_BLAKE2B_160_HMAC_GENERAL = 0x0000400e - CKM_BLAKE2B_160_KEY_DERIVE = 0x0000400f - CKM_BLAKE2B_160_KEY_GEN = 0x00004010 - CKM_BLAKE2B_256 = 0x00004011 - CKM_BLAKE2B_256_HMAC = 0x00004012 - CKM_BLAKE2B_256_HMAC_GENERAL = 0x00004013 - CKM_BLAKE2B_256_KEY_DERIVE = 0x00004014 - CKM_BLAKE2B_256_KEY_GEN = 0x00004015 - CKM_BLAKE2B_384 = 0x00004016 - CKM_BLAKE2B_384_HMAC = 0x00004017 - CKM_BLAKE2B_384_HMAC_GENERAL = 0x00004018 - CKM_BLAKE2B_384_KEY_DERIVE = 0x00004019 - CKM_BLAKE2B_384_KEY_GEN = 0x0000401a - CKM_BLAKE2B_512 = 0x0000401b - CKM_BLAKE2B_512_HMAC = 0x0000401c - CKM_BLAKE2B_512_HMAC_GENERAL = 0x0000401d - CKM_BLAKE2B_512_KEY_DERIVE = 0x0000401e - CKM_BLAKE2B_512_KEY_GEN = 0x0000401f - CKM_SALSA20 = 0x00004020 - CKM_CHACHA20_POLY1305 = 0x00004021 - CKM_SALSA20_POLY1305 = 0x00004022 - CKM_X3DH_INITIALIZE = 0x00004023 - CKM_X3DH_RESPOND = 0x00004024 - CKM_X2RATCHET_INITIALIZE = 0x00004025 - CKM_X2RATCHET_RESPOND = 0x00004026 - CKM_X2RATCHET_ENCRYPT = 0x00004027 - CKM_X2RATCHET_DECRYPT = 0x00004028 - CKM_XEDDSA = 0x00004029 - CKM_HKDF_DERIVE = 0x0000402a - CKM_HKDF_DATA = 0x0000402b - CKM_HKDF_KEY_GEN = 0x0000402c - CKM_SALSA20_KEY_GEN = 0x0000402d - CKM_ECDSA_SHA3_224 = 0x00001047 - CKM_ECDSA_SHA3_256 = 0x00001048 - CKM_ECDSA_SHA3_384 = 0x00001049 - CKM_ECDSA_SHA3_512 = 0x0000104a - CKM_EC_EDWARDS_KEY_PAIR_GEN = 0x00001055 - CKM_EC_MONTGOMERY_KEY_PAIR_GEN = 0x00001056 - CKM_EDDSA = 0x00001057 - CKM_SP800_108_COUNTER_KDF = 0x000003ac - CKM_SP800_108_FEEDBACK_KDF = 0x000003ad - CKM_SP800_108_DOUBLE_PIPELINE_KDF = 0x000003ae - CKM_IKE2_PRF_PLUS_DERIVE = 0x0000402e - CKM_IKE_PRF_DERIVE = 0x0000402f - CKM_IKE1_PRF_DERIVE = 0x00004030 - CKM_IKE1_EXTENDED_DERIVE = 0x00004031 - CKM_HSS_KEY_PAIR_GEN = 0x00004032 - CKM_HSS = 0x00004033 - CKM_VENDOR_DEFINED = 0x80000000 - CKF_HW = 0x00000001 - CKF_MESSAGE_ENCRYPT = 0x00000002 - CKF_MESSAGE_DECRYPT = 0x00000004 - CKF_MESSAGE_SIGN = 0x00000008 - CKF_MESSAGE_VERIFY = 0x00000010 - CKF_MULTI_MESSAGE = 0x00000020 - CKF_MULTI_MESSGE = CKF_MULTI_MESSAGE - CKF_FIND_OBJECTS = 0x00000040 - CKF_ENCRYPT = 0x00000100 - CKF_DECRYPT = 0x00000200 - CKF_DIGEST = 0x00000400 - CKF_SIGN = 0x00000800 - CKF_SIGN_RECOVER = 0x00001000 - CKF_VERIFY = 0x00002000 - CKF_VERIFY_RECOVER = 0x00004000 - CKF_GENERATE = 0x00008000 - CKF_GENERATE_KEY_PAIR = 0x00010000 - CKF_WRAP = 0x00020000 - CKF_UNWRAP = 0x00040000 - CKF_DERIVE = 0x00080000 - CKF_EC_F_P = 0x00100000 - CKF_EC_F_2M = 0x00200000 - CKF_EC_ECPARAMETERS = 0x00400000 - CKF_EC_OID = 0x00800000 - CKF_EC_NAMEDCURVE = CKF_EC_OID - CKF_EC_UNCOMPRESS = 0x01000000 - CKF_EC_COMPRESS = 0x02000000 - CKF_EC_CURVENAME = 0x04000000 - CKF_EXTENSION = 0x80000000 + CK_TRUE = true + CK_FALSE = false + + // some special values for certain CK_ULONG variables + CK_UNAVAILABLE_INFORMATION = ^uint(0) + CK_EFFECTIVELY_INFINITE = 0 + + // The following value is always invalid if used as a session + // handle or object handle + CK_INVALID_HANDLE = 0 + + CKN_SURRENDER = 0 + CKN_OTP_CHANGED = 1 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_TOKEN_PRESENT = 0x00000001 // a token is there + CKF_REMOVABLE_DEVICE = 0x00000002 // removable devices + CKF_HW_SLOT = 0x00000004 // hardware slot + + // The flags parameter is defined as follows: + // + // Bit Flag Mask Meaning + CKF_RNG = 0x00000001 // has random # generator + CKF_WRITE_PROTECTED = 0x00000002 // token is write-protected + CKF_LOGIN_REQUIRED = 0x00000004 // user must login + CKF_USER_PIN_INITIALIZED = 0x00000008 // normal user's PIN is set + + // CKF_RESTORE_KEY_NOT_NEEDED. If it is set, + // that means that *every* time the state of cryptographic + // operations of a session is successfully saved, all keys + // needed to continue those operations are stored in the state + CKF_RESTORE_KEY_NOT_NEEDED = 0x00000020 + + // CKF_CLOCK_ON_TOKEN. If it is set, that means + // that the token has some sort of clock. The time on that + // clock is returned in the token info structure + CKF_CLOCK_ON_TOKEN = 0x00000040 + + // CKF_PROTECTED_AUTHENTICATION_PATH. If it is + // set, that means that there is some way for the user to login + // without sending a PIN through the Cryptoki library itself + CKF_PROTECTED_AUTHENTICATION_PATH = 0x00000100 + + // CKF_DUAL_CRYPTO_OPERATIONS. If it is true, + // that means that a single session with the token can perform + // dual simultaneous cryptographic operations (digest and + // encrypt; decrypt and digest; sign and encrypt; and decrypt + // and sign) + CKF_DUAL_CRYPTO_OPERATIONS = 0x00000200 + + // CKF_TOKEN_INITIALIZED. If it is true, the + // token has been initialized using C_InitializeToken or an + // equivalent mechanism outside the scope of PKCS #11. + // Calling C_InitializeToken when this flag is set will cause + // the token to be reinitialized. + CKF_TOKEN_INITIALIZED = 0x00000400 + + // CKF_SECONDARY_AUTHENTICATION. If it is + // true, the token supports secondary authentication for + // private key objects. + CKF_SECONDARY_AUTHENTICATION = 0x00000800 + + // CKF_USER_PIN_COUNT_LOW. If it is true, an + // incorrect user login PIN has been entered at least once + // since the last successful authentication. + CKF_USER_PIN_COUNT_LOW = 0x00010000 + + // CKF_USER_PIN_FINAL_TRY. If it is true, + // supplying an incorrect user PIN will it to become locked. + CKF_USER_PIN_FINAL_TRY = 0x00020000 + + // CKF_USER_PIN_LOCKED. If it is true, the + // user PIN has been locked. User login to the token is not + // possible. + CKF_USER_PIN_LOCKED = 0x00040000 + + // CKF_USER_PIN_TO_BE_CHANGED. If it is true, + // the user PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_USER_PIN_TO_BE_CHANGED = 0x00080000 + + // CKF_SO_PIN_COUNT_LOW. If it is true, an + // incorrect SO login PIN has been entered at least once since + // the last successful authentication. + CKF_SO_PIN_COUNT_LOW = 0x00100000 + + // CKF_SO_PIN_FINAL_TRY. If it is true, + // supplying an incorrect SO PIN will it to become locked. + CKF_SO_PIN_FINAL_TRY = 0x00200000 + + // CKF_SO_PIN_LOCKED. If it is true, the SO + // PIN has been locked. SO login to the token is not possible. + CKF_SO_PIN_LOCKED = 0x00400000 + + // CKF_SO_PIN_TO_BE_CHANGED. If it is true, + // the SO PIN value is the default value set by token + // initialization or manufacturing, or the PIN has been + // expired by the card. + CKF_SO_PIN_TO_BE_CHANGED = 0x00800000 + CKF_ERROR_STATE = 0x01000000 + + // Security Officer + CKU_SO = 0 + + // Normal user + CKU_USER = 1 + + // Context specific + CKU_CONTEXT_SPECIFIC = 2 + + CKS_RO_PUBLIC_SESSION = 0 + CKS_RO_USER_FUNCTIONS = 1 + CKS_RW_PUBLIC_SESSION = 2 + CKS_RW_USER_FUNCTIONS = 3 + CKS_RW_SO_FUNCTIONS = 4 + + // The flags are defined in the following table: + // + // Bit Flag Mask Meaning + CKF_RW_SESSION = 0x00000002 // session is r/w + CKF_SERIAL_SESSION = 0x00000004 // no parallel + + // The following classes of objects are defined: + CKO_DATA = 0x00000000 + CKO_CERTIFICATE = 0x00000001 + CKO_PUBLIC_KEY = 0x00000002 + CKO_PRIVATE_KEY = 0x00000003 + CKO_SECRET_KEY = 0x00000004 + CKO_HW_FEATURE = 0x00000005 + CKO_DOMAIN_PARAMETERS = 0x00000006 + CKO_MECHANISM = 0x00000007 + CKO_OTP_KEY = 0x00000008 + CKO_PROFILE = 0x00000009 + CKO_VENDOR_DEFINED = 0x80000000 + + // Profile ID's + CKP_INVALID_ID = 0x00000000 + CKP_BASELINE_PROVIDER = 0x00000001 + CKP_EXTENDED_PROVIDER = 0x00000002 + CKP_AUTHENTICATION_TOKEN = 0x00000003 + CKP_PUBLIC_CERTIFICATES_TOKEN = 0x00000004 + CKP_COMPLETE_PROVIDER = 0x00000005 + CKP_HKDF_TLS_TOKEN = 0x00000006 + CKP_VENDOR_DEFINED = 0x80000000 + + // The following hardware feature types are defined + CKH_MONOTONIC_COUNTER = 0x00000001 + CKH_CLOCK = 0x00000002 + CKH_USER_INTERFACE = 0x00000003 + CKH_VENDOR_DEFINED = 0x80000000 + + // the following key types are defined: + CKK_RSA = 0x00000000 + CKK_DSA = 0x00000001 + CKK_DH = 0x00000002 + CKK_ECDSA = 0x00000003 // Deprecated + CKK_EC = 0x00000003 + CKK_X9_42_DH = 0x00000004 + CKK_KEA = 0x00000005 + CKK_GENERIC_SECRET = 0x00000010 + CKK_RC2 = 0x00000011 + CKK_RC4 = 0x00000012 + CKK_DES = 0x00000013 + CKK_DES2 = 0x00000014 + CKK_DES3 = 0x00000015 + CKK_CAST = 0x00000016 + CKK_CAST3 = 0x00000017 + CKK_CAST5 = 0x00000018 // Deprecated + CKK_CAST128 = 0x00000018 + CKK_RC5 = 0x00000019 + CKK_IDEA = 0x0000001A + CKK_SKIPJACK = 0x0000001B + CKK_BATON = 0x0000001C + CKK_JUNIPER = 0x0000001D + CKK_CDMF = 0x0000001E + CKK_AES = 0x0000001F + CKK_BLOWFISH = 0x00000020 + CKK_TWOFISH = 0x00000021 + CKK_SECURID = 0x00000022 + CKK_HOTP = 0x00000023 + CKK_ACTI = 0x00000024 + CKK_CAMELLIA = 0x00000025 + CKK_ARIA = 0x00000026 + + // the following definitions were added in the 2.30 header file, + // but never defined in the spec. + CKK_MD5_HMAC = 0x00000027 + CKK_SHA_1_HMAC = 0x00000028 + CKK_RIPEMD128_HMAC = 0x00000029 + CKK_RIPEMD160_HMAC = 0x0000002A + CKK_SHA256_HMAC = 0x0000002B + CKK_SHA384_HMAC = 0x0000002C + CKK_SHA512_HMAC = 0x0000002D + CKK_SHA224_HMAC = 0x0000002E + CKK_SEED = 0x0000002F + CKK_GOSTR3410 = 0x00000030 + CKK_GOSTR3411 = 0x00000031 + CKK_GOST28147 = 0x00000032 + CKK_CHACHA20 = 0x00000033 + CKK_POLY1305 = 0x00000034 + CKK_AES_XTS = 0x00000035 + CKK_SHA3_224_HMAC = 0x00000036 + CKK_SHA3_256_HMAC = 0x00000037 + CKK_SHA3_384_HMAC = 0x00000038 + CKK_SHA3_512_HMAC = 0x00000039 + CKK_BLAKE2B_160_HMAC = 0x0000003a + CKK_BLAKE2B_256_HMAC = 0x0000003b + CKK_BLAKE2B_384_HMAC = 0x0000003c + CKK_BLAKE2B_512_HMAC = 0x0000003d + CKK_SALSA20 = 0x0000003e + CKK_X2RATCHET = 0x0000003f + CKK_EC_EDWARDS = 0x00000040 + CKK_EC_MONTGOMERY = 0x00000041 + CKK_HKDF = 0x00000042 + CKK_SHA512_224_HMAC = 0x00000043 + CKK_SHA512_256_HMAC = 0x00000044 + CKK_SHA512_T_HMAC = 0x00000045 + CKK_HSS = 0x00000046 + CKK_VENDOR_DEFINED = 0x80000000 + + CK_CERTIFICATE_CATEGORY_UNSPECIFIED = 0 + CK_CERTIFICATE_CATEGORY_TOKEN_USER = 1 + CK_CERTIFICATE_CATEGORY_AUTHORITY = 2 + CK_CERTIFICATE_CATEGORY_OTHER_ENTITY = 3 + CK_SECURITY_DOMAIN_UNSPECIFIED = 0 + CK_SECURITY_DOMAIN_MANUFACTURER = 1 + CK_SECURITY_DOMAIN_OPERATOR = 2 + CK_SECURITY_DOMAIN_THIRD_PARTY = 3 + + // The following certificate types are defined: + CKC_X_509 = 0x00000000 + CKC_X_509_ATTR_CERT = 0x00000001 + CKC_WTLS = 0x00000002 + CKC_VENDOR_DEFINED = 0x80000000 + + // The CKF_ARRAY_ATTRIBUTE flag identifies an attribute which + // consists of an array of values. + CKF_ARRAY_ATTRIBUTE = 0x40000000 + + // The following OTP-related defines relate to the CKA_OTP_FORMAT attribute + CK_OTP_FORMAT_DECIMAL = 0 + CK_OTP_FORMAT_HEXADECIMAL = 1 + CK_OTP_FORMAT_ALPHANUMERIC = 2 + CK_OTP_FORMAT_BINARY = 3 + + // The following OTP-related defines relate to the CKA_OTP_..._REQUIREMENT + // attributes + CK_OTP_PARAM_IGNORED = 0 + CK_OTP_PARAM_OPTIONAL = 1 + CK_OTP_PARAM_MANDATORY = 2 + + // The following attribute types are defined: + CKA_CLASS = 0x00000000 + CKA_TOKEN = 0x00000001 + CKA_PRIVATE = 0x00000002 + CKA_LABEL = 0x00000003 + CKA_UNIQUE_ID = 0x00000004 + CKA_APPLICATION = 0x00000010 + CKA_VALUE = 0x00000011 + CKA_OBJECT_ID = 0x00000012 + CKA_CERTIFICATE_TYPE = 0x00000080 + CKA_ISSUER = 0x00000081 + CKA_SERIAL_NUMBER = 0x00000082 + CKA_AC_ISSUER = 0x00000083 + CKA_OWNER = 0x00000084 + CKA_ATTR_TYPES = 0x00000085 + CKA_TRUSTED = 0x00000086 + CKA_CERTIFICATE_CATEGORY = 0x00000087 + CKA_JAVA_MIDP_SECURITY_DOMAIN = 0x00000088 + CKA_URL = 0x00000089 + CKA_HASH_OF_SUBJECT_PUBLIC_KEY = 0x0000008a + CKA_HASH_OF_ISSUER_PUBLIC_KEY = 0x0000008b + CKA_NAME_HASH_ALGORITHM = 0x0000008c + CKA_CHECK_VALUE = 0x00000090 + CKA_KEY_TYPE = 0x00000100 + CKA_SUBJECT = 0x00000101 + CKA_ID = 0x00000102 + CKA_SENSITIVE = 0x00000103 + CKA_ENCRYPT = 0x00000104 + CKA_DECRYPT = 0x00000105 + CKA_WRAP = 0x00000106 + CKA_UNWRAP = 0x00000107 + CKA_SIGN = 0x00000108 + CKA_SIGN_RECOVER = 0x00000109 + CKA_VERIFY = 0x0000010a + CKA_VERIFY_RECOVER = 0x0000010b + CKA_DERIVE = 0x0000010c + CKA_START_DATE = 0x00000110 + CKA_END_DATE = 0x00000111 + CKA_MODULUS = 0x00000120 + CKA_MODULUS_BITS = 0x00000121 + CKA_PUBLIC_EXPONENT = 0x00000122 + CKA_PRIVATE_EXPONENT = 0x00000123 + CKA_PRIME_1 = 0x00000124 + CKA_PRIME_2 = 0x00000125 + CKA_EXPONENT_1 = 0x00000126 + CKA_EXPONENT_2 = 0x00000127 + CKA_COEFFICIENT = 0x00000128 + CKA_PUBLIC_KEY_INFO = 0x00000129 + CKA_PRIME = 0x00000130 + CKA_SUBPRIME = 0x00000131 + CKA_BASE = 0x00000132 + CKA_PRIME_BITS = 0x00000133 + CKA_SUBPRIME_BITS = 0x00000134 + CKA_SUB_PRIME_BITS = CKA_SUBPRIME_BITS + CKA_VALUE_BITS = 0x00000160 + CKA_VALUE_LEN = 0x00000161 + CKA_EXTRACTABLE = 0x00000162 + CKA_LOCAL = 0x00000163 + CKA_NEVER_EXTRACTABLE = 0x00000164 + CKA_ALWAYS_SENSITIVE = 0x00000165 + CKA_KEY_GEN_MECHANISM = 0x00000166 + CKA_MODIFIABLE = 0x00000170 + CKA_COPYABLE = 0x00000171 + CKA_DESTROYABLE = 0x00000172 + CKA_ECDSA_PARAMS = 0x00000180 // Deprecated + CKA_EC_PARAMS = 0x00000180 + CKA_EC_POINT = 0x00000181 + CKA_SECONDARY_AUTH = 0x00000200 // Deprecated + CKA_AUTH_PIN_FLAGS = 0x00000201 // Deprecated + CKA_ALWAYS_AUTHENTICATE = 0x00000202 + CKA_WRAP_WITH_TRUSTED = 0x00000210 + CKA_WRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000211) + CKA_UNWRAP_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000212) + CKA_DERIVE_TEMPLATE = (CKF_ARRAY_ATTRIBUTE | 0x00000213) + CKA_OTP_FORMAT = 0x00000220 + CKA_OTP_LENGTH = 0x00000221 + CKA_OTP_TIME_INTERVAL = 0x00000222 + CKA_OTP_USER_FRIENDLY_MODE = 0x00000223 + CKA_OTP_CHALLENGE_REQUIREMENT = 0x00000224 + CKA_OTP_TIME_REQUIREMENT = 0x00000225 + CKA_OTP_COUNTER_REQUIREMENT = 0x00000226 + CKA_OTP_PIN_REQUIREMENT = 0x00000227 + CKA_OTP_COUNTER = 0x0000022e + CKA_OTP_TIME = 0x0000022f + CKA_OTP_USER_IDENTIFIER = 0x0000022a + CKA_OTP_SERVICE_IDENTIFIER = 0x0000022b + CKA_OTP_SERVICE_LOGO = 0x0000022c + CKA_OTP_SERVICE_LOGO_TYPE = 0x0000022d + CKA_GOSTR3410_PARAMS = 0x00000250 + CKA_GOSTR3411_PARAMS = 0x00000251 + CKA_GOST28147_PARAMS = 0x00000252 + CKA_HW_FEATURE_TYPE = 0x00000300 + CKA_RESET_ON_INIT = 0x00000301 + CKA_HAS_RESET = 0x00000302 + CKA_PIXEL_X = 0x00000400 + CKA_PIXEL_Y = 0x00000401 + CKA_RESOLUTION = 0x00000402 + CKA_CHAR_ROWS = 0x00000403 + CKA_CHAR_COLUMNS = 0x00000404 + CKA_COLOR = 0x00000405 + CKA_BITS_PER_PIXEL = 0x00000406 + CKA_CHAR_SETS = 0x00000480 + CKA_ENCODING_METHODS = 0x00000481 + CKA_MIME_TYPES = 0x00000482 + CKA_MECHANISM_TYPE = 0x00000500 + CKA_REQUIRED_CMS_ATTRIBUTES = 0x00000501 + CKA_DEFAULT_CMS_ATTRIBUTES = 0x00000502 + CKA_SUPPORTED_CMS_ATTRIBUTES = 0x00000503 + CKA_ALLOWED_MECHANISMS = (CKF_ARRAY_ATTRIBUTE | 0x00000600) + CKA_PROFILE_ID = 0x00000601 + CKA_X2RATCHET_BAG = 0x00000602 + CKA_X2RATCHET_BAGSIZE = 0x00000603 + CKA_X2RATCHET_BOBS1STMSG = 0x00000604 + CKA_X2RATCHET_CKR = 0x00000605 + CKA_X2RATCHET_CKS = 0x00000606 + CKA_X2RATCHET_DHP = 0x00000607 + CKA_X2RATCHET_DHR = 0x00000608 + CKA_X2RATCHET_DHS = 0x00000609 + CKA_X2RATCHET_HKR = 0x0000060a + CKA_X2RATCHET_HKS = 0x0000060b + CKA_X2RATCHET_ISALICE = 0x0000060c + CKA_X2RATCHET_NHKR = 0x0000060d + CKA_X2RATCHET_NHKS = 0x0000060e + CKA_X2RATCHET_NR = 0x0000060f + CKA_X2RATCHET_NS = 0x00000610 + CKA_X2RATCHET_PNS = 0x00000611 + CKA_X2RATCHET_RK = 0x00000612 + + // HSS + CKA_HSS_LEVELS = 0x00000617 + CKA_HSS_LMS_TYPE = 0x00000618 + CKA_HSS_LMOTS_TYPE = 0x00000619 + CKA_HSS_LMS_TYPES = 0x0000061a + CKA_HSS_LMOTS_TYPES = 0x0000061b + CKA_HSS_KEYS_REMAINING = 0x0000061c + CKA_VENDOR_DEFINED = 0x80000000 + + // the following mechanism types are defined: + CKM_RSA_PKCS_KEY_PAIR_GEN = 0x00000000 + CKM_RSA_PKCS = 0x00000001 + CKM_RSA_9796 = 0x00000002 + CKM_RSA_X_509 = 0x00000003 + CKM_MD2_RSA_PKCS = 0x00000004 + CKM_MD5_RSA_PKCS = 0x00000005 + CKM_SHA1_RSA_PKCS = 0x00000006 + CKM_RIPEMD128_RSA_PKCS = 0x00000007 + CKM_RIPEMD160_RSA_PKCS = 0x00000008 + CKM_RSA_PKCS_OAEP = 0x00000009 + CKM_RSA_X9_31_KEY_PAIR_GEN = 0x0000000a + CKM_RSA_X9_31 = 0x0000000b + CKM_SHA1_RSA_X9_31 = 0x0000000c + CKM_RSA_PKCS_PSS = 0x0000000d + CKM_SHA1_RSA_PKCS_PSS = 0x0000000e + CKM_DSA_KEY_PAIR_GEN = 0x00000010 + CKM_DSA = 0x00000011 + CKM_DSA_SHA1 = 0x00000012 + CKM_DSA_SHA224 = 0x00000013 + CKM_DSA_SHA256 = 0x00000014 + CKM_DSA_SHA384 = 0x00000015 + CKM_DSA_SHA512 = 0x00000016 + CKM_DSA_SHA3_224 = 0x00000018 + CKM_DSA_SHA3_256 = 0x00000019 + CKM_DSA_SHA3_384 = 0x0000001a + CKM_DSA_SHA3_512 = 0x0000001b + CKM_DH_PKCS_KEY_PAIR_GEN = 0x00000020 + CKM_DH_PKCS_DERIVE = 0x00000021 + CKM_X9_42_DH_KEY_PAIR_GEN = 0x00000030 + CKM_X9_42_DH_DERIVE = 0x00000031 + CKM_X9_42_DH_HYBRID_DERIVE = 0x00000032 + CKM_X9_42_MQV_DERIVE = 0x00000033 + CKM_SHA256_RSA_PKCS = 0x00000040 + CKM_SHA384_RSA_PKCS = 0x00000041 + CKM_SHA512_RSA_PKCS = 0x00000042 + CKM_SHA256_RSA_PKCS_PSS = 0x00000043 + CKM_SHA384_RSA_PKCS_PSS = 0x00000044 + CKM_SHA512_RSA_PKCS_PSS = 0x00000045 + CKM_SHA224_RSA_PKCS = 0x00000046 + CKM_SHA224_RSA_PKCS_PSS = 0x00000047 + CKM_SHA512_224 = 0x00000048 + CKM_SHA512_224_HMAC = 0x00000049 + CKM_SHA512_224_HMAC_GENERAL = 0x0000004a + CKM_SHA512_224_KEY_DERIVATION = 0x0000004b + CKM_SHA512_256 = 0x0000004c + CKM_SHA512_256_HMAC = 0x0000004d + CKM_SHA512_256_HMAC_GENERAL = 0x0000004e + CKM_SHA512_256_KEY_DERIVATION = 0x0000004f + CKM_SHA512_T = 0x00000050 + CKM_SHA512_T_HMAC = 0x00000051 + CKM_SHA512_T_HMAC_GENERAL = 0x00000052 + CKM_SHA512_T_KEY_DERIVATION = 0x00000053 + CKM_SHA3_256_RSA_PKCS = 0x00000060 + CKM_SHA3_384_RSA_PKCS = 0x00000061 + CKM_SHA3_512_RSA_PKCS = 0x00000062 + CKM_SHA3_256_RSA_PKCS_PSS = 0x00000063 + CKM_SHA3_384_RSA_PKCS_PSS = 0x00000064 + CKM_SHA3_512_RSA_PKCS_PSS = 0x00000065 + CKM_SHA3_224_RSA_PKCS = 0x00000066 + CKM_SHA3_224_RSA_PKCS_PSS = 0x00000067 + CKM_RC2_KEY_GEN = 0x00000100 + CKM_RC2_ECB = 0x00000101 + CKM_RC2_CBC = 0x00000102 + CKM_RC2_MAC = 0x00000103 + CKM_RC2_MAC_GENERAL = 0x00000104 + CKM_RC2_CBC_PAD = 0x00000105 + CKM_RC4_KEY_GEN = 0x00000110 + CKM_RC4 = 0x00000111 + CKM_DES_KEY_GEN = 0x00000120 + CKM_DES_ECB = 0x00000121 + CKM_DES_CBC = 0x00000122 + CKM_DES_MAC = 0x00000123 + CKM_DES_MAC_GENERAL = 0x00000124 + CKM_DES_CBC_PAD = 0x00000125 + CKM_DES2_KEY_GEN = 0x00000130 + CKM_DES3_KEY_GEN = 0x00000131 + CKM_DES3_ECB = 0x00000132 + CKM_DES3_CBC = 0x00000133 + CKM_DES3_MAC = 0x00000134 + CKM_DES3_MAC_GENERAL = 0x00000135 + CKM_DES3_CBC_PAD = 0x00000136 + CKM_DES3_CMAC_GENERAL = 0x00000137 + CKM_DES3_CMAC = 0x00000138 + CKM_CDMF_KEY_GEN = 0x00000140 + CKM_CDMF_ECB = 0x00000141 + CKM_CDMF_CBC = 0x00000142 + CKM_CDMF_MAC = 0x00000143 + CKM_CDMF_MAC_GENERAL = 0x00000144 + CKM_CDMF_CBC_PAD = 0x00000145 + CKM_DES_OFB64 = 0x00000150 + CKM_DES_OFB8 = 0x00000151 + CKM_DES_CFB64 = 0x00000152 + CKM_DES_CFB8 = 0x00000153 + CKM_MD2 = 0x00000200 + CKM_MD2_HMAC = 0x00000201 + CKM_MD2_HMAC_GENERAL = 0x00000202 + CKM_MD5 = 0x00000210 + CKM_MD5_HMAC = 0x00000211 + CKM_MD5_HMAC_GENERAL = 0x00000212 + CKM_SHA_1 = 0x00000220 + CKM_SHA_1_HMAC = 0x00000221 + CKM_SHA_1_HMAC_GENERAL = 0x00000222 + CKM_RIPEMD128 = 0x00000230 + CKM_RIPEMD128_HMAC = 0x00000231 + CKM_RIPEMD128_HMAC_GENERAL = 0x00000232 + CKM_RIPEMD160 = 0x00000240 + CKM_RIPEMD160_HMAC = 0x00000241 + CKM_RIPEMD160_HMAC_GENERAL = 0x00000242 + CKM_SHA256 = 0x00000250 + CKM_SHA256_HMAC = 0x00000251 + CKM_SHA256_HMAC_GENERAL = 0x00000252 + CKM_SHA224 = 0x00000255 + CKM_SHA224_HMAC = 0x00000256 + CKM_SHA224_HMAC_GENERAL = 0x00000257 + CKM_SHA384 = 0x00000260 + CKM_SHA384_HMAC = 0x00000261 + CKM_SHA384_HMAC_GENERAL = 0x00000262 + CKM_SHA512 = 0x00000270 + CKM_SHA512_HMAC = 0x00000271 + CKM_SHA512_HMAC_GENERAL = 0x00000272 + CKM_SECURID_KEY_GEN = 0x00000280 + CKM_SECURID = 0x00000282 + CKM_HOTP_KEY_GEN = 0x00000290 + CKM_HOTP = 0x00000291 + CKM_ACTI = 0x000002a0 + CKM_ACTI_KEY_GEN = 0x000002a1 + CKM_SHA3_256 = 0x000002b0 + CKM_SHA3_256_HMAC = 0x000002b1 + CKM_SHA3_256_HMAC_GENERAL = 0x000002b2 + CKM_SHA3_256_KEY_GEN = 0x000002b3 + CKM_SHA3_224 = 0x000002b5 + CKM_SHA3_224_HMAC = 0x000002b6 + CKM_SHA3_224_HMAC_GENERAL = 0x000002b7 + CKM_SHA3_224_KEY_GEN = 0x000002b8 + CKM_SHA3_384 = 0x000002c0 + CKM_SHA3_384_HMAC = 0x000002c1 + CKM_SHA3_384_HMAC_GENERAL = 0x000002c2 + CKM_SHA3_384_KEY_GEN = 0x000002c3 + CKM_SHA3_512 = 0x000002d0 + CKM_SHA3_512_HMAC = 0x000002d1 + CKM_SHA3_512_HMAC_GENERAL = 0x000002d2 + CKM_SHA3_512_KEY_GEN = 0x000002d3 + CKM_CAST_KEY_GEN = 0x00000300 + CKM_CAST_ECB = 0x00000301 + CKM_CAST_CBC = 0x00000302 + CKM_CAST_MAC = 0x00000303 + CKM_CAST_MAC_GENERAL = 0x00000304 + CKM_CAST_CBC_PAD = 0x00000305 + CKM_CAST3_KEY_GEN = 0x00000310 + CKM_CAST3_ECB = 0x00000311 + CKM_CAST3_CBC = 0x00000312 + CKM_CAST3_MAC = 0x00000313 + CKM_CAST3_MAC_GENERAL = 0x00000314 + CKM_CAST3_CBC_PAD = 0x00000315 + + // Note that CAST128 and CAST5 are the same algorithm + CKM_CAST5_KEY_GEN = 0x00000320 + CKM_CAST128_KEY_GEN = 0x00000320 + CKM_CAST5_ECB = 0x00000321 + CKM_CAST128_ECB = 0x00000321 + CKM_CAST5_CBC = 0x00000322 // Deprecated + CKM_CAST128_CBC = 0x00000322 + CKM_CAST5_MAC = 0x00000323 // Deprecated + CKM_CAST128_MAC = 0x00000323 + CKM_CAST5_MAC_GENERAL = 0x00000324 // Deprecated + CKM_CAST128_MAC_GENERAL = 0x00000324 + CKM_CAST5_CBC_PAD = 0x00000325 // Deprecated + CKM_CAST128_CBC_PAD = 0x00000325 + CKM_RC5_KEY_GEN = 0x00000330 + CKM_RC5_ECB = 0x00000331 + CKM_RC5_CBC = 0x00000332 + CKM_RC5_MAC = 0x00000333 + CKM_RC5_MAC_GENERAL = 0x00000334 + CKM_RC5_CBC_PAD = 0x00000335 + CKM_IDEA_KEY_GEN = 0x00000340 + CKM_IDEA_ECB = 0x00000341 + CKM_IDEA_CBC = 0x00000342 + CKM_IDEA_MAC = 0x00000343 + CKM_IDEA_MAC_GENERAL = 0x00000344 + CKM_IDEA_CBC_PAD = 0x00000345 + CKM_GENERIC_SECRET_KEY_GEN = 0x00000350 + CKM_CONCATENATE_BASE_AND_KEY = 0x00000360 + CKM_CONCATENATE_BASE_AND_DATA = 0x00000362 + CKM_CONCATENATE_DATA_AND_BASE = 0x00000363 + CKM_XOR_BASE_AND_DATA = 0x00000364 + CKM_EXTRACT_KEY_FROM_KEY = 0x00000365 + CKM_SSL3_PRE_MASTER_KEY_GEN = 0x00000370 + CKM_SSL3_MASTER_KEY_DERIVE = 0x00000371 + CKM_SSL3_KEY_AND_MAC_DERIVE = 0x00000372 + CKM_SSL3_MASTER_KEY_DERIVE_DH = 0x00000373 + CKM_TLS_PRE_MASTER_KEY_GEN = 0x00000374 + CKM_TLS_MASTER_KEY_DERIVE = 0x00000375 + CKM_TLS_KEY_AND_MAC_DERIVE = 0x00000376 + CKM_TLS_MASTER_KEY_DERIVE_DH = 0x00000377 + CKM_TLS_PRF = 0x00000378 + CKM_SSL3_MD5_MAC = 0x00000380 + CKM_SSL3_SHA1_MAC = 0x00000381 + CKM_MD5_KEY_DERIVATION = 0x00000390 + CKM_MD2_KEY_DERIVATION = 0x00000391 + CKM_SHA1_KEY_DERIVATION = 0x00000392 + CKM_SHA256_KEY_DERIVATION = 0x00000393 + CKM_SHA384_KEY_DERIVATION = 0x00000394 + CKM_SHA512_KEY_DERIVATION = 0x00000395 + CKM_SHA224_KEY_DERIVATION = 0x00000396 + CKM_SHA3_256_KEY_DERIVATION = 0x00000397 + CKM_SHA3_224_KEY_DERIVATION = 0x00000398 + CKM_SHA3_384_KEY_DERIVATION = 0x00000399 + CKM_SHA3_512_KEY_DERIVATION = 0x0000039a + CKM_SHAKE_128_KEY_DERIVATION = 0x0000039b + CKM_SHAKE_256_KEY_DERIVATION = 0x0000039c + CKM_SHA3_256_KEY_DERIVE = CKM_SHA3_256_KEY_DERIVATION + CKM_SHA3_224_KEY_DERIVE = CKM_SHA3_224_KEY_DERIVATION + CKM_SHA3_384_KEY_DERIVE = CKM_SHA3_384_KEY_DERIVATION + CKM_SHA3_512_KEY_DERIVE = CKM_SHA3_512_KEY_DERIVATION + CKM_SHAKE_128_KEY_DERIVE = CKM_SHAKE_128_KEY_DERIVATION + CKM_SHAKE_256_KEY_DERIVE = CKM_SHAKE_256_KEY_DERIVATION + CKM_PBE_MD2_DES_CBC = 0x000003a0 + CKM_PBE_MD5_DES_CBC = 0x000003a1 + CKM_PBE_MD5_CAST_CBC = 0x000003a2 + CKM_PBE_MD5_CAST3_CBC = 0x000003a3 + CKM_PBE_MD5_CAST5_CBC = 0x000003a4 // Deprecated + CKM_PBE_MD5_CAST128_CBC = 0x000003a4 + CKM_PBE_SHA1_CAST5_CBC = 0x000003a5 // Deprecated + CKM_PBE_SHA1_CAST128_CBC = 0x000003a5 + CKM_PBE_SHA1_RC4_128 = 0x000003a6 + CKM_PBE_SHA1_RC4_40 = 0x000003a7 + CKM_PBE_SHA1_DES3_EDE_CBC = 0x000003a8 + CKM_PBE_SHA1_DES2_EDE_CBC = 0x000003a9 + CKM_PBE_SHA1_RC2_128_CBC = 0x000003aa + CKM_PBE_SHA1_RC2_40_CBC = 0x000003ab + CKM_PKCS5_PBKD2 = 0x000003b0 + CKM_PBA_SHA1_WITH_SHA1_HMAC = 0x000003c0 + CKM_WTLS_PRE_MASTER_KEY_GEN = 0x000003d0 + CKM_WTLS_MASTER_KEY_DERIVE = 0x000003d1 + CKM_WTLS_MASTER_KEY_DERIVE_DH_ECC = 0x000003d2 + CKM_WTLS_PRF = 0x000003d3 + CKM_WTLS_SERVER_KEY_AND_MAC_DERIVE = 0x000003d4 + CKM_WTLS_CLIENT_KEY_AND_MAC_DERIVE = 0x000003d5 + CKM_TLS10_MAC_SERVER = 0x000003d6 + CKM_TLS10_MAC_CLIENT = 0x000003d7 + CKM_TLS12_MAC = 0x000003d8 + CKM_TLS12_KDF = 0x000003d9 + CKM_TLS12_MASTER_KEY_DERIVE = 0x000003e0 + CKM_TLS12_KEY_AND_MAC_DERIVE = 0x000003e1 + CKM_TLS12_MASTER_KEY_DERIVE_DH = 0x000003e2 + CKM_TLS12_KEY_SAFE_DERIVE = 0x000003e3 + CKM_TLS_MAC = 0x000003e4 + CKM_TLS_KDF = 0x000003e5 + CKM_KEY_WRAP_LYNKS = 0x00000400 + CKM_KEY_WRAP_SET_OAEP = 0x00000401 + CKM_CMS_SIG = 0x00000500 + CKM_KIP_DERIVE = 0x00000510 + CKM_KIP_WRAP = 0x00000511 + CKM_KIP_MAC = 0x00000512 + CKM_CAMELLIA_KEY_GEN = 0x00000550 + CKM_CAMELLIA_ECB = 0x00000551 + CKM_CAMELLIA_CBC = 0x00000552 + CKM_CAMELLIA_MAC = 0x00000553 + CKM_CAMELLIA_MAC_GENERAL = 0x00000554 + CKM_CAMELLIA_CBC_PAD = 0x00000555 + CKM_CAMELLIA_ECB_ENCRYPT_DATA = 0x00000556 + CKM_CAMELLIA_CBC_ENCRYPT_DATA = 0x00000557 + CKM_CAMELLIA_CTR = 0x00000558 + CKM_ARIA_KEY_GEN = 0x00000560 + CKM_ARIA_ECB = 0x00000561 + CKM_ARIA_CBC = 0x00000562 + CKM_ARIA_MAC = 0x00000563 + CKM_ARIA_MAC_GENERAL = 0x00000564 + CKM_ARIA_CBC_PAD = 0x00000565 + CKM_ARIA_ECB_ENCRYPT_DATA = 0x00000566 + CKM_ARIA_CBC_ENCRYPT_DATA = 0x00000567 + CKM_SEED_KEY_GEN = 0x00000650 + CKM_SEED_ECB = 0x00000651 + CKM_SEED_CBC = 0x00000652 + CKM_SEED_MAC = 0x00000653 + CKM_SEED_MAC_GENERAL = 0x00000654 + CKM_SEED_CBC_PAD = 0x00000655 + CKM_SEED_ECB_ENCRYPT_DATA = 0x00000656 + CKM_SEED_CBC_ENCRYPT_DATA = 0x00000657 + CKM_SKIPJACK_KEY_GEN = 0x00001000 + CKM_SKIPJACK_ECB64 = 0x00001001 + CKM_SKIPJACK_CBC64 = 0x00001002 + CKM_SKIPJACK_OFB64 = 0x00001003 + CKM_SKIPJACK_CFB64 = 0x00001004 + CKM_SKIPJACK_CFB32 = 0x00001005 + CKM_SKIPJACK_CFB16 = 0x00001006 + CKM_SKIPJACK_CFB8 = 0x00001007 + CKM_SKIPJACK_WRAP = 0x00001008 + CKM_SKIPJACK_PRIVATE_WRAP = 0x00001009 + CKM_SKIPJACK_RELAYX = 0x0000100a + CKM_KEA_KEY_PAIR_GEN = 0x00001010 + CKM_KEA_KEY_DERIVE = 0x00001011 + CKM_KEA_DERIVE = 0x00001012 + CKM_FORTEZZA_TIMESTAMP = 0x00001020 + CKM_BATON_KEY_GEN = 0x00001030 + CKM_BATON_ECB128 = 0x00001031 + CKM_BATON_ECB96 = 0x00001032 + CKM_BATON_CBC128 = 0x00001033 + CKM_BATON_COUNTER = 0x00001034 + CKM_BATON_SHUFFLE = 0x00001035 + CKM_BATON_WRAP = 0x00001036 + CKM_ECDSA_KEY_PAIR_GEN = 0x00001040 // Deprecated + CKM_EC_KEY_PAIR_GEN = 0x00001040 + CKM_ECDSA = 0x00001041 + CKM_ECDSA_SHA1 = 0x00001042 + CKM_ECDSA_SHA224 = 0x00001043 + CKM_ECDSA_SHA256 = 0x00001044 + CKM_ECDSA_SHA384 = 0x00001045 + CKM_ECDSA_SHA512 = 0x00001046 + CKM_EC_KEY_PAIR_GEN_W_EXTRA_BITS = 0x0000140b + CKM_ECDH1_DERIVE = 0x00001050 + CKM_ECDH1_COFACTOR_DERIVE = 0x00001051 + CKM_ECMQV_DERIVE = 0x00001052 + CKM_ECDH_AES_KEY_WRAP = 0x00001053 + CKM_RSA_AES_KEY_WRAP = 0x00001054 + CKM_JUNIPER_KEY_GEN = 0x00001060 + CKM_JUNIPER_ECB128 = 0x00001061 + CKM_JUNIPER_CBC128 = 0x00001062 + CKM_JUNIPER_COUNTER = 0x00001063 + CKM_JUNIPER_SHUFFLE = 0x00001064 + CKM_JUNIPER_WRAP = 0x00001065 + CKM_FASTHASH = 0x00001070 + CKM_AES_XTS = 0x00001071 + CKM_AES_XTS_KEY_GEN = 0x00001072 + CKM_AES_KEY_GEN = 0x00001080 + CKM_AES_ECB = 0x00001081 + CKM_AES_CBC = 0x00001082 + CKM_AES_MAC = 0x00001083 + CKM_AES_MAC_GENERAL = 0x00001084 + CKM_AES_CBC_PAD = 0x00001085 + CKM_AES_CTR = 0x00001086 + CKM_AES_GCM = 0x00001087 + CKM_AES_CCM = 0x00001088 + CKM_AES_CTS = 0x00001089 + CKM_AES_CMAC = 0x0000108a + CKM_AES_CMAC_GENERAL = 0x0000108b + CKM_AES_XCBC_MAC = 0x0000108c + CKM_AES_XCBC_MAC_96 = 0x0000108d + CKM_AES_GMAC = 0x0000108e + CKM_BLOWFISH_KEY_GEN = 0x00001090 + CKM_BLOWFISH_CBC = 0x00001091 + CKM_TWOFISH_KEY_GEN = 0x00001092 + CKM_TWOFISH_CBC = 0x00001093 + CKM_BLOWFISH_CBC_PAD = 0x00001094 + CKM_TWOFISH_CBC_PAD = 0x00001095 + CKM_DES_ECB_ENCRYPT_DATA = 0x00001100 + CKM_DES_CBC_ENCRYPT_DATA = 0x00001101 + CKM_DES3_ECB_ENCRYPT_DATA = 0x00001102 + CKM_DES3_CBC_ENCRYPT_DATA = 0x00001103 + CKM_AES_ECB_ENCRYPT_DATA = 0x00001104 + CKM_AES_CBC_ENCRYPT_DATA = 0x00001105 + CKM_GOSTR3410_KEY_PAIR_GEN = 0x00001200 + CKM_GOSTR3410 = 0x00001201 + CKM_GOSTR3410_WITH_GOSTR3411 = 0x00001202 + CKM_GOSTR3410_KEY_WRAP = 0x00001203 + CKM_GOSTR3410_DERIVE = 0x00001204 + CKM_GOSTR3411 = 0x00001210 + CKM_GOSTR3411_HMAC = 0x00001211 + CKM_GOST28147_KEY_GEN = 0x00001220 + CKM_GOST28147_ECB = 0x00001221 + CKM_GOST28147 = 0x00001222 + CKM_GOST28147_MAC = 0x00001223 + CKM_GOST28147_KEY_WRAP = 0x00001224 + CKM_CHACHA20_KEY_GEN = 0x00001225 + CKM_CHACHA20 = 0x00001226 + CKM_POLY1305_KEY_GEN = 0x00001227 + CKM_POLY1305 = 0x00001228 + CKM_DSA_PARAMETER_GEN = 0x00002000 + CKM_DH_PKCS_PARAMETER_GEN = 0x00002001 + CKM_X9_42_DH_PARAMETER_GEN = 0x00002002 + CKM_DSA_PROBABILISTIC_PARAMETER_GEN = 0x00002003 + CKM_DSA_PROBABLISTIC_PARAMETER_GEN = CKM_DSA_PROBABILISTIC_PARAMETER_GEN + CKM_DSA_SHAWE_TAYLOR_PARAMETER_GEN = 0x00002004 + CKM_DSA_FIPS_G_GEN = 0x00002005 + CKM_AES_OFB = 0x00002104 + CKM_AES_CFB64 = 0x00002105 + CKM_AES_CFB8 = 0x00002106 + CKM_AES_CFB128 = 0x00002107 + CKM_AES_CFB1 = 0x00002108 + CKM_AES_KEY_WRAP = 0x00002109 // WAS: 0x00001090 + CKM_AES_KEY_WRAP_PAD = 0x0000210A // WAS: 0x00001091 + CKM_AES_KEY_WRAP_KWP = 0x0000210B + CKM_AES_KEY_WRAP_PKCS7 = 0x0000210C + CKM_RSA_PKCS_TPM_1_1 = 0x00004001 + CKM_RSA_PKCS_OAEP_TPM_1_1 = 0x00004002 + CKM_SHA_1_KEY_GEN = 0x00004003 + CKM_SHA224_KEY_GEN = 0x00004004 + CKM_SHA256_KEY_GEN = 0x00004005 + CKM_SHA384_KEY_GEN = 0x00004006 + CKM_SHA512_KEY_GEN = 0x00004007 + CKM_SHA512_224_KEY_GEN = 0x00004008 + CKM_SHA512_256_KEY_GEN = 0x00004009 + CKM_SHA512_T_KEY_GEN = 0x0000400a + CKM_NULL = 0x0000400b + CKM_BLAKE2B_160 = 0x0000400c + CKM_BLAKE2B_160_HMAC = 0x0000400d + CKM_BLAKE2B_160_HMAC_GENERAL = 0x0000400e + CKM_BLAKE2B_160_KEY_DERIVE = 0x0000400f + CKM_BLAKE2B_160_KEY_GEN = 0x00004010 + CKM_BLAKE2B_256 = 0x00004011 + CKM_BLAKE2B_256_HMAC = 0x00004012 + CKM_BLAKE2B_256_HMAC_GENERAL = 0x00004013 + CKM_BLAKE2B_256_KEY_DERIVE = 0x00004014 + CKM_BLAKE2B_256_KEY_GEN = 0x00004015 + CKM_BLAKE2B_384 = 0x00004016 + CKM_BLAKE2B_384_HMAC = 0x00004017 + CKM_BLAKE2B_384_HMAC_GENERAL = 0x00004018 + CKM_BLAKE2B_384_KEY_DERIVE = 0x00004019 + CKM_BLAKE2B_384_KEY_GEN = 0x0000401a + CKM_BLAKE2B_512 = 0x0000401b + CKM_BLAKE2B_512_HMAC = 0x0000401c + CKM_BLAKE2B_512_HMAC_GENERAL = 0x0000401d + CKM_BLAKE2B_512_KEY_DERIVE = 0x0000401e + CKM_BLAKE2B_512_KEY_GEN = 0x0000401f + CKM_SALSA20 = 0x00004020 + CKM_CHACHA20_POLY1305 = 0x00004021 + CKM_SALSA20_POLY1305 = 0x00004022 + CKM_X3DH_INITIALIZE = 0x00004023 + CKM_X3DH_RESPOND = 0x00004024 + CKM_X2RATCHET_INITIALIZE = 0x00004025 + CKM_X2RATCHET_RESPOND = 0x00004026 + CKM_X2RATCHET_ENCRYPT = 0x00004027 + CKM_X2RATCHET_DECRYPT = 0x00004028 + CKM_XEDDSA = 0x00004029 + CKM_HKDF_DERIVE = 0x0000402a + CKM_HKDF_DATA = 0x0000402b + CKM_HKDF_KEY_GEN = 0x0000402c + CKM_SALSA20_KEY_GEN = 0x0000402d + CKM_ECDSA_SHA3_224 = 0x00001047 + CKM_ECDSA_SHA3_256 = 0x00001048 + CKM_ECDSA_SHA3_384 = 0x00001049 + CKM_ECDSA_SHA3_512 = 0x0000104a + CKM_EC_EDWARDS_KEY_PAIR_GEN = 0x00001055 + CKM_EC_MONTGOMERY_KEY_PAIR_GEN = 0x00001056 + CKM_EDDSA = 0x00001057 + CKM_SP800_108_COUNTER_KDF = 0x000003ac + CKM_SP800_108_FEEDBACK_KDF = 0x000003ad + CKM_SP800_108_DOUBLE_PIPELINE_KDF = 0x000003ae + CKM_IKE2_PRF_PLUS_DERIVE = 0x0000402e + CKM_IKE_PRF_DERIVE = 0x0000402f + CKM_IKE1_PRF_DERIVE = 0x00004030 + CKM_IKE1_EXTENDED_DERIVE = 0x00004031 + CKM_HSS_KEY_PAIR_GEN = 0x00004032 + CKM_HSS = 0x00004033 + CKM_VENDOR_DEFINED = 0x80000000 + + // The flags are defined as follows: + // + // Bit Flag Mask Meaning + CKF_HW = 0x00000001 // performed by HW + + // Specify whether or not a mechanism can be used for a particular task + CKF_MESSAGE_ENCRYPT = 0x00000002 + CKF_MESSAGE_DECRYPT = 0x00000004 + CKF_MESSAGE_SIGN = 0x00000008 + CKF_MESSAGE_VERIFY = 0x00000010 + CKF_MULTI_MESSAGE = 0x00000020 + CKF_MULTI_MESSGE = CKF_MULTI_MESSAGE + CKF_FIND_OBJECTS = 0x00000040 + CKF_ENCRYPT = 0x00000100 + CKF_DECRYPT = 0x00000200 + CKF_DIGEST = 0x00000400 + CKF_SIGN = 0x00000800 + CKF_SIGN_RECOVER = 0x00001000 + CKF_VERIFY = 0x00002000 + CKF_VERIFY_RECOVER = 0x00004000 + CKF_GENERATE = 0x00008000 + CKF_GENERATE_KEY_PAIR = 0x00010000 + CKF_WRAP = 0x00020000 + CKF_UNWRAP = 0x00040000 + CKF_DERIVE = 0x00080000 + + // Describe a token's EC capabilities not available in mechanism + // information. + CKF_EC_F_P = 0x00100000 + CKF_EC_F_2M = 0x00200000 + CKF_EC_ECPARAMETERS = 0x00400000 + CKF_EC_OID = 0x00800000 + CKF_EC_NAMEDCURVE = CKF_EC_OID // deprecated since PKCS#11 3.00 + CKF_EC_UNCOMPRESS = 0x01000000 + CKF_EC_COMPRESS = 0x02000000 + CKF_EC_CURVENAME = 0x04000000 + CKF_EXTENSION = 0x80000000 + CKR_OK = 0x00000000 CKR_CANCEL = 0x00000001 CKR_HOST_MEMORY = 0x00000002 @@ -837,68 +982,109 @@ const ( CKR_OPERATION_CANCEL_FAILED = 0x00000202 CKR_KEY_EXHAUSTED = 0x00000203 CKR_VENDOR_DEFINED = 0x80000000 - CKF_END_OF_MESSAGE = 0x00000001 - CKF_INTERFACE_FORK_SAFE = 0x00000001 - CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 - CKF_OS_LOCKING_OK = 0x00000002 - CKF_DONT_BLOCK = 1 - CKG_MGF1_SHA1 = 0x00000001 - CKG_MGF1_SHA256 = 0x00000002 - CKG_MGF1_SHA384 = 0x00000003 - CKG_MGF1_SHA512 = 0x00000004 - CKG_MGF1_SHA224 = 0x00000005 - CKG_MGF1_SHA3_224 = 0x00000006 - CKG_MGF1_SHA3_256 = 0x00000007 - CKG_MGF1_SHA3_384 = 0x00000008 - CKG_MGF1_SHA3_512 = 0x00000009 - CKZ_DATA_SPECIFIED = 0x00000001 - CKD_NULL = 0x00000001 - CKD_SHA1_KDF = 0x00000002 - CKD_SHA1_KDF_ASN1 = 0x00000003 - CKD_SHA1_KDF_CONCATENATE = 0x00000004 - CKD_SHA224_KDF = 0x00000005 - CKD_SHA256_KDF = 0x00000006 - CKD_SHA384_KDF = 0x00000007 - CKD_SHA512_KDF = 0x00000008 - CKD_CPDIVERSIFY_KDF = 0x00000009 - CKD_SHA3_224_KDF = 0x0000000A - CKD_SHA3_256_KDF = 0x0000000B - CKD_SHA3_384_KDF = 0x0000000C - CKD_SHA3_512_KDF = 0x0000000D - CKD_SHA1_KDF_SP800 = 0x0000000E - CKD_SHA224_KDF_SP800 = 0x0000000F - CKD_SHA256_KDF_SP800 = 0x00000010 - CKD_SHA384_KDF_SP800 = 0x00000011 - CKD_SHA512_KDF_SP800 = 0x00000012 - CKD_SHA3_224_KDF_SP800 = 0x00000013 - CKD_SHA3_256_KDF_SP800 = 0x00000014 - CKD_SHA3_384_KDF_SP800 = 0x00000015 - CKD_SHA3_512_KDF_SP800 = 0x00000016 - CKD_BLAKE2B_160_KDF = 0x00000017 - CKD_BLAKE2B_256_KDF = 0x00000018 - CKD_BLAKE2B_384_KDF = 0x00000019 - CKD_BLAKE2B_512_KDF = 0x0000001a - CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 - CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 - CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 - CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 - CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 - CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 - CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 - CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 - CKZ_SALT_SPECIFIED = 0x00000001 - CKF_NEXT_OTP = 0x00000001 - CKF_EXCLUDE_TIME = 0x00000002 - CKF_EXCLUDE_COUNTER = 0x00000004 - CKF_EXCLUDE_CHALLENGE = 0x00000008 - CKF_EXCLUDE_PIN = 0x00000010 - CKF_USER_FRIENDLY_OTP = 0x00000020 - CKG_NO_GENERATE = 0x00000000 - CKG_GENERATE = 0x00000001 - CKG_GENERATE_COUNTER = 0x00000002 - CKG_GENERATE_RANDOM = 0x00000003 - CKG_GENERATE_COUNTER_XOR = 0x00000004 - CKF_HKDF_SALT_NULL = 0x00000001 - CKF_HKDF_SALT_DATA = 0x00000002 - CKF_HKDF_SALT_KEY = 0x00000004 + + CKF_END_OF_MESSAGE = 0x00000001 + + // Get functionlist flags + CKF_INTERFACE_FORK_SAFE = 0x00000001 + + // flags: bit flags that provide capabilities of the slot + // + // Bit Flag Mask Meaning + CKF_LIBRARY_CANT_CREATE_OS_THREADS = 0x00000001 + CKF_OS_LOCKING_OK = 0x00000002 + + // additional flags for parameters to functions + // CKF_DONT_BLOCK is for the function C_WaitForSlotEvent + CKF_DONT_BLOCK = 1 + + // The following MGFs are defined + CKG_MGF1_SHA1 = 0x00000001 + CKG_MGF1_SHA256 = 0x00000002 + CKG_MGF1_SHA384 = 0x00000003 + CKG_MGF1_SHA512 = 0x00000004 + CKG_MGF1_SHA224 = 0x00000005 + CKG_MGF1_SHA3_224 = 0x00000006 + CKG_MGF1_SHA3_256 = 0x00000007 + CKG_MGF1_SHA3_384 = 0x00000008 + CKG_MGF1_SHA3_512 = 0x00000009 + + // The following encoding parameter sources are defined + CKZ_DATA_SPECIFIED = 0x00000001 + + // The following EC Key Derivation Functions are defined + CKD_NULL = 0x00000001 + CKD_SHA1_KDF = 0x00000002 + + // The following X9.42 DH key derivation functions are defined + CKD_SHA1_KDF_ASN1 = 0x00000003 + CKD_SHA1_KDF_CONCATENATE = 0x00000004 + CKD_SHA224_KDF = 0x00000005 + CKD_SHA256_KDF = 0x00000006 + CKD_SHA384_KDF = 0x00000007 + CKD_SHA512_KDF = 0x00000008 + CKD_CPDIVERSIFY_KDF = 0x00000009 + CKD_SHA3_224_KDF = 0x0000000A + CKD_SHA3_256_KDF = 0x0000000B + CKD_SHA3_384_KDF = 0x0000000C + CKD_SHA3_512_KDF = 0x0000000D + CKD_SHA1_KDF_SP800 = 0x0000000E + CKD_SHA224_KDF_SP800 = 0x0000000F + CKD_SHA256_KDF_SP800 = 0x00000010 + CKD_SHA384_KDF_SP800 = 0x00000011 + CKD_SHA512_KDF_SP800 = 0x00000012 + CKD_SHA3_224_KDF_SP800 = 0x00000013 + CKD_SHA3_256_KDF_SP800 = 0x00000014 + CKD_SHA3_384_KDF_SP800 = 0x00000015 + CKD_SHA3_512_KDF_SP800 = 0x00000016 + CKD_BLAKE2B_160_KDF = 0x00000017 + CKD_BLAKE2B_256_KDF = 0x00000018 + CKD_BLAKE2B_384_KDF = 0x00000019 + CKD_BLAKE2B_512_KDF = 0x0000001a + + CKP_PKCS5_PBKD2_HMAC_SHA1 = 0x00000001 + CKP_PKCS5_PBKD2_HMAC_GOSTR3411 = 0x00000002 + CKP_PKCS5_PBKD2_HMAC_SHA224 = 0x00000003 + CKP_PKCS5_PBKD2_HMAC_SHA256 = 0x00000004 + CKP_PKCS5_PBKD2_HMAC_SHA384 = 0x00000005 + CKP_PKCS5_PBKD2_HMAC_SHA512 = 0x00000006 + CKP_PKCS5_PBKD2_HMAC_SHA512_224 = 0x00000007 + CKP_PKCS5_PBKD2_HMAC_SHA512_256 = 0x00000008 + + // The following salt value sources are defined in PKCS #5 v2.0. + CKZ_SALT_SPECIFIED = 0x00000001 + + CK_OTP_VALUE = 0 + CK_OTP_PIN = 1 + CK_OTP_CHALLENGE = 2 + CK_OTP_TIME = 3 + CK_OTP_COUNTER = 4 + CK_OTP_FLAGS = 5 + CK_OTP_OUTPUT_LENGTH = 6 + CK_OTP_OUTPUT_FORMAT = 7 + + CKF_NEXT_OTP = 0x00000001 + CKF_EXCLUDE_TIME = 0x00000002 + CKF_EXCLUDE_COUNTER = 0x00000004 + CKF_EXCLUDE_CHALLENGE = 0x00000008 + CKF_EXCLUDE_PIN = 0x00000010 + CKF_USER_FRIENDLY_OTP = 0x00000020 + + CKG_NO_GENERATE = 0x00000000 + CKG_GENERATE = 0x00000001 + CKG_GENERATE_COUNTER = 0x00000002 + CKG_GENERATE_RANDOM = 0x00000003 + CKG_GENERATE_COUNTER_XOR = 0x00000004 + + CK_SP800_108_ITERATION_VARIABLE = 0x00000001 + CK_SP800_108_OPTIONAL_COUNTER = 0x00000002 + CK_SP800_108_DKM_LENGTH = 0x00000003 + CK_SP800_108_BYTE_ARRAY = 0x00000004 + CK_SP800_108_COUNTER = CK_SP800_108_OPTIONAL_COUNTER + CK_SP800_108_DKM_LENGTH_SUM_OF_KEYS = 0x00000001 + CK_SP800_108_DKM_LENGTH_SUM_OF_SEGMENTS = 0x00000002 + + CKF_HKDF_SALT_NULL = 0x00000001 + CKF_HKDF_SALT_DATA = 0x00000002 + CKF_HKDF_SALT_KEY = 0x00000004 )